Saltstack Official Linux Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

system.sls 6.5KB

9 년 전
9 년 전
9 년 전
9 년 전
9 년 전
9 년 전
9 년 전
9 년 전
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278
  1. linux:
  2. system:
  3. enabled: true
  4. cluster: default
  5. name: linux
  6. domain: local
  7. environment: prd
  8. hostname: system.pillar.local
  9. purge_repos: true
  10. apparmor:
  11. enabled: false
  12. haveged:
  13. enabled: true
  14. prompt:
  15. default: "linux.ci.local$"
  16. kernel:
  17. isolcpu: 1,2,3,4
  18. motd:
  19. - warning: |
  20. #!/bin/sh
  21. printf "WARNING: This is tcpcloud network.\n"
  22. printf " Unauthorized access is strictly prohibited.\n"
  23. printf "\n"
  24. - info: |
  25. #!/bin/sh
  26. printf -- "--[tcp cloud]---------------------------\n"
  27. printf " Hostname | ${linux:system:name}\n"
  28. printf " Domain | ${linux:system:domain}\n"
  29. printf " System | %s\n" "$(lsb_release -s -d)"
  30. printf " Kernel | %s\n" "$(uname -r)"
  31. printf -- "----------------------------------------\n"
  32. printf "\n"
  33. user:
  34. root:
  35. enabled: true
  36. home: /root
  37. name: root
  38. test:
  39. enabled: true
  40. name: test
  41. sudo: true
  42. uid: 9999
  43. full_name: Test User
  44. home: /home/test
  45. groups:
  46. - root
  47. salt_user1:
  48. enabled: true
  49. name: saltuser1
  50. sudo: false
  51. uid: 9991
  52. full_name: Salt User1
  53. home: /home/saltuser1
  54. salt_user2:
  55. enabled: true
  56. name: saltuser2
  57. sudo: false
  58. uid: 9992
  59. full_name: Salt Sudo User2
  60. home: /home/saltuser2
  61. group:
  62. test:
  63. enabled: true
  64. name: test
  65. gid: 9999
  66. system: true
  67. db-ops:
  68. enabled: true
  69. name: testgroup
  70. salt-ops:
  71. enabled: true
  72. name: sudogroup0
  73. sudogroup1:
  74. enabled: true
  75. name: sudogroup1
  76. sudogroup2:
  77. enabled: true
  78. name: sudogroup2
  79. sudogroup3:
  80. enabled: false
  81. name: sudogroup3
  82. job:
  83. test:
  84. enabled: true
  85. command: "/bin/sleep 3"
  86. user: test
  87. minute: 0
  88. hour: 13
  89. package:
  90. htop:
  91. version: latest
  92. repo:
  93. opencontrail:
  94. source: "deb http://ppa.launchpad.net/tcpcloud/contrail-3.0/ubuntu xenial main"
  95. keyid: E79EE90C
  96. keyserver: keyserver.ubuntu.com
  97. architectures: amd64
  98. proxy:
  99. enabled: true
  100. https: https://127.0.5.1:443
  101. #http: http://127.0.5.2:8080
  102. apt-mk-salt:
  103. source: "deb http://apt-mk.mirantis.com/xenial stable salt"
  104. key_url: http://apt-mk.mirantis.com/public.gpg
  105. architectures: amd64
  106. proxy:
  107. enabled: true
  108. apt-mk-salt-nightly:
  109. source: "deb http://apt-mk.mirantis.com/xenial nightly salt"
  110. key_url: http://apt-mk.mirantis.com/public.gpg
  111. architectures: amd64
  112. proxy:
  113. enabled: false
  114. apt-mk-extra-nightly:
  115. source: "deb http://apt-mk.mirantis.com/xenial nightly extra"
  116. key_url: http://apt-mk.mirantis.com/public.gpg
  117. architectures: amd64
  118. locale:
  119. en_US.UTF-8:
  120. enabled: true
  121. default: true
  122. "cs_CZ.UTF-8 UTF-8":
