Saltstack Official Salt Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

пре 11 година
пре 11 година
пре 8 година
пре 8 година
пре 11 година
пре 8 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 8 година
пре 8 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 8 година
пре 8 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
пре 11 година
12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214
  1. # This file managed by Salt, do not edit by hand!!
  2. # Based on salt version 2016.11 default config
  3. #
  4. {% set reserved_keys = ['master', 'minion', 'cloud', 'salt_cloud_certs', 'engines', 'beacons', 'reactors'] -%}
  5. {% set cfg_salt = pillar.get('salt', {}) -%}
  6. {% set cfg_minion = cfg_salt.get('minion', {}) -%}
  7. {% set default_keys = [] -%}
  8. {%- macro get_config(configname, default_value) -%}
  9. {%- do default_keys.append(configname) %}
  10. {%- if configname in cfg_minion -%}
  11. {{ configname }}: {{ cfg_minion[configname]|json }}
  12. {%- elif configname in cfg_salt and configname not in reserved_keys -%}
  13. {{ configname }}: {{ cfg_salt[configname]|json }}
  14. {%- else -%}
  15. #{{ configname }}: {{ default_value|json }}
  16. {%- endif -%}
  17. {%- endmacro -%}
  18. {%- from 'salt/formulas.jinja' import file_roots, formulas with context -%}
  19. ##### Primary configuration settings #####
  20. ##########################################
  21. # This configuration file is used to manage the behavior of the Salt Minion.
  22. # With the exception of the location of the Salt Master Server, values that are
  23. # commented out but have an empty line after the comment are defaults that need
  24. # not be set in the config. If there is no blank line after the comment, the
  25. # value is presented as an example and is not the default.
  26. # Per default the minion will automatically include all config files
  27. # from minion.d/*.conf (minion.d is a directory in the same directory
  28. # as the main minion config file).
  29. {{ get_config('default_include', 'minion.d/*.conf') }}
  30. # Set the location of the salt master server. If the master server cannot be
  31. # resolved, then the minion will fail to start.
  32. {%- if 'master' in cfg_minion and cfg_minion['master'] is not string %}
  33. master:
  34. {% for name in cfg_minion['master'] -%}
  35. - {{ name }}
  36. {% endfor -%}
  37. {%- else %}
  38. {{ get_config('master', 'salt') }}
  39. {%- endif %}
  40. # Set http proxy information for the minion when doing requests
  41. {% if 'proxy_host' in cfg_minion -%}
  42. {%- do default_keys.append('proxy_host') %}
  43. proxy_host: {{ cfg_minion['proxy_host'] }}
  44. {% else -%}
  45. #proxy_host:
  46. {%- endif %}
  47. {% if 'proxy_port' in cfg_minion -%}
  48. {%- do default_keys.append('proxy_port') %}
  49. proxy_port: {{ cfg_minion['proxy_port'] }}
  50. {% else -%}
  51. #proxy_port:
  52. {%- endif %}
  53. {% if 'proxy_username' in cfg_minion -%}
  54. {%- do default_keys.append('proxy_username') %}
  55. proxy_username: {{ cfg_minion['proxy_username'] }}
  56. {% else -%}
  57. #proxy_username:
  58. {%- endif %}
  59. {% if 'proxy_password' in cfg_minion -%}
  60. {%- do default_keys.append('proxy_password') %}
  61. proxy_password: {{ cfg_minion['proxy_password'] }}
  62. {% else -%}
  63. #proxy_password:
  64. {%- endif %}
  65. # If multiple masters are specified in the 'master' setting, the default behavior
  66. # is to always try to connect to them in the order they are listed. If random_master is
  67. # set to True, the order will be randomized instead. This can be helpful in distributing
  68. # the load of many minions executing salt-call requests, for example, from a cron job.
  69. # If only one master is listed, this setting is ignored and a warning will be logged.
  70. # NOTE: If master_type is set to failover, use master_shuffle instead.
  71. {{ get_config('random_master', 'False') }}
  72. # Use if master_type is set to failover.
  73. {{ get_config('master_shuffle', 'False') }}
  74. # Minions can connect to multiple masters simultaneously (all masters
  75. # are "hot"), or can be configured to failover if a master becomes
  76. # unavailable. Multiple hot masters are configured by setting this
  77. # value to "str". Failover masters can be requested by setting
  78. # to "failover". MAKE SURE TO SET master_alive_interval if you are
  79. # using failover.
  80. # Setting master_type to 'disable' let's you have a running minion (with engines and
  81. # beacons) without a master connection
  82. {{ get_config('master_type', 'str') }}
  83. # verify_master_pubkey_sign
  84. {{ get_config('verify_master_pubkey_sign', 'False') }}
  85. # Poll interval in seconds for checking if the master is still there. Only
  86. # respected if master_type above is "failover". To disable the interval entirely,
  87. # set the value to -1. (This may be necessary on machines which have high numbers
  88. # of TCP connections, such as load balancers.)
  89. {{ get_config('master_alive_interval', '30') }}
  90. # If the minion is in multi-master mode and the master_type configuration option
  91. # is set to "failover", this setting can be set to "True" to force the minion
  92. # to fail back to the first master in the list if the first master is back online.
  93. {{ get_config('master_fallback', 'False') }}
  94. # If the minion is in multi-master mode, the "master_type" configuration is set to
  95. # "failover", and the "master_failback" option is enabled, the master failback
  96. # interval can be set to ping the top master with this interval, in seconds.
  97. {{ get_config('master_fallback_interval', '0') }}
  98. # Set whether the minion should connect to the master via IPv6:
  99. {{ get_config('ipv6', 'False') }}
  100. # Set the number of seconds to wait before attempting to resolve
  101. # the master hostname if name resolution fails. Defaults to 30 seconds.
  102. # Set to zero if the minion should shutdown and not retry.
  103. {{ get_config('retry_dns', '30') }}
  104. # Set the port used by the master reply and authentication server.
  105. {{ get_config('master_port', '4506') }}
  106. # The user to run salt.
  107. {{ get_config('user', 'root') }}
  108. # The user to run salt remote execution commands as via sudo. If this option is
  109. # enabled then sudo will be used to change the active user executing the remote
  110. # command. If enabled the user will need to be allowed access via the sudoers
  111. # file for the user that the salt minion is configured to run as. The most
  112. # common option would be to use the root user. If this option is set the user
  113. # option should also be set to a non-root user. If migrating from a root minion
  114. # to a non root minion the minion cache should be cleared and the minion pki
  115. # directory will need to be changed to the ownership of the new user.
  116. {{ get_config('sudo_user', 'saltdev') }}
  117. # Specify the location of the daemon process ID file.
  118. {{ get_config('pidfile', '/var/run/salt-minion.pid') }}
  119. # The root directory prepended to these options: pki_dir, cachedir, log_file,
  120. # sock_dir, pidfile.
  121. {{ get_config('root_dir', '/') }}
  122. # The path to the minion's configuration file.
