Salt (software)

Last updated
Original author(s) Thomas S Hatch
Developer(s) VMware
Initial release19 March 2011;13 years ago (2011-03-19)
Stable release
3006.6 / 31 January 2024;54 days ago (2024-01-31) [1]
Repository
Written in Python
Operating system Unix-like, macOS, Microsoft Windows
Type Configuration management and Infrastructure as Code
License Apache License 2.0
Website saltproject.io   OOjs UI icon edit-ltr-progressive.svg

Salt (sometimes referred to as SaltStack) is a Python-based, open-source software for event-driven IT automation, remote task execution, and configuration management. Supporting the "infrastructure as code" approach to data center system and network deployment and management, configuration automation, SecOps orchestration, vulnerability remediation, and hybrid cloud control.

Contents

History

Salt originated from the need for high-speed data collection and task execution for data center systems administrators managing massive infrastructure scale and resulting complexity. The author of Salt, Thomas S. Hatch, had previously created several utilities for IT teams to solve the problem of systems management at scale, but found these and other open source solutions to be lacking. [2] Hatch decided to use the ZeroMQ messaging library to facilitate the high-speed requirements and built Salt using ZeroMQ for all networking layers.

In late May 2011 initial progress was made toward the delivery of configuration management built on the Salt remote execution engine. [3] This configuration management system stores all configuration (state) data inside an easily understood data structure that leverages YAML. While experimental functionality of the Salt State system was available in May 2011, it was not considered stable until the release of Salt 0.9.3 in November 2011. [4]

The Salt 0.14.0 release introduced an advanced cloud control system making private and public cloud VMs directly manageable with Salt. The Salt Cloud function allows for provisioning of any hybrid cloud host, then exposes Salt remote execution, configuration management, and event-driven automation capabilities to the newly provisioned hybrid cloud systems. New virtual machines and cloud instances are automatically connected to a Salt Master after creation.

Salt Cloud supports 25 public and private cloud systems including AWS, Azure, VMware, IBM Cloud, and OpenStack. Salt Cloud provides an interface for Salt to interact with cloud hosts and the cloud’s functionality such as DNS, storage, load balancers, etc.

In September 2020, VMware acquired SaltStack. [5] [6]

Design

Salt was designed to be highly modular and easily extensible, to make it easy to mold to diverse enterprise IT use cases. [7]

The module design of Salt creates Python modules that handle certain aspects of the available Salt systems. These modules allow for the interactions within Salt to be detached and modified to suit the needs of a developer or system administrator.

The Salt system maintains many module types to manage specific actions. Modules can be added to any of the systems that support dynamic modules. These modules manage all the remote execution and state management behavior of Salt. The modules can be separated into six groups:

Vulnerabilities

In April 2020, F-Secure revealed two high severity RCE (Remote Code Execution) vulnerabilities, identified as CVE-2020-11651 and CVE-2020-11652, with CVSS score reaching as high as 10. These critical vulnerabilities were found within Salt's default communication channel ZeroMQ, and the initial research discovered 6000 vulnerable Salt servers. Salt organization was notified before F-Secure's public announcement, and Salt soon released the patch in its updated releases: 2019.2.4 and 3000.2. [13]

See also

Related Research Articles

<span class="mw-page-title-main">VMware</span> Multi-cloud service provider for all apps

VMware LLC is an American cloud computing and virtualization technology company with headquarters in Palo Alto, California. VMware was the first commercially successful company to virtualize the x86 architecture.

<span class="mw-page-title-main">Trusted Platform Module</span> Standard for secure cryptoprocessors

Trusted Platform Module (TPM) is an international standard for a secure cryptoprocessor, a dedicated microcontroller designed to secure hardware through integrated cryptographic keys. The term can also refer to a chip conforming to the standard ISO/IEC 11889.

Desktop virtualization is a software technology that separates the desktop environment and associated application software from the physical client device that is used to access it.


