When automating software and infrastructure, it is not uncommon to need to supply a user id and password for installation or other operations. While it is certainly possible to pass these plaintext credentials directly in the state, this is not best practice.
# not best practice!!!
- name: frank
- password: "test3rdb"
- host: localhost
There are several issues with this approach.
Continue reading “SaltStack: Keeping Salt Pillar data encrypted using GPG”
When using jinja2 for SaltStack formulas you may be surprised to find that your global scoped variables do not have ability to be modified inside a loop. Although this is counter intuitive given the scope behavior of most scripting languages it is unfortunately the case that a jinja2 globally scoped variable cannot be modified from an inner scope.
As an example of a solution that will not work, let’s say you have a global flag ‘foundUser’ set to False, then want to iterate through a group of users, and if a condition is met inside the loop, then ‘foundUser’ would be set to True.
Continue reading “SaltStack: Setting a jinja2 variable from an inner block scope”
SaltStack grains are used for relatively static information such as operating system, IP address, and other system properties. They are also useful for targeting minions, for example whether a system is part of dev/test/prod, or a flag on whether it falls under LifeScience or HIPAA regulation.
In this article we will implement a custom grain that determines whether a host is part of development, test, or production environment based on a simplistic naming scheme. This custom grain will be written in Python.
Continue reading “SaltStack: Creating a Custom Grain using Python”