Setup SaltStack on CentOS 7

Setup Salt Components on CentOS 7

Setup Note: This guide is basically copied from the salt docs The only reason for it to exist is to expand on the RHEL/CENTOS 7 post install specifics for adding firewall rules and enabling the service.

Import SaltStack GPG-KEY

rpm --import

Setup SaltStack repo file

Edit /etc/yum.repos.d/saltstack.repo

vi /etc/yum.repos.d/saltstack.repo

Insert this text

name=SaltStack repo for RHEL/CentOS $releasever

Install the salt-minion, salt-master, or other Salt components:

  • yum install salt-master
  • yum install salt-minion
  • yum install salt-ssh
  • yum install salt-syndic
  • yum install salt-cloud

Installing the Salt Master

Install the salt-master

yum install salt-master

Start the salt-master service and enable it to start on boot

systemctl start salt-master

systemctl enable salt-master

Configure firewalld rules for the salt-master

Let’s make some firewall rule changes. If for some reason you aren’t using a firewall then you can skip this.

Configure a default zone with firewalld (The default zone is assumed to already be set as “Internal”)

Edit /etc/firewalld/services/salt-master.xml

 vi /etc/firewalld/services/salt-master.xml

Insert this text

<?xml version="1.0" encoding="utf-8"?>
   <description>access for default salt-master tcp ports.</description>
   <port protocol="tcp" port="4505"/>
   <port protocol="tcp" port="4506"/>

Install policycoreutils-python to use semanage utility

  • yum install policycoreutils-python

Permanently create an selinux context label

semanage fcontext -a -t firewalld_etc_rw_t -s system_u /etc/firewalld/services/salt-master.xml

Apply the new selinux label

restorecon -vF /etc/firewalld/services/salt-master.xml

Add services (or ports) to allowed rules

firewall-cmd --permanent --zone=internal --add-service=salt-master

Alternatively you can just add the ports

firewall-cmd --zone=internal --add-port=4505/tcp

firewall-cmd --zone=internal --add-port=4506/tcp

Reload the current firewall config

firewall-cmd --reload

Check the interface and verify the services

firewall-cmd --zone=internal --list-services

Installing the Salt Minion

Install the salt-minion

yum install salt-minion

Edit /etc/salt/minion

vi /etc/salt/minion

Change the setting for master:

Set master: to the DNS name or IP of your salt-master server

Start the salt-minion service and enable it to start on boot

systemctl start salt-minion

systemctl enable salt-minion

Verify minion can connect to the master

Login to the salt-master server and verify the minion connected. You should see an entry waiting for authorization when you run the following command.

[root@salt]# salt-key
Accepted Keys:
Denied Keys:
Unaccepted Keys:
Rejected Keys:

Official Salt Docs:

You must be logged in to post a comment.

Proudly powered by WordPress   Premium Style Theme by