This is a comparison of notable free and open-source configuration management software, suitable for tasks like server configuration, orchestration and infrastructure as code typically performed by a system administrator.

<span class="mw-page-title-main">Intel Active Management Technology</span> Out-of-band management platform by Intel

Intel Active Management Technology (AMT) is hardware and firmware for remote out-of-band management of select business computers, running on the Intel Management Engine, a microprocessor subsystem not exposed to the user, intended for monitoring, maintenance, updating, and repairing systems. Out-of-band (OOB) or hardware-based management is different from software-based management and software management agents.

VMware Infrastructure is a collection of virtualization products from VMware. Virtualization is an abstraction layer that decouples hardware from operating systems. The VMware Infrastructure suite allows enterprises to optimize and manage their IT infrastructure through virtualization as an integrated offering. The core product families are vSphere, vSAN and NSX for on-premises virtualization. VMware Cloud Foundation (VCF) is an infrastructure platform for hybrid cloud management. The VMware Infrastructure suite is designed to span a large range of deployment types to provide maximum flexibility and scalability.

<span class="mw-page-title-main">Puppet (software)</span> Open source configuration management software

Puppet is a software configuration management tool which includes its own declarative language to describe system configuration. It is produced by Puppet Inc., founded by Luke Kanies in 2005. Its primary product, Puppet Enterprise, is a proprietary and closed-source version of its open-source Puppet software. They use Puppet's declarative language to manage stages of the IT infrastructure lifecycle, including the provisioning, patching, configuration, and management of operating system and application components in data centers and cloud infrastructures.

<span class="mw-page-title-main">Bitnami</span> Software library

Bitnami is a library of installers or software packages for web applications and software stacks as well as virtual appliances. Bitnami is sponsored by Bitrock, a company founded in 2003 in Seville, Spain by Daniel Lopez Ridruejo and Erica Brescia. Bitnami stacks are used for installing software on Linux, Windows, Mac OS X and Solaris. VMware acquired Bitrock, along with its two largest properties, Bitnami and InstallBuilder, on May 15, 2019.

Eucalyptus is a paid and open-source computer software for building Amazon Web Services (AWS)-compatible private and hybrid cloud computing environments, originally developed by the company Eucalyptus Systems. Eucalyptus is an acronym for Elastic Utility Computing Architecture for Linking Your Programs To Useful Systems. Eucalyptus enables pooling compute, storage, and network resources that can be dynamically scaled up or down as application workloads change. Mårten Mickos was the CEO of Eucalyptus. In September 2014, Eucalyptus was acquired by Hewlett-Packard and then maintained by DXC Technology. After DXC stopped developing the product in late 2017, AppScale Systems forked the code and started supporting Eucalyptus customers.

Greenqloud is a cloud computing software company with headquarters in Reykjavik, Iceland, and office in Seattle, Washington, offering cloud computing software and services. Greenqloud develops and sells the cloud and infrastructure management software Qstack for the global market.

In computer security, virtual machine escape is the process of a program breaking out of the virtual machine on which it is running and interacting with the host operating system. A virtual machine is a "completely isolated guest operating system installation within a normal host operating system". In 2008, a vulnerability in VMware discovered by Core Security Technologies made VM escape possible on VMware Workstation 6.0.2 and 5.5.4. A fully working exploit labeled Cloudburst was developed by Immunity Inc. for Immunity CANVAS. Cloudburst was presented in Black Hat USA 2009.

Ansible is a suite of software tools that enables infrastructure as code. It is open-source and the suite includes software provisioning, configuration management, and application deployment functionality.

HP ConvergedSystem is a portfolio of system-based products from Hewlett-Packard (HP) that integrates preconfigured IT components into systems for virtualization, cloud computing, big data, collaboration, converged management, and client virtualization. Composed of servers, storage, networking, and integrated software and services, the systems are designed to address the cost and complexity of data center operations and maintenance by pulling the IT components together into a single resource pool so they are easier to manage and faster to deploy. Where previously it would take three to six months from the time of order to get a system up and running, it now reportedly takes as few as 20 days with the HP ConvergedSystem.

