Salt States can aggressively manipulate files on a system. There are a number of ways in which files can be managed.
Regular files can be enforced with the file.managed
state. This state downloads files from the salt master and places them on the target system. Managed files can be rendered as a jinja, mako, or wempy template, adding a dynamic component to file management. An example of file.managed
which makes use of the jinja templating system would look like this:
/etc/http/conf/http.conf: file.managed: - source: salt://apache/http.conf - user: root - group: root - mode: 644 - attrs: ai - template: jinja - defaults: custom_var: "default value" other_var: 123 {% if grains['os'] == 'Ubuntu' %} - context: custom_var: "override" {% endif %}
It is also possible to use the py renderer
as a templating option. The template would be a Python script which would need to contain a function called run()
, which returns a string. All arguments to the state will be made available to the Python script as globals. The returned string will be the contents of the managed file. For example:
def run(): lines = ['foo', 'bar', 'baz'] lines.extend([source, name, user, context]) # Arguments as globals return '\n\n'.join(lines)
Note
The defaults
and context
arguments require extra indentation (four spaces instead of the normal two) in order to create a nested dictionary. More information.
If using a template, any user-defined template variables in the file defined in source
must be passed in using the defaults
and/or context
arguments. The general best practice is to place default values in defaults
, with conditional overrides going into context
, as seen above.
The template will receive a variable custom_var
, which would be accessed in the template using {{ custom_var }}
. If the operating system is Ubuntu, the value of the variable custom_var
would be override, otherwise it is the default default value
The source
parameter can be specified as a list. If this is done, then the first file to be matched will be the one that is used. This allows you to have a default file on which to fall back if the desired file does not exist on the salt fileserver. Here's an example:
/etc/foo.conf: file.managed: - source: - salt://foo.conf.{{ grains['fqdn'] }} - salt://foo.conf.fallback - user: foo - group: users - mode: 644 - attrs: i - backup: minion
Note
Salt supports backing up managed files via the backup option. For more details on this functionality please review the backup_mode documentation.
The source
parameter can also specify a file in another Salt environment. In this example foo.conf
in the dev
environment will be used instead.
/etc/foo.conf: file.managed: - source: - 'salt://foo.conf?saltenv=dev' - user: foo - group: users - mode: '0644' - attrs: i
Warning
When using a mode that includes a leading zero you must wrap the value in single quotes. If the value is not wrapped in quotes it will be read by YAML as an integer and evaluated as an octal.
The names
parameter, which is part of the state compiler, can be used to expand the contents of a single state declaration into multiple, single state declarations. Each item in the names
list receives its own individual state name
and is converted into its own low-data structure. This is a convenient way to manage several files with similar attributes.
salt_master_conf: file.managed: - user: root - group: root - mode: '0644' - names: - /etc/salt/master.d/master.conf: - source: salt://saltmaster/master.conf - /etc/salt/minion.d/minion-99.conf: - source: salt://saltmaster/minion.conf
Note
There is more documentation about this feature in the Names declaration section of the Highstate docs.
Special files can be managed via the mknod
function. This function will create and enforce the permissions on a special file. The function supports the creation of character devices, block devices, and FIFO pipes. The function will create the directory structure up to the special file if it is needed on the minion. The function will not overwrite or operate on (change major/minor numbers) existing special files with the exception of user, group, and permissions. In most cases the creation of some special files require root permissions on the minion. This would require that the minion to be run as the root user. Here is an example of a character device:
/var/named/chroot/dev/random: file.mknod: - ntype: c - major: 1 - minor: 8 - user: named - group: named - mode: 660
Here is an example of a block device:
/var/named/chroot/dev/loop0: file.mknod: - ntype: b - major: 7 - minor: 0 - user: named - group: named - mode: 660
Here is an example of a fifo pipe:
/var/named/chroot/var/log/logfifo: file.mknod: - ntype: p - user: named - group: named - mode: 660
Directories can be managed via the directory
function. This function can create and enforce the permissions on a directory. A directory statement will look like this:
/srv/stuff/substuf: file.directory: - user: fred - group: users - mode: 755 - makedirs: True
If you need to enforce user and/or group ownership or permissions recursively on the directory's contents, you can do so by adding a recurse
directive:
/srv/stuff/substuf: file.directory: - user: fred - group: users - mode: 755 - makedirs: True - recurse: - user - group - mode
As a default, mode
will resolve to dir_mode
and file_mode
, to specify both directory and file permissions, use this form:
/srv/stuff/substuf: file.directory: - user: fred - group: users - file_mode: 744 - dir_mode: 755 - makedirs: True - recurse: - user - group - mode
Symlinks can be easily created; the symlink function is very simple and only takes a few arguments:
/etc/grub.conf: file.symlink: - target: /boot/grub/grub.conf
Recursive directory management can also be set via the recurse
function. Recursive directory management allows for a directory on the salt master to be recursively copied down to the minion. This is a great tool for deploying large code and configuration systems. A state using recurse
would look something like this:
/opt/code/flask: file.recurse: - source: salt://code/flask - include_empty: True
A more complex recurse
example:
{% set site_user = 'testuser' %} {% set site_name = 'test_site' %} {% set project_name = 'test_proj' %} {% set sites_dir = 'test_dir' %} django-project: file.recurse: - name: {{ sites_dir }}/{{ site_name }}/{{ project_name }} - user: {{ site_user }} - dir_mode: 2775 - file_mode: '0644' - template: jinja - source: salt://project/templates_dir - include_empty: True
Retention scheduling can be applied to manage contents of backup directories. For example:
/var/backups/example_directory: file.retention_schedule: - strptime_format: example_name_%Y%m%dT%H%M%S.tar.bz2 - retain: most_recent: 5 first_of_hour: 4 first_of_day: 14 first_of_week: 6 first_of_month: 6 first_of_year: all
Make sure that the named file or directory is absent. If it exists, it will be deleted. This will work to reverse any of the functions in the file state module. If a directory is supplied, it will be recursively deleted.
Prepare accumulator which can be used in template in file.managed state. Accumulator dictionary becomes available in template. It can also be used in file.blockreplace.
name
)Example:
Given the following:
animals_doing_things: file.accumulated: - filename: /tmp/animal_file.txt - text: ' jumps over the lazy dog.' - require_in: - file: animal_file animal_file: file.managed: - name: /tmp/animal_file.txt - source: salt://animal_file.txt - template: jinja
One might write a template for animal_file.txt
like the following:
The quick brown fox{% for animal in accumulator['animals_doing_things'] %}{{ animal }}{% endfor %}
Collectively, the above states and template file will produce:
The quick brown fox jumps over the lazy dog.
