SaltStack on CentOS 6.5

SaltStack is an extremely fast and scalable systems and configuration management software for predictive orchestration, cloud and data center automation, server provisioning, application deployment and much more. Today we are going to quickstart with SaltStack to see how effective it is.

Let’s deep dive quick into SalStack environmental setup:

Machine Details:

Machine	IP Address	Hostname

Salt Master	208.64.250.8	208.64.250.8.uscolo.com
Salt Minion 1	208.64.250.6	SVM61
Salt Minion 2	208.64.250.7	SVM71

Setting up Salt Master:

Let’s see what OS is running on the system

#cat /etc/issueCentOS release 6.5 (Final)

Kernel \r on an \m

Download EPEL repo as the pre-requisite:

#wget http://ftp.riken.jp/Linux/fedora/epel/6/i386/epel-release-6-8.noarch.rpm–2015-01-31 15:19:07– http://ftp.riken.jp/Linux/fedora/epel/6/i386/epel-release-6-8.noarch.rpm

Resolving ftp.riken.jp… 134.160.38.1

Connecting to ftp.riken.jp|134.160.38.1|:80… connected.

HTTP request sent, awaiting response… 200 OK

Length: 14540 (14K) [text/plain]

Saving to: “epel-release-6-8.noarch.rpm”

100%[======================================>] 14,540 54.6K/s in 0.3s

2015-01-31 15:19:08 (54.6 KB/s) – “epel-release-6-8.noarch.rpm” saved [14540/14540]

Install EPEL repo as shown below:

#yum install epel-release-6-8.noarch.rpmLoaded plugins: fastestmirror, refresh-packagekit, security

base | 3.7 kB 00:00

base/primary_db | 4.6 MB 00:00

extras | 3.4 kB 00:00

extras/primary_db | 30 kB 00:00

updates | 3.4 kB 00:00

updates/primary_db | 2.1 MB 00:00

Setting up Install Process

Examining epel-release-6-8.noarch.rpm: epel-release-6-8.noarch

Marking epel-release-6-8.noarch.rpm to be installed

Resolving Dependencies

–> Running transaction check

—> Package epel-release.noarch 0:6-8 will be installed

Install salt-master related packages in the master node. DONOT INSTALL MINION ON MASTER NODE.

[root@208 ~]# yum install salt-masterLoaded plugins: fastestmirror, refresh-packagekit, security

Determining fastest mirrors

epel/metalink | 13 kB 00:00

* base: centos.mirror.lstn.net

* epel: mirror.prgmr.com

* extras: mirror.hmc.edu

* updates: ftp.osuosl.org

epel | 4.4 kB 00:00

epel/primary_db | 6.3 MB 00:00

Setting up Install Process

Resolving Dependencies

–> Running transaction check

—> Package salt-master.noarch 0:2014.7.0-3.el6 will be installed

–> Processing Dependency: salt = 2014.7.0-3.el6 for package: salt-master-2014.7.0-3.el6.noarch

–> Running transaction check

—> Package salt.noarch 0:2014.7.0-3.el6 will be installed

–> Processing Dependency: sshpass for package: salt-2014.7.0-3.el6.noarch

–> Processing Dependency: python-zmq for package: salt-2014.7.0-3.el6.noarch

–> Processing Dependency: python-requests for package: salt-2014.7.0-3.el6.noarch

–> Processing Dependency: python-msgpack for package: salt-2014.7.0-3.el6.noarch

–> Processing Dependency: python-jinja2 for package: salt-2014.7.0-3.el6.noarch

–> Processing Dependency: m2crypto for package: salt-2014.7.0-3.el6.noarch

–> Processing Dependency: PyYAML for package: salt-2014.7.0-3.el6.noarch

–> Running transaction check

—> Package PyYAML.x86_64 0:3.10-3.1.el6 will be installed

–> Processing Dependency: libyaml-0.so.2()(64bit) for package: PyYAML-3.10-3.1.el6.x86_64

