Saltstack_Use Guide 05_Data System-Pillar

Posted by phpwizard01 on Thu, 16 May 2019 14:30:01 +0200

1. Host Planning

 

Pillar document

https://docs.saltstack.com/en/latest/topics/pillar/index.html

 

Matters needing attention

If the master or minion configuration file is modified, the corresponding service must be restarted.

 

2. Grains VS Pillar

 

3. Pillar Basic Information

 1 Pillar
 2 Pillar data is the dynamic assignment of specific data to a particular minion.
 3 Only the specified minion can see its own data [so it must have top.sls]
 4 So it can be used for sensitive data
 5 
 6 Pillar refresh:
 7 salt'*'saltutil. sync_all # is available but not recommended  
 8 salt'*'saltutil. sync_pillar has an error and is suitable for master less mode  
 9 salt'*'saltutil. refresh_modules refresh modules, so it is not recommended to use them  
10 salt'*'saltutil. refresh_pillar # Recommended use of
11 
12 Special attention should be paid to:
13 If salt'*'saltutil. refresh_pillar is not executed to view information directly using salt'*' pillar. items, you can also see that the information is up-to-date.
14 But it's old information when looking at specific updates, so the pillar refresh command must be executed.
15 
16 use:
17 1. Target selection
18 2. Configuration Management
19.3. Confidential Data [Sensitive Data]

 

4. Display system's own pillar

The pillar that comes with the system is not displayed by default.

Note: Restore it after reading, because there are more data. Mixed with custom data, inconvenient to view

 

4.1. Modify the configuration file and restart the service

 1 [root@salt100 ~]# salt 'salt01' pillar.items  # pillar information is not displayed by default 
 2 salt01:
 3     ----------
 4 [root@salt100 ~]# vim /etc/salt/master  
 5 ………………
 6 # The pillar_opts option adds the master configuration file data to a dict in
 7 # the pillar called "master". This is used to set simple configurations in the
 8 # master config file that can then be used on minions.
 9 #pillar_opts: False
10 pillar_opts: True
11 ………………
12 [root@salt100 ~]# systemctl restart salt-master.service  # Modified the configuration file to restart the service

 

