Salt or Saltstack is an open-source IT automation framework written in Python. It allows administrators to execute commands remotely to multiple machines directly.
Salt is designed with Master and Minion architecture. Salt master is the central controller of Salt configuration management, and Minions are servers managed by Salt master, or you named minions as target servers.
This guide’ll show you how to install SaltStack on Debian 12 servers. We’ll show you how to install Salt Master and Minion, how to run arbitrary commands via Salt, and then create the first Salt state for installing LAMP Stack.
Prerequisites
Before you start, make sure you have the following:
- Two or three Debian 12 servers – In this example, we’ll be using master server on 192.168.5.15 and the minion1 server on 192.168.5.21.
- A non-root user with administrator privileges.
Setup /etc/hosts file
In this section, you will set up the /etc/hosts file so each server can connect via hostname, which is easier than using an IP address.
Open the /etc/hosts file using the following nano editor.
sudo nano /etc/hosts
Insert details host and IP address into the file. Make sure to change the IP addresses and hostnames with your information.
192.168.5.15 master
192.168.5.21 minion1
Save and exit the file when done.
Adding SaltStack repository
After setting up the/etc/hosts file, you must add the SaltStack repository to all of your Debian servers. The SaltStack provides an official repository for most Linux distributions, including the latest Debian 12.
First, create a new directory /etc/apt/keyrings using the command below.
mkdir /etc/apt/keyrings
Download the GPG key for the SaltStack repository with the command below.
sudo curl -fsSL -o /etc/apt/keyrings/salt-archive-keyring-2023.gpg https://repo.saltproject.io/salt/py3/debian/12/amd64/SALT-PROJECT-GPG-PUBKEY-2023.gpg
Once the GPG key is downloaded, add the SaltStack repository using the following command.
echo "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2023.gpg arch=amd64] https://repo.saltproject.io/salt/py3/debian/12/amd64/latest bookworm main" | sudo tee /etc/apt/sources.list.d/salt.list
Now update and refresh your Debian package index.
sudo apt update
You can see below the SaltStack repository added to Debian servers.
Setting up UFW
In this example, you will set up and enable UFW (Uncomplicated Firewall) across your Debian servers. So you’ll install UFW, open the SSH port, then start and enable UFW.
Install UFW on your Debian system using the command below.
sudo apt install ufw -y
Once UFW is installed, execute the following command to enable the OpenSSH application profile. You will see output Rules added.
sudo ufw allow OpenSSH
Now enable UFW using the command below. Enter y to confirm, start, and enable UFW.
sudo ufw enable
You will get an output ‘Firewall is active …‘ once UFW is started and enabled.
Installing Salt Master
After you have completed tasks on top, you’re ready to install SaltStack. You will install and configure the Salt Master on the master server.
On the master server, run the command below to install the salt-master package. Input Y to confirm with the installation.
sudo apt install salt-master
After installation is finished, open the default Salt Master configuration /etc/salt/master using the nano editor command below.
sudo nano /etc/salt/master
Change the default interface with your local IP address. In this example, the master server IP address at 192.168.5.15.
interface: 192.168.5.15
Save the file and exit when finished.
Now run the command below to restart the salt-master service and apply your changes.
sudo systemctl restart salt-master
Then verify the salt-master service to ensure that the service is running.
sudo systemctl status salt-master
If running, you will see an output such as active (running).
Next, run the command below to open TCP ports 4505 and 4506 which Salt Master will use.
sudo ufw allow 4505,4506/tcp
Lastly, check the list of ports in your master server using the command below. Make sure access to ports 4505 and 4506 is allowed.
sudo ufw status
Installing Salt Minion
Now that you have configured Salt Master move on to configure Salt Manion on the minion1 server. You will install salt-minion and then configure it to connect to the Salt Master server.
Install the salt-minion package to the minion1 server using the command below. Input Y to confirm the installation.
sudo apt install salt-minion
Once the installation is finished, open the Salt Minion configuration /etc/salt/minion using the nano editor command.
sudo nano /etc/salt/minion
Input your Salt Master IP address to the master parameter like the following:
master: 192.168.5.15
save the file and exit the editor.
Next, run the command below to restart the salt-minion service and apply your changes.
sudo systemctl restart salt-minion
Lastly, verify the salt-minion service to ensure that the service is running. The Salt Minion will automatically register to the Salt Master server.
sudo systemctl status salt-minion
Make sure the salt-minion service is running like the following:
Adding Salt Minion to Salt Master
After configuring Salt Minion, you still need to accept the registration key from the Minion servers.
First, run the command below to verify the list key on the master server.
salt-key --finger-all
If everything goes well, you can see the key for the minion1 server or Salt Minion servers.
Now run the command below to accept the key for the minion1 server. Input Y to confirm and accept the key.
salt-key -a minion1
Next, verify again the list key on the minion1 server. You will see the key for the minion1 server listed in the Accepted Keys section.
salt-key --finger-all
Now you can test the connection to the Salt Minion server using the command. you can specify the target server with the hostname, or you can use the ‘*’ character to target all available Salt Minion servers.
salt minion1 test.ping
salt * test.ping
If the connection to Salt Minion is successful, you will see an output ‘True‘.
Lastly, verify the Salt version using the command below.
salt minion1 test.version
In this example, the Salt Minion 3007.0 is installed.
Running arbitrary command via SaltStack
With everything configured, you will test your SaltStack installation by running the arbitrary command on the minion1 server from the master server.
Run the command below to update the repository package index for Minion servers.
salt '*' pkg.refresh_db
Now run the command below to package updates on the target server.
salt '*' pkg.list_upgrades
Next, run the following command to show information about the apache2 package.
salt '*' pkg.show apache2
To check running services on the Minion server, run the command below.
salt '*' service.get_running
salt '*' service.execs
Creating Salt State for LAMP Stack installation
In this section, you will learn how to create the first SaltState for installing LAMP Stack (Apache, MariaDB, and PHP) to the minion1 server.
First, create a new directory /srv/salt/lamp using the command below.
mkdir -p /srv/salt/lamp
Now create a new Salt state init file /srv/salt/lamp/init.sls using the following nano editor.
nano /srv/salt/lamp/init.sls
Add the configuration below to the file. With this, you will install LAMP Stack (Apache, MariaDB, and PHP) on the target server.
lamp_stack:
pkg.installed:
- pkgs:
- apache2
- mariadb-server
- php
- libapache2-mod-phpapache2:
service.running:
- enable: True
- reload: Truemariadb:
service.running:
- enable: True
- reload: True
Save the file and exit.
Now run the command below to verify your Salt state configuration against Salt Minion. Make sure you don’t have any errors.
sudo salt * state.show_sls lamp
Next, run the command below to apply the Salt state ‘lamp‘ to the minion1 server.
sudo salt minion1 state.apply lamp
When the process complete, you will get the following output:
Lastly, run the command below to verify Apache and MariaDB services on the minion1 server.
salt '*' service.get_running
Make sure both apache2 and mariadb services are running.
Conclusion
Congratulations! You have completed the installation of SaltStack (Salt Master and Minion) on Debian 12 servers. You also learned how to run the arbitrary command against Minion servers and created the first Salt state for installing LAMP Stack (Apache2, MariaDB, and PHP).