Skip to main content
SaltStack Support

Enterprise Installation: Manual Install on SUSE

These instructions walk you through installing Enterprise API without using the installation states. These instructions are intended for advanced users who need granular control over the installation process, and who are familiar with PostgreSQL and Redis database configuration.

The steps below are confirmed for a standalone deployment of SaltStack Enterprise (where all related services reside on a single host). As an advanced user, you will likely adapt these instructions to your deployment. These instructions are for SUSE Linux Enterprise 12 and SUSE Linux Enterprise 15.

SaltStack Enterprise for SLES 12 requires a PostgreSQL 9.5 or 9.6 database. PostgreSQL 9.6 is recommended. PostgreSQL 10 is not supported.

SaltStack Enterprise for SLES 15 is compatible with a 9.6 database or PostgreSQL 10. PostgreSQL 9.6 is recommended.

Download the packages for your environment

All operating systems

SUSE Linux Enterprise Server

SUSE Linux Enterprise Server 12 SP4 / OpenSUSE Leap 42.3

Step 1: PostgreSQL database installation and configuration

  1. Install PostgreSQL.

    $ zypper addrepo https://download.opensuse.org/repositories/server:/database:/postgresql/openSUSE_Leap_42.3/server:database:postgresql.repo
    $ zypper refresh
    $ zypper install postgresql96 postgresql96-server postgresql96-contrib
    # init the db by starting and stopping the postgresql service
    $ systemctl start postgresql
    $ systemctl stop postgresql
    
  2. Start PostgreSQL and create a database account for Enterprise API, for example:

    $ systemctl start postgresql
    $ su - postgres -c 'createuser -d -P root'
    

Step 2: Redis installation

  1. Install Redis.

    $ zypper addrepo https://download.opensuse.org/repositories/server:database/SLE_12_SP3/server:database.repo
    $ zypper refresh
    $ zypper install redis
    
  2. Start Redis.

    If you are setting up Redis on a host that is separate from the SaltStack Enterprise Server, you will need to configure Redis to accept remote connections and to limit access using a password. To do this, update the /etc/redis.conf file, specifying the bind parameter and setting the password that your SaltStack Enterprise servers should use to authenticate.

    bind 0.0.0.0
    requirepass
    

Step 3: SaltStack Enterprise installation and configuration

  1. Install the SLES 12 RPM.

    $ zypper install raas-6.0.1+3-0.sles12.x86_64.rpm
    
  2. Run the following to allow raas to access folders as a non-root user.

    chown -R raas:raas /etc/raas
    chown -R raas:raas /srv/raas
    chown -R raas:raas /opt/saltstack
    chown -R raas:raas /etc/pki/raas
    
  3. Update RaaS Configuration File.

    sql:
    dialect: postgresql
    username: root
    password: salt
    host: localhost
    port: 5432
    driver: psycopg2
    ssl: false
    

    Optional: To avoid saving passwords in files:

    Configure the location of your Redis server.

    redis:
    url: redis://<Redis_IP>:6379
    

    Optional: To avoid saving passwords in files:

    •  Use this alternate URL configuration.
      
      redis: 
        url: ENV 
      
      
    • Then in your environment, set the corresponding variable REDIS_URL.

      For example:

      REDIS_URL=redis://:secret@example.com:6379

      Redis database numbers are automatically appended to the end of the URL since different databases are used for different purposes (caching, queueing, result storage).

    $ systemctl start raas
    

    raas will not start. Continue to the next step.

  4. Add PostgreSQL Extensions.

    $ su - postgres
    $ psql -d raas_43cab1f4de604ab185b51d883c5c5d09 -c 'CREATE EXTENSION IF NOT EXISTS "pgcrypto”’
    
  5. Start the Enterprise API service.

    $ systemctl start raas
    
  6. Confirm that you can connect to the web console in a web browser.

SUSE Linux Enterprise Server 15

Step 1: PostgreSQL database installation and configuration

  1. Install PostgreSQL.

    PostgreSQL 10 is installed as the default on SLES 15.

    $ zypper in postgresql postgresql-server postgresql-contrib
    # init the db by starting and stopping the postgresql service
    $ systemctl start postgresql
    $ systemctl stop postgresql
    
  2. Update the pg_hba.conf file as needed to enable connections from your SaltStack Enterprise server.

  3. Start PostgreSQL and create a database account for Enterprise API, for example:

    $ systemctl start postgresql
    $ su - postgres -c 'createuser -d -P root'
    

Step 2: Redis installation

  1. Download and install Redis.

    $ zypper addrepo https://download.opensuse.org/repositories/server:database/openSUSE_Leap_15.0/server:database.repo
    $ zypper refresh
    $ zypper in redis
    
  2. Start Redis.

  3. Optional: Update configuration

    If you are setting up Redis on a host that is separate from the SaltStack Enterprise Server, you will need to configure Redis to accept remote connections and to limit access using a password. To do this, update the /etc/redis.conf file, specifying the bind parameter and setting the password that your SaltStack Enterprise servers should use to authenticate.

    bind 0.0.0.0
    requirepass

Step 3: SaltStack Enterprise installation and configuration

  1. Download the installation packages provided in the download section.

    $ zypper in raas-6.0.1+3-0.sles15.x86_64.rpm
    
  2. Run the following to allow raas to access folders as a non-root user.

    chown -R raas:raas /etc/raas
    chown -R raas:raas /srv/raas
    chown -R raas:raas /opt/saltstack
    chown -R raas:raas /etc/pki/raas
    
  3. Update RaaS Configuration File.

    /etc/raas/raas

    Update the sql configuration to provide the host, port, and the username and password created in the previous section. If you plan to use SSL, set ssl to True.

    sql:
      dialect: postgresql
      username: root
      password: salt
      host: localhost
      port: 5432
      driver: psycopg2
      ssl: false
    

    Optional: To avoid saving passwords in files:

    Configure the location of your Redis server.

    redis:
    url: redis://<Redis_IP>:6379
    

    Optional: To avoid saving passwords in files:

    •  Use this alternate URL configuration.
      
      redis: 
        url: ENV 
      
      
    • Then in your environment, set the corresponding variable REDIS_URL.

      For example:

      REDIS_URL=redis://:secret@example.com:6379

      Redis database numbers are automatically appended to the end of the URL since different databases are used for different purposes (caching, queueing, result storage).

  4. Start the Enterprise API service.

    $ systemctl start raas
    # service will not start, this is expected
    
  5. Add PostgreSQL Extensions.

    $ su - postgres
    $ psql -d raas_43cab1f4de604ab185b51d883c5c5d09 -c 'CREATE EXTENSION IF NOT EXISTS "pgcrypto"'
    
  6. Start the Enterprise API service.

     $ systemctl start raas
    
  7. Confirm that you can connect to the web console in a web browser.

Enable SSL

Instructions on how to update SSL certificates for SaltStack Enterprise, are available in the SaltStack Support Portal.

  1. Install pyOpenSSL.

     $ zypper in python-pyOpenSSL
    
  2. Enable SSL.

    To enable SSL connections to Enterprise Console, generate a PEM-encoded SSL certificate or ensure that you have access to an existing PEM-encoded certificate. Save the .crt and .key files to /etc/pki/raas/certs.

  3. Update RaaS Configuration

    Open /etc/raas/raas in a text editor and configure the following values (replace <filename> with your certificate filename).

    tls_crt: /etc/pki/raas/certs/<filename>.crt
    tls_key: /etc/pki/raas/certs/<filename>.key
    port: 443
    
    sql:
      ssl: True
    
  4. Restart the Enterprise API service.

     $ sudo systemctl restart raas
    
  5. Verify the Enterprise API is running.

     $ sudo systemctl status raas
    
  6. Confirm that you can connect to the web console in a web browser.

Install Salt Master plugin

  1. Log in to your Salt Master.

  2. Download one of the Salt Master plugin Egg files based on the version of Python installed on the Salt Master (python --version from the command line).

  3. Install the plugin (requires Python setuptools).

     $ sudo easy_install-2.7 SSEAPE-6.0.1+3-py2.7.egg
    
  4. Verify the /etc/salt/master.d directory exists. If it doesn’t, create it.

  5. Generate the master configuration settings.

     $ sudo sseapi-config --all > /etc/salt/master.d/raas.conf
    
  6. Edit the generated raas.conf file to update the following values:

    • sseapi_ssl_validate_cert - Validates the certificate that Enterprise API uses. The default is True. If you are using your own CA-issued certificates, set this value to True and configure the sseapi_ssl_ca, sseapi_ssl_cert, and sseapi_ssl_cert: settings. Otherwise set this to False to not validate the certificate.

       sseapi_ssl_validate_cert: False
      
    • sseapi_ssl_ca - The path to a CA file.
    • sseapi_ssl_cert - The path to the certificate. The default value is /etc/pki/raas/certs/localhost.crt.
    • sseapi_ssl_key - The path to the certificate’s private key. The default value is /etc/pki/raas/certs/localhost.key.
    • id - Comment this line out by adding a # at the beginning. It is not required.
    • sseapi_server - HTTP IP address of of your SaltStack Enterprise server, for example, http://192.168.57.24, or https://192.168.57.24 if SSL is enabled.
  7. Restart the Salt Master.

     $ sudo systemctl restart salt-master
    

After a minute or two the Salt Master and its Minions appear in Enterprise Console.

Deploy your license key

When deploying a SaltStack Enterprise server, you will need to add your license key to the /etc/raas folder. Upon doing so, you will need to set the ownership of this file to raas user, as follows:

sudo chown raas:raas /etc/raas/raas.license
sudo chmod 400 /etc/raas/raas.license

 

  • Was this article helpful?