Saltstack Official Salt Formula
Ви не можете вибрати більше 25 тем Теми мають розпочинатися з літери або цифри, можуть містити дефіси (-) і не повинні перевищувати 35 символів.

11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
Fixed pillar_roots generation for salt-master. With a simple pillar like this:: $ sudo salt-call --config-dir /srv/etc/bootstrap --pillar-root /srv/pillar pillar.get salt:pillar_roots local: ---------- base: - /srv/pillar This was generated in /etc/salt/master.d/f_defaults.conf:: # highstate format, and is generally just key/value pairs. pillar_roots:base:- /srv/pillar # Resulting in parse errors by salt:: $ sudo salt '*' state.highstate [ERROR ] Error parsing configuration file: /etc/salt/master.d/f_defaults.conf - while scanning a simple key in "<string>", line 531, column 1: pillar_roots:base:- /srv/pillar ^ could not found expected ':' in "<string>", line 532, column 1: # ^ [ERROR ] Error parsing configuration file: /etc/salt/master.d/f_defaults.conf - while scanning a simple key in "<string>", line 531, column 1: pillar_roots:base:- /srv/pillar ^ could not found expected ':' in "<string>", line 532, column 1: # ^ This patch will fix it as such:: ID: salt-master Function: file.recurse Name: /etc/salt/master.d Result: True Comment: Recursively updated /etc/salt/master.d Started: 11:37:12.946823 Duration: 6255.296 ms Changes: ---------- /etc/salt/master.d/f_defaults.conf: ---------- diff: --- +++ @@ -528,7 +528,9 @@ # Pillar is laid out in the same fashion as the file server, with environments, # a top file and sls files. However, pillar data does not need to be in the # highstate format, and is generally just key/value pairs. -pillar_roots:base:- /srv/pillar +pillar_roots: + base: + - /srv/pillar # Resulting in:: # highstate format, and is generally just key/value pairs. pillar_roots: base: - /srv/pillar #
9 роки тому
Fixed pillar_roots generation for salt-master. With a simple pillar like this:: $ sudo salt-call --config-dir /srv/etc/bootstrap --pillar-root /srv/pillar pillar.get salt:pillar_roots local: ---------- base: - /srv/pillar This was generated in /etc/salt/master.d/f_defaults.conf:: # highstate format, and is generally just key/value pairs. pillar_roots:base:- /srv/pillar # Resulting in parse errors by salt:: $ sudo salt '*' state.highstate [ERROR ] Error parsing configuration file: /etc/salt/master.d/f_defaults.conf - while scanning a simple key in "<string>", line 531, column 1: pillar_roots:base:- /srv/pillar ^ could not found expected ':' in "<string>", line 532, column 1: # ^ [ERROR ] Error parsing configuration file: /etc/salt/master.d/f_defaults.conf - while scanning a simple key in "<string>", line 531, column 1: pillar_roots:base:- /srv/pillar ^ could not found expected ':' in "<string>", line 532, column 1: # ^ This patch will fix it as such:: ID: salt-master Function: file.recurse Name: /etc/salt/master.d Result: True Comment: Recursively updated /etc/salt/master.d Started: 11:37:12.946823 Duration: 6255.296 ms Changes: ---------- /etc/salt/master.d/f_defaults.conf: ---------- diff: --- +++ @@ -528,7 +528,9 @@ # Pillar is laid out in the same fashion as the file server, with environments, # a top file and sls files. However, pillar data does not need to be in the # highstate format, and is generally just key/value pairs. -pillar_roots:base:- /srv/pillar +pillar_roots: + base: + - /srv/pillar # Resulting in:: # highstate format, and is generally just key/value pairs. pillar_roots: base: - /srv/pillar #
9 роки тому
Fixed pillar_roots generation for salt-master. With a simple pillar like this:: $ sudo salt-call --config-dir /srv/etc/bootstrap --pillar-root /srv/pillar pillar.get salt:pillar_roots local: ---------- base: - /srv/pillar This was generated in /etc/salt/master.d/f_defaults.conf:: # highstate format, and is generally just key/value pairs. pillar_roots:base:- /srv/pillar # Resulting in parse errors by salt:: $ sudo salt '*' state.highstate [ERROR ] Error parsing configuration file: /etc/salt/master.d/f_defaults.conf - while scanning a simple key in "<string>", line 531, column 1: pillar_roots:base:- /srv/pillar ^ could not found expected ':' in "<string>", line 532, column 1: # ^ [ERROR ] Error parsing configuration file: /etc/salt/master.d/f_defaults.conf - while scanning a simple