https://tech.uvoo.io/index.php?action=history&feed=atom&title=Salt_Cheat_Sheet Salt Cheat Sheet - Revision history 2026-05-01T13:06:05Z Revision history for this page on the wiki MediaWiki 1.35.2 https://tech.uvoo.io/index.php?title=Salt_Cheat_Sheet&diff=716&oldid=prev Busk: Created page with "- Shameless rip from - https://sites.google.com/site/mrxpalmeiras/saltstack/salt-cheat-sheet ``` Contents 1 BOOTSTRAP 2 SERVICES 3 TARGETING 4 KEY MANAGEMENT 5 SERVER DIAGN..." 2020-07-21T12:31:49Z <p>Created page with &quot;- Shameless rip from - https://sites.google.com/site/mrxpalmeiras/saltstack/salt-cheat-sheet ``` Contents 1 BOOTSTRAP 2 SERVICES 3 TARGETING 4 KEY MANAGEMENT 5 SERVER DIAGN...&quot;</p> <p><b>New page</b></p><div>- Shameless rip from<br /> - https://sites.google.com/site/mrxpalmeiras/saltstack/salt-cheat-sheet<br /> <br /> ```<br /> Contents<br /> <br /> 1 BOOTSTRAP<br /> 2 SERVICES<br /> 3 TARGETING<br /> 4 KEY MANAGEMENT<br /> 5 SERVER DIAGNOSTICS<br /> 6 GRAINS<br /> 7 MINE<br /> 8 PACKAGES AND INSTALLATION<br /> 9 JOBS AND PROCESS CONTROL<br /> 10 REACTOR<br /> 11 DEBUG<br /> 12 FILE OPERATIONS<br /> 13 USER AND GROUP MGMT<br /> 14 STATES<br /> 15 SSH Management (Agentless)<br /> 16 PILLAR<br /> 17 PORTS &amp; NETWORK<br /> 18 JINJA<br /> 19 ETC<br /> DOCS &amp; FILES<br /> Modules List<br /> https://docs.saltstack.com/en/latest/salt-modindex.html<br /> State List<br /> https://docs.saltstack.com/en/latest/ref/states/all/index.html#all-salt-states<br /> <br /> Salt source files<br /> /usr/lib/python&lt;version&gt;/site-packages/salt<br /> <br /> <br /> BOOTSTRAP<br /> Bootstrap Install<br /> https://repo.saltstack.com/#bootstrap<br /> <br /> wget -O bootstrap_salt.sh https://bootstrap.saltstack.com <br /> <br /> install Master<br /> sh bootstrap_salt.sh -M <br /> <br /> install specific Salt version<br /> sh bootstrap_salt.sh git v2015.8.8<br /> SERVICES<br /> <br /> Start / Stop / Restart service on Minion<br /> salt 'target' service.start &quot;service name&quot; (start/stop/restart)<br /> <br /> Restart Minion on Win target<br /> salt 'target' cmd.run 'start powershell &quot;Restart-Service -Name salt-minion&quot;'<br /> <br /> Restart Minion on Linux target<br /> salt 'target' cmd.run 'service salt-minion restart&quot;'<br /> <br /> Execute a script remotely<br /> salt target cmd.exec_code python 'import sys; print sys.version'<br /> 2.7.8 GCC 4.9.1<br /> <br /> salt target cmd.exec_code sh 'echo $PATH'<br /> /usr/local/bin:/usr/local/sbin<br /> <br /> Check service on minion<br /> salt target service.status httpd<br /> <br /> Check if service is available<br /> salt target service.available httpd<br /> <br /> get all services<br /> salt target service.get_all<br /> <br /> reload a service config (avoids restart)<br /> salt target service.reload httpd<br /> <br /> start | stop | restart a service<br /> salt target service.start httpd<br /> <br /> <br /> TARGETING<br /> by OS grain<br /> salt -G os:Windows cmd.run &quot;net stop Firewall&quot; <br /> <br /> by other grains<br /> salt –G 'server_type:app and env:prod' state.highstate<br /> <br /> target EC2 instances only<br /> salt -G uuid:ec2\* test.ping<br /> <br /> compound match<br /> salt –C 'server_type:web and clo*' state.sls nginx<br /> <br /> list based match<br /> salt –L 'hostname1,hostname2,hostname3' state.sls ntp<br /> <br /> Nodegroup match<br /> salt –N ny_db_servers cmd.run 'ps –ef | grep mysql'<br /> <br /> regex