Install SaltStack Without Root Privileges

I found documentation on running SaltStack, both the master and minions, to be lacking. It’s easy to forget how painful not having system access is when you’re use to the power and convenience of simple things like apt and yum, so this guide is intended to be the fresh glass of water to those of you in you-don’t-get-root-because-shutup hell looking for an alternative solution for making things suck less. It is totally doable! For the record, I don’t encourage this kind of behavior, so avoid it if you can.

This guide will use RHEL (or CentOS), but it doesn’t really matter too much - most everything here is distro agnostic. It assumes you have C/C++ compilers ( gcc and gcc-c++ ) and the development libraries for zlib ( zlib-devel ) and OpenSSL ( openssl-devel ). Everything is installed locally and we’ll be installing Salt through pip.

I had the additional hurdle of having no Internet access, so to get around that, I setup a simple HTTP proxy (those batteries are not included here). Should this limitation not apply to you, feel free to skip this step:

export http_proxy=http://1.2.3.4:5678 # use your own proxy, export https_proxy=https://1.2.3.4:5678 # and get the hell off my lawn

Some initial scaffolding:

PY_VER=2.7.11 # make some directories mkdir -p $HOME/usr \ $HOME/src \ $HOME/srv/salt \ $HOME/etc/salt/minion.d \ $HOME/etc/salt/master.d # download requirements curl https://www.python.org/ftp/python/$PY_VER/Python-$PY_VER.tgz \ -o $HOME/src/Python-$PY_VER.tgz curl https://bootstrap.pypa.io/get-pip.py \ -o $HOME/src/get-pip.py # extract tarball tar zxf $HOME/src/Python-$PY_VER.tgz -C $HOME/src

Next, Python gets installed locally (e.g. not system-installed Python) along with pip:

# install python cd $HOME/src/Python-$PY_VER ./configure -q --prefix=$HOME/usr make make install cd - # add locally installed software to search path echo "PATH=$HOME/usr/bin:$PATH" >> .bash_profile source .bash_profile # install pip python src/get-pip.py

Once the busywork is out of the way, we can get to doing easier things, like installing SaltStack prerequisites:

pip install pyzmq pyyaml pycrypto msgpack-python jinja2 psutil pip install gitpython pip install requests backports.ssl-match-hostname six singledispatch certifi backports-abc tornado futures

Finally, let’s install SaltStack. As of writing this, the lastest version tracked in the Python Package Index is 2015.8.8, and there is no option for installing only salt-master or only salt-minion - it’s all or nothing. Again, this is not an encouraged method, this is a last resort (sorry Papa Roach, no cutting SaltStack into pieces here).

pip install --global-option="--salt-root-dir=$HOME" salt

A quirk I ran into while installing SaltStack via pip was that anything in --global-options gets passed to every package. So, if we one-line all the prerequisities together along with SaltStack, those options get passed to each and every package. Turns out, not every package uses or can even understand what --salt-root-dir=$HOME means, so it’ll error out. Avoid that by doing splitting up the steps just as I have outlined.

Last thing we need to do is configure both the master and minion to run as non-privileged users, and then we can start the daemons:

echo -e "user: $(whoami)

root_dir: $HOME" > $HOME/etc/salt/master echo -e "user: $(whoami)

root_dir: $HOME

master: localhost" > $HOME/etc/salt/minion # cleanup rm -rf $HOME/src salt-master -d salt-minion -d

The complete script put together from this guide can be found here. As always, your mileage may vary. Feel free to leave a comment if you get hung up somewhere in the process or if you have some good tips.

Please enable JavaScript to view the comments powered by Disqus.

Disqus