—> Package m2crypto.x86_64 0:0.20.2-9.el6 will be installed

—> Package python-jinja2.x86_64 0:2.2.1-2.el6_5 will be installed

–> Processing Dependency: python-babel >= 0.8 for package: python-jinja2-2.2.1-2.el6_5.x86_64

—> Package python-msgpack.x86_64 0:0.1.13-3.el6 will be installed

—> Package python-requests.noarch 0:1.1.0-4.el6.centos will be installed

–> Processing Dependency: python-urllib3 for package: python-requests-1.1.0-4.el6.centos.noarch

–> Processing Dependency: python-ordereddict for package: python-requests-1.1.0-4.el6.centos.noarch

–> Processing Dependency: python-chardet for package: python-requests-1.1.0-4.el6.centos.noarch

—> Package python-zmq.x86_64 0:14.3.1-1.el6 will be installed

–> Processing Dependency: libzmq.so.3()(64bit) for package: python-zmq-14.3.1-1.el6.x86_64

—> Package sshpass.x86_64 0:1.05-1.el6 will be installed

–> Running transaction check

—> Package libyaml.x86_64 0:0.1.3-4.el6_6 will be installed

—> Package python-babel.noarch 0:0.9.4-5.1.el6 will be installed

—> Package python-chardet.noarch 0:2.0.1-1.el6.centos will be installed

—> Package python-ordereddict.noarch 0:1.1-2.el6.centos will be installed

—> Package python-urllib3.noarch 0:1.5-7.el6.centos will be installed

–> Processing Dependency: python-six for package: python-urllib3-1.5-7.el6.centos.noarch

–> Processing Dependency: python-backports-ssl_match_hostname for package: python-urllib3-1.5-7.el6.centos.noarch

—> Package zeromq3.x86_64 0:3.2.4-1.el6 will be installed

–> Processing Dependency: libpgm-5.1.so.0()(64bit) for package: zeromq3-3.2.4-1.el6.x86_64

–> Running transaction check

—> Package openpgm.x86_64 0:5.1.118-3.el6 will be installed

—> Package python-backports-ssl_match_hostname.noarch 0:3.4.0.2-4.el6.centos will be installed

–> Processing Dependency: python-backports for package: python-backports-ssl_match_hostname-3.4.0.2-4.el6.centos.noarch

—> Package python-six.noarch 0:1.7.3-1.el6.centos will be installed

–> Running transaction check

—> Package python-backports.x86_64 0:1.0-3.el6.centos will be installed

–> Finished Dependency Resolution

Dependencies Resolved

================================================================================

Package Arch Version Repository

Size

================================================================================

Installing:

salt-master noarch 2014.7.0-3.el6 epel 33 k

Installing for dependencies:

PyYAML x86_64 3.10-3.1.el6 updates 157 k

libyaml x86_64 0.1.3-4.el6_6 updates 52 k

m2crypto x86_64 0.20.2-9.el6 base 471 k

openpgm x86_64 5.1.118-3.el6 epel 165 k

python-babel noarch 0.9.4-5.1.el6 base 1.4 M

python-backports x86_64 1.0-3.el6.centos extras 5.3 k

python-backports-ssl_match_hostname noarch 3.4.0.2-4.el6.centos extras 13 k

python-chardet noarch 2.0.1-1.el6.centos extras 225 k

python-jinja2 x86_64 2.2.1-2.el6_5 base 466 k

python-msgpack x86_64 0.1.13-3.el6 epel 29 k

python-ordereddict noarch 1.1-2.el6.centos extras 7.7 k

python-requests noarch 1.1.0-4.el6.centos extras 71 k

python-six noarch 1.7.3-1.el6.centos extras 27 k

python-urllib3 noarch 1.5-7.el6.centos extras 41 k

python-zmq x86_64 14.3.1-1.el6 epel 467 k

salt noarch 2014.7.0-3.el6 epel 3.7 M

sshpass x86_64 1.05-1.el6 epel 19 k

zeromq3 x86_64 3.2.4-1.el6 epel 334 k

Transaction Summary

================================================================================

Install 19 Package(s)

