Saltstack Official Linux Formula

system.sls 13KB

9 yıl önce
9 yıl önce
9 yıl önce
9 yıl önce
7 yıl önce
9 yıl önce
9 yıl önce
9 yıl önce
9 yıl önce
9 yıl önce
9 yıl önce
9 yıl önce
9 yıl önce
9 yıl önce
9 yıl önce
9 yıl önce
9 yıl önce
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477
  1. linux:
  2. network:
  3. enabled: true
  4. hostname: linux
  5. fqdn: linux.ci.local
  6. system:
  7. enabled: true
  8. at:
  9. enabled: true
  10. user:
  11. root:
  12. enabled: true
  13. testuser:
  14. enabled: true
  15. cron:
  16. enabled: true
  17. user:
  18. root:
  19. enabled: true
  20. testuser:
  21. enabled: true
  22. cluster: default
  23. name: linux
  24. domain: ci.local
  25. environment: prd
  26. purge_repos: true
  27. directory:
  28. /tmp/test:
  29. makedirs: true
  30. apparmor:
  31. enabled: false
  32. haveged:
  33. enabled: true
  34. prompt:
  35. default: "linux.ci.local$"
  36. kernel:
  37. isolcpu: 1,2,3,4
  38. elevator: deadline
  39. boot_options:
  40. - pti=off
  41. - spectre_v2=auto
  42. module:
  43. module_1:
  44. install:
  45. command: /bin/true
  46. remove:
  47. enabled: false
  48. command: /bin/false
  49. module_2:
  50. install:
  51. enabled: false
  52. command: /bin/false
  53. remove:
  54. command: /bin/true
  55. module_3:
  56. blacklist: true
  57. module_4:
  58. blacklist: false
  59. alias:
  60. "module*":
  61. enabled: true
  62. "module_*":
  63. enabled: false
  64. module_5:
  65. softdep:
  66. pre:
  67. 1:
  68. value: module_1
  69. 2:
  70. value: module_2
  71. enabled: false
  72. post:
  73. 1:
  74. value: module_3
  75. 2:
  76. value: module_4
  77. enabled: false
  78. module_6:
  79. option:
  80. opt_1: 111
  81. opt_2: 222
  82. module_7:
  83. option:
  84. opt_3:
  85. value: 333
  86. opt_4:
  87. enabled: true
  88. value: 444
  89. opt_5:
  90. enabled: false
  91. cgroup:
  92. group:
  93. group_1:
  94. controller:
  95. cpu:
  96. shares:
  97. value: 250
  98. mapping:
  99. subjects:
  100. - '@group1'
  101. sysfs:
  102. enable_apply: true
  103. scheduler:
  104. block/sda/queue/scheduler: deadline
  105. power:
  106. mode:
  107. power/state: 0660
  108. owner:
  109. power/state: "root:power"
  110. devices/system/cpu/cpu0/cpufreq/scaling_governor: powersave
  111. motd:
  112. - warning: |
  113. #!/bin/sh
  114. printf "WARNING: This is tcpcloud network.\n"
  115. printf " Unauthorized access is strictly prohibited.\n"
  116. printf "\n"
  117. - info: |
  118. #!/bin/sh
  119. printf -- "--[tcp cloud]---------------------------\n"
  120. printf " Hostname | ${linux:system:name}\n"
