Right now when you set module_config entries in your pillar data
like this:
salt:
minion:
module_config:
smtp.from: 'Kali Salt <admins+salt@kali.org>'
smtp.to: 'Kali Admins <admins+salt@kali.org>'
smtp.host: localhost
smtp.subject: 'Results of salt actions on'
smtp.fields: id,fun
On each run, you will always a different ordering of the various
fields in the minion configuration file, leading to spurious restart
of the minion and admin annoyance:
ID: salt-minion
Function: file.recurse
Name: /etc/salt/minion.d
Result: True
Comment: Recursively updated /etc/salt/minion.d
Started: 13:39:25.689775
Duration: 874.318 ms
Changes:
----------
/etc/salt/minion.d/f_defaults.conf:
----------
diff:
---
+++
@@ -930,10 +930,10 @@
# A dict for the test module:
#test.baz: {spam: sausage, cheese: bread}
#
+smtp.fields: id,fun
+smtp.from: Kali Salt <admins+salt@kali.org>
smtp.to: Kali Admins <admins+salt@kali.org>
-smtp.fields: id,fun
smtp.host: localhost
-smtp.from: Kali Salt <admins+salt@kali.org>
smtp.subject: Results of salt actions on
With the change here, this bad behaviour is gone...
* CVE-2021-25283 enables Jinja2 safe mode, which breaks use of
`'dict' in x.__class__.__name__` workaround
* Workaround no longer needed as CentOS 6 is EOL
The user will already have it's /etc/salt/minion file, so it doesn't need all this info, and it makes easier to know what has been generated and what not
Salt writes it's schedule file to /etc/salt/{minion,master}.d/_schedule.conf
We don't want to stomp all over Salt's files, but we do want a pristine
starting point to lay down our managed config. So we use clean: True on the
file.recurse call, but we tell it to ignore files that start with an _
We have to rename the current config file (_defaults.conf) because it will be
ignored by the rule that ignores Salt's _* config files.
This also means we need to clean up old config files (_defaults.conf) and
restart the service if we cleaned it up.