FAQ
I have 10 different servers and in sshd_config file i have allow group is
different for each servers.

what is the best way to update this file on all servers.

--
You received this message because you are subscribed to the Google Groups "Salt-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to salt-users+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Search Discussions

  • Dmitriy Slupytskyi at Jul 16, 2014 at 12:58 pm
    I just started learning Salt, but if do something similar:

    /srv/salt/top.sls

    base:
       '*':
         - ssh

    /srv/pillar/top.sls

    base:
       '*':
         - ssh.group

    /srv/pillar/ssh/group.sls

    ssh:
       {% if grains['localhost'] == 'server1' %} // may be better way exists,
    this is just example :)
       allow_groups:
         - admins
         - users
       {% elif grains['localhost'] == 'server2' %}
       allow_groups:
         - kvmusers
         - audio
       {% endif %}

    /srv/salt/ssh/init.sls

    openssh-server:
       file.managed:
         - name: /etc/ssh/sshd_config
         - template: jinja
         - source: salt://ssh/sshd_config
         - user: root
         - group: root
         - mode: 644

    /srv/salt/ssh/sshd_config

    AllowGroups: {{ pillar['ssh']['allow_groups'] | join(',') }}


    also you can try separate groups in different files:

    base:
       'server1':
         - match: list
         - ssh.server1-group

       'server2':
         - match: list
         - ssh.server2-group

    /srv/salt/ssh/server1-group.sls

    ssh:
       allow_groups:
         - admins
         - users

    /srv/salt/ssh/server2-group.sls

    ssh:
       allow_groups:
         - kvmusers
         - audio
    On Tuesday, July 15, 2014 7:17:41 PM UTC+3, Mano Nathan wrote:

    I have 10 different servers and in sshd_config file i have allow group is
    different for each servers.

    what is the best way to update this file on all servers.
    --
    You received this message because you are subscribed to the Google Groups "Salt-users" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to salt-users+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/d/optout.
  • Dmitriy Slupytskyi at Jul 16, 2014 at 1:02 pm
    Few corrections in path to files:

    /srv/pillar/top.sls

    base:
       'server1':
         - match: list
         - ssh.server1-group

       'server2':
         - match: list
         - ssh.server2-group

    /srv/pillar/ssh/server1-group.sls

    ssh:
       allow_groups:
         - admins
         - users

    /srv/pillar/ssh/server2-group.sls

    ssh:
       allow_groups:
         - kvmusers
         - audio
    On Wednesday, July 16, 2014 3:58:09 PM UTC+3, Dmitriy Slupytskyi wrote:

    I just started learning Salt, but if do something similar:

    ....

    also you can try separate groups in different files:

    base:
    'server1':
    - match: list
    - ssh.server1-group

    'server2':
    - match: list
    - ssh.server2-group

    /srv/salt/ssh/server1-group.sls

    ssh:
    allow_groups:
    - admins
    - users

    /srv/salt/ssh/server2-group.sls

    ssh:
    allow_groups:
    - kvmusers
    - audio
    On Tuesday, July 15, 2014 7:17:41 PM UTC+3, Mano Nathan wrote:

    I have 10 different servers and in sshd_config file i have allow group is
    different for each servers.

    what is the best way to update this file on all servers.
    --
    You received this message because you are subscribed to the Google Groups "Salt-users" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to salt-users+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/d/optout.
  • Non7top at Jul 17, 2014 at 7:07 am
    I was struggling the same thing just yesterday: Port in sshd_config. The
    best thing I found was old thread
    <https://groups.google.com/forum/#!topic/salt-users/R_jgNdYDPk0>, which
    only provided solutions similar to Dmitriy's one. So apparently there is no
    elegant way to achieve that using default saltstack. I was hoping for
    something as straightforward as this would work, but it doesn't:


        base:
          '*':
            sshd_port: 10022
            mysqld_ipool: 512M
          'server1':
            sshd_port: 22
            mysqld_ipool: 256M
          'server2':
            sshd_port: 10023


    On Tuesday, July 15, 2014 8:17:41 PM UTC+4, Mano Nathan wrote:

    I have 10 different servers and in sshd_config file i have allow group is
    different for each servers.

