Install Salt on Ubuntu Server 20.04
Install Salt
Python 3.7 on Ubuntu 20.04
If this is still an issue (Salt not supporting Python 3.8) - install the older version from deadsnakes PPA:
sudo add-apt-repository ppa:deadsnakes/ppa
sudo apt-get update
sudo apt-get install python3.7
Salt Bootstrap
Salt Bootstrap is a configuration script which automatically detects the operating system it’s running on, sets the correct repositories, and installs Salt. The install script is intended to be run on the Salt master and all minion machines.
Salt Master
curl -L https://bootstrap.saltstack.com -o install_salt.sh
sudo sh install_salt.sh -P -M -N
Salt Minion
curl -L https://bootstrap.saltstack.com -o install_salt.sh
sudo sh install_salt.sh -P
Network Addressing
Salt Master
You can find the master configuration file here /etc/salt/master. Here we now want to define the interface our server is wirking on. You can uncomment the #interface: line near the top of the /etc/salt/master file and replace the address placeholder with the address of your Salt master’s IP. If all your nodes are located in the same data center, you can use the private IP address.
# The address of the interface to bind to:
interface: 192.168.2.110
The 'cleaner' way to handle this, is to leave the default config unchanged and add your own configuration files to /etc/salt/master.d. All *.conf files inside this directory will be used by Salt automatically - you can name them according to your needs.
sudo nano /etc/salt/master.d/local.conf
And add the lines that you need to configure Salt:
# The address of the interface to bind to:
interface: 192.168.2.110
Then restart Salt:
sudo systemctl restart salt-master
Salt Minions
To assign a master to your minions you can again uncomment #master: salt near the top of /etc/salt/minion, and replace salt with your Salt master’s IP address. Or add your own config file to /etc/salt/minion.d to override the default settings:
sudo nano /etc/salt/minion.d/local.conf
# Set the location of the salt master server. If the master server cannot be
# resolved, then the minion will fail to start.
master: 192.168.2.110
Authenticate Minions
From the Salt master, list its key fingerprint, and all Minions linked to it with their key fingerprints:
sudo salt-key --finger-all
Local Keys:
master.pem: f1:d3:52:eb:f4:52...
master.pub: 64:12:61:93:3e:09...
Add the Salt Master’s master.pub fingerprint to /etc/salt/minion, between the single quotes:
# Fingerprint of the master public key to validate the identity of your Salt master
# before the initial key exchange. The master fingerprint can be found by running
# 'salt-key -f master.pub' on the Salt master.
master_finger: '64:12:61:93:3e:09...'
And while we are at it - let's give our minion a name:
# Explicitly declare the id for this minion to use, if left commented the id
# will be the hostname as returned by the python call: socket.getfqdn()
# Since salt uses detached ids it is possible to run multiple minions on the
# same machine but with different ids, this can be useful for salt compute
# clusters.
id: ubuntuAsus
Then restart Salt:
sudo systemctl restart salt-minion
Test Connection
List the Minion’s fingerprint hash:
sudo salt-call key.finger --local
local:
6a:1f:19:8e:78:0f:2d...
and verify it with what’s reported by the Salt Master:
sudo salt-key --finger-all
Local Keys:
master.pem: f1:d3:52:eb:f4:52...
master.pub: 64:12:61:93:3e:09...
Unaccepted Keys:
centos8.localdomain: 6a:1f:19:8e:78:0f:2d...
Once each Minion ID has been verified, accept them all from the Salt Master:
sudo salt-key -a centos8.localdomain // or accept all: sudo salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
centos8.localdomain
Proceed? [n/Y] y
Key for minion centos8.localdomain accepted.
Unaccepted keys can be deleted with
salt-key -d 'minionname'. To get rid of all Keys from currently disconnected Minions runsalt-run manage.down removekeys=True
Verify the status of accepted minions. The command below should return the hostname or IP address of each Minion which has been verified and is running:
sudo salt-run manage.up
- ubuntuAsus
Ping all Minions:
sudo salt '*' test.ping
ubuntuAsus:
True
By using * you target all accepted Minions on your Salt network. You can also target a specific Minion sudo salt -L ubuntuAsus,ubuntuBrix test.ping.
