Saltstack install

From wikinotes

General

Installation Type

Salt has very flexible installation options. Before you install, you should decide how you'd like to use salt.

  • salt-master/salt-minion:
    • salt-master: hosted on central server. keeps the statefiles, pillar, and manages encryption/decryption of pillar.
    • salt-minion: hosted on each salt-managed server. Receives/Applies instructions from salt-master.
  • serverless
    • states/pillar stored locally, and states are applied with argument --local.

Installer Options

If you are installing on a unix system, you can install salt either by using the version of salt in your distrobution's package repository or using salt's bootstrap script.

Bootstrap script Install

curl -L https://bootstrap.saltstack.com -o /tmp/install_salt.sh
sudo sh /tmp/install_salt.sh -M
rm      /tmp/install_salt.sh

platforms

FreeBSD

pkg instsall py37-salt

# if unable to master over localhost, likely a silent permissions issue
find /var/log/salt -exec chown salt:salt {} \;
find /usr/local/etc/salt -exec chown salt:salt {} \;

Archlinux

WARNING:

issues with release 3007 missing requirements

sudo pacman -Sy --needed --noconfirm python-pip python-aiohttp python-cherrypy python-dateutil python-cryptography python-gnupg python-gnupginterface python-setproctitle python-pyopenssl

su
pip install --break-system-packages rpm-vercmp timelib


gross, I know.



sudo pacman -S salt

systemctl enable salt-master@service  # runs as user 'salt'
systemctl enable salt-minion@service  # runs as user 'root'

Windows

Diable UAC

Manual Install (best)

https://docs.saltproject.io/salt/install-guide/en/latest/topics/install-by-operating-system/windows.html#install-windows

Choco Install (lags)

choco install saltminion

MacOS

macports

sudo port install salt-minion
sudo port install py27-crypto
sudo port install py27-requests

# enable service
sudo port load salt-minion

brew

brew install saltstack

custom systemd

# /etc/systemd/system/virtualenv-salt-minion.service

[Unit]
Description=Salt-Minion

[Service]
KillMode=process
Type=notify
NotifyAccess=all
LimitNOFILE=8192
ExecStart=/root/services/saltstack/venv/bin/salt-minion

[Install]
WantedBy=multi-user.target

You'll also want to install symlinks for salt's various executables.

for exe in salt-api salt salt-api salt-call salt-cloud salt-cp salt-key salt-run salt-ssh salt-syncdic salt-unity; do
    (test -e /usr/bin/${exe} || test -L /usr/bin/${exe}) && sudo rm -rf /usr/bin/${exe}
    sudo ln -s /root/services/saltstack/venv/bin/${exe} /usr/bin/${exe}
done

Finally, enable

systemctl --system daemon-reload
systemctl enable virtualenv-salt-minion.service

Virtualenv

WARNING:

this was a bad idea. it fixed my python/pip issues, but all file.managed states broke due to decoding issues even despite the salt/python versions matching.

NOTE:

virtualenv could be used on it's own, but salt also has requirements on the python version that is used. It is safest to use pyenv to handle this requirement.

Saltstack is written in python, an interpreted language.
Most package managers do not isolate installed programs, leading to requirement conflicts.
There is value in installing saltstack into a virtualenv, so that your userland and saltstack do not conflict with each other.
Downsides include taking responsibility for updates. Please make certain to do so!

Base Install

NOTE:

Check classifiers to determine latest supported python version
https://github.com/saltstack/salt/blob/master/setup.py

NOTE:

It would be sensible to create a repo of pipenv managed services, then you could install the same one across multiple OS's

pacman -S python-pipenv                 # use your dist's pkg manager
sudo mkdir -p /root/services/saltstack
# /root/servics/saltstack/Pipfile

[[source]]
url = "https://pypi.org/simple"
verify_ssl = true
name = "pypi"

[packages]
virtualenv = "*"

[dev-packages]

[requires]
python_version = "3.9"
pipenv install
pipenv run virtualenv venv
venv/bin/pip install salt