Saltstack Official Linux Formula

457 lines
13KB

  1. linux:
  2. network:
  3. enabled: true
  4. hostname: linux
  5. fqdn: linux.ci.local
  6. system:
  7. enabled: true
  8. at:
  9. enabled: true
  10. user:
  11. root:
  12. enabled: true
  13. testuser:
  14. enabled: true
  15. cron:
  16. enabled: true
  17. user:
  18. root:
  19. enabled: true
  20. testuser:
  21. enabled: true
  22. cluster: default
  23. name: linux
  24. domain: ci.local
  25. environment: prd
  26. purge_repos: true
  27. directory:
  28. /tmp/test:
  29. makedirs: true
  30. apparmor:
  31. enabled: false
  32. haveged:
  33. enabled: true
  34. prompt:
  35. default: "linux.ci.local$"
  36. kernel:
  37. isolcpu: 1,2,3,4
  38. elevator: deadline
  39. boot_options:
  40. - pti=off
  41. - spectre_v2=auto
  42. module:
  43. module_1:
  44. install:
  45. command: /bin/true
  46. remove:
  47. enabled: false
  48. command: /bin/false
  49. module_2:
  50. install:
  51. enabled: false
  52. command: /bin/false
  53. remove:
  54. command: /bin/true
  55. module_3:
  56. blacklist: true
  57. module_4:
  58. blacklist: false
  59. alias:
  60. "module*":
  61. enabled: true
  62. "module_*":
  63. enabled: false
  64. module_5:
  65. softdep:
  66. pre:
  67. 1:
  68. value: module_1
  69. 2:
  70. value: module_2
  71. enabled: false
  72. post:
  73. 1:
  74. value: module_3
  75. 2:
  76. value: module_4
  77. enabled: false
  78. module_6:
  79. option:
  80. opt_1: 111
  81. opt_2: 222
  82. module_7:
  83. option:
  84. opt_3:
  85. value: 333
  86. opt_4:
  87. enabled: true
  88. value: 444
  89. opt_5:
  90. enabled: false
  91. cgroup:
  92. group:
  93. group_1:
  94. controller:
  95. cpu:
  96. shares:
  97. value: 250
  98. mapping:
  99. subjects:
  100. - '@group1'
  101. sysfs:
  102. scheduler:
  103. block/sda/queue/scheduler: deadline
  104. power:
  105. mode:
  106. power/state: 0660
  107. owner:
  108. power/state: "root:power"
  109. devices/system/cpu/cpu0/cpufreq/scaling_governor: powersave
  110. motd:
  111. - warning: |
  112. #!/bin/sh
  113. printf "WARNING: This is tcpcloud network.\n"
  114. printf " Unauthorized access is strictly prohibited.\n"
  115. printf "\n"
  116. - info: |
  117. #!/bin/sh
  118. printf -- "--[tcp cloud]---------------------------\n"
  119. printf " Hostname | ${linux:system:name}\n"
  120. printf " Domain | ${linux:system:domain}\n"
  121. printf " System | %s\n" "$(lsb_release -s -d)"
  122. printf " Kernel | %s\n" "$(uname -r)"
  123. printf -- "----------------------------------------\n"
  124. printf "\n"
  125. user:
  126. root:
  127. enabled: true
  128. home: /root
  129. name: root
  130. testuser:
  131. enabled: true
  132. name: testuser
  133. password: passw0rd
  134. sudo: true
  135. uid: 9999
  136. full_name: Test User
  137. home: /home/test
  138. groups:
  139. - db-ops
  140. - salt-ops
  141. salt_user1:
  142. enabled: true
  143. name: saltuser1
  144. sudo: false
  145. uid: 9991
  146. full_name: Salt User1
  147. home: /home/saltuser1
  148. home_dir_mode: 755
