Skip to content
thatch45 edited this page Apr 18, 2011 · 4 revisions

Since the dawn of networking, systems have been created which allow for remote administration and use of computers. Tools like telnet and ssh have been the standard for the remote use and administration of single systems for a long time now. The need to administer multiple remote servers at a time has also been an extremely common need for system administrators.

Over the years the tools used to complete this task have been many in number, from ssh “for” loops, dsh and clusterit for distributing commands via ssh to more modern tools like Func and MCollective. All of these tools complete the same basic task, but in different ways - distributed remote execution. For many years I have used Func, and while I will maintain that Func is a powerful and well written tool, I found myself wanting more. I wanted a tool that would be faster, scale better and allow developers more flexibility to modify how the executions were sent, who they were sent to, and how the data was managed.

The core concept for salt was to enable remote commands to be called in parallel rather than serial. There were also a number of additional goals, such as a secure and encrypted protocol, the smallest and fasted network payloads possible and the simplest programmer interface I could devise. Finally salt needed to be as simple to set up and maintain as possible, ssh based tools require ssh public key distribution, Func requires multiple daemons and an elaborate key/cert system, and MCollective requires a separate amqp daemon. To satisfy these core requirements, salt takes advantage of a number of technologies and techniques. The networking layer is built using the excellent zeromq networking library, so salt itself contains a viable, and transparent, amq broker inside the daemon. Salt uses public keys for authentication with the master daemon, and then uses faster aes encrytption for payload communication, this means that authentication and encryption is also built into salt. Salt takes advantage of communicating using python pickles, enabling fast and light network traffic. Salt also allows for simple expansion, execution routines can be written as plain python modules, and the data collected from salt executions can be sent back to the master server, or to any arbitrary program. Finally, salt can be called from a simple python api, or from the command line.

The result is a system that can execute commands across groups of servers at very high speed. A system that is very fast, very simple to set up and amazingly malleable. I hope that you will enjoy salt, it is already enabling organizations to more quickly and reliably manage large groups of servers.

Clone this wiki locally