A master-less Salt minion can be used to manage a standalone machine (e.g. my work Linux desktop) or bootstrap any master-controlled minion (or even the master itself) as the salt states will take over management of the minion’s configuration and reconfigure it appropriately on first run.

This follows on from my implementation of salt for configuration management in 2015.

Bootstrapping clients

To bootstrap any new install, regardless of if it is going to be master-less, attached to the master, used for salt-ssh or anything else is the same:

  1. Install git and salt-minion
  2. Clone the salt state and pillar trees somewhere temporary
  3. Configure the minion as a master-less minion pointing to the temporary configuration (see below)
  4. Run salt-minion on the local machine - this will apply the states configured for the machine
  5. if step 4 was successful salt has now taken over managing this machines configuration, including salt’s configuration
  6. Delete the temporary git clone of the tree, salt will have configured itself to point to (and checked out an up-to-date clone) the right place.

Setting up the master-less minion

Installation

Firstly we need to install the minion.

Debian

apt install salt-minion git

Disable the service (in master-less mode we do not need or want it running as a service):

systemctl is-enabled salt-minion && systemctl disable salt-minion
systemctl is-active salt-minion && systemctl stop salt-minion

macOS

brew install salt

macOS will frequently change the name of the host to avoid clashes, seemingly with itself at times. We need a stable id for the minion so I find it is best to explicitly set it:

sudo bash -c 'echo -n "work-macbook-pro.bham.ac.uk" > /etc/salt/minion_id'

Configuration

As the minion has no master, configuration that would normally be done on the master needs to be done on the minion.

Create /etc/salt/minion.d/files.conf to tell it where to find the states and pillar information (When working, salt should take over management of this file):

file_client: local
file_roots:
  base:
    - /srv/salt/states
pillar_roots:
  base:
    - /srv/salt/pillar

(I used /opt on OSX, as /srv does not exist.)

Get the states tree

The last step before being able to use the master-less minion is to get a copy of the state tree:

# Debian
cd /srv
# OSX
cd /opt
 
# Both
git clone https://git.entek.org.uk/laurence/salt-home.git salt

Using it

Finally we can use the master-less salt by giving the salt-call command the -–local option:

salt-call --local state.highstate test=True