  123. {{ get_config('conf_file', '/etc/salt/minion') }}
  124. # The directory to store the pki information in
  125. {{ get_config('pki_dir', '/etc/salt/pki/minion') }}
  126. # Explicitly declare the id for this minion to use, if left commented the id
  127. # will be the hostname as returned by the python call: socket.getfqdn()
  128. # Since salt uses detached ids it is possible to run multiple minions on the
  129. # same machine but with different ids, this can be useful for salt compute
  130. # clusters.
  131. {% if 'id' in cfg_minion -%}
  132. {%- do default_keys.append('id') %}
  133. id: {{ cfg_minion['id'] }}
  134. {% else -%}
  135. #id:
  136. {%- endif %}
  137. # Cache the minion id to a file when the minion's id is not statically defined
  138. # in the minion config. Defaults to "True". This setting prevents potential
  139. # problems when automatic minion id resolution changes, which can cause the
  140. # minion to lose connection with the master. To turn off minion id caching,
  141. # set this config to ``False``.
  142. {{ get_config('minion_id_caching', 'True') }}
  143. # Append a domain to a hostname in the event that it does not exist. This is
  144. # useful for systems where socket.getfqdn() does not actually result in a
  145. # FQDN (for instance, Solaris).
  146. {{ get_config('append_domain', '') }}
  147. # Custom static grains for this minion can be specified here and used in SLS
  148. # files just like all other grains. This example sets 4 custom grains, with
  149. # the 'roles' grain having two values that can be matched against.
  150. #grains:
  151. # roles:
  152. # - webserver
  153. # - memcache
  154. # deployment: datacenter4
  155. # cabinet: 13
  156. # cab_u: 14-15
  157. {{ get_config('grains', '{}') }}
  158. # Where cache data goes.
  159. # This data may contain sensitive data and should be protected accordingly.
  160. {{ get_config('cachedir', '/var/cache/salt/minion') }}
  161. # Append minion_id to these directories. Helps with
  162. # multiple proxies and minions running on the same machine.
  163. # Allowed elements in the list: pki_dir, cachedir, extension_modules
  164. # Normally not needed unless running several proxies and/or minions on the same machine
  165. # Defaults to ['cachedir'] for proxies, [] (empty list) for regular minions
  166. {% if 'append_minionid_config_dirs' in cfg_minion -%}
  167. append_minionid_config_dirs:
  168. {% for dir in cfg_minion['append_minionid_config_dirs'] -%}
  169. - {{ dir }}
  170. {% endfor -%}
  171. {%- else %}
  172. #append_minionid_config_dirs:
  173. {%- endif %}
  174. # Verify and set permissions on configuration directories at startup.
  175. {{ get_config('verify_env', 'True') }}
  176. # The minion can locally cache the return data from jobs sent to it, this
  177. # can be a good way to keep track of jobs the minion has executed
  178. # (on the minion side). By default this feature is disabled, to enable, set
  179. # cache_jobs to True.
  180. {{ get_config('cache_jobs', 'False') }}
  181. # Set the directory used to hold unix sockets.
  182. {{ get_config('sock_dir', '/var/run/salt/minion') }}
  183. # Set the default outputter used by the salt-call command. The default is
  184. # "nested".
  185. {{ get_config('output', 'nested') }}
  186. # By default output is colored. To disable colored output, set the color value
  187. # to False.
  188. {{ get_config('color', 'True') }}
  189. # Do not strip off the colored output from nested results and state outputs
  190. # (true by default).
  191. {{ get_config('strip_colors', 'False') }}
  192. # Backup files that are replaced by file.managed and file.recurse under
  193. # 'cachedir'/file_backups relative to their original location and appended
  194. # with a timestamp. The only valid setting is "minion". Disabled by default.
  195. #
  196. # Alternatively this can be specified for each file in state files:
  197. # /etc/ssh/sshd_config:
  198. # file.managed:
  199. # - source: salt://ssh/sshd_config
  200. # - backup: minion
  201. #
  202. {{ get_config('backup_mode', 'minion') }}
  203. # When waiting for a master to accept the minion's public key, salt will
  204. # continuously attempt to reconnect until successful. This is the time, in
  205. # seconds, between those reconnection attempts.
  206. {{ get_config('acceptance_wait_time', '10') }}
  207. # If this is nonzero, the time between reconnection attempts will increase by
  208. # acceptance_wait_time seconds per iteration, up to this maximum. If this is
  209. # set to zero, the time between reconnection attempts will stay constant.
  210. {{ get_config('acceptance_wait_time_max', '0') }}
  211. # If the master rejects the minion's public key, retry instead of exiting.
  212. # Rejected keys will be handled the same as waiting on acceptance.
  213. {{ get_config('rejected_retry', 'False') }}
  214. # When the master key changes, the minion will try to re-auth itself to receive
  215. # the new master key. In larger environments this can cause a SYN flood on the
  216. # master because all minions try to re-auth immediately. To prevent this and
  217. # have a minion wait for a random amount of time, use this optional parameter.
  218. # The wait-time will be a random number of seconds between 0 and the defined value.
  219. {{ get_config('random_reauth_delay', '60') }}
  220. # When waiting for a master to accept the minion's public key, salt will
  221. # continuously attempt to reconnect until successful. This is the timeout value,
  222. # in seconds, for each individual attempt. After this timeout expires, the minion
  223. # will wait for acceptance_wait_time seconds before trying again. Unless your master
  224. # is under unusually heavy load, this should be left at the default.
  225. {{ get_config('auth_timeout', '60') }}
  226. # Number of consecutive SaltReqTimeoutError that are acceptable when trying to
  227. # authenticate.
  228. {{ get_config('auth_tries', '7') }}
  229. # The number of attempts to connect to a master before giving up.
  230. # Set this to -1 for unlimited attempts. This allows for a master to have
  231. # downtime and the minion to reconnect to it later when it comes back up.
  232. # In 'failover' mode, it is the number of attempts for each set of masters.
  233. # In this mode, it will cycle through the list of masters for each attempt.
  234. #
  235. # This is different than auth_tries because auth_tries attempts to
  236. # retry auth attempts with a single master. auth_tries is under the
  237. # assumption that you can connect to the master but not gain
  238. # authorization from it. master_tries will still cycle through all
  239. # the masters in a given try, so it is appropriate if you expect
  240. # occasional downtime from the master(s).
  241. {{ get_config('master_tries', '1') }}
  242. # If authentication fails due to SaltReqTimeoutError during a ping_interval,
  243. # cause sub minion process to restart.
  244. {{ get_config('auth_safemode', 'False') }}
  245. # Ping Master to ensure connection is alive (minutes).
