A proposal about SaltStack migration. We need to be aware of work currently needed to migrate Vault code from the core module to the extension.
Salt 3006
As of August 2024, FreeBSD packages repository still provide Salt 3006.
As such, this is the main version deployed on our servers and the version used for the primary server.
3006 is a LTS release with support until:
- 2024-10-18 for active support
- 2025-10-18 for security issues
Complector won't be upgraded to 3007 until one of those three scenarii occurs:
- FreeBSD package is available and deployed everywhere
- A critical need for features in extensions or 3008+
- We're in October 2025 and there is no extension for 3006 LTS lifetime
Reference: https://docs.saltproject.io/salt/install-guide/en/latest/topics/salt-version-support-lifecycle.htm
Salt 3007
Salt 3007 provides new feature and a transition to 3008. See https://salt.tips/whats-new-in-salt-chlorine/
It's currently deployed on Linux servers without any issue.
If we're still on 3006 in October 2024, we'll skip 3007 on FreeBSD and we'll wait for 3008 until October 2025, per previously stated scenarii.
Extensions
Most of the features beyond OS-level management will be moved to modules. Complete list is available at https://github.com/saltstack/great-module-migration/.
Once 3007 is deployed everywhere, a priority is to start work to migrate to the Vault extension can be done. We'll gain in security and best practices, as documented in https://github.com/saltstack/salt/pull/62684.
Some considerations needs to be done for the ZFS community extension, including adoption.
If we need to directly migrate from 3006 to 3008, that will be tricker, especially for secrets provisioning, and will need an ad-hoc plan.
Salt 3008
Migration to Salt 3008 needs to be blocked by correct extension deployment:
- ZFS
- Vault