When first working with Salt, it is not always clear where all of the modular components are and what they do. Salt comes loaded with more modular systems than many users are aware of, making Salt very easy to extend in many places.
The most commonly used modular systems are execution modules and states. But the modular systems extend well beyond the more easily exposed components and are often added to Salt to make the complete system more flexible.
Modules come primarily from several sources:
The Salt package itself
The Salt File Server
The extmods directory
Secondary packages installed
Using one source to override another is not supported.
Salt itself ships with a large number of modules. These are part of the Salt package itself and don't require the user to do anything to use them. (Although a number of them have additional dependencies and/or configuration.)
The user may add modules by simply placing them in special directories in their fileserver.
The name of the directory inside of the file server is the directory name prepended by underscore, such as:
_grains
_modules
_states
Modules must be synced before they can be used. This can happen a few ways, discussed below.
Note
Using saltenvs besides base
may not work in all contexts.
The minion configuration contains an option autoload_dynamic_modules
which defaults to True
. This option makes the state system refresh all
dynamic modules when states are run. To disable this behavior set
autoload_dynamic_modules
to False
in the minion config.
When dynamic modules are autoloaded via states, only the modules defined in the same saltenvs as the states currently being run.
The saltutil module has a number of functions that can be used to sync all
or specific dynamic modules. The saltutil.sync_*
execution functions
and
runner functions
can be used to sync modules
to minions and the master, respectively.
Any files places in the directory set by extension_modules
settings
(minion
,
master
, default
/var/cache/salt/*/extmods
) can also be loaded as modules. Note that these
directories are also used by the saltutil.sync_*
functions (mentioned
above) and files may be overwritten.
Third-party packages may also add modules to Salt if they are installed in the same system and Python environment as the Salt Minion or Master.
This is done via setuptools entry points:
setup(
# ...
entry_points={"salt.loader": ["module_dirs=spirofs.loader:module"]},
# ...
)
Note that these are not synced from the Salt Master to the Minions. They must be installed independently on each Minion.
The specific names used by each loading method above are as follows. See sections below for a short summary of each of these systems.
Module Type |
Salt Package Name |
FS/Directory Name |
Entry Point |
---|---|---|---|
Auth |
|
|
|
Beacon |
|
|
|
Cache |
|
|
|
Cloud |
|
|
|
Engine |
|
|
|
Execution |
|
|
|
Executor |
|
|
|
File Server |
|
|
|
Grain |
|
|
|
Log Handler |
|
|
|
Matcher |
|
|
|
Metaproxy |
|
|
|
Net API |
|
|
|
Outputter |
|
|
|
Pillar |
|
|
|
Proxy |
|
|
|
Queue |
|
|
|
Renderer |
|
|
|
Returner |
|
|
|
Roster |
|
|
|
Runner |
|
|
|
SDB |
|
|
|
Serializer |
|
|
|
SPM pkgdb |
|
|
|
SPM pkgfiles |
|
|
|
SSH Wrapper |
|
|
|
State |
|
|
|
Thorium |
|
|
|
Tokens |
|
|
|
Top |
|
|
|
Util |
|
|
|
Wheel |
|
|
|
Note
While it is possible to import modules directly with the import statement, it is strongly recommended that the appropriate dunder dictionary is used to access them instead. This is because a number of factors affect module names, module selection, and module overloading.
The auth module system allows for external authentication routines to be easily
added into Salt. The auth function needs to be implemented to satisfy the
requirements of an auth module. Use the pam
module as an example.
See External Authentication System for more about authentication in Salt.
Beacons are polled by the Salt event loop to monitor non-salt processes. See Beacons for more information about the beacon system.
The minion cache is used by the master to store various information about minions. See Minion Data Cache for more information.
Cloud modules are backend implementations used by Salt Cloud.
Engines are open-ended services managed by the Salt daemon (both master and minion). They may interact with event loop, call other modules, or a variety of non-salt tasks. See Salt Engines for complete details.
Execution modules make up the core of the functionality used by Salt to interact with client systems. The execution modules create the core system management library used by all Salt systems, including states, which interact with minion systems.
Execution modules are completely open ended in their execution. They can be used to do anything required on a minion, from installing packages to detecting information about the system. The only restraint in execution modules is that the defined functions always return a JSON serializable object.
Executors control how execution modules get called. The default is to just call them, but this can be customized.
The file server module system is used to create file server backends used by the
Salt Master. These modules need to implement the functions used in the
fileserver subsystem. Use the gitfs
module as an example.
See File Server Backends for more information.
Grain modules define extra routines to populate grains data. All defined public functions will be executed and MUST return a Python dict object. The dict keys will be added to the grains made available to the minion.
See Grains for more.
Log handlers allows the logs from salt (master or minion) to be sent to log aggregation systems.
Matcher modules are used to define the minion targeting expressions. For now, it is only possible to override the existing matchers (the required CLI plumbing for custom matchers is not implemented yet).
Metaproxy is an abstraction layer above the existing proxy minion. It enables adding different types of proxy minions that can still load existing proxymodules.
Net API modules are the actual server implementation used by Salt API.
The output modules supply the outputter system with routines to display data
in the terminal. These modules are very simple and only require the output
function to execute. The default system outputter is the nested
module.
Used to define optional external pillar systems. The pillar generated via the filesystem pillar is passed into external pillars. This is commonly used as a bridge to database data for pillar, but is also the backend to the libvirt state used to generate and sign libvirt certificates on the fly.
Proxy Minions are a way to manage devices that cannot run a full minion directly.
Renderers are the system used to render sls files into salt highdata for the
state compiler. They can be as simple as the py
renderer and as complex as
stateconf
and pydsl
.
Returners are used to send data from minions to external sources, commonly
databases. A full returner will implement all routines to be supported as an
external job cache. Use the redis
returner as an example.
The Roster system is used by Salt SSH to enumerate devices.
Runners are purely master-side execution sequences.
SDB is a way to store data that's not associated with a minion. See Storing Data in Other Databases.
Primarily used with file.serialize
.
State modules are used to define the state interfaces used by Salt States. These modules are restrictive in that they must follow a number of rules to function properly.
Note
State modules define the available routines in sls files. If calling an execution module directly is desired, take a look at the module state.
pkgdb modules provides storage backends to the package database.
pkgfiles modules handle the actual installation.
Replacement execution modules for Salt SSH.
Modules for use in the Thorium event reactor.
Token stores for External Authentication. See the
salt.tokens
docstring for details.
Note
The runner to load tokens modules is
saltutil.sync_eauth_tokens
.
Tops modules are used to convert external data sources into top file data for the state system.
Just utility modules to use with other modules via __utils__
(see
Dunder Dictionaries).
The wheel system is used to manage master side management routines. These routines are primarily intended for the API to enable master configuration.