Total download size: 7.7 M

Installed size: 29 M

Is this ok [y/N]: y

Downloading Packages:

(1/19): PyYAML-3.10-3.1.el6.x86_64.rpm | 157 kB 00:00

(2/19): libyaml-0.1.3-4.el6_6.x86_64.rpm | 52 kB 00:00

(3/19): m2crypto-0.20.2-9.el6.x86_64.rpm | 471 kB 00:00

(4/19): openpgm-5.1.118-3.el6.x86_64.rpm | 165 kB 00:00

(5/19): python-babel-0.9.4-5.1.el6.noarch.rpm | 1.4 MB 00:00

(6/19): python-backports-1.0-3.el6.centos.x86_64.rpm | 5.3 kB 00:00

(7/19): python-backports-ssl_match_hostname-3.4.0.2-4.el | 13 kB 00:00

(8/19): python-chardet-2.0.1-1.el6.centos.noarch.rpm | 225 kB 00:00

(9/19): python-jinja2-2.2.1-2.el6_5.x86_64.rpm | 466 kB 00:00

(10/19): python-msgpack-0.1.13-3.el6.x86_64.rpm | 29 kB 00:00

(11/19): python-ordereddict-1.1-2.el6.centos.noarch.rpm | 7.7 kB 00:00

(12/19): python-requests-1.1.0-4.el6.centos.noarch.rpm | 71 kB 00:00

(13/19): python-six-1.7.3-1.el6.centos.noarch.rpm | 27 kB 00:00

(14/19): python-urllib3-1.5-7.el6.centos.noarch.rpm | 41 kB 00:00

(15/19): python-zmq-14.3.1-1.el6.x86_64.rpm | 467 kB 00:00

(16/19): salt-2014.7.0-3.el6.noarch.rpm | 3.7 MB 00:00

(17/19): salt-master-2014.7.0-3.el6.noarch.rpm | 33 kB 00:00

(18/19): sshpass-1.05-1.el6.x86_64.rpm | 19 kB 00:00

(19/19): zeromq3-3.2.4-1.el6.x86_64.rpm | 334 kB 00:00

——————————————————————————–

Total 4.3 MB/s | 7.7 MB 00:01

warning: rpmts_HdrFromFdno: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEY

Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6

Importing GPG key 0x0608B895:

Userid : EPEL (6) <epel@fedoraproject.org>

Package: epel-release-6-8.noarch (@/epel-release-6-8.noarch)

From : /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6

Is this ok [y/N]: y

warning: rpmts_HdrFromFdno: Header V3 RSA/SHA256 Signature, key ID c105b9de: NOKEY

Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6

Importing GPG key 0xC105B9DE:

Userid : CentOS-6 Key (CentOS 6 Official Signing Key) <centos-6-key@centos.org>

Package: centos-release-6-5.el6.centos.11.1.x86_64 (@anaconda-CentOS-201311272149.x86_64/6.5)