4.2. Display pillar information

  1 [root@salt100 ~]# salt 'salt01' pillar.items  # Display system pillar information
  2 salt01:
  3     ----------
  4     master:
  5         ----------
  6         __cli:
  7             salt-master
  8         __role:
  9             master
 10         allow_minion_key_revoke:
 11             True
 12         archive_jobs:
 13             False
 14         auth_events:
 15             True
 16         auth_mode:
 17             1
 18         auto_accept:
 19             False
 20         azurefs_update_interval:
 21             60
 22         cache:
 23             localfs
 24         cache_sreqs:
 25             True
 26         cachedir:
 27             /var/cache/salt/master
 28         clean_dynamic_modules:
 29             True
 30         cli_summary:
 31             False
 32         client_acl_verify:
 33             True
 34         cluster_masters:
 35         cluster_mode:
 36             False
 37         con_cache:
 38             False
 39         conf_file:
 40             /etc/salt/master
 41         config_dir:
 42             /etc/salt
 43         cython_enable:
 44             False
 45         daemon:
 46             False
 47         decrypt_pillar:
 48         decrypt_pillar_default:
 49             gpg
 50         decrypt_pillar_delimiter:
 51             :
 52         decrypt_pillar_renderers:
 53             - gpg
 54         default_include:
 55             master.d/*.conf
 56         default_top:
 57             base
 58         discovery:
 59             False
 60         django_auth_path:
 61         django_auth_settings:
 62         drop_messages_signature_fail:
 63             False
 64         dummy_pub:
 65             False
 66         eauth_acl_module:
 67         eauth_tokens:
 68             localfs
 69         enable_gpu_grains:
 70             False
 71         enable_ssh_minions:
 72             False
 73         enforce_mine_cache:
 74             False
 75         engines:
 76         env_order:
 77         event_match_type:
 78             startswith
 79         event_return:
 80         event_return_blacklist:
 81         event_return_queue:
 82             0
 83         event_return_whitelist:
 84         ext_job_cache:
 85         ext_pillar:
 86         extension_modules:
 87             /var/cache/salt/master/extmods
 88         external_auth:
 89             ----------
 90         extmod_blacklist:
 91             ----------
 92         extmod_whitelist:
 93             ----------
 94         failhard:
 95             False
 96         file_buffer_size:
 97             1048576
 98         file_client:
 99             local
100         file_ignore_glob:
101         file_ignore_regex:
102         file_recv:
103             False
104         file_recv_max_size:
105             100
106         file_roots:
107             ----------
108             base:
109                 - /srv/salt
110         fileserver_backend:
111             - roots
112         fileserver_followsymlinks:
113             True
114         fileserver_ignoresymlinks:
115             False
116         fileserver_limit_traversal:
117             False
118         fileserver_verify_config:
119             True
120         gather_job_timeout:
121             10
122         git_pillar_base:
123             master
124         git_pillar_branch:
125             master
126         git_pillar_env:
127         git_pillar_global_lock:
128             True
129         git_pillar_includes:
130             True
131         git_pillar_insecure_auth:
132             False
133         git_pillar_passphrase:
134         git_pillar_password:
135         git_pillar_privkey:
136         git_pillar_pubkey:
137         git_pillar_refspecs:
138             - +refs/heads/*:refs/remotes/origin/*
139             - +refs/tags/*:refs/tags/*
140         git_pillar_root:
141         git_pillar_ssl_verify:
142             True
143         git_pillar_user:
144         git_pillar_verify_config:
145             True
146         gitfs_base:
147             master
148         gitfs_disable_saltenv_mapping:
149             False
150         gitfs_env_blacklist:
151         gitfs_env_whitelist:
152         gitfs_global_lock:
153             True
154         gitfs_insecure_auth:
155             False
156         gitfs_mountpoint:
157         gitfs_passphrase:
158         gitfs_password:
159         gitfs_privkey:
160         gitfs_pubkey:
161         gitfs_ref_types:
162             - branch
163             - tag
164             - sha
165         gitfs_refspecs:
166             - +refs/heads/*:refs/remotes/origin/*
167             - +refs/tags/*:refs/tags/*
168         gitfs_remotes:
169         gitfs_root:
170         gitfs_saltenv:
171         gitfs_saltenv_blacklist:
172         gitfs_saltenv_whitelist:
173         gitfs_ssl_verify:
174             True
175         gitfs_update_interval:
176             60
177         gitfs_user:
178         hash_type:
179             sha256
180         hgfs_base:
181             default
182         hgfs_branch_method:
183             branches
184         hgfs_env_blacklist:
185         hgfs_env_whitelist:
186         hgfs_mountpoint:
187         hgfs_remotes:
188         hgfs_root:
189         hgfs_saltenv_blacklist:
190         hgfs_saltenv_whitelist:
191         hgfs_update_interval:
192             60
193         http_max_body:
194             107374182400
195         http_request_timeout:
196             3600.0
197         id:
198             salt01
199         interface:
200             0.0.0.0
201         ioflo_console_logdir:
