Salt: a manager for IT systems

Publié le ven. 03 août 2012 par Gaston Tjebbes
Translations: fr


Salt is a configuration management tool for infrastructures programmed with the Python language.

Its functionality is based on two services:

  • salt-master (server)
  • salt-minion (agent)

All along this article, we shall refer to a simple configuration with two systems:

hostname role IP address
captain master salt
seaman minion salt

Install on Debian

Installing is dramatically simple, Salt being packaged. Run:

  • on Master (captain):
captain:~$ apt-get install salt-master
  • on any Minion(s) (seaman here):
seaman:~$ apt-get install salt-minion

Communication between Master and Minion


Communication uses a key system (and is crypted with md5 by default). The ZeroMQ library is used for the network stack.


The Minion recognizes the Master by name (by default salt) or its IP address so as to accept instructions.

The Master indentifies the Minion by its hostname.

It is then possible to target Minions by criteria (OS, regexp, cpuarch…), allowing to select the machines to which instructions are going to be sent.

Minimal configuration

On the Minion

Configuration of the master's IP address in /etc/salt/minion:


Restarting service :

captain:~$ service salt-master restart

On the Master

Configuration of the listening interface /etc/salt/master :


Restarting service :

captain:~$ service salt-master restart

List available keys :

captain:~$ salt-key -L

The Minion's hostname should show up. Validating the key:

captain:~$ salt-key -a <hostname>  #(or salt-key -A -simpler)

Once the key has been validated, the first instructions can be ran through the salt command.

captain:~$ salt '*'
captain:~$ salt '*' "touch /tmp/somefile"
captain:~$ salt '*' cmd_exec python "import sys; print sys.version"

State files

As state files represent what a server should be, they make salt a configuration management system. Correlated state can be defined (a service should be active once the package is installed).

By default, these files live in /srv/salt/.

Default syntax is Yaml together with jinja templating, but other file formats are available, and you can even design your own.

Basic example

We want to install Apache on all the Debian and Fedora of our infrastructure. Creation of /srv/salt/top.sls:

         - webserver
        - webserver

Here, OS is used as installation condition: let's create a webserver.sls file:

      {% if grains['os'] == 'Fedora' %}
          - name: httpd
      {% elif grains['os'] == 'Debian' %}
          - name: apache2
      {% endif %}
          {% if grains['os'] == 'Fedora' %}
          - name: httpd
          {% elif grains['os'] == 'Debian' %}
          - name: apache2
          {% endif %}
          - require:
            - pkg: apache

All that is left to do is run:

captain:~$ salt '*' state.highstate

What is left to explore

  • modules (apache, pkg, libvirt, mysql, ...) summoned from the salt command.
  • state modules that will allow templating configuration files.