Use Salt on CentOS 8 – A Quick, No‑Nonsense Guide
CentOS 8 still runs a decent number of servers, and if you’re into the DIY spirit, Salt is one of the easiest ways to make them behave. In this short walk‑through you’ll see how to get the master/minion pair up and running, test it, and deploy your first state file.
Why Salt? When It Makes Sense
If you’ve ever had a fleet of VMs that need the same package version or a config tweak that has to be applied everywhere, you’ll feel the urge for something better than “ssh‑copy‑script‑here.” Salt gives you a clean command line and declarative states—so once you write it, it will keep your boxes in sync. I’ve seen folks hit this after a bad driver update on their test cluster; a single state file rolled back the whole mess.
Installing Salt from EPEL
1. Enable the EPEL repo
sudo dnf install -y epel-release
The base CentOS repos don’t ship Salt, and EPEL keeps it up‑to‑date for 8.x.
2. Install the master package first
sudo dnf install -y salt-master
The master is the brain; without it you can’t push anything to minions.
3. Pull in the minion package on each target node
sudo dnf install -y salt-minion
If you skip this, the node will happily sit idle waiting for a master address that never comes.
Configuring Master and Minion
Salt Master Settings
Open /etc/salt/master in your favorite editor:
# Default port is fine, just expose it if you’re behind NAT. interface: 0.0.0.0 open_mode: False
Setting open_mode to False forces authentication—great for security and a good habit.
Salt Minion Settings
On the minion node edit /etc/salt/minion:
master: <MASTER_IP_OR_FQDN> minion_id: my-centos8-node
Explicitly naming your minion helps when you have dozens of machines; you can refer to it by ID instead of IP.
After editing, restart both services:
sudo systemctl restart salt-master sudo systemctl restart salt-minion
Testing the Connection
Run on the master:
salt-key -L
You should see your minion listed as “unaccepted.” Accept it with:
sudo salt-key -A
Then test a basic command:
salt my-centos8-node test.ping
If you get True, congratulations—you’ve got communication working. If not, check firewall rules (firewall-cmd --add-service=salt-minion --permanent) and SELinux status.
Deploying Your First State File
Create /srv/salt/hello_world.sls on the master:
install_hello:
pkg.installed:
- name: hello
The pkg.installed state guarantees the package is present; Salt will only act if it isn’t.
Apply it to your minion:
salt my-centos8-node state.apply hello_world
Verify with:
salt my-centos8-node cmd.run "which hello"
You should see /usr/bin/hello. If something went wrong, run salt --log-level=debug for more detail.
Common Gotchas on CentOS 8
- SELinux blocks Salt by default – set selinux: enforcing to permissive or add a policy if you’re stuck.
- Firewall misconfigurations – remember that the Salt master listens on port 4505/4506; open them in firewalld.
- Package name mismatches – CentOS 8’s repo names differ from RHEL 7. Double‑check with dnf list available | grep hello.
Wrap‑up
That’s all you need to get Salt working on a CentOS 8 system and push your first configuration change. Now you can start writing more complex states, orchestrate multi‑node deployments, or just keep your machines tidy without manual SSH sessions.
Enjoy your new Salt setup, and remember: the real power comes from automating what you’d otherwise repeat by hand.
