{"id":610,"date":"2021-02-08T09:52:38","date_gmt":"2021-02-08T08:52:38","guid":{"rendered":"https:\/\/nine30.info\/?p=610"},"modified":"2021-02-08T09:52:38","modified_gmt":"2021-02-08T08:52:38","slug":"vra-saltstack-config-install","status":"publish","type":"post","link":"https:\/\/nine30.nxt70.com\/index.php\/2021\/02\/08\/vra-saltstack-config-install\/","title":{"rendered":"vRA SaltStack Config &#8211; Install"},"content":{"rendered":"\n<p>There are two main vRA SaltStack Config installation scenarios: single-node installation and multi-node installation, for more info about installation scenarios, architecture and requirements refer to my previous <a rel=\"noreferrer noopener\" href=\"https:\/\/nine30.info\/vra-config-aka-saltstack-architecture\/\" target=\"_blank\">post<\/a> about vRA SaltStack Config Architecture. For my lab I pick the single-node installation scenario and this post guides you through this scenario step by step. Hereafter there is the installation process overview I&#8217;ll go through, it looks more complicated than actually is:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Salt Pre-Install<\/li><li>Salt Install<\/li><li>Salt Post-Install<\/li><li>vRA SaltStack Config Pre-Install<\/li><li>vRA SaltStack Config Install<\/li><li>vRA SaltStack Config Post-Install<\/li><\/ul>\n\n\n\n<p>Before we get started it is worth to mention two important notes:<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>You might have noted that the install procedure above covers both Salt and vRA SaltStack Config, actually VMware as the time of writing this post provides a single installer script that can installs both Salt and vRA SaltStack Config, but it can also install vRA SaltStack Config only.<strong> Installing Salt beforehand is a best practice and is strongly recommended as it simplifies and streamlines the process of updating to future versions of Salt<\/strong>.<\/li><li>VMware will provide the ability to install vRA SaltStack Config through vRealize Suite Lifecycle Manager 8.3 (initially single-node only).<\/li><\/ol>\n\n\n\n<h2 class=\"wp-block-heading\">Salt Pre-Install<\/h2>\n\n\n\n<p>I have a Centos 7 fresh install in a VM with static IP and I have access as <em>root<\/em> user, if you do not have root user access you need a sudoer user. OK, let&#8217;s get started updating the OS, you don&#8217;t have to restart the server unless you are getting a message (from yum) that explicitly encourages you to do so or if kernel was updated.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># yum clean all\n# yum update<\/code><\/pre>\n\n\n\n<p>Configure OS enabling kernel handling of memory. You can either edit \/etc\/sysctl.conf with your editor of choice (see my screenshot below) or append the required setting using echo as in the snipped below.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># echo \"vm.overcommit_memory=1\" &gt;&gt; \/etc\/sysctl.conf\n# sysctl -p<\/code><\/pre>\n\n\n\n<p>Your output should be like the following picture (I will not put a screenshot for every configuration as it would be a bit redundant).<\/p>\n\n\n\n<figure class=\"wp-block-gallery has-nested-images columns-default is-cropped wp-block-gallery-1 is-layout-flex wp-block-gallery-is-layout-flex\">\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" data-id=\"611\" src=\"https:\/\/nine30.info\/wp-content\/uploads\/2021\/01\/2.pre-sysctl.png\" alt=\"\" class=\"wp-image-611\"\/><\/figure>\n<\/figure>\n\n\n\n<p>Configure transparent huge page.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># echo never &gt; \/sys\/kernel\/mm\/transparent_hugepage\/enabled\n# cat &lt;&lt;EOF &gt;&gt; \/etc\/rc.local\necho never &gt; \/sys\/kernel\/mm\/transparent_hugepage\/enabled\nEOF<\/code><\/pre>\n\n\n\n<p>Unset proxy environment variables, unless you need to use proxy.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># unset http_proxy\n# unset https_proxy<\/code><\/pre>\n\n\n\n<p>Install required tools and packages.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># yum install -y unzip jq epel-release<\/code><\/pre>\n\n\n\n<p>Configure firewalld. Of course you can also turn it off in a lab env, but Salt\/vRA SaltStack Config is designed to work in secured envs and it just requires few ports open &#8230; so why not keep firewall protecting your system?