Multiple accumulators can be "chained" together.
Note
The 'accumulator' data structure is a Python dictionary. Do not expect any loop over the keys in a deterministic order!
Ensure that some text appears at the end of a file.
The text will not be appended if it already exists in the file. A single string of text or a list of strings may be appended.
A single source file to append. This source file can be hosted on either the salt master server, or on an HTTP or FTP server. Both HTTPS and HTTP are supported as well as downloading directly from Amazon S3 compatible URLs with both pre-configured and automatic IAM credentials (see s3.get state documentation). File retrieval from Openstack Swift object storage is supported via swift://container/object_path URLs (see swift.get documentation).
For files hosted on the salt file server, if the file is located on the master in the directory named spam, and is called eggs, the source string is salt://spam/eggs.
If the file is hosted on an HTTP or FTP server, the source_hash argument is also required.
The function accepts the first encountered long unbroken alphanumeric string of correct length as a valid hash, in order from most secure to least secure:
Type Length ====== ====== sha512 128 sha384 96 sha256 64 sha224 56 sha1 40 md5 32
See the source_hash
parameter description for file.managed
function for more details and examples.
The named templating engine will be used to render the appended-to file. Defaults to jinja
. The following templates are supported:
New in version 2015.8.4.
Spaces and Tabs in text are ignored by default, when searching for the appending content, one space or multiple tabs are the same for salt. Set this option to False
if you want to change this behavior.
Multi-line example:
/etc/motd: file.append: - text: | Thou hadst better eat salt with the Philosophers of Greece, than sugar with the Courtiers of Italy. - Benjamin Franklin
Multiple lines of text:
/etc/motd: file.append: - text: - Trust no one unless you have eaten much salt with him. - "Salt is born of the purest of parents: the sun and the sea."
Gather text from multiple template files:
/etc/motd: file: - append - template: jinja - sources: - salt://motd/devops-messages.tmpl - salt://motd/hr-messages.tmpl - salt://motd/general-messages.tmpl
New in version 0.9.5.
Maintain an edit in a file in a zone delimited by two line markers
New in version 2014.1.0.
Changed in version 2017.7.5,2018.3.1: append_newline
argument added. Additionally, to improve idempotence, if the string represented by marker_end
is found in the middle of the line, the content preceding the marker will be removed when the block is replaced. This allows one to remove append_newline: False
from the SLS and have the block properly replaced if the end of the content block is immediately followed by the marker_end
(i.e. no newline before the marker).
A block of content delimited by comments can help you manage several lines entries without worrying about old entries removal. This can help you maintaining an un-managed file containing manual edits.
Note
This function will store two copies of the file in-memory (the original version and the edited version) in order to detect changes and only edit the targeted file if necessary.
Additionally, you can use file.accumulated
and target this state. All accumulated data dictionaries' content will be added in the content block.
marker_start
and marker_end
The source file to download to the minion, this source file can be hosted on either the salt master server, or on an HTTP or FTP server. Both HTTPS and HTTP are supported as well as downloading directly from Amazon S3 compatible URLs with both pre-configured and automatic IAM credentials. (see s3.get state documentation) File retrieval from Openstack Swift object storage is supported via swift://container/object_path URLs, see swift.get documentation. For files hosted on the salt file server, if the file is located on the master in the directory named spam, and is called eggs, the source string is salt://spam/eggs. If source is left blank or None (use ~ in YAML), the file will be created as an empty file and the content will not be managed. This is also the case when a file already exists and the source is undefined; the contents of the file will not be changed or managed.
If the file is hosted on a HTTP or FTP server then the source_hash argument is also required.
A list of sources can also be passed in to provide a default source and a set of fallbacks. The first source in the list that is found to exist will be used and subsequent entries in the list will be ignored.
file_override_example:
file.blockreplace:
- name: /etc/example.conf
- source:
- salt://file_that_does_not_exist
- salt://file_that_exists
The function accepts the first encountered long unbroken alphanumeric string of correct length as a valid hash, in order from most secure to least secure:
Type Length ====== ====== sha512 128 sha384 96 sha256 64 sha224 56 sha1 40 md5 32
See the source_hash
parameter description for file.managed
function for more details and examples.
Templating engine to be used to render the downloaded file. The following engines are supported:
True
, the content block will be appended to the file.True
, the content block will be prepended to the file.False
to skip making a backup.True
, do not make any edits to the file and simply return the changes that would be made.True
, the Changes
section of the state return will contain a unified diff of the changes made. If False, then it will contain a boolean (True
if any changes were made, otherwise False
).Controls whether or not a newline is appended to the content block. If the value of this argument is True
then a newline will be added to the content block. If it is False
, then a newline will not be added to the content block. If it is unspecified, then a newline will only be added to the content block if it does not already end in a newline.
New in version 2017.7.5,2018.3.1.
Example of usage with an accumulator and with a variable:
{% set myvar = 42 %} hosts-config-block-{{ myvar }}: file.blockreplace: - name: /etc/hosts - marker_start: "# START managed zone {{ myvar }} -DO-NOT-EDIT-" - marker_end: "# END managed zone {{ myvar }} --" - content: 'First line of content' - append_if_not_found: True - backup: '.bak' - show_changes: True hosts-config-block-{{ myvar }}-accumulated1: file.accumulated: - filename: /etc/hosts - name: my-accumulator-{{ myvar }} - text: "text 2" - require_in: - file: hosts-config-block-{{ myvar }} hosts-config-block-{{ myvar }}-accumulated2: file.accumulated: - filename: /etc/hosts - name: my-accumulator-{{ myvar }} - text: | text 3 text 4 - require_in: - file: hosts-config-block-{{ myvar }}
will generate and maintain a block of content in /etc/hosts
:
# START managed zone 42 -DO-NOT-EDIT- First line of content text 2 text 3 text 4 # END managed zone 42 --
New in version 2017.7.3.
Ensures that a file is saved to the minion's cache. This state is primarily invoked by other states to ensure that we do not re-download a source file if we do not need to.
The URL of the file to be cached. To cache a file from an environment other than base
, either use the saltenv
argument or include the saltenv in the URL (e.g. salt://path/to/file.conf?saltenv=dev
).
Note
A list of URLs is not supported, this must be a single URL. If a local file is passed here, then the state will obviously not try to download anything, but it will compare a hash if one is specified.
