Known issues

The following sections describe the currently known issues in SaltStack Config version 8.3.0.


As part of VMware’s initiative to remove problematic terminology, the term Salt master will be replaced with Salt controller in SaltStack Config and related products and documentation. This terminology update may take a few release cycles before it is fully complete.


  • If the PostgreSQL database is not set to use UTF-8, sorting will not be consistent across the application.
  • Job return numbers may differ from target numbers based on current key state and grain data.
  • When upgrading SaltStack Config, some users might notice a queue of stale jobs that are stuck in a pending state. Upgrading the RaaS node can cause these jobs to run unless they are first cleared out. See the Upgrade the RaaS node step in the Upgrade from a previous version guide for more information.

The SaltStack Config user interface

  • Scheduled jobs display in the user interface only if scheduled within the next 12 weeks.
  • After upgrading SaltStack Config (for example, from 6.3.0 to 6.4.0), you must clear your web browser cache. Failing to clear the cache might result in unpredictable behavior in the user interface.
  • When running jobs against a large number of minions, only 2,000 job returns show in the user interface by default. To retain job returns for all minions, use RaaS to query the get_returns function.
  • If you are using multiple masters and have enabled sseapi_cluster_id on more than one master, the master might not show up in the Reports workspace in the Master version report (Home > Reports > Master Versions). It might also affect masters that have been installed using a single-node installation.

    To check whether your system is affected by this issue, SSH into your master and run the following command:

    sudo salt-run config.get sseapi_cluster_id


    If you find nothing after running this command, then this issue does not apply to you. If you do see a response, it means you have enabled sseapi_cluster_id and your master does not appear in the report. If this node is not in a cluster, you can safely comment the configuration out and restart the Salt master service. However, if your master is operating in a cluster, you must not change this setting.

vRealize Automation SaltStack SecOps

  • SaltStack SecOps require Salt version 2018.3.3 or later for Linux or Unix minions, and 3000 or higher for Windows minions.
  • It is recommended SaltStack SecOps compliance and vulnerability assessments and remediations are run weekly or biweekly for target groups greater than 1,000 minions. If run more frequently, the results table will quickly consume all available disk space.
  • In the SaltStack Config user interface, SaltStack SecOps newly-created vulnerability policies do not show any minions until you have run the first assessment.
  • A SaltStack SecOps vulnerability security policy’s Advisories tab does not show vulnerabilities that have been remediated. To view remediated advisories, go to the policy’s Targets tab, select a remediated minion, and then select the Last Remediation tab to verify the minion was remediated.
  • Remediating vulnerabilities on a minion might not result in any changes to the minion if the operating system has not yet provided updated packages required to remediate the vulnerability. In these cases, the remediation job returns successfully, but the vulnerabilities have not been remediated.
  • After running a vulnerability scan one day, vulnerabilities are shown in the policy dashboard charts. If those vulnerabilities are not remediated and a new scan is run the following day, the policy chart resets to zero and begins with a fresh count for that day. This behavior is expected as the chart is intended to act as a daily scan summary. The chart does not display results for the days on which no vulnerability scans were run.
  • After the release of SaltStack Config 8.3.0, the vulnerability library includes Windows vulnerabilities. This library is available to all SaltStack SecOps customers with a current license regardless of which version of SaltStack Config you are running. However, if you are using an earlier version of SaltStack Config, these versions are capable of scanning Windows minions but the user interface will not display any patches or updates to remediate these minions. To remediate Windows minions, upgrade to SaltStack Config 8.3.0 or higher.

LDAP and Active Directory

  • When configuring Active Directory services, the results are limited to 10,000 users or less. Using a filter can help narrow down the directory to the specific users you would like to sync with SaltStack Config.