Which Configuration Management (CM) Tool to Use? Focus on SaltStack

The widespread cloud migration of the past decade, and the attendant proliferation of VMs and containers, has made managing machines more complex than ever. DevOps professionals now have to run hundreds if not thousands of machines at once. To help them do their job, Configuration Management (CM) tools have been created. Through a process known as infrastructure as code (IaC) – where an IT environment is declared via a programming language – these allow DevOps teams to keep visibility into their server fleet, and deploy and take action at a mass scale. CM tools facilitate the execution of tasks on multiple servers at once, and one-click app deployment.

When it comes to mass deployment and CM, there are four big software players: Puppet, Ansible, Saltstack, and Chef. KernelCare can be deployed via any of these tools. SaltStack is a popular option, with unique pros and cons. Here is everything you need to know.

The Good: Highly scalable, easy to get going

First released in 2011, SaltStack was originally designed to allow rapid, low-latency remote execution communications within SysAdmin environments. Like Ansible, SaltStack was built partly as an alternative to the CM hegemony of Puppet and Chef. Also like Ansible, the platform is written not in Ruby, but Python. (Great news for Unix and Linux deployments.) And also like Ansible, SaltStack uses the push model for executing commands via the SSH protocol. Utilising the ZeroMq messaging library at the transport layer, SaltStack commands a master server, and agents called “minions”, to control and communicate with the target servers.

All of this adds up to SaltStack’s main plus point, which is its ease-of-use and its scalability. SaltStack allows for parallel execution of multiple commands (encrypted via AES), and facilitates both vertical and horizontal scaling. The DSL (domain-specific language) is feature-rich but not compulsory and easy to get to grips with. As with Ansible, users can script using YAML templates based on an imperative programming paradigm, meaning consistent input, output and configs. Arranging multiple levels of masters in a tiered arrangement allows you to distribute load easily, and the grouping of clients and configuration templates simplifies environmental control.

SaltStack’s learning curve is flat (especially compared to Chef), and you don’t need too much programming savvy to get it off the ground. The program can accommodate any language to render configurations, and it is open source, meaning it is easily customized. Introspection is easy; it’s always straightforward to see what’s going on, which is something that can’t be said of other CMs.  

The Bad: Linux-centric, less robust than some

SaltStack is lightweight, manageable and scalable. The tradeoff with this is that the platform is not as robust or mature as Puppet or Chef. The web UI provides limited capabilities and features, and the documentation is a little scattered and challenging to review. Many think that SaltStack’s minions are not as efficient as agent-less communication for small-scale deployments. The support is not nearly as developed as with the bigger platforms, especially for non-Linux OSs.

Overall

SaltStack lacks the advantages of bigger, more developed CM platforms. There are still a few kinks with its build and UI. But it is easy to get to grips with, and is a good choice for companies with limited programming resources. If your priorities are scalability and resiliency, you should consider SaltStack. And thanks to its original design scope, the platform is particularly well-suited to SysAdmins. 

Read more solution overviews by KernelCare team here:

1. Which Configuration Management Tool Should I Use? Spotlight on Chef
2. Which Configuration Management (CM) Tool to Use? Focus on Ansible
3. Which Configuration Management Tool Should I Use? Spotlight on Puppet
4. Which Vulnerability Management Solution to Choose? Focus on Qualys
5. Which Vulnerability Management Solution to Choose? Focus on Rapid7