OR<br /> salt -E &quot;(nyweb|db5)&quot; test.ping<br /> <br /> by pillar value<br /> salt -I 'role:webserver' test.ping<br /> KEY MANAGEMENT<br /> <br /> Add Minions to Master<br /> salt-key -L (show pending to be accepted)<br /> salt-key -A (accept all pending)<br /> salt-key -a target (accept by hostname)<br /> <br /> Remove inactive minions from Salt<br /> salt-run manage.down removekeys=True<br /> <br /> Remove minions by name<br /> salt-key -D targetName<br /> <br /> <br /> SERVER DIAGNOSTICS<br /> <br /> Test Connection<br /> salt 'target' test.ping<br /> <br /> Diagnostics<br /> salt target status.all_status // gets all info<br /> status.cpu_info<br /> status.cpustats<br /> status.uptime<br /> status.diskusage // or disk.usage<br /> status.loadavg<br /> status.meminfo<br /> status.netdev // network device<br /> status.netstats //network stats<br /> status.procs<br /> status.version //system version<br /> status.vmstats //virtual mem stats<br /> status.w //who is logged in<br /> <br /> Show Minions by State (Up/Down)<br /> salt-run manage.up<br /> salt-run manage.down<br /> salt-run manage.status (show all by status)<br /> <br /> <br /> Compliance and Audit<br /> <br /> to get a compliance result, run a State check with test=True<br /> salt \* state.highstate test=True<br /> <br /> This will return any differences from existing configuration to whats in<br /> the Top file<br /> <br /> <br /> Show Salt Master version<br /> salt --versions-report<br /> <br /> Show Salt Minion version<br /> salt-call --versions-report<br /> <br /> <br /> Start Minion in Debug mode<br /> salt-master --log-level=debug<br /> <br /> Restart everything on Master:<br /> pkill salt-minion //Kill minion<br /> pkill salt-syndic // Kill Syndic<br /> salt-run cache.clear_all //Clear all cache<br /> salt '*' saltutil.sync_grains //Sync grains<br /> salt-master -d //Start master daemon<br /> salt-minion -d //Start minion daemon<br /> salt-syndic -d //Start syndic daemon<br /> <br /> Agent Env Info<br /> <br /> show all information about a minion (lots of data)<br /> salt minion status.all_status<br /> <br /> show memory<br /> salt minion status.meminfo<br /> <br /> show disk usage<br /> salt minion status.diskusage<br /> <br /> show who is logged in<br /> salt minion status.w<br /> <br /> GRAINS<br /> <br /> Show Grain data<br /> salt '*' grains.ls <br /> salt '*' grains.items<br /> <br /> get specific Grain <br /> salt cent7 grains.get selinux<br /> cent7:<br /> ----------<br /> enabled:<br /> True<br /> enforced:<br /> Enforcing<br /> <br /> can also do the same with <br /> salt cent7 grains.item selinux<br /> <br /> set a Grain data on a node<br /> salt cent7 grains.set 'apps:Myapp:port' 2500<br /> <br /> salt cent7 grains.item apps<br /> cent7:<br /> ----------<br /> apps:<br /> ----------<br /> Myapp:<br /> ----------<br /> port:<br /> 2500<br /> <br /> <br /> All grain data is stored on the minion in /etc/salt/grains file<br /> if adding more data manually, refresh Grains on the Master to pick up changes<br /> salt target saltutil.refresh_modules<br /> <br /> Use grain in a state file<br /> apache:<br /> pkg.installed:<br /> {% if grains['os'] == 'RedHat' %}<br /> - name: httpd<br /> <br /> <br /> show JSON output<br /> salt target grains.item ipv4 --out=json<br /> {<br /> &quot;target&quot;: {<br /> &quot;ipv4&quot;: [<br /> &quot;10.0.2.15&quot;, <br /> &quot;127.0.0.1&quot;, <br /> &quot;192.168.56.102&quot;<br /> ]<br /> }<br /> }<br /> <br /> <br /> Use grain as a variable<br /> {% set nodename = grains['nodename'] %}<br /> <br /> base:<br /> '*':<br /> - common<br /> - packages<br /> - users<br /> - servers.