WavebreakMediaMicro - Fotolia

SaltStack infrastructure-as-code tools seek cloud-native niche

SaltStack, like other infrastructure-as-code tools, must reinvent itself as cloud-native IT automation approaches such as containers, serverless and Kubernetes Operators grow.

As IT automation evolves to suit the cloud-native era, earlier approaches such as configuration management and infrastructure-as-code tools must also change with the times.

SaltStack infrastructure-as-code tools, along with products from competitors such as Puppet, Chef and Ansible, must accommodate fresh IT trends, from AI to immutable infrastructure. They must also do so quickly to keep up with the rapid pace of innovation in the IT industry, something SaltStack has failed to do in recent years, company officials acknowledge.

"[Our new approach] will be an accelerant that allows us to create [new products] much more quickly than we have in the past, and in a much more maintainable way," said Salt open source creator Thomas Hatch, who is also CTO of SaltStack, the project's commercial backer.

That new approach is an overhauled software development process based on the principles of plugin-oriented programming (POP), first introduced to core SaltStack products in 2018. This week, the company also renewed its claim in cloud-native territory with three new open source modules developed using POP that will help it keep pace with rivals and emerging technologies, Hatch said.

The modules are Heist, which creates "dissolvable" infrastructure-as-code execution agents to better serve ephemeral apps; Umbra, which automatically links IT data streams to AI and machine learning services; and Idem, a redesigned data description language based in YAML that simplifies the enforcement of application state.

Salt open source contributors say POP has already sped up the project's development, where previously they faced long delays between code contributions and production-ready inclusion in the main Salt codebase.

"I'm the largest contributor of Azure-specific code to the Salt open source project, and I committed the bulk of that code at the beginning of 2017," said Nicholas Hughes, founder and CEO of IT automation consulting firm EITR Technologies in Sykesville, Md., which is also a licensed reseller of SaltStack's commercial product.  "It was accepted into the developer branch at that point. It just showed up in the stable branch at the beginning of 2019, nearly two years later."

The new modules, especially Idem, can also be used to modernize Salt, especially its integrations with cloud service providers, Hughes said.

SaltStack plugin-oriented programming
SaltStack rewrote its infrastructure-as-code tools with plugin-oriented programming, instead of a traditional object-oriented method.

SaltStack revs update engine with POP and Idem

SaltStack's Hatch introduced the POP method three years ago. This approach is a faster, more flexible alternative to the more traditional object-oriented programming method developers previously used to maintain the project, Hatch said.

"Object-oriented programming [puts] functions and data right next to each other, and the result is … a lot of isolated silos of code and data," he said. "Then you end up building custom scaffolding to get them all to communicate with each other, which means it can become really difficult to extend that code."

Plugin-oriented programming, by contrast, is based on small modules that can be developed separately and merged quickly into a larger codebase.

The new modules rolled out this week serve as a demonstration of how much more quickly the development of Salt and SaltStack infrastructure-as-code tools can move using POP, Hatch said. While an earlier project, Salt SSH, took one engineer two months to create a minimum viable product, and another six months to polish, Heist took one engineer a week and a half to stand up and another two weeks to refine, he said.

Similar open source projects that maintain infrastructure-as-code tools, such as HashiCorp's Terraform, had long since broken up their codebases into more modular pieces to speed development, Hughes said. He also contributes Azure integration code to Terraform's open source community.

[Idem and POP] will allow us to move and iterate and build out [the codebase] much more easily.
Nicholas HughesCEO, EITR Technologies

Now, Hughes said he has high hopes for Idem as a vehicle to further modernize cloud provider integrations in open source Salt, and he has already ported all the Azure code he wrote for Salt into Idem using POP.

"It will allow us to move and iterate and build out those codebases much more easily, and version and handle them separately," he said. He'd also like to see Salt's open source AWS integrations updated to work with Idem, as well as Salt functions such as the event bus, which ties in with third-party APIs to orchestrate CI/CD and IT monitoring systems alongside infrastructure.

As the cloud working group captain for the Salt open source project, Hughes said he's put out a call for the community to port more cloud components into Idem, but that's still a work in progress.

Infrastructure-as-code tools 'reaching the end of their run?'

In the meantime, the breakneck pace of cloud-native technology development waits for no one, and most of SaltStack's traditional competitors in infrastructure-as-code tools, such as Puppet, Chef and Ansible, have a head start in the race to reinvent themselves.

Puppet has sought a foothold in CI/CD tools with its Distelli acquisition and moved into agentless IT automation, similar to Ansible's, with Puppet Bolt. Chef overhauled its Ruby codebase using Rust to create the Chef Habitat project years ahead of SaltStack's POP, in 2015, and expanded into IT security and compliance with Chef InSpec, which rolled out in version 1.0 in 2016.

SaltStack plans to refocus its business primarily on cloud security automation, which Hatch said accounts for 40 percent of the company's new sales in 2019. It began that expansion in late 2018, but SaltStack has some potential advantages over Chef InSpec, since it can automate security vulnerability remediation without relying on third-party tools, and the company also beat Red Hat Ansible to the security automation punch, which Ansible began in earnest late last year.

Still, Ansible also has the cachet of its IBM/Red Hat backing and well-known network automation prowess.

HashiCorp's Terraform has a long lead over Salt's Idem-based POP modules in cloud provisioning integrations, and the company has hot projects to sustain it in other areas of IT, including cloud security, such as Vault secrets management.

"SaltStack seems to be the slowest to redefine themselves, and they're the smallest [among their competitors], in my view," said Jim Mercer, analyst at IDC. "The Umbra plugin that could pull them through into the hot area of AI and machine learning certainly isn't going to hurt them, but there's only so much growth left here." A SaltStack spokesperson expressed disagreement with Mercer’s characterization of the company.

As container orchestration tools such as Kubernetes have risen in popularity, they've encroached on the traditional Configuration management turf of vendors such as SaltStack, Puppet and Chef, though infrastructure-as-code tools such as Terraform remain widely used to automate cloud infrastructure under Kubernetes and to tie in to GitOps workflows.

Still, the market for infrastructure-as-code tools has also begun to erode, in Mercer's view, with the growth of function-as-a-service products such as AWS Lambda and serverless container approaches such as AWS Fargate that eliminate infrastructure management below the application container level. Even among shops that still manage infrastructure under Kubernetes, fresh approaches to IT automation have begun to horn in on infrastructure as code's turf, such as Kubernetes Helm, Kubernetes Operators and KUDO Operators created by D2iQ, formerly Mesosphere.

"These tools had their heyday, but they're reaching the end of their run," Mercer said. "They're still widely used for existing apps, but as new cloud-native apps emerge, they'll start to go the way of the VCR."

Dig Deeper on Systems automation and orchestration

Software Quality
App Architecture
Cloud Computing
Data Center