key in "<string>", line 531, column 1: pillar_roots:base:- /srv/pillar ^ could not found expected ':' in "<string>", line 532, column 1: # ^ This patch will fix it as such:: ID: salt-master Function: file.recurse Name: /etc/salt/master.d Result: True Comment: Recursively updated /etc/salt/master.d Started: 11:37:12.946823 Duration: 6255.296 ms Changes: ---------- /etc/salt/master.d/f_defaults.conf: ---------- diff: --- +++ @@ -528,7 +528,9 @@ # Pillar is laid out in the same fashion as the file server, with environments, # a top file and sls files. However, pillar data does not need to be in the # highstate format, and is generally just key/value pairs. -pillar_roots:base:- /srv/pillar +pillar_roots: + base: + - /srv/pillar # Resulting in:: # highstate format, and is generally just key/value pairs. pillar_roots: base: - /srv/pillar #
9 роки тому
11 роки тому
9 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
10 роки тому
10 роки тому
10 роки тому
9 роки тому
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056
  1. # This file managed by Salt, do not edit by hand!!
  2. # Based on salt version 2014.7 default config
  3. {% set reserved_keys = ['master', 'minion', 'cloud', 'salt_cloud_certs'] -%}
  4. {% set cfg_salt = pillar.get('salt', {}) -%}
  5. {% set cfg_master = cfg_salt.get('master', {}) -%}
  6. {%- macro get_config(configname, default_value) -%}
  7. {%- if configname in cfg_master -%}
  8. {{ configname }}: {{ cfg_master[configname] }}
  9. {%- elif configname in cfg_salt and configname not in reserved_keys -%}
  10. {{ configname }}: {{ cfg_salt[configname] }}
  11. {%- else -%}
  12. #{{ configname }}: {{ default_value }}
  13. {%- endif -%}
  14. {%- endmacro -%}
  15. {%- from 'salt/formulas.jinja' import file_roots, formulas with context -%}
  16. ##### Primary configuration settings #####
  17. ##########################################
  18. # This configuration file is used to manage the behavior of the Salt Master
  19. # Values that are commented out but have no space after the comment are
  20. # defaults that need not be set in the config. If there is a space after the
  21. # comment that the value is presented as an example and is not the default.
  22. # Per default, the master will automatically include all config files
  23. # from master.d/*.conf (master.d is a directory in the same directory
  24. # as the main master config file).
  25. {{ get_config('default_include', 'master.d/*.conf') }}
  26. # The address of the interface to bind to:
  27. {{ get_config('interface', '0.0.0.0') }}
  28. # Whether the master should listen for IPv6 connections. If this is set to True,
  29. # the interface option must be adjusted, too. (For example: "interface: '::'")
  30. {{ get_config('ipv6', 'False') }}
  31. # The tcp port used by the publisher:
  32. {{ get_config('publish_port', '4505') }}
  33. # The user under which the salt master will run. Salt will update all
  34. # permissions to allow the specified user to run the master. The exception is
  35. # the job cache, which must be deleted if this user is changed. If the
  36. # modified files cause conflicts, set verify_env to False.
  37. {{ get_config('user', 'root') }}
  38. # Max open files
  39. #
  40. # Each minion connecting to the master uses AT LEAST one file descriptor, the
  41. # master subscription connection. If enough minions connect you might start
  42. # seeing on the console (and then salt-master crashes):
  43. # Too many open files (tcp_listener.cpp:335)
  44. # Aborted (core dumped)
  45. #
  46. # By default this value will be the one of `ulimit -Hn`, ie, the hard limit for
  47. # max open files.
  48. #
  49. # If you wish to set a different value than the default one, uncomment and
  50. # configure this setting. Remember that this value CANNOT be higher than the
  51. # hard limit. Raising the hard limit depends on your OS and/or distribution,
  52. # a good way to find the limit is to search the internet. For example:
  53. # raise max open files hard limit debian
  54. #
  55. {{ get_config('max_open_files', '100000') }}
  56. # The number of worker threads to start. These threads are used to manage
  57. # return calls made from minions to the master. If the master seems to be
  58. # running slowly, increase the number of threads.
