Notes on Salt, automation architecture, and implementation patterns.
Posts here introduce new guides, explain design decisions, and document practical lessons from field work.
A new step-by-step guide is now available for deploying VCF Salt (SSE) in air-gapped environments.
The guide covers the full deployment flow: OS preparation, offline bundle extraction, Salt Master and RaaS node setup, pillar configuration, Python package installation from local or bundled wheels, highstate execution, and a final validation checklist.
A new guide is now available covering how to automate Windows disk provisioning using Salt during Aria Automation VM deployments.
This approach eliminates the manual disk preparation steps that are normally required after a Windows VM is provisioned with additional disks attached.
The guide covers:
storage/map.yamlbringup entry point used by Aria AutomationThe result is a VM that exits deployment with all disks already initialised, formatted, and mounted — no Day-2 manual steps required.
This guide builds on the separation of concerns described in the Salt State and Pillar Architecture.
A new guide is now available covering how to use Salt to install and maintain VMware Tools across Windows virtual machines.
This is a practical starting point for teams that have Salt deployed in a VMware environment and want a concrete first automation use case.
The guide covers:
pkg.installedsystem.reboot with onchanges and only_on_pending_reboottop.slsThe approach keeps things simple and does not require a Git-backed fileserver, making it accessible for first-time Salt users.
A new guide covering active/passive Salt master HA is now available.
The guide covers the full setup: DNS aliasing for the active master endpoint, RaaS and Aria Automation integration via the alias, dual-master minion failover config, PKI replication via rsync over SSH, and scheduled safety sync. Includes a pre-go-live validation checklist and failover test procedure.
A new guide is available covering how to distribute and trust an internal Artifactory SSL certificate on Windows Salt minions using pillar.
The guide walks through retrieving the certificate chain, storing it in pillar, and deploying it via an idempotent state that checks the thumbprint before importing — keeping configuration data separate from state logic and supporting controlled certificate rotation across environments.
See also: Salt State and Pillar Architecture
A new guide covering practical Salt commands for diagnosing and resolving software packaging failures is now available.
The guide covers common failure scenarios: stuck jobs, unresponsive minions, download failures, and hung MSI installs. Each section provides a ready-to-run Salt command with context on what it does and when to use it.
This site documents practical, Salt-first automation patterns built from real-world implementation experience. The focus is clarity, reproducibility, and secure-by-default configuration.
The material here is implementation-focused. It reflects how I structure Git-backed state and pillar, approach secure GitFS authentication, manage encrypted pillar data, handle Windows certificate trust, build WinRepo-NG packaging workflows, and design Salt master high availability.
These guides assume you already run Salt with a working master and one or more minions. They are not introductory tutorials. They are reference implementations and patterns intended for production environments.
The goal is simple: document working approaches clearly enough that they can be reviewed, understood, and reproduced.
Additional patterns and architectural examples will be added over time.
More content will follow, including deeper architecture patterns and deployment models.
Halite is built around a simple principle:
Keep automation deterministic.
Keep configuration declarative.
Keep complexity visible.