salt stack - SaltStack: $HOME of users which does not exist yet

I create a user foo on a minion. The minion evalutes /etc/default/useradd. This means the salt master does not know whether the new $HOME will be /home/foo or in our case /localhome/foo.How can I get the $HOME of user foo as jinia variable?I need it in a systemd service file.I would like to avoid custom pillar data, since this is redundant. Is there a way to get it via grains? Does it work during boostrapping? First the user foo needs to be created, then the systemd file can be created by looking up the $HOME of foo...This would work if the us...Read more

salt stack - IPtables management with SaltStack

I'm trying to configure a flexible iptables management solution with SaltStack, but I find it harder than I thought it would be.My main requirement: to be able to have a pillar where I keep a list of IPs, which should be whitelisted for SSH access on all minions. This list of IPs will of course change every now and then: some IPs get added, some IPs are removed. The problem that I'm facing is with the removed IPs - when I remove them from the pillar file, SaltStack doesn't remove the actual whitelisting from the minions.The only workaround I co...Read more

Reusing salt state snippets

In my salt state files I have several occurrences of a pattern which consists of defining a remote repository and importing a gpg key file definition, e.g.import_packman_gpg_key: cmd.run: - name: rpm --import http://packman.inode.at/gpg-pubkey-1abd1afb.asc - unless: rpm -q gpg-pubkey-1abd1afb-54176598packman-essentials: pkgrepo.managed: - baseurl: http://ftp.gwdg.de/pub/linux/misc/packman/suse/openSUSE_Tumbleweed/Essentials/ - humanname: Packman (Essentials) - refresh: 1 require: - cmd: import_...Read more

winding-up dynamic states in Salt for changed environments

Consider some dynamic state shapes based on certain grain / pillar values. A webserver could for example add additional site definition for debug endpoints:{% if grains['dev'] %}/etc/nginx/sites-enabled/logaccess.conf: file.managed: - source: salt://some/path/logaccess.conf{% endif %}this works fine unless for example a dev server changes its role and becomes a productive one. There is no state left, and the file resides on the minion.I could of course add a counterpart/etc/nginx/sites-enabled/logaccess.conf:{% if grains['dev'] %} file.man...Read more

job scheduling - salt-master is not receiving scheduled job event fired on salt-minion

I would to like to ask you for a help. I use saltstack as a job scheduler for slaves (minions) and I would like to be able to see on master job events fired on minion.My setupJob is scheduled on salt-master using a pillar for given minion. Pillar is:schedule_returner: mongoschedule: cmd: function: cmd.run args: - date +%s >> /tmp/job_runs minutes: 1 maxrunning: 1Scheduled job is executed without any problem on minion. I can see returned data in mongodb and a new timestamp in my dummy file /tmp/job_runs. The configuration...Read more

salt stack - Saltstack test.ping taking 30+ seconds

I have essentially a barebones saltstack "cluster" running. In fact, it's actually a master and a minion on the same host machine. This is really a 2 part question.1) The salt-master takes a really long time to boot. Like 2+ minutes. The debug logs look like it's got several threads going in a loop loading/reloading configs:[DEBUG ] Reading configuration from /etc/salt/minion.d/master.conf[DEBUG ] Reading configuration from /etc/salt/minion.d/master.conf[DEBUG ] Using cached minion ID from /etc/salt/minion_id: host.my.domain[DEBUG ] ...Read more

salt stack - Pkg.install on windows repo in top.sls files for node group

I follow the following guide on how to setup windows software repository I can manually install a package on a node by executing:salt node pkg.install 'firefox'How do I transform this to a configuration in a top.sls file using pkg.install (or something similar) so that I could target a nodegroup using state.highstate and only install software that is not previously installed?Using the answer from Utah_Dave firefox I will get the following error message: (given that firefox is already installed on the machine, if I do a fresh install the error m...Read more

salt-master salt-cloud not acting idempotent

I am trying to test salt-cloud saltify to deploy/install salt-minions on target machines.I created three vagrant machines and names them master, minion-01and minion-02.all the machines were same like this;root@master:/home/vagrant# lsb_release -aNo LSB modules are available.Distributor ID: UbuntuDescription: Ubuntu 14.04.4 LTSRelease: 14.04Codename: trustythen on master I followed this http://repo.saltstack.com/#ubuntuto install salt-master(manually ofcourse).then in master I added these three files.in /etc/salt/cloud.providers:root@mas...Read more

