Saltstack Official Linux Formula

480 lines
14KB

  1. linux:
  2. network:
  3. enabled: true
  4. hostname: linux
  5. fqdn: linux.ci.local
  6. system:
  7. enabled: true
  8. at:
  9. enabled: true
  10. user:
  11. root:
  12. enabled: true
  13. testuser:
  14. enabled: true
  15. cron:
  16. enabled: true
  17. user:
  18. root:
  19. enabled: true
  20. testuser:
  21. enabled: true
  22. cluster: default
  23. name: linux
  24. domain: ci.local
  25. environment: prd
  26. purge_repos: true
  27. selinux: permissive
  28. directory:
  29. /tmp/test:
  30. makedirs: true
  31. apparmor:
  32. enabled: false
  33. haveged:
  34. enabled: true
  35. prompt:
  36. default: "linux.ci.local$"
  37. kernel:
  38. isolcpu: 1,2,3,4
  39. elevator: deadline
  40. transparent_hugepage: always
  41. boot_options:
  42. - pti=off
  43. - spectre_v2=auto
  44. module:
  45. module_1:
  46. install:
  47. command: /bin/true
  48. remove:
  49. enabled: false
  50. command: /bin/false
  51. module_2:
  52. install:
  53. enabled: false
  54. command: /bin/false
  55. remove:
  56. command: /bin/true
  57. module_3:
  58. blacklist: true
  59. module_4:
  60. blacklist: false
  61. alias:
  62. "module*":
  63. enabled: true
  64. "module_*":
  65. enabled: false
  66. module_5:
  67. softdep:
  68. pre:
  69. 1:
  70. value: module_1
  71. 2:
  72. value: module_2
  73. enabled: false
  74. post:
  75. 1:
  76. value: module_3
  77. 2:
  78. value: module_4
  79. enabled: false
  80. module_6:
  81. option:
  82. opt_1: 111
  83. opt_2: 222
  84. module_7:
  85. option:
  86. opt_3:
  87. value: 333
  88. opt_4:
  89. enabled: true
  90. value: 444
  91. opt_5:
  92. enabled: false
  93. cgroup:
  94. group:
  95. group_1:
  96. controller:
  97. cpu:
  98. shares:
  99. value: 250
  100. mapping:
  101. subjects:
  102. - '@group1'
  103. sysfs:
  104. enable_apply: true
  105. scheduler:
  106. block/sda/queue/scheduler: deadline
  107. power:
  108. mode:
  109. power/state: 0660
  110. owner:
  111. power/state: "root:power"
  112. devices/system/cpu/cpu0/cpufreq/scaling_governor: powersave
  113. motd:
  114. - warning: |
  115. #!/bin/sh
  116. printf "WARNING: This is tcpcloud network.\n"
  117. printf " Unauthorized access is strictly prohibited.\n"
  118. printf "\n"
  119. - info: |
  120. #!/bin/sh
  121. printf -- "--[tcp cloud]---------------------------\n"
  122. printf " Hostname | ${linux:system:name}\n"
  123. printf " Domain | ${linux:system:domain}\n"
  124. printf " System | %s\n" "$(lsb_release -s -d)"
  125. printf " Kernel | %s\n" "$(uname -r)"
