Jinja template

15 views
Skip to first unread message

brad.v...@gmail.com

unread,
Oct 24, 2022, 8:08:14 AM10/24/22
to Salt-users
Running kubernetes on CentOS 7.  Need to allow root ssh from the master cluster and disable on non-cluster hosts.  In the sshd_config.template I put at the end:

Match Host {{ hsts }}
   PermitRootLogin {{ yesno}}

In the state file I have:

/etc/ssh/sshd_config:
  file.manager:
    - source: salt ://compliance/files/sshd_config.template
    - template: jinja
    - mode: 600
   - user: root
   - group: root
   - defaults:
{% if grains['cluster'] == 'unknown' %}
{% set hsts = 'all' %}
{% set yesno = 'no' %}
{% elif grains['cluster'] == 'CLS1' %}
{% set hsts = 'server-1*,server-2*' %}
{% set yesno = 'yes' %}
{% else %}
{% set hsts = 'server-4*,server-5*' %}
{% set yesno = 'yes' %}
{% endif %}

When I run the state, I get back,

Unable to manage file: Jinja variable 'hsts' is undefined.

I added some debugging statements and do see that hsts is set correctly.  Any idea what I have wrong?

sayf.eddi...@gmail.com

unread,
Oct 24, 2022, 9:08:59 AM10/24/22
to Salt-users
You are defining the jinja variables (hsts and yesno) but not printing them in the sls file. so the rendered sls file will look like 
"""
/etc/ssh/sshd_config:
  file.manager:
    - source: salt ://compliance/files/sshd_config.template
    - template: jinja
    - mode: 600
   - user: root
   - group: root
   - defaults:
"""

You need to print them (and in the same time I recommend moving the logic outside the state for easier reading like
"""
{% if grains['cluster'] == 'unknown' %}
{% set hsts = 'all' %}
{% set yesno = 'no' %}
{% elif grains['cluster'] == 'CLS1' %}
{% set hsts = 'server-1*,server-2*' %}
{% set yesno = 'yes' %}
{% else %}
{% set hsts = 'server-4*,server-5*' %}
{% set yesno = 'yes' %}
{% endif %}


/etc/ssh/sshd_config:
  file.manager:
    - source: salt ://compliance/files/sshd_config.template
    - template: jinja
    - mode: 600
   - user: root
   - group: root
   - defaults:
        hsts: {{hsts}}
        yesno: {{yesno}}

brad.v...@gmail.com

unread,
Oct 24, 2022, 9:32:08 AM10/24/22
to Salt-users
Thanks!  That worked!

brad.v...@gmail.com

unread,
Oct 24, 2022, 9:40:02 AM10/24/22
to Salt-users
Oh!  One thing, it is changing "yes" to True in the template.  I just want it to use "yes".  Ah, changed it to:

yesno: "{{ yesno }}"

and that works!  :)

sayf.eddi...@gmail.com

unread,
Oct 24, 2022, 9:59:34 AM10/24/22
to Salt-users
Ah yes, yaml considers  y|Y|yes|Yes|YES|n|N|no|No|NO |true|True|TRUE|false|False|FALSE |on|On|ON|off|Off|OFF as Boolean so i think it renders them as True False

Brad Van Orden

unread,
Oct 24, 2022, 11:16:46 AM10/24/22
to salt-...@googlegroups.com
Thanks again!
Brad Van Orden


--
You received this message because you are subscribed to a topic in the Google Groups "Salt-users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/salt-users/IHOrc-ha7tc/unsubscribe.
To unsubscribe from this group and all its topics, send an email to salt-users+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/salt-users/22a7b240-91e2-4704-9e86-f2779e9e7c8an%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages