use grain to call a pillar
15 views
Skip to first unread message
brad.v...@gmail.com
May 22, 2024, 9:46:21 AMMay 22
to Salt-users
I support a lot of servers running kubernetes cluster. The developers want to have a root public key in authorized_keys per cluster. I put the public keys in a pillar and can install per cluster using the exact cluster name. Which winds up being a whole series of
{% elif grains['cluster'] == 'C1' %}
C1-authorized_key:
file.prepend:
- name: /root/.ssh/authorized_keys
- text: {{ pillar['C1-pub'] }}
- makedirs: True
We have the clusters in a grain. Can I do:
{% else %}
cluster-authorized_key:
file.prepend:
- name: /root/.ssh/authorized_keys
- text: {{ pillar['grains['cluster]-pub'] }}
- makedirs: True
I'm just trying to figure out how not to have a whole series of elif's for every cluster.
Simon Lundström
May 22, 2024, 10:59:09 AMMay 22
to salt-...@googlegroups.com
Build up your pillar to have the cluster name as a key and just fetch it with a default:
pillar.sls:
authorized_keys:
kubernetes:
C1: “ssh-ed25519 AAAAC3…”
C2: "ssh-ed25519 AAAAC4…”
state:
/root/.ssh/authorized_keys:
file.prepend:
- text: {{ pillar.get(“authorized_keys:kubernetes:” ~ grains[‘cluster’], "ssh-ed25519 AAAAdefault”)) }}
- makedirs: True
totally not tested code but you get the idea.
See https://docs.saltproject.io/en/latest/topics/tutorials/pillar.html for more docs
BR,
- Simon
--
You received this message because you are subscribed to the Google Groups "Salt-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to salt-users+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/salt-users/954fef17-0a8f-46f9-b12c-37eaf7bf1a98n%40googlegroups.com.
brad.v...@gmail.com
May 22, 2024, 11:00:10 AMMay 22
to Salt-users
Thanks! I will give it a try!
brad.v...@gmail.com
May 22, 2024, 11:22:13 AMMay 22
to Salt-users
Yes. That worked! Thanks very much!
Phipps, Thomas
May 22, 2024, 1:50:46 PMMay 22
to salt-...@googlegroups.com
so, there are several things to look at. what was given was one way.
Another is to have the pillar targeted so that a minion only gets the items it needs instead of the whole thing. so no ifs would be needed at all just putting the contents there and using targeting to handle the rest this is what is considered the best practice.
also you were not far off. in your original question to another answer. just you didn’t know how to concat in jinja. the following would give the expected results you were looking for.
cluster-authorized_key:
file.prepend:
- name: /root/.ssh/authorized_keys - text: {{ pillar[grains['cluster] ~ '-pub'] }}
- makedirs: True
To view this discussion on the web visit https://groups.google.com/d/msgid/salt-users/3bb2dc10-2341-4f60-9a96-b4c018ebc478n%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages