SaltStack on CentOS 6.5

Estimated Reading Time: 9 minutes

SaltStack is an extremely fast and scalable systems and configuration management software for predictive orchestration, cloud and data center automation, server provisioning, application deployment and much more. Today we are going to quickstart with SaltStack to see how effective it is.

saltstack

Let’s deep dive quick into SalStack environmental setup:

Machine Details:

Machine IP Address Hostname
Salt Master 208.64.250.8 208.64.250.8.uscolo.com
Salt Minion 1 208.64.250.6 SVM61
Salt Minion 2 208.64.250.7 SVM71

Setting up Salt Master:

  1. Let’s see what OS is running on the system
#cat /etc/issueCentOS release 6.5 (Final)

Kernel \r on an \m

  1. Download EPEL repo as the pre-requisite:
#wget http://ftp.riken.jp/Linux/fedora/epel/6/i386/epel-release-6-8.noarch.rpm–2015-01-31 15:19:07–  http://ftp.riken.jp/Linux/fedora/epel/6/i386/epel-release-6-8.noarch.rpm

Resolving ftp.riken.jp… 134.160.38.1

Connecting to ftp.riken.jp|134.160.38.1|:80… connected.

HTTP request sent, awaiting response… 200 OK

Length: 14540 (14K) [text/plain]

Saving to: “epel-release-6-8.noarch.rpm”

100%[======================================>] 14,540      54.6K/s   in 0.3s

2015-01-31 15:19:08 (54.6 KB/s) – “epel-release-6-8.noarch.rpm” saved [14540/14540]

  1. Install EPEL repo as shown below:
#yum install epel-release-6-8.noarch.rpmLoaded plugins: fastestmirror, refresh-packagekit, security

base                                                     | 3.7 kB     00:00

base/primary_db                                          | 4.6 MB     00:00

extras                                                   | 3.4 kB     00:00

extras/primary_db                                        |  30 kB     00:00

updates                                                  | 3.4 kB     00:00

updates/primary_db                                       | 2.1 MB     00:00

Setting up Install Process

Examining epel-release-6-8.noarch.rpm: epel-release-6-8.noarch

Marking epel-release-6-8.noarch.rpm to be installed

Resolving Dependencies

–> Running transaction check

—> Package epel-release.noarch 0:6-8 will be installed

  1. Install salt-master related packages in the master node. DONOT INSTALL MINION ON MASTER NODE.
[root@208 ~]# yum install salt-masterLoaded plugins: fastestmirror, refresh-packagekit, security

Determining fastest mirrors

epel/metalink                                            |  13 kB     00:00

* base: centos.mirror.lstn.net

* epel: mirror.prgmr.com

* extras: mirror.hmc.edu

* updates: ftp.osuosl.org

epel                                                     | 4.4 kB     00:00

epel/primary_db                                          | 6.3 MB     00:00

Setting up Install Process

Resolving Dependencies

–> Running transaction check

—> Package salt-master.noarch 0:2014.7.0-3.el6 will be installed

–> Processing Dependency: salt = 2014.7.0-3.el6 for package: salt-master-2014.7.0-3.el6.noarch

–> Running transaction check

—> Package salt.noarch 0:2014.7.0-3.el6 will be installed

–> Processing Dependency: sshpass for package: salt-2014.7.0-3.el6.noarch

–> Processing Dependency: python-zmq for package: salt-2014.7.0-3.el6.noarch

–> Processing Dependency: python-requests for package: salt-2014.7.0-3.el6.noarch

–> Processing Dependency: python-msgpack for package: salt-2014.7.0-3.el6.noarch

–> Processing Dependency: python-jinja2 for package: salt-2014.7.0-3.el6.noarch

–> Processing Dependency: m2crypto for package: salt-2014.7.0-3.el6.noarch

–> Processing Dependency: PyYAML for package: salt-2014.7.0-3.el6.noarch

–> Running transaction check

—> Package PyYAML.x86_64 0:3.10-3.1.el6 will be installed

–> Processing Dependency: libyaml-0.so.2()(64bit) for package: PyYAML-3.10-3.1.el6.x86_64

