Salt comes with an interface to derive information about the underlying system. This is called the grains interface, because it presents salt with grains of information. Grains are collected for the operating system, domain name, IP address, kernel, OS type, memory, and many other system properties.
The grains interface is made available to Salt modules and components so that the right salt minion commands are automatically available on the right systems.
Grain data is relatively static, though if system information changes (for example, if network settings are changed), or if a new value is assigned to a custom grain, grain data is refreshed.
Note
Grains resolve to lowercase letters. For example, FOO
, and foo
target the same grain.
Important
See Is Targeting using Grain Data Secure? for important security information.
Match all CentOS minions:
salt -G 'os:CentOS' test.ping
Match all minions with 64-bit CPUs, and return number of CPU cores for each matching minion:
salt -G 'cpuarch:x86_64' grains.item num_cpus
Additionally, globs can be used in grain matches, and grains that are nested in
a dictionary can be matched by adding a colon for
each level that is traversed. For example, the following will match hosts that
have a grain called ec2_tags
, which itself is a
dict with a key named environment
, which
has a value that contains the word production
:
salt -G 'ec2_tags:environment:*production*'
Available grains can be listed by using the 'grains.ls' module:
salt '*' grains.ls
Grains data can be listed by using the 'grains.items' module:
salt '*' grains.items
Grains can also be statically assigned within the minion configuration file.
Just add the option grains
and pass options to it:
grains:
roles:
- webserver
- memcache
deployment: datacenter4
cabinet: 13
cab_u: 14-15
Then status data specific to your servers can be retrieved via Salt, or used inside of the State system for matching. It also makes targeting, in the case of the example above, simply based on specific data about your deployment.
If you do not want to place your custom static grains in the minion config
file, you can also put them in /etc/salt/grains
on the minion. They are configured in the
same way as in the above example, only without a top-level grains:
key:
roles:
- webserver
- memcache
deployment: datacenter4
cabinet: 13
cab_u: 14-15
With correctly configured grains on the Minion, the top file used in Pillar or during Highstate can be made very efficient. For example, consider the following configuration:
'node_type:webserver':
- match: grain
- webserver
'node_type:postgres':
- match: grain
- postgres
'node_type:redis':
- match: grain
- redis
'node_type:lb':
- match: grain
- lb
For this example to work, you would need to have defined the grain
node_type
for the minions you wish to match. This simple example is nice,
but too much of the code is similar. To go one step further, Jinja templating
can be used to simplify the top file.
{% set the_node_type = salt['grains.get']('node_type', '') %}
{% if the_node_type %}
'node_type:{{ the_node_type }}':
- match: grain
- {{ the_node_type }}
{% endif %}
Using Jinja templating, only one match entry needs to be defined.
Note
The example above uses the grains.get
function to account for minions which do not have the node_type
grain
set.
The grains interface is derived by executing all of the "public" functions found in the modules located in the grains package or the custom grains directory. The functions in the modules of the grains must return a Python dict, where the keys in the dict are the names of the grains and the values are the values.
Custom grains should be placed in a _grains
directory located under the
file_roots
specified by the master config file. The default
path would be /srv/salt/_grains
. Custom grains will be distributed to the
minions when state.apply
is run, or by
executing the saltutil.sync_grains
or saltutil.sync_all
functions.
Grains are easy to write, and only need to return a dictionary. A common approach would be code something similar to the following:
#!/usr/bin/env python
def yourfunction():
# initialize a grains dictionary
grains = {}
# Some code for logic that sets grains like
grains['yourcustomgrain'] = True
grains['anothergrain'] = 'somevalue'
return grains
Before adding a grain to Salt, consider what the grain is and remember that grains need to be static data. If the data is something that is likely to change, consider using Pillar instead.
Warning
Custom grains will not be available in the top file until after the first highstate. To make custom grains available on a minion's first highstate, it is recommended to use this example to ensure that the custom grains are synced when the minion starts.
If you have multiple functions specifying grains that are called from a main
function, be sure to prepend grain function names with an underscore. This prevents
Salt from including the loaded grains from the grain functions in the final
grain data structure. For example, consider this custom grain file:
#!/usr/bin/env python
def _my_custom_grain():
my_grain = {'foo': 'bar', 'hello': 'world'}
return my_grain
def main():
# initialize a grains dictionary
grains = {}
grains['my_grains'] = _my_custom_grain()
return grains
The output of this example renders like so:
# salt-call --local grains.items
local:
----------
<Snipped for brevity>
my_grains:
----------
foo:
bar
hello:
world
However, if you don't prepend the my_custom_grain
function with an underscore,
the function will be rendered twice by Salt in the items output: once for the
my_custom_grain
call itself, and again when it is called in the main
function:
# salt-call --local grains.items
local:
----------
<Snipped for brevity>
foo:
bar
<Snipped for brevity>
hello:
world
<Snipped for brevity>
my_grains:
----------
foo:
bar
hello:
world
Core grains can be overridden by custom grains. As there are several ways of defining custom grains, there is an order of precedence which should be kept in mind when defining them. The order of evaluation is as follows:
/etc/salt/grains
./etc/salt/minion
._grains
directory, synced to minions.Each successive evaluation overrides the previous ones, so any grains defined
by custom grains modules synced to minions that have the same name as a core
grain will override that core grain. Similarly, grains from
/etc/salt/minion
override both core grains and custom grain modules, and
grains in _grains
will override any grains of the same name.
The core module in the grains package is where the main grains are loaded by the Salt minion and provides the principal example of how to write grains:
https://github.com/saltstack/salt/blob/develop/salt/grains/core.py
Syncing grains can be done a number of ways, they are automatically synced when
state.apply
is called, or (as noted above)
the grains can be manually synced and reloaded by calling the
saltutil.sync_grains
or
saltutil.sync_all
functions.