  126. printf -- "----------------------------------------\n"
  127. printf "\n"
  128. user:
  129. root:
  130. enabled: true
  131. home: /root
  132. name: root
  133. maxdays: 365
  134. testuser:
  135. enabled: true
  136. name: testuser
  137. password: passw0rd
  138. sudo: true
  139. uid: 9999
  140. full_name: Test User
  141. home: /home/test
  142. unique: false
  143. groups:
  144. - db-ops
  145. - salt-ops
  146. salt_user1:
  147. enabled: true
  148. name: saltuser1
  149. sudo: false
  150. uid: 9991
  151. full_name: Salt User1
  152. home: /home/saltuser1
  153. home_dir_mode: 755
  154. salt_user2:
  155. enabled: true
  156. name: saltuser2
  157. sudo: false
  158. uid: 9992
  159. full_name: Salt Sudo User2
  160. home: /home/saltuser2
  161. groups:
  162. - sudogroup1
  163. group:
  164. testgroup:
  165. enabled: true
  166. name: testgroup
  167. gid: 9999
  168. system: true
  169. addusers:
  170. - salt_user1
  171. - salt_user2
  172. db-ops:
  173. enabled: true
  174. delusers:
  175. - salt_user1
  176. - dontexistatall
  177. salt-ops:
  178. enabled: true
  179. name: salt-ops
  180. sudogroup1:
  181. enabled: true
  182. name: sudogroup1
  183. sudogroup2:
  184. enabled: true
  185. name: sudogroup2
  186. sudogroup3:
  187. enabled: false
  188. name: sudogroup3
  189. job:
  190. test:
  191. enabled: true
  192. command: "/bin/sleep 3"
  193. user: testuser
  194. minute: 0
  195. hour: 13
  196. package:
  197. htop:
  198. version: latest
  199. repo:
  200. disabled_repo:
  201. source: "deb [arch=amd64] https://download.docker.com/linux/ubuntu xenial stable"
  202. enabled: false
  203. disabled_repo_left_proxy:
  204. source: "deb [arch=amd64] https://download.docker.com/linux/ubuntu xenial stable"
  205. enabled: false
  206. proxy:
  207. enabled: true
  208. https: https://127.0.5.1:443
  209. saltstack:
  210. source: "deb [arch=amd64] http://repo.saltstack.com/apt/ubuntu/16.04/amd64/2017.7/ xenial main"
  211. key_url: "http://repo.saltstack.com/apt/ubuntu/16.04/amd64/2017.7/SALTSTACK-GPG-KEY.pub"
  212. architectures: amd64
  213. clean_file: true
  214. pinning:
  215. 10:
  216. enabled: true
  217. pin: 'release o=SaltStack'
  218. priority: 50
  219. package: 'libsodium18'
  220. 20:
  221. enabled: true
  222. pin: 'release o=SaltStack'
  223. priority: 1100
  224. package: '*'
  225. opencontrail:
  226. source: "deb http://ppa.launchpad.net/tcpcloud/contrail-3.0/ubuntu xenial main"
  227. keyid: E79EE90C
  228. keyserver: keyserver.ubuntu.com
  229. architectures: amd64
  230. proxy:
  231. enabled: true
