SaltStack: Keeping Salt Pillar data encrypted using GPG

saltstack_logo-thumbnailWhen automating software and infrastructure, it is not uncommon to need to supply a user id and password for installation or other operations.  While it is certainly possible to pass these plaintext credentials directly in the state, this is not best practice.

# not best practice!!!

    - name: frank
    - password: "test3rdb"
    - host: localhost

There are several issues with this approach.

Continue reading “SaltStack: Keeping Salt Pillar data encrypted using GPG”

SaltStack: Setting a jinja2 variable from an inner block scope

saltstack_logo-thumbnailWhen using jinja2 for SaltStack formulas you may be surprised to find that your global scoped variables do not have ability to be modified inside a loop.  Although this is counter intuitive given the scope behavior of most scripting languages it is unfortunately the case that a jinja2 globally scoped variable cannot be modified from an inner scope.

As an example of a solution that will not work, let’s say you have a global flag ‘foundUser’ set to False, then want to iterate through a group of users, and if a condition is met inside the loop, then ‘foundUser’ would be set to True.

Continue reading “SaltStack: Setting a jinja2 variable from an inner block scope”

SaltStack: Creating a Custom Grain using Python

saltstack_logo-thumbnailSaltStack grains are used for relatively static information such as operating system, IP address, and other system properties.  They are also useful for targeting minions, for example whether a system is part of  dev/test/prod, or a flag on whether it falls under LifeScience or HIPAA regulation.

In this article we will implement a custom grain that determines whether a host is part of development, test, or production environment based on a simplistic naming scheme.   This custom grain will be written in Python.

Continue reading “SaltStack: Creating a Custom Grain using Python”