—> Package m2crypto.x86_64 0:0.20.2-9.el6 will be installed

—> Package python-jinja2.x86_64 0:2.2.1-2.el6_5 will be installed

–> Processing Dependency: python-babel >= 0.8 for package: python-jinja2-2.2.1-2.el6_5.x86_64

—> Package python-msgpack.x86_64 0:0.1.13-3.el6 will be installed

—> Package python-requests.noarch 0:1.1.0-4.el6.centos will be installed

–> Processing Dependency: python-urllib3 for package: python-requests-1.1.0-4.el6.centos.noarch

–> Processing Dependency: python-ordereddict for package: python-requests-1.1.0-4.el6.centos.noarch

–> Processing Dependency: python-chardet for package: python-requests-1.1.0-4.el6.centos.noarch

—> Package python-zmq.x86_64 0:14.3.1-1.el6 will be installed

–> Processing Dependency: libzmq.so.3()(64bit) for package: python-zmq-14.3.1-1.el6.x86_64

—> Package sshpass.x86_64 0:1.05-1.el6 will be installed

–> Running transaction check

—> Package libyaml.x86_64 0:0.1.3-4.el6_6 will be installed

—> Package python-babel.noarch 0:0.9.4-5.1.el6 will be installed

—> Package python-chardet.noarch 0:2.0.1-1.el6.centos will be installed

—> Package python-ordereddict.noarch 0:1.1-2.el6.centos will be installed

—> Package python-urllib3.noarch 0:1.5-7.el6.centos will be installed

–> Processing Dependency: python-six for package: python-urllib3-1.5-7.el6.centos.noarch

–> Processing Dependency: python-backports-ssl_match_hostname for package: python-urllib3-1.5-7.el6.centos.noarch

—> Package zeromq3.x86_64 0:3.2.4-1.el6 will be installed

–> Processing Dependency: libpgm-5.1.so.0()(64bit) for package: zeromq3-3.2.4-1.el6.x86_64

–> Running transaction check

—> Package openpgm.x86_64 0:5.1.118-3.el6 will be installed

—> Package python-backports-ssl_match_hostname.noarch 0:3.4.0.2-4.el6.centos will be installed

–> Processing Dependency: python-backports for package: python-backports-ssl_match_hostname-3.4.0.2-4.el6.centos.noarch

—> Package python-six.noarch 0:1.7.3-1.el6.centos will be installed

–> Running transaction check

—> Package python-backports.x86_64 0:1.0-3.el6.centos will be installed

–> Finished Dependency Resolution

Dependencies Resolved

================================================================================

Package                             Arch   Version               Repository

Size

================================================================================

Installing:

salt-master                         noarch 2014.7.0-3.el6        epel     33 k

Installing for dependencies:

PyYAML                              x86_64 3.10-3.1.el6          updates 157 k

libyaml                             x86_64 0.1.3-4.el6_6         updates  52 k

m2crypto                            x86_64 0.20.2-9.el6          base    471 k

openpgm                             x86_64 5.1.118-3.el6         epel    165 k

python-babel                        noarch 0.9.4-5.1.el6         base    1.4 M

python-backports                    x86_64 1.0-3.el6.centos      extras  5.3 k

python-backports-ssl_match_hostname noarch 3.4.0.2-4.el6.centos  extras   13 k

python-chardet                      noarch 2.0.1-1.el6.centos    extras  225 k

python-jinja2                       x86_64 2.2.1-2.el6_5         base    466 k

python-msgpack                      x86_64 0.1.13-3.el6          epel     29 k

python-ordereddict                  noarch 1.1-2.el6.centos      extras  7.7 k

python-requests                     noarch 1.1.0-4.el6.centos    extras   71 k

python-six                          noarch 1.7.3-1.el6.centos    extras   27 k

python-urllib3                      noarch 1.5-7.el6.centos      extras   41 k

python-zmq                          x86_64 14.3.1-1.el6          epel    467 k

salt                                noarch 2014.7.0-3.el6        epel    3.7 M

sshpass                             x86_64 1.05-1.el6            epel     19 k

zeromq3                             x86_64 3.2.4-1.el6           epel    334 k

Transaction Summary

================================================================================

Install      19 Package(s)