  59. {{ get_config('worker_threads', '5') }}
  60. # The port used by the communication interface. The ret (return) port is the
  61. # interface used for the file server, authentication, job returns, etc.
  62. {{ get_config('ret_port', '4506') }}
  63. # Specify the location of the daemon process ID file:
  64. {{ get_config('pidfile', '/var/run/salt-master.pid') }}
  65. # The root directory prepended to these options: pki_dir, cachedir,
  66. # sock_dir, log_file, autosign_file, autoreject_file, extension_modules,
  67. # key_logfile, pidfile:
  68. {{ get_config('root_dir', '/') }}
  69. # Directory used to store public key data:
  70. {{ get_config('pki_dir', '/etc/salt/pki/master') }}
  71. # Directory to store job and cache data:
  72. {{ get_config('cachedir', '/var/cache/salt/master') }}
  73. # Directory for custom modules. This directory can contain subdirectories for
  74. # each of Salt's module types such as "runners", "output", "wheel", "modules",
  75. # "states", "returners", etc.
  76. {{ get_config('extension_modules', '<no default>') }}
  77. # Verify and set permissions on configuration directories at startup:
  78. {{ get_config('verify_env', 'True') }}
  79. # Set the number of hours to keep old job information in the job cache:
  80. {{ get_config('keep_jobs', '24') }}
  81. # Set the default timeout for the salt command and api. The default is 5
  82. # seconds.
  83. {{ get_config('timeout', '5') }}
  84. # The loop_interval option controls the seconds for the master's maintenance
  85. # process check cycle. This process updates file server backends, cleans the
  86. # job cache and executes the scheduler.
  87. {{ get_config('loop_interval', '60') }}
  88. # Set the default outputter used by the salt command. The default is "nested".
  89. {{ get_config('output', 'nested') }}
  90. # Return minions that timeout when running commands like test.ping
  91. {{ get_config('show_timeout', 'True') }}
  92. # Display the jid when a job is published
  93. {{ get_config('show_jid', 'False') }}
  94. # By default, output is colored. To disable colored output, set the color value
  95. # to False.
  96. {{ get_config('color', 'True') }}
  97. # Do not strip off the colored output from nested results and state outputs
  98. # (true by default).
  99. {{ get_config('strip_colors', 'False') }}
  100. # Set the directory used to hold unix sockets:
  101. {{ get_config('sock_dir', '/var/run/salt/master') }}
  102. # The master can take a while to start up when lspci and/or dmidecode is used
  103. # to populate the grains for the master. Enable if you want to see GPU hardware
  104. # data for your master.
  105. {{ get_config('enable_gpu_grains', 'False') }}
  106. # The master maintains a job cache. While this is a great addition, it can be
  107. # a burden on the master for larger deployments (over 5000 minions).
  108. # Disabling the job cache will make previously executed jobs unavailable to
  109. # the jobs system and is not generally recommended.
  110. {{ get_config('job_cache', 'True') }}
  111. # Cache minion grains and pillar data in the cachedir.
  112. {{ get_config('minion_data_cache', 'True') }}
  113. # Store all returns in the given returner.
  114. # Setting this option requires that any returner-specific configuration also
  115. # be set. See various returners in salt/returners for details on required
  116. # configuration values. (See also, event_return_queue below.)
  117. #
  118. {{ get_config('event_return', 'mysql') }}
  119. # On busy systems, enabling event_returns can cause a considerable load on
  120. # the storage system for returners. Events can be queued on the master and
  121. # stored in a batched fashion using a single transaction for multiple events.
  122. # By default, events are not queued.