How to use Packer Salt provisioner to create docker images?

How to use Packer Salt provisioner to create docker images ?here is my packer.json file. I will comment inline below{ "builders": [ { "type": "docker", "image": "enonic/docker-salt-masterless-ubuntu", "export_path": "cassandra.tar" // Not sure what this is doing? } ], "provisioners": [ { "type": "file", "source": "/srv/salt/cassandra", // This is where the cassandra directory is on my host machine which is ubuntu "destination": "/srv/salt/cassandra" // This is where I expect the cassandra directory on m...Read more

Salt: Condition based on systemd being available or not

I want to install this file via salt-stack.# /etc/logrotate.d/foo/home/foo/log/foo.log { compress # ... postrotate systemctl restart foo.service endscript}Unfortunately there are some old machines which don't have systemd yet.For those machines I need this postrotate script:/etc/init.d/foo restartHow to get this done in salt?I guess I need something like this:postrotate {% if ??? %} /etc/init.d/foo restart {% else %} systemctl restart foo.service {% endif %} endscriptBut how to implement ??? ?...Read more

configuration management - Why isn't my Salt minion showing any pillar attributes?

I've been through the salt and pillar walkthroughs and in general, everything works as expected with my setup. In fact, there isn't anything that I'm aware of that isn't working properly...until now.This is my first foray into using the pillar system. I have access keys that I am trying to protect so I'd like for pillar to allow me to keep tabs on which minions get copies of them.Here is my setup.Directory structure:[root@master config-mgmt]# tree /srv/pillar/srv/pillar├── awscreds.sls├── data.sls├── dev└── top.sls/srv/pillar/top.sls file:[ro...Read more

configuration management - How can I "sprinkle" my minions with custom grains when deploying salt-minion using Saltify (salt-cloud)?

I've gotten saltify to work on a fresh minion. I am able to specify a profile for the minion as well. However, I don't know how to assign custom grains to my minion during this process.Here's my set up.In /etc/salt/cloud.profiles.d/saltify.conf I have:salt-this-webserver: ssh_host: 10.66.77.99 ssh_username: opsuser password: ********** provider: web-saltify-configsalt-this-fileserver: ssh_host: 10.66.77.99 ssh_username: opsuser password: ********** provider: file-saltify-configIn /etc/salt/cloud/cloud.providers I have:web-saltify-conf...Read more

Copy files from salt master and execute on minion

I want to copy a directory from my Salt master to my Salt Minion. All the files are executables. I want to then execute the files on my salt minion.I want to achieve this using a salt state. copy_scripts: file.recurse: - name: /root/scripts - source: salt://files/scripts - user: root - group: root - file_mode: 744This puts the files on my Salt minion. How can I execute all the scripts inside?...Read more

How to get FQDN of salt-minion on which salt is to be run

I am trying to salt librenms. When replacing the original librenms config file, I want the ServerName to be FQDN instead of Ip address. network.get_fqdn returns IP address as well.{%- from "librenms/map.jinja" import librenms with context -%}<VirtualHost *:80> DocumentRoot /opt/librenms/html/ ServerName {{ network.get_fqdn }}# ServerName {{ grains['ipv4'][0] }} AllowEncodedSlashes NoDecode <Directory "/opt/librenms/html/"> Require all granted AllowOverride All Options FollowSymLinks MultiViews </Directory>&...Read more