SALTSTACK - STATE CON JINJA2 Y PILLAR

En esta sesión combinamos la información disponible en Pillar, junto con templates en Jinja2 para la creación de un state

Cargando video...

NOTA: Solo puedes ver una versión limitada del video a baja resolución, si quieres ver la versión completa por favor regístrate y obtén alguno de nuestros planes!

Descripción del Vídeo

La data de Pillar es automáticamente refrescada  cada vez que se ejecuta una acción, sin embargo en algunos casos es conveniente realizar esta operación de forma manual.

$> sudo salt '*' saltutil.refresh_pillar
suminion:
    True
myminion:
    True

Si todo ocurrió sin inconvenientes, se podrán realizar preguntas de la data cargada a los minions

sudo salt '*' pillar.items
myminion:
    ----------
    foo:
        bar
    my_ssh_key:
             ssh-rsa AAAB3NzaC1yc2EAAAADAQABAAABAQD2GYsVWZiwBKqxHG/Ebu9f7WqEgfyRQfKzxTVObEV3S5QLgWZv4zC74ZUvX+Ksj5m1FdfAirNqBdTOkmEdrqGCRl0bT7hVncICUWPxZ5B+Pr3E6q9RJDYIsT2nrvV4vOO7wlEwIS17BczGv/0QQPwJB5PLwlyjxq2ielKyH+sc9U56Xz/IH/5QWSV7s2vUJQOLqGl40108pef2LH36kn/Bx1IbMKm3ao7QslZGov3vJfgtY4+cjFK9qBYG/YDTDyUFHlM0MldvDJr9/I/M5xlUGoY19w2gIgb/IXr7grYsbshzLM8VkYBIjOIs0b4AJ3OkwloUU6e2Xg99hFdVgA0T root@client02.inc.home
    my_ssh_key_name:
          authorized_keys
    some_more_data:
        data
    users:
        - larry
        - moe
        - curly

$>  sudo vi  /srv/salt/user.sls

{% for user in pillar['users'] %}
user_{{user.name}}:
  group.present:
    - name: {{user.name}}
    - gid: {{user.gid}}

  user.present:
    - name: {{user.name}}
    - fullname: {{user.fullname}}
    - password: {{user.shadow}}
    - shell: {{user.shell}}
    - uid: {{user.uid}}
    - gid: {{user.gid}}
    {% if user.groups %}
    - optional_groups:
      {% for group in user.groups %}
      - {{group}}
      {% endfor %}
    {% endif %}
    - require:
      - group: user_{{user.name}}

  file.directory:
    - name: /home/{{user.name}}
    - user: {{user.name}}
    - group: {{user.name}}
    - mode: 0751
    - makedirs: True

user_{{user.name}}_forward:
  file.append:
    - name: /home/{{user.name}}/.forward
    - text: {{user.email}}

user_{{user.name}}_sshdir:
  file.directory:
    - name: /home/{{user.name}}/.ssh
    - user: {{user.name}}
    - group: {{user.name}}
    - mode: 0700

{% if 'authkey' in user %}
user_{{user.name}}_authkeys:
  ssh_auth.present:
    - user: {{user.name}}
    - name: {{user.authkey}}
{% endif %}

{% if 'sshpriv' in user %}
user_{{user.name}}_sshpriv:
  file.managed:
    - name: /home/{{user.name}}/.ssh/id_rsa
    - user: {{user.name}}
    - group: {{user.name}}
    - mode: 0600
    - contents_pillar: {{user.sshpriv}}
{% endif %}

{% if 'sshpub' in user %}
user_{{user.name}}_sshpub:
  file.managed:
    - name: /home/{{user.name}}/.ssh/id_rsa.pub
    - user: {{user.name}}
    - group: {{user.name}}
    - mode: 0600
    - contents_pillar: {{user.sshpub}}
{% endif %}
{% endfor %} # user in users
# vim: ft=yaml tabstop=2 sts=2 sw=2 et ai si


$>  sudo vi  /srv/pillar/top.sls 

base:
  '*':
   - users


$>  sudo vi  /srv/pillar/user.sls

users:

