Salt Stack Enterprise Installation gotchas

New year.. new stack (get it?)

For this year – I wanted to learn a new configuration management I’ve been using at home. Although ansible CLI has been good and dependable, AWX has left a bad taste. The high resource utilization and cumbersome way of installing in Kubernetes are good reason to look at other options.

Good thing, being with VMware allows us to try the softwares that are currently in our solutions. With salt-stack recently acquired – its time for me to test it out.

Here are some few gotchas during the single-node installation of Salt Stack Enterprise 6.4

  • Salstack Enterprise (GUI) only supports CentOS/RH/OracleLinux/ OpenSuse. No ubuntu for us 🙁 so i ended up using CentOS
  • Using the setup_single_node.sh installer install SelfSigned certificate with CN: localhost. This is not ideal since you wont be able to browse the GUI. The following needs to be run in order to change the certificate
    • Generate New Certificate. The CN should be the FQDN you will be using to access the GUI and change the certificate by doing the following:
#Generate Self-Signed using OpenSSL
openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out certificate.pem

# rename to .crt and .key
mv key.pem key.key && mv certificate.pem certificate.crt

# edit raas config
vi /etc/raas/raas

# and change the following lines to the location of the generated keys/crt
tls_crt: /etc/pki/raas/certs/localhost.crt
tls_key: /etc/pki/raas/certs/localhost.key

# make sure to chown the certificates to raas:raas and chmod to 600
chmod 600 certificate.crt && chmod 600 key.key
chown raas:raas key.key && chown raas:raas certificate.crt

# restart raas service
systemctl restart raas

Reference here: https://help.saltstack.com/hc/en-us/articles/360025949531-How-to-update-SSL-certificates-for-SaltStack-Enterprise

Leave a Reply


This site uses Akismet to reduce spam. Learn how your comment data is processed.