Total download size: 7.7 M

Installed size: 29 M

Is this ok [y/N]: y

Downloading Packages:

(1/19): PyYAML-3.10-3.1.el6.x86_64.rpm                   | 157 kB     00:00

(2/19): libyaml-0.1.3-4.el6_6.x86_64.rpm                 |  52 kB     00:00

(3/19): m2crypto-0.20.2-9.el6.x86_64.rpm                 | 471 kB     00:00

(4/19): openpgm-5.1.118-3.el6.x86_64.rpm                 | 165 kB     00:00

(5/19): python-babel-0.9.4-5.1.el6.noarch.rpm            | 1.4 MB     00:00

(6/19): python-backports-1.0-3.el6.centos.x86_64.rpm     | 5.3 kB     00:00

(7/19): python-backports-ssl_match_hostname-3.4.0.2-4.el |  13 kB     00:00

(8/19): python-chardet-2.0.1-1.el6.centos.noarch.rpm     | 225 kB     00:00

(9/19): python-jinja2-2.2.1-2.el6_5.x86_64.rpm           | 466 kB     00:00

(10/19): python-msgpack-0.1.13-3.el6.x86_64.rpm          |  29 kB     00:00

(11/19): python-ordereddict-1.1-2.el6.centos.noarch.rpm  | 7.7 kB     00:00

(12/19): python-requests-1.1.0-4.el6.centos.noarch.rpm   |  71 kB     00:00

(13/19): python-six-1.7.3-1.el6.centos.noarch.rpm        |  27 kB     00:00

(14/19): python-urllib3-1.5-7.el6.centos.noarch.rpm      |  41 kB     00:00

(15/19): python-zmq-14.3.1-1.el6.x86_64.rpm              | 467 kB     00:00

(16/19): salt-2014.7.0-3.el6.noarch.rpm                  | 3.7 MB     00:00

(17/19): salt-master-2014.7.0-3.el6.noarch.rpm           |  33 kB     00:00

(18/19): sshpass-1.05-1.el6.x86_64.rpm                   |  19 kB     00:00

(19/19): zeromq3-3.2.4-1.el6.x86_64.rpm                  | 334 kB     00:00

——————————————————————————–

Total                                           4.3 MB/s | 7.7 MB     00:01

warning: rpmts_HdrFromFdno: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEY

Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6

Importing GPG key 0x0608B895:

Userid : EPEL (6) <epel@fedoraproject.org>

Package: epel-release-6-8.noarch (@/epel-release-6-8.noarch)

From   : /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6

Is this ok [y/N]: y

warning: rpmts_HdrFromFdno: Header V3 RSA/SHA256 Signature, key ID c105b9de: NOKEY

Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6

Importing GPG key 0xC105B9DE:

Userid : CentOS-6 Key (CentOS 6 Official Signing Key) <centos-6-key@centos.org>

Package: centos-release-6-5.el6.centos.11.1.x86_64 (@anaconda-CentOS-201311272149.x86_64/6.5)

