How to Install SaltStack IT Automation Framework on Debian 12

0
93

Salt or Saltstack is an open-source IT automation framework written in Python. It allows administrators to execute commands remotely to multiple machines directly.

Salt is designed with Master and Minion architecture. Salt master is the central controller of Salt configuration management, and Minions are servers managed by Salt master, or you named minions as target servers.

This guide’ll show you how to install SaltStack on Debian 12 servers. We’ll show you how to install Salt Master and Minion, how to run arbitrary commands via Salt, and then create the first Salt state for installing LAMP Stack.

Prerequisites

Before you start, make sure you have the following:

  • Two or three Debian 12 servers – In this example, we’ll be using master server on 192.168.5.15 and the minion1 server on 192.168.5.21.
  • A non-root user with administrator privileges.

Setup /etc/hosts file

In this section, you will set up the /etc/hosts file so each server can connect via hostname, which is easier than using an IP address.

Open the /etc/hosts file using the following nano editor.

sudo nano /etc/hosts

Insert details host and IP address into the file. Make sure to change the IP addresses and hostnames with your information.

192.168.5.15 master
192.168.5.21 minion1

Save and exit the file when done.

Adding SaltStack repository

After setting up the/etc/hosts file, you must add the SaltStack repository to all of your Debian servers. The SaltStack provides an official repository for most Linux distributions, including the latest Debian 12.

First, create a new directory /etc/apt/keyrings using the command below.

mkdir /etc/apt/keyrings

Download the GPG key for the SaltStack repository with the command below.

sudo curl -fsSL -o /etc/apt/keyrings/salt-archive-keyring-2023.gpg https://repo.saltproject.io/salt/py3/debian/12/amd64/SALT-PROJECT-GPG-PUBKEY-2023.gpg

Once the GPG key is downloaded, add the SaltStack repository using the following command.

echo "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2023.gpg arch=amd64] https://repo.saltproject.io/salt/py3/debian/12/amd64/latest bookworm main" | sudo tee /etc/apt/sources.list.d/salt.list

Now update and refresh your Debian package index.

sudo apt update

You can see below the SaltStack repository added to Debian servers.

Setting up UFW

In this example, you will set up and enable UFW (Uncomplicated Firewall) across your Debian servers. So you’ll install UFW, open the SSH port, then start and enable UFW.

Install UFW on your Debian system using the command below.

sudo apt install ufw -y

Once UFW is installed, execute the following command to enable the OpenSSH application profile. You will see output Rules added.

sudo ufw allow OpenSSH

Now enable UFW using the command below. Enter y to confirm, start, and enable UFW.

sudo ufw enable

You will get an output ‘Firewall is active …‘ once UFW is started and enabled.

Installing Salt Master

After you have completed tasks on top, you’re ready to install SaltStack. You will install and configure the Salt Master on the master server.

On the master server, run the command below to install the salt-master package. Input Y to confirm with the installation.

sudo apt install salt-master

After installation is finished, open the default Salt Master configuration /etc/salt/master using the nano editor command below.

sudo nano /etc/salt/master

Change the default interface with your local IP address. In this example, the master server IP address at 192.168.5.15.

interface: 192.168.5.15

Save the file and exit when finished.

Now run the command below to restart the salt-master service and apply your changes.

sudo systemctl restart salt-master

Then verify the salt-master service to ensure that the service is running.

sudo systemctl status salt-master

If running, you will see an output such as active (running).

Next, run the command below to open TCP ports 4505 and 4506 which Salt Master will use.

sudo ufw allow 4505,4506/tcp

Lastly, check the list of ports in your master server using the command below. Make sure access to ports 4505 and 4506 is allowed.

sudo ufw status

Installing Salt Minion

Now that you have configured Salt Master move on to configure Salt Manion on the minion1 server. You will install salt-minion and then configure it to connect to the Salt Master server.

Install the salt-minion package to the minion1 server using the command below. Input Y to confirm the installation.

sudo apt install salt-minion

Once the installation is finished, open the Salt Minion configuration /etc/salt/minion using the nano editor command.

sudo nano /etc/salt/minion

Input your Salt Master IP address to the master parameter like the following:

master: 192.168.5.15

save the file and exit the editor.

Next, run the command below to restart the salt-minion service and apply your changes.

sudo systemctl restart salt-minion

Lastly, verify the salt-minion service to ensure that the service is running. The Salt Minion will automatically register to the Salt Master server.

sudo systemctl status salt-minion

Make sure the salt-minion service is running like the following:

Adding Salt Minion to Salt Master

After configuring Salt Minion, you still need to accept the registration key from the Minion servers.

First, run the command below to verify the list key on the master server.

salt-key --finger-all

If everything goes well, you can see the key for the minion1 server or Salt Minion servers.

Now run the command below to accept the key for the minion1 server. Input Y to confirm and accept the key.

salt-key -a minion1

Next, verify again the list key on the minion1 server. You will see the key for the minion1 server listed in the Accepted Keys section.

salt-key --finger-all

Now you can test the connection to the Salt Minion server using the command. you can specify the target server with the hostname, or you can use the ‘*’ character to target all available Salt Minion servers.

salt minion1 test.ping
salt * test.ping

If the connection to Salt Minion is successful, you will see an output ‘True‘.

Lastly, verify the Salt version using the command below.

salt minion1 test.version

In this example, the Salt Minion 3007.0 is installed.

Running arbitrary command via SaltStack

With everything configured, you will test your SaltStack installation by running the arbitrary command on the minion1 server from the master server.

Run the command below to update the repository package index for Minion servers.

salt '*' pkg.refresh_db

Now run the command below to package updates on the target server.

salt '*' pkg.list_upgrades

Next, run the following command to show information about the apache2 package.

salt '*' pkg.show apache2

To check running services on the Minion server, run the command below.

salt '*' service.get_running
salt '*' service.execs

Creating Salt State for LAMP Stack installation

In this section, you will learn how to create the first SaltState for installing LAMP Stack (Apache, MariaDB, and PHP) to the minion1 server.

First, create a new directory /srv/salt/lamp using the command below.

mkdir -p /srv/salt/lamp

Now create a new Salt state init file /srv/salt/lamp/init.sls using the following nano editor.

nano /srv/salt/lamp/init.sls

Add the configuration below to the file. With this, you will install LAMP Stack (Apache, MariaDB, and PHP) on the target server.

lamp_stack:
pkg.installed:
- pkgs:
- apache2
- mariadb-server
- php
- libapache2-mod-php

apache2:
service.running:
- enable: True
- reload: True

mariadb:
service.running:
- enable: True
- reload: True

Save the file and exit.

Now run the command below to verify your Salt state configuration against Salt Minion. Make sure you don’t have any errors.

sudo salt * state.show_sls lamp

Next, run the command below to apply the Salt state ‘lamp‘ to the minion1 server.

sudo salt minion1 state.apply lamp

When the process complete, you will get the following output:

Lastly, run the command below to verify Apache and MariaDB services on the minion1 server.

salt '*' service.get_running

Make sure both apache2 and mariadb services are running.

Conclusion

Congratulations! You have completed the installation of SaltStack (Salt Master and Minion) on Debian 12 servers. You also learned how to run the arbitrary command against Minion servers and created the first Salt state for installing LAMP Stack (Apache2, MariaDB, and PHP).


LEAVE A REPLY

Please enter your comment!
Please enter your name here