Thanks for visiting our page on How to Install Salt / Saltstack on Ubuntu 18.04 LTS. Salt is an Open source infrastructure management platform built on a dynamic communication bus.
Salt can be used for configuration management for any system/application stack, for data-driven orchestration, remote infrastructure execution, and much more.
Components of Salt
Salt has the following components:
- Salt Master: This is a central management system used to send commands and configurations to the Salt minion that is running on managed systems.
- Salt Minions: These are systems which run the Salt minion and receives commands and configuration from the Salt master.
- Salt SSH: Run Salt commands over SSH on systems that do not have a Salt minion. Salt Cloud / Salt Virt: Provision systems on cloud providers / hypervisors and immediately bring them under management.
- Returners: Send data returned by Salt minions to another system, such as a database. Salt returners can run on the Salt minion or on the Salt master.
- Runners: Modules that execute on the Salt master to perform supporting tasks. Salt runners report job status, connection status, read data from external APIs, query connected Salt minions, and more.
Install Salt / Saltstack on Ubuntu 18.04 LTS
Start by Importing SaltStack repository key:
wget -O - https://repo.saltstack.com/apt/ubuntu/18.04/amd64/latest/SALTSTACK-GPG-KEY.pub | sudo apt-key add -
Then add the repository by running the command:
echo "deb http://repo.saltstack.com/apt/ubuntu/18.04/amd64/latest bionic main" | sudo tee /etc/apt/sources.list.d/saltstack.list
When done, update system package list and install Salt packages
sudo apt update sudo apt -y install salt-api salt-cloud salt-master salt-minion salt-ssh salt-syndic
If you have an active UFW firewall, open ports 4505 and 4506:
sudo ufw allow proto tcp from any to any port 4505,4506
The default Salt Master configuration
/etc/salt/master should work for most installations. For Minions, the only requirement for getting started is to set the location of the master in the minion configuration file
Configure Salt Master
By default, the Salt master listens on ports
4506 on all interfaces (0.0.0.0). If you would like to bind Salt to a specific IP, change the “interface” directive in the master configuration file, typically,
/etc/salt/master as follows:
Then restart minion master:
sudo systemctl restart salt-master.service
Configure Salt Minions
Install the package
salt-minion on all salt minions after importing repository key and adding the repo:
sudo apt install salt-minion
By default a Salt Minion will try to connect to the DNS name “salt“; if the Minion is able to resolve that name correctly, no configuration is needed.
Set DNS name of the Salt Master on
Set Minion ID on
Print the master key fingerprint by running the following command on the Salt master:
[[email protected] ~]# salt-key -F master Local Keys: master.pem: c2:2b:2f:5f:91:f2:c3:8b:99:35:50:f9:eb:3f:5b:d7:e4:8d:c1:a2:50:9a:04:f9:e9:75:1b:3a:13:b3:24:0e master.pub: ab:27:28:d7:88:4e:f4:4c:8e:08:49:af:25:e6:86:65:2c:2a:51:2b:8f:d8:f6:b8:7d:f0:2f:cf:4d:2f:77:e5
master.pub fingerprint from the Local Keys section, and then set this value as the
master_finger in the minion configuration file.
If you make any change like setting IP address of the master on
/etc/salt/minion, you’ll need to restart salt-minion service:
sudo systemctl restart salt-minion
Login to the master node and check Accepted Keys:
[[email protected] ~]# salt-key -L Accepted Keys: Denied Keys: Unaccepted Keys: ubuntu-01 Rejected Keys:
Accept the Key on the Master
[[email protected] ~]# salt-key --accept='ubuntu-01' The following keys are going to be accepted: Unaccepted Keys: ubuntu-01 Proceed? [n/Y] Y Key for minion ubuntu-01 accepted. [[email protected] ~]# salt-key -L Accepted Keys: ubuntu-01 Denied Keys: Unaccepted Keys: Rejected Keys:
From the output, you can confirm that the key has been added to the Accepted keys list.
You can also accept for all of the Minion servers by using the option -A:
[[email protected] ~]# salt-key -A
Check Minion Key Fingerprint
Run the following command on each Salt minion to view the minion key fingerprint:
# salt-call --local key.finger
[[email protected] ~]# salt-call --local key.finger local: 45:b8:14:28:73:c5:fd:9f:af:21:f6:21:8e:06:3d:e6:b9:12:83:41:8a:78:3f:db:1e:19:85:d0:1d:71:be:02
Compare this value to the value that is displayed when you run the salt-key –finger
[[email protected] ~]# salt-key --finger ubuntu-01 Accepted Keys: ubuntu-01: 45:b8:14:28:73:c5:fd:9f:af:21:f6:21:8e:06:3d:e6:b9:12:83:41:8a:78:3f:db:1e:19
Test Master Minion Communication
Verify the communication between the Master and a Minion by running the
[[email protected] ~]# salt ubuntu-01 test.ping ubuntu-01: True
To test the communication between Salt Master and all Minions use:
[[email protected] ~]# salt '*' test.ping
That’s all. Read more about Salt Configuration Management usage on Official Documentation website.