202         ioflo_period:
203             0.01
204         ioflo_realtime:
205             True
206         ioflo_verbose:
207             0
208         ipc_mode:
209             ipc
210         ipc_write_buffer:
211             0
212         ipv6:
213             False
214         jinja_env:
215             ----------
216         jinja_lstrip_blocks:
217             False
218         jinja_sls_env:
219             ----------
220         jinja_trim_blocks:
221             False
222         job_cache:
223             True
224         job_cache_store_endtime:
225             False
226         keep_acl_in_token:
227             False
228         keep_jobs:
229             24
230         key_cache:
231         key_logfile:
232             /var/log/salt/key
233         key_pass:
234             None
235         keysize:
236             2048
237         local:
238             True
239         lock_saltenv:
240             False
241         log_datefmt:
242             %H:%M:%S
243         log_datefmt_console:
244             %H:%M:%S
245         log_datefmt_logfile:
246             %Y-%m-%d %H:%M:%S
247         log_file:
248             /var/log/salt/master
249         log_fmt_console:
250             [%(levelname)-8s] %(message)s
251         log_fmt_logfile:
252             %(asctime)s,%(msecs)03d [%(name)-17s:%(lineno)-4d][%(levelname)-8s][%(process)d] %(message)s
253         log_granular_levels:
254             ----------
255         log_level:
256             warning
257         log_level_logfile:
258             warning
259         log_rotate_backup_count:
260             0
261         log_rotate_max_bytes:
262             0
263         loop_interval:
264             60
265         maintenance_floscript:
266             /usr/lib/python2.7/site-packages/salt/daemons/flo/maint.flo
267         master_floscript:
268             /usr/lib/python2.7/site-packages/salt/daemons/flo/master.flo
269         master_job_cache:
270             local_cache
271         master_pubkey_signature:
272             master_pubkey_signature
273         master_roots:
274             ----------
275             base:
276                 - /srv/salt-master
277         master_sign_key_name:
278             master_sign
279         master_sign_pubkey:
280             False
281         master_stats:
282             False
283         master_stats_event_iter:
284             60
285         master_tops:
286             ----------
287         master_use_pubkey_signature:
288             False
289         max_event_size:
290             1048576
291         max_minions:
292             0
293         max_open_files:
294             100000
295         memcache_debug:
296             False
297         memcache_expire_seconds:
298             0
299         memcache_full_cleanup:
300             False
301         memcache_max_items:
302             1024
303         min_extra_mods:
304         minion_data_cache:
305             True
306         minion_data_cache_events:
307             True
308         minionfs_blacklist:
309         minionfs_env:
310             base
311         minionfs_mountpoint:
312         minionfs_update_interval:
313             60
314         minionfs_whitelist:
315         module_dirs:
316         nodegroups:
317             ----------
318         on_demand_ext_pillar:
319             - libvirt
320             - virtkey
321         open_mode:
322             False
323         optimization_order:
324             - 0
325             - 1
326             - 2
327         order_masters:
328             False
329         outputter_dirs:
330         peer:
331             ----------
332         permissive_acl:
333             False
334         permissive_pki_access:
335             False
336         pidfile:
337             /var/run/salt-master.pid
338         pillar_cache:
339             False
340         pillar_cache_backend:
341             disk
342         pillar_cache_ttl:
343             3600
344         pillar_includes_override_sls:
345             False
346         pillar_merge_lists:
347             False
348         pillar_opts:
349             True
350         pillar_roots:
351             ----------
352             base:
353                 - /srv/pillar
354                 - /srv/spm/pillar
355         pillar_safe_render_error:
356             True
357         pillar_source_merging_strategy:
358             smart
359         pillar_version:
360             2
361         pillarenv:
362             None
363         ping_on_rotate:
364             False
365         pki_dir:
366             /etc/salt/pki/master
367         preserve_minion_cache:
368             False
369         pub_hwm:
370             1000
371         publish_port:
372             4505
373         publish_session:
374             86400
375         publisher_acl:
376             ----------
377         publisher_acl_blacklist:
378             ----------
379         python2_bin:
380             python2
381         python3_bin:
382             python3
383         queue_dirs:
384         raet_alt_port:
385             4511
386         raet_clear_remote_masters:
387             True
388         raet_clear_remotes:
389             False
390         raet_lane_bufcnt:
391             100
392         raet_main:
393             True
394         raet_mutable:
395             False
396         raet_port:
397             4506
398         raet_road_bufcnt:
399             2
400         range_server:
401             range:80
402         reactor:
403         reactor_refresh_interval:
404             60
405         reactor_worker_hwm:
406             10000
