一千萬個為什麽

搜索

在鹽灘中構建一個支柱的依附關系



我正嘗試在Salt中創建一個虛擬狀態,以從列表中獲取依賴關系。

在我的 top.sls 文件中,我有:

base:
  '*':
    - components

然後,在 components.sls 中,我有:

{% if 'components' in pillar.items() %}
include:
{% for component in pillar.get('components',[]) %}
  - {{ component }}
{% endfor %}
{% endif %}

{% if 'components' in pillar.items() %}
components:
  require:
{% for component in pillar.get('components',[]) %}
    - {{ component }}
{% endfor %}
{% endif %}

當我檢查支柱內容時,我看到:

$ salt my-minion-id pillar.items

my-minion-id:
    ----------
    components:
        - a-dependency-name

但是當我試圖看到這組狀態時,我看到:

$ salt my-minion-id state.show_sls components

my-minion-id:
    ----------

...就是這樣。

我的最終目標是將對手視為敵對,所以我試圖將角色細節從支柱中提取出來,而不是在我的 file_roottop.sls 代碼>。我的理解是,每個仆從都可以完全訪問file_root的內容,並且我不希望惡意的仆從知道任何不相關節點的特定防火墻或服務。

修改</強>

我發現我的支柱結構不支持支柱合並,因為它使用了列表,所以我轉而使用無價值的支柱結構:

my-minion-id:
    ----------
    components:
        ----------
        a-dependency-name:
            None

轉載註明原文: 在鹽灘中構建一個支柱的依附關系

一共有 2 個回答:

這個模板化的SLS文件出色地工作:

{% if 'components' in salt.pillar.items() %}

include:
{% for component in salt.pillar.get('components').keys() %}
  - {{ component }}
{% endfor %}

{% endif %}

但是,這需要改變我的支柱關鍵結構。從最初的問題來看,你看到的結構是:

my-minion-id:
    ----------
    components:
        - a-dependency-name

相反,它需要是:

my-minion-id:
    ----------
    components:
        ----------
        a-dependency-name:
            None

請註意, a-dependency-name 現在是一個字典,它有一個鍵/值, None 。因此支柱SLS文件需要從中更改

components:
  - a-dependency-name

components:
  a-dependency-name: ~

While you can get away with not using no-value dictionaries (and thus get rid of the .keys() in the template) and use lists instead, if you do that, you can't merge the components from multiple different pillars; each pillar Salt applies will override the components key from the previous, and the last pillar read will win. If you want 至 merge pillars (we are talking about role-based assignment, here), this would appear 至 be the necessary construct.

因此, salt my-minion-id state.show_sls組件的輸出是正確的:

$ salt my-minion-id state.show_sls components
my-minion-id:
    ----------
    a-dependency-name:
      ----------
      ...

pillar.items() in Jinja templates turns out not 至 be quite equivalent 至 salt.pillar.items(); if you try using pillar.ls(), for example, you may see the following error:

Rendering SLS 'base:components' failed: Jinja variable 'salt.pillar object' has no attribute 'ls'

這是否意味著應避免Jinja提供的隱含的 salt。前綴快捷鍵,或者改為使用類似於 {%的結構,如果定義了pillar ['components']%} (謝謝,@ brousch,建議),我不能說。

你也可以這樣做:

{% if pillar['components'] is defined %}
include:
{% for component in pillar['components'] %}
 - {{ component }}
{% endfor %}
{% endif %}

{% if pillar['components'] is defined %}
components:
  require:
{% for component in pillar['components'] %}
 - {{ component }}
{% endfor %}
{% endif %}