Saltstack Official Linux Formula
Du kan inte välja fler än 25 ämnen Ämnen måste starta med en bokstav eller siffra, kan innehålla bindestreck ('-') och vara max 35 tecken långa.

system.sls 11KB

9 år sedan
9 år sedan
7 år sedan
9 år sedan
9 år sedan
9 år sedan
9 år sedan
9 år sedan
9 år sedan
9 år sedan
9 år sedan
9 år sedan
9 år sedan
9 år sedan
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353
  1. linux:
  2. system:
  3. enabled: true
  4. cluster: default
  5. name: linux
  6. domain: local
  7. environment: prd
  8. hostname: system.pillar.local
  9. purge_repos: true
  10. apparmor:
  11. enabled: false
  12. haveged:
  13. enabled: true
  14. prompt:
  15. default: "linux.ci.local$"
  16. kernel:
  17. isolcpu: 1,2,3,4
  18. sysfs:
  19. scheduler:
  20. block/sda/queue/scheduler: deadline
  21. power:
  22. mode:
  23. power/state: 0660
  24. owner:
  25. power/state: "root:power"
  26. devices/system/cpu/cpu0/cpufreq/scaling_governor: powersave
  27. motd:
  28. - warning: |
  29. #!/bin/sh
  30. printf "WARNING: This is tcpcloud network.\n"
  31. printf " Unauthorized access is strictly prohibited.\n"
  32. printf "\n"
  33. - info: |
  34. #!/bin/sh
  35. printf -- "--[tcp cloud]---------------------------\n"
  36. printf " Hostname | ${linux:system:name}\n"
  37. printf " Domain | ${linux:system:domain}\n"
  38. printf " System | %s\n" "$(lsb_release -s -d)"
  39. printf " Kernel | %s\n" "$(uname -r)"
  40. printf -- "----------------------------------------\n"
  41. printf "\n"
  42. user:
  43. root:
  44. enabled: true
  45. home: /root
  46. name: root
  47. testuser:
  48. enabled: true
  49. name: testuser
  50. sudo: true
  51. uid: 9999
  52. full_name: Test User
  53. home: /home/test
  54. groups:
  55. - db-ops
  56. - salt-ops
  57. salt_user1:
  58. enabled: true
  59. name: saltuser1
  60. sudo: false
  61. uid: 9991
  62. full_name: Salt User1
  63. home: /home/saltuser1
  64. salt_user2:
  65. enabled: true
  66. name: saltuser2
  67. sudo: false
  68. uid: 9992
  69. full_name: Salt Sudo User2
  70. home: /home/saltuser2
  71. groups:
  72. - sudogroup1
  73. group:
  74. testgroup:
  75. enabled: true
  76. name: testgroup
  77. gid: 9999
  78. system: true
  79. addusers:
  80. - salt_user1
  81. - salt_user2
  82. db-ops:
  83. enabled: true
  84. delusers:
  85. - salt_user1
  86. - dontexistatall
  87. salt-ops:
  88. enabled: true
  89. name: salt-ops
  90. sudogroup1:
  91. enabled: true
  92. name: sudogroup1
  93. sudogroup2:
  94. enabled: true
  95. name: sudogroup2
  96. sudogroup3:
  97. enabled: false
  98. name: sudogroup3
  99. job:
  100. test:
  101. enabled: true
  102. command: "/bin/sleep 3"
  103. user: testuser
  104. minute: 0
  105. hour: 13
  106. package:
  107. htop:
  108. version: latest
  109. repo:
  110. opencontrail:
  111. source: "deb http://ppa.launchpad.net/tcpcloud/contrail-3.0/ubuntu xenial main"
  112. keyid: E79EE90C
  113. keyserver: keyserver.ubuntu.com
  114. architectures: amd64
  115. proxy:
  116. enabled: true
  117. https: https://127.0.5.1:443
  118. #http: http://127.0.5.2:8080
  119. apt-mk-salt:
  120. source: "deb http://apt-mk.mirantis.com/xenial stable salt"
  121. #key_url: http://apt-mk.mirantis.com/public.gpg
  122. key: |
  123. -----BEGIN PGP PUBLIC KEY BLOCK-----
  124. Version: GnuPG v1
  125. mQINBFWBfCIBEADf6lnsY9v4rf/x0ribkFlnHnsv1/yD+M+YgZoQxYdf6b7M4/PY
  126. zZ/c3uJt4l1vR3Yoocfc1VgtBNfA1ussBqXdmyRBMO1LKdQWnurNxWLW7CwcyNke
  127. xeBfhjOqA6tIIXMfor7uUrwlIxJIxK+jc3C3nhM46QZpWX5d4mlkgxKh1G4ZRj4A
  128. mEo2NduLUgfmF+gM1MmAbU8ekzciKet4TsM64WAtHyYllGKvuFSdBjsewO3McuhR
  129. i1Desb5QdfIU4p3gkIa0EqlkkqX4rowo5qUnl670TNTTZHaz0MxCBoYaGbGhS7gZ
  130. 6/PLm8fJHmU/phst/QmOY76a5efZWbhhnlyYLIB8UjywN+VDqwkNk9jLUSXHTakh
  131. dnL4OuGoNpIzms8juVFlnuOmx+FcfbHMbhAc7aPqFK+6J3YS4kJSfeHWJ6cTGoU1
  132. cLWEhsbU3Gp8am5fnh72RJ7v2sTe/rvCuVtlNufi5SyBPcEUZoxFVWAC/hMeiWzy
  133. drBIVC73raf+A+OjH8op9XfkVj6czxQ/451soe3jvCDGgTXPLlts+P5WhgWNpDPa
  134. fOfTHn/2o7NwoM7Vp+BQYKAQ78phsolvNNhf+g51ntoLUbxAGKZYzQ5RPsKo+Hq6
  135. 96UCFkqhSABk0DvM0LtquzZ+sNoipd02w8EaxQzelDJxvPFGigo1uqGoiQARAQAB
  136. tCx0Y3BjbG91ZCBzaWduaW5nIGtleSA8YXV0b2J1aWxkQHRjcGNsb3VkLmV1PokC
  137. OwQTAQIAJQIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AFAlWj4K8CGQEACgkQ
  138. JACFCadogtPm9xAAl1D1RUY1mttjKk+8KI3tUmgtqLaIGUcB4TPbIhQpFy23TJd6
  139. BnnEaGZ+HSCj3lp/dBoq1xxCqHCziKA04IpPaLpGJf8cqaKOpQpW1ErlSxT6nCQW
  140. FrHFxZreBTljKqW3fvRBXNAquj0krJEwv19/3SsQ+CJI2Zkq/HPDw9eJOCu0WcJM
  141. PVtAq2SmaDigh1jtFcFoWZ7uFFMQPIWit/RCPkDfkFaf6lbYZ/nnvWON9OAgzWci
  142. GJjCp5a7vMyCpTRy6bgNPqM61omCe0iQ4yIcqANXhRYS/DBnjKr9YaDKnlKNUgd1
  143. WRE8QzErQznH/plgISQ+df+8Iunp3SBr/jj1604yyM1Wxppn1+dAoTBU1OPFGVd3
  144. mCEYHUe+v0iTZ69C2c1ISmp2MjciGyE/UPbW9ejUIXtFJAJovZjn6P3glyIQB3wq
  145. AW6JE+xEBWH7Ix+Uv6YNAFfj3UO6vNjtuGbTCWYDCEJRkdmeE7QdTYDo7PxgPl1t
  146. 6xMGPLOBdYNJTEojvRYBTt+6iw0eZ+MCUdUFNeaseQh0p1RgqM9/7t75QCNLl1oO
  147. +Cfu4vNef/Tpd3LHcUoQhQ2OViOVFbq1/Yu/natWDPDcXb3peTcNHOjmXAoboWbz
  148. rDkxj5z7vcJ9LMEXviP6Fb/iXDmJh74/o6Agc8efb0WTmFjPFFtMCHrinb+5Ag0E
  149. VYF8IgEQALUVS2GESQ+F1S4b0JIO1M2tVBXiH4N56eUzcDXxXbSZgCgx4aWhk5vJ
  150. Qu7M11gtqIoiRbmuFpUmDOG/kB7DxBZPn8WqcBKpky6GUP/A/emaAZTwNQdcDAhD
  151. foBkJdhVz0D2jnkBffYL055p/r1Ers+iTTNOas/0uc50C32xR823rQ2Nl6/ffIM6
  152. JqfQenhRvqUWPj9oqESHMsqEdceSwS/VC7RN4xQXJXfEWu2q4Ahs62RmvCXnTw1A
  153. sPcpysoBoo8IW+V1MVQEZuAJRn2AGO/Q7uY9TR4guHb3wXRfZ3k0KVUsyqqdusJi
  154. T3DxxBw6GcKdOH6t41Ys3eYgOrc+RcSdcHYSpxaLvEIhwzarZ+mqcp3gz/JkPlXS
  155. 2tx2l6NZHcgReOM7IhqMuxzBbpcrsbBmLBemC+u7hoPTjUdTHKEwvWaeXL4vgsqQ
  156. BbEeKmXep5sZg3kHtpXzY9ZfPQrtGB8vHGrfaZIcCKuXwZWGL5GGWKw3TSP4fAIA
  157. jLxLf5MyyXcsugbai2OY/H4sAuvJHsmGtergGknuR+iFdt5el1wgRKP1r1KdmvMm
  158. wsSayc6eSEKd689x3zsmAtnhYM31oMkPdeYRbnN15gLG7vcsVe4jug0YTqQt2WGn
  159. hwjBA0i2qfTorXemWChsxKllvY9aB3ST8I6RMat0kS08FMD+Ced/ABEBAAGJAh8E
  160. GAECAAkFAlWBfCICGwwACgkQJACFCadogtNicA/9HOM402VGHlmuYPcrvEThHqMK
  161. KOTtNFsrrPp67dGYaT8TGTgy1OG4Oys2y+hrwqnUK6dXJxX2/RBfRuO/gw65RCfC
  162. 9nWeMkqJTjHJCKNTYfXN4O4ag444UZPcOMq+IyiWF3/sh674zCkCm5DQ/FH8IJ8Y
  163. n4jMoxe7G48PCGtgcJKXo8NBzxwXJH4DCdk7rNdrbrnCwObG8h6530WrmzKuyFCJ
  164. QP5JA0MSx23J2OrK2YmVMhTeO0czJ8fRip9We9/qAfZGUEW+sey+nLmT5OJq04al
  165. Va9g2a4nXxzDy84+hRXQNUeCRYn/ys8d8q9HZNv3K36HlILcuWazNTTh0cuWupBd
  166. SlIEuWbIdbknYpGsmS1cPeGi0bdoLZv90BIVmdOS/vXP02fGUblyANciKcBPRhOI
  167. +z6hzwdZ+QvjPbxZUig5XuvqBhIHoRtMBJdf24ysFuf/d4uZzTC8T4rUQO+L29bt
  168. 8riT0dg6cHVwC0VH89FaO1FduvsCtAwdAgxSzOMBECNOmVBThIiWdLnns107Rp4F
  169. ECk+l2UCjl7zwGqJqcd1BQK+UgZwVG2UV11CrhopKU5oGL84n5DaO2n6Rv8wVdrt
  170. MKvqi7EkgvZpY0IHJ7rp0Gzrv0qmwJaUFCWFogITNyijb1JVsUgDTMhAkEgEsIYy
  171. jtcwJrHue5Xn8UPSLkE=
  172. =SWiA
  173. -----END PGP PUBLIC KEY BLOCK-----
  174. architectures: amd64
  175. proxy:
  176. enabled: true
  177. apt-mk-salt-nightly:
  178. source: "deb http://apt-mk.mirantis.com/xenial nightly salt"
  179. key_url: http://apt-mk.mirantis.com/public.gpg
  180. architectures: amd64
  181. proxy:
  182. enabled: false
  183. apt-mk-extra-nightly:
  184. source: "deb http://apt-mk.mirantis.com/xenial nightly extra"
  185. key_url: http://apt-mk.mirantis.com/public.gpg
  186. architectures: amd64
  187. locale:
  188. en_US.UTF-8:
  189. enabled: true
  190. default: true
  191. "cs_CZ.UTF-8 UTF-8":
  192. enabled: true
  193. autoupdates:
  194. enabled: true
  195. sudo:
  196. enabled: true
  197. alias:
  198. runas:
  199. DBA:
  200. - postgres
  201. - mysql
  202. SALT:
  203. - root
  204. host:
  205. LOCAL:
  206. - localhost
  207. PRODUCTION:
  208. - db1
  209. - db2
  210. command:
  211. SUDO_RESTRICTED_SU:
  212. - /bin/vi /etc/sudoers
  213. - /bin/su - root
  214. - /bin/su -
  215. - /bin/su
  216. - /usr/sbin/visudo
  217. SUDO_SHELLS:
  218. - /bin/sh
  219. - /bin/ksh
  220. - /bin/bash
  221. - /bin/rbash
  222. - /bin/dash
  223. - /bin/zsh
  224. - /bin/csh
  225. - /bin/fish
  226. - /bin/tcsh
  227. - /usr/bin/login
  228. - /usr/bin/su