  232. https: https://127.0.5.1:443
  233. #http: http://127.0.5.2:8080
  234. apt-salt:
  235. source: "deb http://apt.mirantis.com/xenial stable salt"
  236. #key_url: http://apt.mirantis.com/public.gpg
  237. # pub 4096R/A76882D3 2015-06-17
  238. key: |
  239. -----BEGIN PGP PUBLIC KEY BLOCK-----
  240. Version: GnuPG v1
  241. mQINBFWBfCIBEADf6lnsY9v4rf/x0ribkFlnHnsv1/yD+M+YgZoQxYdf6b7M4/PY
  242. zZ/c3uJt4l1vR3Yoocfc1VgtBNfA1ussBqXdmyRBMO1LKdQWnurNxWLW7CwcyNke
  243. xeBfhjOqA6tIIXMfor7uUrwlIxJIxK+jc3C3nhM46QZpWX5d4mlkgxKh1G4ZRj4A
  244. mEo2NduLUgfmF+gM1MmAbU8ekzciKet4TsM64WAtHyYllGKvuFSdBjsewO3McuhR
  245. i1Desb5QdfIU4p3gkIa0EqlkkqX4rowo5qUnl670TNTTZHaz0MxCBoYaGbGhS7gZ
  246. 6/PLm8fJHmU/phst/QmOY76a5efZWbhhnlyYLIB8UjywN+VDqwkNk9jLUSXHTakh
  247. dnL4OuGoNpIzms8juVFlnuOmx+FcfbHMbhAc7aPqFK+6J3YS4kJSfeHWJ6cTGoU1
  248. cLWEhsbU3Gp8am5fnh72RJ7v2sTe/rvCuVtlNufi5SyBPcEUZoxFVWAC/hMeiWzy
  249. drBIVC73raf+A+OjH8op9XfkVj6czxQ/451soe3jvCDGgTXPLlts+P5WhgWNpDPa
  250. fOfTHn/2o7NwoM7Vp+BQYKAQ78phsolvNNhf+g51ntoLUbxAGKZYzQ5RPsKo+Hq6
  251. 96UCFkqhSABk0DvM0LtquzZ+sNoipd02w8EaxQzelDJxvPFGigo1uqGoiQARAQAB
  252. tCx0Y3BjbG91ZCBzaWduaW5nIGtleSA8YXV0b2J1aWxkQHRjcGNsb3VkLmV1PokC
  253. OwQTAQIAJQIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AFAlWj4K8CGQEACgkQ
  254. JACFCadogtPm9xAAl1D1RUY1mttjKk+8KI3tUmgtqLaIGUcB4TPbIhQpFy23TJd6
  255. BnnEaGZ+HSCj3lp/dBoq1xxCqHCziKA04IpPaLpGJf8cqaKOpQpW1ErlSxT6nCQW
  256. FrHFxZreBTljKqW3fvRBXNAquj0krJEwv19/3SsQ+CJI2Zkq/HPDw9eJOCu0WcJM
  257. PVtAq2SmaDigh1jtFcFoWZ7uFFMQPIWit/RCPkDfkFaf6lbYZ/nnvWON9OAgzWci
  258. GJjCp5a7vMyCpTRy6bgNPqM61omCe0iQ4yIcqANXhRYS/DBnjKr9YaDKnlKNUgd1
  259. WRE8QzErQznH/plgISQ+df+8Iunp3SBr/jj1604yyM1Wxppn1+dAoTBU1OPFGVd3
  260. mCEYHUe+v0iTZ69C2c1ISmp2MjciGyE/UPbW9ejUIXtFJAJovZjn6P3glyIQB3wq
  261. AW6JE+xEBWH7Ix+Uv6YNAFfj3UO6vNjtuGbTCWYDCEJRkdmeE7QdTYDo7PxgPl1t
  262. 6xMGPLOBdYNJTEojvRYBTt+6iw0eZ+MCUdUFNeaseQh0p1RgqM9/7t75QCNLl1oO
  263. +Cfu4vNef/Tpd3LHcUoQhQ2OViOVFbq1/Yu/natWDPDcXb3peTcNHOjmXAoboWbz
  264. rDkxj5z7vcJ9LMEXviP6Fb/iXDmJh74/o6Agc8efb0WTmFjPFFtMCHrinb+5Ag0E
  265. VYF8IgEQALUVS2GESQ+F1S4b0JIO1M2tVBXiH4N56eUzcDXxXbSZgCgx4aWhk5vJ
  266. Qu7M11gtqIoiRbmuFpUmDOG/kB7DxBZPn8WqcBKpky6GUP/A/emaAZTwNQdcDAhD
  267. foBkJdhVz0D2jnkBffYL055p/r1Ers+iTTNOas/0uc50C32xR823rQ2Nl6/ffIM6
  268. JqfQenhRvqUWPj9oqESHMsqEdceSwS/VC7RN4xQXJXfEWu2q4Ahs62RmvCXnTw1A
  269. sPcpysoBoo8IW+V1MVQEZuAJRn2AGO/Q7uY9TR4guHb3wXRfZ3k0KVUsyqqdusJi
  270. T3DxxBw6GcKdOH6t41Ys3eYgOrc+RcSdcHYSpxaLvEIhwzarZ+mqcp3gz/JkPlXS
  271. 2tx2l6NZHcgReOM7IhqMuxzBbpcrsbBmLBemC+u7hoPTjUdTHKEwvWaeXL4vgsqQ