  123. enabled: true
  124. autoupdates:
  125. enabled: true
  126. sudo:
  127. enabled: true
  128. alias:
  129. runas:
  130. DBA:
  131. - postgres
  132. - mysql
  133. SALT:
  134. - root
  135. host:
  136. LOCAL:
  137. - localhost
  138. PRODUCTION:
  139. - db1
  140. - db2
  141. command:
  142. SUDO_RESTRICTED_SU:
  143. - /bin/vi /etc/sudoers
  144. - /bin/su - root
  145. - /bin/su -
  146. - /bin/su
  147. - /usr/sbin/visudo
  148. SUDO_SHELLS:
  149. - /bin/sh
  150. - /bin/ksh
  151. - /bin/bash
  152. - /bin/rbash
  153. - /bin/dash
  154. - /bin/zsh
  155. - /bin/csh
  156. - /bin/fish
  157. - /bin/tcsh
  158. - /usr/bin/login
  159. - /usr/bin/su
  160. - /usr/su
  161. SUDO_SALT_SAFE:
  162. - /usr/bin/salt state*
  163. - /usr/bin/salt service*
  164. - /usr/bin/salt pillar*
  165. - /usr/bin/salt grains*
  166. - /usr/bin/salt saltutil*
  167. - /usr/bin/salt-call state*
  168. - /usr/bin/salt-call service*
  169. - /usr/bin/salt-call pillar*
  170. - /usr/bin/salt-call grains*
  171. - /usr/bin/salt-call saltutil*
  172. SUDO_SALT_TRUSTED:
  173. - /usr/bin/salt*
  174. users:
  175. saltuser1: {}
  176. saltuser2:
  177. hosts:
  178. - LOCAL
  179. # User Alias:
  180. DBA:
  181. hosts:
  182. - ALL
  183. commands:
  184. - SUDO_SALT_SAFE
  185. groups:
  186. db-ops:
  187. hosts:
  188. - ALL
  189. - '!PRODUCTION'
  190. runas:
  191. - DBA
  192. commands:
  193. - /bin/cat *
  194. - /bin/less *
  195. - /bin/ls *
  196. - SUDO_SALT_SAFE
  197. - '!SUDO_SHELLS'
  198. - '!SUDO_RESTRICTED_SU'
  199. salt-ops:
  200. hosts:
  201. - 'ALL'
  202. runas:
  203. - SALT
  204. commands:
  205. - SUDO_SALT_TRUSTED
  206. salt-ops2:
  207. name: salt-ops
  208. runas:
  209. - DBA
  210. commands:
  211. - SUDO_SHELLS
  212. sudogroup1:
  213. commands:
  214. - ALL
  215. sudogroup2:
  216. commands:
  217. - ALL
  218. hosts:
  219. - localhost
  220. users:
  221. - test
  222. nopasswd: false
  223. sudogroup3:
  224. commands:
  225. - ALL
  226. env:
  227. BOB_VARIABLE: Alice
  228. BOB_PATH:
  229. - /srv/alice/bin
  230. - /srv/bob/bin
  231. HTTPS_PROXY: https://127.0.4.1:443
  232. http_proxy: http://127.0.4.2:80
  233. ftp_proxy: ftp://127.0.4.3:2121
  234. no_proxy:
  235. - 192.168.0.1
  236. - 192.168.0.2
  237. - .saltstack.com
  238. - .ubuntu.com
  239. - .mirantis.com
  240. - .launchpad.net
  241. - .dummy.net
  242. - .local
  243. LANG: C
  244. LC_ALL: C
  245. profile:
  246. vi_flavors.sh: |
  247. export PAGER=view
  248. alias vi=vim
  249. locales: |
  250. export LANG=en_US
  251. export LC_ALL=en_US.UTF-8
  252. # pillar for proxy configuration
  253. proxy:
  254. # for package managers
  255. pkg:
  256. enabled: true
  257. https: https://127.0.2.1:4443
  258. #http: http://127.0.2.2
  259. ftp: none
  260. # fallback, system defaults
  261. https: https://127.0.1.1:443
  262. #http: http://127.0.1.2
  263. ftp: ftp://127.0.1.3
  264. noproxy:
  265. - host1
  266. - host2
  267. - .local
  268. # pillars for netconsole setup
  269. netconsole:
  270. enabled: true
  271. port: 514
  272. loglevel: debug
  273. target:
  274. 192.168.0.1:
  275. mac: "ff:ff:ff:ff:ff:ff"
  276. interface: bond0