Saltstack state cookbook: Difference between revisions
m (Will moved page Saltstack state notes to Saltstack state cookbook without leaving a redirect) |
(→file) |
||
Line 90: | Line 90: | ||
- append_if_not_found: True | - append_if_not_found: True | ||
- content: | | - content: | | ||
ext_if = "vtnet0" | ext_if = "vtnet0" | ||
int_if = "lo1" | int_if = "lo1" | ||
Line 117: | Line 117: | ||
}} | }} | ||
{{expand | {{expand | ||
| file.directory | | file.directory | ||
| | | | ||
Line 132: | Line 132: | ||
- mode | - mode | ||
</source> | </source> | ||
}} | |||
{{expand | |||
| file.recurse | |||
| | |||
copy all files from saltstack into directory | |||
<syntaxhighlight lang="yaml"> | |||
./usr/local/www/foo.com: | |||
- source: salt://hosts/foo/files/foo.com | |||
- clean: True | |||
- user: www | |||
- group: www | |||
- dir_mode: 755 | |||
- file_mode: 644 | |||
</syntaxhighlight> | |||
}} | }} | ||
Revision as of 20:04, 19 June 2022
This page documents some of my most frequently used (and forgotten) states or patterns I use them in.
Refer to the (excellent) complete list of states for much more information:
Documentation
module ref https://docs.saltstack.com/en/latest/salt-modindex.html
states
cmd
cmd.run
.echo hi: cmd.run: - name: echo "hi"
file
file.managed
See https://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html
use jinja as context in configfile
./etc/rc.conf: file.managed: - source: salt:/rc/rc.conf - template: jinjausing dictionary as context
./etc/rc.conf: file.managed: - source: salt:/rc/rc.conf - template: jinja - context: port: 22 # NOTE: cannot be jinja vars hostname: 1234setting contents
./etc/rc.conf: file.managed: - contents: | sshd_enable"YES"file.line
./boot/loader.conf file.line: - content: fuse_load="YES" - mode: ensure - location: end
file.blockreplace
./etc/pf.conf: file.blockreplace: - marker_start: "# <jail_iface>" - marker_end: "# </jail_iface>" - append_if_not_found: True - content: | ext_if = "vtnet0" int_if = "lo1" jail_net = $int_if:network nat pass on $ext_if from $jail_net to any -> "{{ext_ip}}"file.replace
Uses python's
re.search()
{% if not salt.file_search( '/etc/myfile', 'key[ ]*=.*?val.*?' ) %} .replace text: file.replace: - name: /etc/myfile - pattern: 'key[ ]*=' - repl: 'key = val ' - count: 1 {% endif %}file.directory
./home/will/dev: file.directory: - makedirs: True - user: will - group: root - mode: 2775 - recurse: - user - group - modefile.recurse
copy all files from saltstack into directory./usr/local/www/foo.com: - source: salt://hosts/foo/files/foo.com - clean: True - user: www - group: www - dir_mode: 755 - file_mode: 644
ini.options_present
Set options within a .ini or .conf file.
.gitconfig (options): ini.options_present: - name: /home/will/.gitconfig - separator: '=' - sections: user: email: 'you@example.com' name: 'you yourself'archive
./path/to/dir: archive.extracted: - source: https://foo.com/file.tar.gz - source_hash: md5=764efa883dda1e11db47671c4a3bbd9e - user: you - group: you - if_missing: /path/to/dir/extracted-file # alternatively, instead of `source_hash`, you may use # `skip_verify: True`service
service.running
mysqld: service.running: - name: mysql - sig: mysql - enable: Truecron.present
https://docs.saltproject.io/en/latest/ref/states/all/salt.states.cron.html#module-salt.states.cron/usr/bin/vdirsyncer sync: cron.present: - identifier: 'vdirsyncer_sync' - minute: '*/5'user
NOTE:
Users created without a password will be locked , preventing even ssh key login.
You can change this using a non-hashable password:
usermod -p * <user>
.user.present
user.present: - name: pete - shell: /bin/zshgroup
group.present
# add user 'will' to group 'video' if it exists {% if salt.group.info('video') %} video: group.present: - system: True - addusers: - will {% endif %}
modules
salt.file.file_exists
salt.file.directory_exists
salt.file.search
{% if not salt.file_search( '/etc/myfile', 'key[ ]*=.*?val.*?' ) %} .replace text: file.replace: - name: /etc/myfile - pattern: 'key[ ]*=' - repl: 'key = val ' - count: 1 {% endif %}