In October 2020 VMware acquired SaltStack that is the company behind Salt: a leading open source project on GitHub with 3K+ members, 10K+ users. The model adopted by SaltStack was based on building adjacent products to the Salt OSS, they provided 3 commercial offerings around Salt: SaltStack Enterprise, SaltStack Comply and SaltStack Protect covering three key use cases: SW Config Management, Network Automation (NetAuto) and Security Operations (SecOps). This commercial offerings is now merged into VMware vRealize Automation with the name vRealize Automation (vRA) SaltStack Config.
But I am not here to talk about merger & acquisition, this is the first entry of a series of posts aimed to share my adventure with vRA SaltStack Config and Salt with anyone interested. This issue is about Salt OSS and vRA SaltStack Config architecture.
Salt OSS Architecture
Salt uses a publisher-subscriber model. The master publishes jobs that need to be executed and minions subscribe to those jobs. When a specific job applies to that minion, it will execute the job. In the Salt ecosystem, the Salt Master is a server that is running the salt-master service. It issues commands to one or more Salt Minions, which are servers under management running the salt-minion service and that are registered with that particular Salt Master. When a minion finishes executing a job, it sends job return data back to the master.
Salt has two ports used by default for the Minions to communicate with their master(s). These ports work in concert to receive and deliver data to the Message Bus. Salt’s message bus is ZeroMQ, which creates an asynchronous network topology to provide the fastest communication possible. Minions always initiates the connection to the Masters, they communicate to master’s default on ports 4505 and 4506 and these ports can be modified through configuration.
In addition of having the salt-minion service on the managed machines, Minions can be agentless managed through SSH/WinRM protocols and managed through a Proxy Agent.
Salt OSS can be installed on a variety of operating systems and yes, it supports Windows Minions. Here you can find the list of supported platforms.
vRA SaltStack Config Architecture
vRA SaltStack Config is made up of the components in the list below:
- RaaS (Returner as a Service): it is the central component in vRA SaltStack Config. It provides RPC endpoints to receive management commands from the vRA SaltStack Config user interface, as well as RPC control endpoints to interface with connected masters. All communication is sent using RPC API calls over WebSockets or HTTP(s).
- Enterprise Console: is a web application that provides the graphical user interface front end for RaaS. Though vRA SaltStack Config is API-first, the user interface interfaces directly with the API (RaaS) to enable simple management of all systems in your environment. The great news for VMware customers is that the UI is already based on our beloved Clarity.
- PostgreSQL Database: RaaS uses a PostgreSQL database to store minion data, job returns, event data, files and pillar data, local user accounts, as well as additional settings for the user interface.
- Redis Database: RaaS uses a Redis database to store certain types of data in temporary storage, such as cached data. It also uses temporary data storage to distribute queued work to background workers.
- Master Plugin: You can connect more than one Salt Master to vRA SaltStack Config. Each Master that connects to vRA SaltStack Config needs to have the Master Plugin installed. It allows the Master to communicate with the vRA SaltStack Config backend server, the RaaS node.
In small/evaluation environments (less than 1000 Minions) all vRA SaltStack Config components can be installed on a single server (single-node installation scenario), while in large/productive environments they can be distributed on multiple servers (multiple-nodes installation scenario). The following table shows the network connectivity requirements.
| Target | Port | Source | Purpose |
| vRA Config Server | 22,443 | Users | SSH, UI Access |
| Master | 22 | Administrators | SSH Access |
| vRA Config Server | 443 | Master | Info Exchange |
| vRA Config, Master | 4505, 4506 | Minions | ZeroMQ |
| repo.saltstack.com | 443 | All Servers | Access to repo of packages for installation |
| training.saltstack.com | 443 | vRA Config, Master | Location of downloadable installation media for vRA Config |
Supported Operating Systems for vRA SaltStack Config are:
- RHEL 7.4 or higher (recommended)
- CentOS 7 (recommended)
- Oracle Linux 7
- SLES 12, 15
You can find capacity requirements (CPU, Memory and Disk Space) for both single-node and multiple-node installations in this section of the documentation.
To wrap up: Salt architecture is super simple and super scalable (and people love it). vRA SaltStack Config architecture is sound and lays its foundation on proven open source bits. In the next post I’ll go through the installation process.