Profile photo

from miller import blake

Hello, I'm a systems administrator, I get paid to be a software developer, I like Python, I'm a fan of good design, and I don't think things always have to be so stupid.
You can follow me @bltmiller, subscribe via RSS, and email me.

Install SaltStack Without Root Privileges

I found documentation on running SaltStack, both the master and minions, to be lacking. It’s easy to forget how painful not having system access is when you’re use to the power and convenience of simple things like apt and yum, so this guide is intended to be the fresh glass of water to those of you in you-don’t-get-root-because-shutup hell looking for an alternative solution for making things suck less. It is totally doable! For the record, I don’t encourage this kind of behavior, so avoid it if you can.

This guide will use RHEL (or CentOS), but it doesn’t really matter too much - most everything here is distro agnostic. It assumes you have C/C++ compilers (gcc and gcc-c++) and the development libraries for zlib (zlib-devel) and OpenSSL (openssl-devel). Everything is installed locally and we’ll be installing Salt through pip.

I had the additional hurdle of having no Internet access, so to get around that, I setup a simple HTTP proxy (those batteries are not included here). Should this limitation not apply to you, feel free to skip this step:

export http_proxy=http://1.2.3.4:5678 # use your own proxy,
export https_proxy=https://1.2.3.4:5678 # and get the hell off my lawn

Some initial scaffolding:

PY_VER=2.7.11

# make some directories
mkdir -p $HOME/usr \
         $HOME/src \
         $HOME/srv/salt \
         $HOME/etc/salt/minion.d \
         $HOME/etc/salt/master.d

# download requirements
curl https://www.python.org/ftp/python/$PY_VER/Python-$PY_VER.tgz \
     -o $HOME/src/Python-$PY_VER.tgz
curl https://bootstrap.pypa.io/get-pip.py \
     -o $HOME/src/get-pip.py

# extract tarball
tar zxf $HOME/src/Python-$PY_VER.tgz -C $HOME/src

Next, Python gets installed locally (e.g. not system-installed Python) along with pip:

# install python
cd $HOME/src/Python-$PY_VER
./configure -q --prefix=$HOME/usr
make
make install
cd -

# add locally installed software to search path
echo "PATH=$HOME/usr/bin:$PATH" >> .bash_profile
source .bash_profile

# install pip
python src/get-pip.py

Once the busywork is out of the way, we can get to doing easier things, like installing SaltStack prerequisites:

pip install pyzmq pyyaml pycrypto msgpack-python jinja2 psutil
pip install gitpython
pip install requests backports.ssl-match-hostname six singledispatch certifi backports-abc tornado futures

Finally, let’s install SaltStack. As of writing this, the lastest version tracked in the Python Package Index is 2015.8.8, and there is no option for installing only salt-master or only salt-minion - it’s all or nothing. Again, this is not an encouraged method, this is a last resort (sorry Papa Roach, no cutting SaltStack into pieces here).

pip install --global-option="--salt-root-dir=$HOME" salt

A quirk I ran into while installing SaltStack via pip was that anything in --global-options gets passed to every package. So, if we one-line all the prerequisities together along with SaltStack, those options get passed to each and every package. Turns out, not every package uses or can even understand what --salt-root-dir=$HOME means, so it’ll error out. Avoid that by doing splitting up the steps just as I have outlined.

Last thing we need to do is configure both the master and minion to run as non-privileged users, and then we can start the daemons:

echo -e "user: $(whoami)\nroot_dir: $HOME" > $HOME/etc/salt/master
echo -e "user: $(whoami)\nroot_dir: $HOME\nmaster: localhost" > $HOME/etc/salt/minion

# cleanup
rm -rf $HOME/src

salt-master -d
salt-minion -d

The complete script put together from this guide can be found here. As always, your mileage may vary. Feel free to leave a comment if you get hung up somewhere in the process or if you have some good tips.


comments powered by Disqus

Copyright © 2016, Blake Miller. All rights reserved. | Sitemap · RSS