Is there a way to make saltstack behave like puppet when it comes to managing config files. The task I want to do is to make sshd_config being managed by saltstack. If there are changes being made to the file, I want salt master to overwrite it by pushing in the master copy when the master detects that the managed config file is different or have been modified. Is this setup possible using saltstack ?
There is the file.managed which may look like that:
/etc/http/conf/http.conf:
file.managed:
- source: salt://apache/http.conf
- user: root
- group: root
- mode: 644
Salt will transfer this file over to a minion whenever you apply this state to a minion.
Monitoring the file from the master can be achieved, but it is more complex to do so. You can make use of the reactor system of salt and write a small python program on the minion, which watches the file and fires an custom event to the salt event bus in case of changes. Inside of the reactor you can listen on those custom events and perform the desired state on the minion.
Notice that this just a custom solution if you need to react more or less just in time (if you really want to react in time, all this should be done inside of the minion, without the reactor system).
Please notice that a more common approach in salt looks like that: you schedule highstates for minions in your favorite interval and make sure, they have your desired state each x hours.