SaltStack is a solution beyond configuring a server and stretches elegantly to provide ability for managing self-healing systems at scale. It is focuses on orchestration to be a complete solution that encourages declarative approach to configuration management.
Usability / Architecture and Installation – Salt has a Master-Minion Architecture in which clients, called “minions” can be commanded and controlled from a central command server called a “master”. Unlike other CM tools like chef and puppet which uses pull approach, SaltStack uses the push approach where the master pushes the configurations to the nodes/agents. I found this below picture online which sums up the Salt Architecture.
SaltStack is simple to install and manage. The master doesn’t have any complex prerequisites on a message system or a special database to perform its intended job while installing a minion on a hundreds of servers is easy using the bootstrap script provided by SaltStack.
Enhancing on the Automation Story / Value-Add
- Configuration Management – SaltStack solves this hard problem through declarative YAML approach and it does it well. It is simple to learn and as stated by folks at VMware, it helps complete the digital infrastructure automation story for vRealize Automation. Native Configuration Management solution will help load application onto every workload, from private to public cloud and thus introduce an efficient path to maintain the desired end state configuration. As per the documentations, SaltStack is faster and easier compared to Ansible, another industry leading CM tool.
- Dealing with Systems at Scale – The backbone of Salt is the remote execution engine, which creates a high-speed, secure and bi-directional communication channel for groups of systems. Master – Minion configuration makes it easy to run commands and functions on thousands of system simultaneously. This makes life of a sysadmin easier where just running ‘salt “*” disk.usage’ to show disk usage for systems across globe without the need for any complex scripts to do the same.
- Self-Healing Systems – Autonomous self-healing systems can be a critical add to the automation story. With the increase in number of nodes that the sysadmin is responsible for, the ability to manage issues on those systems becomes complex. The Beacon system of SaltStack, systems can be monitor for scenarios like brute force attacks, deadlocks, disk utilization, unwanted processes and services running etc. Pairing this with the Reactor system, SaltStack can restore those systems to the desired state. Real time event driven automation can significantly reduce downtimes by proactively healing systems rather than a reactive approach.
- Support for SecOps – While there is a great story around DevOps for Infrastructure / GitOps in vRealize Automation, SaltStack documents building a robust framework around SecOps which is an emerging area of focus for automation. While it would be challenging for security teams to adopt new tools for SecOps, SaltStack delivers full-service, closed-loop automation for compliance and security. This enables security teams to automate identifying and fixing issues by defining compliance and still present insight and control to operations teams thus enabling coordination and better hybrid cloud security.
- Opening Doors for Selling to DevOps – One of the most discussed way of selling to DevOps is by embracing Open Source Communities and SaltStack has a very welcoming community of users that can help expand the story of vRealize Automation to DevOps users and gain traction for enterprise ready automation.
Read VMware’s announcement here.
P.S. – This blog post is a summary of my research, reading white-papers, SaltStack’s documentation, lab work and peer reviews.