Installing (and configuring) Saltstack (minion-mode) on Arch Linux

While this was a relatively easy install, the installation guide on saltstack’s documentation site seemed to be missing a few details.

Here is the full installation process that allowed me to install Saltstack on an Arch linux box.

Saltstack’s site does point out that you will need to download and compile python2-msgpack and python2-psutil, however a few other dependencies were not met:

1) Listed dependency a

1
2
3
4
me@whiteroom:/tmp$ wget https://aur.archlinux.org/packages/py/python2-msgpack/python2-msgpack.tar.gz
me@whiteroom:/tmp$ tar xf python2-msgpack.tar.gz
me@whiteroom:/tmp$ cd python2-msgpack
me@whiteroom:/tmp/python2-msgpack$ makepkg -is

2) Listed dependency b

1
2
3
4
me@whiteroom:/tmp$ wget https://aur.archlinux.org/packages/py/python2-psutil/python2-psutil.tar.gz
me@whiteroom:/tmp$ tar xf python2-psutil.tar.gz
me@whiteroom:/tmp$ cd python2-psutil
me@whiteroom:/tmp/python2-psutil$ makepkg -is

These are the only two dependencies listed however these alone cause the installation process to fail:

1
2
3
4
5
6
7
8
9
10
me@whiteroom:/tmp/salt$ makepkg -is
==> WARNING: Cannot find the sudo binary. Will use su to acquire root privileges.
==> Making package: salt 0.17.4-1 (Wed Dec 18 18:10:12 CST 2013)
==> Checking runtime dependencies...
==> Installing missing dependencies...
Password:
error: target not found: python2-ply
error: target not found: python2-cffi
error: target not found: python2-pycparser
==> ERROR: 'pacman' failed to install missing dependencies.

The packages python2-ply, python2-cffi and python2-pycparser are also needed. These can be found in the Arch User Repository (AUR):

Note: python2-cffi depends on python2-pycparser so the installation order should be as follows:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
me@whiteroom:/tmp$ wget https://aur.archlinux.org/packages/py/python2-ply/python2-ply.tar.gz
me@whiteroom:/tmp$ wget https://aur.archlinux.org/packages/py/python2-pycparser/python2-pycparser.tar.gz
me@whiteroom:/tmp$ wget https://aur.archlinux.org/packages/py/python2-cffi/python2-cffi.tar.gz

me@whiteroom:/tmp$ tar xf python2-cffi.tar.gz
me@whiteroom:/tmp$ tar xf python2-ply.tar.gz
me@whiteroom:/tmp$ tar xf python2-pycparser.tar.gz

me@whiteroom:/tmp$ cd python2-ply
me@whiteroom:/tmp/python2-ply$ makepkg -is

me@whiteroom:/tmp/python2-ply$ cd ../python2-pycparser
me@whiteroom:/tmp/python2-pycparser$ makepkg -is

me@whiteroom:/tmp/python2-pycparser$ cd ../python2-cffi
me@whiteroom:/tmp/python2-cffi$ makepkg -is

Note: If you encounter any issues installing python2-cffi it could be because the makefile is looking for headers in the wrong place:

1
2
3
4
5
6
7
...
gcc -pthread -DNDEBUG -march=i686 -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4 -march=i686 -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -fPIC -DUSE__THREAD -I/usr/include/ffi -I/usr/include/libffi -I/usr/include/python2.7 -c c/_cffi_backend.c -o build/temp.linux-i686-2.7/c/_cffi_backend.o
c/_cffi_backend.c:14:17: fatal error: ffi.h: No such file or directory
#include <ffi.h>
^
compilation terminated.
error: command 'gcc' failed with exit status 1

The above is fixed with a symlink to the correct location:

1
2
3
4
5
[root@whiteroom ~]# cd /usr/lib/libffi-3.0.13/include/
[root@whiteroom include]# ls
ffi.h ffitarget.h
[root@whiteroom ~]# ln -s /usr/lib/libffi-3.0.13/include/ffi.h /usr/include/ffi/
[root@whiteroom include]# ln -s /usr/lib/libffi-3.0.13/include/ffitarget.h /usr/include/ffi/

After those were installed, Salt can be installed without any further issues:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
me@whiteroom:/tmp$ wget https://aur.archlinux.org/packages/sa/salt/salt.tar.gz
me@whiteroom:/tmp$ tar xf salt.tar.gz
me@whiteroom:/tmp$ cd salt
me@whiteroom:/tmp/salt$ makepkg -is
==> WARNING: Cannot find the sudo binary. Will use su to acquire root privileges.
==> Making package: salt 0.17.4-1 (Wed Dec 18 18:35:58 CST 2013)
==> Checking runtime dependencies...
==> Installing missing dependencies...
Password:
resolving dependencies...
looking for inter-conflicts...