Target selection options:
| -H, --hosts | List all known hosts to currently visible or other specified rosters |
| -E, --pcre | Instead of using shell globs to evaluate the target servers, use pcre regular expressions. |
| -L, --list | Instead of using shell globs to evaluate the target servers, take a comma or whitespace delimited list of servers. |
| -G, --grain | Instead of using shell globs to evaluate the target use a grain value to identify targets, the syntax for the target is the grain key followed by a globexpression: 'os:Arch*'. |
| -P, --grain-pcre | Instead of using shell globs to evaluate the target use a grain value to identify targets, the syntax for the target is the grain key followed by a pcre regular expression: 'os:Arch.*'. |
| -N, --nodegroup | Instead of using shell globs to evaluate the target use one of the predefined nodegroups to identify a list of targets. |
| -R, --range | Instead of using shell globs to evaluate the target use a range expression to identify targets. Range expressions look like %cluster. |
| -C, --compound | The compound target option allows for multiple target types to be evaluated, allowing for greater granularity in target matching. The compound target is space delimited, targets other than globs are preceded with an identifier matching the specific targets argument type: salt 'G@os:RedHat and webser* or E@database.*'. |
| -I, --pillar | Instead of using shell globs to evaluate the target use a pillar value to identify targets, the syntax for the target is the pillar key followed by a glob expression: 'role:production*'. |
| -J, --pillar-pcre | Instead of using shell globs to evaluate the target use a pillar value to identify targets, the syntax for the target is the pillar key followed by a pcre regular expression: 'role:prod.*'. |
| -S, --ipcidr | Match based on Subnet (CIDR notation) or IP address. |
Grains
Salt comes with an interface to derive information about the underlying system. This is called the Grains Interface, because it presents salt with grains of information. Grains are collected for the operating system, domain name, IP address, kernel, OS type, memory, and many other system properties.
You can list all available grains by running sudo salt '*' grains.ls. Or get all available grains for your connected Minions with sudo salt '*' grains.items:
ubuntuAsus:
----------
biosreleasedate:
07/31/2018
biosversion:
0407
cpu_model:
Intel(R) Core(TM) i3-8130U CPU @ 2.20GHz
cpuarch:
x86_64
kernelrelease:
5.4.0-42-generic
kernelversion:
#46-Ubuntu SMP Fri Jul 10 00:24:02 UTC 2020
locale_info:
----------
defaultencoding:
UTF-8
defaultlanguage:
en_US
detectedencoding:
utf-8
timezone:
UTC
localhost:
ubuntubrix
lsb_distrib_codename:
focal
lsb_distrib_description:
Ubuntu 20.04.1 LTS
lsb_distrib_id:
Ubuntu
lsb_distrib_release:
20.04
machine_id:
b783c83a285f4d4bac05fda96aa96a90
manufacturer:
ASUSTeK COMPUTER INC.
master:
192.168.2.110
mdadm:
mem_total:
7834
nodename:
ubuntubrix
num_cpus:
4
num_gpus:
1
os:
Ubuntu
os_family:
Debian
osarch:
amd64
oscodename:
focal
osfinger:
Ubuntu-20.04
osfullname:
Ubuntu
osmajorrelease:
20
osrelease:
20.04
osrelease_info:
- 20
- 4
username:
root
virtual:
physical
zfs_feature_flags:
False
zfs_support:
False
zmqversion:
4.3.2
To target Minions by grains use the -G flag:
sudo salt -G os:Ubuntu test.ping
ubuntuAsus:
True
We can also build this request as a compound command with the -C flag - ping all Minions that run Ubuntu and have an ID that starts with ubuntu:
sudo salt -C 'G@os:Ubuntu and ubuntu*' test.ping
ubuntuAsus:
True