From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6

Is this ok [y/N]: y

Running rpm_check_debug

Running Transaction Test

Transaction Test Succeeded

Running Transaction

Installing : python-ordereddict-1.1-2.el6.centos.noarch 1/19

Installing : python-six-1.7.3-1.el6.centos.noarch 2/19

Installing : sshpass-1.05-1.el6.x86_64 3/19

Installing : python-backports-1.0-3.el6.centos.x86_64 4/19

Installing : python-backports-ssl_match_hostname-3.4.0.2-4.el6.centos 5/19

Installing : python-urllib3-1.5-7.el6.centos.noarch 6/19

Installing : m2crypto-0.20.2-9.el6.x86_64 7/19

Installing : libyaml-0.1.3-4.el6_6.x86_64 8/19

Installing : PyYAML-3.10-3.1.el6.x86_64 9/19

Installing : python-chardet-2.0.1-1.el6.centos.noarch 10/19

Installing : python-requests-1.1.0-4.el6.centos.noarch 11/19

Installing : python-babel-0.9.4-5.1.el6.noarch 12/19

Installing : python-jinja2-2.2.1-2.el6_5.x86_64 13/19

Installing : python-msgpack-0.1.13-3.el6.x86_64 14/19

Installing : openpgm-5.1.118-3.el6.x86_64 15/19

Installing : zeromq3-3.2.4-1.el6.x86_64 16/19

Installing : python-zmq-14.3.1-1.el6.x86_64 17/19

Installing : salt-2014.7.0-3.el6.noarch 18/19

Installing : salt-master-2014.7.0-3.el6.noarch 19/19

Verifying : openpgm-5.1.118-3.el6.x86_64 1/19

Verifying : python-msgpack-0.1.13-3.el6.x86_64 2/19

Verifying : python-babel-0.9.4-5.1.el6.noarch 3/19

Verifying : python-chardet-2.0.1-1.el6.centos.noarch 4/19

Verifying : python-backports-ssl_match_hostname-3.4.0.2-4.el6.centos 5/19

Verifying : PyYAML-3.10-3.1.el6.x86_64 6/19

Verifying : libyaml-0.1.3-4.el6_6.x86_64 7/19

Verifying : python-ordereddict-1.1-2.el6.centos.noarch 8/19

Verifying : python-urllib3-1.5-7.el6.centos.noarch 9/19

Verifying : m2crypto-0.20.2-9.el6.x86_64 10/19

Verifying : salt-2014.7.0-3.el6.noarch 11/19

Verifying : python-zmq-14.3.1-1.el6.x86_64 12/19

Verifying : python-jinja2-2.2.1-2.el6_5.x86_64 13/19

Verifying : salt-master-2014.7.0-3.el6.noarch 14/19

Verifying : python-backports-1.0-3.el6.centos.x86_64 15/19

Verifying : zeromq3-3.2.4-1.el6.x86_64 16/19

Verifying : python-requests-1.1.0-4.el6.centos.noarch 17/19

Verifying : sshpass-1.05-1.el6.x86_64 18/19

Verifying : python-six-1.7.3-1.el6.centos.noarch 19/19

Installed:

salt-master.noarch 0:2014.7.0-3.el6

Dependency Installed:

PyYAML.x86_64 0:3.10-3.1.el6

libyaml.x86_64 0:0.1.3-4.el6_6

m2crypto.x86_64 0:0.20.2-9.el6

openpgm.x86_64 0:5.1.118-3.el6

python-babel.noarch 0:0.9.4-5.1.el6

python-backports.x86_64 0:1.0-3.el6.centos

python-backports-ssl_match_hostname.noarch 0:3.4.0.2-4.el6.centos

python-chardet.noarch 0:2.0.1-1.el6.centos

python-jinja2.x86_64 0:2.2.1-2.el6_5

python-msgpack.x86_64 0:0.1.13-3.el6

python-ordereddict.noarch 0:1.1-2.el6.centos

python-requests.noarch 0:1.1.0-4.el6.centos

python-six.noarch 0:1.7.3-1.el6.centos

python-urllib3.noarch 0:1.5-7.el6.centos

python-zmq.x86_64 0:14.3.1-1.el6

salt.noarch 0:2014.7.0-3.el6

sshpass.x86_64 0:1.05-1.el6

zeromq3.x86_64 0:3.2.4-1.el6

Complete!

[root@208 ~]# yum install salt-ssh

Loaded plugins: fastestmirror, refresh-packagekit, security

Loading mirror speeds from cached hostfile

* base: centos.mirror.lstn.net

* epel: mirror.prgmr.com

* extras: mirror.hmc.edu

* updates: ftp.osuosl.org

Setting up Install Process

Resolving Dependencies

–> Running transaction check

—> Package salt-ssh.noarch 0:2014.7.0-3.el6 will be installed

–> Finished Dependency Resolution

Dependencies Resolved

================================================================================

Package Arch Version Repository Size

================================================================================

Installing:

salt-ssh noarch 2014.7.0-3.el6 epel 12 k

Transaction Summary

================================================================================

Install 1 Package(s)

Total download size: 12 k

Installed size: 2.8 k

Is this ok [y/N]: y

Downloading Packages:

salt-ssh-2014.7.0-3.el6.noarch.rpm | 12 kB 00:00

Running rpm_check_debug

Running Transaction Test

Transaction Test Succeeded

Running Transaction

Installing : salt-ssh-2014.7.0-3.el6.noarch 1/1

Verifying : salt-ssh-2014.7.0-3.el6.noarch 1/1

Installed:

salt-ssh.noarch 0:2014.7.0-3.el6

Complete!