From   : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6

Is this ok [y/N]: y

Running rpm_check_debug

Running Transaction Test

Transaction Test Succeeded

Running Transaction

Installing : python-ordereddict-1.1-2.el6.centos.noarch                  1/19

Installing : python-six-1.7.3-1.el6.centos.noarch                        2/19

Installing : sshpass-1.05-1.el6.x86_64                                   3/19

Installing : python-backports-1.0-3.el6.centos.x86_64                    4/19

Installing : python-backports-ssl_match_hostname-3.4.0.2-4.el6.centos    5/19

Installing : python-urllib3-1.5-7.el6.centos.noarch                      6/19

Installing : m2crypto-0.20.2-9.el6.x86_64                                7/19

Installing : libyaml-0.1.3-4.el6_6.x86_64                                8/19

Installing : PyYAML-3.10-3.1.el6.x86_64                                  9/19

Installing : python-chardet-2.0.1-1.el6.centos.noarch                   10/19

Installing : python-requests-1.1.0-4.el6.centos.noarch                  11/19

Installing : python-babel-0.9.4-5.1.el6.noarch                          12/19

Installing : python-jinja2-2.2.1-2.el6_5.x86_64                         13/19

Installing : python-msgpack-0.1.13-3.el6.x86_64                         14/19

Installing : openpgm-5.1.118-3.el6.x86_64                               15/19

Installing : zeromq3-3.2.4-1.el6.x86_64                                 16/19

Installing : python-zmq-14.3.1-1.el6.x86_64                             17/19

Installing : salt-2014.7.0-3.el6.noarch                                 18/19

Installing : salt-master-2014.7.0-3.el6.noarch                          19/19

Verifying  : openpgm-5.1.118-3.el6.x86_64                                1/19

Verifying  : python-msgpack-0.1.13-3.el6.x86_64                          2/19

Verifying  : python-babel-0.9.4-5.1.el6.noarch                           3/19

Verifying  : python-chardet-2.0.1-1.el6.centos.noarch                    4/19

Verifying  : python-backports-ssl_match_hostname-3.4.0.2-4.el6.centos    5/19

Verifying  : PyYAML-3.10-3.1.el6.x86_64                                  6/19

Verifying  : libyaml-0.1.3-4.el6_6.x86_64                                7/19

Verifying  : python-ordereddict-1.1-2.el6.centos.noarch                  8/19

Verifying  : python-urllib3-1.5-7.el6.centos.noarch                      9/19

Verifying  : m2crypto-0.20.2-9.el6.x86_64                               10/19

Verifying  : salt-2014.7.0-3.el6.noarch                                 11/19

Verifying  : python-zmq-14.3.1-1.el6.x86_64                             12/19

Verifying  : python-jinja2-2.2.1-2.el6_5.x86_64                         13/19

Verifying  : salt-master-2014.7.0-3.el6.noarch                          14/19

Verifying  : python-backports-1.0-3.el6.centos.x86_64                   15/19

Verifying  : zeromq3-3.2.4-1.el6.x86_64                                 16/19

Verifying  : python-requests-1.1.0-4.el6.centos.noarch                  17/19

Verifying  : sshpass-1.05-1.el6.x86_64                                  18/19

Verifying  : python-six-1.7.3-1.el6.centos.noarch                       19/19

Installed:

salt-master.noarch 0:2014.7.0-3.el6

Dependency Installed:

PyYAML.x86_64 0:3.10-3.1.el6

libyaml.x86_64 0:0.1.3-4.el6_6

m2crypto.x86_64 0:0.20.2-9.el6

openpgm.x86_64 0:5.1.118-3.el6

python-babel.noarch 0:0.9.4-5.1.el6

python-backports.x86_64 0:1.0-3.el6.centos

python-backports-ssl_match_hostname.noarch 0:3.4.0.2-4.el6.centos

python-chardet.noarch 0:2.0.1-1.el6.centos

python-jinja2.x86_64 0:2.2.1-2.el6_5

python-msgpack.x86_64 0:0.1.13-3.el6

python-ordereddict.noarch 0:1.1-2.el6.centos

python-requests.noarch 0:1.1.0-4.el6.centos

python-six.noarch 0:1.7.3-1.el6.centos

python-urllib3.noarch 0:1.5-7.el6.centos

python-zmq.x86_64 0:14.3.1-1.el6

salt.noarch 0:2014.7.0-3.el6

sshpass.x86_64 0:1.05-1.el6

zeromq3.x86_64 0:3.2.4-1.el6

Complete!

[root@208 ~]# yum install salt-ssh

Loaded plugins: fastestmirror, refresh-packagekit, security

Loading mirror speeds from cached hostfile

* base: centos.mirror.lstn.net

* epel: mirror.prgmr.com

* extras: mirror.hmc.edu

* updates: ftp.osuosl.org

Setting up Install Process

Resolving Dependencies

–> Running transaction check

—> Package salt-ssh.noarch 0:2014.7.0-3.el6 will be installed

–> Finished Dependency Resolution

Dependencies Resolved

================================================================================

Package           Arch            Version                  Repository     Size

================================================================================

Installing:

salt-ssh          noarch          2014.7.0-3.el6           epel           12 k

Transaction Summary

================================================================================

Install       1 Package(s)

Total download size: 12 k

Installed size: 2.8 k

Is this ok [y/N]: y

Downloading Packages:

salt-ssh-2014.7.0-3.el6.noarch.rpm                       |  12 kB     00:00

Running rpm_check_debug

Running Transaction Test

Transaction Test Succeeded

Running Transaction

Installing : salt-ssh-2014.7.0-3.el6.noarch                               1/1

Verifying  : salt-ssh-2014.7.0-3.el6.noarch                               1/1

Installed:

salt-ssh.noarch 0:2014.7.0-3.el6

Complete!

