Develop Reference

SaltStack result success only if return is expected

I'm using win_wua.list to check if the servers have available updates
update_system:
module.run:
- name: win_wua.list
The problem is that no meter if the server have pending updates or not the state result is "True"
But my goal is to run this as post-check so I want the state to be "successful" only if the return is "Nothing to return" in any other case I would like the state to be with result "False"
LKA5:
----------
ID: update_system
Function: module.run
Name: win_wua.list
Result: True
Comment: Module function win_wua.list executed
Started: 17:04:29.326587
Duration: 4017.653 ms
Changes:
----------
ret:
Nothing to return
Summary for LKA5
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
Total run time: 4.018 s
LKA3:
----------
ID: update_system
Function: module.run
Name: win_wua.list
Result: True
Comment: Module function win_wua.list executed
Started: 17:04:25.563111
Duration: 7113.497 ms
Changes:
----------
ret:
Nothing to return
Summary for LKA3
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
Total run time: 7.113 s

So there are two modules to manage Windows updates with Saltstack:
win_wua execution module
win_wua state module
Seems you are using the execution module, which always runs irrespective of the current state of system. So it will always report as changed. On the other hand, the state module will only run if updates are required.
The following state ID will ensure that the system is updated (as specified), and it will report as changed. Then we can use the requisite system to trigger another state.
Example:
# Including driver updates for example
update_system:
wua.uptodate:
- drivers: True
# Verify if further updates are there
verify_updates:
module.run:
- name: win_wua.list
- install: True
- onchanges:
- wua: update_system
In the above example, if update_system didn't update anything (there were no updates), then verify_updates won't run. If some packages were updated, then verify_updates will run. There are other requisites (linked above) that can be considered as per your use case.

Set up a conditional cmd.run based on file.managed in SaltStack

I have a SaltStack state file (sls) that has a pretty simple state defined.
MyStateRule:
file.managed:
- source: salt://scripts/rule.ps1
- name: 'c:\scripts\rule.ps1'
cmd.run:
- name: powershell c:\scripts\rule.ps1
- require:
- file: MyStateRule
When I run a state.apply command, the cmd.run appears to execute every time, which I can see makes sense. What I want is to only run when the managed file needs to be copied over to the minion. Can I use file.managed in that case? What do I need to change, such that the script only runs when the file is copied over?

Got it -- rather than using "require," use onchanges:
cmd.run:
- name: powershell c:\scripts\rule.ps1
- onchanges:
- file: MyStateRule

Unable to apply State files on Salt

Having issues applying state files to minions on salt, they're just basic test ones, nothing complicated.
In my master config file I have the following file roots definition:
file_roots:
base:
- /srv/salt/
My /srv/salt/top.sls file looks like this:
base:
'*':
- vim
Then at /srv/salt/vim/init.sls I have the following:
vim:
pkg.installed
So, that should be applied to all minions when applied, so I run the following:
sudo salt '*' state.apply
I get the following output, and it's not applied, as it seems to not be detecting the top.sls file?
salt-master-1:
----------
ID: states
Function: no.None
Result: False
Comment: No Top file or master_tops data matches found.
Changes:
Summary for salt-master-1
------------
Succeeded: 0
Failed: 1
------------
Total states run: 1
Total run time: 0.000 ms
dev-docker-1:
----------
ID: states
Function: no.None
Result: False
Comment: No Top file or master_tops data matches found.
Changes:
Summary for dev-docker-1
------------
Succeeded: 0
Failed: 1
------------
Total states run: 1
Total run time: 0.000 ms
ERROR: Minions returned with non-zero exit code
If I look at the logs for the minion, dev-docker-1 nothing is logged as an error, all that I see is this.
2018-11-08 18:33:12,993 [salt.minion :1429][INFO ][4883] User sudo_salt Executing command state.apply with jid 20181108183312990343
2018-11-08 18:33:13,015 [salt.minion :1564][INFO ][5438] Starting a new job with PID 5438
2018-11-08 18:33:13,331 [salt.state :933 ][INFO ][5438] Loading fresh modules for state activity
2018-11-08 18:33:13,448 [salt.minion :1863][INFO ][5438] Returning information for job: 20181108183312990343
Any help greatly appreciated as I'm a bit lost as to why this isn't working . . .
Edit 1
I have enabled verbose logging on the minion, and I see the following, seems it can't see the top.sls file
[DEBUG ] Could not find file 'salt://top.sls' in saltenv 'base'
[DEBUG ] No contents loaded for saltenv 'base'
[DEBUG ] No contents found in top file. If this is not expected, verify that the 'file_roots' specified in 'etc/master' are accessible. The 'file_roots' configuration is: {u'base': []}

Ok so I worked this out, operator error.
I had enabled gitfs backend in the config file, which has overridden the default base file system, so I just needed to do.
fileserver_backend:
- gitfs
- base
Doh!

State 'cp.push' was not found in SLS

In salt (2018.3.0) I created the following statefile that I started to write to collect existing ssh hostkey files from minions.
sshHostKeys:
cp.push:
- path: '/etc/ssh/ssh_host_dsa_key.pub'
- upload_path: '/'
Calling
salt-call state.apply sshHostKeys
I get:
local:
----------
ID: sshHostKeys
Function: cp.push
Result: False
Comment: State 'cp.push' was not found in SLS 'sshHostKeys'
Reason: 'cp.push' is not available.
Manually calling:
salt-call cp.push /etc/ssh/ssh_host_dsa_key.pub
works just fine, the file is copied to the salt master.
Anyone has an idea what I am doing wrong in the state file?
Thanks Rainer

Had the same problem. This should work:
custom function name:
module.run:
- name: cp.push
- path: <<your path>>
See issue on github for reference:
https://github.com/saltstack/salt/issues/42330

What are "states" when using SaltStack?