  272. BbEeKmXep5sZg3kHtpXzY9ZfPQrtGB8vHGrfaZIcCKuXwZWGL5GGWKw3TSP4fAIA
  273. jLxLf5MyyXcsugbai2OY/H4sAuvJHsmGtergGknuR+iFdt5el1wgRKP1r1KdmvMm
  274. wsSayc6eSEKd689x3zsmAtnhYM31oMkPdeYRbnN15gLG7vcsVe4jug0YTqQt2WGn
  275. hwjBA0i2qfTorXemWChsxKllvY9aB3ST8I6RMat0kS08FMD+Ced/ABEBAAGJAh8E
  276. GAECAAkFAlWBfCICGwwACgkQJACFCadogtNicA/9HOM402VGHlmuYPcrvEThHqMK
  277. KOTtNFsrrPp67dGYaT8TGTgy1OG4Oys2y+hrwqnUK6dXJxX2/RBfRuO/gw65RCfC
  278. 9nWeMkqJTjHJCKNTYfXN4O4ag444UZPcOMq+IyiWF3/sh674zCkCm5DQ/FH8IJ8Y
  279. n4jMoxe7G48PCGtgcJKXo8NBzxwXJH4DCdk7rNdrbrnCwObG8h6530WrmzKuyFCJ
  280. QP5JA0MSx23J2OrK2YmVMhTeO0czJ8fRip9We9/qAfZGUEW+sey+nLmT5OJq04al
  281. Va9g2a4nXxzDy84+hRXQNUeCRYn/ys8d8q9HZNv3K36HlILcuWazNTTh0cuWupBd
  282. SlIEuWbIdbknYpGsmS1cPeGi0bdoLZv90BIVmdOS/vXP02fGUblyANciKcBPRhOI
  283. +z6hzwdZ+QvjPbxZUig5XuvqBhIHoRtMBJdf24ysFuf/d4uZzTC8T4rUQO+L29bt
  284. 8riT0dg6cHVwC0VH89FaO1FduvsCtAwdAgxSzOMBECNOmVBThIiWdLnns107Rp4F
  285. ECk+l2UCjl7zwGqJqcd1BQK+UgZwVG2UV11CrhopKU5oGL84n5DaO2n6Rv8wVdrt
  286. MKvqi7EkgvZpY0IHJ7rp0Gzrv0qmwJaUFCWFogITNyijb1JVsUgDTMhAkEgEsIYy
  287. jtcwJrHue5Xn8UPSLkE=
  288. =SWiA
  289. -----END PGP PUBLIC KEY BLOCK-----
  290. architectures: amd64
  291. proxy:
  292. enabled: true
  293. apt-salt-nightly:
  294. source: "deb http://apt.mirantis.com/xenial nightly salt"
  295. key_url: http://apt.mirantis.com/public.gpg
  296. architectures: amd64
  297. proxy:
  298. enabled: false
  299. apt-extra-nightly:
  300. source: "deb http://apt.mirantis.com/xenial nightly extra"
  301. key_url: http://apt.mirantis.com/public.gpg
  302. architectures: amd64
  303. locale:
  304. en_US:
  305. enabled: true
  306. default: true
  307. cs_CZ:
  308. enabled: true
  309. autoupdates:
  310. enabled: true
  311. sudo:
  312. enabled: true
  313. alias:
  314. runas:
  315. DBA:
  316. - postgres
  317. - mysql
  318. SALT:
  319. - root
  320. host:
  321. LOCAL:
  322. - localhost
  323. PRODUCTION:
  324. - db1
  325. - db2
  326. command:
  327. SUDO_RESTRICTED_SU:
  328. - /bin/vi /etc/sudoers
  329. - /bin/su - root
  330. - /bin/su -
  331. - /bin/su
  332. - /usr/sbin/visudo
  333. SUDO_SHELLS:
  334. - /bin/sh
  335. - /bin/ksh
  336. - /bin/bash
  337. - /bin/rbash
  338. - /bin/dash
  339. - /bin/zsh
  340. - /bin/csh
  341. - /bin/fish
  342. - /bin/tcsh
  343. - /usr/bin/login
  344. - /usr/bin/su
  345. - /usr/su
  346. SUDO_SALT_SAFE:
  347. - /usr/bin/salt state*
  348. - /usr/bin/salt service*
  349. - /usr/bin/salt pillar*
  350. - /usr/bin/salt grains*
  351. - /usr/bin/salt saltutil*
  352. - /usr/bin/salt-call state*
  353. - /usr/bin/salt-call service*
