Skip to main content
SaltStack Support

Enterprise Installation: Prerequisites

SaltStack Enterprise integrates seamlessly with a new or existing Salt installation.

Server Requirements

Set up a server to host SaltStack Enterprise. This server hosts the Enterprise API and Enterprise Console web components, and optionally a Salt Master.

Supported Operating Systems 

The SaltStack Enterprise server supports the following operating systems

  • Red Hat Enterprise Linux 7 (RHEL 7)/CentOS 7 (Cent7)
  • Oracle Linux 7
  • SUSE Linux Enterprise Server 12 SP4
  • SUSE Linux Enterprise Server 15
  • openSUSE Leap 42.3

SaltStack Enterprise SUSE packages will be provided in the coming weeks.

Note: The list above are supported operating systems for the SaltStack Enterprise server, not for the Salt Masters in your environment. For a list of supported Salt Master operating systems, See Supported Salt Versions.

Supported Python Versions

SaltStack Enterprise server requires Python 3.5.3 or later. Python 3.x packages are provided with the SaltStack Enterprise installation files.

SaltStack Enterprise cannot run on Salt Masters running Python 3. Support for masters running Python 3 is planned for the 4Q2019 release. For best results, use Python 2.7 on your Salt Masters.


SaltStack Enterprise requires a license file to track minion usage and the license subscription duration. The SaltStack Enterprise download contains a 14-day trial license. After 14 days the Enterprise API service no longer starts.

Customers receive a license file with a Welcome letter from SaltStack Support. If you are a current customer and have not received a license file, or if you encounter any issues with the licensing process, please contact SaltStack support at

For continued functionality, Your license file must be placed on your SaltStack Enterprise server at /etc/raas/raas.license before the 14-day expiration.

Hardware recommendations

Single-node Installation

Requirements for installing the Salt Master, SaltStack Enterprise, and PostgreSQL on the same host:

Up to 500 (minimum) Up to 500 (recommended) 500 to 1,000 (minimum) 500 to 1,000 (recommended)
2 CPU cores* 4 CPU cores 6 CPU cores 8 CPU cores
At least 20 GB free disk space** At least 20 GB free disk space** At least 20 GB free disk space** At least 20 GB free disk space**

* If using the scheduler you should have at least 4 GB of RAM.
** Used for minion return data. Increase according to your needs for data retention.

Multi-node installation

Note: Multi-node is recommended for environments with more than 1,000 minions.

Requirements for installing the Salt Master, SaltStack Enterprise, and PostgreSQL on separate hosts:

  1,000 to 2,500 minions 2,500 to 5,000 minions Greater than 5,000 minions
Salt Master node

4 CPU cores

8 CPU cores
Consider multiple masters
SaltStack Enterprise node 4 CPU cores
8 CPU cores
Create an additional SaltStack Enterprise node per 5,000 minions, hosted behind your preferred load-balancing solution
PostgreSQL node 4 CPU cores
At least 40 GB free disk space*
8 CPU cores
At least 80 GB free disk space*
Increase PostgreSQL CPU cores and RAM, as indicated by performance
Redis node 4 CPU cores
8 CPU cores
Increase Redis CPU cores and RAM, as indicated by performance

 * Used for minion return data. Increase according to your needs for data retention.

Database Requirements

SaltStack Enterprise requires a PostgreSQL 9.5 or 9.6 database. PostgreSQL 9.6 is recommended. PostgreSQL 10 is not supported.

Important notes regarding the SaltStack Enterprise database:

  1. The database is supported on PostgreSQL only.

  2. The SaltStack Enterprise installer can install and configure PostgreSQL on your SaltStack Enterprise server, however, you are responsible for ongoing maintenance, backups, and other administrative tasks for this database. See the PostgreSQL documentation for details on PostgreSQL database maintenance and administration.

  3. A PostgreSQL tuning guide can be found here.

Supported Salt Versions

SaltStack Enterprise can be used with the currently supported open source versions of Salt. See SaltStack Platform Support for a list.

Supported web browsers

The SaltStack Enterprise Web Console supports the latest versions of:

  • Google Chrome
  • Mozilla Firefox

Effect on your Existing Salt Open environment

Installing SaltStack Enterprise makes the following changes to your Salt Open environment:

  • Enterprise API backend services (file system, pillar store, and so on) take precedence over any other existing backends defined in your environment. You can continue to use all supported backend services, just be aware that files that exist in Enterprise Console will take precedence if they also exist in other file or pillar backends (See the Configuration topic in the SaltStack Enterprise help to learn how to change this behavior).

  • Enterprise API replaces the Salt Master syndic component to provide Salt Minion aggregation and scale. Salt Syndic Masters are not compatible with the SaltStack Enterprise architecture. Instead, each root Salt Master should connect directly to the Enterprise API.

Existing Salt States, configuration settings, and Salt Minion connections are unchanged. No changes are required on the Salt Minion to use SaltStack Enterprise.

Tuning Processes on your SaltStack Enterprise Server

When the SaltStack Enterprise Service (raas) starts, it creates two types of processes:

  • Tornado processes - allows connections from Salt Masters and web browsers
  • Celery processes - background workers

By default, raas sets the count for each process type to half the number of CPU Cores.

In most cases this is optimal, as the raas host should be dedicated to this task.

If you need to deploy raas on a host that supports additional services, you can override the default behavior by adding the following to your /etc/raas/raas configuration file.

num_processes: 8
    concurrency: 8      

For more on customizing background worker settings, see Background Worker Options.

Known issues

  • If the Postgres DB is not set to use UTF-8, sorting will not be consistent across the application.

  • Salt-run jobs do not work with the route_cmd method.

  • Non-scheduled jobs will capture the job execution time in the master time zone. Scheduled jobs will capture job execution time in UTC. To sync these times, the master time zone must be set to UTC or there will be a discrepancy between jobs run at the same time on a schedule vs. from the command line.

  • Scheduled jobs display in the web console only if scheduled within the next 12 weeks.

  • Job return numbers may differ from target numbers based on current key state and grain data.

  • Salt-run jobs do not work with the route_cmd method.

  • Changing the LDAP or AD structure might prevent the SaltStack Enterprise LDAP/AD integration from pulling new users in from the directory. It might also prevent existing users from authenticating.

  • systemctl restart raas may leave old SaltStack Enterprise processes running and prevent the newly started instance from functioning correctly. For best results, restart with the following instead.

First stop raas and show all running SaltStack Enterprise processes.

systemctl stop raas
ps guax | grep -E '(raas|celery)' | grep -v grep

When all processes have stopped, run systemctl start raas.

If the ps | grep pipeline shows any processes, wait 15-30 seconds for them to finish shutting down and then check again. If the processes remain after two minutes, use the Linux kill command to terminate them.

  • If the user who created one or more schedules is deleted, schedules created by that user will stop working.

  • SaltStack Enterprise console is supported on Chrome version 72 and later, and FireFox version 63 and later.

  • SaltStack SecOps requires Salt version 2018.3.3 or later for Linux or Unix minions, and 2019.2.0 or higher for Windows minions.

  • It is recommended SaltStack SecOps assessments and remediations are run weekly or biweekly for target groups greater than 1,000 minions. If run more frequently, the results table will quickly consume all available disk space.

  • Rejected minion keys cannot be deleted. To delete a rejected minion key, first accept the rejected key and then delete it.

  • Logrotate works only on files owned by root. However, the SaltStack Enterprise Service (raas) installs /etc/logrotate.d/raas as owned by raas, causing logrotate to ignore the raas log rotation.

  • Was this article helpful?