SaltStack: from 1 blockreplace to N blockreplace

Introduction

Up to now we created one block in the /etc/sudoers file with N entries.

This is not a good solution, since sometimes we only want to update one system and give explicit pillar data. Then pillar.systems is a list with only one entry.

Old Code

etc_sudoers:
  file.blockreplace:
    - name: /etc/sudoers
    - marker_start: "# START managed zone etc_sudoers -DO-NOT-EDIT-"
    - marker_end: "# END managed zone etc_sudoers --"
    - content: |
{% for system_name in pillar.systems %}
        {{system_name}} ALL = NOPASSWD: /bin/systemctl restart apache2*
{% endfor %}

    - append_if_not_found: True
    - backup: '.bak'
    - show_changes: True

New Code

{% for system_name in pillar.systems %}
etc_sudoers_{{system_name}}:
  file.blockreplace:
    - name: /etc/sudoers
    - marker_start: "# START managed zone etc_sudoers_{{system_name}} -DO-NOT-EDIT-"
    - marker_end: "# END managed zone etc_sudoers_{{system_name}} --"
    - content: |
        {{system_name}} ALL = NOPASSWD: /bin/systemctl restart apache2*

    - append_if_not_found: True
    - backup: '.bak'
    - show_changes: True
{% endfor %}

Question

How to delete the old block which is still on the servers?

Related:


Leave a Reply