Before you begin installing SaltStack Config , you need to ensure your installation project is up-to-date with these required dependencies .
Dependency | Requirement |
---|---|
License | If your deployment of SaltStack Config is integrated with vRealize Automation, you need one of these licenses:
If your deployment of SaltStack Config is not integrated with vRealize Automation, you need:
SaltStack SecOps requires a license with the SecOps feature enhancement. Customers with vRealize Automation Suite Advanced, Suite Enterprise, or Cloud license are eligible for this feature enhancement. To add SaltStack SecOps to your vRealize Automation license, contact your sales representative.
Note:
SaltStack Config supports multiple license keys, which means you can add any number of license key numbers to your
SaltStack Config installation. As long as a license key has not yet expired,
SaltStack Config activates any features allowed by that license key.
|
Operating System |
Salt itself is designed to be operating system agnostic and can manage the nodes of most standard operating systems. For a list of supported Salt operating systems, see Salt Platform Support. For more detailed information about additional operating systems or considerations, see SaltStack Config system requirements. |
PostgreSQL version | SaltStack Config requires a PostgreSQL 9.6 database, but PostgreSQL 12.4 is recommended. The recommended version of PostgreSQL is included with the SaltStack Config installer.
Note: Since PostgreSQL is a third-party software, you are responsible for ongoing maintenance, backups, and other administrative tasks. For information about PostgreSQL database maintenance and administration, see the
PostgreSQL documentation.
|
Redis version | SaltStack Config requires a Redis 5.x database, but Redis 5.0.4 is recommended. The recommended version of Redis is included with the SaltStack Config installer.
Note: Since Redis is a third-party software, you are responsible for ongoing maintenance and other administrative tasks. For information about Redis database maintenance and administration, see the
Redis documentation.
|
Java version | SaltStack Config requires a Java 11 runtime environment (JRE). The JRE is not included in the SaltStack Config installer. You must install it on your operating system prior to installation.
Note: Since Java is a third-party software, you are responsible for ongoing maintenance, backups, and other administrative tasks. For information about Java 11, see the
Java 11 documentation.
|
Internet Access | Some networks do not have consistent access to the Internet for various reasons. These systems are also referred to as air-gapped systems. Air-gapped systems pose particular challenges both for installing SaltStack Config and for ensuring it is up to date. For more information on preparing for installing in an air-gapped environment see, Installation planning for air-gapped systems below. |
Salt version | SaltStack Config is compatible with most versions of Salt, although it is strongly recommended to run the latest stable versions of Salt on your Salt master. If you plan to use SaltStack SecOps with Windows servers, these Windows minions must run Salt 3000 or later. |
Python version | SaltStack Config packages its own Python 3.7. It doesn’t use the Python installed on your operating systems and it does not require it to be up to date. However, it is generally recommended that you run the latest version of Python on your system. |
Firewall permissions | For standard installations, ensure firewall access is allowed on the following ports from the following nodes:
|
Installation planning for air-gapped systems
Air-gapped systems are systems that do not have consistent access to the internet. As a result, installing in an air-gapped environment includes additional preparation and planning steps.
Plan how to transfer the installation files
In order to complete a standard installation, you need a mechanism through which to download, verify, and extract the necessary installation files. If downloading files is impossible in your network, you need to brainstorm and prepare an alternate method to transfer the necessary installation files to the nodes on which you are installing SaltStack Config and its dependencies.
You will need to transfer the files to the node(s) involved in the installation process. Place the files in the root folder. For a standard installation, transfer the files to the Salt master from which you are running the installation orchestration.
Plan how to manage upgrades
SaltStack Config and its dependencies (Salt, PostgreSQL, etc.) release regular updates with enhanced features and security updates. In order to take advantage of these updates, you need to plan to check for updates and install upgrades whenever they are available.
Plan how to update SecOps libraries
If your organization has a SecOps license, be aware that both SaltStack SecOps libraries release regular content updates with the latest compliance and vulnerability content. These content libraries are updated outside of the regular SaltStack Config release schedule.
Ideally, customers can automatically download and ingest security libraries over the Internet or through an http proxy as soon as they are updated. However, it is also possible to manually download and ingest these libraries. In order to take advantage of these updates, you need a plan to check for security content updates regularly, and develop a process to manually ingest this content when it is available.