What is SaltStack?

SaltStack was developed on GitHub – the online play­ground for de­vel­op­ers. The open-source software was released to the general public in March 2011. “Salt” – as the con­fig­u­ra­tion man­age­ment tool is often ab­bre­vi­at­ed to – helps in the automated man­age­ment and mon­i­tor­ing of server systems. Using SaltStack, it’s possible to install and configure software from a central computer and run any number of con­fig­u­ra­tion commands. Find out what’s special about Salt, how it’s used by admins and what ad­van­tages the man­age­ment tool offers for you.

SaltStack is license-free software from the Apache Software Foun­da­tion that can be used across a range of platforms. It enables ad­min­is­tra­tors to conduct remote main­te­nance, bring about pre­de­fined target states and start checks – both in their own server center as well as in an external cloud (in­de­pen­dent of the provider). Among the main ad­van­tages of SaltStack are its easy in­stal­la­tion, quick control of com­mu­ni­ca­tion and the pos­si­bil­i­ty to manage a range of servers in parallel.

When compared with similar systems like Terraform or Puppet, SaltStack excels with its versatile ap­pli­ca­tion options and speed. But the principle is the same: using a central server, the ad­min­is­tra­tor defines the con­fig­u­ra­tion of other computers. The con­fig­u­ra­tion man­age­ment software then im­ple­ments these settings on the in­di­vid­ual clients. To com­mu­ni­cate between servers and clients, SaltStack uses the messaging library ZeroMQ. This allows large and small volumes of data to be dis­trib­uted quickly. Com­mu­ni­ca­tion is protected via data en­cryp­tion with the sym­met­ri­cal en­cryp­tion tech­nol­o­gy AES. Reliable Asyn­chro­nous Event Transport (RAET), im­ple­ment­ed in 2014, provides ad­di­tion­al security for data trans­mis­sion.

The actual con­fig­u­ra­tions with SaltStack are made via a text file in YAML format. The simple markup language enables the rep­re­sen­ta­tion of struc­tured data in a se­quen­tial format. Using the pro­gram­ming language Python, you are able to combine many con­fig­u­ra­tion commands ready for execution with SaltStack.

Besides managing systems like Linux, SaltStack can also be used to organize MacOS and Windows clients. With Salt Cloud, SaltStack offers a universal interface for this purpose. This way, you can configure and manage a number of systems. Even private clouds and virtual server en­vi­ron­ments can be au­to­mat­i­cal­ly managed.

1. No matter what target system ad­min­is­tra­tors want to manage – the commands in SaltStack are always the same. This makes it easy to use and learn.
2. The tool not only enables the automated dis­tri­b­u­tion of con­fig­u­ra­tions, it can also react to events since it registers what type of com­mu­ni­ca­tion is exchanged in the in­fra­struc­ture.
3. SaltStack is included in Salt Open and is available for anyone using Apache License 2.0. Moreover, you can actively shape the de­vel­op­ment of the software. If man­u­fac­tur­er support is important to you, there is also an en­ter­prise version.

When you use SaltStack, you’ll come across certain terms that relate to the con­fig­u­ra­tion man­age­ment tool. We’ve sum­ma­rized the most important ones for you below.

The Salt Master was created in the pro­gram­ming language Python and is the server for the messenger ZeroMQ, which provides the data to the client. In the context of servers and clients, it’s common to refer to masters and minions. That’s why the SaltStack server is called Salt Master. All in­te­grat­ed target systems are centrally managed via this server. It transmits commands and files.

Salt Minions receive the commands from the Salt Master. At the same time, they inform the Salt Master of all relevant events and outcomes.

Salt Syndic is an in­ter­me­di­ary Salt Master. It operates between the Salt Master and Salt Minions.

Sometimes a Salt Minion may not be ex­e­cutable on a target system. SSH allows the Salt Master to directly contact this system. However, this com­mu­ni­ca­tion does not occur via ZeroMQ, which can make the process much slower. A number of functions and modules are dropped as well.

The Salt Proxy Minion allows you to control third devices. For instance, this includes network devices like routers or switches.

Using “buses” like ZeroMQ, SSH or the Proxy Minion, Salt Minions are assigned commands by the Salt Master. The Salt Minions respond with an in­di­vid­ual key. The Salt Master needs to confirm this key on first contact for the command to be run. Encrypted com­mu­ni­ca­tion with key pairs is therefore involved.

Let’s imagine you want to configure a software program. You give the re­spec­tive command to the Salt Master, which forwards it to all the Minions. The software is then au­to­mat­i­cal­ly con­fig­ured across all devices in the in­fra­struc­ture. The Master can also be du­pli­cat­ed as a Salt Syndic in this process.