  354. - /usr/bin/salt-call pillar*
  355. - /usr/bin/salt-call grains*
  356. - /usr/bin/salt-call saltutil*
  357. SUDO_SALT_TRUSTED:
  358. - /usr/bin/salt*
  359. users:
  360. saltuser1: {}
  361. saltuser2:
  362. hosts:
  363. - LOCAL
  364. # User Alias:
  365. DBA:
  366. hosts:
  367. - ALL
  368. commands:
  369. - SUDO_SALT_SAFE
  370. groups:
  371. db-ops:
  372. hosts:
  373. - ALL
  374. - '!PRODUCTION'
  375. runas:
  376. - DBA
  377. commands:
  378. - /bin/cat *
  379. - /bin/less *
  380. - /bin/ls *
  381. - SUDO_SALT_SAFE
  382. - '!SUDO_SHELLS'
  383. - '!SUDO_RESTRICTED_SU'
  384. salt-ops:
  385. hosts:
  386. - 'ALL'
  387. runas:
  388. - SALT
  389. commands:
  390. - SUDO_SALT_TRUSTED
  391. salt-ops2:
  392. name: salt-ops
  393. runas:
  394. - DBA
  395. commands:
  396. - SUDO_SHELLS
  397. sudogroup1:
  398. commands:
  399. - ALL
  400. sudogroup2:
  401. commands:
  402. - ALL
  403. hosts:
  404. - localhost
  405. users:
  406. - test
  407. nopasswd: false
  408. sudogroup3:
  409. commands:
  410. - ALL
  411. env:
  412. BOB_VARIABLE: Alice
  413. BOB_PATH:
  414. - /srv/alice/bin
  415. - /srv/bob/bin
  416. HTTPS_PROXY: https://127.0.4.1:443
  417. http_proxy: http://127.0.4.2:80
  418. ftp_proxy: ftp://127.0.4.3:2121
  419. no_proxy:
  420. - 192.168.0.1
  421. - 192.168.0.2
  422. - .saltstack.com
  423. - .ubuntu.com
  424. - .mirantis.com
  425. - .launchpad.net
  426. - .dummy.net
  427. - .local
  428. LANG: C
  429. LC_ALL: C
  430. login_defs:
  431. PASS_MAX_DAYS:
  432. value: 99
  433. shell:
  434. umask: '027'
  435. timeout: 900
  436. profile:
  437. vi_flavors.sh: |
  438. export PAGER=view
  439. alias vi=vim
  440. locales: |
  441. export LANG=en_US
  442. export LC_ALL=en_US.UTF-8
  443. # pillar for proxy configuration
  444. proxy:
  445. # for package managers
  446. pkg:
  447. enabled: true
  448. https: https://127.0.2.1:4443
  449. #http: http://127.0.2.2
  450. ftp: none
  451. # fallback, system defaults
  452. https: https://127.0.1.1:443
  453. #http: http://127.0.1.2
  454. ftp: ftp://127.0.1.3
  455. noproxy:
  456. - host1
  457. - host2
  458. - .local
  459. # pillars for netconsole setup
  460. netconsole:
  461. enabled: true
  462. port: 514
  463. loglevel: debug
  464. target:
  465. 192.168.0.1:
  466. mac: "ff:ff:ff:ff:ff:ff"
  467. interface: bond0
  468. atop:
  469. enabled: true
  470. interval: 20
  471. logpath: "/var/mylog/atop"
  472. outfile: "/var/mylog/atop/daily.log"
  473. mcelog:
  474. enabled: true
  475. logging:
  476. syslog: true
  477. syslog_error: true