Saltstack Official Salt Formula
Ви не можете вибрати більше 25 тем Теми мають розпочинатися з літери або цифри, можуть містити дефіси (-) і не повинні перевищувати 35 символів.

11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
10 роки тому
7 роки тому
8 роки тому
7 роки тому
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433
  1. salt:
  2. # Set this to true to clean any non-salt-formula managed files out of
  3. # /etc/salt/{master,minion}.d ... You really don't want to do this on 2015.2
  4. # and up as it'll wipe out important files that Salt relies on.
  5. clean_config_d_dir: False
  6. # This state will remove "/etc/salt/minion" when you set this to true.
  7. minion_remove_config: True
  8. # This state will remove "/etc/salt/master" when you set this to true.
  9. master_remove_config: True
  10. # Set this to 'py3' to install the Python 3 packages.
  11. # If this is not set, the Python 2 packages will be installed by default.
  12. py_ver: 'py3'
  13. # Set this to False to not have the formula install packages (in the case you
  14. # install Salt via git/pip/etc.)
  15. install_packages: True
  16. # Optional: set salt version (if install_packages is set to True)
  17. version: 2017.7.2-1.el7
  18. # to overwrite map.jinja salt packages
  19. lookup:
  20. salt_master: 'salt-master'
  21. salt_minion: 'salt-minion'
  22. salt_syndic: 'salt-syndic'
  23. salt_cloud: 'salt-cloud'
  24. salt_ssh: 'salt-ssh'
  25. pyinotify: 'python-pyinotify' # the package to be installed for pyinotify
  26. # Set which release of SaltStack to use, default to 'latest'
  27. # To get the available releases:
  28. # * http://repo.saltstack.com/yum/redhat/7/x86_64/
  29. # * http://repo.saltstack.com/apt/debian/8/amd64/
  30. release: '2018.3'
  31. # MacOS has no package management.
  32. # Instead, we use file.managed to download an appropriate .pkg file and macpackage.installed to install it
  33. # 'version', if set (see above), will be used to check the .pkg version to determine if it should be installed
  34. #
  35. # NOTE: if 'version' is not set version comparison will not occur and the .pkg WILL NOT be installed if a salt
  36. # .pkg is already installed
  37. # NOTE: salt_minion_pkg_hash, if set, will be passed into file.managed's source_hash, use URL or hash string
  38. salt_minion_pkg_source: 'https://repo.saltstack.com/osx/salt-2017.7.4-py3-x86_64.pkg'
  39. salt_minion_pkg_hash: 'https://repo.saltstack.com/osx/salt-2017.7.4-py3-x86_64.pkg.md5'
  40. # tofs:
  41. # The files_switch key serves as a selector for alternative
  42. # directories under the formula files directory. See TOFS pattern
  43. # doc for more info.
  44. # Note: Any value not evaluated by `config.get` will be used literally.
  45. # This can be used to set custom paths, as many levels deep as required.
  46. # files_switch:
  47. # - any/path/can/be/used/here
  48. # - id
  49. # - osfinger
  50. # - os
  51. # - os_family
  52. # All aspects of path/file resolution are customisable using the options below.
  53. # This is unnecessary in most cases; there are sensible defaults.
  54. # path_prefix: template_alt
  55. # dirs:
  56. # files: files_alt
  57. # default: default_alt
  58. # source_files:
  59. # salt-master:
  60. # - 'alt_master.d'
  61. # salt-minion:
  62. # - 'alt_minion.d'
  63. # salt master config
  64. master_config_use_TOFS: True
  65. master:
  66. fileserver_backend:
  67. - git
  68. - s3fs
  69. - roots
  70. gitfs_remotes:
  71. - git://github.com/saltstack-formulas/salt-formula.git:
  72. - base: develop
  73. s3.keyid: GKTADJGHEIQSXMKKRBJ08H
  74. s3.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
  75. s3.buckets:
  76. - bucket1
  77. - bucket2
  78. - bucket3
  79. - bucket4
  80. file_roots:
  81. base:
  82. - /srv/salt
  83. pillar_roots:
  84. base:
  85. - /srv/pillar
  86. # for salt-api with tornado rest interface
  87. rest_tornado:
  88. port: 8000
  89. ssl_crt: /etc/pki/api/certs/server.crt
  90. ssl_key: /etc/pki/api/certs/server.key
  91. debug: False
  92. disable_ssl: False
  93. # for profile configuration as https://docs.saltstack.com/en/latest/topics/tutorials/lxc.html#tutorial-lxc-profiles
  94. lxc.container_profile:
  95. debian:
  96. template: download
  97. options:
  98. dist: debian
  99. release: jessie
  100. arch: amd64
  101. backing: lvm
  102. vgname: kimsufi
  103. size: 10G
  104. lxc.network_profile:
  105. basic:
  106. eth0:
  107. link: lxcbr0
  108. type: veth
  109. flags: up
  110. ## for external auth - LDAP
  111. # filter to use for Active Directory LDAP