[root@208 ~]# yum install salt-api

Loaded plugins: fastestmirror, refresh-packagekit, security

Loading mirror speeds from cached hostfile

* base: centos.mirror.lstn.net

* epel: mirror.prgmr.com

* extras: mirror.hmc.edu

* updates: ftp.osuosl.org

Setting up Install Process

Resolving Dependencies

–> Running transaction check

—> Package salt-api.noarch 0:2014.7.0-3.el6 will be installed

–> Finished Dependency Resolution

Dependencies Resolved

================================================================================

Package Arch Version Repository Size

================================================================================

Installing:

salt-api noarch 2014.7.0-3.el6 epel 12 k

Transaction Summary

================================================================================

Install 1 Package(s)

Total download size: 12 k

Installed size: 4.1 k

Is this ok [y/N]: y

Downloading Packages:

salt-api-2014.7.0-3.el6.noarch.rpm | 12 kB 00:00

Running rpm_check_debug

Running Transaction Test

Transaction Test Succeeded

Running Transaction

Installing : salt-api-2014.7.0-3.el6.noarch 1/1

Verifying : salt-api-2014.7.0-3.el6.noarch 1/1

Installed:

salt-api.noarch 0:2014.7.0-3.el6

Complete!

Configuring SALT MASTER FILE:

#egrep -v “^#|^$” /etc/salt/masterinterface: 208.64.250.8

publish_port: 4505

user: root

ret_port: 4506

pidfile: /var/run/salt-master.pid

pki_dir: /etc/salt/pki/master

sock_dir: /var/run/salt/master

minion_data_cache: True

autosign_file: /etc/salt/autosign.conf

Now restart the salt-master service:

#service salt-master restart

CONFIGURING SALT-MINION (Client Node)

Assume that a different machine running CentOS 6.5 is present.
Follow the same steps which is followed for pre-requisite for master except salt-master package. You need to install salt-minion through YUM.

Configure the /etc/salt/minion file as shown below:

master: 208.64.250.8

master_port: 4506

Restart the salt-minion service:

service salt-minion restartStopping salt-minion daemon: [FAILED]

Starting salt-minion daemon: [ OK ]

Run the following command to configure authentication keys in between master and client:

[root@208 ~]# salt-key -L

Accepted Keys:

Unaccepted Keys:

Rejected Keys:

[root@208 ~]# salt-key -A

The key glob ‘*’ does not match any unaccepted keys.

[root@208 ~]# service iptables stop

iptables: Setting chains to policy ACCEPT: filter [ OK ]

iptables: Flushing firewall rules: [ OK ]

iptables: Unloading modules: [ OK ]

[root@208 ~]# salt-key -L

Accepted Keys:

Unaccepted Keys:

SVM61

Rejected Keys:

[root@208 ~]# salt-key -A

The following keys are going to be accepted:

Unaccepted Keys:

SVM61

Proceed? [n/Y] Y

Key for minion SVM61 accepted.

[root@208 ~]#

Verifying master and minion functionality test:

Run the below command on the salt master:

salt ‘*’ test.ping -vExecuting job with jid 20150131181518540377

——————————————-

SVM61:

True

[root@208 salt]# salt ‘*’ test.ping

SVM61:

True

[root@208 salt]# salt ‘*’ disk.usage

SVM61:

———-

1K-blocks:

8780808

available:

6021132

capacity:

28%

filesystem:

/dev/mapper/vg_svm1-lv_root

used:

2313624

/boot:

———-

1K-blocks:

495844

available:

436779

capacity:

filesystem:

/dev/sda1

used:

33465

/dev/shm:

———-

1K-blocks:

251000

available:

251000

capacity:

filesystem:

tmpfs

used:

Troubleshooting Tips:

Suppose you face any issue related to keys, then first thing to check is minion logs which can be tailed at /var/log/salt/minion.
If you encounter the following error message:

The master may need to be updated if it is a version of Salt lower than 2014.7.0, or If you are confident that you are connecting to a valid Salt Master, then remove the master public key and restart the Salt Minion.The master public key can be found at: /etc/salt/pki/minion/minion_master.pub

Fix: remove the key on minion and master and then restart the minion service. You can remove the key from master through salt-key –delete-all and then start from start.