  246. {{ get_config('ping_interval', '0') }}
  247. {%- if 'mine_functions' in cfg_minion %}
  248. {%- do default_keys.append('mine_functions') %}
  249. mine_functions:
  250. {%- for func, args in cfg_minion['mine_functions'].items() %}
  251. {{ func }}: {{ args }}
  252. {%- endfor %}
  253. {%- endif %}
  254. # To auto recover minions if master changes IP address (DDNS)
  255. # auth_tries: 10
  256. # auth_safemode: False
  257. # ping_interval: 90
  258. #
  259. # Minions won't know master is missing until a ping fails. After the ping fail,
  260. # the minion will attempt authentication and likely fails out and cause a restart.
  261. # When the minion restarts it will resolve the masters IP and attempt to reconnect.
  262. # If you don't have any problems with syn-floods, don't bother with the
  263. # three recon_* settings described below, just leave the defaults!
  264. #
  265. # The ZeroMQ pull-socket that binds to the masters publishing interface tries
  266. # to reconnect immediately, if the socket is disconnected (for example if
  267. # the master processes are restarted). In large setups this will have all
  268. # minions reconnect immediately which might flood the master (the ZeroMQ-default
  269. # is usually a 100ms delay). To prevent this, these three recon_* settings
  270. # can be used.
  271. # recon_default: the interval in milliseconds that the socket should wait before
  272. # trying to reconnect to the master (1000ms = 1 second)
  273. #
  274. # recon_max: the maximum time a socket should wait. each interval the time to wait
  275. # is calculated by doubling the previous time. if recon_max is reached,
  276. # it starts again at recon_default. Short example:
  277. #
  278. # reconnect 1: the socket will wait 'recon_default' milliseconds
  279. # reconnect 2: 'recon_default' * 2
  280. # reconnect 3: ('recon_default' * 2) * 2
  281. # reconnect 4: value from previous interval * 2
  282. # reconnect 5: value from previous interval * 2
  283. # reconnect x: if value >= recon_max, it starts again with recon_default
  284. #
  285. # recon_randomize: generate a random wait time on minion start. The wait time will
  286. # be a random value between recon_default and recon_default +
  287. # recon_max. Having all minions reconnect with the same recon_default
  288. # and recon_max value kind of defeats the purpose of being able to
  289. # change these settings. If all minions have the same values and your
  290. # setup is quite large (several thousand minions), they will still
  291. # flood the master. The desired behavior is to have timeframe within
  292. # all minions try to reconnect.
  293. #
  294. # Example on how to use these settings. The goal: have all minions reconnect within a
  295. # 60 second timeframe on a disconnect.
  296. # recon_default: 1000
  297. # recon_max: 59000
  298. # recon_randomize: True
  299. #
  300. # Each minion will have a randomized reconnect value between 'recon_default'
  301. # and 'recon_default + recon_max', which in this example means between 1000ms
  302. # 60000ms (or between 1 and 60 seconds). The generated random-value will be
  303. # doubled after each attempt to reconnect. Lets say the generated random
  304. # value is 11 seconds (or 11000ms).
  305. # reconnect 1: wait 11 seconds
  306. # reconnect 2: wait 22 seconds
  307. # reconnect 3: wait 33 seconds
  308. # reconnect 4: wait 44 seconds
  309. # reconnect 5: wait 55 seconds
  310. # reconnect 6: wait time is bigger than 60 seconds (recon_default + recon_max)
  311. # reconnect 7: wait 11 seconds
  312. # reconnect 8: wait 22 seconds
  313. # reconnect 9: wait 33 seconds
  314. # reconnect x: etc.
  315. #
  316. # In a setup with ~6000 thousand hosts these settings would average the reconnects
  317. # to about 100 per second and all hosts would be reconnected within 60 seconds.
  318. {{ get_config('recon_default', '100') }}
  319. {{ get_config('recon_max', '5000') }}
  320. {{ get_config('recon_randomize', 'False') }}
  321. # The loop_interval sets how long in seconds the minion will wait between
  322. # evaluating the scheduler and running cleanup tasks. This defaults to 1
  323. # second on the minion scheduler.
  324. {{ get_config('loop_interval', '1') }}
  325. # Some installations choose to start all job returns in a cache or a returner
  326. # and forgo sending the results back to a master. In this workflow, jobs
  327. # are most often executed with --async from the Salt CLI and then results
  328. # are evaluated by examining job caches on the minions or any configured returners.
  329. # WARNING: Setting this to False will **disable** returns back to the master.
  330. {{ get_config('pub_ret', 'True') }}
  331. # The grains can be merged, instead of overridden, using this option.
  332. # This allows custom grains to defined different subvalues of a dictionary
  333. # grain. By default this feature is disabled, to enable set grains_deep_merge
  334. # to ``True``.
  335. {{ get_config('grains_deep_merge', 'False') }}
  336. # The grains_refresh_every setting allows for a minion to periodically check
  337. # its grains to see if they have changed and, if so, to inform the master
  338. # of the new grains. This operation is moderately expensive, therefore
  339. # care should be taken not to set this value too low.
  340. #
  341. # Note: This value is expressed in __minutes__!
  342. #
  343. # A value of 10 minutes is a reasonable default.
  344. #
  345. # If the value is set to zero, this check is disabled.
  346. {{ get_config('grains_refresh_every', '1') }}
  347. # Cache grains on the minion. Default is False.
  348. {{ get_config('grains_cache', 'False') }}
  349. # Cache rendered pillar data on the minion. Default is False.
  350. # This may cause 'cachedir'/pillar to contain sensitive data that should be
  351. # protected accordingly.
  352. {{ get_config('minion_pillar_cache', 'False') }}
  353. # Grains cache expiration, in seconds. If the cache file is older than this
  354. # number of seconds then the grains cache will be dumped and fully re-populated
  355. # with fresh data. Defaults to 5 minutes. Will have no effect if 'grains_cache'
  356. # is not enabled.
  357. {{ get_config('grains_cache_expiration', '300') }}
  358. # Determines whether or not the salt minion should run scheduled mine updates.
  359. # Defaults to "True". Set to "False" to disable the scheduled mine updates
  360. # (this essentially just does not add the mine update function to the minion's
  361. # scheduler).
  362. {{ get_config('mine_enabled', 'True') }}
  363. # Determines whether or not scheduled mine updates should be accompanied by a job
  364. # return for the job cache. Defaults to "False". Set to "True" to include job
  365. # returns in the job cache for mine updates.
  366. {{ get_config('mine_return_job', 'False') }}
  367. # Example functions that can be run via the mine facility
  368. # NO mine functions are established by default.
  369. # Note these can be defined in the minion's pillar as well.
  370. #mine_functions:
  371. # test.ping: []
  372. # network.ip_addrs:
  373. # interface: eth0
  374. # cidr: '10.0.0.0/8'
  375. # Windows platforms lack posix IPC and must rely on slower TCP based inter-
  376. # process communications. Set ipc_mode to 'tcp' on such systems
  377. {{ get_config('ipc_mode', 'ipc') }}
  378. # Overwrite the default tcp ports used by the minion when in tcp mode
  379. {{ get_config('tcp_pub_port', '4510') }}
  380. {{ get_config('tcp_pull_port', '4511') }}
  381. # Passing very large events can cause the minion to consume large amounts of
  382. # memory. This value tunes the maximum size of a message allowed onto the
  383. # minion event bus. The value is expressed in bytes.
