Fotolia
Grasp these basic Salt configuration management concepts
Not sure how Salt conveys configuration instructions to systems? Wonder if your programming skills will carry over to the tool? Use these best practices and tips to assess Salt.
Salt, a configuration management tool, reduces manual, tedious tasks for IT ops teams. And like other tools in the market, it comes with a particular set of capabilities and limitations admins should review before deployment.
Follow the tips below to assess Salt configuration management features, compare two versions of the tool and master the basics of installation and scaling.
Understand Salt's key features and drawbacks
As they should with any IT tool, operations teams must carefully weigh the pros and cons of Salt before implementation.
Salt, which is written in Python, works in what's called a master-minion model. A management server hosts the salt-master, which pushes out instructions, such as a system update, to the minions that run on managed machines. Another key feature of the configuration management tool is its parallel execution of remote shell operations. This enables Salt to simultaneously issue multiple commands to multiple machines.
There are, however, some limitations with Salt. For example, while admins can use the command salt-minion -l debug to debug via a minion, the tool itself doesn't offer extensive information about errors.
To get Salt up and running, an IT team must install it then set up minion configuration data on the master, known as pillars; a list of system properties on the minion, known as grains; and monitoring.
Speak Salt's command language
Those new to Salt and its command-line interface (CLI) should explore the tool's commands and structure through example exercises. This helps admins get a feel for Salt in everyday use, and some of the essential tasks they can perform with it.
The Salt setup works with state files, which contain configuration information. The top state file controls the mapping for groups of machines that perform roles in an application stack.
While the top file is valuable, an administrator might want to work with Salt on an ad hoc basis, such as to review setup or install software. For example, to gauge storage availability, the administrator can input df -h through the CLI and Salt will output used and available disk space, and where it is mounted. Combine this command with targeting, such as by host name, to check specific metrics.
It helps to have a background with the YAML file format. Savvy admins can follow along to apply Jinja Python template syntax to files.
More advanced Salt tips
Once admins have mastered the basics of Salt configuration management -- including the master-minion model, essential commands and the core differences between the open source and proprietary versions -- there are more advanced concepts to explore.
Learn how to simultaneously send configuration information to various Salt minions across various machines, and how to use the Salt state file to update or change configurations.
Compare SaltStack Enterprise vs. Salt Open
Admins may wish to compare Salt configuration management features with those of comparable tools, such as Ansible, Chef or Puppet. But they also need to consider differences between two versions of Salt itself: Salt Open and SaltStack Enterprise.
As its name suggests, Salt Open is the free, open source version of the tool. SaltStack Enterprise, which is based off of Salt Open, comes with support and additional features, such as compliance tools and Lightweight Directory Access Protocol (LDAP) for authentication -- at a cost.
Another important distinction between the two versions of Salt is the means through which IT teams communicate with, and manage, systems: Salt Open uses a CLI, while SaltStack Enterprise also includes a GUI. The GUI provides reports and customizable dashboards admins can use to track real-time changes and updates to infrastructure. It also provides information about job history and minion and OS versions.
Use Salt at scale
As an IT deployment scales, Salt configuration management needs to keep up. The tool has several features and capabilities geared toward expandability.
One of them is Salt's tiered management and communication structure. After admins register Salt minions with the master server, they can directly push out requests to those minions. In some cases, however, a machine -- such as networking device with a proprietary OS -- cannot support a standard minion. To work around this, the master can instead communicate with a proxy minion, which passes the message along to the device. This tiered model ensures real-time and efficient communication between the master and the machines it manages.
ZeroMQ, a messaging library, is another Salt feature that helps the tool manage large IT deployments. Using ZeroMQ, the master and minions can communicate over a high-speed connection with minimal latency.
Salt, however, is not immune to performance hits. Admins, for example, need to be mindful of potential slowdowns when a high volume of minions attempt to authenticate with the master.
Dig Deeper on Systems automation and orchestration
-
![]()
SaltStack discloses critical vulnerabilities, urges patching
By: Arielle Waldman
-
![]()
Cisco servers breached through SaltStack vulnerabilities
By: Alexander Culafi
-
![]()
Critical SaltStack vulnerabilities exploited in several data breaches
By: Rob Wright
-
![]()
Xen Orchestra latest victim of Salt cryptojackers
By: Alex Scroxton