<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># firewall-cmd --permanent --add-port=443\/tcp\n# firewall-cmd --permanent --add-port=4505-4506\/tcp\n# firewall-cmd --reload<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">Salt Install<\/h2>\n\n\n\n<p>Set an environment variable with the Salt version you want to install (in my case 3001.3) and import the Salt repo. <\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># SALT_OS_VERSION=3001.3\n# rpm --import https:\/\/repo.saltstack.com\/py3\/redhat\/7\/x86_64\/archive\/${SALT_OS_VERSION}\/SALTSTACK-GPG-KEY.pub<\/code><\/pre>\n\n\n\n<p>Create the Salt repo file.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># cat &lt;&lt;EOF &gt;&gt; \/etc\/yum.repos.d\/salt-repo-$SALT_OS_VERSION.repo\n&#91;saltstack-repo-${SALT_OS_VERSION}]\nname=SaltStack repo for RHEL\/CentOS \\$releasever PY3\nbaseurl=https:\/\/repo.saltstack.com\/py3\/redhat\/\\$releasever\/\\$basearch\/archive\/${SALT_OS_VERSION}\nenabled=1\ngpgcheck=1\ngpgkey=https:\/\/repo.saltstack.com\/py3\/redhat\/\\$releasever\/\\$basearch\/archive\/${SALT_OS_VERSION}\/SALTSTACK-GPG-KEY.pub\nEOF <\/code><\/pre>\n\n\n\n<p>Install Salt components required for vRA SaltStack Config. Hereafter I am doing things a bit automated (hey, at the end of the day I am an automation guy!), but you can install components one by one manually there is nothing wrong with that (In the screenshot below you can see the full product name made up by name-version to be used with yum install command).<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># yum clean expire-cache\n# PRODUCTS=\"salt-master salt-minion salt-cloud salt-api salt-ssh\"\n\n# INST=\"\"; \n# for product in $PRODUCTS; do INST=\"$INST ${product}-${SALT_OS_VERSION}\"; done\n# echo $INST\n# yum install -y $INST<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-gallery has-nested-images columns-default is-cropped wp-block-gallery-2 is-layout-flex wp-block-gallery-is-layout-flex\">\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" data-id=\"612\" src=\"https:\/\/nine30.info\/wp-content\/uploads\/2021\/01\/11.install-sso-yum.png\" alt=\"\" class=\"wp-image-612\"\/><\/figure>\n<\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Salt Post-Install<\/h2>\n\n\n\n<p>First thing to do after installing Salt is apply some basic Salt configuration. Make sure to change the second command replacing &#8220;saltstack&#8221; with the hostname of your server, what you place in the \/etc\/salt\/minion_id file is the ID of the Minion as it will be seen from the Master and ultimately in vRA SaltStack Config. <\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># echo \"master: 127.0.0.1\" &gt; \/etc\/salt\/minion.d\/master.conf\n# echo \"saltstack\" &gt; \/etc\/salt\/minion_id\n# echo \"timeout: 60\" &gt; \/etc\/salt\/master.d\/timeout.conf<\/code><\/pre>\n\n\n\n<p>Start the Master and Minion services (yes, we have both Salt Master and Minion components running on the server hosting the vRA SaltStack Config).<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># systemctl enable salt-master --now\n# systemctl enable salt-minion --now<\/code><\/pre>\n\n\n\n<p>Look for the Minion key to show up (it can take a couple of minutes) and then accept the key of your first Minion (that is the Master it self). Make sure to change the second command replacing &#8220;saltstack&#8221; with the hostname of your server (or whatever you placed in the \/etc\/salt\/minion_id file).<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># salt-key -L\n# salt-key \u2013a saltstack \u2013y<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-gallery has-nested-images columns-default is-cropped wp-block-gallery-3 is-layout-flex wp-block-gallery-is-layout-flex\">\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" data-id=\"614\" src=\"https:\/\/nine30.info\/wp-content\/uploads\/2021\/01\/13.post-sso-accept-key.png\" alt=\"\" class=\"wp-image-614\"\/><\/figure>\n<\/figure>\n\n\n\n<p>This completes Salt installation and its initial basic configuration. This provides you with a fully operative open source Salt deployment. On top of this we are going to install vRA SaltStack Config.