Salt (software)


Salt is Python-based, open-source software for event-driven IT automation, remote task execution, and configuration management. Supporting the "Infrastructure as Code" approach to data center system and network deployment and management, configuration automation, SecOps orchestration, vulnerability remediation, and hybrid cloud control.

History of the Salt open source automation engine

Remote execution

Salt originated from the need for high-speed data collection and task execution for data center systems administrators managing massive infrastructure scale and resulting complexity. The author of Salt, Thomas S. Hatch, had previously created several utilities for IT teams to solve the problem of systems management at scale, but found these and other open source solutions to be lacking. Hatch decided to use the ZeroMQ messaging library to facilitate the high-speed requirements and built Salt using ZeroMQ for all networking layers.

Configuration management

In late May 2011 initial progress was made toward the delivery of configuration management built on the Salt remote execution engine. This configuration management system stores all configuration data inside an easily understood data structure that leverages YAML. While experimental functionality of the Salt State system was available in May 2011, it was not considered stable until the release of Salt 0.9.3 in November 2011.

Cloud control

The Salt 0.14.0 release introduced an advanced cloud control system making private and public cloud VMs directly manageable with Salt. The Salt Cloud function allows for provisioning of any hybrid cloud host, then exposes Salt remote execution, configuration management, and event-driven automation capabilities to the newly provisioned hybrid cloud systems. New virtual machines and cloud instances are automatically connected to a Salt Master after creation.
Salt Cloud supports 25 public and private cloud systems including AWS, Azure, VMware, IBM Cloud, and OpenStack. Salt Cloud provides an interface for Salt to interact with cloud hosts and the cloud’s functionality such as DNS, storage, load balancers, etc.

Salt architectural design

Salt was designed to be highly modular and easily extensible, to make it easy to mold to diverse enterprise IT use cases.
The module design of Salt creates Python modules that handle certain aspects of the available Salt systems. These modules allow for the interactions within Salt to be detached and modified to suit the needs of a developer or system administrator.

Module types

The Salt system maintains many module types to manage specific actions. Modules can be added to any of the systems that support dynamic modules. These modules manage all the remote execution and state management behavior of Salt. The modules can be separated into six groups:
In April 2020, F-Secure revealed two high severity RCE vulnerabilities, identified as and , with CVSS score reaching as high as 10. These critical vulnerabilities were found within Salt's default communication channel ZeroMQ, and the initial research discovered 6000 vulnerable Salt servers. Salt organization was notified before F-Secure's public announcement, and Salt soon released the patch in its updated releases: 2019.2.4 and 3000.2.