See the documentation for this same argument in the file.managed
state.
Note
For remote files not originating from the salt://
fileserver, such as http(s) or ftp servers, this state will not re-download the file if the locally-cached copy matches this hash. This is done to prevent unnecessary downloading on repeated runs of this state. To update the cached copy of a file, it is necessary to update this hash.
file.managed
state.See the documentation for this same argument in the file.managed
state.
Note
Setting this to True
will result in a copy of the file being downloaded from a remote (http(s), ftp, etc.) source each time the state is run.
salt://
URL).This state will in most cases not be useful in SLS files, but it is useful when writing a state or remote-execution module that needs to make sure that a file at a given URL has been downloaded to the cachedir. One example of this is in the archive.extracted
state:
result = __states__['file.cached'](source_match, source_hash=source_hash, source_hash_name=source_hash_name, skip_verify=skip_verify, saltenv=__env__)
This will return a dictionary containing the state's return data, including a result
key which will state whether or not the state was successful. Note that this will not catch exceptions, so it is best used within a try/except.
Once this state has been run from within another state or remote-execution module, the actual location of the cached file can be obtained using cp.is_cached
:
cached = __salt__['cp.is_cached'](source_match, saltenv=__env__)
This function will return the cached path of the file, or an empty string if the file is not present in the minion cache.
Comment out specified lines in a file.
^
or $
characters outside the parenthesis (e.g., the pattern ^foo$
will be rewritten as ^(foo)$
) Note that you _need_ the leading ^, otherwise each time you run highstate, another comment char will be inserted.#
.bak
The file will be backed up before edit with this file extension
Warning
This backup will be overwritten each time sed
/ comment
/ uncomment
is called. Meaning the backup will only be useful after the first invocation.
Set to False/None to not keep a backup.
Usage:
/etc/fstab: file.comment: - regex: ^bind 127.0.0.1
New in version 0.9.5.
If the file defined by the source
option exists on the minion, copy it to the named path. The file will not be overwritten if it already exists, unless the force
option is set to True
.
Note
This state only copies files from one location on a minion to another location on the same minion. For copying files from the master, use a file.managed
state.
New in version 2015.5.0.
Set preserve: True
to preserve user/group ownership and mode after copying. Default is False
. If preserve
is set to True
, then user/group/mode attributes will be ignored.
New in version 2015.5.0.
The user to own the copied file, this defaults to the user salt is running as on the minion. If preserve
is set to True
, then this will be ignored
New in version 2015.5.0.
The group to own the copied file, this defaults to the group salt is running as on the minion. If preserve
is set to True
or on Windows this will be ignored
New in version 2015.5.0.
The permissions to set on the copied file, aka 644, '0775', '4664'. If preserve
is set to True
, then this will be ignored. Not supported on Windows.
The default mode for new files and directories corresponds umask of salt process. For existing files and directories it's not enforced.
New in version 2015.5.0.
If the name is a directory then place the file inside the named directory
Note
The copy function accepts paths that are local to the Salt minion. This function does not support salt://, http://, or the other additional file paths that are supported by states.file.managed
and states.file.recurse
.
Decode an encoded file and write it to disk
New in version 2016.3.0.
contents_pillar
must be specified.pillar.get
. The hashutil.base64_encodefile
function can load encoded content into Pillar. Either this option or encoded_data
must be specified.base64
md5
hashutil.digest
execution function.Usage:
write_base64_encoded_string_to_a_file: file.decode: - name: /tmp/new_file - encoding_type: base64 - contents_pillar: mypillar:thefile # or write_base64_encoded_string_to_a_file: file.decode: - name: /tmp/new_file - encoding_type: base64 - encoded_data: | Z2V0IHNhbHRlZAo=
Be careful with multi-line strings that the YAML indentation is correct. E.g.,
write_base64_encoded_string_to_a_file: file.decode: - name: /tmp/new_file - encoding_type: base64 - encoded_data: | {{ salt.pillar.get('path:to:data') | indent(8) }}
Ensure that a named directory is present and has the right perms
Enforce user/group ownership and mode of directory recursively. Accepts a list of strings representing what you would like to recurse. If mode
is defined, will recurse on both file_mode
and dir_mode
if they are defined. If ignore_files
or ignore_dirs
is included, files or directories will be left unchanged respectively. Example:
/var/log/httpd: file.directory: - user: root - group: root - dir_mode: 755 - file_mode: 644 - recurse: - user - group - mode
Leave files or directories unchanged:
/var/log/httpd: file.directory: - user: root - group: root - dir_mode: 755 - file_mode: 644 - recurse: - user - group - mode - ignore_dirs
New in version 2015.5.0.
Limit the recursion depth. The default is no limit=None. 'max_depth' and 'clean' are mutually exclusive.
New in version 2016.11.0.
The permissions mode to set any directories created. Not supported on Windows.
The default mode for new files and directories corresponds umask of salt process. For existing files and directories it's not enforced.
The permissions mode to set any files created if 'mode' is run in 'recurse'. This defaults to dir_mode. Not supported on Windows.
The default mode for new files and directories corresponds umask of salt process. For existing files and directories it's not enforced.
If the desired path is a symlink (or recurse
is defined and a symlink is encountered while recursing), follow it and check the permissions of the directory/file to which the symlink points.
New in version 2014.1.4.
If the name of the directory exists and is not a directory and force is set to False, the state will fail. If force is set to True, the file in the way of the directory will be deleted to make room for the directory, unless backupname is set, then it will be renamed.
New in version 2014.7.0.
If the name of the directory exists and is not a directory, it will be renamed to the backupname. If the backupname already exists and force is False, the state will fail. Otherwise, the backupname will be removed first.
New in version 2014.7.0.
If allow_symlink is True and the specified path is a symlink, it will be allowed to remain if it points to a directory. If allow_symlink is False then the state will fail, unless force is also set to True, in which case it will be removed or renamed, depending on the value of the backupname argument.
New in version 2014.7.0.
The owner of the directory. If this is not passed, user will be used. If user is not passed, the account under which Salt is running will be used.
New in version 2017.7.0.
A dictionary containing permissions to grant and their propagation. For example: {'Administrators': {'perms': 'full_control', 'applies_to':
'this_folder_only'}}
Can be a single basic perm or a list of advanced perms. perms
must be specified. applies_to
is optional and defaults to this_folder_subfoler_files
.
New in version 2017.7.0.
