Need some help as I am a little stuck now. The end goal is to have a state that would be generic and allow us to push our pem cert files to any server requiring it and to different dirs for each server. I hope that makes sense. In other words, I dont want a separate state for each server to distribute pem files.
What I have thus far:
Main state to be included in relevant servers(I have changed the specific details for variables to something else):
{% if 'custom_id' in pillar.get('the_custom_id') %}
{% set theuser = 'relevantuser' %}
{% set certpath = '/path/to/certs' %}
{% elif 'another-custom_id' in pillar.get('the_custom_id') %}
{% set theuser = 'relevantuser' %}
{% set certpath = '/path/to/certs' %}
{% else %}
{% set theuser = 'relevantuser' %}
{% set certpath = '/path/to/certs' %}
{% endif %}
{{ certpath }}:
file.directory:
- user: {{ theuser }}
- group: {{ theuser }}
- file_mode: 600
- dir_mode: 755
- makedirs: True
- recurse:
- user
- group
- mode
{% for cert_type in pillar.get('pem_certs', {}) %}
{{ certpath }}{{ cert_type }}.pem:
file.managed:
- context:
cert_type: {{ cert_type }}
- mode: 600
- source: salt://path/to/file/filename
- template: jinja
{% endfor %}
The contents of the source of file.managed above:
{{ pillar['pem_certs'][cert_type] }}
The pillar file in the pillar.get function would then contain the pem key.
pem_certs:
ca-cert:
-----BEGIN CERTIFICATE---------
etc
The saltstack environment is up and running and fully working. The same route was taken in adding the rsa_id private keys for minions which is working fine. The file.directory works fine and creates the dir and applies the correct user accordingly.
From the debug I can see that the file.managed state is not being rendered and I dont know why.
Debug output from running the state:
[DEBUG ] Rendered data from file: /var/cache/salt/minion/files/base/path/to/state.sls:
/path/to/certs:
file.directory:
- user: theuser
- group: theuser
- file_mode: 600
- dir_mode: 755
- makedirs: True
- recurse:
- user
- group
- mode
[DEBUG ] LazyLoaded config.get
Currently I am assuming that the pillar.get is not retrieving or cannot retrieve pem_certs. Is there a way to test this specifically?
Can anyone out there help?
You currently do {% for cert_type in pillar.get('pem_certs', {}) %} which returns an empty dict if not present in the minion's pillar - i guess this is the first thing to start with.
For debugging you want to know if there is data available for your minion by doing something like salt 'minionid' pillar.get pem_certs. if this does not show up the pillar data, check your pillar's top.sls. Is the pillar data applied to your minion properly?
Further you should consider using {% for cert_type, cert_data in pillar.get('pem_certs', {}).iteritems() %} - if doing so, you can directly hand over the content to the context of your file.manage template and no longer need to query for pillar data inside of the template anymore.