Saltstack state cookbook

From wikinotes
Revision as of 20:05, 19 June 2022 by Will (talk | contribs) (→‎file)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

This page documents some of my most frequently used (and forgotten) states or patterns I use them in.

Refer to the (excellent) complete list of states for much more information:

Documentation

module ref https://docs.saltstack.com/en/latest/salt-modindex.html

states

cmd

cmd.run 


.echo hi:
    cmd.run:
        - name: echo "hi"


file

file.managed

See https://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html

use jinja as context in configfile 

./etc/rc.conf:
  file.managed:
    - source:   salt:/rc/rc.conf
    - template: jinja

using dictionary as context 

./etc/rc.conf:
    file.managed:
        - source: salt:/rc/rc.conf
        - template: jinja
        - context:
            port: 22         # NOTE: cannot be jinja vars
            hostname: 1234

setting contents 

./etc/rc.conf:
    file.managed:
        - contents: |
            sshd_enable"YES"

file.line 


./boot/loader.conf
  file.line:
    - content: fuse_load="YES"
    - mode: ensure
    - location: end


file.blockreplace 


./etc/pf.conf:
    file.blockreplace:
       - marker_start: "# <jail_iface>"
       - marker_end:   "# </jail_iface>"
       - append_if_not_found: True
       - content: |

          ext_if   = "vtnet0"
          int_if   = "lo1"
          jail_net = $int_if:network
          nat pass on $ext_if  from $jail_net to any -> "{{ext_ip}}"

file.replace

Uses python's re.search() 

{% if not salt.file_search( '/etc/myfile', 'key[ ]*=.*?val.*?' ) %}

.replace text:
	file.replace:
		- name:     /etc/myfile
		- pattern:  'key[ ]*='
		- repl:     'key = val '
		- count:     1

{% endif %}

file.directory 

./home/will/dev:
  file.directory:
    - makedirs: True
    - user:  will
    - group: root
    - mode:  2775
    - recurse:
      - user
      - group
      - mode

file.recurse


copy all files from saltstack into directory 

./usr/local/www/foo.com:
  file.recurse:
    - source: salt://hosts/foo/files/foo.com
    - clean: True
    - user: www
    - group: www
    - dir_mode: 755
    - file_mode: 644


ini.options_present

Set options within a .ini or .conf file. 

.gitconfig (options):
    ini.options_present:
        - name: /home/will/.gitconfig
        - separator: '='
        - sections:
            user:
                email: 'you@example.com'
                name: 'you yourself'

archive

./path/to/dir:
  archive.extracted:
    - source: https://foo.com/file.tar.gz
    - source_hash: md5=764efa883dda1e11db47671c4a3bbd9e
    - user: you
    - group: you
    - if_missing: /path/to/dir/extracted-file

# alternatively, instead of `source_hash`, you may use
# `skip_verify: True`

service

service.running 


mysqld:
  service.running:
    - name:   mysql
    - sig:    mysql
    - enable: True

cron.present


https://docs.saltproject.io/en/latest/ref/states/all/salt.states.cron.html#module-salt.states.cron 

/usr/bin/vdirsyncer sync:
  cron.present:
    - identifier: 'vdirsyncer_sync'
    - minute: '*/5'

user

NOTE:

Users created without a password will be locked , preventing even ssh key login.
You can change this using a non-hashable password:
usermod -p * <user>.

See https://unix.stackexchange.com/questions/193066/how-to-unlock-account-for-public-key-ssh-authorization-but-not-for-password-aut

user.present 

user.present:
  - name: pete
  - shell: /bin/zsh

group

group.present 


# add user 'will' to group 'video' if it exists
{% if salt.group.info('video') %}
video:
  group.present:
    - system: True
    - addusers:
      - will
{% endif %}


modules

salt.file.file_exists

salt.file.directory_exists

salt.file.search

{% if not salt.file_search( '/etc/myfile', 'key[ ]*=.*?val.*?' ) %}

.replace text:
	file.replace:
		- name:     /etc/myfile
		- pattern:  'key[ ]*='
		- repl:     'key = val '
		- count:     1

{% endif %}
Retrieved from "http://willpittman.net:8080/index.php?title=Saltstack_state_cookbook&oldid=30450"