salt stack configuration

Master-server

server configuration

[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:a0:15:c1 brd ff:ff:ff:ff:ff:ff
inet 192.168.43.147/24 brd 192.168.43.255 scope global dynamic eno16777736
valid_lft 1369sec preferred_lft 1369sec
inet6 fe80::20c:29ff:fea0:15c1/64 scope link
valid_lft forever preferred_lft forever
[root@localhost ~]# hostnamectl set-hostname saltserver.example.com

[root@saltserver ~]# sestatus
SELinux status: disabled

[root@saltserver ~]# service firewalld stop

[root@saltserver ~]# systemctl disable firewalld

[root@saltserver ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.43.147 saltserver.example.com
192.168.43.148 minions.example.com

[root@saltserver ~]# yum install salt-master salt-minion salt-ssh salt-syndic salt-cloud -y

[root@saltserver ~]# netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1309/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1625/master
tcp6 0 0 :::22 :::* LISTEN 1309/sshd
tcp6 0 0 ::1:25 :::* LISTEN 1625/master
udp 0 0 0.0.0.0:48442 0.0.0.0:* 1120/dhclient
udp 0 0 0.0.0.0:68 0.0.0.0:* 1120/dhclient
udp6 0 0 :::42260 :::* 1120/dhclient

[root@saltserver ~]# service salt-master start
Redirecting to /bin/systemctl start salt-master.service

[root@saltserver ~]# netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1309/sshd
tcp 0 0 0.0.0.0:4505 0.0.0.0:* LISTEN 2847/python
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1625/master
tcp6 0 0 :::22 :::* LISTEN 1309/sshd
tcp6 0 0 ::1:25 :::* LISTEN 1625/master
udp 0 0 0.0.0.0:48442 0.0.0.0:* 1120/dhclient
udp 0 0 0.0.0.0:68 0.0.0.0:* 1120/dhclient
udp6 0 0 :::42260 :::* 1120/dhclient

[root@saltserver ~]# lsof -i:4505
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
salt-mast 2847 root 16u IPv4 19609 0t0 TCP *:4505 (LISTEN)
[root@saltserver ~]# lsof -i:4506
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
salt-mast 2964 root 24u IPv4 19921 0t0 TCP *:4506 (LISTEN)

[root@saltserver ~]# ll /etc/salt/
total 140
-rw-r—– 1 root root 2626 Oct 31 18:32 cloud
drwxr-xr-x 2 root root 4096 Nov 1 13:57 cloud.conf.d
drwxr-xr-x 2 root root 4096 Nov 1 13:57 cloud.deploy.d
drwxr-xr-x 2 root root 4096 Nov 1 13:57 cloud.maps.d
drwxr-xr-x 2 root root 4096 Nov 1 13:57 cloud.profiles.d
drwxr-xr-x 2 root root 4096 Nov 1 13:57 cloud.providers.d
-rw-r—– 1 root root 40222 Oct 31 18:32 master
drwxr-xr-x 2 root root 4096 Nov 1 13:57 master.d
-rw-r—– 1 root root 32343 Oct 31 18:32 minion
drwxr-xr-x 2 root root 4096 Nov 1 13:57 minion.d
drwxr-xr-x 4 root root 4096 Nov 21 07:40 pki
-rw-r—– 1 root root 26855 Oct 31 18:32 proxy
-rw-r—– 1 root root 344 Aug 10 2015 roster

[root@saltserver ~]# cat /etc/salt/master |grep interface:
#interface: 0.0.0.0
# the interface option must be adjusted, too. (For example: “interface: ‘::'”)

[root@saltserver ~]# vim /etc/salt/master

[root@saltserver ~]# cat /etc/salt/master |grep interface:
interface: 192.168.43.147
# the interface option must be adjusted, too. (For example: “interface: ‘::'”)
[root@saltserver ~]# mkdir -p /salt/pillars/base

[root@saltserver ~]# mkdir -p /salt/states/base

[root@saltserver ~]# cat /salt/states/base
file_roots:
base:
– /salt/states/base

[root@saltserver ~]# cat /salt/pillars/base
pillar_roots:
base:
– /salt/pillars/base

[root@saltserver ~]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
Rejected Keys:

[root@saltserver ~]# service salt-minion start
Redirecting to /bin/systemctl start salt-minion.service

[root@saltserver ~]# service salt-minion restart
Redirecting to /bin/systemctl restart salt-minion.service

[root@saltserver ~]# netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1309/sshd
tcp 0 0 192.168.43.147:4505 0.0.0.0:* LISTEN 6310/python
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1625/master
tcp 0 0 192.168.43.147:4506 0.0.0.0:* LISTEN 6454/python
tcp6 0 0 :::22 :::* LISTEN 1309/sshd
tcp6 0 0 ::1:25 :::* LISTEN 1625/master
udp 0 0 0.0.0.0:48442 0.0.0.0:* 1120/dhclient
udp 0 0 0.0.0.0:68 0.0.0.0:* 1120/dhclient
udp6 0 0 :::42260 :::* 1120/dhclient

========================== Minion Side===============================

[root@minions ~]# yum install salt-minion -y

[root@minions ~]# cat /etc/salt/minion |grep “master: salt”
#master: salt

[root@minions ~]# vim /etc/salt/minion

[root@minions ~]# cat /etc/salt/minion |grep “master: ”
master: 192.168.43.148
#random_master: False

[root@minions ~]# service salt-minion status
Redirecting to /bin/systemctl status salt-minion.service
● salt-minion.service – The Salt Minion
Loaded: loaded (/usr/lib/systemd/system/salt-minion.service; disabled; vendor preset: disabled)
Active: inactive (dead)

[root@minions ~]# service salt-minion start
Redirecting to /bin/systemctl start salt-minion.service

[root@minions ~]# telnet 192.168.43.147 4505
Trying 192.168.43.147…
Connected to 192.168.43.147.
Escape character is ‘^]’.
^C
^C
Connection closed by foreign host.
=================Server-side==========================

[root@saltserver ~]# salt-key -F master
Local Keys:
master.pem: 17:1a:47:8d:91:26:2f:46:7f:96:7c:30:8f:dd:14:29
master.pub: 69:95:a4:02:60:53:2c:b1:fa:b0:fa:1e:0e:2c:f9:d5

[root@saltserver ~]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
saltserver.example.com
Rejected Keys:

[root@saltserver ~]# salt-key -a saltserver.example.com
The following keys are going to be accepted:
Unaccepted Keys:
saltserver.example.com
Proceed? [n/Y] y
Key for minion saltserver.example.com accepted.
[root@saltserver ~]# salt-key -L
Accepted Keys:
saltserver.example.com
Denied Keys:
Unaccepted Keys:
Rejected Keys:

[root@saltserver ~]# salt-key –list all
Accepted Keys:
saltserver.example.com
Denied Keys:
Unaccepted Keys:
Rejected Keys:

[root@saltserver ~]# salt saltserver.example.com test.ping
saltserver.example.com:
True

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s