  121. printf " Domain | ${linux:system:domain}\n"
  122. printf " System | %s\n" "$(lsb_release -s -d)"
  123. printf " Kernel | %s\n" "$(uname -r)"
  124. printf -- "----------------------------------------\n"
  125. printf "\n"
  126. user:
  127. root:
  128. enabled: true
  129. home: /root
  130. name: root
  131. maxdays: 365
  132. testuser:
  133. enabled: true
  134. name: testuser
  135. password: passw0rd
  136. sudo: true
  137. uid: 9999
  138. full_name: Test User
  139. home: /home/test
  140. groups:
  141. - db-ops
  142. - salt-ops
  143. salt_user1:
  144. enabled: true
  145. name: saltuser1
  146. sudo: false
  147. uid: 9991
  148. full_name: Salt User1
  149. home: /home/saltuser1
  150. home_dir_mode: 755
  151. salt_user2:
  152. enabled: true
  153. name: saltuser2
  154. sudo: false
  155. uid: 9992
  156. full_name: Salt Sudo User2
  157. home: /home/saltuser2
  158. groups:
  159. - sudogroup1
  160. group:
  161. testgroup:
  162. enabled: true
  163. name: testgroup
  164. gid: 9999
  165. system: true
  166. addusers:
  167. - salt_user1
  168. - salt_user2
  169. db-ops:
  170. enabled: true
  171. delusers:
  172. - salt_user1
  173. - dontexistatall
  174. salt-ops:
  175. enabled: true
  176. name: salt-ops
  177. sudogroup1:
  178. enabled: true
  179. name: sudogroup1
  180. sudogroup2:
  181. enabled: true
  182. name: sudogroup2
  183. sudogroup3:
  184. enabled: false
  185. name: sudogroup3
  186. job:
  187. test:
  188. enabled: true
  189. command: "/bin/sleep 3"
  190. user: testuser
  191. minute: 0
  192. hour: 13
  193. package:
  194. htop:
  195. version: latest
  196. repo:
  197. disabled_repo:
  198. source: "deb [arch=amd64] https://download.docker.com/linux/ubuntu xenial stable"
  199. enabled: false
  200. disabled_repo_left_proxy:
  201. source: "deb [arch=amd64] https://download.docker.com/linux/ubuntu xenial stable"
  202. enabled: false
  203. proxy:
  204. enabled: true
  205. https: https://127.0.5.1:443
  206. saltstack:
  207. source: "deb [arch=amd64] http://repo.saltstack.com/apt/ubuntu/16.04/amd64/2017.7/ xenial main"
  208. key_url: "http://repo.saltstack.com/apt/ubuntu/16.04/amd64/2017.7/SALTSTACK-GPG-KEY.pub"
  209. architectures: amd64
  210. clean_file: true
  211. pinning:
  212. 10:
  213. enabled: true
  214. pin: 'release o=SaltStack'
  215. priority: 50
  216. package: 'libsodium18'
  217. 20:
  218. enabled: true
  219. pin: 'release o=SaltStack'
  220. priority: 1100
  221. package: '*'
  222. opencontrail:
  223. source: "deb http://ppa.launchpad.net/tcpcloud/contrail-3.0/ubuntu xenial main"
  224. keyid: E79EE90C
