Retrieve EC2 instance data for minions for ec2_tags and ec2_tags_list
The minion id must be the AWS instance-id or value in tag_match_key
. For
example set tag_match_key
to Name
to have the minion-id matched against
the tag 'Name'. The tag contents must be unique. The value of
tag_match_value
can be 'uqdn' or 'asis'. if 'uqdn', then the domain will be
stripped before comparison.
Additionally, the use_grain
option can be set to True
. This allows the
use of an instance-id grain instead of the minion-id. Since this is a potential
security risk, the configuration can be further expanded to include a list of
minions that are trusted to only allow the alternate id of the instances to
specific hosts. There is no glob matching at this time.
Note
If you are using use_grain: True
in the configuration for this external
pillar module, the minion must have metadata_server_grains
enabled in the minion config file (see also here
).
It is important to also note that enabling the use_grain
option allows
the minion to manipulate the pillar data returned, as described above.
The optional tag_list_key
indicates which keys should be added to
ec2_tags_list
and be split by tag_list_sep
(by default ;
). If a tag
key is included in tag_list_key
it is removed from ec2_tags. If a tag does
not exist it is still included as an empty list.
As with any master configuration change, restart the salt-master daemon for changes to take effect.
ext_pillar:
- ec2_pillar:
tag_match_key: 'Name'
tag_match_value: 'asis'
tag_list_key:
- Role
tag_list_sep: ';'
use_grain: True
minion_ids:
- trusted-minion-1
- trusted-minion-2
- trusted-minion-3
This is a very simple pillar configuration that simply retrieves the instance data from AWS. Currently the only portion implemented are EC2 tags, which returns a list of key/value pairs for all of the EC2 tags assigned to the instance.
salt.pillar.ec2_pillar.
ext_pillar
(minion_id, pillar, use_grain=False, minion_ids=None, tag_match_key=None, tag_match_value='asis', tag_list_key=None, tag_list_sep=';')¶Execute a command and read the output as YAML