How to install and run Salt from @SaltStack in my hacking rig. @VMware @thehackscast @thatch45 #saltconf @DjJimmyChunga #hacker #automation

Hi again! Today we are gonna take a look at Salt from Saltstack. On Sunday I was walking the dog and was listening to the podcast thehacks. I got very inspired by the podcast and wanted to really try this. I have never seen this product before. I have done some other tests in my setup, Ansible for example. Please read previous post about other cool test. And as a VMware guy, I was happy to hear that VMware and SaltStack are one now (or very soon). I am also gonna attend saltcon this year, from the podcast i think this is worth spending a evening on!
Podcast: https://www.saltstack.com/the-hacks/?utm_source=thehacks.io

And Tom you are funny!

Let’s begin!

As I understand we work with one or more master server called Salt-Master. The client in my case the other servers are called Salt-Minions. I am gonna try to document the installation that I have done!

As always we start with a picture:

We start of with a new installation of Ubuntu 20.04. The server name for this is salt.

Short version:
1. Install / Configure Salt-Master
2. Install / Configure Salt-Minion’s
4.Run fun commands on Salt-Master

Long version:

Add key for the repo

wget -O - https://repo.saltstack.com/py3/ubuntu/20.04/amd64/latest/SALTSTACK-GPG-KEY.pub | sudo apt-key add -

Add the repo

echo "deb http://repo.saltstack.com/py3/ubuntu/20.04/amd64/latest focal main" | sudo tee -a /etc/apt/sources.list.d/saltstack.list

Then we upgrade the apt database and start the installation

apt-get update
apt-get install salt-master salt-minion salt-ssh salt-syndic salt-cloud salt-api

We need to do some configuration on the salt-master. Add the ipaddress of the salt-master to bind to.
vim /etc/salt/master

master

Then we enable the service salt master and start the server!

systemctl enable salt-master.service
systemctl start salt-master.service

We can now see the keys of the server with the command:

salt-key --finger-all

Then we will install the salt-minions (the other servers in the rig)

wget -O - https://repo.saltstack.com/py3/ubuntu/20.04/amd64/latest/SALTSTACK-GPG-KEY.pub | sudo apt-key add - 

echo "deb http://repo.saltstack.com/py3/ubuntu/20.04/amd64/latest focal main" | sudo tee -a /etc/apt/sources.list.d/saltstack.list apt-

get update

apt-get install salt-minion

Then we need to configure the minions. We add the master to the config file. There are two values. master and master_finger
The master_finger key you find above.

vim /etc/salt/minion

Then we enable the minion as a service and start the client

systemctl enable salt-minion.service
systemctl start salt-minion.service

On the salt server we can now se that the keys ar not accepted yet!

salt-key --finger-all

If you know these client you can accept these with this command:

salt-key -a jump
salt-key -a kracken

We can now see that the client are accepted with

salt-key --finger-all

We now turn to our Windows 10 box

Download and install Salt client from there site: https://repo.saltstack.com/windows/

Now we have all our machines registered in Salt-Master

We can now control our minions.

How to see what version ins running. From the Salt server

salt '*' test.version

Finally we can start to have som fun. List files on windows machine from Salt-Master for example.

salt 'COMMANDO' cmd.run "dir C:\"

Time to learn everything else you can do with this.Time to study!

https://docs.saltstack.com/en/latest/topics/using_salt.html

I hope you found this useful to get started with Salt. I am totally new to Salt, but I must say. It is easy to install. Now I need to learn how to use it.

Have a nice day!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.