Basic salt on CentOS7 both server and client

Very quick look at how to install and use Saltstack on one vm both server and minion. Also we loot at some basic commands that are needed to manage salt deployment

Installing salt

Salt server can be installed in many ways
Option 1 (saltstack repo)

yum install
yum clean expire-cache
yum install salt-master
yum install salt-minion
systemctl start salt-server.service
systemctl eable salt-server.service
systemctl start salt-minion.service
systemctl eable salt-minion.service

Because we are installing on same server only below steps are necessary. We need to edit menion configuration file and add fqdn of master

master: "ip of salt sderver"

Option 2(epel repo)

rpm -ivh epel-release-latest-7.noarch.rpm
 yum -y install salt-master
systemctl salt-master start
systemctl enable salt-master

List keys

salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
Rejected Keys:

Accept keys

 salt-key --accept=test-centos7.local
The following keys are going to be accepted:
Unaccepted Keys:
Proceed? [n/Y] y
Key for minion test-centos7.local accepted.

List keys again and make sure they are now accepted

[root@br-test-centos7 salt]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
Rejected Keys:

Salt Remote execution

List available functions and modules

salt '*' sys.doc
salt '*' sys.list_modules
salt '*' sys.list_state_functions 
salt '*' sys.list_state_functions pkg
salt '*' sys.state_doc pkg.latest         #lookup documentation for state module

Execute function or remote command

salt '*'

salt '*' disk.usage
salt '*' 'ls -l | grep foo'

Match a list of minions

salt -L 'minion1,minion2,minion3'

Add user,install packages, manage services and so on

salt '*' sys.doc user.add
salt '*' user.add myuser
salt '*' sys.doc pkg.install
salt '*' pkg.install pkgname
salt '*' service.status apache2

Salt states example

List of salt STATE MODULES can be found at:

We assume master and client1.lab as minion
1. Edit salt master file and make sure comments removed from

    - /srv/salt

2. create srv/salt directory
3. create file called top.sls

    - webserver

4. create file called webserver.sls

    - installed       

5. Execute state

salt '*' state.apply

Using grains

Place grain in /etc/salt/grains

vi /etc/salt/grains
granename: value

List grain items

salt '*' grains.items

View and target specific grains

salt '*' grains.item os
salt -G 'os:CentOS'

Example of distributing hosts.allow files based on grain values.
1. Create /etc/salt/grains file on your minion

vi /etc/salt/grains
location: america

2. On your master create directory based on your configuration for distributing states.

mkdir -p /opt/prolinuxhub/hostsallow

3. Create your init file

vi /opt/prolinuxhub/hostsallow
    {% if grains['location'] == 'america' %}
    - source: salt://hostsallow/hosts.allow.america
    {% elif grains['location'] == 'china' %}
    - source: salt://hostsallow/hosts.allow.china
    {% endif %}
    - user: root
    - group: root
    - mode: 644

4. Create your host files in /opt/prolinuxhub/hostsallow directory

5. Apply you states

salt -G 'location:america' state.apply hostsallow

Location of SALT state and execution modules