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">vRA SaltStack Config Pre-Install<\/h2>\n\n\n\n<p>Verify that these dependencies are installed on the systems:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># yum list installed | grep openssl\n# yum list installed | grep epel-release\n# yum list installed | grep python36-cryptography\n# yum list installed | grep python36-pyOpenSSL<\/code><\/pre>\n\n\n\n<p>If any of the dependencies above is not present, install the missing dependency(ies) accordingly with the following:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># yum install openssl\n# yum install epel-release \u2013y\n# yum install python36-cryptography\n# yum install python36-pyOpenSSL<\/code><\/pre>\n\n\n\n<p>Download the vRA SaltStack Config Automated Installer, place it in the \/tmp directory and unpack it. From this URL <a href=\"https:\/\/enterprise.saltstack.com\/en\/latest\/docs\/downloads.html\">https:\/\/enterprise.saltstack.com\/en\/latest\/docs\/downloads.html<\/a> you can downlaod either SaltStack_Enterprise-6.4.0+3_Installer.tar.gz or SaltStack_Enterprise-6.4.0+3_Installer.zip, this is up to you.<\/p>\n\n\n\n<p>If you downloaded the .tar.gz file do the followings:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># cd \/tmp\n# tar \u2013xvf SaltStack_Enterprise-6.4.0+3_Installer.tar.gz<\/code><\/pre>\n\n\n\n<p>If you downloaded the .zip file do the followings:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># cd \/tmp\n# unzip SaltStack_Enterprise-6.4.0+3_Installer.zip<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">vRA SaltStack Config Install<\/h2>\n\n\n\n<p>vRA SaltStack Config is actually installed using open source Salt \ud83d\ude42<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># salt-call --local --file-root=\/tmp\/sse-installer\/salt state.sls sse -l info<\/code><\/pre>\n\n\n\n<p>In my case the procedure completed with the error reported below:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>Summary for local\n-------------\nSucceeded: 37 (changed=34)\nFailed:     1<\/code><\/pre>\n\n\n\n<p>Scrolling up the terminal I found the error details as reported below, this is a glitch of the installer and if you are experiencing the same error you can ignore it.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>---------- \n      ID: install_xmlsec\nFunction: pkg.installed\n  Result: False\n Comment: Error occurred installing package(s). Additional info follows:\n\n  errors:\n    - Running scope as unit run-10415.scope.\n      Error: Package: 1:openssl-1.0.2k-19.el7.x86_64 (\/openssl-1.0.2k-19.el7.x86_64)\n        Requires: openssl-libs(x86-64) = 1:1.0.2k-19.el7\n        Installed: 1:openssl-libs-1.0.2k-21.el7_9.x86_64 (@updates)\n            openssl-libs(x86-64) = 1:1.0.2k-21.el7_9\n        Available: 1:openssl-libs-1.0.2k-19.el7.x86_64 (base)\n            openssl-libs(x86-64) = 1:1.0.2k-19.el7<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">vRA SaltStack Config Post-Install<\/h2>\n\n\n\n<p>Add the License Key (the file named raas.license VMware provided to you) to \/etc\/raas folder on the system where you are installing vRA SaltStack config, then change owner and access permissions. If you do not have a License Key, you can leverage the 14 days trial that comes with the installer. If it is the case you can jump to the access the vRA SaltStack Config user interface.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># sudo chown raas:raas \/etc\/raas\/raas.license\n# sudo chmod 400 \/etc\/raas\/raas.license<\/code><\/pre>\n\n\n\n<p>Restart the raas service:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># systemctl restart raas<\/code><\/pre>\n\n\n\n<p>You are now ready to access vRA SaltStack Config user interface, using either Google Chrome or Mozilla Firefox browse to https:\/\/saltstack (be sure to replace saltstack with the IP or the FQDN of the system where you installed vRA SaltStack Config). Default account is username <em>root<\/em> and password <em>salt<\/em>.