  123. {{ get_config('event_return_queue', '0') }}
  124. # Only events returns matching tags in a whitelist
  125. {% if 'event_return_whitelist' in cfg_master -%}
  126. event_return_whitelist:
  127. {%- for event_return in cfg_master['event_return_whitelist'] %}
  128. - {{ event_return }}
  129. {%- endfor -%}
  130. {% elif 'event_return_whitelist' in cfg_salt -%}
  131. event_return_whitelist:
  132. {%- for event_return in cfg_salt['event_return_whitelist'] %}
  133. - {{ event_return }}
  134. {%- endfor -%}
  135. {% else -%}
  136. # event_return_whitelist:
  137. # - salt/master/a_tag
  138. # - salt/master/another_tag
  139. {% endif %}
  140. # Store all event returns _except_ the tags in a blacklist
  141. {% if 'event_return_blacklist' in cfg_master -%}
  142. event_return_blacklist:
  143. {%- for event_return in cfg_master['event_return_blacklist'] %}
  144. - {{ event_return }}
  145. {%- endfor -%}
  146. {% elif 'event_return_blacklist' in cfg_salt -%}
  147. event_return_blacklist:
  148. {%- for event_return in cfg_salt['event_return_blacklist'] %}
  149. - {{ event_return }}
  150. {%- endfor -%}
  151. {% else -%}
  152. # event_return_blacklist:
  153. # - salt/master/not_this_tag
  154. # - salt/master/or_this_one
  155. {% endif %}
  156. # Passing very large events can cause the minion to consume large amounts of
  157. # memory. This value tunes the maximum size of a message allowed onto the
  158. # master event bus. The value is expressed in bytes.
  159. {{ get_config('max_event_size', '1048576') }}
  160. # By default, the master AES key rotates every 24 hours. The next command
  161. # following a key rotation will trigger a key refresh from the minion which may
  162. # result in minions which do not respond to the first command after a key refresh.
  163. #
  164. # To tell the master to ping all minions immediately after an AES key refresh, set
  165. # ping_on_rotate to True. This should mitigate the issue where a minion does not
  166. # appear to initially respond after a key is rotated.
  167. #
  168. # Note that ping_on_rotate may cause high load on the master immediately after
  169. # the key rotation event as minions reconnect. Consider this carefully if this
  170. # salt master is managing a large number of minions.
  171. #
  172. # If disabled, it is recommended to handle this event by listening for the
  173. # 'aes_key_rotate' event with the 'key' tag and acting appropriately.
  174. {{ get_config('ping_on_rotate', 'False') }}
  175. # By default, the master deletes its cache of minion data when the key for that
  176. # minion is removed. To preserve the cache after key deletion, set
  177. # 'preserve_minion_cache' to True.
  178. #
  179. # WARNING: This may have security implications if compromised minions auth with
  180. # a previous deleted minion ID.
  181. {{ get_config('preserve_minion_cache', 'False') }}
  182. # If max_minions is used in large installations, the master might experience
  183. # high-load situations because of having to check the number of connected
  184. # minions for every authentication. This cache provides the minion-ids of
  185. # all connected minions to all MWorker-processes and greatly improves the
  186. # performance of max_minions.
  187. {{ get_config('con_cache', 'False') }}
  188. # The master can include configuration from other files. To enable this,
  189. # pass a list of paths to this option. The paths can be either relative or
  190. # absolute; if relative, they are considered to be relative to the directory
  191. # the main master configuration file lives in (this file). Paths can make use
  192. # of shell-style globbing. If no files are matched by a path passed to this
  193. # option, then the master will log a warning message.
  194. #
  195. # Include a config file from some other path:
  196. # include: /etc/salt/extra_config
  197. #
  198. # Include config from several files and directories:
  199. # include:
  200. # - /etc/salt/extra_config
  201. {{ get_config('include', '[]') }}
  202. ##### Security settings #####
  203. ##########################################
  204. # Enable "open mode", this mode still maintains encryption, but turns off
  205. # authentication, this is only intended for highly secure environments or for
  206. # the situation where your keys end up in a bad state. If you run in open mode
  207. # you do so at your own risk!
  208. {{ get_config('open_mode', 'False') }}
  209. # Enable auto_accept, this setting will automatically accept all incoming
  210. # public keys from the minions. Note that this is insecure.
  211. {{ get_config('auto_accept', 'False') }}
  212. # Time in minutes that a incoming public key with a matching name found in
  213. # pki_dir/minion_autosign/keyid is automatically accepted. Expired autosign keys
  214. # are removed when the master checks the minion_autosign directory.
  215. # 0 equals no timeout
  216. {{ get_config('autosign_timeout', '120') }}
  217. # If the autosign_file is specified, incoming keys specified in the
  218. # autosign_file will be automatically accepted. This is insecure. Regular
  219. # expressions as well as globing lines are supported.
