SaltStack: Way Beyond Configuration Management

August 24, 2018 - Jenn Diffley

SaltStack does digital infrastructure configuration management. And it does it very well—it will load software onto every node you control, from Linux on a laptop to Windows on a cloud VM. It does all of this while maintaining system speed, whether you have ten thousand or two hundred thousand servers.

In the open market, SaltStack is known as a configuration management tool, and very little time is spent discussing its other capabilities. But that’s like saying Paris is just where the Eiffel Tower lives. That’s ignoring baguettes and Notre Dame and Givenchy and Rodin and the Musée d’Orsay and macarons.

It’s just as much a crime to say SaltStack is only a configuration management tool as it is to visit Paris and never step foot in the Louvre.

Here are four other ways SaltStack goes way beyond configuration management to become the all-encompassing IT automation tool your business must have:

Event-driven Automation

Infrastructure is constantly changing. Services come online, software is deployed, bugs are fixed, servers are patched, etc. This calls for a different approach: by triggering tasks based on events, infrastructure can be managed dynamically. Instead of waiting for a scheduled task to run, jobs can be executed as needed.

Without event-driven automation, much time can be lost, as failures tend to be responded to reactively rather than proactively. However, using Salt’s Reactor system to watch for events, proactive steps can be taken (notifications sent, rollbacks initiated, etc.), which can make a world of difference in minimizing downtime.

Imagine being pinged on Slack within seconds of a VM becoming unresponsive, or automatically reverting an inadvertent change to a configuration file before that change is able to cause a problem. Relying on real-time event triggers rather than schedules or—worse yet—manual intervention can help keep your phone from going off in the middle of the night.


Remote Execution

Remote execution is what makes SaltStack unique. After all, it’s where Salt, the open source project, started. This capability is a core component of SaltStack. Once you have a Salt Master and Minions configured to talk to the Master, SaltStack will reach out to each of those Minions and run hundreds of functions on them. These functions range from information gathering (listing installed software packages, etc.), making changes (adding and removing users, starting and stopping services, etc.), to even running arbitrary shell commands. Minions can be targeted either individually or in groups, using globbing, regular expressions, or criteria such as operating system and version, subnet membership, and more.

As an example of how Salt’s remote-execution makes sysadmin tasks much simpler, consider a scenario in which one has systems distributed all over the globe, and wants to know quickly which of them are not responsive.

Using traditional tooling like Bash scripts or Powershell, it would first be necessary to gather a list of hosts to ping, then write a for loop to ping each of them. Finally, the results would need to be interpreted before finally writing yet more code to report on them

With SaltStack, it would be a simple matter of running “salt ‘*’”. The results would come back as either “True” or an error message for each Minion. The results can even be returned in other formats, such as YAML and JSON, by using SaltStack’s “–out” option (e.g. salt ‘*’ –out=json). In addition, the Minions would be contacted in parallel, yet another advantage over using a script with a for loop.But Salt’s advantages don’t end there: Salt makes applying security fixes a breeze. Rather than updating Puppet manifests and waiting for puppet-agent to wake up and run them, applying fixes can be done quickly on the CLI, as one Salt user did to mitigate Heartbleed in 2014.


Not only are Salt States useful for everyday system administration tasks, but by using orchestration, they can be combined into complex multi-step workflows. Groups of files containing States can be set to rely upon others, allowing for complex deployments to be handled elegantly. For example, all the deployment tasks for a database server can be performed before the web UI that relies upon it is enabled. If something fails, another set of States can be triggered to revert the deployment.

Cloud Control

It can be difficult to find the right option to manage distributed systems, whether they are on-premises or spread around the globe. However, when Salt Cloud is used to deploy VMs, they’re automatically added as Minions and ready to be managed by Salt. Over a dozen providers are supported by Salt Cloud, including EC2, Google Cloud, Azure, DigitalOcean, and more.

“Cloud Profiles” can be defined for different roles (app server, database, etc.). Additionally, profiles can be created for a given vendor/image/etc. combination and reused in multiple Cloud Profiles. This allows for a profile to be easily switched to a different vendor or image, should the need arise.

So…What is It?

SaltStack is much more than configuration management. Its core functionality of remote-execution has allowed it to continually add new features, positioning it as a top contender in the infrastructure automation space.