  225. keyserver: keyserver.ubuntu.com
  226. architectures: amd64
  227. proxy:
  228. enabled: true
  229. https: https://127.0.5.1:443
  230. #http: http://127.0.5.2:8080
  231. apt-salt:
  232. source: "deb http://apt.mirantis.com/xenial stable salt"
  233. #key_url: http://apt.mirantis.com/public.gpg
  234. # pub 4096R/A76882D3 2015-06-17
  235. key: |
  236. -----BEGIN PGP PUBLIC KEY BLOCK-----
  237. Version: GnuPG v1
  238. mQINBFWBfCIBEADf6lnsY9v4rf/x0ribkFlnHnsv1/yD+M+YgZoQxYdf6b7M4/PY
  239. zZ/c3uJt4l1vR3Yoocfc1VgtBNfA1ussBqXdmyRBMO1LKdQWnurNxWLW7CwcyNke
  240. xeBfhjOqA6tIIXMfor7uUrwlIxJIxK+jc3C3nhM46QZpWX5d4mlkgxKh1G4ZRj4A
  241. mEo2NduLUgfmF+gM1MmAbU8ekzciKet4TsM64WAtHyYllGKvuFSdBjsewO3McuhR
  242. i1Desb5QdfIU4p3gkIa0EqlkkqX4rowo5qUnl670TNTTZHaz0MxCBoYaGbGhS7gZ
  243. 6/PLm8fJHmU/phst/QmOY76a5efZWbhhnlyYLIB8UjywN+VDqwkNk9jLUSXHTakh
  244. dnL4OuGoNpIzms8juVFlnuOmx+FcfbHMbhAc7aPqFK+6J3YS4kJSfeHWJ6cTGoU1
  245. cLWEhsbU3Gp8am5fnh72RJ7v2sTe/rvCuVtlNufi5SyBPcEUZoxFVWAC/hMeiWzy
  246. drBIVC73raf+A+OjH8op9XfkVj6czxQ/451soe3jvCDGgTXPLlts+P5WhgWNpDPa
  247. fOfTHn/2o7NwoM7Vp+BQYKAQ78phsolvNNhf+g51ntoLUbxAGKZYzQ5RPsKo+Hq6
  248. 96UCFkqhSABk0DvM0LtquzZ+sNoipd02w8EaxQzelDJxvPFGigo1uqGoiQARAQAB
  249. tCx0Y3BjbG91ZCBzaWduaW5nIGtleSA8YXV0b2J1aWxkQHRjcGNsb3VkLmV1PokC
  250. OwQTAQIAJQIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AFAlWj4K8CGQEACgkQ
  251. JACFCadogtPm9xAAl1D1RUY1mttjKk+8KI3tUmgtqLaIGUcB4TPbIhQpFy23TJd6
  252. BnnEaGZ+HSCj3lp/dBoq1xxCqHCziKA04IpPaLpGJf8cqaKOpQpW1ErlSxT6nCQW
  253. FrHFxZreBTljKqW3fvRBXNAquj0krJEwv19/3SsQ+CJI2Zkq/HPDw9eJOCu0WcJM
  254. PVtAq2SmaDigh1jtFcFoWZ7uFFMQPIWit/RCPkDfkFaf6lbYZ/nnvWON9OAgzWci
  255. GJjCp5a7vMyCpTRy6bgNPqM61omCe0iQ4yIcqANXhRYS/DBnjKr9YaDKnlKNUgd1
  256. WRE8QzErQznH/plgISQ+df+8Iunp3SBr/jj1604yyM1Wxppn1+dAoTBU1OPFGVd3
  257. mCEYHUe+v0iTZ69C2c1ISmp2MjciGyE/UPbW9ejUIXtFJAJovZjn6P3glyIQB3wq
  258. AW6JE+xEBWH7Ix+Uv6YNAFfj3UO6vNjtuGbTCWYDCEJRkdmeE7QdTYDo7PxgPl1t
  259. 6xMGPLOBdYNJTEojvRYBTt+6iw0eZ+MCUdUFNeaseQh0p1RgqM9/7t75QCNLl1oO
  260. +Cfu4vNef/Tpd3LHcUoQhQ2OViOVFbq1/Yu/natWDPDcXb3peTcNHOjmXAoboWbz
  261. rDkxj5z7vcJ9LMEXviP6Fb/iXDmJh74/o6Agc8efb0WTmFjPFFtMCHrinb+5Ag0E
  262. VYF8IgEQALUVS2GESQ+F1S4b0JIO1M2tVBXiH4N56eUzcDXxXbSZgCgx4aWhk5vJ
  263. Qu7M11gtqIoiRbmuFpUmDOG/kB7DxBZPn8WqcBKpky6GUP/A/emaAZTwNQdcDAhD
  264. foBkJdhVz0D2jnkBffYL055p/r1Ers+iTTNOas/0uc50C32xR823rQ2Nl6/ffIM6
  265. JqfQenhRvqUWPj9oqESHMsqEdceSwS/VC7RN4xQXJXfEWu2q4Ahs62RmvCXnTw1A
  266. sPcpysoBoo8IW+V1MVQEZuAJRn2AGO/Q7uY9TR4guHb3wXRfZ3k0KVUsyqqdusJi
  267. T3DxxBw6GcKdOH6t41Ys3eYgOrc+RcSdcHYSpxaLvEIhwzarZ+mqcp3gz/JkPlXS
