Skip to main content

Salt (SaltStack)

Salt is an open-source configuration management and remote execution tool that enables you to manage and automate the configuration of servers and network devices. While primarily a configuration management tool, Salt can also be used for Infrastructure as Code (IaC) through its cloud provisioning capabilities.

What is Salt?

Salt, also known as SaltStack, is a Python-based configuration management and remote execution framework. It uses a master-minion architecture where a central master server controls multiple minion servers, enabling scalable and efficient infrastructure management.

Key Features

  • Remote Execution: Execute commands on thousands of servers simultaneously
  • Configuration Management: Declarative state management using YAML
  • Event-Driven Architecture: React to system events in real-time
  • Cloud Provisioning: Provision and manage cloud resources
  • High Performance: Built for speed and scalability
  • Extensible: Rich ecosystem of modules and plugins

Architecture

Master-Minion Model

  • Salt Master: Central control server that manages minions
  • Salt Minions: Target servers that execute commands and apply configurations
  • ZeroMQ: High-performance messaging for communication

Alternative Architectures

  • Salt SSH: Agentless execution using SSH
  • Salt API: RESTful API for integration with other tools
  • Salt Syndic: Hierarchical master setup for large environments

Core Concepts

1. States (SLS Files)

Declarative configuration using YAML:

# /srv/salt/webserver.sls
install_nginx:
  pkg.installed:
    - name: nginx

start_nginx:
  service.running:
    - name: nginx
    - require:
        - pkg: install_nginx

nginx_config:
  file.managed:
    - name: /etc/nginx/nginx.conf
    - source: salt://nginx/nginx.conf
    - require:
        - pkg: install_nginx

2. Pillars

Secure data storage for sensitive information:

# /srv/pillar/database.sls
database:
  host: db.example.com
  port: 5432
  user: app_user
  password: secret_password

3. Grains

System information about minions:

# Get all grains
salt '*' grains.items

# Get specific grain
salt '*' grains.get os

4. Modules

Pre-built functions for system management:

# Package management
salt '*' pkg.install nginx

# Service management
salt '*' service.start nginx

# File operations
salt '*' file.copy /tmp/source /tmp/destination

Installation

Master Installation (Ubuntu/Debian)

# Add Salt repository
curl -L https://bootstrap.saltproject.io | sudo sh -s -- -M

# Or using package manager
wget -O - https://repo.saltproject.io/py3/ubuntu/20.04/amd64/latest/SALTSTACK-GPG-KEY.pub | sudo apt-key add -
echo "deb http://repo.saltproject.io/py3/ubuntu/20.04/amd64/latest focal main" | sudo tee /etc/apt/sources.list.d/saltstack.list
sudo apt update
sudo apt install salt-master salt-minion

Minion Installation

# Bootstrap script
curl -L https://bootstrap.saltproject.io | sudo sh

# Or manual installation
sudo apt install salt-minion

Basic Usage

1. Accept Minion Keys

# List pending keys
sudo salt-key -L

# Accept all pending keys
sudo salt-key -A

# Accept specific minion
sudo salt-key -a minion-name

2. Test Connection

# Test connectivity
sudo salt '*' test.ping

# Get system information
sudo salt '*' grains.get os

3. Execute Commands

# Run command on all minions
sudo salt '*' cmd.run 'uptime'

# Install package
sudo salt '*' pkg.install nginx

# Apply state
sudo salt '*' state.apply webserver

State Management

Top Files

Define which states apply to which minions:

# /srv/salt/top.sls
base:
  "web*":
    - webserver
  "db*":
    - database
  "G@os:Ubuntu":
    - common

State Dependencies

install_package:
  pkg.installed:
    - name: nginx

configure_service:
  service.running:
    - name: nginx
    - require:
        - pkg: install_package
    - watch:
        - file: nginx_config

nginx_config:
  file.managed:
    - name: /etc/nginx/nginx.conf
    - source: salt://nginx/nginx.conf

Cloud Provisioning

Salt can provision cloud resources:

# /srv/salt/cloud.profiles.d/ec2.conf
web-server:
  provider: aws-us-west-2
  image: ami-12345678
  size: t2.micro
  ssh_username: ubuntu
  securitygroup: web-sg
  tag:
    Environment: production
    Role: webserver

Best Practices

1. File Organization

/srv/salt/
├── top.sls
├── common/
├── webserver/
├── database/
└── _modules/

2. State Design

  • Keep states simple and focused
  • Use includes and extends for reusability
  • Implement proper dependencies
  • Use Jinja2 templating for dynamic content

3. Security

  • Secure pillar data
  • Use proper file permissions
  • Implement access controls
  • Regular security updates

4. Performance

  • Use targeting for specific minions
  • Implement proper caching
  • Monitor master performance
  • Use syndic for large environments

Common Use Cases

  • Configuration Management: Ensure consistent server configurations
  • Application Deployment: Deploy and update applications
  • Compliance: Enforce security and compliance policies
  • Monitoring: Collect system metrics and logs
  • Backup Management: Automate backup processes
  • Cloud Provisioning: Manage cloud infrastructure

Salt vs Other Tools

FeatureSaltAnsiblePuppetChef
ArchitectureMaster-MinionAgentlessMaster-AgentMaster-Agent
LanguagePythonPythonRubyRuby
ConfigurationYAMLYAMLPuppet DSLRuby DSL
SpeedVery FastFastMediumMedium
Learning CurveMediumEasyHardHard

When to Use Salt

Choose Salt when:

  • You need high-performance remote execution
  • You have a large number of servers to manage
  • You want event-driven automation
  • You need real-time system monitoring
  • You require cloud provisioning capabilities

Consider alternatives when:

  • You have a small infrastructure
  • You prefer agentless solutions
  • You need simple configuration management
  • You want minimal setup complexity