You'll learn how to:
Estimated time: 15 minutes
Difficulty:
Salt pillar is an essential component to make Salt states re-usable, so we are going to take a quick detour from writing Salt states to set it up.
Salt pillar uses a Top file to match Salt pillar data to Salt minions. This Top file is very much like the Top file that is used to match Salt states to Salt minions.
Like Salt state functions, Salt pillar is best learned by example. Create the salt-vagrant-demo-master/saltstack/pillar
directory, and then create a new file called top.sls
. Add the following:
base:
'*':
- default
Next, create a file named default.sls
in the same pillar
directory and add the following:
editor: vim
When Salt pillar data is refreshed, each Salt minion is matched against the targets listed in the top.sls
file. When a Salt minion matches a target, it receives all of the Salt pillar SLS files defined in the list underneath that target. Simple, right?
Since our *
glob matches all Salt minions, each Salt minion receives default
with a pillar key of editor
with a value of vim
.
We are going to use the Salt pillar value we just configured, so let’s first refresh Salt pillar data on all minions:
salt '*' saltutil.refresh_pillar
Salt pillar keys are available in a dictionary in Salt states, so you could now update the example state from the previous section to use this Salt pillar key:
vim installed:
pkg.installed:
- name: {{ pillar['editor'] }}
Salt pillar data is secure, and you can use it to keep portions of your Salt state secret. For example, you could add the following key:value
pairs to Salt pillar:
ftpusername: me
ftppassword: oxfm4@8t5gglu^h^&
And then reference them in a Salt state:
sync directory using lftp:
cmd.run:
- name: lftp -c "open -u {{ pillar['ftpusername'] }},{{ pillar['ftppassword'] }}
-p 22 sftp://example.com;mirror -c -R /local /remote"
For testing or for ad hoc management, you can pass Salt pillar values directly on the command line. These values override any value that might be set in a Salt pillar file.
salt '*' state.apply ftpsync pillar='{"ftpusername": "test", "ftppassword": "0ydyfww3giq8"}'
Hopefully it is becoming clear that you can use the Salt pillar targeting system to customize nearly any value in your Salt state files.
For example, you could create prodftp.sls
and stageftp.sls
Salt pillar files, insert different credentials into each, and then target different systems with each file. The same examples.sls
Salt state file is used for each system, but different user names and passwords would be used based on the Salt pillar file received.