Configuring SaltStack on Cumulus Linux


SaltStack is an automation and orchestration product. It relies on an agent called the Salt Minion running on the Cumulus Linux switch to communicate with a central server, called the Salt Master. SaltStack allows for the switch to pull configurations from the Salt Master (similar to Puppet) or to push configurations from the Salt Master (similar to Ansible). The Salt Master would be a server in the data center management network used to manage all of the Salt Minions.

Note: Since Cumulus Linux is a Debian Linux distribution, you install the SaltStack agent on a Cumulus Linux switch the same way you install Salt on Debian Linux. 

Salt provides a multi-platform bootstrap script to simplify installation, which we'll use in the example below.

Installing Salt on Cumulus Linux 3.x

Cumulus Linux 3.x is based on Debian Jessie. The instructions below follow the Salt instructions for Debian Jessie. 

Note: These instructions assume x86. For ARM-based platforms, replace "amd64" with "armhf" in the Salt repository lines.

  1. Edit /etc/apt/sources.list and add the Debian repository:
    cumulus@switch$ sudo sh -c 'echo "deb jessie main contrib non-free" >> /etc/apt/sources.list'
  2. Download and execute Salt Bootstrap:
    cumulus@switch$ curl -L -o
    sudo sh -P

Configuring Salt Minion and Salt Master

  1. Edit the Salt Minion configuration to point to the Salt Master.
    Note: If DNS resolves "salt" to the Salt Master, you can skip this step. This example assumes the Salt Master is at
    cumulus@switch$ sudo sed -i 's/#master: salt/master:' /etc/salt/minion
  2. Restart the Salt Minion:
    cumulus@switch$ sudo systemctl restart salt-minion.service
  3. View the Salt Minion's key on the Salt Master.
    Note: The Salt Master is not on the Cumulus Linux switch, but the server running Salt Master.
    user@salt-master$ sudo salt-key -L
    Accepted Keys:
    Denied Keys:
    Unaccepted Keys:
    Rejected Keys:
  4. Accept the Cumulus Salt Minion key on the Salt Master:
    user@salt-master$ sudo salt-key -a salt-minion
    The following keys are going to be accepted:
    Unaccepted Keys:
    Proceed? [n/Y] Y
    Key for minion salt-minion accepted.
  5. Test connectivity from the Salt Master:
    user@salt-master$ salt '*'
Have more questions? Submit a request


Powered by Zendesk