Pillar data for satellite registration
27 views
Skip to first unread message
brad.v...@gmail.com
Mar 29, 2023, 7:10:53 AM3/29/23
to Salt-users
Trying to put information in a pillar to aid in registration to our satellite servers. I have in pilar/satellite/init.sls:
```
satellite:
{% if grains['master'] == 'inside-prod-salt-master.ourgroup.com' %}
KEY: INSIDE-prod
ORG: INSIDE-OURGROUP
{% elif grains['master'] == 'inside-dev-salt-master.ourgroup.com' %}
KEY: INSIDE-dev
ORG: INSIDE-OURGROUP
{% elif grains['master'] == 'outside-prod-salt-master.ourgroup.com' %}
KEY: OUTSIDE-prod
ORG: OUTSIDE-OURGROUP
{% elif grains['master'] == 'outside-dev-salt-master.ourgroup.com' %}
KEY: OUTSIDE-dev
ORG: OUTSIDE-OURGROUP
{%- endif -%}
```
saltstack does not like that. Where am I messing up?
Dafydd Jones (techneg.it)
Mar 29, 2023, 11:21:12 AM3/29/23
to salt-...@googlegroups.com
In what way does Salt not like it?
--
You received this message because you are subscribed to the Google Groups "Salt-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to salt-users+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/salt-users/98c81bd3-fc18-453a-855a-cc8adfd11d63n%40googlegroups.com.
brad.v...@gmail.com
Mar 29, 2023, 11:49:08 AM3/29/23
to Salt-users
It might be how I am trying to update the pillar on the salt master? I ran:
```
salt-run git_pillar.update branch=my-branch
```
and got back:
Exception occurred in runner git_pillar.update:
salt.exceptions.SaltRunnerError: Specified git branch/repo not found in ext_pillar config
I just assumed it was a problem with how I defined the pillar? Maybe I am doing something wrong trying to introduce a new pillar from this branch?
Phipps, Thomas
Mar 29, 2023, 12:56:27 PM3/29/23
to salt-...@googlegroups.com
what does your ext_pillar config look like. that error indicates the problem. that it can't find the branch in the git configs in ext_pillar.
To view this discussion on the web visit https://groups.google.com/d/msgid/salt-users/116fef1e-7511-442a-811c-fd3623947211n%40googlegroups.com.
brad.v...@gmail.com
Mar 30, 2023, 7:01:14 AM3/30/23
to Salt-users
It reads the existing pillars. In any case we have:
gitfs_remotes:
- base: master
- root: salt
ext_pillar:
- git:
- __env__ ssh://
g...@github.ourgroup.com/ourproj/host.git:
- root: pillar
that is git repository that I have pulled down and added the new pillars and then pushed. I created a dummy salt state under onetime in that same branch and it runs it. So, the salt master is finding the branch. But as you said, the error message does say it can't find the branch in ext_pillar config. I think it has something to do with each branch/tag having to have it's own top file as mentioned in: salt pillar.git_pillar. We got around it by just merging it to base. I really need to wrap my head around the concept. I'll be doing a bit more reading/research. Thanks for the feedback!
Jamie Murphy
Apr 4, 2023, 3:00:34 PM4/4/23
to salt-...@googlegroups.com
Beware of using dynamic (_env_) in ext_pillar. its very dangerously broken.
open issue: https://github.com/saltstack/salt/issues/39420
We have seen production api keys get deployed on dev/qa boxes and vice versa.
There's a race condition that makes it extremely dangerous where it can pull pillar info from the wrong branch.
open issue: https://github.com/saltstack/salt/issues/39420
We have seen production api keys get deployed on dev/qa boxes and vice versa.
There's a race condition that makes it extremely dangerous where it can pull pillar info from the wrong branch.
To view this discussion on the web visit https://groups.google.com/d/msgid/salt-users/5a030b1b-299c-4db3-866f-4af0b2cd4e01n%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages