jeffpatton1971/config.template Secret

## config.template
{% if grains['host'] == 'myminion' %}
AllowTCPForwarding yes
{% endif %}

root@salt:~# salt myminioin* grains.ls
myminion:
    - SSDs
    - biosreleasedate
    - biosversion
    - cpu_flags
    - cpu_model
    - cpuarch
    - domain
    - fqdn
    - fqdn_ip4
    - fqdn_ip6
    - gpus
    - host
    - hwaddr_interfaces
    - id
    - init
    - ip4_interfaces
    - ip6_interfaces
    - ip_interfaces
    - ipv4
    - ipv6
    - kernel
    - kernelrelease
    - locale_info
    - localhost
    - lsb_distrib_codename
    - lsb_distrib_description
    - lsb_distrib_id
    - lsb_distrib_release
    - machine_id
    - manufacturer
    - master
    - mdadm
    - mem_total
    - nodename
    - num_cpus
    - num_gpus
    - os
    - os_family
    - osarch
    - oscodename
    - osfinger
    - osfullname
    - osrelease
    - osrelease_info
    - path
    - productname
    - ps
    - pythonexecutable
    - pythonpath
    - pythonversion
    - saltpath
    - saltversion
    - saltversioninfo
    - serialnumber
    - server_id
    - shell
    - virtual
    - zmqversion

root@salt:~# salt myminion* state.apply sshd test=true
myminion:
    ----------
    file_|-/etc/ssh/sshd_config_|-/etc/ssh/sshd_config_|-managed:
        ----------
        __run_num__:
            0
        changes:
            ----------
            diff:
                ---
                +++
                @@ -10,7 +10,7 @@
                 # HostKeys for protocol version 2
                 HostKey /etc/ssh/ssh_host_rsa_key
                 HostKey /etc/ssh/ssh_host_dsa_key
                -#HostKey /etc/ssh/ssh_host_ecdsa_key
                +HostKey /etc/ssh/ssh_host_ecdsa_key
                 #HostKey /etc/ssh/ssh_host_ed25519_key
                 #Privilege Separation is turned on for security
                 UsePrivilegeSeparation yes
                @@ -66,7 +66,6 @@
                 PrintMotd no
                 PrintLastLog yes
                 TCPKeepAlive yes
                -AllowTCPForwarding yes
                 #UseLogin no

                 #MaxStartups 10:30:60
                @@ -86,7 +85,7 @@
                 # If you just want the PAM account and session checks to run without
                 # PAM authentication, then enable this but set PasswordAuthentication
                 # and ChallengeResponseAuthentication to 'no'.
                -UsePAM no
                +UsePAM yes

                 # CLOUD_IMG: This file was created/modified by the Cloud Image build process
                -ClientAliveInterval 120
                +ClientAliveInterval 120
        comment:
            The file /etc/ssh/sshd_config is set to be changed
        duration:
            19.913
        name:
            /etc/ssh/sshd_config
        result:
            None
        start_time:
            22:00:28.905443

root@salt:~# salt myminion* grains.get host
myminion:
    myminion
root@salt:~# salt myminion* grains.item host
myminion:
    ----------
    host:
        myminion

## init.sls
/etc/ssh/sshd_config:
   file:
      - managed
      - source: salt://sshd/files/sshd_config
      - template: jinja
	{% if grains['host'] == 'myminion' %}
	AllowTCPForwarding yes
	{% endif %}

	root@salt:~# salt myminioin* grains.ls
	myminion:
	- SSDs
	- biosreleasedate
	- biosversion
	- cpu_flags
	- cpu_model
	- cpuarch
	- domain
	- fqdn
	- fqdn_ip4
	- fqdn_ip6
	- gpus
	- host
	- hwaddr_interfaces
	- id
	- init
	- ip4_interfaces
	- ip6_interfaces
	- ip_interfaces
	- ipv4
	- ipv6
	- kernel
	- kernelrelease
	- locale_info
	- localhost
	- lsb_distrib_codename
	- lsb_distrib_description
	- lsb_distrib_id
	- lsb_distrib_release
	- machine_id
	- manufacturer
	- master
	- mdadm
	- mem_total
	- nodename
	- num_cpus
	- num_gpus
	- os
	- os_family
	- osarch
	- oscodename
	- osfinger
	- osfullname
	- osrelease
	- osrelease_info
	- path
	- productname
	- ps
	- pythonexecutable
	- pythonpath
	- pythonversion
	- saltpath
	- saltversion
	- saltversioninfo
	- serialnumber
	- server_id
	- shell
	- virtual
	- zmqversion

	root@salt:~# salt myminion* state.apply sshd test=true
	myminion:
	----------
	file_\|-/etc/ssh/sshd_config_\|-/etc/ssh/sshd_config_\|-managed:
	----------
	__run_num__:
	0
	changes:
	----------
	diff:
	---
	+++
	@@ -10,7 +10,7 @@
	# HostKeys for protocol version 2
	HostKey /etc/ssh/ssh_host_rsa_key
	HostKey /etc/ssh/ssh_host_dsa_key
	-#HostKey /etc/ssh/ssh_host_ecdsa_key
	+HostKey /etc/ssh/ssh_host_ecdsa_key
	#HostKey /etc/ssh/ssh_host_ed25519_key
	#Privilege Separation is turned on for security
	UsePrivilegeSeparation yes
	@@ -66,7 +66,6 @@
	PrintMotd no
	PrintLastLog yes
	TCPKeepAlive yes
	-AllowTCPForwarding yes
	#UseLogin no

	#MaxStartups 10:30:60
	@@ -86,7 +85,7 @@
	# If you just want the PAM account and session checks to run without
	# PAM authentication, then enable this but set PasswordAuthentication
	# and ChallengeResponseAuthentication to 'no'.
	-UsePAM no
	+UsePAM yes

	# CLOUD_IMG: This file was created/modified by the Cloud Image build process
	-ClientAliveInterval 120
	+ClientAliveInterval 120
	comment:
	The file /etc/ssh/sshd_config is set to be changed
	duration:
	19.913
	name:
	/etc/ssh/sshd_config
	result:
	None
	start_time:
	22:00:28.905443

	root@salt:~# salt myminion* grains.get host
	myminion:
	myminion
	root@salt:~# salt myminion* grains.item host
	myminion:
	----------
	host:
	myminion
	/etc/ssh/sshd_config:
	file:
	- managed
	- source: salt://sshd/files/sshd_config
	- template: jinja