You must install Salt on your infrastructure, which consists of installing the Salt master and Salt minion services.

At a bare minimum, Salt and its dependencies must be installed on the nodes that are involved in a standard Automation Config installation scenario.

You are strongly encouraged to install Salt beforehand on any infrastructure that you plan to manage with Automation Config. Installing Salt simplifies and streamlines the process of updating to future versions of Salt. Before you begin your Automation Config installation, consider installing Salt on your infrastructure and then monitoring it for a period of time to ensure it is stable and running as expected.

Consult these guides to ensure your environment is following best practices when implementing Salt in your infrastructure:

In order to prepare your machines for a standard installation of Automation Config, you need to install or upgrade Salt and Python. Salt and Python need to be present and updated on all nodes that are involved in the installation. The installation fails if Salt and the installer’s dependencies are not installed on your nodes.

Beginning with the release of Salt 3006, the Salt Project uses the onedir packaging system. Onedir stands for "one directory" as it contains all the executables that Salt needs, including Python and other Salt dependencies. Onedir allows you to use Salt out of the box.
Attention: The Salt Project strongly recommends upgrading to onedir to continue receiving Salt version updates. As of Salt version 3006, only onedir packages will be available for upgrades. For more information on Salt versions and onedir, see KB 89728.
Note: The use of the Salt Crystal installer package has been retired, for future installations it is recommended to use the onedir installer package.

Required:For brownfield/upgrade deployments, starting with Salt 3006, the Salt Master is configured to run as user "salt" instead of the traditional "root user". As a result, this can cause permission errors with RaaS related workflows, such as minion deployment and RaaS Master plugin upgrades.

To remedy this, modify the /etc/salt/master.d/raas.conf file to change the user to root: user: root.

Install Salt on the Salt master(s)

In a standard installation, you need to install both the Salt master service and the minion service on the Salt master host.

These instructions install the latest Salt release on Redhat/Centos 7 PY3. If your machine is running a different operating system or version of Python, the script will not work. For information about installing Salt on other operating systems or Python versions, see the Salt Install Guide.
Note: Centos 7, by default, blocks connections to the Salt master. You must create firewall rules to allow connectivity:
  • firewall-cmd --permanent --zone=public --add-port=4505-4506/tcp
  • firewall-cmd --reload
For more information, see Opening the Firewall up for Salt.
  1. Install the Salt project repository and key:
    sudo yum install https://repo.saltstack.com/py3/redhat/salt-py3-repo-latest.el7.noarch.rpm
  2. Clear the cache:
    sudo yum clean expire-cache
  3. Install the Salt master service and the minion service on the Salt master node:
    sudo yum install salt-master
sudo yum install salt-minion
  4. Create a master.conf file in the /etc/salt/minion.d directory. In this file, set the Salt master’s IP address to point to itself:
    master: localhost
  5. Start the Salt master service and minion service:
    sudo systemctl start salt-master
sudo systemctl enable salt-minion
sudo systemctl start salt-minion

    Use service salt-minion restart to restart the minions if needed.

Install Salt on the Salt minions

After installing Salt on the Salt master as described in the previous section, the next step is to install the minion service (not the master service) on the three nodes that will become the RaaS, a Redis database, and a PostgreSQL database.

Then, you need to configure the minions to communicate with the Salt master. For more detailed information about installing the minion service, see Minion Configuration in the Salt documentation.

To install the minion service:

  1. Install only the minion service by running the following command:
    sudo yum install salt-minion
  2. Answer y to all prompts to accept all changes.
  3. Configure each minion to communicate with the Salt master by creating a master.conf file in the /etc/salt/minion.d directory. In this file, provide the Salt master’s IP address. For example:
    master: 192.0.2.1
  4. Start the minion service:
    sudo systemctl enable salt-minion
sudo systemctl start salt-minion

    Use service salt-minion restart to restart the minions if needed.

  5. Repeat the previous steps for all remaining nodes.

Alternative: You can also enable Salt Minions using VMware Tools. For more information, see Enable Salt Minon Using VMware Tools.

Accept the minion keys on the master(s)

At this point, you have installed the Salt master service and minion service, and you have provided your minions with the Salt master’s IP address. Now, in order for the Salt master to send commands to the minions, the next step to accept the minion keys on the Salt master.

Before proceeding:

  • Ensure the Salt master service is enabled and started.
  • Ensure the minion is enabled and started on all the nodes.

To accept the keys:

  1. In the Salt master’s terminal, list all the keys that are on Salt master:
    salt-key -L
  2. Check that all the minion IDs are listed in Unacceptedkeys.

    If the minion IDs appear in Acceptedkeys, no further action is needed as this is the end goal.

  3. Accept each minion ID using the following command, replacing the <your-minion-id> with the ID from your network:
    salt-key -a <your-minion-ID>

    Running salt-key -A accepts all keys.

  4. Answer y to all prompts.
  5. Run the salt-key -L command a second time to confirm all minions appear in Acceptedkeys.

Installing Salt in an air-gapped system

The inability to update Salt regularly over the Internet could become problematic for your network unless your network is air-gapped. For that reason, it is strongly recommended that you install Salt using the onedir package beforehand.

Be aware that there are trade-offs of installing Salt on your infrastructure in an air-gapped system.