Salt diaries: deploying salt on a small network
This post is the first in a series documenting the deployment of Salt on a small network ( ~ 100 hosts, initially targeting only linux-based ones which account for roughly half of it).
Due to the low number of hosts I have gone for a single master layout. The linux hosts are for the greatest part running Centos 5.[4,5] in both x86 and x64 favors, and just a couple running SLES.
Since minions by default will attempt to connect to the salt master by resolving an host named salt I configured a salt cname record for the salt master host in the dns server. At this point the master can be started with:
Note: I don't have firewall or SELinux enabled. In particular SELinux is problaly not yet supported at all.
If the minions are running correctly you should get a True response as each minion attempts to ping the master. I used the -v option so that the master reports minions that did not respond. If some of your minions are busy and/or on slow networks consider raising the timeout with:
That's it for now, in the next post I will get a basic states configuration working to make sure that all minions have a minimum configuration applied.
Installing salt master
The easiest way to install salt on Centos is to pull in the epel repository :
rpm -Uvh http://download.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm
then install salt with yum:
yum install -y salt-master
Since minions by default will attempt to connect to the salt master by resolving an host named salt I configured a salt cname record for the salt master host in the dns server. At this point the master can be started with:
/etc/init.d/salt-master start
Note: I don't have firewall or SELinux enabled. In particular SELinux is problaly not yet supported at all.
Installing salt minions
The procedure for minions is basically the same for master with the difference that the package to install in salt-minion instead of salt-master:
yum install -y salt-minion && /etc/init.d/salt-minion start
Moving back to the master, the salt-key command can be used to check that minions have connected to the it and their keys are pending for acceptance. In a couple of cases the minions reported localhost.localdomain instead of the correct hostname. To fix it I had to edit /etc/hosts on the minion, remove the real hostname (in both unqualified and qualified form) from 127.0.0.1 and ::1 lines, and then restart salt-minion.
The mismatched key can be removed from the master with:
The mismatched key can be removed from the master with:
salt-key -r localhost.localdomain
Testing
Before moving on I wanted to make sure that everything is working as expected, so I ran this command on the master:
salt -v '*' test.ping
If the minions are running correctly you should get a True response as each minion attempts to ping the master. I used the -v option so that the master reports minions that did not respond. If some of your minions are busy and/or on slow networks consider raising the timeout with:
salt -t 60 -v '*' test.ping
That's it for now, in the next post I will get a basic states configuration working to make sure that all minions have a minimum configuration applied.
See all my Salt-related posts