Reputation: 651
Mounting a git repository in Salt's gitfs without it being searched for state modules
I am trying to mount a repository with server config files (think nginx, mysql, etc) inside my salt fileserver in order to be able to distribute these files to my minions (Without having to do a checkout of the full repository on all my minions).
If I've understood correctly: All gitfs_remotes will be 'flattened' into one filesystem structure (I can confirm this when I run salt-run fileserver.file_list.
What worries me is that, as far as I know, this 'config file only' repository is now also being searched by Salt for state modules.
Is there some way to either:
- Designate a gitfs mount as 'don't search for SLS files'.
- Mount the actual salt state repository (which contains my
top.slsand state modules) under a subdirectory of the salt fileserver and point salt to thetop.slstherein?
I stand open to the possibility that this is a wrong approach entirely of course, my only requirement is that the server config files (again, nginx, mysql, etc) live in a separate repository, and that the entire high state (state modules, top file) lives in git.
master config:
fileserver_backend:
- gitfs
gitfs_remotes:
- [email protected]:MyOrg/salt-configs.git:
- [email protected]:MyOrg/server-config-files.git:
- mountpoint: config-files
Upvotes: 0
Views: 468
Answers (1)
Reputation: 41
Have you considered storing your configuration file in a pillar?
For example:
HostFiles:
LinuxBasic: |
192.168.1.1 server1
192.168.1.2 server2
And then in your state file, when you want to render the hostfile:
LinuxBasicHostFile:
file.managed:
- name: /etc/hosts
- contents_pillar: {{ HostFiles:LinuxBasic }}
You could also GPG that file if it was sensitive using the keys on your Salt master's server:
$ cat nginx.hostfile | sudo gpg --armor --batch --trust-model always --encrypt --homedir <salthomdir> -r <keyname>
Paste the output of that into your pillar:
HostFiles:
LinuxBasic: |
-----BEGIN PGP MESSAGE-----
Xks383...a bunch of encrypted text...BjAs0
-----END PGP MESSAGE-----
And inform your salt master that HostFiles contains GPG encrypted content in your master.conf, or better yet, in a local conf file in /etc/salt/master.d/decrypt.conf:
decrypt_pillar:
- 'HostFiles': gpg
Upvotes: 1
Related Questions
- git submodule referencing SHA that doesn't exist
- Using SaltStack, how can I watch for *one* file change in a git repository?
- Is there a way to have a git submodule not store a particular SHA?
- How to use gitfs remote with SaltStack?
- Gitfs as backend for salt-stack not working
- SaltStack and GitFS - No Top file or external nodes data matches found
- How can I disable the git fileserver update schedule
- Saltstack gitfs - how to retrieve git commit hash?
- How to write a Saltstack state script, before update latest git repo, make sure the repo destination is cleanup?
- Python Saltstack: How can I manage a file which is in a git repo?