Salt is an automation and deployment system. I've started implementing it at work. I plan to write more about the specific things we've done, but not now, now I want to share something that I discovered.
We basically have decided to divide the machines in two different "classes"; Internal and external based on subnets. Initially I couldn't find a good way to do this. I tried all manner of weird matchings including 'G@ipv4:10.0.0.*'. Looking at the source of the ipcidr-matcher I discovered something... it can be used in States/pillar-matching!
I found out that you can do it like so:
# Pillar '10.0.0.0/8': - match: ipcidr - node_class:internal
This is more or less unmentioned in the documentation, so I've done a pull request that got merged which documents how this is done. My next plan is to implement IPv6-support in the ipcidr()-matcher, something I suspect won't be as easy.