A dictionary containing permissions to deny and their propagation. For example: {'Administrators': {'perms': 'full_control', 'applies_to':
'this_folder_only'}}
Can be a single basic perm or a list of advanced perms.
New in version 2017.7.0.
True to inherit permissions from the parent directory, False not to inherit permission.
New in version 2017.7.0.
If True
the existing DACL will be cleared and replaced with the settings defined in this function. If False
, new entries will be appended to the existing DACL. Default is False
.
New in version 2018.3.0.
Here's an example using the above win_*
parameters:
create_config_dir: file.directory: - name: 'C:\config\' - win_owner: Administrators - win_perms: # Basic Permissions dev_ops: perms: full_control # List of advanced permissions appuser: perms: - read_attributes - read_ea - create_folders - read_permissions applies_to: this_folder_only joe_snuffy: perms: read applies_to: this_folder_files - win_deny_perms: fred_snuffy: perms: full_control - win_inheritance: False
Verify that the named file or directory is present or exists. Ensures pre-requisites outside of Salt's purview (e.g., keytabs, private keys, etc.) have been previously satisfied before deployment.
This function does not create the file if it doesn't exist, it will return an error.
Line-based editing of a file.
New in version 2015.8.0.
Parameters: |
|
---|
If an equal sign (=
) appears in an argument to a Salt command, it is interpreted as a keyword argument in the format of key=val
. That processing can be bypassed in order to pass an equal sign through to the remote shell command by manually specifying the kwarg:
update_config: file.line: - name: /etc/myconfig.conf - mode: ensure - content: my key = my value - before: somekey.*?
Manage a given file, this function allows for a file to be downloaded from the salt master and potentially run through a templating system.
The source file to download to the minion, this source file can be hosted on either the salt master server (salt://
), the salt minion local file system (/
), or on an HTTP or FTP server (http(s)://
, ftp://
).
Both HTTPS and HTTP are supported as well as downloading directly from Amazon S3 compatible URLs with both pre-configured and automatic IAM credentials. (see s3.get state documentation) File retrieval from Openstack Swift object storage is supported via swift://container/object_path URLs, see swift.get documentation. For files hosted on the salt file server, if the file is located on the master in the directory named spam, and is called eggs, the source string is salt://spam/eggs. If source is left blank or None (use ~ in YAML), the file will be created as an empty file and the content will not be managed. This is also the case when a file already exists and the source is undefined; the contents of the file will not be changed or managed.
If the file is hosted on a HTTP or FTP server then the source_hash argument is also required.
A list of sources can also be passed in to provide a default source and a set of fallbacks. The first source in the list that is found to exist will be used and subsequent entries in the list will be ignored. Source list functionality only supports local files and remote files hosted on the salt master server or retrievable via HTTP, HTTPS, or FTP.
file_override_example:
file.managed:
- source:
- salt://file_that_does_not_exist
- salt://file_that_exists
The function accepts the first encountered long unbroken alphanumeric string of correct length as a valid hash, in order from most secure to least secure:
Type Length ====== ====== sha512 128 sha384 96 sha256 64 sha224 56 sha1 40 md5 32
The file can contain several checksums for several files. Each line must contain both the file name and the hash. If no file name is matched, the first hash encountered will be used, otherwise the most secure hash with the correct source file name will be used.
When using a source hash file the source_hash argument needs to be a url, the standard download urls are supported, ftp, http, salt etc:
Example:
tomdroid-src-0.7.3.tar.gz: file.managed: - name: /tmp/tomdroid-src-0.7.3.tar.gz - source: https://launchpad.net/tomdroid/beta/0.7.3/+download/tomdroid-src-0.7.3.tar.gz - source_hash: https://launchpad.net/tomdroid/beta/0.7.3/+download/tomdroid-src-0.7.3.hash
The following lines are all supported formats:
/etc/rc.conf ef6e82e4006dee563d98ada2a2a80a27 sha254c8525aee419eb649f0233be91c151178b30f0dff8ebbdcc8de71b1d5c8bcc06a /etc/resolv.conf ead48423703509d37c4a90e6a0d53e143b6fc268
Debian file type *.dsc
files are also supported.
Inserting the Source Hash in the SLS Data
The source_hash can be specified as a simple checksum, like so:
tomdroid-src-0.7.3.tar.gz: file.managed: - name: /tmp/tomdroid-src-0.7.3.tar.gz - source: https://launchpad.net/tomdroid/beta/0.7.3/+download/tomdroid-src-0.7.3.tar.gz - source_hash: 79eef25f9b0b2c642c62b7f737d4f53f
Note
Releases prior to 2016.11.0 must also include the hash type, like in the below example:
tomdroid-src-0.7.3.tar.gz:
file.managed:
- name: /tmp/tomdroid-src-0.7.3.tar.gz
- source: https://launchpad.net/tomdroid/beta/0.7.3/+download/tomdroid-src-0.7.3.tar.gz
- source_hash: md5=79eef25f9b0b2c642c62b7f737d4f53f
If the remote server URL has the hash file as an apparent sub-directory of the source file, the module will discover that it has already cached a directory where a file should be cached. For example:
tomdroid-src-0.7.3.tar.gz:
file.managed:
- name: /tmp/tomdroid-src-0.7.3.tar.gz
- source: https://launchpad.net/tomdroid/beta/0.7.3/+download/tomdroid-src-0.7.3.tar.gz
- source_hash: https://launchpad.net/tomdroid/beta/0.7.3/+download/tomdroid-src-0.7.3.tar.gz/+md5
When source_hash
refers to a hash file, Salt will try to find the correct hash by matching the filename/URI associated with that hash. By default, Salt will look for the filename being managed. When managing a file at path /tmp/foo.txt
, then the following line in a hash file would match:
acbd18db4cc2f85cedef654fccc4a4d8 foo.txt
However, sometimes a hash file will include multiple similar paths:
37b51d194a7513e45b56f6524f2d51f2 ./dir1/foo.txt acbd18db4cc2f85cedef654fccc4a4d8 ./dir2/foo.txt 73feffa4b7f6bb68e44cf984c85f6e88 ./dir3/foo.txt
In cases like this, Salt may match the incorrect hash. This argument can be used to tell Salt which filename to match, to ensure that the correct hash is identified. For example:
/tmp/foo.txt: file.managed: - source: https://mydomain.tld/dir2/foo.txt - source_hash: https://mydomain.tld/hashes - source_hash_name: ./dir2/foo.txt
Note
This argument must contain the full filename entry from the checksum file, as this argument is meant to disambiguate matches for multiple files that have the same basename. So, in the example above, simply using foo.txt
would not match.
