Salt (software)

Salt (sometimes referred to as SaltStack) is a Python-based, open-source software for event-driven IT automation, remote task execution, and configuration management. Supporting the "infrastructure as code" approach to data center system and network deployment and management, configuration automation, SecOps orchestration, vulnerability remediation, and hybrid cloud control.

History
Salt originated from the need for high-speed data collection and task execution for data center systems administrators managing massive infrastructure scale and resulting complexity. The author of Salt, Thomas S. Hatch, had previously created several utilities for IT teams to solve the problem of systems management at scale, but found these and other open source solutions to be lacking. Hatch decided to use the ZeroMQ messaging library to facilitate the high-speed requirements and built Salt using ZeroMQ for all networking layers.

In late May 2011 initial progress was made toward the delivery of configuration management built on the Salt remote execution engine. This configuration management system stores all configuration (state) data inside an easily understood data structure that leverages YAML. While experimental functionality of the Salt State system was available in May 2011, it was not considered stable until the release of Salt 0.9.3 in November 2011.

The Salt 0.14.0 release introduced an advanced cloud control system making private and public cloud VMs directly manageable with Salt. The Salt Cloud function allows for provisioning of any hybrid cloud host, then exposes Salt remote execution, configuration management, and event-driven automation capabilities to the newly provisioned hybrid cloud systems. New virtual machines and cloud instances are automatically connected to a Salt Master after creation.

Salt Cloud supports 25 public and private cloud systems including AWS, Azure, VMware, IBM Cloud, and OpenStack. Salt Cloud provides an interface for Salt to interact with cloud hosts and the cloud’s functionality such as DNS, storage, load balancers, etc.

In September 2020, VMware acquired SaltStack.

Design
Salt was designed to be highly modular and easily extensible, to make it easy to mold to diverse enterprise IT use cases.

The module design of Salt creates Python modules that handle certain aspects of the available Salt systems. These modules allow for the interactions within Salt to be detached and modified to suit the needs of a developer or system administrator.

The Salt system maintains many module types to manage specific actions. Modules can be added to any of the systems that support dynamic modules. These modules manage all the remote execution and state management behavior of Salt. The modules can be separated into six groups:


 * Execution modules are the workhorse for Salt's functionality. They represent the functions available for direct execution from the remote execution engine. These modules contain the specific cross platform information used by Salt to manage portability, and constitute the core API of system level functions used by Salt systems.
 * State modules are the components that make up the backend for the Salt configuration management system. These modules execute the code needed to enforce, set up or change the configuration of a target system. Like other modules, more states become available when they are added to the states modules.
 * Grains are a system for detecting static information about a system and storing it in RAM for rapid gathering.
 * Renderer modules are used to render the information passed to the Salt state system. The renderer system is what makes it possible to represent Salt's configuration management data in any serializable format.
 * Returners: the remote execution calls made by Salt are detached from the calling system; this allows the return information generated by the remote execution to be returned to an arbitrary location. Management of arbitrary return locations is managed by the Returner Modules.
 * Runners are master side convenience applications executed by the salt-run command.

Vulnerabilities
In April 2020, F-Secure revealed two high severity RCE (Remote Code Execution) vulnerabilities, identified as CVE-2020-11651 and CVE-2020-11652, with CVSS score reaching as high as 10. These critical vulnerabilities were found within Salt's default communication channel ZeroMQ, and the initial research discovered 6000 vulnerable Salt servers. Salt organization was notified before F-Secure's public announcement, and Salt soon released the patch in its updated releases: 2019.2.4 and 3000.2.