  384. {{ get_config('max_event_size', '1048576') }}
  385. # To detect failed master(s) and fire events on connect/disconnect, set
  386. # master_alive_interval to the number of seconds to poll the masters for
  387. # connection events.
  388. #
  389. {{ get_config('master_alive_interval', '30') }}
  390. # The minion can include configuration from other files. To enable this,
  391. # pass a list of paths to this option. The paths can be either relative or
  392. # absolute; if relative, they are considered to be relative to the directory
  393. # the main minion configuration file lives in (this file). Paths can make use
  394. # of shell-style globbing. If no files are matched by a path passed to this
  395. # option then the minion will log a warning message.
  396. #
  397. # Include a config file from some other path:
  398. {% if 'include' in cfg_minion -%}
  399. {% do default_keys.append('include') -%}
  400. {% if cfg_minion['include'] is iterable and cfg_minion['include'] is not string -%}
  401. include:
  402. {%- for include in cfg_minion['include'] %}
  403. - {{ include }}
  404. {%- endfor -%}
  405. {% else -%}
  406. include: {{ cfg_minion['include'] }}
  407. {%- endif -%}
  408. {% elif 'include' in cfg_salt -%}
  409. {% if cfg_salt['include'] is iterable and cfg_salt['include'] is not string -%}
  410. include:
  411. {%- for include in cfg_salt['include'] %}
  412. - {{ include }}
  413. {%- endfor -%}
  414. {% else -%}
  415. include: {{ cfg_salt['include'] }}
  416. {%- endif -%}
  417. {% endif %}
  418. # The syndic minion can verify that it is talking to the correct master via the
  419. # key fingerprint of the higher-level master with the "syndic_finger" config.
  420. {{ get_config('syndic_finger', '') }}
  421. ##### Minion module management #####
  422. ##########################################
  423. # Disable specific modules. This allows the admin to limit the level of
  424. # access the master has to the minion. The default here is the empty list,
  425. # below is an example of how this needs to be formatted in the config file
  426. #disable_modules:
  427. # - cmdmod
  428. # - test
  429. #disable_returners: []
  430. {{ get_config('disable_modules', '[]') }}
  431. {{ get_config('disable_returners', '[]') }}
  432. # This is the reverse of disable_modules. The default, like disable_modules, is the empty list,
  433. # but if this option is set to *anything* then *only* those modules will load.
  434. # Note that this is a very large hammer and it can be quite difficult to keep the minion working
  435. # the way you think it should since Salt uses many modules internally itself. At a bare minimum
  436. # you need the following enabled or else the minion won't start.
  437. #whitelist_modules:
  438. # - cmdmod
  439. # - test
  440. # - config
  441. {{ get_config('whitelist_modules', '[]') }}
  442. # Modules can be loaded from arbitrary paths. This enables the easy deployment
  443. # of third party modules. Modules for returners and minions can be loaded.
  444. # Specify a list of extra directories to search for minion modules and
  445. # returners. These paths must be fully qualified!
  446. {{ get_config('module_dirs', '[]') }}
  447. {{ get_config('returner_dirs', '[]') }}
  448. {{ get_config('states_dirs', '[]') }}
  449. {{ get_config('render_dirs', '[]') }}
  450. {{ get_config('utils_dirs', '[]') }}
  451. # A module provider can be statically overwritten or extended for the minion
  452. # via the providers option, in this case the default module will be
  453. # overwritten by the specified module. In this example the pkg module will
  454. # be provided by the yumpkg5 module instead of the system default.
  455. #providers:
  456. # pkg: yumpkg5
  457. {{ get_config('providers', '{}') }}
  458. # Enable Cython modules searching and loading. (Default: False)
  459. {{ get_config('cython_enable', 'False') }}
  460. # Specify a max size (in bytes) for modules on import. This feature is currently
  461. # only supported on *nix operating systems and requires psutil.
  462. {{ get_config('modules_max_memory', '-1') }}
  463. ##### State Management Settings #####
  464. ###########################################
  465. # The state management system executes all of the state templates on the minion
  466. # to enable more granular control of system state management. The type of
  467. # template and serialization used for state management needs to be configured
  468. # on the minion, the default renderer is yaml_jinja. This is a yaml file
  469. # rendered from a jinja template, the available options are:
  470. # yaml_jinja
  471. # yaml_mako
  472. # yaml_wempy
  473. # json_jinja
  474. # json_mako
  475. # json_wempy
  476. #
  477. {{ get_config('renderer', 'yaml_jinja') }}
  478. # The failhard option tells the minions to stop immediately after the first
  479. # failure detected in the state execution. Defaults to False.
  480. {{ get_config('failhard', 'False') }}
  481. # Reload the modules prior to a highstate run.
  482. {{ get_config('autoload_dynamic_modules', 'True') }}
  483. # clean_dynamic_modules keeps the dynamic modules on the minion in sync with
  484. # the dynamic modules on the master, this means that if a dynamic module is
  485. # not on the master it will be deleted from the minion. By default, this is
  486. # enabled and can be disabled by changing this value to False.
  487. {{ get_config('clean_dynamic_modules', 'True') }}
  488. # Normally, the minion is not isolated to any single environment on the master
  489. # when running states, but the environment can be isolated on the minion side
  490. # by statically setting it. Remember that the recommended way to manage
  491. # environments is to isolate via the top file.
  492. {{ get_config('environment', 'None') }}
  493. #
  494. # Isolates the pillar environment on the minion side. This functions the same
  495. # as the environment setting, but for pillar instead of states.
  496. {{ get_config('pillarenv', 'None') }}
  497. #
  498. # Set this option to 'True' to force a 'KeyError' to be raised whenever an
  499. # attempt to retrieve a named value from pillar fails. When this option is set
  500. # to 'False', the failed attempt returns an empty string. Default is 'False'.
  501. {{ get_config('pillar_raise_on_missing', 'False') }}
  502. #
  503. # If using the local file directory, then the state top file name needs to be
  504. # defined, by default this is top.sls.
  505. {{ get_config('state_top', 'top.sls') }}
  506. # Run states when the minion daemon starts. To enable, set startup_states to:
  507. # 'highstate' -- Execute state.highstate
  508. # 'sls' -- Read in the sls_list option and execute the named sls files
  509. # 'top' -- Read top_file option and execute based on that file on the Master
  510. {{ get_config('startup_states', "''") }}
  511. # List of states to run when the minion starts up if startup_states is 'sls':
  512. #sls_list:
  513. # - edit.vim
  514. # - hyper
  515. {{ get_config('sls_list', '[]') }}
  516. # Top file to execute if startup_states is 'top':
  517. {{ get_config('top_file', "''") }}
  518. # Automatically aggregate all states that have support for mod_aggregate by
  519. # setting to True. Or pass a list of state module names to automatically
  520. # aggregate just those types.