  220. {{ get_config('autosign_file', '/etc/salt/autosign.conf') }}
  221. # Works like autosign_file, but instead allows you to specify minion IDs for
  222. # which keys will automatically be rejected. Will override both membership in
  223. # the autosign_file and the auto_accept setting.
  224. {{ get_config('autoreject_file', '/etc/salt/autoreject.conf') }}
  225. # Enable permissive access to the salt keys. This allows you to run the
  226. # master or minion as root, but have a non-root group be given access to
  227. # your pki_dir. To make the access explicit, root must belong to the group
  228. # you've given access to. This is potentially quite insecure. If an autosign_file
  229. # is specified, enabling permissive_pki_access will allow group access to that
  230. # specific file.
  231. {{ get_config('permissive_pki_access', 'False') }}
  232. # Allow users on the master access to execute specific commands on minions.
  233. # This setting should be treated with care since it opens up execution
  234. # capabilities to non root users. By default this capability is completely
  235. # disabled.
  236. #client_acl:
  237. # larry:
  238. # - test.ping
  239. # - network.*
  240. {% if 'client_acl' in cfg_master -%}
  241. client_acl:
  242. {%- for name, user in cfg_master['client_acl']|dictsort %}
  243. {{ name}}:
  244. {%- for command in user %}
  245. - {% raw %}'{% endraw %}{{ command }}{% raw %}'{% endraw %}
  246. {%- endfor -%}
  247. {%- endfor -%}
  248. {% elif 'client_acl' in cfg_salt -%}
  249. client_acl:
  250. {%- for name, user in cfg_salt['client_acl']|dictsort %}
  251. {{ name }}:
  252. {%- for command in user %}
  253. - {% raw %}'{% endraw %}{{ command }}{% raw %}'{% endraw %}
  254. {%- endfor -%}
  255. {%- endfor -%}
  256. {% else -%}
  257. #client_acl:
  258. # larry:
  259. # - test.ping
  260. # - network.*
  261. {%- endif %}
  262. # Blacklist any of the following users or modules
  263. #
  264. # This example would blacklist all non sudo users, including root from
  265. # running any commands. It would also blacklist any use of the "cmd"
  266. # module. This is completely disabled by default.
  267. #
  268. {% if 'client_acl_blacklist' in cfg_master %}
  269. client_acl_blacklist:
  270. users:
  271. {% for user in cfg_master['client_acl_blacklist'].get('users', []) %}
  272. - {{ user }}
  273. {% endfor %}
  274. modules:
  275. {% for mod in cfg_master['client_acl_blacklist'].get('modules', []) %}
  276. - {{ mod }}
  277. {% endfor %}
  278. {% elif 'client_acl_blacklist' in cfg_salt %}
  279. client_acl_blacklist:
  280. users:
  281. {% for user in cfg_salt['client_acl_blacklist'].get('users', []) %}
  282. - {{ user }}
  283. {% endfor %}
  284. modules:
  285. {% for mod in cfg_salt['client_acl_blacklist'].get('modules', []) %}
  286. - {{ mod }}
  287. {% endfor %}
  288. {% else %}
  289. #client_acl_blacklist:
  290. # users:
  291. # - root
  292. # - '^(?!sudo_).*$' # all non sudo users
  293. # modules:
  294. # - cmd
  295. {% endif %}
  296. # Enforce client_acl & client_acl_blacklist when users have sudo
  297. # access to the salt command.
  298. #
  299. {{ get_config('sudo_acl', 'False') }}
  300. # The external auth system uses the Salt auth modules to authenticate and
  301. # validate users to access areas of the Salt system.
  302. #external_auth:
  303. # pam:
  304. # fred:
  305. # - test.*
  306. {{ get_config('external_auth', '{}') }}
  307. # Time (in seconds) for a newly generated token to live. Default: 12 hours
  308. {{ get_config('token_expire', '43200') }}
  309. # Allow minions to push files to the master. This is disabled by default, for
  310. # security purposes.
  311. {{ get_config('file_recv', 'False') }}
  312. # Set a hard-limit on the size of the files that can be pushed to the master.
  313. # It will be interpreted as megabytes. Default: 100
  314. {{ get_config('file_recv_max_size', '100') }}
  315. # Signature verification on messages published from the master.
  316. # This causes the master to cryptographically sign all messages published to its event
  317. # bus, and minions then verify that signature before acting on the message.