  229. - /usr/su
  230. SUDO_SALT_SAFE:
  231. - /usr/bin/salt state*
  232. - /usr/bin/salt service*
  233. - /usr/bin/salt pillar*
  234. - /usr/bin/salt grains*
  235. - /usr/bin/salt saltutil*
  236. - /usr/bin/salt-call state*
  237. - /usr/bin/salt-call service*
  238. - /usr/bin/salt-call pillar*
  239. - /usr/bin/salt-call grains*
  240. - /usr/bin/salt-call saltutil*
  241. SUDO_SALT_TRUSTED:
  242. - /usr/bin/salt*
  243. users:
  244. saltuser1: {}
  245. saltuser2:
  246. hosts:
  247. - LOCAL
  248. # User Alias:
  249. DBA:
  250. hosts:
  251. - ALL
  252. commands:
  253. - SUDO_SALT_SAFE
  254. groups:
  255. db-ops:
  256. hosts:
  257. - ALL
  258. - '!PRODUCTION'
  259. runas:
  260. - DBA
  261. commands:
  262. - /bin/cat *
  263. - /bin/less *
  264. - /bin/ls *
  265. - SUDO_SALT_SAFE
  266. - '!SUDO_SHELLS'
  267. - '!SUDO_RESTRICTED_SU'
  268. salt-ops:
  269. hosts:
  270. - 'ALL'
  271. runas:
  272. - SALT
  273. commands:
  274. - SUDO_SALT_TRUSTED
  275. salt-ops2:
  276. name: salt-ops
  277. runas:
  278. - DBA
  279. commands:
  280. - SUDO_SHELLS
  281. sudogroup1:
  282. commands:
  283. - ALL
  284. sudogroup2:
  285. commands:
  286. - ALL
  287. hosts:
  288. - localhost
  289. users:
  290. - test
  291. nopasswd: false
  292. sudogroup3:
  293. commands:
  294. - ALL
  295. env:
  296. BOB_VARIABLE: Alice
  297. BOB_PATH:
  298. - /srv/alice/bin
  299. - /srv/bob/bin
  300. HTTPS_PROXY: https://127.0.4.1:443
  301. http_proxy: http://127.0.4.2:80
  302. ftp_proxy: ftp://127.0.4.3:2121
  303. no_proxy:
  304. - 192.168.0.1
  305. - 192.168.0.2
  306. - .saltstack.com
  307. - .ubuntu.com
  308. - .mirantis.com
  309. - .launchpad.net
  310. - .dummy.net
  311. - .local
  312. LANG: C
  313. LC_ALL: C
  314. profile:
  315. vi_flavors.sh: |
  316. export PAGER=view
  317. alias vi=vim
  318. locales: |
  319. export LANG=en_US
  320. export LC_ALL=en_US.UTF-8
  321. # pillar for proxy configuration
  322. proxy:
  323. # for package managers
  324. pkg:
  325. enabled: true
  326. https: https://127.0.2.1:4443
  327. #http: http://127.0.2.2
  328. ftp: none
  329. # fallback, system defaults
  330. https: https://127.0.1.1:443
  331. #http: http://127.0.1.2
  332. ftp: ftp://127.0.1.3
  333. noproxy:
  334. - host1
  335. - host2
  336. - .local
  337. # pillars for netconsole setup
  338. netconsole:
  339. enabled: true
  340. port: 514
  341. loglevel: debug
  342. target:
  343. 192.168.0.1:
  344. mac: "ff:ff:ff:ff:ff:ff"
  345. interface: bond0
  346. atop:
  347. enabled: true
  348. interval: 20
  349. logpath: "/var/mylog/atop"
  350. outfile: "/var/mylog/atop/daily.log"