  521. #
  522. # state_aggregate:
  523. # - pkg
  524. #
  525. #state_aggregate: False
  526. {{ get_config('state_aggregate', '{}') }}
  527. ##### File Directory Settings #####
  528. ##########################################
  529. # The Salt Minion can redirect all file server operations to a local directory,
  530. # this allows for the same state tree that is on the master to be used if
  531. # copied completely onto the minion. This is a literal copy of the settings on
  532. # the master but used to reference a local directory on the minion.
  533. # Set the file client. The client defaults to looking on the master server for
  534. # files, but can be directed to look at the local file directory setting
  535. # defined below by setting it to "local". Setting a local file_client runs the
  536. # minion in masterless mode.
  537. {%- if standalone %}
  538. file_client: local
  539. {%- else %}
  540. {{ get_config('file_client', 'remote') }}
  541. {%- endif %}
  542. # The file directory works on environments passed to the minion, each environment
  543. # can have multiple root directories, the subdirectories in the multiple file
  544. # roots cannot match, otherwise the downloaded files will not be able to be
  545. # reliably ensured. A base environment is required to house the top file.
  546. # Example:
  547. # file_roots:
  548. # base:
  549. # - /srv/salt/
  550. # dev:
  551. # - /srv/salt/dev/services
  552. # - /srv/salt/dev/states
  553. # prod:
  554. # - /srv/salt/prod/services
  555. # - /srv/salt/prod/states
  556. {% if 'file_roots' in cfg_minion -%}
  557. {%- do default_keys.append('file_roots') %}
  558. {{ file_roots(cfg_minion['file_roots']) }}
  559. {%- elif 'file_roots' in cfg_salt -%}
  560. {{ file_roots(cfg_salt['file_roots']) }}
  561. {%- elif formulas|length -%}
  562. {{ file_roots({'base': ['/srv/salt']}) }}
  563. {%- else -%}
  564. #file_roots:
  565. # base:
  566. # - /srv/salt
  567. {%- endif %}
  568. # Uncomment the line below if you do not want the file_server to follow
  569. # symlinks when walking the filesystem tree. This is set to True
  570. # by default. Currently this only applies to the default roots
  571. # fileserver_backend.
  572. {{ get_config('fileserver_followsymlinks', 'True') }}
  573. #
  574. # Uncomment the line below if you do not want symlinks to be
  575. # treated as the files they are pointing to. By default this is set to
  576. # False. By uncommenting the line below, any detected symlink while listing
  577. # files on the Master will not be returned to the Minion.
  578. {{ get_config('fileserver_ignoresymlinks', 'False') }}
  579. #
  580. # To use multiple backends list them in the order they are searched:
  581. #fileserver_backend:
  582. # - git
  583. # - roots
  584. {% if 'fileserver_backend' in cfg_minion -%}
  585. {%- do default_keys.append('fileserver_backend') %}
  586. fileserver_backend:
  587. {%- for backend in cfg_minion['fileserver_backend'] %}
  588. - {{ backend }}
  589. {%- endfor -%}
  590. {%- endif %}
  591. # By default, the Salt fileserver recurses fully into all defined environments
  592. # to attempt to find files. To limit this behavior so that the fileserver only
  593. # traverses directories with SLS files and special Salt directories like _modules,
  594. # enable the option below. This might be useful for installations where a file root
  595. # has a very large number of files and performance is negatively impacted. Default
  596. # is False.
  597. {{ get_config('fileserver_limit_traversal', 'False') }}
  598. # The hash_type is the hash to use when discovering the hash of a file on
  599. # the local fileserver. The default is md5, but sha1, sha224, sha256, sha384
  600. # and sha512 are also supported.
  601. #
  602. # WARNING: While md5 and sha1 are also supported, do not use it due to the high chance
  603. # of possible collisions and thus security breach.
  604. #
  605. # Warning: Prior to changing this value, the minion should be stopped and all
  606. # Salt caches should be cleared.
  607. {{ get_config('hash_type', 'md5') }}
  608. # gitfs provider
  609. {{ get_config('gitfs_provider', 'pygit2') }}
  610. # Along with gitfs_password, is used to authenticate to HTTPS remotes.
  611. {{ get_config('gitfs_user', 'git') }}
  612. # Along with gitfs_user, is used to authenticate to HTTPS remotes.
  613. # This parameter is not required if the repository does not use authentication.
  614. {{ get_config('gitfs_password', '') }}
  615. # By default, Salt will not authenticate to an HTTP (non-HTTPS) remote.
  616. # This parameter enables authentication over HTTP. Enable this at your own risk.
  617. {{ get_config('gitfs_insecure_auth', 'False') }}
  618. # Along with gitfs_privkey (and optionally gitfs_passphrase), is used to
  619. # authenticate to SSH remotes. This parameter (or its per-remote counterpart)
  620. # is required for SSH remotes.
  621. {{ get_config('gitfs_pubkey', '') }}
  622. # Along with gitfs_pubkey (and optionally gitfs_passphrase), is used to
  623. # authenticate to SSH remotes. This parameter (or its per-remote counterpart)
  624. # is required for SSH remotes.
  625. {{ get_config('gitfs_privkey', '') }}
  626. # This parameter is optional, required only when the SSH key being used to
  627. # authenticate is protected by a passphrase.
  628. {{ get_config('gitfs_passphrase', '') }}
  629. # When using the git fileserver backend at least one git remote needs to be
  630. # defined. The user running the salt master will need read access to the repo.
  631. #
  632. # The repos will be searched in order to find the file requested by a client
  633. # and the first repo to have the file will return it.
  634. # When using the git backend branches and tags are translated into salt
  635. # environments.
  636. # Note: file:// repos will be treated as a remote, so refs you want used must
  637. # exist in that repo as *local* refs.
  638. {% if 'gitfs_remotes' in cfg_minion -%}
  639. {%- do default_keys.append('gitfs_remotes') %}
  640. gitfs_remotes:
  641. {%- for remote in cfg_minion['gitfs_remotes'] %}
  642. {%- if remote is iterable and remote is not string %}
  643. {%- for repo, children in remote.items() %}
  644. - {{ repo }}:
  645. {%- for child in children %}
  646. {%- for key, value in child.items() %}
  647. - {{ key }}: {{ value }}
  648. {%- endfor -%}
  649. {%- endfor -%}
  650. {%- endfor -%}
  651. {%- else %}
  652. - {{ remote }}
  653. {%- endif -%}
  654. {%- endfor -%}
  655. {%- endif %}
  656. # The gitfs_ssl_verify option specifies whether to ignore ssl certificate
  657. # errors when contacting the gitfs backend. You might want to set this to
  658. # false if you're using a git backend that uses a self-signed certificate but
  659. # keep in mind that setting this flag to anything other than the default of True
  660. # is a security concern, you may want to try using the ssh transport.
  661. {{ get_config('gitfs_ssl_verify', 'True') }}
  662. # The gitfs_root option gives the ability to serve files from a subdirectory
  663. # within the repository. The path is defined relative to the root of the
  664. # repository and defaults to the repository root.