  318. #
  319. # This is False by default.
  320. #
  321. # Note that to facilitate interoperability with masters and minions that are different
  322. # versions, if sign_pub_messages is True but a message is received by a minion with
  323. # no signature, it will still be accepted, and a warning message will be logged.
  324. # Conversely, if sign_pub_messages is False, but a minion receives a signed
  325. # message it will be accepted, the signature will not be checked, and a warning message
  326. # will be logged. This behavior went away in Salt 2014.1.0 and these two situations
  327. # will cause minion to throw an exception and drop the message.
  328. {{ get_config('sign_pub_message', 'False') }}
  329. {{ get_config('master_sign_pubkey', 'False') }}
  330. ##### Master Module Management #####
  331. ##########################################
  332. # Manage how master side modules are loaded.
  333. # Add any additional locations to look for master runners:
  334. {{ get_config('runner_dirs', '[]') }}
  335. # Enable Cython for master side modules:
  336. {{ get_config('cython_enable', 'False') }}
  337. ##### State System settings #####
  338. ##########################################
  339. # The state system uses a "top" file to tell the minions what environment to
  340. # use and what modules to use. The state_top file is defined relative to the
  341. # root of the base environment as defined in "File Server settings" below.
  342. {{ get_config('state_top', 'top.sls') }}
  343. # The master_tops option replaces the external_nodes option by creating
  344. # a plugable system for the generation of external top data. The external_nodes
  345. # option is deprecated by the master_tops option.
  346. #
  347. # To gain the capabilities of the classic external_nodes system, use the
  348. # following configuration:
  349. # master_tops:
  350. # ext_nodes: <Shell command which returns yaml>
  351. #
  352. {% if 'master_tops' in cfg_master %}
  353. master_tops:
  354. {%- for master in cfg_master['master_tops'] -%}
  355. {%- if cfg_master['master_tops'][master] is string %}
  356. {{ master }}: {{ cfg_master['master_tops'][master] }}
  357. {%- else %}
  358. {{ master}}:
  359. {%- for parameter in cfg_master['master_tops'][master] %}
  360. {{ parameter }}: {{ cfg_master['master_tops'][master][parameter] }}
  361. {%- endfor -%}
  362. {%- endif -%}
  363. {%- endfor %}
  364. {% endif %}
  365. # The external_nodes option allows Salt to gather data that would normally be
  366. # placed in a top file. The external_nodes option is the executable that will
  367. # return the ENC data. Remember that Salt will look for external nodes AND top
  368. # files and combine the results if both are enabled!
  369. {{ get_config('external_nodes', 'None') }}
  370. # The renderer to use on the minions to render the state data
  371. {{ get_config('renderer', 'yaml_jinja') }}
  372. # The Jinja renderer can strip extra carriage returns and whitespace
  373. # See http://jinja.pocoo.org/docs/api/#high-level-api
  374. #
  375. # If this is set to True the first newline after a Jinja block is removed
  376. # (block, not variable tag!). Defaults to False, corresponds to the Jinja
  377. # environment init variable "trim_blocks".
  378. {{ get_config('jinja_trim_blocks', 'False') }}
  379. #
  380. # If this is set to True leading spaces and tabs are stripped from the start
  381. # of a line to a block. Defaults to False, corresponds to the Jinja
  382. # environment init variable "lstrip_blocks".
  383. {{ get_config('jinja_lstrip_blocks', 'False') }}
  384. # The failhard option tells the minions to stop immediately after the first
  385. # failure detected in the state execution, defaults to False
  386. {{ get_config('failhard', 'False') }}
  387. # The state_verbose and state_output settings can be used to change the way
  388. # state system data is printed to the display. By default all data is printed.
  389. # The state_verbose setting can be set to True or False, when set to False
  390. # all data that has a result of True and no changes will be suppressed.
  391. {{ get_config('state_verbose', 'True') }}
  392. # The state_output setting changes if the output is the full multi line
  393. # output for each changed state if set to 'full', but if set to 'terse'
  394. # the output will be shortened to a single line. If set to 'mixed', the output
  395. # will be terse unless a state failed, in which case that output will be full.
  396. # If set to 'changes', the output will be full unless the state didn't change.
