Below I'm offering a couple of custom Salt development services. If you didn't find a service to meet your needs (e.g., salt-api integration work), drop me a line at to discuss a custom engagement.
Backporting existing patches
Let’s say you were bitten by a critical bug in Salt that has an existing but unreleased fix (even minor versions like 2019.2.1 or 3000.2 had some regressions). Even if it is released, maybe you are unable to upgrade to the latest bleeding-edge rolling release due to stability or compatibility issues (and fixes are no longer backported to previous stable versions unless they are CVEs). Or maybe you were wrongly expecting that a much-needed feature PR against the master branch would be included in the upcoming release but were told that it is feature frozen, and you have to wait another four months for the next one.
What to do?
Well, you have the bulletproof option - fork the Salt repo, apply the patches, then build & deploy your own packages. For a company that has a large minion fleet, a complex set of states, and lots of Salt patches, this is the most viable path.
However, it takes a lot of efforts:
- You’ll likely end up maintaining your custom Salt fork indefinitely (especially if you have internal-only patches)
- Syncing with upstream would be hard (merge conflicts, deprecations)
- You’ll need to build Salt packages for different operating systems or deal with pip-based installs
- You’ll need to host them somewhere (like Artifactory)
- It would be necessary to have an extensive testing process and infrastructure (although this is a good thing)
What if you do not have so many resources?
As an engineer, you need to get things done quickly. There should be a simple way to ship patched or custom modules. And indeed, it is possible to drop a module into the
salt://_modules dir and sync it via
saltutil.sync_modules. But this approach raises a few questions:
- What kinds of modules could be patched this way?
- Is it possible to extend a module instead of overriding it?
- How to avoid running the sync command manually?
- How to bootstrap patched minions?
- Is it safe to just grab a newer version of a module from git repository?
- What if you have more than one minion version in use? You can only ever have one override in place at once because the module can’t be compatible with any Salt version.
- Even if the versions are identical, the packaged Salt code can still differ depending on the OS
- A local patch is tech debt. It can’t be blindly applied to a new Salt version (A future version of Salt might ship a different module that’s incompatible, and your override can break.) How to remember to remove the module when you upgrade Salt?
- What if a module is located in
salt/utils/and its override in
_utilshas no effect?
- What to do when a module doesn’t have a corresponding
saltutil.sync_*command or belongs to Salt core?
I can do all the low-level patching work, so you can focus on your infrastructure needs instead of fighting with various Salt bugs and upgrade cycles. It is possible to patch almost any part of Salt code, even if you run multiple versions simultaneously.
- I can port any existing upstream patch (that is not overly invasive) to an older Salt version
- I can help integrate a patch into your existing Salt Minion bootstrap process
- It usually takes just a couple of hours to port a patch. A couple of patch examples 1, 2, 3, 4, 5 and my contributions to Salt
- For this kind of work, my hourly rate is currently $100. For some patches, we can agree on a fixed budget.
- My availability is about ~8-12 hours per week
- To start, please send me an email at . Please specify an existing patch or PR you want to port and the current Salt/Python/OS versions you use.
If you do not have a budget, I published a detailed guide that explains the process: Patching Salt Modules.
Custom module development
- I can develop a custom module (cloud, state, execution, top, pillar, engine, beacon, runner, grain, wheel, returner), or improve an existing one
- I can port an existing module to Python 3
- I can help integrate a custom module into your existing Salt Minion bootstrap process (including 3-rd party module dependencies)
- For this kind of work, my long-term hourly rate is currently $80 ($100 for short-term contracts)
- My availability depends on existing engagements
- To start, please send me an email at