  665. {{ get_config('gitfs_root', 'somefolder/otherfolder') }}
  666. # The gitfs_env_whitelist and gitfs_env_blacklist parameters allow for greater
  667. # control over which branches/tags are exposed as fileserver environments.
  668. {% if 'gitfs_env_whitelist' in cfg_minion -%}
  669. {%- do default_keys.append('gitfs_env_whitelist') %}
  670. gitfs_env_whitelist:
  671. {%- for git_env in cfg_minion['gitfs_env_whitelist'] %}
  672. - {{ git_env }}
  673. {%- endfor -%}
  674. {% else -%}
  675. # gitfs_env_whitelist:
  676. # - base
  677. # - v1.*
  678. {% endif %}
  679. {% if 'gitfs_env_blacklist' in cfg_minion -%}
  680. {%- do default_keys.append('gitfs_env_blacklist') %}
  681. gitfs_env_blacklist:
  682. {%- for git_env in cfg_minion['gitfs_env_blacklist'] %}
  683. - {{ git_env }}
  684. {%- endfor -%}
  685. {% else -%}
  686. # gitfs_env_blacklist:
  687. # - bug/*
  688. # - feature/*
  689. {% endif %}
  690. ##### Pillar settings #####
  691. ##########################################
  692. # The Salt pillar is searched for locally if file_client is set to local. If
  693. # this is the case, and pillar data is defined, then the pillar_roots need to
  694. # also be configured on the minion:
  695. {% if 'pillar_roots' in cfg_minion -%}
  696. {%- do default_keys.append('pillar_roots') %}
  697. pillar_roots:
  698. {%- for name, roots in cfg_minion['pillar_roots']|dictsort %}
  699. {{ name }}:
  700. {%- for dir in roots %}
  701. - {{ dir }}
  702. {%- endfor -%}
  703. {%- endfor -%}
  704. {% elif 'pillar_roots' in cfg_salt -%}
  705. pillar_roots:
  706. {%- for name, roots in cfg_salt['pillar_roots']|dictsort %}
  707. {{ name }}:
  708. {%- for dir in roots %}
  709. - {{ dir }}
  710. {%- endfor -%}
  711. {%- endfor -%}
  712. {%- else -%}
  713. #pillar_roots:
  714. # base:
  715. # - /srv/pillar
  716. {%- endif %}
  717. # Set a hard-limit on the size of the files that can be pushed to the master.
  718. # It will be interpreted as megabytes. Default: 100
  719. {{ get_config('file_recv_max_size', '100') }}
  720. {% if 'ext_pillar' in cfg_minion %}
  721. {%- do default_keys.append('ext_pillar') %}
  722. ext_pillar:
  723. {%- for pillar in cfg_minion['ext_pillar'] -%}
  724. {%- for key in pillar -%}
  725. {%- if pillar[key] is string %}
  726. - {{ key }}: {{ pillar[key] }}
  727. {#- Workaround for missing `is mapping` on CentOS 6, see #193: #}
  728. {%- elif pillar[key] is iterable and 'dict' not in pillar[key].__class__.__name__ %}
  729. - {{ key }}:
  730. {%- for parameter in pillar[key] %}
  731. - {{ parameter }}
  732. {%- endfor -%}
  733. {#- Workaround for missing `is mapping` on CentOS 6, see #193: #}
  734. {%- elif 'dict' in pillar[key].__class__.__name__ and pillar[key] is not string %}
  735. - {{ key }}:
  736. {%- for parameter in pillar[key] %}
  737. {{ parameter }}: {{pillar[key][parameter]}}
  738. {%- endfor %}
  739. {%- else %}
  740. # Error in rendering {{ key }}, please read https://docs.saltstack.com/en/latest/topics/development/external_pillars.html#configuration
  741. {% endif %}
  742. {%- endfor -%}
  743. {%- endfor %}
  744. {% elif 'ext_pillar' in cfg_salt %}
  745. ext_pillar:
  746. {% for pillar in cfg_salt['ext_pillar'] %}
  747. - {{ pillar.items()[0][0] }}: {{ pillar.items()[0][1] }}
  748. {% endfor %}
  749. {% else %}
  750. #ext_pillar:
  751. # - hiera: /etc/hiera.yaml
  752. # - cmd_yaml: cat /etc/salt/yaml
  753. {% endif %}
  754. # The ext_pillar_first option allows for external pillar sources to populate
  755. # before file system pillar. This allows for targeting file system pillar from
  756. # ext_pillar.
  757. {{ get_config('ext_pillar_first', 'False') }}
  758. # The pillar_gitfs_ssl_verify option specifies whether to ignore ssl certificate
  759. # errors when contacting the pillar gitfs backend. You might want to set this to
  760. # false if you're using a git backend that uses a self-signed certificate but
  761. # keep in mind that setting this flag to anything other than the default of True
  762. # is a security concern, you may want to try using the ssh transport.
  763. {{ get_config('pillar_gitfs_ssl_verify', 'True') }}
  764. # The pillar_opts option adds the master configuration file data to a dict in
  765. # the pillar called "master". This is used to set simple configurations in the
  766. # master config file that can then be used on minions.
  767. {{ get_config('pillar_opts', 'True') }}
  768. # The pillar_safe_render_error option prevents the master from passing pillar
  769. # render errors to the minion. This is set on by default because the error could
  770. # contain templating data which would give that minion information it shouldn't
  771. # have, like a password! When set true the error message will only show:
  772. # Rendering SLS 'my.sls' failed. Please see master log for details.
  773. {{ get_config('pillar_safe_render_error', 'True') }}
  774. # The pillar_source_merging_strategy option allows you to configure merging strategy
  775. # between different sources. It accepts four values: recurse, aggregate, overwrite,
  776. # or smart. Recurse will merge recursively mapping of data. Aggregate instructs
  777. # aggregation of elements between sources that use the #!yamlex renderer. Overwrite
  778. # will verwrite elements according the order in which they are processed. This is
  779. # behavior of the 2014.1 branch and earlier. Smart guesses the best strategy based
  780. # on the "renderer" setting and is the default value.
  781. {{ get_config('pillar_source_merging_strategy', 'smart') }}
  782. # Recursively merge lists by aggregating them instead of replacing them.
  783. {{ get_config('pillar_merge_lists', False) }}
  784. # Git External Pillar (git_pillar) Configuration Options
  785. #
  786. # Specify the provider to be used for git_pillar. Must be either pygit2 or
  787. # gitpython. If unset, then both will be tried in that same order, and the
  788. # first one with a compatible version installed will be the provider that
  789. # is used.
  790. {{ get_config('git_pillar_provider', 'pygit2') }}
  791. # If the desired branch matches this value, and the environment is omitted
  792. # from the git_pillar configuration, then the environment for that git_pillar
  793. # remote will be base.