  149. salt_user2:
  150. enabled: true
  151. name: saltuser2
  152. sudo: false
  153. uid: 9992
  154. full_name: Salt Sudo User2
  155. home: /home/saltuser2
  156. groups:
  157. - sudogroup1
  158. group:
  159. testgroup:
  160. enabled: true
  161. name: testgroup
  162. gid: 9999
  163. system: true
  164. addusers:
  165. - salt_user1
  166. - salt_user2
  167. db-ops:
  168. enabled: true
  169. delusers:
  170. - salt_user1
  171. - dontexistatall
  172. salt-ops:
  173. enabled: true
  174. name: salt-ops
  175. sudogroup1:
  176. enabled: true
  177. name: sudogroup1
  178. sudogroup2:
  179. enabled: true
  180. name: sudogroup2
  181. sudogroup3:
  182. enabled: false
  183. name: sudogroup3
  184. job:
  185. test:
  186. enabled: true
  187. command: "/bin/sleep 3"
  188. user: testuser
  189. minute: 0
  190. hour: 13
  191. package:
  192. htop:
  193. version: latest
  194. repo:
  195. disabled_repo:
  196. source: "deb [arch=amd64] https://download.docker.com/linux/ubuntu xenial stable"
  197. enabled: false
  198. disabled_repo_left_proxy:
  199. source: "deb [arch=amd64] https://download.docker.com/linux/ubuntu xenial stable"
  200. enabled: false
  201. proxy:
  202. enabled: true
  203. https: https://127.0.5.1:443
  204. opencontrail:
  205. source: "deb http://ppa.launchpad.net/tcpcloud/contrail-3.0/ubuntu xenial main"
  206. keyid: E79EE90C
  207. keyserver: keyserver.ubuntu.com
  208. architectures: amd64
  209. proxy:
  210. enabled: true
  211. https: https://127.0.5.1:443
  212. #http: http://127.0.5.2:8080
  213. apt-salt:
  214. source: "deb http://apt.mirantis.com/xenial stable salt"
  215. #key_url: http://apt.mirantis.com/public.gpg
  216. # pub 4096R/A76882D3 2015-06-17
  217. key: |
  218. -----BEGIN PGP PUBLIC KEY BLOCK-----
  219. Version: GnuPG v1
  220. mQINBFWBfCIBEADf6lnsY9v4rf/x0ribkFlnHnsv1/yD+M+YgZoQxYdf6b7M4/PY
  221. zZ/c3uJt4l1vR3Yoocfc1VgtBNfA1ussBqXdmyRBMO1LKdQWnurNxWLW7CwcyNke
  222. xeBfhjOqA6tIIXMfor7uUrwlIxJIxK+jc3C3nhM46QZpWX5d4mlkgxKh1G4ZRj4A
  223. mEo2NduLUgfmF+gM1MmAbU8ekzciKet4TsM64WAtHyYllGKvuFSdBjsewO3McuhR
  224. i1Desb5QdfIU4p3gkIa0EqlkkqX4rowo5qUnl670TNTTZHaz0MxCBoYaGbGhS7gZ
  225. 6/PLm8fJHmU/phst/QmOY76a5efZWbhhnlyYLIB8UjywN+VDqwkNk9jLUSXHTakh
  226. dnL4OuGoNpIzms8juVFlnuOmx+FcfbHMbhAc7aPqFK+6J3YS4kJSfeHWJ6cTGoU1
  227. cLWEhsbU3Gp8am5fnh72RJ7v2sTe/rvCuVtlNufi5SyBPcEUZoxFVWAC/hMeiWzy
  228. drBIVC73raf+A+OjH8op9XfkVj6czxQ/451soe3jvCDGgTXPLlts+P5WhgWNpDPa
  229. fOfTHn/2o7NwoM7Vp+BQYKAQ78phsolvNNhf+g51ntoLUbxAGKZYzQ5RPsKo+Hq6
  230. 96UCFkqhSABk0DvM0LtquzZ+sNoipd02w8EaxQzelDJxvPFGigo1uqGoiQARAQAB
  231. tCx0Y3BjbG91ZCBzaWduaW5nIGtleSA8YXV0b2J1aWxkQHRjcGNsb3VkLmV1PokC
  232. OwQTAQIAJQIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AFAlWj4K8CGQEACgkQ
  233. JACFCadogtPm9xAAl1D1RUY1mttjKk+8KI3tUmgtqLaIGUcB4TPbIhQpFy23TJd6
  234. BnnEaGZ+HSCj3lp/dBoq1xxCqHCziKA04IpPaLpGJf8cqaKOpQpW1ErlSxT6nCQW
  235. FrHFxZreBTljKqW3fvRBXNAquj0krJEwv19/3SsQ+CJI2Zkq/HPDw9eJOCu0WcJM
  236. PVtAq2SmaDigh1jtFcFoWZ7uFFMQPIWit/RCPkDfkFaf6lbYZ/nnvWON9OAgzWci
