Before you begin installing SaltStack Config, you need to ensure your installation project is up-to-date with these required dependencies.
Dependency | Requirement |
---|---|
License | If you are deploying SaltStack Config through vRealize Suite Lifecycle Manager and you want to integrate SaltStack Config with vRealize Automation, you need one of the following licenses:
If you are deploying SaltStack Config through vRealize Suite Lifecycle Manager and you want to integrate SaltStack Config with vRealize Automation, you need:
If you are using the standard installation method to deploy SaltStack Config, any of the above licenses will work. SaltStack SecOps requires a license with the SecOps feature enhancement. Customers with vRealize Automation Suite Advanced, Suite Enterprise, or Cloud license are eligible for this feature enhancement. To add SaltStack SecOps to your vRealize Automation license, contact your sales representative.
Note:
SaltStack Config supports multiple license keys, which means you can add any number of license key numbers to your
SaltStack Config installation. As long as a license key has not yet expired,
SaltStack Config activates any features allowed by that license key.
|
Operating System |
Salt itself is designed to be operating system agnostic and can manage the nodes of most standard operating systems. For a list of supported Salt operating systems, see Salt Platform Support. For more detailed information about additional operating systems or considerations, see SaltStack Config system requirements. |
PostgreSQL version | SaltStack Config requires a PostgreSQL 9.6 database, but PostgreSQL 12.4 is recommended. The recommended version of PostgreSQL is included with the SaltStack Config installer.
Note: Since PostgreSQL is a third-party software, you are responsible for ongoing maintenance, backups, and other administrative tasks. For information about PostgreSQL database maintenance and administration, see the
PostgreSQL documentation.
|
Redis version | SaltStack Config requires a Redis 5.x database, but Redis 6.2.7 is recommended. The recommended version of Redis is included with the SaltStack Config installer.
Note: Since Redis is a third-party software, you are responsible for ongoing maintenance and other administrative tasks. For information about Redis database maintenance and administration, see the
Redis documentation.
|
Java version | SaltStack Config requires a Java 11 runtime environment (JRE), specifically Java 11 is run on the RaaS node. The JRE is not included in the SaltStack Config installer. You must install it on your operating system prior to installation.
Note: Since Java is a third-party software, you are responsible for ongoing maintenance, backups, and other administrative tasks. For information about Java 11, see the
Java 11 documentation.
|
Internet Access | Some networks do not have consistent access to the Internet for various reasons. These systems are also referred to as air-gapped systems. Air-gapped systems pose particular challenges both for installing SaltStack Config and for ensuring it is up to date. For more information on preparing for installing in an air-gapped environment see, Installation planning for air-gapped systems below. |
Salt version | SaltStack Config is powered by Salt, an open-source automation and configuration management engine sponsored by VMware. Salt includes modules that can quickly and consistently automate common infrastructure administration tasks such as:
SaltStack Config is compatible with most versions of Salt, although it is strongly recommended to run the latest stable versions of Salt on your Salt master. If you plan to use SaltStack SecOps with Windows servers, these Windows minions must run Salt 3004.2 or later. For information on installing Salt, see The Salt install guide. For more information on using Salt, see the Salt user guide. |
Python version | SaltStack Config packages its own Python 3.9.14. It doesn’t use the Python installed on your operating systems and it does not require it to be up to date. However, it is generally recommended that you run the latest version of Python on your system. |
Firewall permissions | For standard installations, ensure firewall access is allowed on the following ports from the following nodes:
|
PyJWT Library | Required for connecting and configuring the Salt Master. To install the PyJWT library on your Salt Master run this command: pip3 install pyjwt==2.3.0 |
Installation planning for air-gapped systems
Air-gapped systems are systems that do not have consistent access to the internet. As a result, installing in an air-gapped environment includes additional preparation and planning steps.
Plan how to transfer the installation files
In order to complete a standard installation, you need a mechanism through which to download, verify, and extract the necessary installation files. If downloading files is impossible in your network, you need to brainstorm and prepare an alternate method to transfer the necessary installation files to the nodes on which you are installing SaltStack Config and its dependencies.
You will need to transfer the files to the node(s) involved in the installation process. Place the files in the root folder. For a standard installation, transfer the files to the Salt master from which you are running the installation orchestration.
Plan how to manage upgrades
SaltStack Config and its dependencies (Salt, PostgreSQL, etc.) release regular updates with enhanced features and security updates. In order to take advantage of these updates, you need to plan to check for updates and install upgrades whenever they are available.
Plan how to update SecOps libraries
If your organization has a SecOps license, be aware that both SaltStack SecOps libraries release regular content updates with the latest compliance and vulnerability content. These content libraries are updated outside of the regular SaltStack Config release schedule.
Ideally, customers can automatically download and ingest security libraries over the Internet or through an http proxy as soon as they are updated. However, it is also possible to manually download and ingest these libraries. In order to take advantage of these updates, you need a plan to check for security content updates regularly, and develop a process to manually ingest this content when it is available.