HP CloudSystem is a cloud infrastructure from Hewlett Packard Enterprise (HPE) that combines storage, servers, networking and software.

<span class="mw-page-title-main">BOSH (software)</span>

BOSH is an open-source software project that offers a toolchain for release engineering, software deployment and application lifecycle management of large-scale distributed services. The toolchain is made up of a server and a command line tool. BOSH is typically used to package, deploy and manage cloud software. While BOSH was initially developed by VMware in 2010 to deploy Cloud Foundry PaaS, it can be used to deploy other software. BOSH is designed to manage the whole lifecycle of large distributed systems.

Infrastructure as code (IaC) is the process of managing and provisioning computer data center resources through machine-readable definition files, rather than physical hardware configuration or interactive configuration tools. The IT infrastructure managed by this process comprises both physical equipment, such as bare-metal servers, as well as virtual machines, and associated configuration resources. The definitions may be in a version control system, rather than maintaining the code through manual processes. The code in the definition files may use either scripts or declarative definitions, but IaC more often employs declarative approaches.

Virtuozzo is a software company that develops virtualization and cloud management software for cloud computing providers, managed services providers and internet hosting service providers. The company's software enables service providers to offer Infrastructure as a service, Container-as-a-Service, Platform as a service, Kubernetes-as-a-Service, WordPress-as-a-Service and other solutions.

<span class="mw-page-title-main">CloudBolt</span> American software developer of cloud management platform

CloudBolt is a hybrid cloud management platform developed by CloudBolt Software for deploying and managing virtual machines (VMs), applications, and other IT resources, both in public clouds and in private data centers.

<span class="mw-page-title-main">Home Assistant</span> Home automation software

Home Assistant is free and open-source software for home automation, designed to be an Internet of things (IoT) ecosystem-independent integration platform and central control system for smart home devices, with a focus on local control and privacy. It can be accessed through a web-based user interface, by using companion apps for Android and iOS, or by voice commands via a supported virtual assistant, such as Google Assistant or Amazon Alexa, and their own "Assist".

Pentera is a cybersecurity software company, specializing in automated security validation solutions. Originally founded as Pcysys in 2015, the company later rebranded as Pentera in 2021. The company is led by Amitai Ratzon (CEO) and Dr. Arik Liberzon. Pentera has entities in the US, Germany, UK, Israel, Dubai, and Singapore.

References

  1. "Releases - saltstack/salt" . Retrieved 2024-01-31 via GitHub.
  2. "FLOSS Weekly 191: Salt". TwitTV. Retrieved 2020-01-13.
  3. "red45.wordpress.com salt configuration management". red45.wordpress.com. Retrieved May 29, 2011.
  4. "Salt Release Notes - 0.9.3". saltstack. Retrieved Nov 6, 2011.
  5. "Intent to Acquire SaltStack" . Retrieved 2020-09-29.
  6. Gagliordi, Natalie. "VMware to acquire automation software provider SaltStack". ZDNet. Retrieved 2020-10-01.
  7. "FLOSS Weekly 191: Salt". TwitTV. Retrieved 2020-01-13.
  8. "Writing Execution Modules". SaltStack. Retrieved 2020-01-13.
  9. "Salt Module Reference". SaltStack. Retrieved 2020-01-13.
  10. "Renderers". SaltStack. Retrieved 2020-01-13.
  11. "Returners". SaltStack. Retrieved 2020-01-13.
  12. "Runners". SaltStack. Retrieved 2020-01-13.
  13. "Critical SaltStack Vulnerability Provides Root Access to Cyberattacker". Hack Reports. 2020-05-05. Retrieved 2020-05-18.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.