New in version 2016.3.5.
Set to False
to discard the cached copy of the source file once the state completes. This can be useful for larger files to keep them from taking up space in minion cache. However, keep in mind that discarding the source file will result in the state needing to re-download the source file if the state is run again.
New in version 2017.7.3.
The permissions to set on this file, e.g. 644
, 0775
, or 4664
.
The default mode for new files and directories corresponds to the umask of the salt process. The mode of existing files and directories will only be changed if mode
is specified.
Note
This option is not supported on Windows.
Changed in version 2016.11.0: This option can be set to keep
, and Salt will keep the mode from the Salt fileserver. This is only supported when the source
URL begins with salt://
, or for files local to the minion. Because the source
option cannot be used with any of the contents
options, setting the mode
to keep
is also incompatible with the contents
options.
Note
keep does not work with salt-ssh.
As a consequence of how the files are transferred to the minion, and the inability to connect back to the master with salt-ssh, salt is unable to stat the file as it exists on the fileserver and thus cannot mirror the mode on the salt-ssh minion
The attributes to have on this file, e.g. a
, i
. The attributes can be any or a combination of the following characters: aAcCdDeijPsStTu
.
Note
This option is not supported on Windows.
New in version 2018.3.0.
If this setting is applied, the named templating engine will be used to render the downloaded file. The following templates are supported:
True
, then the parent directories will be created to facilitate the creation of the named file. If False
, and the parent directory of the destination file doesn't exist, the state will fail.If directories are to be created, passing this option specifies the permissions for those directories. If this is not set, directories will be assigned permissions by adding the execute bit to the mode of the files.
The default mode for new files and directories corresponds umask of salt process. For existing files and directories it's not enforced.
False
and the file already exists, the file will not be modified even if changes would otherwise be made. Permissions and ownership will still be enforced, however.False
return a boolean if any changes were made.False
, then the file will only be managed if the file already exists on the system.Specify the contents of the file. Cannot be used in combination with source
. Ignores hashes and does not use a templating engine.
This value can be either a single string, a multiline YAML string or a list of strings. If a list of strings, then the strings will be joined together with newlines in the resulting file. For example, the below two example states would result in identical file contents:
/path/to/file1:
file.managed:
- contents:
- This is line 1
- This is line 2
/path/to/file2:
file.managed:
- contents: |
This is line 1
This is line 2
New in version 0.17.0.
Changed in version 2016.11.0: contents_pillar can also be a list, and the pillars will be concatinated together to form one file.
Operates like contents
, but draws from a value stored in pillar, using the pillar path syntax used in pillar.get
. This is useful when the pillar value contains newlines, as referencing a pillar variable using a jinja/mako template can result in YAML formatting issues due to the newlines causing indentation mismatches.
For example, the following could be used to deploy an SSH private key:
/home/deployer/.ssh/id_rsa: file.managed: - user: deployer - group: deployer - mode: 600 - attrs: a - contents_pillar: userdata:deployer:id_rsa
This would populate /home/deployer/.ssh/id_rsa
with the contents of pillar['userdata']['deployer']['id_rsa']
. An example of this pillar setup would be like so:
userdata: deployer: id_rsa: | -----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAoQiwO3JhBquPAalQF9qP1lLZNXVjYMIswrMe2HcWUVBgh+vY U7sCwx/dH6+VvNwmCoqmNnP+8gTPKGl1vgAObJAnMT623dMXjVKwnEagZPRJIxDy B/HaAre9euNiY3LvIzBTWRSeMfT+rWvIKVBpvwlgGrfgz70m0pqxu+UyFbAGLin+ GpxzZAMaFpZw4sSbIlRuissXZj/sHpQb8p9M5IeO4Z3rjkCP1cxI -----END RSA PRIVATE KEY-----
Note
The private key above is shortened to keep the example brief, but shows how to do multiline string in YAML. The key is followed by a pipe character, and the mutliline string is indented two more spaces.
To avoid the hassle of creating an indented multiline YAML string, the file_tree external pillar
can be used instead. However, this will not work for binary files in Salt releases before 2015.8.4.
New in version 2014.7.0.
Operates like contents
, but draws from a value stored in grains, using the grains path syntax used in grains.get
. This functionality works similarly to contents_pillar
, but with grains.
For example, the following could be used to deploy a "message of the day" file:
write_motd: file.managed: - name: /etc/motd - contents_grains: motd
This would populate /etc/motd
file with the contents of the motd
grain. The motd
grain is not a default grain, and would need to be set prior to running the state:
salt '*' grains.set motd 'Welcome! This system is managed by Salt.'
New in version 2014.7.0.
Changed in version 2015.8.4: This option is now ignored if the contents being deployed contain binary data.
If True
, files managed using contents
, contents_pillar
, or contents_grains
will have a newline added to the end of the file if one is not present. Setting this option to False
will omit this final newline.
New in version 2015.8.4.
Can be used to specify an alternate delimiter for contents_pillar
or contents_grains
. This delimiter will be passed through to pillar.get
or grains.get
when retrieving the contents.
If specified, then the specified encoding will be used. Otherwise, the file will be encoded using the system locale (usually UTF-8). See https://docs.python.org/3/library/codecs.html#standard-encodings for the list of available encodings.
New in version 2017.7.0.
Error encoding scheme. Default is `'strict'`
. See https://docs.python.org/2/library/codecs.html#codec-base-classes for the list of available schemes.
New in version 2017.7.0.
New in version 2015.8.4.
If set to False
, then the state will fail if the contents specified by contents_pillar
or contents_grains
are empty.
New in version 2014.7.0.
If the desired path is a symlink follow it and make changes to the file to which the symlink points.
New in version 2014.7.0.
The specified command will be run with an appended argument of a temporary file containing the new managed contents. If the command exits with a zero status the new managed contents will be written to the managed destination. If the command exits with a nonzero exit code, the state will fail and no changes will be made to the file.
For example, the following could be used to verify sudoers before making changes:
/etc/sudoers: file.managed: - user: root - group: root - mode: 0440 - attrs: i - source: salt://sudoers/files/sudoers.jinja - template: jinja - check_cmd: /usr/sbin/visudo -c -f
NOTE: This check_cmd
functions differently than the requisite check_cmd
.
Directory for temp file created by check_cmd
. Useful for checkers dependent on config file location (e.g. daemons restricted to their own config directories by an apparmor profile).