  794. {{ get_config('git_pillar_base', 'master') }}
  795. # If the branch is omitted from a git_pillar remote, then this branch will
  796. # be used instead.
  797. {{ get_config('git_pillar_branch', 'master') }}
  798. # Environment to use for git_pillar remotes. This is normally derived from
  799. # the branch/tag (or from a per-remote env parameter), but if set this will
  800. # override the process of deriving the env from the branch/tag name.
  801. {{ get_config('git_pillar_env', '') }}
  802. # Path relative to the root of the repository where the git_pillar top file
  803. # and SLS files are located.
  804. {{ get_config('git_pillar_root', 'pillar') }}
  805. # Specifies whether or not to ignore SSL certificate errors when contacting
  806. # the remote repository.
  807. {{ get_config('git_pillar_ssl_verify', True) }}
  808. # When set to False, if there is an update/checkout lock for a git_pillar
  809. # remote and the pid written to it is not running on the master, the lock
  810. # file will be automatically cleared and a new lock will be obtained.
  811. {{ get_config('git_pillar_global_lock', False) }}
  812. # Git External Pillar Authentication Options
  813. #
  814. # Along with git_pillar_password, is used to authenticate to HTTPS remotes.
  815. {{ get_config('git_pillar_user', '') }}
  816. # Along with git_pillar_user, is used to authenticate to HTTPS remotes.
  817. # This parameter is not required if the repository does not use authentication.
  818. {{ get_config('git_pillar_password', '') }}
  819. # By default, Salt will not authenticate to an HTTP (non-HTTPS) remote.
  820. # This parameter enables authentication over HTTP.
  821. {{ get_config('git_pillar_insecure_auth', False) }}
  822. # Along with git_pillar_privkey (and optionally git_pillar_passphrase),
  823. # is used to authenticate to SSH remotes.
  824. {{ get_config('git_pillar_pubkey', '') }}
  825. # Along with git_pillar_pubkey (and optionally git_pillar_passphrase),
  826. # is used to authenticate to SSH remotes.
  827. {{ get_config('git_pillar_privkey', '') }}
  828. # This parameter is optional, required only when the SSH key being used
  829. # to authenticate is protected by a passphrase.
  830. {{ get_config('git_pillar_passphrase', '') }}
  831. ###### Security settings #####
  832. ###########################################
  833. # Enable "open mode", this mode still maintains encryption, but turns off
  834. # authentication, this is only intended for highly secure environments or for
  835. # the situation where your keys end up in a bad state. If you run in open mode
  836. # you do so at your own risk!
  837. {{ get_config('open_mode', 'False') }}
  838. # Enable permissive access to the salt keys. This allows you to run the
  839. # master or minion as root, but have a non-root group be given access to
  840. # your pki_dir. To make the access explicit, root must belong to the group
  841. # you've given access to. This is potentially quite insecure.
  842. {{ get_config('permissive_pki_access', 'False') }}
  843. # The state_verbose and state_output settings can be used to change the way
  844. # state system data is printed to the display. By default all data is printed.
  845. # The state_verbose setting can be set to True or False, when set to False
  846. # all data that has a result of True and no changes will be suppressed.
  847. {{ get_config('state_verbose', 'True') }}
  848. # The state_output setting changes if the output is the full multi line
  849. # output for each changed state if set to 'full', but if set to 'terse'
  850. # the output will be shortened to a single line.
  851. {{ get_config('state_output', 'full') }}
  852. # The state_output_diff setting changes whether or not the output from
  853. # successful states is returned. Useful when even the terse output of these
  854. # states is cluttering the logs. Set it to True to ignore them.
  855. {{ get_config('state_output_diff', 'False') }}
  856. # The state_output_profile setting changes whether profile information
  857. # will be shown for each state run.
  858. {{ get_config('state_output_profile', 'True') }}
  859. # Fingerprint of the master public key to validate the identity of your Salt master
  860. # before the initial key exchange. The master fingerprint can be found by running
  861. # "salt-key -F master" on the Salt master.
  862. {{ get_config('master_finger', "''") }}
  863. # Use TLS/SSL encrypted connection between master and minion.
  864. # Can be set to a dictionary containing keyword arguments corresponding to Python's
  865. # 'ssl.wrap_socket' method.
  866. # Default is None.
  867. #ssl:
  868. # keyfile: <path_to_keyfile>
  869. # certfile: <path_to_certfile>
  870. # ssl_version: PROTOCOL_TLSv1_2
  871. ###### Thread settings #####
  872. ###########################################
  873. # Disable multiprocessing support, by default when a minion receives a
  874. # publication a new process is spawned and the command is executed therein.
  875. #
  876. # WARNING: Disabling multiprocessing may result in substantial slowdowns
  877. # when processing large pillars. See https://github.com/saltstack/salt/issues/38758
  878. # for a full explanation.
  879. {{ get_config('multiprocessing', 'True') }}
  880. ##### Logging settings #####
  881. ##########################################
  882. # The location of the minion log file
  883. # The minion log can be sent to a regular file, local path name, or network
  884. # location. Remote logging works best when configured to use rsyslogd(8) (e.g.:
  885. # ``file:///dev/log``), with rsyslogd(8) configured for network logging. The URI
  886. # format is: <file|udp|tcp>://<host|socketpath>:<port-if-required>/<log-facility>
  887. #log_file: /var/log/salt/minion
  888. #log_file: file:///dev/log
  889. #log_file: udp://loghost:10514
  890. #
  891. {{ get_config('log_file', '/var/log/salt/minion') }}
  892. {{ get_config('key_logfile', ' /var/log/salt/key') }}
  893. # The level of messages to send to the console.
  894. # One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'.
  895. #
  896. # The following log levels are considered INSECURE and may log sensitive data:
  897. # ['garbage', 'trace', 'debug']
  898. #
  899. # Default: 'warning'
  900. {{ get_config('log_level', 'warning') }}
  901. # The level of messages to send to the log file.
  902. # One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'.
  903. # If using 'log_granular_levels' this must be set to the highest desired level.
  904. # Default: 'warning'
  905. {{ get_config('log_level_logfile', '') }}
  906. # The date and time format used in log messages. Allowed date/time formating
  907. # can be seen here: http://docs.python.org/library/time.html#time.strftime
  908. {{ get_config('log_datefmt', "'%H:%M:%S'") }}
  909. {{ get_config('log_datefmt_logfile', "'%Y-%m-%d %H:%M:%S'") }}
  910. # The format of the console logging messages. Allowed formatting options can
  911. # be seen here: http://docs.python.org/library/logging.html#logrecord-attributes
  912. #
  913. # Console log colors are specified by these additional formatters:
  914. #
  915. # %(colorlevel)s
  916. # %(colorname)s
  917. # %(colorprocess)s
  918. # %(colormsg)s
  919. #
  920. # Since it is desirable to include the surrounding brackets, '[' and ']', in
  921. # the coloring of the messages, these color formatters also include padding as
  922. # well. Color LogRecord attributes are only available for console logging.