I'm trying SaltStack after using Puppet for a while, but I can't understand their use of the word "state".
My understanding is that, for example, a light switch has 2 possible states - on or off. When I write my SLS configuration I am describing what state a server should be in. When I ask SaltStack to provision a server I issue the command salt '*' state.highstate. I understand that a server can be in a highstate (as described in my config) or not. All good so far.
But this page describes other states. It describes lowstate, highstate and overstate (amongst others) as layers. Does this mean a server passes through several states to get to a highstate? Or all states are maintained simultaneously as layers? Or can I configure multiple possible states in my SLS and have SaltStack switch between them? Or are they just layers to SaltStack that have 'state' in the name and I'm confused?
I'm probably missing something obvious, if anyone can nudge me in the right direction I think a lot of the documentation will become clear to me!

Here, top.sls wihch contain,
# cat top.sls
base:
'*':
- httpd_require
and,
# cat httpd_require.sls
install_httpd:
pkg.installed:
- name: httpd
service.running:
- name: httpd
- enable: True
- require:
- file: install_httpd
file.managed:
- name: /var/www/html/index.html
- source: salt://index1.html
- user: root
- group: root
- mode: 644
- require:
- pkg: install_httpd
High state:
We can see all the aspects of high state system while working with state files( .sls), There are three specific components.
High data:
SLS file:
High State
Each individual State represents a piece of high data(pkg.installed:'s block), Salt will compile all relevant SLS inside the top.sls, When these files are tied together using includes, and further glued together for use inside an environment using a top.sls file, they form a High State.
# salt 'remote_minion' state.show_highstate --out yaml
remote_minion:
install_httpd:
__env__: base
__sls__: httpd_require
file:
- name: /var/www/html/index.html
- source: salt://index1.html
- user: root
- group: root
- mode: 644
- require:
- pkg: install_httpd
- managed
- order: 10002
pkg:
- name: httpd
- installed
- order: 10000
service:
- name: httpd
- enable: true
- require:
- file: install_httpd
- running
- order: 10001
First, an order is declared, All States that are set to be first will have their order adjusted accordingly. Salt will then add 10000 to the last defined number (which is 0 by default), and add any States that are not explicitly ordered.
Salt will also add some variables that it uses internally, to know which environment (__env__) to execute the State in, and which SLS file (__sls__) the State declaration came from, Remember that the order is still no more than a starting point; the actual High State will be executed based first on requisites, and then on order.
"In other words, "High" data refers generally to data as it is seen by the user."
Low States:
""Low" data refers generally to data as it is ingested and used by Salt."
Once the final High State has been generated, it will be sent to the State compiler. This will reformat the State data into a format that Salt uses internally to evaluate each declaration, and feed data into each State module (which will in turn call the execution modules, as necessary). As with high data, low data can be broken into individual components:
Low State
Low chunks
State module
Execution module(s)
# salt 'remote_minion' state.show_lowstate --out yaml
remote_minion:
- __env__: base
__id__: install_httpd
__sls__: httpd_require
fun: installed
name: httpd
order: 10000
state: pkg
- __env__: base
__id__: install_httpd
__sls__: httpd_require
enable: true
fun: running
name: httpd
order: 10001
require:
- file: install_httpd
state: service
- __env__: base
__id__: install_httpd
__sls__: httpd_require
fun: managed
group: root
mode: 644
name: /var/www/html/index.html
order: 10002
require:
- pkg: install_httpd
source: salt://index1.html
state: file
user: root
Together, all this comprises a Low State. Each individual item is a Low Chunk. The first Low Chunk on this list looks like this:
- __env__: base
__id__: install_httpd
__sls__: httpd_require
fun: installed
name: http
order: 10000
state: pkg
Each low chunk maps to a State module (in this case, pkg) and a function inside that State module (in this case, installed). An ID is also provided at this level (__id__). Salt will map relationships (that is, requisites) between States using a combination of State and __id__. If a name has not been declared by the user, then Salt will automatically use the __id__ as the name.Once a function inside a State module has been called, it will usually map to one or more execution modules which actually do the work.

salt '\*' state.highstate
'*' refers to all the minions connected to the master.
'state.highstate' is used to run all modules / scripts mentioned in top.sls defined in master
To invoke a specific module / script on all minions, use the following salt command where the state information is defined in state.sls for apache in the example given below.
salt '\*' state.sls apache
To invoke the above salt call only on a specific minion, use the below command.
salt 'minion-name' state.sls apache

I don't know all levels of state, but when you run :
salt '*' state.highstate
Saltstack apply the states you provide in /srv/salt/top.sls.
If you write nothing in it, you can't apply an highstate.
You can apply other state with this command :
salt '*' state.sls state.example

A highstate is just the collection of states that is applied to your server. There is a process in the background where Salt's "state compiler" goes through several stages preparing the data in order to produce the highstate, but you don't really need to worry about those.
Things like the lowstate can help with debugging, but aren't necessary for day to day usage. The highstate is only applied once.