  397. {{ get_config('state_output', 'full') }}
  398. # Automatically aggregate all states that have support for mod_aggregate by
  399. # setting to True. Or pass a list of state module names to automatically
  400. # aggregate just those types.
  401. #
  402. # state_aggregate:
  403. # - pkg
  404. #
  405. #state_aggregate: False
  406. ##### File Server settings #####
  407. ##########################################
  408. # Salt runs a lightweight file server written in zeromq to deliver files to
  409. # minions. This file server is built into the master daemon and does not
  410. # require a dedicated port.
  411. # The file server works on environments passed to the master, each environment
  412. # can have multiple root directories, the subdirectories in the multiple file
  413. # roots cannot match, otherwise the downloaded files will not be able to be
  414. # reliably ensured. A base environment is required to house the top file.
  415. # Example:
  416. # file_roots:
  417. # base:
  418. # - /srv/salt/
  419. # dev:
  420. # - /srv/salt/dev/services
  421. # - /srv/salt/dev/states
  422. # prod:
  423. # - /srv/salt/prod/services
  424. # - /srv/salt/prod/states
  425. {% if 'file_roots' in cfg_master -%}
  426. {{ file_roots(cfg_master['file_roots']) }}
  427. {%- elif 'file_roots' in cfg_salt -%}
  428. {{ file_roots(cfg_salt['file_roots']) }}
  429. {%- elif formulas|length -%}
  430. {{ file_roots({'base': ['/srv/salt']}) }}
  431. {%- else -%}
  432. #file_roots:
  433. # base:
  434. # - /srv/salt
  435. {%- endif %}
  436. # The hash_type is the hash to use when discovering the hash of a file on
  437. # the master server. The default is md5, but sha1, sha224, sha256, sha384
  438. # and sha512 are also supported.
  439. #
  440. # Prior to changing this value, the master should be stopped and all Salt
  441. # caches should be cleared.
  442. {{ get_config('hash_type', 'md5') }}
  443. # The buffer size in the file server can be adjusted here:
  444. {{ get_config('file_buffer_size', '1048576') }}
  445. # A regular expression (or a list of expressions) that will be matched
  446. # against the file path before syncing the modules and states to the minions.
  447. # This includes files affected by the file.recurse state.
  448. # For example, if you manage your custom modules and states in subversion
  449. # and don't want all the '.svn' folders and content synced to your minions,
  450. # you could set this to '/\.svn($|/)'. By default nothing is ignored.
  451. {% if 'file_ignore_regex' in cfg_master %}
  452. file_ignore_regex:
  453. {% for regex in cfg_master['file_ignore_regex'] %}
  454. - {{ regex }}
  455. {% endfor %}
  456. {% elif 'file_ignore_regex' in cfg_salt %}
  457. file_ignore_regex:
  458. {% for regex in cfg_salt['file_ignore_regex'] %}
  459. - {{ regex }}
  460. {% endfor %}
  461. {% else %}
  462. #file_ignore_regex:
  463. # - '/\.svn($|/)'
  464. # - '/\.git($|/)'
  465. {% endif %}
  466. # A file glob (or list of file globs) that will be matched against the file
  467. # path before syncing the modules and states to the minions. This is similar
  468. # to file_ignore_regex above, but works on globs instead of regex. By default
  469. # nothing is ignored.
  470. {% if 'file_ignore_glob' in cfg_master %}
  471. file_ignore_glob:
  472. {% for glob in cfg_master['file_ignore_glob'] %}
  473. - {{ glob }}
  474. {% endfor %}
  475. {% elif 'file_ignore_glob' in cfg_salt %}
  476. file_ignore_glob:
  477. {% for glob in cfg_salt['file_ignore_glob'] %}
  478. - {{ glob }}
  479. {% endfor %}
  480. {% else %}
  481. # file_ignore_glob:
  482. # - '*.pyc'
  483. # - '*/somefolder/*.bak'
  484. # - '*.swp'
  485. {% endif %}
  486. # File Server Backend
  487. #
  488. # Salt supports a modular fileserver backend system, this system allows
  489. # the salt master to link directly to third party systems to gather and
  490. # manage the files available to minions. Multiple backends can be
  491. # configured and will be searched for the requested file in the order in which
  492. # they are defined here. The default setting only enables the standard backend
  493. # "roots" which uses the "file_roots" option.
