Salt: How to configure static grains for proxy minions

Created on 2 Jul 2017 · 17Comments · Source: saltstack/salt

Description of Issue/Question

I am unable to identify how to configure static grains for proxy minions.
Looking at https://docs.saltstack.com/en/latest/topics/grains/ I couldn't find a good way to do this:

Setting them under /etc/salt/grains does not seem to pick them, and anyway it wouldn't make much sense to put the grains here: multiple proxy processes run on the same machine so they would use the same file, while we need different grains per minion, not the same everywhere.
Same problem as above configuring them under /etc/salt/proxy.

I think the solution would be creating a grains.d directory, each proxy minion having a file with its grains. Something like:

grains.d
├── proxy1
└── proxy2

Pending Discussion

Source

mirceaulinic

All 17 comments

Usually the .d directory is for including all the files under it.

Do you think it would make more sense to add a suffix to /etc/salt/grains-?

If you are setting them manually, you should be able to include grains in the proxy config, but grains.set won't work

grains:
  role:
    - firewall

@cro do you have an opinion?

Thanks,
Daniel

gtmanfred on 3 Jul 2017

Hi @gtmanfred - thanks for looking at this.

Do you think it would make more sense to add a suffix to /etc/salt/grains-?

Fine by me.

If you are setting them manually, you should be able to include grains in the proxy config

This goes to the core of my problem: the proxy config file is shared by all the proxy minions, whilst I need different grains, not the same everywhere.

mirceaulinic on 3 Jul 2017

oh thats right, i thought we had /etc/salt/proxy- for some reason, but you are right.

gtmanfred on 3 Jul 2017

👍1

Thinking more about this & together with other issues such as https://github.com/saltstack/salt/issues/39775, it sounds sane to me trying to load a separate opts file /etc/salt/proxy-{id} and merging its contents with the main /etc/salt/proxy.

Curious what @cro thinks about that?

mirceaulinic on 5 Jul 2017

@cro would you be able to share your opinion with us, mortals, please?

mirceaulinic on 26 Jul 2017

I have realised the following:

the proxy authentication details are in the pillar, under the proxy key, which makes it easy to have separate configuration per proxy minion
the __pillar__ object is available inside the grains at startup

Then why not take everything under __pillar__['grains'] and load it as static grains? What do you think?

mirceaulinic on 17 Aug 2017

@cro @gtmanfred Checking in here - what do you think, would my previous suggestion work?

mirceaulinic on 23 Oct 2017

I am going to make the executive decision that the proxy grains should be stored in /etc/salt/proxy.grains.d/{id} that is where they should be stored on disk.

Extra grains can be provided from the pillar config, but they get written to the grains.d/{id} file on loading of the proxy minion or reloading pillars.

Thanks,
Daniel

gtmanfred on 23 Oct 2017

👍1

Thanks @gtmanfred.

I am going to make the executive decision that the proxy grains should be stored in /etc/salt/proxy.grains.d/{id} that is where they should be stored on disk.

If I may suggest something different: currently, (for the same overlapping reasons), the _schedule.conf file is saved under proxy.d/{id}/. The proxy.d/{id} directory is already appended to the list of include dirs. With these said, it would probably be easier to keep the grains under proxy.d/{id}/grains.conf?

mirceaulinic on 23 Oct 2017

oh, I was unaware of that, yes that is much better and basically the idea I was going for.

:+1:

gtmanfred on 23 Oct 2017

👍1

Cool! I will try to work on a fix ASAP (measured in weeks 😄)

mirceaulinic on 23 Oct 2017

You are the best!

Thanks,
Daniel

On Mon, Oct 23, 2017 at 8:07 AM, Mircea Ulinic notifications@github.com
wrote:

Cool! I will try to work on a fix ASAP (measured in weeks 😄)

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/saltstack/salt/issues/42074#issuecomment-338670599,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AAssoUHQHNEAWehNZLYVcLlvD1r4duBjks5svJ2lgaJpZM4OLjD-
.

gtmanfred on 23 Oct 2017

😄1

PR: https://github.com/saltstack/salt/pull/44549

mirceaulinic on 15 Nov 2017

Closed via #44549

rallytime on 27 Nov 2017

@mirceaulinic Now with this change, if I do

salt '*' grains.setval XYZ "[{'target': '1'}, {'target': '2'}]"

this data is stored in the file /etc/salt/proxy.grains.d/{id}/grains

Now, if proxy is restarted, it uses the same data from the file. But for me, the data should only ephemeral to that proxy instance.
Is there is a way to clean up the file gracefully when proxy get killed.

vnitinv on 9 Feb 2018

The point of static grains is that they are static.
if you want something with that behaviour, you should probably just look
into writing a grains extension module in your own environment.

On Fri, Feb 9, 2018 at 1:12 PM, Nitin Kr notifications@github.com wrote:

@mirceaulinic https://github.com/mirceaulinic Now with this change, if
I do

salt '*' grains.setval XYZ "[{'target': '1'}, {'target': '2'}]"

this data is stored in the file /etc/salt/proxy.grains.d/{id}/grains

Now, if proxy is restarted, it uses the same data from the file. But for
me, the data should only ephemeral to that proxy instance.
Is there is a way to clean up the file gracefully when proxy get killed.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/saltstack/salt/issues/42074#issuecomment-364429897,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AP69l5-yKJoMF0Lkq5dX4ycgIjBk-NtBks5tTERVgaJpZM4OLjD-
.