  268. 2tx2l6NZHcgReOM7IhqMuxzBbpcrsbBmLBemC+u7hoPTjUdTHKEwvWaeXL4vgsqQ
  269. BbEeKmXep5sZg3kHtpXzY9ZfPQrtGB8vHGrfaZIcCKuXwZWGL5GGWKw3TSP4fAIA
  270. jLxLf5MyyXcsugbai2OY/H4sAuvJHsmGtergGknuR+iFdt5el1wgRKP1r1KdmvMm
  271. wsSayc6eSEKd689x3zsmAtnhYM31oMkPdeYRbnN15gLG7vcsVe4jug0YTqQt2WGn
  272. hwjBA0i2qfTorXemWChsxKllvY9aB3ST8I6RMat0kS08FMD+Ced/ABEBAAGJAh8E
  273. GAECAAkFAlWBfCICGwwACgkQJACFCadogtNicA/9HOM402VGHlmuYPcrvEThHqMK
  274. KOTtNFsrrPp67dGYaT8TGTgy1OG4Oys2y+hrwqnUK6dXJxX2/RBfRuO/gw65RCfC
  275. 9nWeMkqJTjHJCKNTYfXN4O4ag444UZPcOMq+IyiWF3/sh674zCkCm5DQ/FH8IJ8Y
  276. n4jMoxe7G48PCGtgcJKXo8NBzxwXJH4DCdk7rNdrbrnCwObG8h6530WrmzKuyFCJ
  277. QP5JA0MSx23J2OrK2YmVMhTeO0czJ8fRip9We9/qAfZGUEW+sey+nLmT5OJq04al
  278. Va9g2a4nXxzDy84+hRXQNUeCRYn/ys8d8q9HZNv3K36HlILcuWazNTTh0cuWupBd
  279. SlIEuWbIdbknYpGsmS1cPeGi0bdoLZv90BIVmdOS/vXP02fGUblyANciKcBPRhOI
  280. +z6hzwdZ+QvjPbxZUig5XuvqBhIHoRtMBJdf24ysFuf/d4uZzTC8T4rUQO+L29bt
  281. 8riT0dg6cHVwC0VH89FaO1FduvsCtAwdAgxSzOMBECNOmVBThIiWdLnns107Rp4F
  282. ECk+l2UCjl7zwGqJqcd1BQK+UgZwVG2UV11CrhopKU5oGL84n5DaO2n6Rv8wVdrt
  283. MKvqi7EkgvZpY0IHJ7rp0Gzrv0qmwJaUFCWFogITNyijb1JVsUgDTMhAkEgEsIYy
  284. jtcwJrHue5Xn8UPSLkE=
  285. =SWiA
  286. -----END PGP PUBLIC KEY BLOCK-----
  287. architectures: amd64
  288. proxy:
  289. enabled: true
  290. apt-salt-nightly:
  291. source: "deb http://apt.mirantis.com/xenial nightly salt"
  292. key_url: http://apt.mirantis.com/public.gpg
  293. architectures: amd64
  294. proxy:
  295. enabled: false
  296. apt-extra-nightly:
  297. source: "deb http://apt.mirantis.com/xenial nightly extra"
  298. key_url: http://apt.mirantis.com/public.gpg
  299. architectures: amd64
  300. locale:
  301. en_US:
  302. enabled: true
  303. default: true
  304. cs_CZ:
  305. enabled: true
  306. autoupdates:
  307. enabled: true
  308. sudo:
  309. enabled: true
  310. alias:
  311. runas:
  312. DBA:
  313. - postgres
  314. - mysql
  315. SALT:
  316. - root
  317. host:
  318. LOCAL:
  319. - localhost
  320. PRODUCTION:
  321. - db1
  322. - db2
  323. command:
  324. SUDO_RESTRICTED_SU:
  325. - /bin/vi /etc/sudoers
  326. - /bin/su - root
  327. - /bin/su -
  328. - /bin/su
  329. - /usr/sbin/visudo
  330. SUDO_SHELLS:
  331. - /bin/sh
  332. - /bin/ksh
  333. - /bin/bash
  334. - /bin/rbash
  335. - /bin/dash
  336. - /bin/zsh
  337. - /bin/csh
  338. - /bin/fish
  339. - /bin/tcsh
  340. - /usr/bin/login
  341. - /usr/bin/su
  342. - /usr/su
  343. SUDO_SALT_SAFE:
  344. - /usr/bin/salt state*
  345. - /usr/bin/salt service*
  346. - /usr/bin/salt pillar*
  347. - /usr/bin/salt grains*
  348. - /usr/bin/salt saltutil*
  349. - /usr/bin/salt-call state*
