Abandoning SaltStack?

2022 Mar 12, Timid Robot Zehta

I really wanted to use SaltStack to configure my home Linux router. It would be wonderful to manage that infrastructure as code. Unfortunately, it does not seem tenable for me.

Issues at Home

Does not support Python 3.8+ on macOS

My goal was to be able to push configurations using salt-ssh from my macOS laptop. SaltStack claims macOS is supported. Salt Project (emphasis added):

Salt is tested and packaged to run on CentOS, Debian, RHEL, Ubuntu, MacOS, Windows, and more.

I originally installed SaltStack via homebrew, but had to switch to a Python 3.7 virtual environment due to:

~~2020 Jun 21: [BUG] AttributeError: 'Process' object has no attribute '_args_for_getstate' · Issue #57742 · saltstack/salt~~
~~2022 Jan 09: [BUG] salt-ssh fails due to attempting to pickle _thread._local object · Issue #61435 · saltstack/salt~~

Update: These problems existed between the release of Python 3.8 on 2019 Oct 14 and the release of Salt version 3005 on 2022 Aug 25.

Cannot use gitfs with salt-ssh

With SaltStack appearing to work, I wanted to use SaltStack Formulas. Unfortunately, that option has been unsupported since 2005:

~~2015 May 12: Cannot use gitfs with salt-ssh · Issue #23576 · saltstack/salt~~

I also tried to symlink git submodules in, but I encountered the same error.

Update: Maybe I misidentified the problem. The issue above was closed on 2022 Mar 14 with a comment indicating there are other issues.

Docker images unmaintained

I thought I might have fewer issues if I might moved my use case closer to the SaltStack mainstream by using a SaltStack docker image. ~~Unfortunately, no 3004 docker image was available~~ (note update, below). saltstack/salt - Docker Image | Docker Hub:

Supported tags and respective Dockerfile links
3004rc1, rc
3003.3, 3003.2, 3003.1, 3003, latest

I realize I could create my own docker image, but I encountered this when my capacity for workarounds was already at its limit.

Update: At some point after 2022 May 03, the docker image creation pipeline was fixed. The 3004 image was last pushed on 2022 Oct 04 (just over 2 years after the release of SaltStack 3004 on 2021 Oct 18).

Issues at Work

Lack of Open Community

In learning and using SaltStack, I've frequently come up against a terrible lack of examples and documentation of SaltStack in use. It seems to be getting worse as the few examples I did find are becoming outdated.

At work, I've tried to use SaltStack in the open so others can build on my work. I've blogged about it previously (SaltStack tag - Timid Robot). So far, engagement has been nonexistent.

I spent years working with Puppet, which had a much stronger community.

Incomplete Migration from Python 2.7 to Python 3

I use boto_rds for provisioning:

2022 Jan 31: [BUG] boto_rds.subnet_group_present broken · Issue #61555 · saltstack/salt

Update: This issue remains open as of 2023 Feb 01.

More `salt-ssh` Trouble

I use salt-ssh for the initial setup of newly provisioned EC2 instances:

2022 Jan 27: [BUG] salt-ssh requires the distro python package · Issue #61535 · saltstack/salt

Update: This issue remains open as of 2023 Feb 01.

Overwhelming Backlog

The backlog contains many ancient and higher severity issues that deal with the functionality I am interested in (ex. salt-ssh):

Issues · saltstack/salt

Conclusion

I really wanted to love SaltStack. I love Python. I love a lot of the design decisions made by SaltStack. It seems like the core use case (avoiding salt-ssh, orchestration, and provisioning) is viable. SaltStack might work very very well for you. I respect the developers (especially the volunteer developers) who are working on a great product. Unfortunately, it doesn't feel like SaltStack will work well for me.

I expect that next I'll try Ansible at home:

Ansible Community Documentation

Response

2022 Mar 16: Gareth J. Greenaway provided a good response to this post on Twitter.

Ansible Success

2022 May 03: Not long after writing this post, my firewall's RAM was damaged by a blackout and I had to rebuild it. I was able to do fairly quickly, even though I was learning Ansible at the same time. So far, I've really enjoyed Ansible. My only complaint is that it is slow (though fast enough for my needs).

Updates

2023 Feb 01:
- Added update notes throughout
- Made date formats consistent
2022 May 03:
- Added recheck date to Docker images unmaintained section
- Added Response section
- Added Ansible Success section