Configuration Management with SaltStack

At Hendrikx ITC we have been using SaltStack for our configuration management needs for over 9 years.

Because SaltStack was recently in the news because of an acquisition by VMWare, I got the idea to explain again why it can be useful to use a configuration management system, and in particular SaltStack.

What Is Configuration Management

Configuration management is a process for obtaining and maintaining consistency between the intended and actual operation of a system over its lifetime. This involves having a unified source of configuration, which is always considered to be leading for the system (Single Source of Truth).

In IT, in most cases a high degree of automation is involved, because it is cost effective and reduces the risk of errors.

Why Configuration Management

Configuration management can be seen as disproportionate when, for example, you only have to manage one server on which only a few people depend. As soon as more servers or systems are involved and more people depend on them, you want to have more control over the configuration of the system. Some concrete reasons:

The configuration of a system must be reproducible. So if you have to set up the same system again, it must be clearly defined how this is to be done.

If you want to see what the specific properties of a system are, it must be possible to do so at a glance. This is important for security audits, for example. For tracing the cause of failures, it is very powerful to be able to view the historical course of the configuration. This is easily achieved by recording and managing the configuration in a version control system

Why SaltStack

For all our configuration management work we use SaltStack in combination with Git for version control. We have chosen for this after having used CFEngine for several years. The features of SaltStack that make us still prefer it after 8 years:

Open Source. Now many of the popular configuration management systems are open source, but I still think it’s an important feature.

Speed. Partly because of an efficient messaging protocol between the Salt master and its so-called minions, SaltStack is very fast.

Scalability. Because the Salt minions do the bulk of the work, the work is distributed and therefore the system is very scalable.

Readability of the configuration. As is the case with code, the configuration of a system is read more often than written. So, then it is also very important that the result of the configuration description is quickly clear. Because they chose a YAML-based, declarative language for SaltStack, this is very pleasant to read.

Templating. Because SaltStack provides an elegant separation between configuration description and configuration parameters, together with the use of templates, it creates a very powerful mechanism for describing a system. Variations of a configuration description can thus be expressed with simple parameters.

How does SaltStack work

IT Solutions Tilburg – saltstack blog

A SaltStack configuration normally consists of a Salt Master and a series of agents Salt Minions installed on all the systems you want to manage. After a Minion is registered with the Master, the Minion will be included in the configuration management process. All configuration that applies to the system the Minion is installed on will be applied when the `highstate` command is given to the Minions. The highstate command involves: Bring the specified Minions to the described state. SaltStack will report after executing the command whether it was successful, and what the applied modifications are.

As mentioned earlier, the configuration is determined by a combination of ‘state’ (configuration description in SaltStack terminology) and ‘pillar’ data (a type of parameters in SaltStack terminology), both of which are supplied to the Minion by the Master.

Through the Jinja templating mechanism all kinds of constructions can be made within the state, using the pillar data. For example, conditional elements are possible and loops over lists of parameters (e.g., users) from the pillar data.


This blog is not the place to go into all the details of SaltStack, but I hope that people will be more inclined to start looking at the

use of configuration management systems like SaltStack. After all, it provides you with a very clear understanding of the current state and history of your systems in all kinds of situations.