Salt - Download a File With Unknown Source_Hash

In salt, there is a useful file.managed state that can download files over HTTP/HTTPS and save them on the target system.

Unfortunately for the moment it is not possible to download a file using salt in an normal way without knowing the file's hash.

If you try to download a file using salt state without source_hash, salt will fail with "Unable to determine upstream hash of source file" error.

Nevertheless it is often required to create a salt state that downloads a file that changes very often from the remote HTTP/HTTPS server that is not under your control.

Here you will see how to force download of a file using salt state without knowing source_hash.

Download a File using Salt Without Knowing Source_Hash

Before downloading a file from the remote sever that you can't control, make sure that you can trust this server.

From the salt state we will call the below command, that downloads a file, calculates its md5 hash and prints it in the format supported by salt:

$ echo "md5=`curl -s "" | md5sum | cut -c -32`"

Salt state itself:

{% set source_hash = salt['']('echo "md5=`curl -s "" | md5sum | cut -c -32`"') %}

    - name: /tmp/
    - source:
    - source_hash: {{ source_hash }}

Each time when you apply this state, it downloads the remote file over HTTP/HTTPS, calculates its md5 hash and compares it with the hash of the locally stored file.

If their hashes are different, the local file would be replaced with the downloaded one.

Otherwise it would be kept without changes.