Salt – Download a File With Unknown Source_Hash

In salt, there is a useful file.managed state that can download files over HTTP/HTTPS and save them on the target system.

Unfortunately for the moment it is not possible to download a file using salt in an normal way without knowing the file’s hash.

If you try to download a file using salt state without source_hash, salt will fail with “Unable to determine upstream hash of source file” error.

Nevertheless it is often required to create a salt state that downloads a file that changes very often from the remote HTTP/HTTPS server that is not under your control.

Cool Tip: Every DevOps engineer should know the basic Git workflow! It is really simple and you can learn it right now! Read more →

Here you will see how to force download of a file using salt state without knowing source_hash.

Download Any File Without Source_Hash

Important: Before downloading a file from the remote sever that you can’t control, make sure that you can trust this server.

From the salt state we will call the below command, that downloads a file, calculates its md5 hash and prints it in the format supported by salt:

$ echo "md5=`curl -s "https://bootstrap.saltstack.com" | md5sum | cut -c -32`"
md5=1113301989170450ade99e7b8c86da44

Salt state itself:

{% set source_hash = salt['cmd.shell']('echo "md5=`curl -s "https://bootstrap.saltstack.com" | md5sum | cut -c -32`"') %}

download-bootstrap-salt:
  file.managed:
    - name: /tmp/bootstrap-salt.sh
    - source: https://bootstrap.saltstack.com
    - source_hash: {{ source_hash }}

Each time when you apply this state, it downloads the remote file over HTTP/HTTPS calculates its md5 hash and compares it with the hash of the locally stored file.

If their hashes are different, the local file would be replaced with the downloaded one.

Otherwise it would be kept without changes.

So, as you can see, it is possible to download a file with unknown source_hash.

Nevertheless, i hope this feature will be added in the next releases of SaltStack.

Cool Tip: Want to use the latest features of SaltStack? Upgrade salt-master and salt-minions in a SAFE and PROPER way! Read more →

And in future this workaround will become unnecessary.

Was it useful? Share this post with the world!

2 Replies to “Salt – Download a File With Unknown Source_Hash”

  1. Great solution…. exactly what I needed. Cheers.

  2. Helder Correia says: Reply

    Why not just “skip-verify”? It’s the same thing.

Leave a Reply