Saltstack state cookbook: Difference between revisions
(→file) |
(→file) |
||
Line 141: | Line 141: | ||
<syntaxhighlight lang="yaml"> | <syntaxhighlight lang="yaml"> | ||
./usr/local/www/foo.com: | ./usr/local/www/foo.com: | ||
- source: salt://hosts/foo/files/foo.com | file.recurse: | ||
- source: salt://hosts/foo/files/foo.com | |||
- clean: True | |||
- user: www | |||
- group: www | |||
- dir_mode: 755 | |||
- file_mode: 644 | |||
</syntaxhighlight> | </syntaxhighlight> | ||
Latest revision as of 20:05, 19 June 2022
This page documents some of my most frequently used (and forgotten) states or patterns I use them in.
Refer to the (excellent) complete list of states for much more information:
Documentation
module ref https://docs.saltstack.com/en/latest/salt-modindex.html
states
cmd
cmd.run
.echo hi: cmd.run: - name: echo "hi"
file
file.managed
See https://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html
use jinja as context in configfile
./etc/rc.conf: file.managed: - source: salt:/rc/rc.conf - template: jinjausing dictionary as context
./etc/rc.conf: file.managed: - source: salt:/rc/rc.conf - template: jinja - context: port: 22 # NOTE: cannot be jinja vars hostname: 1234setting contents
./etc/rc.conf: file.managed: - contents: | sshd_enable"YES"file.line
./boot/loader.conf file.line: - content: fuse_load="YES" - mode: ensure - location: end
file.blockreplace
./etc/pf.conf: file.blockreplace: - marker_start: "# <jail_iface>" - marker_end: "# </jail_iface>" - append_if_not_found: True - content: | ext_if = "vtnet0" int_if = "lo1" jail_net = $int_if:network nat pass on $ext_if from $jail_net to any -> "{{ext_ip}}"file.replace
Uses python's
re.search()
{% if not salt.file_search( '/etc/myfile', 'key[ ]*=.*?val.*?' ) %} .replace text: file.replace: - name: /etc/myfile - pattern: 'key[ ]*=' - repl: 'key = val ' - count: 1 {% endif %}file.directory
./home/will/dev: file.directory: - makedirs: True - user: will - group: root - mode: 2775 - recurse: - user - group - modefile.recurse
copy all files from saltstack into directory./usr/local/www/foo.com: file.recurse: - source: salt://hosts/foo/files/foo.com - clean: True - user: www - group: www - dir_mode: 755 - file_mode: 644
ini.options_present
Set options within a .ini or .conf file.
.gitconfig (options): ini.options_present: - name: /home/will/.gitconfig - separator: '=' - sections: user: email: 'you@example.com' name: 'you yourself'archive
./path/to/dir: archive.extracted: - source: https://foo.com/file.tar.gz - source_hash: md5=764efa883dda1e11db47671c4a3bbd9e - user: you - group: you - if_missing: /path/to/dir/extracted-file # alternatively, instead of `source_hash`, you may use # `skip_verify: True`service
service.running
mysqld: service.running: - name: mysql - sig: mysql - enable: Truecron.present
https://docs.saltproject.io/en/latest/ref/states/all/salt.states.cron.html#module-salt.states.cron/usr/bin/vdirsyncer sync: cron.present: - identifier: 'vdirsyncer_sync' - minute: '*/5'user
NOTE:
Users created without a password will be locked , preventing even ssh key login.
You can change this using a non-hashable password:
usermod -p * <user>
.user.present
user.present: - name: pete - shell: /bin/zshgroup
group.present
# add user 'will' to group 'video' if it exists {% if salt.group.info('video') %} video: group.present: - system: True - addusers: - will {% endif %}
modules
salt.file.file_exists
salt.file.directory_exists
salt.file.search
{% if not salt.file_search( '/etc/myfile', 'key[ ]*=.*?val.*?' ) %} .replace text: file.replace: - name: /etc/myfile - pattern: 'key[ ]*=' - repl: 'key = val ' - count: 1 {% endif %}