/etc/dhcp/dhcpd.conf:
file.managed:
- user: root
- group: root
- mode: 0755
- tmp_dir: '/etc/dhcp'
- contents: "#ManagedbySalt"
- check_cmd: dhcpd -t -cf
Suffix for temp file created by check_cmd
. Useful for checkers dependent on config file extension (e.g. the init-checkconf upstart config checker).
/etc/init/test.conf:
file.managed:
- user: root
- group: root
- mode: 0440
- tmp_ext: '.conf'
- contents:
- 'description"SaltMinion"'
- 'startonstartedmountall'
- 'stoponshutdown'
- 'respawn'
- 'execsalt-minion'
- check_cmd: init-checkconf -f
If True
, hash verification of remote file sources (http://
, https://
, ftp://
) will be skipped, and the source_hash
argument will be ignored.
New in version 2016.3.0.
The owner of the directory. If this is not passed, user will be used. If user is not passed, the account under which Salt is running will be used.
New in version 2017.7.0.
A dictionary containing permissions to grant and their propagation. For example: {'Administrators': {'perms': 'full_control'}}
Can be a single basic perm or a list of advanced perms. perms
must be specified. applies_to
does not apply to file objects.
New in version 2017.7.0.
A dictionary containing permissions to deny and their propagation. For example: {'Administrators': {'perms': 'full_control'}}
Can be a single basic perm or a list of advanced perms. perms
must be specified. applies_to
does not apply to file objects.
New in version 2017.7.0.
True to inherit permissions from the parent directory, False not to inherit permission.
New in version 2017.7.0.
If True
the existing DACL will be cleared and replaced with the settings defined in this function. If False
, new entries will be appended to the existing DACL. Default is False
.
New in version 2018.3.0.
Here's an example using the above win_*
parameters:
create_config_file: file.managed: - name: C:\config\settings.cfg - source: salt://settings.cfg - win_owner: Administrators - win_perms: # Basic Permissions dev_ops: perms: full_control # List of advanced permissions appuser: perms: - read_attributes - read_ea - create_folders - read_permissions joe_snuffy: perms: read - win_deny_perms: fred_snuffy: perms: full_control - win_inheritance: False
Verify that the named file or directory is missing, this returns True only if the named file is missing but does not remove the file if it is present.
Create a special file similar to the 'nix mknod command. The supported device types are p
(fifo pipe), c
(character device), and b
(block device). Provide the major and minor numbers when specifying a character device or block device. A fifo pipe does not require this information. The command will create the necessary dirs if needed. If a file of the same name not of the same type/major/minor exists, it will not be overwritten or unlinked (deleted). This is logically in place as a safety measure because you can really shoot yourself in the foot here and it is the behavior of 'nix mknod
. It is also important to note that not just anyone can create special devices. Usually this is only done as root. If the state is executed as none other than root on a minion, you may receive a permission error.
Usage:
/dev/chr: file.mknod: - ntype: c - major: 180 - minor: 31 - user: root - group: root - mode: 660 /dev/blk: file.mknod: - ntype: b - major: 8 - minor: 999 - user: root - group: root - mode: 660 /dev/fifo: file.mknod: - ntype: p - user: root - group: root - mode: 660
New in version 0.17.0.
Execute the check_cmd logic.
Return a result dict if check_cmd
succeeds (check_cmd == 0) otherwise return True
New in version 2017.7.3.
Ensures that a file is saved to the minion's cache. This state is primarily invoked by other states to ensure that we do not re-download a source file if we do not need to.
The URL of the file to be cached. To cache a file from an environment other than base
, either use the saltenv
argument or include the saltenv in the URL (e.g. salt://path/to/file.conf?saltenv=dev
).
Note
A list of URLs is not supported, this must be a single URL. If a local file is passed here, the state will take no action.
salt://
URL).Ensure that a patch has been applied to the specified file or directory
Changed in version 2019.2.0: The hash
and dry_run_first
options are now ignored, as the logic which determines whether or not the patch has already been applied no longer requires them. Additionally, this state now supports patch files that modify more than one file. To use these sort of patches, specify a directory (and, if necessary, the strip
option) instead of a file.
Note
A suitable patch
executable must be available on the minion. Also, keep in mind that the pre-check this state does to determine whether or not changes need to be made will create a temp file and send all patch output to that file. This means that, in the event that the patch would not have applied cleanly, the comment included in the state results will reference a temp file that will no longer exist once the state finishes running.
The patch file to apply
Changed in version 2019.2.0: The source can now be from any file source supported by Salt (salt://
, http://
, https://
, ftp://
, etc.). Templating is also now supported.
Works the same way as in file.managed
.
New in version 2019.2.0.
Works the same way as in file.managed
New in version 2019.2.0.
Works the same way as in file.managed
New in version 2019.2.0.
Works the same way as in file.managed
New in version 2019.2.0.
Works the same way as in file.managed
New in version 2019.2.0.
Works the same way as in file.managed
New in version 2019.2.0.
Extra options to pass to patch. This should not be necessary in most cases.
Note
For best results, short opts should be separate from one another. The -N
and -r
, and -o
options are used internally by this state and cannot be used here. Additionally, instead of using -pN
or --strip=N
, use the strip
option documented below.
If specified, any rejected hunks will be written to this file. If not specified, then they will be written to a temp file which will be deleted when the state finishes running.
Important
The parent directory must exist. Also, this will overwrite the file if it is already present.
New in version 2019.2.0.
Number of directories to strip from paths in the patch file. For example, using the below SLS would instruct Salt to use -p1
when applying the patch:
/etc/myfile.conf: file.patch: - source: salt://myfile.patch - strip: 1
New in version 2019.2.0: In previous versions, -p1
would need to be passed as part of the options
value.
Specify the environment from which to retrieve the patch file indicated by the source
parameter. If not provided, this defaults to the environment from which the state is being executed.
Note
Ignored when the patch file is from a non-salt://
source.
Usage:
# Equivalent to ``patch --forward /opt/myfile.txt myfile.patch`` /opt/myfile.txt: file.patch: - source: salt://myfile.patch
Ensure that some text appears at the beginning of a file
The text will not be prepended again if it already exists in the file. You may specify a single line of text or a list of lines to append.
A single source file to append. This source file can be hosted on either the salt master server, or on an HTTP or FTP server. Both HTTPS and HTTP are supported as well as downloading directly from Amazon S3 compatible URLs with both pre-configured and automatic IAM credentials (see s3.get state documentation). File retrieval from Openstack Swift object storage is supported via swift://container/object_path URLs (see swift.get documentation).