  350. - /usr/bin/salt-call service*
  351. - /usr/bin/salt-call pillar*
  352. - /usr/bin/salt-call grains*
  353. - /usr/bin/salt-call saltutil*
  354. SUDO_SALT_TRUSTED:
  355. - /usr/bin/salt*
  356. users:
  357. saltuser1: {}
  358. saltuser2:
  359. hosts:
  360. - LOCAL
  361. # User Alias:
  362. DBA:
  363. hosts:
  364. - ALL
  365. commands:
  366. - SUDO_SALT_SAFE
  367. groups:
  368. db-ops:
  369. hosts:
  370. - ALL
  371. - '!PRODUCTION'
  372. runas:
  373. - DBA
  374. commands:
  375. - /bin/cat *
  376. - /bin/less *
  377. - /bin/ls *
  378. - SUDO_SALT_SAFE
  379. - '!SUDO_SHELLS'
  380. - '!SUDO_RESTRICTED_SU'
  381. salt-ops:
  382. hosts:
  383. - 'ALL'
  384. runas:
  385. - SALT
  386. commands:
  387. - SUDO_SALT_TRUSTED
  388. salt-ops2:
  389. name: salt-ops
  390. runas:
  391. - DBA
  392. commands:
  393. - SUDO_SHELLS
  394. sudogroup1:
  395. commands:
  396. - ALL
  397. sudogroup2:
  398. commands:
  399. - ALL
  400. hosts:
  401. - localhost
  402. users:
  403. - test
  404. nopasswd: false
  405. sudogroup3:
  406. commands:
  407. - ALL
  408. env:
  409. BOB_VARIABLE: Alice
  410. BOB_PATH:
  411. - /srv/alice/bin
  412. - /srv/bob/bin
  413. HTTPS_PROXY: https://127.0.4.1:443
  414. http_proxy: http://127.0.4.2:80
  415. ftp_proxy: ftp://127.0.4.3:2121
  416. no_proxy:
  417. - 192.168.0.1
  418. - 192.168.0.2
  419. - .saltstack.com
  420. - .ubuntu.com
  421. - .mirantis.com
  422. - .launchpad.net
  423. - .dummy.net
  424. - .local
  425. LANG: C
  426. LC_ALL: C
  427. login_defs:
  428. PASS_MAX_DAYS:
  429. value: 99
  430. shell:
  431. umask: '027'
  432. timeout: 900
  433. profile:
  434. vi_flavors.sh: |
  435. export PAGER=view
  436. alias vi=vim
  437. locales: |
  438. export LANG=en_US
  439. export LC_ALL=en_US.UTF-8
  440. # pillar for proxy configuration
  441. proxy:
  442. # for package managers
  443. pkg:
  444. enabled: true
  445. https: https://127.0.2.1:4443
  446. #http: http://127.0.2.2
  447. ftp: none
  448. # fallback, system defaults
  449. https: https://127.0.1.1:443
  450. #http: http://127.0.1.2
  451. ftp: ftp://127.0.1.3
  452. noproxy:
  453. - host1
  454. - host2
  455. - .local
  456. # pillars for netconsole setup
  457. netconsole:
  458. enabled: true
  459. port: 514
  460. loglevel: debug
  461. target:
  462. 192.168.0.1:
  463. mac: "ff:ff:ff:ff:ff:ff"
  464. interface: bond0
  465. atop:
  466. enabled: true
  467. interval: 20
  468. logpath: "/var/mylog/atop"
  469. outfile: "/var/mylog/atop/daily.log"
  470. mcelog:
  471. enabled: true
  472. logging:
  473. syslog: true
  474. syslog_error: true