Packages (10): libyaml-0.1.4-3 python2-markupsafe-0.18-2 zeromq-4.0.3-1 libsodium-0.4.5-2 python2-crypto-2.6.1-1 python2-jinja-2.7.1-2
python2-m2crypto-0.21.1-2 python2-pyzmq-14.0.1-1 python2-yaml-3.10-3 sshpass-1.05-1

Total Download Size: 1.86 MiB
Total Installed Size: 11.18 MiB

:: Proceed with installation? [Y/n] yes
...
..
.
..
...
creating /tmp/salt/pkg/salt/usr/share
creating /tmp/salt/pkg/salt/usr/share/man
creating /tmp/salt/pkg/salt/usr/share/man/man1
copying doc/man/salt-master.1 -> /tmp/salt/pkg/salt/usr/share/man/man1
copying doc/man/salt-key.1 -> /tmp/salt/pkg/salt/usr/share/man/man1
copying doc/man/salt.1 -> /tmp/salt/pkg/salt/usr/share/man/man1
copying doc/man/salt-cp.1 -> /tmp/salt/pkg/salt/usr/share/man/man1
copying doc/man/salt-call.1 -> /tmp/salt/pkg/salt/usr/share/man/man1
copying doc/man/salt-syndic.1 -> /tmp/salt/pkg/salt/usr/share/man/man1
copying doc/man/salt-run.1 -> /tmp/salt/pkg/salt/usr/share/man/man1
copying doc/man/salt-ssh.1 -> /tmp/salt/pkg/salt/usr/share/man/man1
copying doc/man/salt-minion.1 -> /tmp/salt/pkg/salt/usr/share/man/man1
creating /tmp/salt/pkg/salt/usr/share/man/man7
copying doc/man/salt.7 -> /tmp/salt/pkg/salt/usr/share/man/man7
running install_egg_info
Writing /tmp/salt/pkg/salt/usr/lib/python2.7/site-packages/salt-0.17.4-py2.7.egg-info
==> Tidying install...
-> Purging unwanted files...
-> Removing libtool files...
-> Removing static library files...
-> Compressing man and info pages...
-> Stripping unneeded symbols from binaries and libraries...
==> Creating package "salt"...
-> Generating .PKGINFO file...
-> Generating .MTREE file...
-> Compressing package...
==> Leaving fakeroot environment.
==> Finished making: salt 0.17.4-1 (Wed Dec 18 18:36:43 CST 2013)
==> Installing package salt with pacman -U...
Password:
loading packages...
resolving dependencies...
looking for inter-conflicts...

Packages (1): salt-0.17.4-1

Total Installed Size: 10.25 MiB

:: Proceed with installation? [Y/n] yes
(1/1) checking keys in keyring [###################################################] 100%
(1/1) checking package integrity [###################################################] 100%
(1/1) loading package files [###################################################] 100%
(1/1) checking for file conflicts [###################################################] 100%
(1/1) checking available disk space [###################################################] 100%
(1/1) installing salt

Once that is installed, enable the minion service via:

1
systemctl enable salt-minion.service

I have another server setup to be the salt-master, this is reflected in the salt-minion configuration (/etc/salt/minion):

1
2
3
# Set the location of the salt master server, if the master server cannot be
# resolved, then the minion will fail to start.
master: irene

Don’t forget to give your minion an ID:

1
2
3
4
5
6
# Explicitly declare the id for this minion to use, if left commented the id
# will be the hostname as returned by the python call: socket.getfqdn()
# Since salt uses detached ids it is possible to run multiple minions on the
# same machine but with different ids, this can be useful for salt compute
# clusters.
id: whiteroom

Now the salt-minion service can be started:

1
[root@whiteroom ~]# systemctl start salt-minion.service

On the salt-master server, you will have to accept the new minion’s key.

1
2
3
4
5
6
7
8
9
10
11
12
root@irene:~# salt-key -L
Accepted Keys:
irene
Unaccepted Keys:
whiteroom
Rejected Keys:
root@irene:~# salt-key -a whiteroom
The following keys are going to be accepted:
Unaccepted Keys:
whiteroom
Proceed? [n/Y] Y
Key for minion whiteroom accepted.

Now for a test run:

1
2
3
4
5
root@irene:~# salt '*' test.ping
whiteroom:
True
irene:
True

This was one of the main selling points in Saltstack’s favor over the other widely used provisioning and configuration manager Puppet: the ability to execute remote commands. Puppet did not seem to offer and easy way of doing this without involving extra scripts or the use of ssh (see post). However with Saltstack, it’s pretty easy:

1
2
3
4
5
root@irene:~# salt '*' cmd.run "uptime"
irene:
18:49:14 up 6 days, 1:59, 1 user, load average: 0.00, 0.03, 0.05
whiteroom:
18:48:48 up 21:47, 4 users, load average: 0.39, 0.20, 0.14

Also, I’ve noted that different versions of Puppet do not play well with each other. This can be a problem especially when your Puppet master server is on a Debian box (currently using ‘stable Puppet’) and some of your other machines (Arch boxen) are running (the stable but more so bleeding edge version of) Puppet and thus they don’t like speaking to each other. To fix this, you would have to make sure all your boxen are running the same OS and version, which should ensure they are all running the same Puppet version or, you can resort to manually compiling and installing the same Puppet version across different platforms. Saltstack seems to take care of this issue (the two machines above are running different versions of Linux and Saltstack):

1
2
3
4
5
6
7
8
9
root@irene:~# salt '*' cmd.run "cat /etc/issue && salt --version"
irene:
Debian GNU/Linux 7 \n \l

salt 0.17.2
whiteroom:
Arch Linux \r (\l)

salt 0.17.4

It should be noted that Saltstack (like Puppet) can handle the management of configuration file and packages across different systems, however that is not within the scope of this captain’s log, … maybe next time.