linux: system: enabled: true cluster: default name: linux domain: local environment: prd hostname: system.pillar.local purge_repos: true apparmor: enabled: false haveged: enabled: true prompt: default: "linux.ci.local$" kernel: isolcpu: 1,2,3,4 motd: - warning: | #!/bin/sh printf "WARNING: This is tcpcloud network.\n" printf " Unauthorized access is strictly prohibited.\n" printf "\n" - info: | #!/bin/sh printf -- "--[tcp cloud]---------------------------\n" printf " Hostname | ${linux:system:name}\n" printf " Domain | ${linux:system:domain}\n" printf " System | %s\n" "$(lsb_release -s -d)" printf " Kernel | %s\n" "$(uname -r)" printf -- "----------------------------------------\n" printf "\n" user: root: enabled: true home: /root name: root testuser: enabled: true name: testuser sudo: true uid: 9999 full_name: Test User home: /home/test groups: - db-ops - salt-ops salt_user1: enabled: true name: saltuser1 sudo: false uid: 9991 full_name: Salt User1 home: /home/saltuser1 salt_user2: enabled: true name: saltuser2 sudo: false uid: 9992 full_name: Salt Sudo User2 home: /home/saltuser2 groups: - sudogroup1 group: testgroup: enabled: true name: testgroup gid: 9999 system: true addusers: - salt_user1 - salt_user2 db-ops: enabled: true delusers: - salt_user1 - dontexistatall salt-ops: enabled: true name: salt-ops sudogroup1: enabled: true name: sudogroup1 sudogroup2: enabled: true name: sudogroup2 sudogroup3: enabled: false name: sudogroup3 job: test: enabled: true command: "/bin/sleep 3" user: testuser minute: 0 hour: 13 package: htop: version: latest repo: opencontrail: source: "deb http://ppa.launchpad.net/tcpcloud/contrail-3.0/ubuntu xenial main" keyid: E79EE90C keyserver: keyserver.ubuntu.com architectures: amd64 proxy: enabled: true https: https://127.0.5.1:443 #http: http://127.0.5.2:8080 apt-mk-salt: source: "deb http://apt-mk.mirantis.com/xenial stable salt" #key_url: http://apt-mk.mirantis.com/public.gpg key: | -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1 mQINBFWBfCIBEADf6lnsY9v4rf/x0ribkFlnHnsv1/yD+M+YgZoQxYdf6b7M4/PY zZ/c3uJt4l1vR3Yoocfc1VgtBNfA1ussBqXdmyRBMO1LKdQWnurNxWLW7CwcyNke xeBfhjOqA6tIIXMfor7uUrwlIxJIxK+jc3C3nhM46QZpWX5d4mlkgxKh1G4ZRj4A mEo2NduLUgfmF+gM1MmAbU8ekzciKet4TsM64WAtHyYllGKvuFSdBjsewO3McuhR i1Desb5QdfIU4p3gkIa0EqlkkqX4rowo5qUnl670TNTTZHaz0MxCBoYaGbGhS7gZ 6/PLm8fJHmU/phst/QmOY76a5efZWbhhnlyYLIB8UjywN+VDqwkNk9jLUSXHTakh dnL4OuGoNpIzms8juVFlnuOmx+FcfbHMbhAc7aPqFK+6J3YS4kJSfeHWJ6cTGoU1 cLWEhsbU3Gp8am5fnh72RJ7v2sTe/rvCuVtlNufi5SyBPcEUZoxFVWAC/hMeiWzy