  112. auth.ldap.filter: {% raw %}'sAMAccountName={{username}}'{% endraw %}
  113. # filter to use for Most other LDAP servers
  114. auth.ldap.filter: {% raw %}'uid={{ username }}'{% endraw %}
  115. # Define winrepo provider, by default support order is pygit2, gitpython
  116. # Set to gitpython for Debian & Ubuntu to get around saltstack/salt#35993
  117. # where pygit2 is not compiled with pygit2.GIT_FEATURE_HTTPS support
  118. winrepo_provider: gitpython
  119. # optional engine configuration
  120. engines:
  121. - slack:
  122. token: xoxp-XXXXX-XXXXXXX # use Slack's legacy API token
  123. control: True
  124. valid_users:
  125. - someuser
  126. - otheruser
  127. valid_commands:
  128. - test.ping
  129. - list_jobs
  130. aliases:
  131. list_jobs:
  132. type: runner
  133. cmd: jobs.list_jobs
  134. # optional: these reactors will be configured on the master
  135. # They override reactors configured in
  136. # 'salt:reactors' or the old 'salt:reactor' parameters
  137. reactors:
  138. - 'master/deploy':
  139. - /srv/salt/reactors/deploy.sls
  140. # salt minion config:
  141. minion_config_use_TOFS: True
  142. minion:
  143. # single master setup
  144. master: salt
  145. # multi master setup
  146. #master:
  147. #- salt_master_1
  148. #- salt_master_2
  149. fileserver_backend:
  150. - git
  151. - roots
  152. gitfs_remotes:
  153. - git://github.com/saltstack-formulas/salt-formula.git:
  154. - base: develop
  155. file_roots:
  156. base:
  157. - /srv/salt
  158. pillar_roots:
  159. base:
  160. - /srv/pillar
  161. module_config:
  162. test: True
  163. test.foo: foo
  164. test.bar:
  165. - baz
  166. - quo
  167. test.baz:
  168. spam: sausage
  169. cheese: bread
  170. # salt mine setup
  171. mine_interval: 60
  172. # mine_functions can be set at the top level of the pillar, and
  173. # that is preferable because it doesn't affect the conf file and
  174. # doesn't require a minion restart. However, you can configure it
  175. # here instead if you really want to.
  176. mine_functions:
  177. network.interface_ip: [eth0]
  178. # Define a minion scheduler
  179. schedule:
  180. - highstate:
  181. - function: state.apply
  182. - minutes: 60
  183. - returner: redis
  184. # other 'non-default' config
  185. auth_keytab: /root/auth.keytab
  186. auth_principal: kadmin/admin
  187. # optional engine configuration
  188. engines:
  189. - slack:
  190. token: xoxp-XXXXX-XXXXXXX # use Slack's legacy API token
  191. control: True
  192. valid_users:
  193. - someuser
  194. - otheruser
  195. valid_commands:
  196. - test.ping
  197. - list_jobs
  198. aliases:
  199. list_jobs:
  200. type: runner
  201. cmd: jobs.list_jobs
  202. # optional beacons configuration
  203. beacons:
  204. load:
  205. 1m:
  206. - 0.0
  207. - 2.0
  208. 5m:
  209. - 0.0
  210. - 1.5
  211. 15m:
  212. - 0.1
  213. - 1.0
  214. interval: 10
  215. # Optional reactors: these reactors will be configured on the minion
  216. # They override reactors configured in
  217. # 'salt:reactors' or the old 'salt:reactor' parameters
  218. reactors:
  219. - 'minion/deploy':
  220. - /srv/salt/reactors/deploy.sls
  221. # Optional: Configure an elasticsearch returner
  222. return: elasticsearch
  223. elasticsearch:
  224. hosts:
  225. - example.elasticsearch.host:9200
  226. - example.elasticsearch.host2:9200
  227. index_date: True
  228. index: salt
  229. number_of_shards: 5
  230. number_of_replicas: 2
  231. debug_returner_payload: True
  232. states_count: True
  233. states_order_output: True
  234. states_single_index: True
  235. functions_blacklist:
  236. - test.ping
  237. - saltutil.find_job
  238. # salt cloud config
  239. cloud:
  240. master: salt
  241. # For non-templated custom cloud provider/profile/map files
  242. providers:
  243. provider-filename1.conf:
  244. vmware-prod:
  245. driver: vmware
  246. user: myusernameprod
  247. password: mypassword
  248. vmware-nonprod:
  249. driver: vmware
  250. user: myusernamenonprod
  251. password: mypassword
  252. profiles:
  253. profile-filename1.conf:
  254. server-non-prod:
  255. clonefrom: rhel6xtemplatenp
  256. grains:
  257. platform:
  258. name: salt
  259. realm: lab
  260. subscription_level: standard
  261. memory: 8GB
  262. num_cpus: 4
  263. password: sUpErsecretey
  264. provider: vmware-nonprod
  265. maps:
  266. map-filename1.map:
  267. server-non-prod:
  268. - host.mycompany.com:
  269. grains:
  270. environment: dev1
  271. # You can take profile and map templates from an alternate location
  272. # if you want to write your own.
