I'm currently using the ec2_tags.py grain to expose tags to salt. Once run, it does not seem to update when tags on the instance change. Do I need to force salt to refresh? If so how?
i-09f235fe54532742c:~$ sudo salt 'ssh*' grains.get ec2_tags
ssh-bastion-staging-i-04277e83b78909a16:
----------
Name:
ssh-bastion-staging
app:
ssh-bastion
aws:autoscaling:groupName:
ssh-bastion-ag-staging
aws:ec2launchtemplate:id:
lt-0f8675fa3a76e292b
aws:ec2launchtemplate:version:
5
environment:
staging
-------------------------------------------
Summary
-------------------------------------------
# of minions targeted: 1
# of minions returned: 1
# of minions that did not return: 0
# of minions with errors: 0
-------------------------------------------
In our process, we add an available tag when the instance is fully ready (or remove it) that is used by other parts of our process. There are certain salt state actions that we want to apply only on instances that are not available.
I expected to see the tag show up in grains.get ec2_tags after it is added, but it never does.
Do I need to flush the cache or something similarly violent to cause the grain to reread the tags from AWS?
you use saltutil.refresh_grains to refresh the grains. they also should update at a 1 hour interval.
it should be noted you shouldn't update grains often. just when needed.
also thinking about turning off the pillar refresh part unless you need new pillars. forcing pillar refresh a lot can kill a master.