drBIVC73raf+A+OjH8op9XfkVj6czxQ/451soe3jvCDGgTXPLlts+P5WhgWNpDPa fOfTHn/2o7NwoM7Vp+BQYKAQ78phsolvNNhf+g51ntoLUbxAGKZYzQ5RPsKo+Hq6 96UCFkqhSABk0DvM0LtquzZ+sNoipd02w8EaxQzelDJxvPFGigo1uqGoiQARAQAB tCx0Y3BjbG91ZCBzaWduaW5nIGtleSA8YXV0b2J1aWxkQHRjcGNsb3VkLmV1PokC OwQTAQIAJQIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AFAlWj4K8CGQEACgkQ JACFCadogtPm9xAAl1D1RUY1mttjKk+8KI3tUmgtqLaIGUcB4TPbIhQpFy23TJd6 BnnEaGZ+HSCj3lp/dBoq1xxCqHCziKA04IpPaLpGJf8cqaKOpQpW1ErlSxT6nCQW FrHFxZreBTljKqW3fvRBXNAquj0krJEwv19/3SsQ+CJI2Zkq/HPDw9eJOCu0WcJM PVtAq2SmaDigh1jtFcFoWZ7uFFMQPIWit/RCPkDfkFaf6lbYZ/nnvWON9OAgzWci GJjCp5a7vMyCpTRy6bgNPqM61omCe0iQ4yIcqANXhRYS/DBnjKr9YaDKnlKNUgd1 WRE8QzErQznH/plgISQ+df+8Iunp3SBr/jj1604yyM1Wxppn1+dAoTBU1OPFGVd3 mCEYHUe+v0iTZ69C2c1ISmp2MjciGyE/UPbW9ejUIXtFJAJovZjn6P3glyIQB3wq AW6JE+xEBWH7Ix+Uv6YNAFfj3UO6vNjtuGbTCWYDCEJRkdmeE7QdTYDo7PxgPl1t 6xMGPLOBdYNJTEojvRYBTt+6iw0eZ+MCUdUFNeaseQh0p1RgqM9/7t75QCNLl1oO +Cfu4vNef/Tpd3LHcUoQhQ2OViOVFbq1/Yu/natWDPDcXb3peTcNHOjmXAoboWbz rDkxj5z7vcJ9LMEXviP6Fb/iXDmJh74/o6Agc8efb0WTmFjPFFtMCHrinb+5Ag0E VYF8IgEQALUVS2GESQ+F1S4b0JIO1M2tVBXiH4N56eUzcDXxXbSZgCgx4aWhk5vJ Qu7M11gtqIoiRbmuFpUmDOG/kB7DxBZPn8WqcBKpky6GUP/A/emaAZTwNQdcDAhD foBkJdhVz0D2jnkBffYL055p/r1Ers+iTTNOas/0uc50C32xR823rQ2Nl6/ffIM6 JqfQenhRvqUWPj9oqESHMsqEdceSwS/VC7RN4xQXJXfEWu2q4Ahs62RmvCXnTw1A sPcpysoBoo8IW+V1MVQEZuAJRn2AGO/Q7uY9TR4guHb3wXRfZ3k0KVUsyqqdusJi T3DxxBw6GcKdOH6t41Ys3eYgOrc+RcSdcHYSpxaLvEIhwzarZ+mqcp3gz/JkPlXS 2tx2l6NZHcgReOM7IhqMuxzBbpcrsbBmLBemC+u7hoPTjUdTHKEwvWaeXL4vgsqQ BbEeKmXep5sZg3kHtpXzY9ZfPQrtGB8vHGrfaZIcCKuXwZWGL5GGWKw3TSP4fAIA jLxLf5MyyXcsugbai2OY/H4sAuvJHsmGtergGknuR+iFdt5el1wgRKP1r1KdmvMm wsSayc6eSEKd689x3zsmAtnhYM31oMkPdeYRbnN15gLG7vcsVe4jug0YTqQt2WGn hwjBA0i2qfTorXemWChsxKllvY9aB3ST8I6RMat0kS08FMD+Ced/ABEBAAGJAh8E GAECAAkFAlWBfCICGwwACgkQJACFCadogtNicA/9HOM402VGHlmuYPcrvEThHqMK KOTtNFsrrPp67dGYaT8TGTgy1OG4Oys2y+hrwqnUK6dXJxX2/RBfRuO/gw65RCfC 9nWeMkqJTjHJCKNTYfXN4O4ag444UZPcOMq+IyiWF3/sh674zCkCm5DQ/FH8IJ8Y n4jMoxe7G48PCGtgcJKXo8NBzxwXJH4DCdk7rNdrbrnCwObG8h6530WrmzKuyFCJ QP5JA0MSx23J2OrK2YmVMhTeO0czJ8fRip9We9/qAfZGUEW+sey+nLmT5OJq04al Va9g2a4nXxzDy84+hRXQNUeCRYn/ys8d8q9HZNv3K36HlILcuWazNTTh0cuWupBd SlIEuWbIdbknYpGsmS1cPeGi0bdoLZv90BIVmdOS/vXP02fGUblyANciKcBPRhOI +z6hzwdZ+QvjPbxZUig5XuvqBhIHoRtMBJdf24ysFuf/d4uZzTC8T4rUQO+L29bt 8riT0dg6cHVwC0VH89FaO1FduvsCtAwdAgxSzOMBECNOmVBThIiWdLnns107Rp4F ECk+l2UCjl7zwGqJqcd1BQK+UgZwVG2UV11CrhopKU5oGL84n5DaO2n6Rv8wVdrt MKvqi7EkgvZpY0IHJ7rp0Gzrv0qmwJaUFCWFogITNyijb1JVsUgDTMhAkEgEsIYy jtcwJrHue5Xn8UPSLkE= =SWiA -----END PGP PUBLIC KEY BLOCK----- architectures: amd64 