SaltStack
   HOME

TheInfoList



Click Here for Items Related To - SaltStack
OR:
SaltStack on:   [Wikipedia]   [Google]   [Amazon]

Salt or SaltStack is an infrastructure as code software tool for
configuration management Configuration management (CM) is a management process for establishing and maintaining consistency of a product's performance, functional, and physical attributes with its requirements, design, and operational information throughout its life. ...
. It is written in Python and published under the
Apache License The Apache License is a permissive free software license written by the Apache Software Foundation (ASF). It allows users to use the software for any purpose, to distribute it, to modify it, and to distribute modified versions of the software ...
2.0.


History

Salt originated from the need for high-speed data collection and task execution for data center systems administrators managing massive infrastructure scale and resulting complexity. The author of Salt, Thomas S. Hatch, had previously created several utilities for IT teams to solve the problem of systems management at scale, but found these and other open source solutions to be lacking. Hatch decided to use the
ZeroMQ ZeroMQ (also spelled ØMQ, 0MQ or ZMQ) is an asynchronous messaging library, aimed at use in distributed or concurrent applications. It provides a message queue, but unlike message-oriented middleware, a ZeroMQ system can run without a dedicated ...
messaging library to facilitate the high-speed requirements and built Salt using ZeroMQ for all networking layers. In late May 2011 initial progress was made toward the delivery of configuration management built on the Salt remote execution engine. This configuration management system stores all configuration (state) data inside an easily understood data structure that leverages
YAML YAML ( ) is a human-readable data serialization language. It is commonly used for configuration files and in applications where data is being stored or transmitted. YAML targets many of the same communications applications as Extensible Marku ...
. While experimental functionality of the Salt State system was available in May 2011, it was not considered stable until the release of Salt 0.9.3 in November 2011. The Salt 0.14.0 release introduced an advanced cloud control system making private and public cloud VMs directly manageable with Salt. The Salt Cloud function allows for provisioning of any hybrid cloud host, then exposes Salt remote execution, configuration management, and event-driven automation capabilities to the newly provisioned hybrid cloud systems. New virtual machines and cloud instances are automatically connected to a Salt Master after creation. Salt Cloud supports 25 public and private cloud systems including AWS,
Azure Azure may refer to: Color * Azure (color), a hue of blue ** Azure (heraldry) ** Shades of azure, shades and variations Arts and media * ''Azure'' (Art Farmer and Fritz Pauer album), 1987 * Azure (Gary Peacock and Marilyn Crispell album), 2013 * ...
, VMware,
IBM Cloud IBM Cloud (formerly known as Bluemix) is a set of cloud computing services for business offered by the information technology company IBM. Services As of 2021, IBM Cloud contains more than 170 services including compute, storage, networkin ...
, and
OpenStack OpenStack is a free, open standard cloud computing platform. It is mostly deployed as infrastructure-as-a-service (IaaS) in both public and private clouds where virtual servers and other resources are made available to users. The software pla ...
. Salt Cloud provides an interface for Salt to interact with cloud hosts and the cloud’s functionality such as DNS, storage, load balancers, etc. In September 2020, VMware acquired SaltStack.


Design

The module design of Salt creates Python modules that handle certain aspects of the available Salt systems. These modules allow for the interactions within Salt to be detached and modified to suit the needs of a developer or system administrator. The Salt system maintains many module types to manage specific actions. Modules can be added to any of the systems that support dynamic modules. These modules manage all the remote execution and state management behavior of Salt. The modules can be separated into six groups: * ''Execution modules'' are the workhorse for Salt's functionality. They represent the functions available for direct execution from the remote execution engine. These modules contain the specific cross platform information used by Salt to manage portability, and constitute the core API of system level functions used by Salt systems. * ''State modules'' are the components that make up the backend for the Salt configuration management system. These modules execute the code needed to enforce, set up or change the configuration of a target system. Like other modules, more states become available when they are added to the states modules. * ''Grains'' are a system for detecting static information about a system and storing it in RAM for rapid gathering. * ''Renderer modules'' are used to render the information passed to the Salt state system. The renderer system is what makes it possible to represent Salt's configuration management data in any serializable format. * ''Returners'': the remote execution calls made by Salt are detached from the calling system; this allows the return information generated by the remote execution to be returned to an arbitrary location. Management of arbitrary return locations is managed by the Returner Modules. * ''Runners'' are master side convenience applications executed by the salt-run command.


Security

In April 2020,
F-Secure F-Secure Corporation is a global cyber security and privacy company, which has its headquarters in Helsinki, Finland. The company has offices in Denmark, Finland, France, Germany, India, Italy, Japan, Malaysia, Netherlands, Norway, Poland, Swed ...
revealed two high severity RCE (Remote Code Execution) vulnerabilities, identified a
CVE-2020-11651
an
CVE-2020-11652
with
CVSS The Common Vulnerability Scoring System (CVSS) is a technical standard for assessing the severity of vulnerabilities in computing systems. Scores are calculated based on a formula with several metrics that approximate ease and impact of an exploi ...
score reaching as high as 10. These critical vulnerabilities were found within Salt's default communication channel
ZeroMQ ZeroMQ (also spelled ØMQ, 0MQ or ZMQ) is an asynchronous messaging library, aimed at use in distributed or concurrent applications. It provides a message queue, but unlike message-oriented middleware, a ZeroMQ system can run without a dedicated ...
, and the initial research discovered 6000 vulnerable Salt servers. Salt organization was notified before F-Secure's public announcement, and Salt soon released the patch in its updated releases: 2019.2.4 and 3000.2.


See also

*
Comparison of open-source configuration management software This is a comparison of notable free and open-source configuration management software, suitable for tasks like server configuration, orchestration and infrastructure as code typically performed by a system administrator. Basic properties ...


References


External links

* {{Official website Configuration management Orchestration software Free software programmed in Python Virtualization software for Linux Software using the Apache license