< Previous | Contents | Next >
10.2.1. Setting Up SaltStack
SaltStack is a centralized configuration management service: a salt master manages many salt min- ions. You should install the salt-master package on a server that is reachable by all the hosts that you want to manage and salt-minion on the hosts that you wish to manage. Each minion must be told where to find their master. Simply edit /etc/salt/minion and set the master key to the DNS name (or IP address) of the Salt master. Note that Salt uses YAML as format for its configuration files.
minion# vim /etc/salt/minion
minion# grep ^master /etc/salt/minion
master: 192.168.122.105
minion# vim /etc/salt/minion
minion# grep ^master /etc/salt/minion
master: 192.168.122.105
Each minion has a unique identifier stored in /etc/salt/minion_id, which defaults to its host- name. This minion identifier will be used in the configuration rules and as such, it is important to set it properly before the minion opens its connection to the master:
minion# echo kali-scratch >/etc/salt/minion_id
minion# systemctl enable salt-minion
minion# systemctl start salt-minion
minion# echo kali-scratch >/etc/salt/minion_id
minion# systemctl enable salt-minion
minion# systemctl start salt-minion
When the salt-minion service is running, it will try to connect to the Salt master to exchange some cryptographic keys. On the master side, you have to accept the key that the minion is using to identify itself to let the connection proceed. Subsequent connections will be automatic:
master# systemctl enable salt-master master# systemctl start salt-master master# salt-key --list all
Accepted Keys: Denied Keys: Unaccepted Keys: kali-scratch Rejected Keys:
master# salt-key --accept kali-scratch
The following keys are going to be accepted:
master# systemctl enable salt-master master# systemctl start salt-master master# salt-key --list all
Accepted Keys: Denied Keys: Unaccepted Keys: kali-scratch Rejected Keys:
master# salt-key --accept kali-scratch
The following keys are going to be accepted:
Unaccepted Keys: kali-scratch Proceed? [n/Y] y
Key for minion kali-scratch accepted.
Unaccepted Keys: kali-scratch Proceed? [n/Y] y
Key for minion kali-scratch accepted.