  237. GJjCp5a7vMyCpTRy6bgNPqM61omCe0iQ4yIcqANXhRYS/DBnjKr9YaDKnlKNUgd1
  238. WRE8QzErQznH/plgISQ+df+8Iunp3SBr/jj1604yyM1Wxppn1+dAoTBU1OPFGVd3
  239. mCEYHUe+v0iTZ69C2c1ISmp2MjciGyE/UPbW9ejUIXtFJAJovZjn6P3glyIQB3wq
  240. AW6JE+xEBWH7Ix+Uv6YNAFfj3UO6vNjtuGbTCWYDCEJRkdmeE7QdTYDo7PxgPl1t
  241. 6xMGPLOBdYNJTEojvRYBTt+6iw0eZ+MCUdUFNeaseQh0p1RgqM9/7t75QCNLl1oO
  242. +Cfu4vNef/Tpd3LHcUoQhQ2OViOVFbq1/Yu/natWDPDcXb3peTcNHOjmXAoboWbz
  243. rDkxj5z7vcJ9LMEXviP6Fb/iXDmJh74/o6Agc8efb0WTmFjPFFtMCHrinb+5Ag0E
  244. VYF8IgEQALUVS2GESQ+F1S4b0JIO1M2tVBXiH4N56eUzcDXxXbSZgCgx4aWhk5vJ
  245. Qu7M11gtqIoiRbmuFpUmDOG/kB7DxBZPn8WqcBKpky6GUP/A/emaAZTwNQdcDAhD
  246. foBkJdhVz0D2jnkBffYL055p/r1Ers+iTTNOas/0uc50C32xR823rQ2Nl6/ffIM6
  247. JqfQenhRvqUWPj9oqESHMsqEdceSwS/VC7RN4xQXJXfEWu2q4Ahs62RmvCXnTw1A
  248. sPcpysoBoo8IW+V1MVQEZuAJRn2AGO/Q7uY9TR4guHb3wXRfZ3k0KVUsyqqdusJi
  249. T3DxxBw6GcKdOH6t41Ys3eYgOrc+RcSdcHYSpxaLvEIhwzarZ+mqcp3gz/JkPlXS
  250. 2tx2l6NZHcgReOM7IhqMuxzBbpcrsbBmLBemC+u7hoPTjUdTHKEwvWaeXL4vgsqQ
  251. BbEeKmXep5sZg3kHtpXzY9ZfPQrtGB8vHGrfaZIcCKuXwZWGL5GGWKw3TSP4fAIA
  252. jLxLf5MyyXcsugbai2OY/H4sAuvJHsmGtergGknuR+iFdt5el1wgRKP1r1KdmvMm
  253. wsSayc6eSEKd689x3zsmAtnhYM31oMkPdeYRbnN15gLG7vcsVe4jug0YTqQt2WGn
  254. hwjBA0i2qfTorXemWChsxKllvY9aB3ST8I6RMat0kS08FMD+Ced/ABEBAAGJAh8E
  255. GAECAAkFAlWBfCICGwwACgkQJACFCadogtNicA/9HOM402VGHlmuYPcrvEThHqMK
  256. KOTtNFsrrPp67dGYaT8TGTgy1OG4Oys2y+hrwqnUK6dXJxX2/RBfRuO/gw65RCfC
  257. 9nWeMkqJTjHJCKNTYfXN4O4ag444UZPcOMq+IyiWF3/sh674zCkCm5DQ/FH8IJ8Y
  258. n4jMoxe7G48PCGtgcJKXo8NBzxwXJH4DCdk7rNdrbrnCwObG8h6530WrmzKuyFCJ
  259. QP5JA0MSx23J2OrK2YmVMhTeO0czJ8fRip9We9/qAfZGUEW+sey+nLmT5OJq04al
  260. Va9g2a4nXxzDy84+hRXQNUeCRYn/ys8d8q9HZNv3K36HlILcuWazNTTh0cuWupBd
  261. SlIEuWbIdbknYpGsmS1cPeGi0bdoLZv90BIVmdOS/vXP02fGUblyANciKcBPRhOI
  262. +z6hzwdZ+QvjPbxZUig5XuvqBhIHoRtMBJdf24ysFuf/d4uZzTC8T4rUQO+L29bt
  263. 8riT0dg6cHVwC0VH89FaO1FduvsCtAwdAgxSzOMBECNOmVBThIiWdLnns107Rp4F
  264. ECk+l2UCjl7zwGqJqcd1BQK+UgZwVG2UV11CrhopKU5oGL84n5DaO2n6Rv8wVdrt
  265. MKvqi7EkgvZpY0IHJ7rp0Gzrv0qmwJaUFCWFogITNyijb1JVsUgDTMhAkEgEsIYy
  266. jtcwJrHue5Xn8UPSLkE=
  267. =SWiA
  268. -----END PGP PUBLIC KEY BLOCK-----
  269. architectures: amd64
  270. proxy:
  271. enabled: true
  272. apt-salt-nightly:
  273. source: "deb http://apt.mirantis.com/xenial nightly salt"
  274. key_url: http://apt.mirantis.com/public.gpg
  275. architectures: amd64
  276. proxy:
  277. enabled: false
  278. apt-extra-nightly:
  279. source: "deb http://apt.mirantis.com/xenial nightly extra"
  280. key_url: http://apt.mirantis.com/public.gpg
  281. architectures: amd64
  282. locale:
  283. en_US:
  284. enabled: true
  285. default: true
  286. cs_CZ:
  287. enabled: true
  288. autoupdates:
  289. enabled: true
  290. sudo:
  291. enabled: true
  292. alias:
  293. runas:
  294. DBA:
  295. - postgres
  296. - mysql
  297. SALT:
  298. - root
  299. host:
  300. LOCAL:
  301. - localhost
  302. PRODUCTION:
  303. - db1
  304. - db2
  305. command:
  306. SUDO_RESTRICTED_SU:
  307. - /bin/vi /etc/sudoers
  308. - /bin/su - root
  309. - /bin/su -
  310. - /bin/su