407         reactor_worker_threads:
408             10
409         regen_thin:
410             False
411         renderer:
412             yaml_jinja
413         renderer_blacklist:
414         renderer_whitelist:
415         require_minion_sign_messages:
416             False
417         ret_port:
418             4506
419         root_dir:
420             /
421         roots_update_interval:
422             60
423         rotate_aes_key:
424             True
425         runner_dirs:
426         runner_returns:
427             True
428         s3fs_update_interval:
429             60
430         salt_cp_chunk_size:
431             98304
432         saltenv:
433             None
434         saltversion:
435             2018.3.3
436         schedule:
437             ----------
438         search:
439         serial:
440             msgpack
441         show_jid:
442             False
443         show_timeout:
444             True
445         sign_pub_messages:
446             True
447         signing_key_pass:
448             None
449         sock_dir:
450             /var/run/salt/master
451         sock_pool_size:
452             1
453         sqlite_queue_dir:
454             /var/cache/salt/master/queues
455         ssh_config_file:
456             /root/.ssh/config
457         ssh_identities_only:
458             False
459         ssh_list_nodegroups:
460             ----------
461         ssh_log_file:
462             /var/log/salt/ssh
463         ssh_passwd:
464         ssh_port:
465             22
466         ssh_scan_ports:
467             22
468         ssh_scan_timeout:
469             0.01
470         ssh_sudo:
471             False
472         ssh_sudo_user:
473         ssh_timeout:
474             60
475         ssh_use_home_key:
476             False
477         ssh_user:
478             root
479         ssl:
480             None
481         state_aggregate:
482             False
483         state_auto_order:
484             True
485         state_events:
486             False
487         state_output:
488             full
489         state_output_diff:
490             False
491         state_top:
492             salt://top.sls
493         state_top_saltenv:
494             None
495         state_verbose:
496             True
497         sudo_acl:
498             False
499         svnfs_branches:
500             branches
501         svnfs_env_blacklist:
502         svnfs_env_whitelist:
503         svnfs_mountpoint:
504         svnfs_remotes:
505         svnfs_root:
506         svnfs_saltenv_blacklist:
507         svnfs_saltenv_whitelist:
508         svnfs_tags:
509             tags
510         svnfs_trunk:
511             trunk
512         svnfs_update_interval:
513             60
514         syndic_dir:
515             /var/cache/salt/master/syndics
516         syndic_event_forward_timeout:
517             0.5
518         syndic_failover:
519             random
520         syndic_forward_all_events:
521             False
522         syndic_jid_forward_cache_hwm:
523             100
524         syndic_log_file:
525             /var/log/salt/syndic
526         syndic_master:
527             masterofmasters
528         syndic_pidfile:
529             /var/run/salt-syndic.pid
530         syndic_wait:
531             5
532         tcp_keepalive:
533             True
534         tcp_keepalive_cnt:
535             -1
536         tcp_keepalive_idle:
537             300
538         tcp_keepalive_intvl:
539             -1
540         tcp_master_pub_port:
541             4512
542         tcp_master_publish_pull:
543             4514
544         tcp_master_pull_port:
545             4513
546         tcp_master_workers:
547             4515
548         test:
549             False
550         thin_extra_mods:
551         thorium_interval:
552             0.5
553         thorium_roots:
554             ----------
555             base:
556                 - /srv/thorium
557         timeout:
558             5
559         token_dir:
560             /var/cache/salt/master/tokens
561         token_expire:
562             43200
563         token_expire_user_override:
564             False
565         top_file_merging_strategy:
566             merge
567         transport:
568             zeromq
569         unique_jid:
570             False
571         user:
572             root
573         utils_dirs:
574             - /var/cache/salt/master/extmods/utils
575         verify_env:
576             True
577         winrepo_branch:
578             master
579         winrepo_cachefile:
580             winrepo.p
581         winrepo_dir:
582             /srv/salt/win/repo
583         winrepo_dir_ng:
584             /srv/salt/win/repo-ng
585         winrepo_insecure_auth:
586             False
587         winrepo_passphrase:
588         winrepo_password:
589         winrepo_privkey:
590         winrepo_pubkey:
591         winrepo_refspecs:
592             - +refs/heads/*:refs/remotes/origin/*
593             - +refs/tags/*:refs/tags/*
594         winrepo_remotes:
595             - https://github.com/saltstack/salt-winrepo.git
596         winrepo_remotes_ng:
597             - https://github.com/saltstack/salt-winrepo-ng.git
598         winrepo_ssl_verify:
599             True
600         winrepo_user:
601         worker_floscript:
602             /usr/lib/python2.7/site-packages/salt/daemons/flo/worker.flo
603         worker_threads:
604             5
605         zmq_backlog:
606             1000
607         zmq_filtering:
608             False
609         zmq_monitor:
610             False

