Problem scenario
You want to install SaltStack Master and SaltStack Minion. You want them to be configured to work together. You have different distributions of Linux. What should you do?
Solution in Three Parts
Overview
This solution works for any distribution of Linux (e.g., Debian distributions, including Ubuntu, RedHat derivatives, including CentOS, RHEL, and Fedora, or SUSE). This solution is written as if your Linux servers were in AWS. If you are using Azure, consider the "Network Security Group" instead of the "Security Group." If you are deploying SaltStack on-premises, consider the relevant firewall(s) between the servers that will be SaltStack Master and SaltStack Minion instead of the Security Groups.
Part 1 Create a Salt Master Server
1. Create a Linux server and put it in a Security Group that has access to the internet for this initial setup, and has connectivity to the other server that will be the Salt Minion. The exception rule should involve the source IP address of the SaltMaster server. This is the internal IP address of the server (from an "ip addr show" command) and not the external IP address as seen in the EC2 console (one that you would use Putty to connect to). Now that this server can connect to other servers as far as the Security Group is concerned, move to step #2.
2. Run the command below that corresponds with your distribution of Linux (as found with cat /etc/*-release | grep -i pretty).
Debian / Ubuntu: sudo apt-get -y install salt-master
RHEL/CentOS/Fedora: sudo yum -y install salt-master
SUSE: sudo zypper -n install salt-master
3. Verify it worked: salt-master --version
4. Start the salt-master service with this command: sudo systemctl start salt-master
Depending on you distribution of Linux the command to use may be this next one instead: sudo service salt-master start
Part 2 Create a Salt Minion Server
5. Create a Linux server with network connectivity to the Salt Master server. If you are not using AWS, go to step #6.
5.a. If you are using AWS put it in a Security Group that has access to the internet for this initial setup, and has connectivity to the other server that will be the Salt Minion. The exception rule should involve the source IP address of the SaltMinion server. This is the internal IP address of the server (from an "ip addr show" command) and not the external IP address as seen in the EC2 console (one that you would use Putty to connect to). Now that this server can connect to other servers as far as the Security Group is concerned, move to step #6.
6. Find the distribution of Linux below and run the corresponding command (as found with cat /etc/*-release | grep -i pretty):
Debian / Ubuntu: sudo apt-get -y install salt-minion
RHEL/CentOS/Fedora: sudo yum -y install salt-minion
SUSE: sudo zypper -n install salt-master
7.a. vi /etc/salt/minion
7.b. Search for "master: salt"
7.c. Uncomment this line. Change "salt" to "saltmaster" or the hostname of the salt master server.
8. Update the /etc/hosts file to ensure it can resolve the saltmaster hostname via a ping.
9. Run this command: sudo salt-minion -l debug
Part 3 Configure Salt Master to Communicate With Salt Minion
10. Log on to the Salt Master server.
11. Run this: sudo salt-key -L
The output should look something like this:
Accepted Keys:
Denied Keys:
Unaccepted Keys:
salt-minion1.continualintegration.com
Rejected Keys:
12. Run this command (where salt-minion1.continualintegration.com is an Unnaccepted Key displayed above):
sudo salt-key -a salt-minion1.continualintegration.com
respond to the prompt with "Y" with no quotes and press enter.
13. You are done. Now these commands should work (from the Salt Master server):
sudo salt '*' test.ping
sudo salt '*' disk.usage
sudo salt '*' cmd.run 'ls -l /etc'
sudo salt '*' network.interfaces
sudo salt '*' test.echo 'foo: bar'