If you integrated SaltStack Config with vRealize Automation, you can apply the SaltStack Config resource to install the minions on virtual machines in your deployments. After the minion is deployed, you can use SaltStack Config's powerful configuration management, drift remediation, and state management capabilities to manage your resources.

Minions are agents that run the salt-minion service. The service subscribes to jobs published by a Salt master, which is a server that runs the salt-master service. When a specific job applies to a minion, the minion executes the job.

You can use the SaltStack Config resource to deploy minions and apply state files when you deploy Linux and Windows machines. To add or update minions and state files on existing deployments, you can run the Attach SaltStack Resource day 2 action. For more about the day 2 action, see What actions can I run on Cloud Assembly deployments or supported resources.

If you used the saltConfiguration property to deploy minions and state files as a day 0 action, update your cloud templates to use the SaltStack Config resource. The saltConfiguration property is no longer available for use in cloud templates.

The Apply Salt Configuration day 2 action is still available for resources that use the saltConfiguration property.

Before you start

  1. Verify that you successfully configured the SaltStack Config integration. See Configure a SaltStack Config integration in vRealize Automation.

    To familiarize yourself with how SaltStack Config works, including the key concepts of minions, see Understanding the SaltStack User Interface.

  2. In SaltStack Config, verify that the FQDN name resolution from minion to master is working.
    1. To verify the FQDN on the Salt master in SaltStack Config, click Targets and then select the All Minions target group.
    2. Filter the Minion ID column for the value saltmaster.
    3. Click saltmaster to see the details.
    4. Verify that the FQDN value is correct.
  3. If you are deploying minions on a Linux machine, verify that the images in vSphere that you intend to deploy with a Salt minion have SSH capabilities enabled. SSH is used to remotely access the machine and deploy the minion.
  4. If you are deploying minions on a Windows machine, see How do I deploy minions using the API (RaaS) in a Windows environment.

  5. If you are deploying minions on a virtual machine that has VMware Tools installed and a Salt minion configured, verify that the VMware Tools Salt minion key appears under the Accepted tab in the Minion Keys workspace in SaltStack Config. See Enable Salt minion using VMware Tools for more information.
    Note: If the VMware Tools Salt minion is an older version, deploying a minion against the virtual machine does not upgrade the Salt minion to the latest version. You must upgrade your Salt master manually. See Upgrade the Master Plugin for more information.
  6. Verify that you can assign IP addresses to the machines you deploy.

    SaltStack Config requires the machines to have public IP addresses. Use the IP addresses for the public IP CIDR range for the SDDC (software-defined data center) where your Salt master is located.


    If there is no public IP address configured for the machine, the IP address of the first NIC is used.

  7. Verify that the cloud template that you are adding the minion to is deployable before you add the SaltStack Config resource properties.
  8. Verify that you have the following service roles:
    1. Cloud Assembly administrator
    2. Cloud Assembly user
    3. Service Broker administrator

    These service roles are required to use the SaltStack Config resource.