 

5. Location of pillar files

 1 [root@salt100 ~]# vim /etc/salt/master  # Store the default path so that you don't need to modify the configuration file 
 2 # Salt Pillars allow for the building of global data that can be made selectively
 3 # available to different minions based on minion grain filtering. The Salt
 4 # Pillar is laid out in the same fashion as the file server, with environments,
 5 # a top file and sls files. However, pillar data does not need to be in the
 6 # highstate format, and is generally just key/value pairs.
 7 #pillar_roots:
 8 #  base:
 9 #    - /srv/pillar  # pillar file storage directory
10 #

 

6. Customize Pillar

6.1. pillar's sls file writing

A layer of grains is involved in the pillar SLS file

1 [root@salt100 web]# pwd  # Define a file directory for later maintenance
2 /srv/pillar/web_pillar
3 [root@salt100 web]# cat apache.sls 
4 {% if grains['os'] == 'CentOS' %}
5 apache: httpd
6 {% elif grains['os'] == 'redhat03' %}
7 apache: apache2
8 {% endif %}

 

Multilayer grains are involved in pillar SLS files

It also includes priority and or or or and

 1 [root@salt100 web]# pwd  # Define a file directory for later maintenance
 2 /srv/pillar/web_pillar
 3 [root@salt100 pillar]# cat web_pillar/service_appoint.sls   # Note how to write: Multilayer specify, include priority, or or or and
 4 {% if (grains['ip4_interfaces']['eth0'][0] == '172.16.1.11' and grains['host'] == 'salt01') 
 5    or (grains['ip4_interfaces']['eth0'][0] == '172.16.1.12' and grains['host'] == 'salt02')
 6    or (grains['ip4_interfaces']['eth0'][0] == '172.16.1.13' and grains['host'] == 'salt03')
 7 %}
 8 service_appoint: www
 9 {% elif grains['ip4_interfaces']['eth0'][0] == '172.16.1.100' %}
10 service_appoint: mariadb
11 {% endif %}

 

6.2. The top file of pillar [must have top.sls]

The pillar information is assigned to the selected minion; therefore, there must be a top file.

 1 [root@salt100 pillar]# pwd
 2 /srv/pillar
 3 [root@salt100 pillar]# cat top.sls 
 4 base:
 5   '*':
 6     - web_pillar.service_appoint
 7 
 8   # Use Wildcards
 9   'salt0*':
10     - web_pillar.apache
11   # Specify specific minion s
12   'salt03':
13     - web_pillar.apache

 

6.3. pillar information refresh and view

If salt'*'saltutil.refresh_pillar is not executed and the information is viewed directly using salt'*'pillar.items, you can also see that the information is up-to-date, but when you view the specific update item, it is old information, so the pillar refresh command must be executed.

 1 [root@salt100 pillar]# salt '*' saltutil.refresh_pillar  # Refresh
 2 salt100:
 3     True
 4 salt01:
 5     True
 6 salt02:
 7     True
 8 salt03:
 9     True
10 [root@salt100 pillar]# salt '*' pillar.item apache  # Look at specific ideas
11 salt100:
12     ----------
13     service_appoint:
14         mariadb
15 salt01:
16     ----------
17     apache:
18         apache3
19     service_appoint:
20         www
21 salt03:
22     ----------
23     apache:
24         httpd
25     service_appoint:
26         www
27 salt02:
28     ----------
29     apache:
30         httpd
31     service_appoint:
32         www

 

7. Level Relations Writing

7.1. pillar's sls file writing

 1 [root@salt100 pillar]# cat /srv/pillar/web_pillar/user.sls 
 2 level1:
 3   level2:
 4     {% if grains['os'] == 'CentOS' %}
 5     my_user: 
 6       - zhangsan01
 7       - zhangsan02
 8     {% elif grains['os'] == 'redhat03' %}
 9     my_user: lisi001
10     {% endif %}

 

7.2. The top file of pillar [must have top.sls]

 1 [root@salt100 pillar]# pwd
 2 /srv/pillar
 3 [root@salt100 pillar]# cat top.sls 
 4 # The following can be used directly, and sls supports annotations
 5 base:
 6   '*':
 7     - web_pillar.service_appoint
 8 
 9   # Use Wildcards
10   'salt0*':
11     - web_pillar.apache
12     - web_pillar.user # Quote
13   # Specify specific minion s
14   'salt03':
15     - web_pillar.apache
16     - web_pillar.user # Quote

 

7.3. pillar information refresh and view

 1 [root@salt100 pillar]# salt '*' saltutil.refresh_pillar  # Refresh pillar
 2 ………………
 3 [root@salt100 pillar]# salt '*' pillar.items  # View all information
 4 salt03:
 5     ----------
 6     apache:
 7         httpd
 8     level1:
 9         ----------   # This row represents a hierarchy
10         level2:
11             ----------
12             my_user:
13                 - zhangsan01
14                 - zhangsan02
15     service_appoint:
16         www
17 salt02:
18     ----------
19     apache:
20         httpd
21     level1:
22         ----------
23         level2:
24             ----------
25             my_user:
26                 - zhangsan01
27                 - zhangsan02
28     service_appoint:
29         www
30 salt01:
31     ----------
32     apache:
33         apache3
34     level1:
35         ----------
36         level2:
37             ----------
38             my_user:
39                 lisi001
40     service_appoint:
41         www
42 salt100:
43     ----------
44     service_appoint:
45         mariadb
46 [root@salt100 pillar]# salt '*' pillar.item level1  # View the information for the specified level 1 
47 salt03:
48     ----------
49     level1:
50         ----------
51         level2:
52             ----------
53             my_user:
54                 - zhangsan01
55                 - zhangsan02
56 salt02:
57     ----------
58     level1:
59         ----------
60         level2:
61             ----------
62             my_user:
63                 - zhangsan01
64                 - zhangsan02
65 salt01:
66     ----------
67     level1:
68         ----------
69         level2:
70             ----------
71             my_user:
72                 lisi001
73 salt100:
74     ----------
75     level1:

 

7.4. Multilevel Viewing

 1 [root@salt100 pillar]# salt '*' pillar.item level1:level2  # Multilevel access 
 2 salt01:
 3     ----------
 4     level1:level2:
 5         ----------
 6         my_user:
 7             lisi001
 8 salt03:
 9     ----------
10     level1:level2:
11         ----------
12         my_user:
13             - zhangsan01
14             - zhangsan02
15 salt02:
16     ----------
17     level1:level2:
18         ----------
19         my_user:
20             - zhangsan01
21             - zhangsan02
22 salt100:
23     ----------
24     level1:level2:
25 [root@salt100 pillar]# salt '*' pillar.item level1:level2:my_user  # Multilevel access 
26 salt01:
27     ----------
28     level1:level2:my_user:
29         lisi001
30 salt03:
31     ----------
32     level1:level2:my_user:
33         - zhangsan01
34         - zhangsan02
35 salt02:
36     ----------
37     level1:level2:my_user:
38         - zhangsan01
39         - zhangsan02
40 salt100:
41     ----------
42     level1:level2:my_user:
43 [root@salt100 web_pillar]# salt '*' pillar.item level1:level2:my_user:0  # Take the first value in the list
44 salt03:
45     ----------
46     level1:level2:my_user:0:
47         zhangsan01
48 salt01:
49     ----------
50     level1:level2:my_user:0:
51 salt02:
52     ----------
53     level1:level2:my_user:0:
54         zhangsan01
55 salt100:
56     ----------
57     level1:level2:my_user:0:

 

8. Pillar usage

8.1. Query pillar's specified information

 1 [root@salt100 pillar]# salt 'salt0*' pillar.item apache  # Wildcard matching
 2 salt03:
 3     ----------
 4     apache:
 5         httpd
 6 salt02:
 7     ----------
 8     apache:
 9         httpd
10 salt01:
11     ----------
12     apache:
13         apache3
14 [root@salt100 pillar]# salt 'salt0*' pillar.item level1:level2:my_user  # Multilayer query
15 salt01:
16     ----------
17     level1:level2:my_user:
18         lisi
19 salt02:
20     ----------
21     level1:level2:my_user:
22         zhangsan
23 salt03:
24     ----------
25     level1:level2:my_user:
26         zhangsan
27 [root@salt100 web_pillar]# salt '*' pillar.item level1:level2:my_user:0  # Take the first value in the list
28 salt03:
29     ----------
30     level1:level2:my_user:0:
31         zhangsan01
32 salt01:
33     ----------
34     level1:level2:my_user:0:
35 salt02:
36     ----------
37     level1:level2:my_user:0:
38         zhangsan01
39 salt100:
40     ----------
41     level1:level2:my_user:0:

 

8.2. Query information through pillar

1 [root@salt100 pillar]# salt -I 'apache:httpd' cmd.run 'echo "zhangliang $(date +%Y)"'  # Configuration via pillar
2 salt02:
3     zhangliang 2018
4 salt03:
5     zhangliang 2018
6 [root@salt100 pillar]# salt -I 'level1:level2:my_user:lisi' cmd.run 'whoami'  # pillar multilevel matching 
7 salt01:
8     root

 

9. Use pillar in top file of state SLS

9.1. top.sls

1 [root@salt100 salt]# pwd
2 /srv/salt
3 [root@salt100 salt]# cat top.sls 
4 base:
5   # Using pillar matching, add the following lines
6   'level1:level2:my_user':
7     - match: pillar
8     - web.apache

 

9.2. state.highstate execution

1 [root@salt100 salt]# salt 'salt01' state.highstate test=True # Normal pre-execution
2 [root@salt100 salt]# salt 'salt01' state.highstate           # Normal execution

Topics: Linux Apache saltstack MariaDB vim