[root@208 ~]# yum install salt-api

Loaded plugins: fastestmirror, refresh-packagekit, security

Loading mirror speeds from cached hostfile

* base: centos.mirror.lstn.net

* epel: mirror.prgmr.com

* extras: mirror.hmc.edu

* updates: ftp.osuosl.org

Setting up Install Process

Resolving Dependencies

–> Running transaction check

—> Package salt-api.noarch 0:2014.7.0-3.el6 will be installed

–> Finished Dependency Resolution

Dependencies Resolved

================================================================================

Package           Arch            Version                  Repository     Size

================================================================================

Installing:

salt-api          noarch          2014.7.0-3.el6           epel           12 k

Transaction Summary

================================================================================

Install       1 Package(s)

Total download size: 12 k

Installed size: 4.1 k

Is this ok [y/N]: y

Downloading Packages:

salt-api-2014.7.0-3.el6.noarch.rpm                       |  12 kB     00:00

Running rpm_check_debug

Running Transaction Test

Transaction Test Succeeded

Running Transaction

Installing : salt-api-2014.7.0-3.el6.noarch                               1/1

Verifying  : salt-api-2014.7.0-3.el6.noarch                               1/1

Installed:

salt-api.noarch 0:2014.7.0-3.el6

Complete!

Configuring SALT MASTER FILE:

#egrep -v “^#|^$” /etc/salt/masterinterface: 208.64.250.8

publish_port: 4505

user: root

ret_port: 4506

pidfile: /var/run/salt-master.pid

pki_dir: /etc/salt/pki/master

sock_dir: /var/run/salt/master

minion_data_cache: True

autosign_file: /etc/salt/autosign.conf

  1. Now restart the salt-master service:

#service salt-master restart

CONFIGURING SALT-MINION (Client Node)

  1. Assume that a different machine running CentOS 6.5 is present.
  2. Follow the same steps which is followed for pre-requisite for master except salt-master package. You need to install salt-minion through YUM.
  1. Configure the /etc/salt/minion file as shown below:

master: 208.64.250.8

master_port: 4506

  1. Restart the salt-minion service:
service salt-minion restartStopping salt-minion daemon:                               [FAILED]

Starting salt-minion daemon:                               [  OK  ]

  1. Run the following command to configure authentication keys in between master and client:
[root@208 ~]# salt-key -L

Accepted Keys:

Unaccepted Keys:

Rejected Keys:

[root@208 ~]# salt-key -A

The key glob ‘*’ does not match any unaccepted keys.

[root@208 ~]# service iptables stop

iptables: Setting chains to policy ACCEPT: filter          [  OK  ]

iptables: Flushing firewall rules:                         [  OK  ]

iptables: Unloading modules:                               [  OK  ]

[root@208 ~]# salt-key -L

Accepted Keys:

Unaccepted Keys:

SVM61

Rejected Keys:

[root@208 ~]# salt-key -A

The following keys are going to be accepted:

Unaccepted Keys:

SVM61

Proceed? [n/Y] Y

Key for minion SVM61 accepted.

