Salt Stack, a (serious) alternative to Puppet

date: 2013-04-05 07:37:09+00:00

I couldn't write it better : see

So basically, Salt is a configuration management system (à la Puppet) and allows remote execution (à la Rundeck).

First thing first, it is very easy to install. I know Puppet now offers repositories and it's probably as easy, but Salt is just a package with a couple of dependencies. Actually to achieve the same tasks you have to have Puppet and Mcollective, which are still two distinct products. Salt does the job from one package.

Then, it's based on Python, YAML and Jinja.

The documentation is very good, and the community very active (got answers within 30 seconds in #salt on Freenode).

The last thing I like : minions keep a constant connection to the master. You can push  changes to minions immediately. I attended the Puppet Fundamentals training late last year and asked about a "push" of changes instead of a "pull". It seems like there's a solution but the trainer couldn't get it working.

One thing they could improve is the frontpage of their site. When you go to you are redirected to instead of which explains what the product does.

Installation (RHEL):


yum --enablerepo=epel install salt-master

Edit /etc/salt/master:

    - /srv/salt
    - /srv/salt/dev
  - /srv/salt/prd

  - /srv/pillar

Restart the service:

service salt-master restart


yum --enablerepo install salt-minion

Edit /etc/salt/minion:


Restart the service:

service salt-minion restart

Now you should see a pending key with "salt-key". See "salt-key -h" for more info.

Basically, modules are called "states".

Pillars are kind of variables you can use in your files.

This is the content of /srv on my master :


I have 5 environments :

- sandbox : where I develop states
- dev : development servers
- acc : staging servers
- prd : production servers
- common : states common to all environments (sshd, snmpd, etc.)

If you look in /etc/salt/master, you'll see there's a "base" environment. This is where your top.sls (the key component of your salt architecture) will reside :

# cat /srv/salt/top.sls
    - packages
    - users
    - groups
    - files
    - sudo

    - dev

    - acc

    - prd

    - motd
    - apache
    - ntpd
    - snmpd
    - sshd

You can see I started working with Salt only a couple of days ago. My states are still in the "sandbox" environment.

How you can push states to minions :

salt '*' state.highstate


    - convention-os


    {% if grains['os_family'] == 'RedHat' %}
      apache: httpd
      snmpd: net-snmp
      vim: vim-enhanced
    {% elif grains['os_family'] == 'Debian' %}
      apache: apache2
      snmpd: snmpd
      vim: vim
    {% endif %}
    {% if grains['os_family'] == 'RedHat' %}
      apache: httpd
      ntpd: ntpd
      sshd: sshd
    {% elif grains['os_family'] == 'Debian' %}
      apache: apache2
      ntpd: ntp
      sshd: ssh
    {% endif %}

States can be named this way /srv/salt/env/motd.sls or /srv/salt/env/motd/init.sls I tend to prefer the later.

Here's an example of state calling pillars :

    - installed
    - name: {{ pillar['convention-os']['pkg']['apache'] }}
    - running
    - name: {{ pillar['convention-os']['service']['apache'] }}

This is a pretty rough post, sorry about that. I just wanted to spread the word about Salt and hope you'll consider joining in.