Preparing the first salt Formulae:

Salt formulae are simple YAML text files and by default reside on the salt master.

You can put all your salt formulae under /srv/salt folder.

Example: Let’s see how can you install Subversion on the remote minion from salt master.

Add the following text in subversion.sls:

cat /srv/salt/subversion.slssubversion:

pkg:

– installed

[root@208 salt]#

What does the above code means?

The first line is called the ID Declaration; essentially the “label” for this stanza. subversion will be used for our package name. The name you use here must match up with the actual package name used by your package manager. (In reality, the ID Declaration can be any arbitrary text and you can specify the actual package name below, but we’ll do it this way right now for simplicity’s sake).

The second line is called the State Declaration. This refers to the specific Salt State that we’re going to make use of. In this example we’re using the “pkg” state.

Now run the following command to install subversion on the minion machine in a single shot:

salt ‘SVM61’ state.sls subversionSVM61:

———-

ID: subversion

Function: pkg.installed

Result: True

Comment: The following packages were installed/updated: subversion.

Started: 18:51:48.459666

Duration: 52120.684 ms

Changes:

———-

apr:

———-

new:

1.3.9-5.el6_2

old:

apr-util:

———-

new:

1.3.9-3.el6_0.1

old:

neon:

———-

new:

0.29.3-3.el6_4

old:

pakchois:

———-

new:

0.4-3.2.el6

old:

perl-URI:

———-

new:

1.40-2.el6

old:

subversion:

———-

new:

1.6.11-10.el6_5

old:

Summary

————

Succeeded: 1 (changed=1)

Failed: 0

————

Total states run: 1

[root@208 ~]#

Did you see that? Subversion gets installed successfully. Verify it on minion machine:

[root@SVM61 ~]# rpm -qa subversionsubversion-1.6.11-10.el6_5.x86_64

[root@SVM61 ~]#

Setting up Minion 2:

Follow the same step which you followed during the minion ( SVM61)
Install salt-minion(and NOT SALT MASTER) specific package.
Once you configure the following entry in /etc/salt/minion:

[root@SVM71 ~]# egrep -v “^#|^$” /etc/salt/minionmaster: 208.64.250.8

master_port: 4506

user: root

pidfile: /var/run/salt-minion.pid

pki_dir: /etc/salt/pki/minion

id: SVM71

[root@SVM71 ~]#

Restart the salt-minion service.
Once restarted, you will find the following output. Accept the key and you are ready to test the ping test.

[root@208 ~]# salt-key -LAccepted Keys:

SVM61

Unaccepted Keys:

SVM71

Rejected Keys:

[root@208 ~]# salt-key -A

The following keys are going to be accepted:

Unaccepted Keys:

SVM71

Proceed? [n/Y] Y

Key for minion SVM71 accepted.

[root@208 ~]# salt-key -L

Accepted Keys:

SVM61

SVM71

Unaccepted Keys:

Rejected Keys:

[root@208 ~]#

Let’s check the ping test from minion 2 system:

salt SVM71 test.pingSVM71:

True

[root@208 ~]# salt ‘*’ test.ping

SVM71:

True

SVM61:

True

[root@208 ~]#

Hence our 2 minions and 1 master are readily configured.

SaltStack on CentOS 6.5

All Things Cloud Native Meetup: Join Us in Bengaluru!…

Ollama vs. vLLM: Choosing the Best Tool for AI…

Exploring Singapore’s Tech Landscape at GovTech STACK Conference 2024