For files hosted on the salt file server, if the file is located on the master in the directory named spam, and is called eggs, the source string is salt://spam/eggs.
If the file is hosted on an HTTP or FTP server, the source_hash argument is also required.
The function accepts the first encountered long unbroken alphanumeric string of correct length as a valid hash, in order from most secure to least secure:
Type Length ====== ====== sha512 128 sha384 96 sha256 64 sha224 56 sha1 40 md5 32
See the source_hash
parameter description for file.managed
function for more details and examples.
The named templating engine will be used to render the appended-to file. Defaults to jinja
. The following templates are supported:
New in version 2015.8.4.
Spaces and Tabs in text are ignored by default, when searching for the appending content, one space or multiple tabs are the same for salt. Set this option to False
if you want to change this behavior.
Multi-line example:
/etc/motd: file.prepend: - text: | Thou hadst better eat salt with the Philosophers of Greece, than sugar with the Courtiers of Italy. - Benjamin Franklin
Multiple lines of text:
/etc/motd: file.prepend: - text: - Trust no one unless you have eaten much salt with him. - "Salt is born of the purest of parents: the sun and the sea."
Optionally, require the text to appear exactly as specified (order and position). Combine with multi-line or multiple lines of input.
/etc/motd: file.prepend: - header: True - text: - This will be the very first line in the file. - The 2nd line, regardless of duplicates elsewhere in the file. - These will be written anew if they do not appear verbatim.
Gather text from multiple template files:
/etc/motd: file: - prepend - template: jinja - sources: - salt://motd/devops-messages.tmpl - salt://motd/hr-messages.tmpl - salt://motd/general-messages.tmpl
New in version 2014.7.0.
Recurse through a subdirectory on the master and copy said subdirectory over to the specified path.
Set to False
to discard the cached copy of the source file once the state completes. This can be useful for larger files to keep them from taking up space in minion cache. However, keep in mind that discarding the source file will result in the state needing to re-download the source file if the state is run again.
New in version 2017.7.3.
The permissions mode to set on any directories created.
The default mode for new files and directories corresponds umask of salt process. For existing files and directories it's not enforced.
Note
This option is not supported on Windows.
The permissions mode to set on any files created.
The default mode for new files and directories corresponds umask of salt process. For existing files and directories it's not enforced.
Note
This option is not supported on Windows.
Changed in version 2016.11.0: This option can be set to keep
, and Salt will keep the mode from the Salt fileserver. This is only supported when the source
URL begins with salt://
, or for files local to the minion. Because the source
option cannot be used with any of the contents
options, setting the mode
to keep
is also incompatible with the contents
options.
The permissions mode to set on any symlink created.
The default mode for new files and directories corresponds umask of salt process. For existing files and directories it's not enforced.
Note
This option is not supported on Windows.
If this setting is applied, the named templating engine will be used to render the downloaded file. The following templates are supported:
Note
The template option is required when recursively applying templates.
False
and the file already exists, the file will not be modified even if changes would otherwise be made. Permissions and ownership will still be enforced, however.When copying, include only this pattern from the source. Default is glob match; if prefixed with 'E@', then regexp match. Example:
- include_pat: hello* :: glob matches 'hello01', 'hello02'
... but not 'otherhello'
- include_pat: E@hello :: regexp matches 'otherhello',
'hello01' ...
Exclude this pattern from the source when copying. If both include_pat and exclude_pat are supplied, then it will apply conditions cumulatively. i.e. first select based on include_pat, and then within that result apply exclude_pat.
Also, when 'clean=True', exclude this pattern from the removal list and preserve in the destination. Example:
- exclude_pat: APPDATA* :: glob matches APPDATA.01,
APPDATA.02,.. for exclusion
- exclude_pat: E@(APPDATA)|(TEMPDATA) :: regexp matches APPDATA
or TEMPDATA for exclusion
When copying, only copy paths which are of depth maxdepth from the source path. Example:
- maxdepth: 0 :: Only include files located in the source
directory
- maxdepth: 1 :: Only include files located in the source
or immediate subdirectories
The owner of the symlink and directories if makedirs
is True. If this is not passed, user
will be used. If user
is not passed, the account under which Salt is running will be used.
New in version 2017.7.7.
A dictionary containing permissions to grant
New in version 2017.7.7.
A dictionary containing permissions to deny
New in version 2017.7.7.
True to inherit permissions from parent, otherwise False
New in version 2017.7.7.
If the source file exists on the system, rename it to the named file. The named file will not be overwritten if it already exists unless the force option is set to True.
Maintain an edit in a file.
New in version 0.17.0.
A regular expression, to be matched using Python's re.search()
.
Note
If you need to match a literal string that contains regex special characters, you may want to use salt's custom Jinja filter, regex_escape
.
{{ 'http://example.com?foo=bar%20baz' | regex_escape }}
A list of flags defined in the re
module documentation from the Python standard library. Each list item should be a string that will correlate to the human-friendly flag name. E.g., ['IGNORECASE',
'MULTILINE']
. Optionally, flags
may be an int, with a value corresponding to the XOR (|
) of all the desired flags. Defaults to 8
(which equates to ['MULTILINE']
).
Note
file.replace
reads the entire file as a string to support multiline regex patterns. Therefore, when using anchors such as ^
or $
in the pattern, those anchors may be relative to the line OR relative to the file. The default for file.replace
is to treat anchors as relative to the line, which is implemented by setting the default value of flags
to ['MULTILINE']
. When overriding the default value for flags
, if 'MULTILINE'
is not present then anchors will be relative to the file. If the desired behavior is for anchors to be relative to the line, then simply add 'MULTILINE'
to the list of flags.
1
processes one line at a time. The special value file
may be specified which will read the entire file into memory before processing.If set to True
, and pattern is not found, then the content will be appended to the file.
New in version 2014.7.0.
If set to True
and pattern is not found, then the content will be prepended to the file.
New in version 2014.7.0.
Content to use for append/prepend if not found. If None
(default), uses repl
. Useful when repl
uses references to group in pattern.
New in version 2014.7.0.
False
to skip making a backup.False
return a boolean if any changes were made. Returns a boolean or a string.New in version 2016.3.4.
Controls what to do if the file is missing. If set to False
, the state will display an error raised by the execution module. If set to True
, the state will simply report no changes.
New in version 2016.11.7.
