SaltStack, also known as Salt, is a configuration management and orchestration tool. It uses a central repository to provision new servers and other IT infrastructure, to make changes to existing ones, and to install software in IT environments, including physical and virtual servers, as well as the cloud.
SaltStack automates repeated system administrative and code deployment tasks, eliminating manual processes in a way that can reduce errors that occur when IT organizations configure systems.
Salt is used in DevOps organizations because it pulls developer code and configuration information from a central code repository, such as GitHub or Subversion, and pushes that content remotely out to servers. Salt users can write their own scripts and programs, and can download prebuilt configurations that other users have contributed to a public repository.
Salt minions, grains, pillars and other important features
Salt's main component, the remote execution engine, creates a secure, bidirectional, high-speed communications network. With a running master, a started minion attempts to generate cryptographic hashes and connect to the master to form the network. After using public key authentication, minions may accept commands from a master. Salt can also be run in a masterless minion mode.
Salt differentiates itself from other configuration management and automation tools with its speed. Its multithreaded design enables the execution of hundreds or even thousands of simultaneous tasks. It uses ZeroMQ messaging, which is decoupled, meaning no persistent connection is required.
Salt uses a slave-master setup that enables push and pull execution. The user can push out updates and new code en masse, or set a schedule for servers to check the Salt master for updates and pull them accordingly. Salt's configuration management architecture is thus event-driven and self-healing, as the system can both push out updates and respond to problems at the same time. Salt can also operate in agent-based or agentless mode.
Salt's abstraction makes complex system admin tasks easier. When Salt first connects to a target system, a bootstrap script checks the target OS and version, and then installs binaries specific to the setup. The tool executes modules, prebuilt as well as custom, remotely.
Playing off the name Salt, the software works via salt reactors, minions, grains and pillars.
- Salt reactors listen for events, while agents use a secure shell to run commands on a target system.
- The minion, which is an agent, can optionally be installed on the target to push commands in Python.
- Grains provide information about the target system -- for example, its OS version -- to the minions.
- The configuration files are called pillars.
Salt uses the Jinja2 templating engine to insert conditional statements and achieve other setups in Salt state and pillar files, among others.
SaltStack Enterprise and Salt open source software versions
Salt Open Source Software is free and, as the name implies, open source software run from a command-line interface (CLI). The paid enterprise edition, SaltStack Enterprise, adds features, including a GUI and support for Windows, macOS and Solaris. It also provides Lightweight Directory Access Protocol-based -- i.e., centralized -- access control.
SaltStack offers professional services to help customers integrate with third-party systems, or users can program integrations via an API. The SaltStack Enterprise API has many more features than the free version. SaltStack Enterprise enhances compliance by saving events in a database to provide an auditable history.
SaltStack does not publish a price list.
Pros and cons of Salt
The technology underlying Salt and SaltStack Enterprise has strong and weak points depending on the user's skills, as well as the deployment upon which the user will act.
Salt is event-driven and modular, ensuring that the IT components under its control maintain their target state. It provides a front-end analytics engine, thus adding intelligence to respond to events, including third-party ones. The system can be set up in a tiered configuration with one minion controlling others to boost redundancy and load balancing.
Salt is written in and uses Python, which practically all Linux systems already have installed. However, SaltStack Enterprise's GUI is not feature-rich, so most users accomplish tasks via the command-line tool.
Also, target states cannot be checked in a specific order. This limitation diminishes the ability to program dependencies between systems.
Salt vs. Ansible, Puppet and Chef
Competing configuration management products all have distinct methods of specifying configurations and dependencies. Salt and Red Hat Ansible are newer -- released in 2011 and 2012, respectively -- than Puppet, which came out in 2005, and Chef, which debuted in 2009. Salt's relative youth could be seen as an advantage of this tool, as it bypasses issues that arose in the years since configuration management technologies emerged.
Salt uses Python, a language that programmers are more likely to know than Ruby. SaltStack can use scripts written directly in Python and can render scripts written in other languages, such as YAML or JSON through the PyDSL Salt renderer. While Salt uses a master-slave architecture with agents, it can also operate in agentless mode. Puppet and Chef use agents. All of these commonly used configuration management tools work with public cloud platforms, such as Amazon Web Services.
Salt and Ansible both support YAML code configuration, which is easy to understand because it is human-readable. Chef uses JSON configuration and the Ruby programming language. Puppet has its own declarative domain-specific language for configuration inspired by the Nagios configuration file format. Some users report that Salt and Chef are complicated to learn, as is Puppet. This is an area where Ansible seeks to woo users, aiming to be the simplest configuration management option. Ansible does not require installing agents, further reducing complexity.