{{ nodename }}<br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> MINE<br /> <br /> show mine data<br /> salt \* mine.get \* x509.get_pem_entries<br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> PACKAGES AND INSTALLATION<br /> <br /> Verbose output (timeout 300 sec)<br /> salt 'target' state.hightstate -t 300 -v<br /> <br /> Show package version<br /> salt 'target' pkg.version apache<br /> <br /> install package on minions<br /> salt 'target' pkg.install apache<br /> <br /> Uninstall pkg<br /> salt 'target' pkg.remove 'npp'<br /> salt 'target' pkg.purge 'npp'<br /> <br /> Show Installed Packages or Software<br /> salt 'target' pkg.list_pkgs<br /> <br /> show all packages that need updates<br /> salt target pkg.list_upgrades<br /> <br /> upgrade all packages<br /> salt target pkg.upgrade<br /> <br /> <br /> Windows (Chocolatey)<br /> install chocolatey<br /> salt wintarget chocolatey.bootstrap <br /> <br /> install pkg using choco<br /> salt mrxwin7 chocolatey.install 7zip <br /> <br /> <br /> <br /> JOBS AND PROCESS CONTROL<br /> <br /> Show all Salt jobs run history<br /> salt-run jobs.list_jobs<br /> <br /> Show active Salt jobs<br /> salt-run jobs.active // returns a Job ID<br /> <br /> Show currently running processes on a minion<br /> salt '*' saltutil.running<br /> <br /> Kill active job<br /> salt 'target' saltutil.kill_job $JOB_ID<br /> salt '*' saltutil.term_job &lt;job id&gt;<br /> <br /> Clear Job cache<br /> salt '*' saltutil.clear_cache<br /> <br /> <br /> REACTOR<br /> <br /> examples of reactor matching<br /> <br /> /etc/salt/master.d/reactor.conf<br /> reactor:<br /> - 'sayhello':<br /> - /srv/reactor/test.sls<br /> <br /> /srv/reactor/test.sls<br /> {% if data['id'].startswith('web') %}<br /> sayhello:<br /> local.state.apply:<br /> - tgt: {{ data['id'] }}<br /> - arg:<br /> - say-hello<br /> <br /> local.cmd.run:<br /> - tgt: minion1<br /> - arg: <br /> - &quot;echo 'hello' &gt; /tmp hello&quot;<br /> <br /> {% endif %}<br /> <br /> <br /> DEBUG<br /> <br /> Run highstate in debug<br /> salt-call -l debug state.highstate<br /> <br /> Run specific state in debug<br /> salt-call -l debug state.sls elasticsearch<br /> <br /> show highstate process (debug YAML syntax errors)<br /> salt-call state.show_highstate<br /> <br /> show specific State details<br /> salt 'target' state.show_sls apache <br /> <br /> show only Changed and Failed during run<br /> modify /etc/salt/master and /etc/salt/minion, restart Master after change<br /> state_verbose: True<br /> state_output: mixed<br /> <br /> start minion in debug, see connection errors<br /> salt-minion -l debug<br /> <br /> https://docs.saltstack.com/en/latest/topics/troubleshooting/minion.html<br /> <br /> if Master not seeing Minion key requests, add IPTables rules to Master,<br /> root@master# iptables -I INPUT -s 172.31.23.0/24 -p tcp -m multiport --dports 4505,4506 -j ACCEPT<br /> root@master# iptables -I INPUT -s 172.31.25.0/24 -p tcp -m multiport --dports 4505,4506 -j ACCEPT<br /> <br /> # reject everything else,<br /> root@master# iptables -A INPUT -p tcp -m multiport --dports 4505,4506 -j REJECT<br /> <br /> Log Jinja variables to Minion<br /> {% do salt.log.error('testing jinja logging') -%}<br /> <br /> show Options passed to a State (ie, test=true)<br /> {% do salt.log.error(opts['test']) -%}<br /> <br /> Output variables from State file,<br /> show_var:<br /> - test.show_notification:<br /> - text: This is my var {{ var }}<br /> <br /> <br /> <br /> Exit w failure message<br /> <br /> fail_run:<br /> test.fail_without_changes:<br /> - name: your message here<br /> <br /> <br /> <br /> <br /> FILE OPERATIONS<br /> Check if file contains a string (true/false)<br /> salt '*' file.contains /etc/ssh/sshd_config 'Port'<br /> <br /> Check if a file on the Salt minions contains a certain regex (search file on minions):<br /> salt &quot;*&quot; file.contains_regex /etc/resolv.conf &quot;timeout.4&quot;<br /> <br /> check if file is a file or directory<br /> salt target file.stats /etc/hosts<br /> <br /> Find a file<br /> salt '*' file.find /etc name=host\*.\*<br /> result<br /> - /etc/host.conf<br /> - /etc/hosts.allow<br /> - /etc/hosts.deny'<br /> copy small file ( &gt; 100kb) from Master to minion<br /> salt-cp 'target' /opt/file (source) /opt (destination)<br /> <br /> copy dir from Master /srv/salt area to minion<br /> salt 'target' cp.get_dir salt://myDir /target/dir<br /> <br /> copy large file from Master /srv/salt/distribution folder to minion<br /> salt 'target' cp.get_file salt://distribution/myFile.tar /tmp/myFile.tar<br /> <br /> <br /> copy file from one minion to another using MinionFS (only works on Salt 2016.3.2)<br /> https://docs.saltstack.com/en/latest/topics/tutorials/minionfs.html<br /> <br /> add MinionFS to master conf file<br /> vi /etc/salt/master<br /> <br /> add this lines: <br /> minionfs_mountpoint: salt://minionfs<br /> file_recv: True<br /> <br /> restart Master<br /> <br /> get the file from the minion and store it in MinionFS<br /> salt 'target' cp.push /path/to/file/or/dir/on/minion<br /> <br /> files are stored on Master in here:<br /> /var/cache/salt/master/minions/&lt;minion&gt;<br /> <br /> <br /> copy file from Minion to Master<br /> on Master, set &quot;file_recv: True&quot; in /etc/salt/master, restart Master<br /> <br /> to copy file, <br /> <br /> salt \* cp.push /path/to/file/on/minion<br /> <br /> all files are stored on Master /var/cache/salt/master/minions/&lt;minion&gt;/files<br /> <br /> add host entry to a minion<br /> salt target hosts.add_host 192.168.55.100 hostname<br /> <br /> Replace contents of file with new value<br /> salt '*' file.sed /etc/ssh/sshd_config 'Port 22' 'Port 2201'<br /> <br /> Create folder<br /> salt '*' file.makedirs /tmp/testFolder/ (for windows use native Win syntax, ie C:/temp/dir)<br /> <br /> Delete folder<br /> salt '*' file.remove /tmp/testFolder<br /> <br /> Create new file<br /> salt '*' file.touch /tmp/testFolder/emptyFile<br /> <br /> manage file content in State file<br /> /etc/fstab:<br /> file.line: <br /> - content: &quot;proc /proc&quot;<br /> - mode: insert<br /> - after<br /> <br /> replace contents of file<br /> update_modprobe:<br /> file.replace:<br /> - name: /etc/modprobe.d/salt_cis.conf<br /> - pattern: &quot;^install {{ fs }} /bin/true&quot;<br /> - repl: install {{ fs }} /bin/true<br /> - append_if_not_found: True<br /> <br /> create symlink<br /> symlink:<br /> file.symlink:<br /> - name: /path/to/A<br /> - target: /symlink/path/A<br /> create directory<br /> <br /> /home/qb/q3:<br /> file.directory:<br /> - user: qb<br /> - group: qb<br /> - dir_mode: 755<br /> - file_mode: 755<br /> - require:<br /> - user: qb<br /> <br /> replace file contents using Augeas<br /> sshd_config:<br /> augeas.change:<br /> - context: /files/etc/ssh/sshd_config<br /> - changes:<br /> - set Port 8888<br /> - set PasswordAuthentication yes<br /> - set PubkeyAuthentication yes<br /> <br /> copy directory from Master to minion<br /> <br /> app_ta_nix_dir:<br /> file.recurse:<br /> - name: /opt/splunkforwarder/etc/apps/Splunk_TA_nix<br /> - source: salt://{{ slspath }}/files/apps/Splunk_TA_nix<br /> - makedirs: True<br /> - user: splunk<br /> - group: splunk<br /> - file_mode: 0755<br /> <br /> File Managed<br /> <br /> try several files if 1st one doesnt exist<br /> <br /> monit_config:<br /> file.managed:<br /> - name: /etc/monit/monit.conf<br /> - source: <br /> - salt://{{ slspath }}/files/configs/host/{{ grains.id }}.j2<br /> - salt://{{ slspath }}/files/configs/profile/{{ salt['pillar.get']('profile') }}.j2<br /> - salt://{{ slspath }}/files/configs/default.j2<br /> - template: jinja<br /> - makedirs: True<br /> - mode: 0600<br /> - user: monit<br /> - group: monit<br /> <br /> <br /> USER AND GROUP MGMT<br /> <br /> Set user's password to 123123<br /> salt '*' shadow.set_password user02<br /> '$6$EYk3o52W$DaSUIfHpYMBkSShFYXdODyrHbmQlCNKFghNl9FZzZshUn240GCOn5szQ3piyBMtt/x4m.'<br /> <br /> Generate a password<br /> salt 'target' shadow.gen_password myP@ssword<br /> $6$nTul6WP1$EJ6THWEYKgOuGjqSEhnv8ZcYET6z/sDsSB.YBoyImRWEoDjguvcUahnY3UuNtNpECVhwxsjWI6ucvCc1<br /> <br /> Additional ways to generate you own password:<br /> python -c &quot;import crypt, getpass, pwd; print crypt.crypt('yourpassword', '\$6\$SALTsalt\$')&quot;<br /> openssl passwd -1<br /> <br /> Add User<br /> salt target user.add Joe<br /> <br /> Remove User<br /> salt '*' user.delete Joe remove=True force=True<br /> <br /> Show all users on a target<br /> salt target user.list_users<br /> <br /> Info on all users on a target<br /> salt target user.getent<br /> <br /> Info on specific user<br /> salt target user.info Joe<br /> <br /> Add User to Group<br /> salt target user.chgroups Joe Administrator, LocalAdmin True<br /> // or<br /> salt target group.adduser admins Joe<br /> <br /> Remove User from Group<br /> salt target group.deluser admins Joe<br /> <br /> Show users Groups<br /> salt target user.list_groups Joe<br /> <br /> Change Users Shell<br /> salt '*' user.chshell user02 /bin/bash<br /> <br /> get info on all groups<br /> salt target group.getent<br /> <br /> get info o a particular group<br /> salt target group.info splunk<br /> <br /> Delete group<br /> salt target group.delete splunk<br /> <br /> STATES<br /> Highstate <br /> salt '*' state.highstate<br /> <br /> Deploy specific state<br /> salt '*' state.apply webserver<br /> Run multiple state executions on same minion at once (by design Salt limits 1 state per minion at once)<br /> salt target state.sls yourState concurrent=True<br /> <br /> <br /> Requisites <br /> <br /> https://docs.saltstack.com/en/latest/ref/states/requisites.html<br /> <br /> <br /> unless<br /> vim:<br /> pkg.installed:<br /> - unless:<br /> - rpm -q vim-enhanced<br /> - ls /usr/bin/vim<br /> <br /> onlyif<br /> set_RTC:<br /> cmd.run:<br /> - name: &quot;/usr/bin/timedatectl set-local-rtc 0&quot;<br /> - onlyif: &quot;/usr/bin/timedatectl | grep &quot;RTC in local TZ&quot; | grep yes&quot;<br /> <br /> <br /> require<br /> bar:<br /> pkg.installed:<br /> - require:<br /> - sls: foo<br /> <br /> onchanges<br /> extract_package:<br /> archive.extracted:<br /> - name: /usr/local/share/myapp<br /> - source: /usr/local/share/myapp.tar.xz<br /> - archive_format: tar<br /> - onchanges:<br /> - file: Deploy server package<br /> <br /> watch<br /> ntpd:<br /> service.running:<br /> - watch:<br /> - file: /etc/ntp.conf<br /> <br /> prereq<br /> prereq allows for actions to be taken based on the expected results of a state that has not yet been executed. The state containing the prereq requisite is defined as the pre-requiring state. The state specified in the prereq statement is defined as the pre-required state.<br /> <br /> graceful-down:<br /> cmd.run:<br /> - name: service apache graceful<br /> - prereq:<br /> - file: site-code<br /> <br /> use<br /> The use requisite is used to inherit the arguments passed in another id declaration. This is useful when many files need to have the same defaults.<br /> /etc/foo.conf:<br /> file.managed:<br /> - source: salt://foo.conf<br /> - template: jinja<br /> - mkdirs: True<br /> - user: apache<br /> - group: apache<br /> - mode: 755<br /> <br /> /etc/bar.conf:<br /> file.managed:<br /> - source: salt://bar.conf<br /> - use:<br /> - file: /etc/foo.conf<br /> <br /> require_in<br /> vim:<br /> pkg.installed:<br /> - require_in:<br /> - file: /etc/vimrc<br /> <br /> import YAML data into a state (same with import_json, import_text)<br /> <br /> {% import_yaml 'formula/facl/files/configs/test.yaml' as myconfig %}<br /> <br /> show_config:<br /> - test.show_notification:<br /> - text: {{ myconfig }}<br /> <br /> <br /> <br /> <br /> SSH Management (Agentless)<br /> <br /> edit the Roster file, include node's IP address and user to use (do this on Master)<br /> <br /> vi /etc/salt/roster<br /> <br /> # Sample salt-ssh config file<br /> mrxcloud1:<br /> host: 104.131.102.230 # The IP addr or DNS hostname<br /> user: fred # Remote executions will be executed as user fred<br /> passwd: foobarbaz # The password to use for login, if omitted, keys are used<br /> sudo: True # Whether to sudo to root, not enabled by default<br /> <br /> Run command on node (salt-ssh -i)<br /> salt-ssh -i mrxcloud1 cmd.run &quot;uname -a&quot;<br /> <br /> <br /> To run SSH as another user (non-root)<br /> <br /> copy /etc/salt directory to /home/user and change perms to user:group<br /> should look like,<br /> /home/user/salt/master<br /> /home/user/salt/minion<br /> /home/user/salt/minion.d<br /> /home/user/salt/minion_uid<br /> /home/user/salt/pki<br /> /home/user/salt/var<br /> /home/user/salt/roster<br /> <br /> configure Roster file: /home/joe.shmo/salt/roster<br /> <br /> edit /home/joe.shmo/salt/master<br /> <br /> change the following paths<br /> pidfile: /home/user/salt/var/run/salt-master.pid<br /> log_file: /home/user/salt/var/log/salt/master<br /> pki_dir: /home/user/salt/pki/master<br /> cachedir: /home/user/salt/var/cache/salt/master<br /> <br /> Add to the Roster file, the path to the user's private key<br /> machine1:<br /> host: machine1.company.com<br /> user: joe.shmo<br /> sudo: True<br /> priv: /home/joe.shmo/.ssh/id_rsa<br /> <br /> run command with -c option<br /> salt-ssh -c ~/salt -i machine1 cmd.run &quot;/sbin/service jira status&quot;<br /> <br /> apply a state file<br /> salt-ssh '*' state.apply network<br /> <br /> <br /> Salt Roster File - Ansible-syntax (configure Roster to have variables and Groups)<br /> <br /> <br /> PILLAR<br /> Sample Pillar structure to create system users pillar structure<br /> <br /> Salt top file calls the Users state<br /> <br /> /srv/salt/top.sls<br /> <br /> base:<br /> '*':<br /> - common<br /> - users<br /> Pillar top file tells what pillars to load for what nodes<br /> <br /> /srv/pillar/top.sls<br /> <br /> base:<br /> '*':<br /> - users<br /> <br /> <br /> <br /> Users Pillar contains actual data for users<br /> /srv/pillar/users.sls<br /> users:<br /> spiderman:<br /> uid: 1280<br /> fullname: 'spider man'<br /> shell: /bin/bash<br /> ssh-keys:<br /> - ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAt1IFQP9xxx<br /> <br /> black.hood:<br /> uid: 1281<br /> fullname: black hood<br /> shell: '/bin/bash'<br /> ssh-keys:<br /> - ssh-rsa AADRN34zf12fdfd343434wAAAQEAwAAAQEA<br /> <br /> supergirl:<br /> uid: 1282<br /> fullname: super girl!<br /> shell: '/bin/bash'<br /> ssh-keys:<br /> - ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNWRiUmFXjxrp4V<br /> - ssh-rsa ABCDEF134343434343dfdfdf343111dgfdfdfdf<br /> <br /> <br /> Salt Users state parses array and creates users,<br /> <br /> /srv/salt/users.sls<br /> {% for user, args in pillar.get('users',{}).iteritems() %}<br /> <br /> {{ user }}:<br /> <br /> group.present:<br /> - gid: {{ args['uid'] }}<br /> <br /> user.present:<br /> - fullname: {{ args['fullname'] }}<br /> - uid: {{ args['uid'] }}<br /> - gid: {{ args['uid'] }}<br /> - shell: {{ args['shell'] }}<br /> - home: /home/{{ user }}<br /> <br /> {% endfor %}<br /> <br /> <br /> Refresh pillars on all nodes<br /> salt \* saltutil.refresh_pillar<br /> <br /> <br /> Look at pillar data<br /> salt \* pillar.items<br /> <br /> get a Pillar value in a state file or Jinja file (and pass a default value if no pillar is found)<br /> {{ salt['pillar.get']('role:name', 'default') }}<br /> <br /> get Pillar value by passing a variable<br /> {% for rt in salt['pillar.get']('network:routes:{0}:networks'.format(interface)) -%}<br /> get nested pillar value (use semi colon to get to specific key)<br /> salt nycweb01 pillar.get users:joe<br /> PORTS &amp; NETWORK<br /> Master - Agent ports: 4505 (master to agent), 4506 (agent to master)<br /> <br /> Get IP of a Minion<br /> salt target network.ip_addrs<br /> <br /> Ping from Minion<br /> salt target network.ping someHostname<br /> <br /> get all active TCP connections on a minion<br /> salt target network.active_tcp<br /> <br /> get ARP table <br /> salt target network.arp<br /> <br /> test port connectivity for certain port<br /> salt target network.connect www.google.com 80<br /> <br /> get hardware address for a MAC<br /> salt target network.hw_addr eth0<br /> <br /> get intet address for interface<br /> salt target network.interface eth0<br /> <br /> get all interfaces<br /> salt target network.interfaces<br /> <br /> <br /> <br /> <br /> <br /> JINJA<br /> For Loop<br /> {% for usr in 'moe','larry','curly' %}<br /> {{ usr }}:<br /> group:<br /> - present<br /> user:<br /> - present<br /> - gid_from_name: True<br /> - require:<br /> - group: {{ usr }}<br /> {% endfor %}<br /> If Conditional<br /> <br /> {% if var == 2 %}<br /> Var is 2<br /> {% elif var == 5 %}<br /> var is 5<br /> {% else %}<br /> var is not 2<br /> {% endif %}<br /> While loop<br /> <br /> {% range number from 3 to 6 %}<br /> {{ number }}<br /> (...)<br /> {% endrange %}<br /> <br /> Comparisons<br /> <br /> {% if 'Watermelon' ends with 'n' %}<br /> It ends with N<br /> {% endif %}<br /> <br /> {% if varA == varB %}<br /> {% if varA != varB %}<br /> <br /> <br /> get shell command value from inside Jinja<br /> {% set procs = salt['cmd.run']('ps aux') %}<br /> <br /> disable tab space in a for loop<br /> {% for server in servers %}<br /> {{ server }}<br /> {% endfor %}<br /> <br /> results in: <br /> server1<br /> server2<br /> <br /> to disable this, add <br /> <br /> #jinja2: lstrip_blocks: True<br /> <br /> to top of the template<br /> <br /> Run a state only if a file doesnt exist,<br /> <br /> {% if not salt['file.directory_exists']('/opt/q') %}<br /> <br /> deploy_kdb:<br /> file.managed:<br /> - name: /opt/q.tar.gz<br /> - source: salt://repo/q.tar.gz<br /> <br /> extract_kdb:<br /> archive.extracted:<br /> - name: /opt/<br /> - source: /opt/q.tar.gz<br /> - user: kdb<br /> - group: kdb<br /> <br /> {% endif %}<br /> <br /> Test for File<br /> <br /> {% if not salt['file.file_exists']('/opt/file') %}<br /> <br /> render parameter<br /> {{ var_name }}<br /> <br /> set a parameter<br /> {% set fruit = 'apple' %}<br /> <br /> Iterate dictionary (For Loop)<br /> {% for name, app in applications.iteritems() %}<br /> {{ name }}<br /> {{ app['version'] }}<br /> {% endfor %}<br /> <br /> sort a list<br /> {% for vm in vcenter['vm_list']|sort %}<br /> {{ vm }}<br /> {% endfor %}<br /> <br /> or by attribute or reverse<br /> {% for vm in vcenter['vm_list']|sort(attribute='osname', reverse = True) %}<br /> get total # of elements in list<br /> {{ myList|length }}<br /> <br /> If statement with AND &amp; OR<br /> {% if var is None and var2 == 'blah' % or val3 == 'shmaa' %}<br /> <br /> convert variable uppercase / lowercase<br /> {{ somevar | upper }}<br /> <br /> set a default value if value doesnt exist<br /> {{ somevar or 'default message here' }}<br /> <br /> match by regex<br /> {% if grains.id | regex_match('nyc(.*)', ignorecase=True) %}<br /> <br /> will match any grain in regex pattern<br /> <br /> <br /> Jinja Tricks<br /> <br /> difference<br /> {{ [1, 2, 3] | difference([2, 3, 4]) | join(', ') }}<br /> &gt;&gt; 1<br /> <br /> avg, min, max, is_list, <br /> {{ [1, 2, 3] | avg }}<br /> <br /> generate random UID<br /> {{ 'random' | uuid }}<br /> <br /> date format<br /> {{ 1457456400 | date_format }}<br /> {{ 1457456400 | date_format('%d.%m.%Y %H:%M') }}<br /> 2017-03-08<br /> 08.03.2017 17:00<br /> string to number<br /> {{ '5' | to_num }}<br /> <br /> run Salt execution module<br /> {{ salt.cmd.run('whoami') }}<br /> {{ salt.group.add('newgroup1') }}<br /> regex match<br /> {{ 'abcd' | regex_match('BC(.*)', ignorecase=True) }}<br /> <br /> regex search<br /> {{ 'muppet baby' | regex_search('pet(.*)', ignorecase=True) }}<br /> &gt;&gt; baby<br /> <br /> compare_lists, compare_dicts<br /> {{ [1,2,3] | compare_lists([1,2,4]) }}<br /> &gt;&gt; {'new': 4, 'old': 3}<br /> <br /> list files in a directory<br /> {{ '/etc/salt/' | list_files | join('\n') }}<br /> <br /> escape Jinja syntax<br /> {% raw %}<br /> some text that contains jinja {% characters that need to be escaped<br /> {% endraw %}<br /> <br /> iterate a dictionary<br /> parent_dict = [{'A':'val1','B':'val2'}]<br /> {% for item in parent_dict %}<br /> {% for key,val in item.items() %}<br /> {{ key }} {{ val }}<br /> <br /> <br /> ETC<br /> <br /> generate random password hash<br /> python -c &quot;import crypt; print(crypt.crypt('password', crypt.mksalt(crypt.METHOD_SHA512)))&quot;<br /> <br /> <br /> <br /> <br /> ```</div> Busk