  923. #
  924. {{ get_config('log_fmt_console', "'%(colorlevel)s %(colormsg)s'") }}
  925. {{ get_config('log_fmt_console', "'[%(levelname)-8s] %(message)s'") }}
  926. #
  927. {{ get_config('log_fmt_logfile', "'%(asctime)s,%(msecs)03.0f [%(name)-17s][%(levelname)-8s] %(message)s'") }}
  928. # This can be used to control logging levels more specificically. This
  929. # example sets the main salt library at the 'warning' level, but sets
  930. # 'salt.modules' to log at the 'debug' level:
  931. # log_granular_levels:
  932. # 'salt': 'warning'
  933. # 'salt.modules': 'debug'
  934. #
  935. {{ get_config('log_granular_levels', '{}') }}
  936. # To diagnose issues with minions disconnecting or missing returns, ZeroMQ
  937. # supports the use of monitor sockets to log connection events. This
  938. # feature requires ZeroMQ 4.0 or higher.
  939. #
  940. # To enable ZeroMQ monitor sockets, set 'zmq_monitor' to 'True' and log at a
  941. # debug level or higher.
  942. #
  943. # A sample log event is as follows:
  944. #
  945. # [DEBUG ] ZeroMQ event: {'endpoint': 'tcp://127.0.0.1:4505', 'event': 512,
  946. # 'value': 27, 'description': 'EVENT_DISCONNECTED'}
  947. #
  948. # All events logged will include the string 'ZeroMQ event'. A connection event
  949. # should be logged as the minion starts up and initially connects to the
  950. # master. If not, check for debug log level and that the necessary version of
  951. # ZeroMQ is installed.
  952. #
  953. {{ get_config('zmq_monitor', 'False') }}
  954. ###### Module configuration #####
  955. ###########################################
  956. # Salt allows for modules to be passed arbitrary configuration data, any data
  957. # passed here in valid yaml format will be passed on to the salt minion modules
  958. # for use. It is STRONGLY recommended that a naming convention be used in which
  959. # the module name is followed by a . and then the value. Also, all top level
  960. # data must be applied via the yaml dict construct, some examples:
  961. #
  962. # You can specify that all modules should run in test mode:
  963. {{ get_config('test', 'True') }}
  964. # A simple value for the test module:
  965. #test.foo: foo
  966. #
  967. # A list for the test module:
  968. #test.bar: [baz,quo]
  969. #
  970. # A dict for the test module:
  971. #test.baz: {spam: sausage, cheese: bread}
  972. #
  973. {%- if 'module_config' in cfg_minion %}
  974. {%- do default_keys.append('module_config') %}
  975. {%- for modkey, modval in cfg_minion.module_config.items() %}
  976. {{ modkey }}: {{ modval }}
  977. {%- endfor %}
  978. {%- endif %}
  979. #
  980. ###### Update settings ######
  981. ###########################################
  982. # Using the features in Esky, a salt minion can both run as a frozen app and
  983. # be updated on the fly. These options control how the update process
  984. # (saltutil.update()) behaves.
  985. #
  986. # The url for finding and downloading updates. Disabled by default.
  987. {{ get_config('update_url', 'False') }}
  988. #
  989. # The list of services to restart after a successful update. Empty by default.
  990. {{ get_config('update_restart_services', '[]') }}
  991. ###### Keepalive settings ######
  992. ############################################
  993. # ZeroMQ now includes support for configuring SO_KEEPALIVE if supported by
  994. # the OS. If connections between the minion and the master pass through
  995. # a state tracking device such as a firewall or VPN gateway, there is
  996. # the risk that it could tear down the connection the master and minion
  997. # without informing either party that their connection has been taken away.
  998. # Enabling TCP Keepalives prevents this from happening.
  999. # Overall state of TCP Keepalives, enable (1 or True), disable (0 or False)
  1000. # or leave to the OS defaults (-1), on Linux, typically disabled. Default True, enabled.
  1001. {{ get_config('tcp_keepalive', 'True') }}
  1002. # How long before the first keepalive should be sent in seconds. Default 300
  1003. # to send the first keepalive after 5 minutes, OS default (-1) is typically 7200 seconds
  1004. # on Linux see /proc/sys/net/ipv4/tcp_keepalive_time.
  1005. {{ get_config('tcp_keepalive_idle', '300') }}
  1006. # How many lost probes are needed to consider the connection lost. Default -1
  1007. # to use OS defaults, typically 9 on Linux, see /proc/sys/net/ipv4/tcp_keepalive_probes.
  1008. {{ get_config('tcp_keepalive_cnt', '-1') }}
  1009. # How often, in seconds, to send keepalives after the first one. Default -1 to
  1010. # use OS defaults, typically 75 seconds on Linux, see
  1011. # /proc/sys/net/ipv4/tcp_keepalive_intvl.
  1012. {{ get_config('tcp_keepalive_intvl', '-1') }}
  1013. ###### Windows Software settings ######
  1014. ############################################
  1015. # Location of the repository cache file on the master:
  1016. {{ get_config('win_repo_cachefile', 'salt://win/repo/winrepo.p') }}
  1017. ###### Returner settings ######
  1018. ############################################
  1019. # Default Minion returners. Can be a comma delimited string or a list:
  1020. #
  1021. #return: mysql
  1022. #
  1023. #return: mysql,slack,redis
  1024. #
  1025. #return:
  1026. # - mysql
  1027. # - hipchat
  1028. # - slack
  1029. {%- if 'return' in cfg_minion and cfg_minion['return'] is not string %}
  1030. return:
  1031. {% for name in cfg_minion['return'] -%}
  1032. - {{ name }}
  1033. {% endfor -%}
  1034. {%- else %}
  1035. {{ get_config('return', '') }}
  1036. {%- endif %}
  1037. ###### Miscellaneous settings ######
  1038. ############################################
  1039. # Default match type for filtering events tags: startswith, endswith, find, regex, fnmatch
  1040. #event_match_type: startswith
  1041. {{ get_config('event_match_type', 'startswith') }}
  1042. {% if 'mongo' in cfg_minion -%}
  1043. {%- do default_keys.append('mongo') %}
  1044. ##### mongodb connection settings #####
  1045. ##########################################
  1046. {%- for name, value in cfg_minion['mongo'].items() %}
  1047. mongo.{{ name }}: {{ value }}
  1048. {%- endfor %}
  1049. {% if 'alternative.mongo' in cfg_minion -%}
  1050. {%- do default_keys.append('alternative.mongo') %}
  1051. {%- for name, value in cfg_minion['alternative.mongo'].items() %}
  1052. alternative.mongo.{{ name }}: {{ value }}
  1053. {%- endfor %}
  1054. {% endif %}
  1055. {%- endif %}
  1056. {%- for configname in cfg_minion %}
  1057. {%- if configname not in reserved_keys and configname not in default_keys %}
  1058. {{ configname }}: {{ cfg_minion[configname]|json }}
  1059. {%- endif %}
  1060. {%- endfor %}