Salt Pillars & Formulas

Guangzhou, China

Working with Secure Data
Working with Formulas

Working with Pillars

Pillars in Salt is arbitrary, minion-specific data. There is a large volume of Pillar Modules available to pull this data into Salt from external sources.

Instructions on how to pull this data in is stored in *.sls files. Start by creating the directory /srv/pillar and add the following files:

top.sls

base:
  '*':
    - name

The Top File sets the permission - what minions have access to a specific file. In this case all minions will have access to the file name.sls:

name.sls

{% if grains.os == 'Ubuntu' %}
name: Ubuntu Rocks
{% elif grains.os == 'Centos' %}
name: CentOS Rocks
{% endif %}

We can clean this up by using a dictionary:

{% set lookup = {
  'Ubuntu': 'Ubuntu Rocks',
  'Centos': 'Centos Rocks'
} %}

{% set name = lookup[grains.os] %}

name: {{ name | json() }}

Or:

{% set os = salt.grains.filter_by({
    'Ubuntu': {
        'name': 'Ubuntu Rocks'
    },
    'Centos': {
        'name': 'Centos Rocks'
    }
}) %}

name: {{ os.name }}

Run the following command to update all minions:

sudo salt '*' saltutil.refresh_pillar

ubuntuAsus:
    True

We can use this data for example in our Apache landing page (see previous tutorial):

welcome.sls

# Adding a blank front page
{% set name = salt.pillar.get('name') %}

check_pillar_values:
  test.check_pillar:
    - present:
      - name
    - failhard: True

welcome_page:
  file.managed:
    - name: /var/www/html/index.html
    - contents: |
        <!doctype html>
        <body>
            <h1>{{ name }}.</h1>
        </body>

You should be able to see that you Minions have access to your pillars:

sudo salt '*' pillar.items

And check that your front page was updated:

sudo salt '*' state.sls apache.welcome

You can also manually set the value of name - but this data will be send to all minions and is NOT PRIVATE:

sudo salt '*' state.sls apache.welcome pillar='{name: Override}'

Working with Formulas

Formulas are pre-written Salt States. They are as open-ended as Salt States themselves and can be used for tasks such as installing a package, configuring, and starting a service, setting up users or permissions, and many other common tasks.

All official Salt Formulas are found as separate Git repositories in the 'saltstack-formulas' organization on GitHub. They can be downloaded using the GIT Fileserver Backend. To be able to use Git you first have to uncomment it in your /etc/salt/master config. Or use a local.conf in /etc/salt/master.d/local.conf:

fileserver_backend:
  - git
  - roots

gitfs_remotes:
  - https://github.com/saltstack-formulas/memcached-formula

After adding your desired Formulas restart the Salt master and use the cp.list_master or cp.list_states command to get a list of all available configuration files to make sure that memcached was successfully cloned from Github:

sudo systemctl restart salt-master

sudo salt ubuntuAsus cp.list_states
ubuntuAsus:
    - apache
    - apache.map
    - apache.mods
    - apache.welcome
    - memcached
    - memcached.config
    - memcached.libmemcached
    - memcached.macros
    - memcached.python_memcached
    - memcached.uninstall

Continue installing the following package:

on CentOS

yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
yum install GitPython

on Ubuntu

sudo apt install python-git-doc