Salt Master-Slave
With Salt, you can control hundreds of computers. You write the infrastructure as code, and the computers configure themselves.
In this brief article, you install Salt master-slave architecture. The slave computers phone home, so only master needs to be in a known address. Yes, you can reach the slave computers even if they are in an unknown address, behind a firewall and behind NAT.
It's easiest to first install both master and slave ("minion") on the same machine. After that, you can install as many slaves as you want.
Here, master's prompt is "master$". Slaves prompt is "slave$ ".
These instructions were intially tested on Debian 13-Trixie and Kali Rolling 2025 November, but written here from memory.
Prerequisites
You must know
You must have
Install master daemon
Install Salt master daemon. Start it, and make it start when computer boots.
master$ sudo apt-get install salt-master
master$ sudo systemctl enable --now salt-master
Check your IP address. Slave needs it in the next step. In production, you would probably use domain name.
master$ hostname -I
Install slave daemon and tell it where the master is
slave$ sudo apt-get install salt-minion
Tell slave the address where to reach the master.
slave$ sudoedit /etc/salt/minion
Salt is quite petty on the syntax, you need a space after colon ": ". By default, the /etc/salt/minion is just commented out code. You can remove the excessive comments if you want.
master: 10.1.2.3
Kick the daemon so that it reads the new configuration.
slave$ sudo systemctl restart salt-minion
Accept the slave on the master
master$ sudo salt-key --finger-all
master$ sudo salt-key -a kolmi
Test controlling the slaves
master$ sudo salt '*' test.ping
Using it
master$ sudo salt '*' state.single file.managed /tmp/mastercallssingle
Check that the file was created on the slave
slave$ ls -l /tmp/mastercallssingle
TeroKarvinen.com