  311. - /usr/sbin/visudo
  312. SUDO_SHELLS:
  313. - /bin/sh
  314. - /bin/ksh
  315. - /bin/bash
  316. - /bin/rbash
  317. - /bin/dash
  318. - /bin/zsh
  319. - /bin/csh
  320. - /bin/fish
  321. - /bin/tcsh
  322. - /usr/bin/login
  323. - /usr/bin/su
  324. - /usr/su
  325. SUDO_SALT_SAFE:
  326. - /usr/bin/salt state*
  327. - /usr/bin/salt service*
  328. - /usr/bin/salt pillar*
  329. - /usr/bin/salt grains*
  330. - /usr/bin/salt saltutil*
  331. - /usr/bin/salt-call state*
  332. - /usr/bin/salt-call service*
  333. - /usr/bin/salt-call pillar*
  334. - /usr/bin/salt-call grains*
  335. - /usr/bin/salt-call saltutil*
  336. SUDO_SALT_TRUSTED:
  337. - /usr/bin/salt*
  338. users:
  339. saltuser1: {}
  340. saltuser2:
  341. hosts:
  342. - LOCAL
  343. # User Alias:
  344. DBA:
  345. hosts:
  346. - ALL
  347. commands:
  348. - SUDO_SALT_SAFE
  349. groups:
  350. db-ops:
  351. hosts:
  352. - ALL
  353. - '!PRODUCTION'
  354. runas:
  355. - DBA
  356. commands:
  357. - /bin/cat *
  358. - /bin/less *
  359. - /bin/ls *
  360. - SUDO_SALT_SAFE
  361. - '!SUDO_SHELLS'
  362. - '!SUDO_RESTRICTED_SU'
  363. salt-ops:
  364. hosts:
  365. - 'ALL'
  366. runas:
  367. - SALT
  368. commands:
  369. - SUDO_SALT_TRUSTED
  370. salt-ops2:
  371. name: salt-ops
  372. runas:
  373. - DBA
  374. commands:
  375. - SUDO_SHELLS
  376. sudogroup1:
  377. commands:
  378. - ALL
  379. sudogroup2:
  380. commands:
  381. - ALL
  382. hosts:
  383. - localhost
  384. users:
  385. - test
  386. nopasswd: false
  387. sudogroup3:
  388. commands:
  389. - ALL
  390. env:
  391. BOB_VARIABLE: Alice
  392. BOB_PATH:
  393. - /srv/alice/bin
  394. - /srv/bob/bin
  395. HTTPS_PROXY: https://127.0.4.1:443
  396. http_proxy: http://127.0.4.2:80
  397. ftp_proxy: ftp://127.0.4.3:2121
  398. no_proxy:
  399. - 192.168.0.1
  400. - 192.168.0.2
  401. - .saltstack.com
  402. - .ubuntu.com
  403. - .mirantis.com
  404. - .launchpad.net
  405. - .dummy.net
  406. - .local
  407. LANG: C
  408. LC_ALL: C
  409. login_defs:
  410. PASS_MAX_DAYS:
  411. value: 99
  412. profile:
  413. vi_flavors.sh: |
  414. export PAGER=view
  415. alias vi=vim
  416. locales: |
  417. export LANG=en_US
  418. export LC_ALL=en_US.UTF-8
  419. # pillar for proxy configuration
  420. proxy:
  421. # for package managers
  422. pkg:
  423. enabled: true
  424. https: https://127.0.2.1:4443
  425. #http: http://127.0.2.2
  426. ftp: none
  427. # fallback, system defaults
  428. https: https://127.0.1.1:443
  429. #http: http://127.0.1.2
  430. ftp: ftp://127.0.1.3
  431. noproxy:
  432. - host1
  433. - host2
  434. - .local
  435. # pillars for netconsole setup
  436. netconsole:
  437. enabled: true
  438. port: 514
  439. loglevel: debug
  440. target:
  441. 192.168.0.1:
  442. mac: "ff:ff:ff:ff:ff:ff"
  443. interface: bond0
  444. atop:
  445. enabled: true
  446. interval: 20
  447. logpath: "/var/mylog/atop"
  448. outfile: "/var/mylog/atop/daily.log"
  449. mcelog:
  450. enabled: true
  451. logging:
  452. syslog: true
  453. syslog_error: true