Before you begin installing SaltStack Config , you need to ensure your installation project is up-to-date with these required dependencies .

Use this checklist to determine which dependencies you must install SaltStack Config.
Dependency Requirement
License

If your deployment of SaltStack Config is integrated with vRealize Automation, you need one of these licenses:

  • vRealize Automation Cloud
  • vRealize Automation Suite Advanced
  • vRealize Automation Suite Enterprise

If your deployment of SaltStack Config is not integrated with vRealize Automation, you need:

  • vRealize Automation Standard Plus

SaltStack SecOps requires a license with the SecOps feature enhancement. Customers with vRealize Automation Suite Advanced, Suite Enterprise, or Cloud license are eligible for this feature enhancement. To add SaltStack SecOps to your vRealize Automation license, contact your sales representative.

Note: SaltStack Config supports multiple license keys, which means you can add any number of license key numbers to your SaltStack Config installation. As long as a license key has not yet expired, SaltStack Config activates any features allowed by that license key.
Operating System
  • RedHat 7.4 - 7.9 (RHEL 7)
  • CentOS 7 (CentOS7)

Salt itself is designed to be operating system agnostic and can manage the nodes of most standard operating systems. For a list of supported Salt operating systems, see Salt Platform Support.

For more detailed information about additional operating systems or considerations, see SaltStack Config system requirements.

PostgreSQL version SaltStack Config requires a PostgreSQL 9.6 database, but PostgreSQL 12.4 is recommended. The recommended version of PostgreSQL is included with the SaltStack Config installer.
Note: Since PostgreSQL is a third-party software, you are responsible for ongoing maintenance, backups, and other administrative tasks. For information about PostgreSQL database maintenance and administration, see the PostgreSQL documentation.
Redis version SaltStack Config requires a Redis 5.x database, but Redis 5.0.4 is recommended. The recommended version of Redis is included with the SaltStack Config installer.
Note: Since Redis is a third-party software, you are responsible for ongoing maintenance and other administrative tasks. For information about Redis database maintenance and administration, see the Redis documentation.
Java version SaltStack Config requires a Java 11 runtime environment (JRE). The JRE is not included in the SaltStack Config installer. You must install it on your operating system prior to installation.
Note: Since Java is a third-party software, you are responsible for ongoing maintenance, backups, and other administrative tasks. For information about Java 11, see the Java 11 documentation.
Internet Access Some networks do not have consistent access to the Internet for various reasons. These systems are also referred to as air-gapped systems. Air-gapped systems pose particular challenges both for installing SaltStack Config and for ensuring it is up to date.

For more information on preparing for installing in an air-gapped environment see, Installation planning for air-gapped systems below.

Salt version

SaltStack Config is compatible with most versions of Salt, although it is strongly recommended to run the latest stable versions of Salt on your Salt master.

If you plan to use SaltStack SecOps with Windows servers, these Windows minions must run Salt 3000 or later.

Python version SaltStack Config packages its own Python 3.7. It doesn’t use the Python installed on your operating systems and it does not require it to be up to date. However, it is generally recommended that you run the latest version of Python on your system.
Firewall permissions

For standard installations, ensure firewall access is allowed on the following ports from the following nodes:

  • PostgreSQL
    • Port 5432
    • Is accessible by eAPI servers
  • Redis
    • Port 6379
    • Is accessible by eAPI servers
  • eAPI endpoint
    • Port 443
    • Is accessible by Salt controllers, web-based interface users, and remote systems calling the Enterprise API
  • Salt controllers
    • Port 4505/4506
    • Is accessible by all minions configured to use the related Salt master

Installation planning for air-gapped systems

Air-gapped systems are systems that do not have consistent access to the internet. As a result, installing in an air-gapped environment includes additional preparation and planning steps.

Plan how to transfer the installation files

In order to complete a standard installation, you need a mechanism through which to download, verify, and extract the necessary installation files. If downloading files is impossible in your network, you need to brainstorm and prepare an alternate method to transfer the necessary installation files to the nodes on which you are installing SaltStack Config and its dependencies.

You will need to transfer the files to the node(s) involved in the installation process. Place the files in the root folder. For a standard installation, transfer the files to the Salt master from which you are running the installation orchestration.

Plan how to manage upgrades

SaltStack Config and its dependencies (Salt, PostgreSQL, etc.) release regular updates with enhanced features and security updates. In order to take advantage of these updates, you need to plan to check for updates and install upgrades whenever they are available.

Plan how to update SecOps libraries

If your organization has a SecOps license, be aware that both SaltStack SecOps libraries release regular content updates with the latest compliance and vulnerability content. These content libraries are updated outside of the regular SaltStack Config release schedule.

Ideally, customers can automatically download and ingest security libraries over the Internet or through an http proxy as soon as they are updated. However, it is also possible to manually download and ingest these libraries. In order to take advantage of these updates, you need a plan to check for security content updates regularly, and develop a process to manually ingest this content when it is available.