  273. template_sources:
  274. providers: salt://salt/files/cloud.providers.d
  275. profiles: salt://salt/files/cloud.profiles.d
  276. maps: salt://salt/files/cloud.maps.d
  277. # These settings are used by the default provider templates and
  278. # only need to be set for the ones you're using.
  279. aws_key: AWSKEYIJSHJAIJS6JSH
  280. aws_secret: AWSSECRETYkkDY1iQf9zRtl9+pW+Nm+aZY95
  281. gce_project: test
  282. gce_service_account_email_address: 867543072364-orl4h2tpp8jcn1tr9ipj@developer.gserviceaccount.com
  283. rsos_user: afeawofghob
  284. rsos_tenant: tenant_id_number
  285. rsos_apikey: WFJIOJEOIGHSOFHESO
  286. rsos_regions:
  287. - ORD
  288. - DFW
  289. - IAD
  290. - SYD
  291. - HKG
  292. ssh_roster:
  293. prod1:
  294. host: host.example.com
  295. user: ubuntu
  296. sudo: True
  297. priv: /etc/salt/ssh_keys/sshkey.pem
  298. gitfs:
  299. keys:
  300. global:
  301. # key and pub end up being the extension used on the key file. values other than key and pub are possible
  302. key: |
  303. -----BEGIN RSA PRIVATE KEY-----
  304. ...........
  305. -----END RSA PRIVATE KEY-----
  306. pub: |
  307. ...........
  308. # These reactors will be configured both in the minion and the master
  309. reactors:
  310. - 'deploy':
  311. - /srv/salt/reactors/deploy.sls
  312. salt_cloud_certs:
  313. aws:
  314. pem: |
  315. -----BEGIN RSA PRIVATE KEY-----
  316. ...........
  317. -----END RSA PRIVATE KEY-----
  318. gce:
  319. pem: |
  320. -----BEGIN RSA PRIVATE KEY-----
  321. ...........
  322. -----END RSA PRIVATE KEY-----
  323. salt_formulas:
  324. git_opts:
  325. # The Git options can be customized differently for each
  326. # environment, if an option is missing in a given environment, the
  327. # value from "default" is used instead.
  328. default:
  329. # URL where the formulas git repositories are downloaded from
  330. # it will be suffixed with <formula-name>.git
  331. baseurl: https://github.com/saltstack-formulas
  332. # Directory where Git repositories are downloaded
  333. basedir: /srv/formulas
  334. # Update the git repository to the latest version (False by default)
  335. update: False
  336. # Options passed directly to the git.latest state
  337. options:
  338. rev: master
  339. user: username
  340. identity: /path/to/.ssh/id_rsa_github_username
  341. dev:
  342. basedir: /srv/formulas/dev
  343. update: True
  344. options:
  345. rev: develop
  346. # Alternatively, a single directory with multiple branches can be used
  347. # E.g. It is strongly recommended to fork saltstack-formula repositories
  348. # to avoid unexpected changes to your infrastructure
  349. # Then upstream changes can be merged in manually with due consideration
  350. # Specific values for `rev`, `user` & `identity` will override the defaults
  351. production:
  352. baseurl: git@github.com:username
  353. options:
  354. branch: master
  355. remote: origin
  356. staging:
  357. baseurl: git@github.com:username
  358. options:
  359. branch: staging
  360. remote: origin
  361. rev: staging
  362. upstream:
  363. baseurl: git@github.com:saltstack-formulas
  364. update: True
  365. options:
  366. branch: upstream
  367. remote: upstream
  368. # Options of the file.directory state that creates the directory where
  369. # the git repositories of the formulas are stored
  370. basedir_opts:
  371. makedirs: True
  372. user: root
  373. group: root
  374. mode: 755
  375. # Explicitly checkout the original branch for repos after the
  376. # git.latest states have been processed (False by default)
  377. # Enable if using the alternative method (single directory, multiple branches)
  378. checkout_orig_branch: True
  379. # List of formulas to enable in each environment
  380. list:
  381. base:
  382. - salt-formula
  383. - postfix-formula
  384. dev:
  385. - salt-formula
  386. - postfix-formula
  387. - openssh-formula
  388. # Likewise for the alternative method (single directory, multiple branches)
  389. production:
  390. - salt-formula
  391. - openssh-formula
  392. staging:
  393. - salt-formula
  394. - postfix-formula
  395. - openssh-formula
  396. upstream:
  397. - salt-formula
  398. - postfix-formula
  399. - openssh-formula