    what is the best way to update this file on all servers.
    --
    You received this message because you are subscribed to the Google Groups "Salt-users" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to salt-users+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/d/optout.
  • Wolodja Wentland at Jul 17, 2014 at 10:15 am

    On Thu, Jul 17, 2014 at 00:07 -0700, non7top wrote:
    I was struggling the same thing just yesterday: Port in sshd_config. The best
    thing I found was old thread, which only provided solutions similar to
    Dmitriy's one. So apparently there is no elegant way to achieve that using
    default saltstack. I was hoping for something as straightforward as this would
    work, but it doesn't:


    base:
    '*':
    sshd_port: 10022
    mysqld_ipool: 512M
    'server1':
    sshd_port: 22
    mysqld_ipool: 256M
    'server2':
    sshd_port: 10023
    You can do something like:

    --- pillar/foo.sls
    #!py

    bar = {'server1':
             {'sshd_port': 22,
              'mysqld_ipool': '256M'}
            'server2':
             {'sshd_port': 10022,
              'mysqld_ipool': '512M'}
             ...
    }

    default = {'sshd_port': 10022,
                'mysqld_ipool': '512M'}

    def run():
         return bar.get(grains['id'], default)
    ----

    Or something more complex, but I simply wanted to give an example.

    --
    Wolodja <babilen@gmail.com>

    4096R/CAF14EFC
    081C B7CD FF04 2BA9 94EA 36B2 8B7F 7D30 CAF1 4EFC
  • Non7top at Jul 17, 2014 at 3:19 pm
    Thank you, that was particularly useful for me to create a custom pillar
    that reads such variables.
    You can find it here: https://gist.github.com/non7top/73ecd104c755db25e1bc
    On Thursday, July 17, 2014 2:15:55 PM UTC+4, Wolodja Wentland wrote:
    On Thu, Jul 17, 2014 at 00:07 -0700, non7top wrote:
    I was struggling the same thing just yesterday: Port in sshd_config. The best
    thing I found was old thread, which only provided solutions similar to
    Dmitriy's one. So apparently there is no elegant way to achieve that using
    default saltstack. I was hoping for something as straightforward as this would
    work, but it doesn't:


    base:
    '*':
    sshd_port: 10022
    mysqld_ipool: 512M
    'server1':
    sshd_port: 22
    mysqld_ipool: 256M
    'server2':
    sshd_port: 10023
    You can do something like:

    --- pillar/foo.sls
    #!py

    bar = {'server1':
    {'sshd_port': 22,
    'mysqld_ipool': '256M'}
    'server2':
    {'sshd_port': 10022,
    'mysqld_ipool': '512M'}
    ...
    }

    default = {'sshd_port': 10022,
    'mysqld_ipool': '512M'}

    def run():
    return bar.get(grains['id'], default)
    ----

    Or something more complex, but I simply wanted to give an example.

    --
    Wolodja <bab...@gmail.com <javascript:>>

    4096R/CAF14EFC
    081C B7CD FF04 2BA9 94EA 36B2 8B7F 7D30 CAF1 4EFC
    --
    You received this message because you are subscribed to the Google Groups "Salt-users" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to salt-users+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/d/optout.
  • David Blundell at Jul 17, 2014 at 3:30 pm

    On Thursday, 17 July 2014 11:15:55 UTC+1, Wolodja Wentland wrote:
    You can do something like:

    --- pillar/foo.sls
    #!py

    bar = {'server1':
    {'sshd_port': 22,
    'mysqld_ipool': '256M'}
    'server2':
    {'sshd_port': 10022,
    'mysqld_ipool': '512M'}
    ...
    }

    default = {'sshd_port': 10022,
    'mysqld_ipool': '512M'}

    def run():
    return bar.get(grains['id'], default)
    ----
    I am tracking the feature request
    https://github.com/saltstack/salt/issues/3991 as it should allow keys in
    pillar to merge / overwrite other keys in an elegent way. It is currently
    flagged as high severity so I hope it will be testable soon :-)


    --
    You received this message because you are subscribed to the Google Groups "Salt-users" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to salt-users+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/d/optout.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupsalt-users @
postedJul 15, '14 at 4:17p
activeJul 17, '14 at 3:30p
posts7
users5

People

Translate

site design / logo © 2022 Grokbase