<\/p>\n\n\n\n<figure class=\"wp-block-gallery has-nested-images columns-default is-cropped wp-block-gallery-4 is-layout-flex wp-block-gallery-is-layout-flex\">\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" data-id=\"616\" src=\"https:\/\/nine30.info\/wp-content\/uploads\/2021\/01\/14.post-sse-login.png\" alt=\"\" class=\"wp-image-616\"\/><\/figure>\n<\/figure>\n\n\n\n<p>Once in the system as first step you have to add the Salt Master as the first vRA SaltStack Config Minion. You can either click on the link that appears in the warning in the upper part of the user interface or browse to Master Keys &gt; Pending. Once there select the Master and that click &#8220;Accept Key&#8221; button.<\/p>\n\n\n\n<figure class=\"wp-block-gallery has-nested-images columns-default is-cropped wp-block-gallery-5 is-layout-flex wp-block-gallery-is-layout-flex\">\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" data-id=\"617\" src=\"https:\/\/nine30.info\/wp-content\/uploads\/2021\/01\/15.post-sse-accept-key.png\" alt=\"\" class=\"wp-image-617\"\/><\/figure>\n<\/figure>\n\n\n\n<p>Change the default password for the <em>root<\/em> user. In the upper right corner of the user interface, click on the three dots icon and than you can select Settings, this brings you to the page to change password for your current user. <\/p>\n\n\n\n<figure class=\"wp-block-gallery has-nested-images columns-default is-cropped wp-block-gallery-6 is-layout-flex wp-block-gallery-is-layout-flex\">\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" data-id=\"618\" src=\"https:\/\/nine30.info\/wp-content\/uploads\/2021\/01\/16.post-sse-change-pwd.png\" alt=\"\" class=\"wp-image-618\"\/><\/figure>\n<\/figure>\n\n\n\n<p>We have now a fully working vRA SaltStack Config and in the next posts we will start playing with it by adding and configuring Minions.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>There are two main vRA SaltStack Config installation scenarios: single-node installation and multi-node installation, for more info about installation scenarios, architecture and requirements refer to my previous post about vRA SaltStack Config Architecture. For my lab I pick the single-node installation scenario and this post guides you through this scenario step by step. Hereafter there&hellip; <a class=\"more-link\" href=\"https:\/\/nine30.nxt70.com\/index.php\/2021\/02\/08\/vra-saltstack-config-install\/\">Continue reading <span class=\"screen-reader-text\">vRA SaltStack Config &#8211; Install<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":589,"comment_status":"open","ping_status":"open","sticky":false,"template":"templates\/template-cover.php","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[4],"tags":[23,40,41,53,54,88,92,99,122,126,143,145,157,178,185,186],"class_list":["post-610","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-tech","tag-automation","tag-configuration","tag-configurationmanagement","tag-deployment","tag-design","tag-iac","tag-install","tag-linux","tag-opensource","tag-oss","tag-salt","tag-saltstack","tag-software","tag-vmware","tag-vrealize","tag-vrealizeautomation","entry"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/nine30.nxt70.com\/index.php\/wp-json\/wp\/v2\/posts\/610","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nine30.nxt70.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nine30.nxt70.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nine30.nxt70.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nine30.nxt70.com\/index.php\/wp-json\/wp\/v2\/comments?post=610"}],"version-history":[{"count":0,"href":"https:\/\/nine30.nxt70.com\/index.php\/wp-json\/wp\/v2\/posts\/610\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nine30.nxt70.com\/index.php\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/nine30.nxt70.com\/index.php\/wp-json\/wp\/v2\/media?parent=610"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nine30.nxt70.com\/index.php\/wp-json\/wp\/v2\/categories?post=610"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nine30.nxt70.com\/index.php\/wp-json\/wp\/v2\/tags?post=610"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}