Puppet, Chef, and now Salt for Configuration Management

Use Salt to Manage all of your Salt Minions

Use Salt to Manage all of your Salt Minions

I had looked into chef and puppet in the past and even implemented puppet as a configuration management system.  Puppet worked pretty good for what I needed, and I have to admit, I didn’t have much time to go beyond exactly what I needed, so I am sure there was a lot that I was missing.  The other day, one of my friends (and also a subscriber to Uptimemadeeasy articles) suggested that I give salt a try.

Saltstack Made a Simpler Puppet

He was right,I do like Salt.  It’s not quite perfect and there are some things that I prefer puppet for, but if you don’t have something setup for configuration management yet, you may want to give Salt a try.  Overall, after just a few hours of using Salt, it seems much simpler and easier to understand.

Salt-Master vs Salt-Minion

There are several ways to use Salt, but typically, you would create a “Salt Master” that controls several “Salt Minion” machines.  You also have the option of just running Salt in a stand-alone environment on minions without having a Salt-Master.  For the tasks I have in mind with configuration management, it makes more sense for me to have a Master – Minion environment, and that is what I will show you how to install below.

Install Salt on CentOS

Salt has a few system requirement dependencies (Python 2.6 or greater, ZeroMQ 3.2.0 or better, pyzmq 2.2.0 or better, PyCrypto, M2Crypto, msgpack-python, YAML, Jinja2, Markup Safe, and apache-libcloud) which will be installed automatically if you install using yum as I will be doing below.  If you download the source code and install that way, be sure to have these prerequisites.

Whether you are installing the Salt-Master or Salt-Minion, you will need to have the EPEL installed on your CentOS box to get going.  Here are the instructions that I have posted in other articles on installing the CentOS EPEL:

Install the EPEL Repository

The latest version of PowerDNS is in the EPEL Repository which makes it very simple to install the PowerDNS packages.  If you don’t have the EPEL installed yet, here are some directions for you:

# Install wget if you don't have it yet.
yum install wget
# Download the EPEL RPM
wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
# Install the EPEL RPM
rpm -Uvh ./epel-release-6-8.noarch.rpm

With the EPEL repository installed, we are now ready to install the Salt packages:

Install Salt-Master on CentOS 6

Installing the Salt-Master package is sooo easy.

# yum install salt-master
# chkconfig salt-master on
# service salt-master start

That’s it, it’s installed.  Now let’s install the Salt-Minion on the slave machine:

Install Salt-Minion on CentOS 6

Installing the Salt-Minion is package is just as easy.

# yum install salt-minion
# chkconfig salt-minion on
# service salt-minion start

but with maybe one more step…  After we have the salt-minion package installed, we need to edit the /etc/salt/minion file.  There are lots of options in there, but we really only need to modify 2 options at this point.  We need to tell the salt-minion who its master is and what its personal id is.  Find these options and change them.

master: shaker.uptimemadeeasy.com   # put hostname of salt-master here.
id: saltminion1                     # put some identifiable name here.

Once we have our /etc/salt/minion file edited, we need to restart the salt-minion service:

# service salt-minion restart

Accept the Salt-Minion’s Keys on the Salt-Master

Once we have our Salt Master and Minion(s) configured, we need to accept the keys from the minions on the Salt-Master.  We login to the Salt-Master machine and as root or using sudo run:

# salt-key -L
Accepted Keys:
Unaccepted Keys:
Rejected Keys:

You can see that our machine saltminion1 is listed under “Unaccepted Keys”, let’s accept it using:

# salt-key -a saltminion1
The following keys are going to be accepted:
Unaccepted Keys:
Proceed? [n/Y] y
Key for minion saltminion1 accepted.

Now that the key has been accepted, we can rerun salt-key -L and verify that it is under the “Accepted Keys” heading:

# salt-key -L
Accepted Keys:
Unaccepted Keys:
Rejected Keys:

Well, that did it, we’ve installed salt-master on the master server and salt-minion on the slave machine.  We probably want to test it out a bit.

Test Your Salt-Minion

We can now run the salt command against the minions under the master’s control.

Salt test.ping

We can use salt to test ping our minions.  Below we use the test.ping salt function against the saltminion1 machine:

# salt 'saltminion1' test.ping

Here’s a quick look at the syntax of the salt command:

# salt [options] '<target minion>' <function> [function arguments]

The target can be a single machine as you see in the test.ping example above, against all minions using ‘*’ or using groups based on and of the system grains.

Some Example Salt Command Line Examples

Install a package on a minion machine

# salt 'saltminion1' cmd.run "yum install mysql-server mysql"

Run a command on all minions

# salt '*' cmd.run "uptime"
 21:13:15 up 42 days, 8:18, 0 users, load average: 0.01, 0.03, 0.05
 21:13:15 up 28 days, 3:05, 0 users, load average: 0.00, 0.01, 0.01

Get the disk usage on a minion using disk.usage

# salt saltminion2 disk.usage --output=grains
 /: {'available': '16998172', '1K-blocks': '23262376', 'used': '5082508', 'capacity': '24%', 'filesystem': '/dev/mapper/vg_saltminion1-lv_root'}
 /boot: {'available': '436484', '1K-blocks': '495844', 'used': '33760', 'capacity': '8%', 'filesystem': '/dev/sda1'}
 /dev/shm: {'available': '510176', '1K-blocks': '510244', 'used': '68', 'capacity': '1%', 'filesystem': 'tmpfs'}

Get a list of all of the grains from a minion using grains.items and send the output into a file

salt saltminion1 grains.items --output-file=minion1.grains

Additional Resources on Salt

You can see from this quick introduction.  You can also see how useful salt can be looking at the examples above.  There are lots of helpful people writing articles on salt.  Here is a short list of some articles that have helped me get started:




The following two tabs change content below.
Jeff has 20 years of professional IT experience, having done nearly everything in his roles of IT consultant, Systems Integrator, Systems Engineer, CNOC Engineer, Systems Administrator, Network Systems Administrator, and IT Director. If there is one thing he knows for sure, it is that there is always a simple answer to every IT problem and that downtime begins with complexity. Seasoned IT professional by day, Jeff hopes to help other IT professionals by blogging about his experiences at night on his blog: http://uptimemadeeasy.com. You can find Jeff on or LinkedIn at: LinkedIn or Twitter at: Twitter

Latest posts by Jeff Staten (see all)

Leave a Reply

Your email address will not be published. Required fields are marked *