Install Salt / Saltstack Master & Minion on Ubuntu 18.04 LTS

Posted on 296 views

Thanks for visiting our page on How to Install Salt / Saltstack on Ubuntu 18.04 LTS. Salt is an Open source infrastructure management platform built on a dynamic communication bus.

Salt can be used for configuration management for any system/application stack, for data-driven orchestration, remote infrastructure execution, and much more.

Components of Salt

Salt has the following components:

  • Salt Master: This is a central management system used to send commands and configurations to the Salt minion that is running on managed systems.
  • Salt Minions: These are systems which run the Salt minion and receives commands and configuration from the Salt master.
  • Salt SSH: Run Salt commands over SSH on systems that do not have a Salt minion. Salt Cloud / Salt Virt: Provision systems on cloud providers / hypervisors and immediately bring them under management.
  • Returners: Send data returned by Salt minions to another system, such as a database. Salt returners can run on the Salt minion or on the Salt master.
  • Runners: Modules that execute on the Salt master to perform supporting tasks. Salt runners report job status, connection status, read data from external APIs, query connected Salt minions, and more.

Install Salt / Saltstack on Ubuntu 18.04 LTS

Start by Importing SaltStack repository key:

wget -O - | sudo apt-key add -

Then add the repository by running the command:

echo "deb bionic main" | sudo tee /etc/apt/sources.list.d/saltstack.list

When done, update system package list and install Salt packages

sudo apt update
sudo apt -y install salt-api salt-cloud salt-master salt-minion salt-ssh salt-syndic

If you have an active UFW firewall, open ports 4505 and 4506:

sudo ufw allow proto tcp from any to any port 4505,4506

Salt Directories

  • /etc/salt
  • /var/cache/salt
  • /var/log/salt
  • /var/run/salt

Configuring Salt

The default Salt Master configuration /etc/salt/master should work for most installations. For Minions, the only requirement for getting started is to set the location of the master in the minion configuration file /etc/salt/minion

Configure Salt Master

By default, the Salt master listens on ports 4505 and 4506 on all interfaces (  If you would like to bind Salt to a specific IP, change the “interface” directive in the master configuration file, typically,/etc/salt/master as follows:


Then restart minion master:

sudo systemctl restart salt-master.service

Configure Salt Minions

Install the package salt-minion on all salt minions after importing repository key and adding the repo:

sudo apt install salt-minion

By default a Salt Minion will try to connect to the DNS name “salt“; if the Minion is able to resolve that name correctly, no configuration is needed.

Set DNS name of the Salt Master on /etc/hosts: salt

Set Minion ID on /etc/salt/minion_id:


Print the master key fingerprint by running the following command on the Salt master:

[[email protected] ~]# salt-key -F master
Local Keys:
master.pem:  c2:2b:2f:5f:91:f2:c3:8b:99:35:50:f9:eb:3f:5b:d7:e4:8d:c1:a2:50:9a:04:f9:e9:75:1b:3a:13:b3:24:0e  ab:27:28:d7:88:4e:f4:4c:8e:08:49:af:25:e6:86:65:2c:2a:51:2b:8f:d8:f6:b8:7d:f0:2f:cf:4d:2f:77:e5

Copy the fingerprint from the Local Keys section, and then set this value as the master_finger in the minion configuration file.

master_finger: 'ab:27:28:d7:88:4e:f4:4c:8e:08:49:af:25:e6:86:65:2c:2a:51:2b:8f:d8:f6:b8:7d:f0:2f:cf:4d:2f:77:e5'

If you make any change like setting IP address of the master on /etc/salt/minion, you’ll need to restart salt-minion service:

sudo systemctl restart salt-minion

Login to the master node and check Accepted Keys:

[[email protected] ~]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
Rejected Keys:

Accept the Key on the Master

[[email protected] ~]# salt-key --accept='ubuntu-01'
The following keys are going to be accepted:
Unaccepted Keys:
Proceed? [n/Y] Y 
Key for minion ubuntu-01 accepted.

[[email protected] ~]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
Rejected Keys:

From the output, you can confirm that the key has been added to the Accepted keys list.

You can also accept for all of the Minion servers by using the option -A:

[[email protected] ~]# salt-key -A

Check Minion Key Fingerprint

Run the following command on each Salt minion to view the minion key fingerprint:

# salt-call --local key.finger

Sample output

[[email protected] ~]# salt-call --local key.finger

Compare this value to the value that is displayed when you run the salt-key –finger command on the Salt master.

[[email protected] ~]# salt-key --finger ubuntu-01
Accepted Keys:
ubuntu-01:  45:b8:14:28:73:c5:fd:9f:af:21:f6:21:8e:06:3d:e6:b9:12:83:41:8a:78:3f:db:1e:19

Test Master Minion Communication

Verify the communication between the Master and a Minion by running the command:

[[email protected] ~]# salt ubuntu-01


To test the communication between Salt Master and all Minions use:

[[email protected] ~]# salt '*'

That’s all. Read more about Salt Configuration Management usage on Official Documentation website.


Gravatar Image
A systems engineer with excellent skills in systems administration, cloud computing, systems deployment, virtualization, containers, and a certified ethical hacker.