Struggling to use a jinja variable as a parameter to salt['file.file_exists']()

[Steve Scotter]

Hi,

Advance warning, I'm a salt newbie, this may be a ID10T error.

I'm trying create a state file which hardens the permissions on a series of files on different linux machines. 

The files don't exist on all systems so I'm trying to perform a salt['file.file_exists'] first to check the file exists before trying to set the files permissions. However, salt['file.file_exists'] is always returning false when I use a variable.

Here's what I've got in my state file.

{%- set files = [
  {
    'name': '/boot/grub/grub.cfg',
    'perms': '0600',
    'user': 'root',
    'group': 'root',
  },
] %}

{%- for file in files %}
{%- if salt['file.file_exists']("{{ file.name }}") %}
harden_filepermissions__{{ file.name }}:
  file.managed:
    - name: {{ file.name }}
    - mode: {{ file.perms }}
    - replace: False
{%- else %}
harden_filepermissions__{{ file.name }}:
  module.run:
    - name: test.echo
    - text: "if salt['file.file_exists']('{{ file.name }}') == false?"

{%- endif %}
{%- endfor %}

{%- if salt['file.file_exists']('/boot/grub/grub.cfg') %}
harden_filepermissions__/boot/grub/grub.cfg_MANUAL:
  file.managed:
    - name: /boot/grub/grub.cfg
    - user: root
    - group: root
    - mode: "0600"
    - replace: False
{%- else %}
harden_filepermissions__/boot/grub/grub.cfg_MANUAL:
  module.run:
    - name: test.echo
    - text: "/boot/grub/grub.cfg doesn't exist?"
{%- endif %}

Eventually I want to have several files in the files array.

For testing purposes only I've added the harden_filepermissions__/boot/grub/grub.cfg_MANUAL task.

The IF statement when using the variable returns false when checking for the file, but behaves as expected when not using the variable in the _MANUAL task. 

Here's my output.

----------
          ID: harden_filepermissions__/boot/grub/grub.cfg
    Function: module.run
        Name: test.echo
      Result: True
     Comment: Module function test.echo executed
     Started: 12:08:58.111419
    Duration: 0.641 ms
     Changes:
              ----------
              ret:
                  if salt['file.file_exists']('/boot/grub/grub.cfg') == false?
----------
          ID: harden_filepermissions__/boot/grub/grub.cfg_MANUAL
    Function: file.managed
        Name: /boot/grub/grub.cfg
      Result: True
     Comment: File /boot/grub/grub.cfg exists with proper permissions. No changes made.
     Started: 12:08:58.112151
    Duration: 1.272 ms
     Changes:
----------

The only conclusion I could come to was that the {{ file.name }} isn't rendered when the IF is executed. To check I've just run salt-call with strace and I can see the following in the log, which seems to confirm my theory.

stat("{{ file.name }}", 0x7ffc1085b1c0) = -1 ENOENT (No such file or directory)

I've tried putting {{ file.name }} in double quotes, single quotes and with no quotes (the later gives a syntax errors when run) to no avail.

Is this a bug or expected behaviour? Or, am I doing something fundamentally wrong?

Thanks

Steve

[Dafydd Jones (techneg.it)]

Common mistake - you don't require {{ and }} when you're already in Jinja i.e. {%

Just use the variable name as you would in regular Python.

HTH

Dafydd

--
You received this message because you are subscribed to the Google Groups "Salt-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to salt-users+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/salt-users/e1fc47ce-52a1-4f61-b4df-c0353312c65cn%40googlegroups.com.

[brad.v...@gmail.com]

Also, I really don't think you need all of that jinja.  You could do something like:

harden_grub.cfg:

  file.managed:

    - name: /boot/grub/grub.cfg

    - mode: 600

    - user: root

    - group: root

    - replace: False

    - onlyif: test -f /boot/grub/grub.cfg

[Phipps, Thomas]

to learn further into what brad is saying here

here is an example that also uses import_yaml so you only have a yaml file to maintain to change which files get hardened

{% import_yaml "hard_file/files.yaml" as files %}
{% for file in files %}
harden_filepermissions__{{ file.filename }}:
  file.managed:
    - name: {{ file.filename }}
    - mode: {{ file.filemode }}
    - replace: False
    - onlyif:
      - fun: file.file_exists
        path: {{file.filename}}
{% endfor %}

and the yaml file it loads [for testing]

root@salt00:/srv/salt/hard_file# cat files.yaml
- filename: /tmp/test1
  filemode: "0600"
  user: root
  group: root
- filename: /tmp/test2
  filemode: "0600"
  user: root
  group: root

and the results of the above when only /tmp/test1 exists

local:
----------
          ID: harden_filepermissions__/tmp/test1
    Function: file.managed
        Name: /tmp/test1
      Result: True
     Comment:
     Started: 18:45:22.886965
    Duration: 3078.46 ms
     Changes:
              ----------
              mode:
                  0600
----------
          ID: harden_filepermissions__/tmp/test2
    Function: file.managed
        Name: /tmp/test2
      Result: True
     Comment: onlyif condition is false
     Started: 18:45:25.965703
    Duration: 11.909 ms
     Changes:

Summary for local
------------
Succeeded: 2 (changed=1)
Failed:    0
------------
Total states run:     2
Total run time:   3.090 s

To view this discussion on the web visit https://groups.google.com/d/msgid/salt-users/bd3b5399-b5f5-4036-9bfe-72afde40e8c9n%40googlegroups.com.

[Steve Scotter]

Hi all,

Thanks to everyone who responded. All the responses helped!

Regards

Steve