Search code examples
salt-projectconfiguration-management

Why isn't my Salt minion showing any pillar attributes?

I've been through the salt and pillar walkthroughs and in general, everything works as expected with my setup. In fact, there isn't anything that I'm aware of that isn't working properly...until now.

This is my first foray into using the pillar system. I have access keys that I am trying to protect so I'd like for pillar to allow me to keep tabs on which minions get copies of them.

Here is my setup.

Directory structure:

[root@master config-mgmt]# tree /srv/pillar
/srv/pillar
├── awscreds.sls
├── data.sls
├── dev
└── top.sls

/srv/pillar/top.sls file:

[root@master config-mgmt]# cat /srv/pillar/top.sls
dev:
  'roles:*aws*':
    - match: grain
    - awscreds
  '*':
    - data

Eventually, I'd like to be able to match on my "roles" grain but for this test, to keep things simple, I am only concerned with the glob match ('*').

For all minions, it ought to run the data state, which is here:

[root@master config-mgmt]# cat /srv/pillar/data.sls
info: some data for poc

From my salt-master, I run refresh_pillar:

[root@master config-mgmt]# salt '*salttest*' saltutil.refresh_pillar
slave-salttesting-01.eng.example.com:
True

Seems okay. But, neither on the minion nor the master are the pillar attributes present in any form.

On the master:

[root@master config-mgmt]# salt '*salttest*' pillar.ls
slave-salttesting-01.eng.example.com:

On the minion:

[root@slave-salttesting-01 ~]# salt-call pillar.ls
local:

I'm running a recent version of salt:

[root@master config-mgmt]# salt --version
salt 2018.3.3 (Oxygen)

Any ideas why my minion isn't picking up any attributes?

Solution

  • I found the solution. I wasn't familiar with the /etc/salt/master file until my colleague suggested that I check it. The salt_pillar section had a typo for dev (defined as /sr/salt/dev and not /srv/salt/dev and base was defined as pointing to a location other than the default. I made sure that base was set to /srv/salt and dev was set to /srv/salt/dev. I then had to go back into /srv/salt and make sure that top.sls was in the /srv/salt location. I also moved data.sls and awscreds.sls to /srv/salt/dev because I wanted those to be part of dev.

    After that, everything worked as expected. It goes to show, don't take anything for granted. I thought our pillars were working but as it turned out, they weren't.