Interpret backslashes as literal backslashes for the repl and not escape characters. This will help when using append/prepend so that the backslashes are not interpreted for the repl on the second run of the state.
For complex regex patterns, it can be useful to avoid the need for complex quoting and escape sequences by making use of YAML's multiline string syntax.
complex_search_and_replace: file.replace: # <...snip...> - pattern: | CentOS \(2.6.32[^\\n]+\\n\s+root[^\\n]+\\n\)+
Note
When using YAML multiline string syntax in pattern:
, make sure to also use that syntax in the repl:
part, or you might loose line feeds.
Apply retention scheduling to backup storage directory.
New in version 2016.11.0.
Parameters: |
|
---|
Usage example:
/var/backups/example_directory: file.retention_schedule: - retain: most_recent: 5 first_of_hour: 4 first_of_day: 7 first_of_week: 6 # NotImplemented yet. first_of_month: 6 first_of_year: all - strptime_format: example_name_%Y%m%dT%H%M%S.tar.bz2 - timezone: None
Serializes dataset and store it into managed file. Useful for sharing simple configuration files.
Operates like dataset
, but draws from a value stored in pillar, using the pillar path syntax used in pillar.get
. This is useful when the pillar value contains newlines, as referencing a pillar variable using a jinja/mako template can result in YAML formatting issues due to the newlines causing indentation mismatches.
New in version 2015.8.0.
serializer
modules
for supported output formats.If specified, then the specified encoding will be used. Otherwise, the file will be encoded using the system locale (usually UTF-8). See https://docs.python.org/3/library/codecs.html#standard-encodings for the list of available encodings.
New in version 2017.7.0.
Error encoding scheme. Default is `'strict'`
. See https://docs.python.org/2/library/codecs.html#codec-base-classes for the list of available schemes.
New in version 2017.7.0.
The permissions to set on this file, e.g. 644
, 0775
, or 4664
.
The default mode for new files and directories corresponds umask of salt process. For existing files and directories it's not enforced.
Note
This option is not supported on Windows.
Create parent directories for destination file.
New in version 2014.1.3.
False
return a boolean if any changes were made.Default is False, if merge_if_exists is True then the existing file will be parsed and the dataset passed in will be merged with the existing content
New in version 2014.7.0.
Pass through options to serializer. For example:
/etc/dummy/package.yaml file.serialize: - formatter: yaml - serializer_opts: - explicit_start: True - default_flow_style: True - indent: 4
The valid opts are the additional opts (i.e. not the data being serialized) for the function used to serialize the data. Documentation for the these functions can be found in the list below:
Like serializer_opts
above, but only used when merging with an existing file (i.e. when merge_if_exists
is set to True
).
The options specified here will be passed to the deserializer to load the existing data, before merging with the specified data and re-serializing.
/etc/dummy/package.yaml file.serialize: - formatter: yaml - serializer_opts: - explicit_start: True - default_flow_style: True - indent: 4 - deserializer_opts: - encoding: latin-1 - merge_if_exists: True
The valid opts are the additional opts (i.e. not the data being deserialized) for the function used to deserialize the data. Documentation for the these functions can be found in the list below:
However, note that not all arguments are supported. For example, when deserializing JSON, arguments like parse_float
and parse_int
which accept a callable object cannot be handled in an SLS file.
New in version 2019.2.0.
For example, this state:
/etc/dummy/package.json: file.serialize: - dataset: name: naive description: A package using naive versioning author: A confused individual <[email protected]> dependencies: express: '>= 1.2.0' optimist: '>= 0.1.0' engine: node 0.4.1 - formatter: json
will manage the file /etc/dummy/package.json
:
{ "author": "A confused individual <[email protected]>", "dependencies": { "express": ">= 1.2.0", "optimist": ">= 0.1.0" }, "description": "A package using naive versioning", "engine": "node 0.4.1", "name": "naive" }
Create a Windows shortcut
If the file already exists and is a shortcut pointing to any location other than the specified target, the shortcut will be replaced. If it is a regular file or directory then the state will return False. If the regular file or directory is desired to be replaced with a shortcut pass force: True, if it is to be renamed, pass a backupname.
The user to own the file, this defaults to the user salt is running as on the minion
The default mode for new files and directories corresponds umask of salt process. For existing files and directories it's not enforced.
Create a symbolic link (symlink, soft link)
If the file already exists and is a symlink pointing to any location other than the specified target, the symlink will be replaced. If the symlink is a regular file or directory then the state will return False. If the regular file or directory is desired to be replaced with a symlink pass force: True, if it is to be renamed, pass a backupname.
The permissions to set on this file, aka 644, 0775, 4664. Not supported on Windows.
The default mode for new files and directories corresponds umask of salt process. For existing files and directories it's not enforced.
The owner of the symlink and directories if makedirs
is True. If this is not passed, user
will be used. If user
is not passed, the account under which Salt is running will be used.
New in version 2017.7.7.
A dictionary containing permissions to grant
New in version 2017.7.7.
A dictionary containing permissions to deny
New in version 2017.7.7.
True to inherit permissions from parent, otherwise False
New in version 2017.7.7.
Remove unwanted files based on specific criteria. Multiple criteria are OR’d together, so a file that is too large but is not old enough will still get tidied.
If neither age nor size is given all files which match a pattern in matches will be removed.
cleanup: file.tidied: - name: /tmp/salt_test - rmdirs: True - matches: - foo - b.*r
Replicate the 'nix "touch" command to create a new empty file or update the atime and mtime of an existing file.
Note that if you just want to create a file and don't care about atime or mtime, you should use file.managed
instead, as it is more feature-complete. (Just leave out the source
/template
/contents
arguments, and it will just create the file and/or check its permissions, without messing with contents)
Usage:
/var/log/httpd/logrotate.empty: file.touch
New in version 0.9.5.
Uncomment specified commented lines in a file
^
character will be stripped for convenience (for easily switching between comment() and uncomment()). The regex will be searched for from the beginning of the line, ignoring leading spaces (we prepend '^[ t]*')#
.bak
The file will be backed up before edit with this file extension;
Warning
This backup will be overwritten each time sed
/ comment
/ uncomment
is called. Meaning the backup will only be useful after the first invocation.
Set to False/None to not keep a backup.
Usage:
/etc/adduser.conf: file.uncomment: - regex: EXTRA_GROUPS
New in version 0.9.5.
© 2019 SaltStack.
Licensed under the Apache License, Version 2.0.
https://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html