linux: system: enabled: true cluster: default name: linux domain: local environment: prd hostname: system.pillar.local apparmor: enabled: false haveged: enabled: true prompt: default: "linux.ci.local$" kernel: isolcpu: 1,2,3,4 motd: - warning: | #!/bin/sh printf "WARNING: This is tcpcloud network.\n" printf " Unauthorized access is strictly prohibited.\n" printf "\n" - info: | #!/bin/sh printf -- "--[tcp cloud]---------------------------\n" printf " Hostname | ${linux:system:name}\n" printf " Domain | ${linux:system:domain}\n" printf " System | %s\n" "$(lsb_release -s -d)" printf " Kernel | %s\n" "$(uname -r)" printf -- "----------------------------------------\n" printf "\n" user: root: enabled: true home: /root name: root test: enabled: true name: test sudo: true uid: 9999 full_name: Test User home: /home/test groups: - root salt_user1: enabled: true name: saltuser1 sudo: false uid: 9991 full_name: Salt User1 home: /home/saltuser1 salt_user2: enabled: true name: saltuser2 sudo: false uid: 9992 full_name: Salt Sudo User2 home: /home/saltuser2 group: test: enabled: true name: test gid: 9999 system: true db-ops: enabled: true name: testgroup salt-ops: enabled: true name: sudogroup0 sudogroup1: enabled: true name: sudogroup1 sudogroup2: enabled: true name: sudogroup2 sudogroup3: enabled: false name: sudogroup3 job: test: enabled: true command: "/bin/sleep 3" user: test minute: 0 hour: 13 package: htop: version: latest repo: opencontrail: source: "deb http://ppa.launchpad.net/tcpcloud/contrail-2.20/ubuntu trusty main" architectures: amd64 locale: en_US.UTF-8: enabled: true default: true "cs_CZ.UTF-8 UTF-8": enabled: true autoupdates: enabled: true sudo: enabled: true alias: runas: DBA: - postgres - mysql SALT: - root host: LOCAL: - localhost PRODUCTION: - db1 - db2 command: SUDO_RESTRICTED_SU: - /bin/vi /etc/sudoers - /bin/su - root - /bin/su - - /bin/su - /usr/sbin/visudo SUDO_SHELLS: - /bin/sh - /bin/ksh - /bin/bash - /bin/rbash - /bin/dash - /bin/zsh - /bin/csh - /bin/fish - /bin/tcsh - /usr/bin/login - /usr/bin/su - /usr/su SUDO_SALT_SAFE: - /usr/bin/salt state* - /usr/bin/salt service* - /usr/bin/salt pillar* - /usr/bin/salt grains* - /usr/bin/salt saltutil* - /usr/bin/salt-call state* - /usr/bin/salt-call service* - /usr/bin/salt-call pillar* - /usr/bin/salt-call grains* - /usr/bin/salt-call saltutil* SUDO_SALT_TRUSTED: - /usr/bin/salt* users: saltuser1: {} saltuser2: hosts: - LOCAL # User Alias: DBA: hosts: - ALL commands: - SUDO_SALT_SAFE groups: db-ops: hosts: - ALL - '!PRODUCTION' runas: - DBA commands: - /bin/cat * - /bin/less * - /bin/ls * - SUDO_SALT_SAFE - '!SUDO_SHELLS' - '!SUDO_RESTRICTED_SU' salt-ops: hosts: - 'ALL' runas: - SALT commands: - SUDO_SALT_TRUSTED salt-ops2: name: salt-ops runas: - DBA commands: - SUDO_SHELLS sudogroup1: commands: - ALL sudogroup2: commands: - ALL hosts: - localhost users: - test nopasswd: false sudogroup3: commands: - ALL