  - name: pperez
    fullname: Pedro Perez
    email: pperez@hola.com
    uid: 5000
    shell: /bin/bash
    gid: 6001
    groups:
      - games
    shadow: $6$uEAhu9iS$gUDjrkVoo6SJQYm0C//JKGWomxx9PIwDR0iLs0JHjrmhn6tkn2U/NkVm5K22sHaWSw.PvDpyUitJUFoJhcMvU1
    authkey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCvoAy2UYDyFwjsg9GpwgasJqYJJeRknh1coJB1w0p0qD1jumwVYO9S/BNOc0fXUOUDwZSMCvv+xJGZg1jMc8eDRMp559wTahGGz7lX1XPrMrljta9lyV5djR7GzyvvvlCffp/Z1INelWbHVQbz/f46cgpxpybhxtJjqpOhe6yULcYcP9zuWeyC5tOkZhMxB91o0yUMou9Kr88uLp/DRI3sBzd9aFmJgU9AgUIKIMJX6Z1eOWAWKccnQwNSQUDJ1GQ+utAUQ/38I7+N7/QFgz60TClMmsWIHFQ9vF+Qqh3rZHhQvzCyW2PzYlcc6diGh934wTi/Xa1BmTA5/T4bCFl1 root@salt01
    sshpub: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCvoAy2UYDyFwjsg9GpwgasJqYJJeRknh1coJB1w0p0qD1jumwVYO9S/BNOc0fXUOUDwZSMCvv+xJGZg1jMc8eDRMp559wTahGGz7lX1XPrMrljta9lyV5djR7GzyvvvlCffp/Z1INelWbHVQbz/f46cgpxpybhxtJjqpOhe6yULcYcP9zuWeyC5tOkZhMxB91o0yUMou9Kr88uLp/DRI3sBzd9aFmJgU9AgUIKIMJX6Z1eOWAWKccnQwNSQUDJ1GQ+utAUQ/38I7+N7/QFgz60TClMmsWIHFQ9vF+Qqh3rZHhQvzCyW2PzYlcc6diGh934wTi/Xa1BmTA5/T4bCFl1 root@salt01

  - name: mgonzalez
    fullname: Maria Gonzalez
    email: mgonzalez@hola.com
    uid: 7001
    shell: /bin/bash
    gid: 7001
    groups:
      - games
    shadow: $6$uEAhu9iS$gUDjrkVoo6SJQYm0C//JKGWomxx9PIwDR0iLs0JHjrmhn6tkn2U/NkVm5K22sHaWSw.PvDpyUitJUFoJhcMvU1
    authkey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCvoAy2UYDyFwjsg9GpwgasJqYJJeRknh1coJB1w0p0qD1jumwVYO9S/BNOc0fXUOUDwZSMCvv+xJGZg1jMc8eDRMp559wTahGGz7lX1XPrMrljta9lyV5djR7GzyvvvlCffp/Z1INelWbHVQbz/f46cgpxpybhxtJjqpOhe6yULcYcP9zuWeyC5tOkZhMxB91o0yUMou9Kr88uLp/DRI3sBzd9aFmJgU9AgUIKIMJX6Z1eOWAWKccnQwNSQUDJ1GQ+utAUQ/38I7+N7/QFgz60TClMmsWIHFQ9vF+Qqh3rZHhQvzCyW2PzYlcc6diGh934wTi/Xa1BmTA5/T4bCFl1 root@salt01
    sshpub: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCvoAy2UYDyFwjsg9GpwgasJqYJJeRknh1coJB1w0p0qD1jumwVYO9S/BNOc0fXUOUDwZSMCvv+xJGZg1jMc8eDRMp559wTahGGz7lX1XPrMrljta9lyV5djR7GzyvvvlCffp/Z1INelWbHVQbz/f46cgpxpybhxtJjqpOhe6yULcYcP9zuWeyC5tOkZhMxB91o0yUMou9Kr88uLp/DRI3sBzd9aFmJgU9AgUIKIMJX6Z1eOWAWKccnQwNSQUDJ1GQ+utAUQ/38I7+N7/QFgz60TClMmsWIHFQ9vF+Qqh3rZHhQvzCyW2PzYlcc6diGh934wTi/Xa1BmTA5/T4bCFl1 root@salt01


Rating

Global

Ver video en playlist

comments powered by Disqus