Running kubernetes on CentOS 7. Need to allow root ssh from the master cluster and disable on non-cluster hosts. In the sshd_config.template I put at the end:
Match Host {{ hsts }}
PermitRootLogin {{ yesno}}
In the state file I have:
/etc/ssh/sshd_config:
file.manager:
- source: salt ://compliance/files/sshd_config.template
- template: jinja
- mode: 600
- user: root
- group: root
- defaults:
{% if grains['cluster'] == 'unknown' %}
{% set hsts = 'all' %}
{% set yesno = 'no' %}
{% elif
grains['cluster'] == 'CLS1' %}
{% set hsts = 'server-1*,server-2*' %}
{% set yesno = 'yes' %}
{% else %}
{% set hsts = 'server-4*,server-5*' %}
{% set yesno = 'yes' %}
{% endif %}
When I run the state, I get back,
Unable to manage file: Jinja variable 'hsts' is undefined.
I added some debugging statements and do see that hsts is set correctly. Any idea what I have wrong?