[root@208 ~]#

Verifying master and minion functionality test:

Run the below command on the salt master:

salt ‘*’ test.ping -vExecuting job with jid 20150131181518540377

——————————————-

SVM61:

True

[root@208 salt]# salt ‘*’ test.ping

SVM61:

True

[root@208 salt]# salt ‘*’ disk.usage

SVM61:

———-

/:

———-

1K-blocks:

8780808

available:

6021132

capacity:

28%

filesystem:

/dev/mapper/vg_svm1-lv_root

used:

2313624

/boot:

———-

1K-blocks:

495844

available:

436779

capacity:

8%

filesystem:

/dev/sda1

used:

33465

/dev/shm:

———-

1K-blocks:

251000

available:

251000

capacity:

0%

filesystem:

tmpfs

used:

0

Troubleshooting Tips:

  1. Suppose you face any issue related to keys, then first thing to check is minion logs which can be tailed at /var/log/salt/minion.
  2. If you encounter the following error message:

The master may need to be updated if it is a version of Salt lower than 2014.7.0, or If you are confident that you are connecting to a valid Salt Master, then remove the master public key and restart the Salt Minion.The master public key can be found at: /etc/salt/pki/minion/minion_master.pub

 

Fix: remove the key on minion and master and then restart the minion service. You can remove the key from master through salt-key –delete-all and then start from start.

Preparing the first salt Formulae:

Salt formulae are simple YAML text files and by default reside on the salt master.

You can put all your salt formulae under /srv/salt folder.

Example: Let’s see how can you install Subversion on the remote minion from salt master.

Add the following text in subversion.sls:

cat /srv/salt/subversion.slssubversion:

pkg:

– installed

[root@208 salt]#

What does the above code means?

The first line is called the ID Declaration; essentially the “label” for this stanza. subversion will be used for our package name. The name you use here must match up with the actual package name used by your package manager.  (In reality, the ID Declaration can be any arbitrary text and you can specify the actual package name below, but we’ll do it this way right now for simplicity’s sake).

The second line is called the State Declaration. This refers to the specific Salt State that we’re going to make use of. In this example we’re using the “pkg” state.

Now run the following command to install subversion on the minion machine in a single shot:

salt ‘SVM61’ state.sls subversionSVM61:

———-

ID: subversion

Function: pkg.installed

Result: True

Comment: The following packages were installed/updated: subversion.

Started: 18:51:48.459666

Duration: 52120.684 ms

Changes:

———-

apr:

———-

new:

1.3.9-5.el6_2

old:

apr-util:

———-

new:

1.3.9-3.el6_0.1

old:

neon:

———-

new:

0.29.3-3.el6_4

old:

pakchois:

———-

new:

0.4-3.2.el6

old:

perl-URI:

———-

new:

1.40-2.el6

old:

subversion:

———-

new:

1.6.11-10.el6_5

old:

Summary

————

Succeeded: 1 (changed=1)

Failed:    0

————

Total states run:     1

[root@208 ~]#

Did you see that? Subversion gets installed successfully. Verify it on minion machine:

[root@SVM61 ~]# rpm -qa subversionsubversion-1.6.11-10.el6_5.x86_64

[root@SVM61 ~]#

Setting up Minion 2:

  1. Follow the same step which you followed during the minion ( SVM61)
  2. Install salt-minion(and NOT SALT MASTER) specific package.
  3. Once you configure the following entry in /etc/salt/minion:
[root@SVM71 ~]# egrep -v “^#|^$” /etc/salt/minionmaster: 208.64.250.8

master_port: 4506

user: root

pidfile: /var/run/salt-minion.pid

pki_dir: /etc/salt/pki/minion

id: SVM71

[root@SVM71 ~]#

  1. Restart the salt-minion service.
  2. Once restarted, you will find the following output. Accept the key and you are ready to test the ping test.
[root@208 ~]# salt-key -LAccepted Keys:

SVM61

Unaccepted Keys:

SVM71

Rejected Keys:

[root@208 ~]# salt-key -A

The following keys are going to be accepted:

Unaccepted Keys:

SVM71

Proceed? [n/Y] Y

Key for minion SVM71 accepted.

[root@208 ~]# salt-key -L

Accepted Keys:

SVM61

SVM71

Unaccepted Keys:

Rejected Keys:

[root@208 ~]#

  1. Let’s check the ping test from minion 2 system:
salt SVM71 test.pingSVM71:

True

[root@208 ~]# salt ‘*’ test.ping

SVM71:

True

SVM61:

True

[root@208 ~]#

 

Hence our 2 minions and 1 master are readily configured.

Clap