I assume you are using the firewalld-formula
from the official repository?
Please be informed that a "SaltStack Formula" is a "ready-to-use state that you configure using pillars". So, your YAML declaration must NOT be a state declaration, but instead a pillar declaration.
Let me illustrate:
I'll assume you have your state files in /srv/salt
and your pillar files in /srv/pillar
.
To use the firewalld-formula
, you need to create a "pillar" file. Use the provided pillar.example
file and save it as /srv/pillar/firewalld/<target-host>.sls
, and refer to it from /srv/pillar/top.sls
. For example:
# /srv/pillar/top.sls
base:
# ... other references we skip ...
'target-host':
- firewalld.<target-host>
Note: By naming the pillar file <target-host>.sls
, we can easily make different pillars for different hosts.
Then, we 'activate' the formula by referencing the firewalld-formula
from /srv/salt/top.sls
(or other state files under /srv/salt/
using the include:
directive).
I'll assume that you cloned the firewalld-formula
repo in this way:
cd /srv/salt
git clone https://github.com/saltstack-formulas/firewalld-formula.git
ln -s firewalld-formula/firewalld firewalld
Note: The symlink allows us to refer to the state as firewalld
instead of firewalld-formula.firewalld
.
Now, edit the /srv/salt/top.sls
file to invoke the firewalld
state:
# /srv/salt/top.sls
base:
# ... other references ...
'target-host':
- firewalld
Aaand, you're done.
Alternatively, you may use a common state instead and let the Jinja renderer and the Pillar system take care of the 'targeting' details. Let's say your top.sls
file has the following:
# /srv/salt/top.sls
base:
'*':
# ...other states...
- hardening
# ...more states...
Edit the hardening
state file as such:
# /srv/salt/hardening/init.sls
# ...various states we skip
include:
# ... possible other includes ...
{% if pillar.get('firewalld', false) -%}
# The following will be included *only* if pillar for the minion has the 'firewalld' key defined
- firewalld
{% endif -%}