Saltstack is complicated and beautiful - a rare combination
August 05, 2016

Saltstack is complicated and beautiful - a rare combination

Anonymous | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User

Software Version

SaltStack (legacy)

Overall Satisfaction with VMware vRealize Automation, with SaltStack Config

We use Saltstack to manage ~400 remote nodes, and ~35 server nodes. It handles configuration management, rapid deploys, rapid updates of security vulnerabilities, and targeted data acquisition.
  • Targeting is easy and yet extremely granular - I can target machines by name, role, operating system, init system, distro, regex, or any combination of the above.
  • Abstraction of OS, package manager and package details is far advanced beyond any other CRM I have seen. The ability to set one configuration for a package across multiple distros, and have it apply correctly no matter the distrospecific naming convention or package installation procedure, is amazing.
  • Abstraction of environments is similarly valuable - I can set a firewall rule to allow ssh from "management", and have that be defined as a specific IP range per dev, test, and prod.
  • Saltstack could use more intermediate-level documentation and tutorials. Most of the information out there tends to leap from "install apache" (the "hello world" of configuration management) straight to the most complex scenarios.
  • Similarly, more outreach to a wider audience would be useful. In the same way that widespread use of git and vim makes these easy stacks to require of new engineers, widespread use of Saltstack by amateurs and dabblers would be helpful for saltstack.
  • With Saltstack helping to keep my environment managed and under control, I have gone from spending 30-40 hours per week in Ops and 0-10 in Dev, to spending less than 5 hours in Ops most weeks.
Chef and Puppet both require writing code, which I view as excessively involved for the task at hand. I have only needed to write pure python for a handful of Saltstack use cases - everything else has been configuration files.

Ansible, while elegant and simple, simply does not have the abstraction layer or the granularity that Saltstack does.

Cfengine has a reputation for complexity, and a relatively small community at this time.
Managing heterogeneous environments of large numbers of nodes, especially nodes which may need sudden changes (security updates, for instance), or frequent replacement, is a strength for Saltstack.

Simplicity is not a strength for Saltstack. In a homogenous environment (all CentOS 7, for example, with no Debian or Windows) I might recommend using Ansible instead - it is less flexible and granular, but simpler to configure.