proxy: enabled: true apt-mk-salt-nightly: source: "deb http://apt-mk.mirantis.com/xenial nightly salt" key_url: http://apt-mk.mirantis.com/public.gpg architectures: amd64 proxy: enabled: false apt-mk-extra-nightly: source: "deb http://apt-mk.mirantis.com/xenial nightly extra" key_url: http://apt-mk.mirantis.com/public.gpg architectures: amd64 locale: en_US.UTF-8: enabled: true default: true "cs_CZ.UTF-8 UTF-8": enabled: true autoupdates: enabled: true sudo: enabled: true alias: runas: DBA: - postgres - mysql SALT: - root host: LOCAL: - localhost PRODUCTION: - db1 - db2 command: SUDO_RESTRICTED_SU: - /bin/vi /etc/sudoers - /bin/su - root - /bin/su - - /bin/su - /usr/sbin/visudo SUDO_SHELLS: - /bin/sh - /bin/ksh - /bin/bash - /bin/rbash - /bin/dash - /bin/zsh - /bin/csh - /bin/fish - /bin/tcsh - /usr/bin/login - /usr/bin/su - /usr/su SUDO_SALT_SAFE: - /usr/bin/salt state* - /usr/bin/salt service* - /usr/bin/salt pillar* - /usr/bin/salt grains* - /usr/bin/salt saltutil* - /usr/bin/salt-call state* - /usr/bin/salt-call service* - /usr/bin/salt-call pillar* - /usr/bin/salt-call grains* - /usr/bin/salt-call saltutil* SUDO_SALT_TRUSTED: - /usr/bin/salt* users: saltuser1: {} saltuser2: hosts: - LOCAL # User Alias: DBA: hosts: - ALL commands: - SUDO_SALT_SAFE groups: db-ops: hosts: - ALL - '!PRODUCTION' runas: - DBA commands: - /bin/cat * - /bin/less * - /bin/ls * - SUDO_SALT_SAFE - '!SUDO_SHELLS' - '!SUDO_RESTRICTED_SU' salt-ops: hosts: - 'ALL' runas: - SALT commands: - SUDO_SALT_TRUSTED salt-ops2: name: salt-ops runas: - DBA commands: - SUDO_SHELLS sudogroup1: commands: - ALL sudogroup2: commands: - ALL hosts: - localhost users: - test nopasswd: false sudogroup3: commands: - ALL env: BOB_VARIABLE: Alice BOB_PATH: - /srv/alice/bin - /srv/bob/bin HTTPS_PROXY: https://127.0.4.1:443 http_proxy: http://127.0.4.2:80 ftp_proxy: ftp://127.0.4.3:2121 no_proxy: - 192.168.0.1 - 192.168.0.2 - .saltstack.com - .ubuntu.com - .mirantis.com - .launchpad.net - .dummy.net - .local LANG: C LC_ALL: C profile: vi_flavors.sh: | export PAGER=view alias vi=vim locales: | export LANG=en_US export LC_ALL=en_US.UTF-8 # pillar for proxy configuration proxy: # for package managers pkg: enabled: true https: https://127.0.2.1:4443 #http: http://127.0.2.2 ftp: none # fallback, system defaults https: https://127.0.1.1:443 #http: http://127.0.1.2 ftp: ftp://127.0.1.3 noproxy: - host1 - host2 - .local # pillars for netconsole setup netconsole: enabled: true port: 514 loglevel: debug target: 192.168.0.1: mac: "ff:ff:ff:ff:ff:ff" interface: bond0