Saltstack安装和基础配置官方文档



2.2.7. RHEL / CentOS / Scientific Linux / Amazon Linux / Oracle Linux¶

2.2.7.1. Installation Using pip¶

Since Salt is on
PyPI, it can be installed using pip, though most users prefer to install using RPMs (which can be installed from

EPEL). Installation from pip is easy:

pip install salt

Warning
If installing from pip (or from source using
setup.py install), be advised that the
yum-utils package is needed for Salt to manage packages. Also, if the Python dependencies are not already installed, then you will need additional libraries/tools installed to build some of them. More
information on this can be found
here.

2.2.7.2. Installation from EPEL¶

Beginning with version 0.9.4, Salt has been available in
EPEL. It is installable using yum. Salt should work properly with all mainstream derivatives of RHEL, including CentOS, Scientific Linux, Oracle Linux and Amazon Linux. Report any bugs or issues on the

issue tracker.

On RHEL6, the proper Jinja package 'python-jinja2' was moved from EPEL to the "RHEL Server Optional Channel". Verify this repository is enabled before installing salt on RHEL6.

2.2.7.2.1. Enabling EPEL on RHEL¶

If EPEL is not enabled on your system, you can use the following commands to enable it.

For RHEL 5:

rpm -Uvh http://mirror.pnl.gov/epel/5/i386/epel-release-5-4.noarch.rpm

For RHEL 6:

rpm -Uvh http://ftp.linux.ncsu.edu/pub/epel/6/i386/epel-release-6-8.noarch.rpm

2.2.7.2.2. Installing Stable Release¶

Salt is packaged separately for the minion and the master. It is necessary only to install the appropriate package for the role the machine will play. Typically, there will be one master and multiple minions.

On the salt-master, run this:

yum install salt-master

On each salt-minion, run this:

yum install salt-minion

2.2.7.2.3. Installing from epel-testing¶

When a new Salt release is packaged, it is first admitted into the
epel-testing repository, before being moved to the stable repo.

To install from epel-testing, use the
enablerepo argument for yum:

yum --enablerepo=epel-testing install salt-minion

2.2.7.3. ZeroMQ 4¶

We recommend using ZeroMQ 4 where available. SaltStack provides ZeroMQ 4.0.4 and pyzmq 14.3.1 in a

COPR repository. Instructions for adding this repository (as well as for upgrading ZeroMQ and pyzmq on existing minions) can be found

here.

If this repo is added before Salt is installed, then installing either
salt-master or
salt-minion will automatically pull in ZeroMQ 4.0.4, and additional states to upgrade ZeroMQ and pyzmq are unnecessary.

2.2.7.4. Package Management¶

Salt's interface to
yum makes heavy use of the
repoquery utility, from the
yum-utils package. This package will be installed as a dependency if salt is installed via EPEL. However, if salt has been installed using pip, or a host is being managed using salt-ssh, then as of version 2014.7.0

yum-utils will be installed automatically to satisfy this dependency.

2.2.7.5. Post-installation tasks¶

Master

To have the Master start automatically at boot time:

chkconfig salt-master on

To start the Master:

service salt-master start

Minion

To have the Minion start automatically at boot time:

chkconfig salt-minion on

To start the Minion:

service salt-minion start

Now go to the
Configuring Salt page.

22.7. Configuring Salt¶

Salt configuration is very simple. The default configuration for the
master will work for most installations and the only requirement for setting up a

minion is to set the location of the master in the minion configuration file.

The configuration files will be installed to
/etc/salt and are named after the respective components,
/etc/salt/master and
/etc/salt/minion.

22.7.1. Master Configuration¶

By default the Salt master listens on ports 4505 and 4506 on all interfaces (0.0.0.0). To bind Salt to a specific IP, redefine the "interface" directive in the master configuration file, typically
/etc/salt/master, as follows:

- #interface: 0.0.0.0
+ interface: 10.0.0.1

After updating the configuration file, restart the Salt master. See the
master configuration reference for more details about other configurable options.

22.7.2. Minion Configuration¶

Although there are many Salt Minion configuration options, configuring a Salt Minion is very simple. By default a Salt Minion will try to connect to the DNS name "salt"; if the Minion is able to resolve that name correctly, no configuration is needed.

If the DNS name "salt" does not resolve to point to the correct location of the Master, redefine the "master" directive in the minion configuration file, typically
/etc/salt/minion, as follows:

- #master: salt
+ master: 10.0.0.1

After updating the configuration file, restart the Salt minion. See the
minion configuration reference for more details about other configurable options.

22.7.3. Running Salt¶

Start the master in the foreground (to daemonize the process, pass the

-d flag):

salt-master

Start the minion in the foreground (to daemonize the process, pass the

-d flag):

salt-minion

Having trouble?
The simplest way to troubleshoot Salt is to run the master and minion in the foreground with

log level set to
debug:

salt-master --log-level=debug

For information on salt's logging system please see the
logging document.

Run as an unprivileged (non-root) user
To run Salt as another user, set the
user parameter in the master config file.

Additionally, ownership and permissions need to be set such that the desired user can read from and write to the following directories (and their subdirectories, where applicable):

/etc/salt
/var/cache/salt
/var/log/salt
/var/run/salt

More information about running salt as a non-privileged user can be found

here.

There is also a full
troubleshooting guide available.

22.7.4. Key Management¶

Salt uses AES encryption for all communication between the Master and the Minion. This ensures that the commands sent to the Minions cannot be tampered with, and that communication between Master and Minion is authenticated through trusted, accepted keys.

Before commands can be sent to a Minion, its key must be accepted on the Master. Run the
salt-key command to list the keys known to the Salt Master:

[root@master ~]# salt-key -L
Unaccepted Keys:
alpha
bravo
charlie
delta
Accepted Keys:

This example shows that the Salt Master is aware of four Minions, but none of the keys has been accepted. To accept the keys and allow the Minions to be controlled by the Master, again use the
salt-key command:

[root@master ~]# salt-key -A
[root@master ~]# salt-key -L
Unaccepted Keys:
Accepted Keys:
alpha
bravo
charlie
delta

The salt-key command allows for signing keys individually or in bulk. The example above, using
-A bulk-accepts all pending keys. To accept keys individually use the lowercase of the same option,
-a keyname.

See also
salt-key manpage

22.7.5. Sending Commands¶

Communication between the Master and a Minion may be verified by running the
test.ping command:

[root@master ~]# salt alpha test.ping
alpha:
True

Communication between the Master and all Minions may be tested in a similar way:

[root@master ~]# salt '*' test.ping
alpha:
True
bravo:
True
charlie:
True
delta:
True

Each of the Minions should send a True response as shown above.

22.7.6. What's Next?¶

Understanding
targeting is important. From there, depending on the way you wish to use Salt, you should also proceed to learn about

States and
Execution Modules.