New in version 2014.1.0.
This walkthrough assumes basic knowledge of Salt and
cp.push. To get up to speed, check out the
Sometimes it is desirable to deploy a file located on one minion to one or more other minions. This is supported in Salt, and can be accomplished in two parts:
This walkthrough will show how to use both of these features.
To set the master to accept files pushed from minions, the
file_recv option in the master config file must be set to
True (the default is
This change requires a restart of the salt-master service.
Once this has been done, files can be pushed to the master using the
salt 'minion-id' cp.push /path/to/the/file
This command will store the file in a subdirectory named
minions under the
cachedir. On most masters, this path will be
/var/cache/salt/master/minions. Within this directory will be one directory
for each minion which has pushed a file to the master, and underneath that the
full path to the file on the minion. So, for example, if a minion with an ID of
dev1 pushed a file
/var/log/myapp.log to the master, it would be saved
While it is certainly possible to add
/var/cache/salt/master/minions to the
file_roots and serve these files, it may only be
desirable to expose files pushed from certain minions. Adding
/var/cache/salt/master/minions/<minion-id> for each minion that needs to be
exposed can be cumbersome and prone to errors.
minionfs. This fileserver backend will
make files pushed using
cp.push available to
the Salt fileserver, and provides an easy mechanism to restrict which minions'
pushed files are made available.
To use the
minionfs backend, add
to the list of backends in the
option on the master:
file_recv: True fileserver_backend: - roots - minionfs
minion also works here. Prior to the 2018.3.0 release, only
minion would work.
Also, as described earlier,
file_recv: True is needed to enable the
master to receive files pushed from minions. As always, changes to the
master configuration require a restart of the
Files made available via
minionfs are by
default located at
salt://<minion-id>/path/to/file. Think back to the
earlier example, in which
dev1 pushed a file
/var/log/myapp.log to the
minionfs enabled, this file
would be addressable in Salt at
If many minions have pushed to the master, this will result in many directories
in the root of the Salt fileserver. For this reason, it is recommended to use
minionfs_mountpoint config option to organize these files
underneath a subdirectory:
Using the above mountpoint, the file in the example would be located at
A whitelist and blacklist can be used to restrict the minions whose pushed
files are available via
minionfs. These lists
can be managed using the
minionfs_blacklist config options. Click the links for both of
them for a detailed explanation of how to use them.
A more complex configuration example, which uses both a whitelist and blacklist, can be found below:
file_recv: True fileserver_backend: - roots - minionfs minionfs_mountpoint: salt://minionfs minionfs_whitelist: - host04 - web* - 'mail\d+\.domain\.tld' minionfs_blacklist: - web21
There is no access control in place to restrict which minions have access to
files served up by
minionfs. All minions
will have access to these files.
minionfs_blacklist config options are used, all minions which
push files to the master will have their files made available via