  494. #fileserver_backend:
  495. # - roots
  496. #
  497. # To use multiple backends list them in the order they are searched:
  498. #fileserver_backend:
  499. # - git
  500. # - roots
  501. {% if 'fileserver_backend' in cfg_master -%}
  502. fileserver_backend:
  503. {%- for backend in cfg_master['fileserver_backend'] %}
  504. - {{ backend }}
  505. {%- endfor -%}
  506. {%- endif %}
  507. #
  508. # Uncomment the line below if you do not want the file_server to follow
  509. # symlinks when walking the filesystem tree. This is set to True
  510. # by default. Currently this only applies to the default roots
  511. # fileserver_backend.
  512. {{ get_config('fileserver_followsymlinks', 'False') }}
  513. #
  514. # Uncomment the line below if you do not want symlinks to be
  515. # treated as the files they are pointing to. By default this is set to
  516. # False. By uncommenting the line below, any detected symlink while listing
  517. # files on the Master will not be returned to the Minion.
  518. {{ get_config('fileserver_ignoresymlinks', 'True') }}
  519. #
  520. # By default, the Salt fileserver recurses fully into all defined environments
  521. # to attempt to find files. To limit this behavior so that the fileserver only
  522. # traverses directories with SLS files and special Salt directories like _modules,
  523. # enable the option below. This might be useful for installations where a file root
  524. # has a very large number of files and performance is impacted. Default is False.
  525. {{ get_config('fileserver_limit_traversal', 'False') }}
  526. #
  527. # The fileserver can fire events off every time the fileserver is updated,
  528. # these are disabled by default, but can be easily turned on by setting this
  529. # flag to True
  530. {{ get_config('fileserver_events', 'False') }}
  531. # Git File Server Backend Configuration
  532. #
  533. # Gitfs can be provided by one of two python modules: GitPython or pygit2. If
  534. # using pygit2, both libgit2 and git must also be installed.
  535. {{ get_config('gitfs_provider', 'gitpython') }}
  536. #
  537. # When using the git fileserver backend at least one git remote needs to be
  538. # defined. The user running the salt master will need read access to the repo.
  539. #
  540. # The repos will be searched in order to find the file requested by a client
  541. # and the first repo to have the file will return it.
  542. # When using the git backend branches and tags are translated into salt
  543. # environments.
  544. # Note: file:// repos will be treated as a remote, so refs you want used must
  545. # exist in that repo as *local* refs.
  546. {% if 'gitfs_remotes' in cfg_master -%}
  547. gitfs_remotes:
  548. {%- for remote in cfg_master['gitfs_remotes'] %}
  549. {%- if remote is iterable and remote is not string %}
  550. {%- for repo, children in remote.items() %}
  551. - {{ repo }}:
  552. {%- for child in children %}
  553. {%- for key, value in child.items() %}
  554. - {{ key }}: {{ value }}
  555. {%- endfor -%}
  556. {%- endfor -%}
  557. {%- endfor -%}
  558. {%- else %}
  559. - {{ remote }}
  560. {%- endif -%}
  561. {%- endfor -%}
  562. {%- endif %}
  563. #gitfs_remotes:
  564. # - git://github.com/saltstack/salt-states.git
  565. # - file:///var/git/saltmaster
  566. #
  567. # The gitfs_ssl_verify option specifies whether to ignore ssl certificate
  568. # errors when contacting the gitfs backend. You might want to set this to
  569. # false if you're using a git backend that uses a self-signed certificate but
  570. # keep in mind that setting this flag to anything other than the default of True
  571. # is a security concern, you may want to try using the ssh transport.
  572. {{ get_config('gitfs_ssl_verify', 'True') }}
  573. #
  574. # The gitfs_root option gives the ability to serve files from a subdirectory
  575. # within the repository. The path is defined relative to the root of the
  576. # repository and defaults to the repository root.
  577. {{ get_config('gitfs_root', 'somefolder/otherfolder') }}
  578. # The gitfs_env_whitelist and gitfs_env_blacklist parameters allow for greater
  579. # control over which branches/tags are exposed as fileserver environments.
  580. {% if 'gitfs_env_whitelist' in cfg_master -%}
  581. gitfs_env_whitelist:
  582. {%- for git_env in cfg_master['gitfs_env_whitelist'] %}
  583. - {{ git_env }}
  584. {%- endfor -%}
  585. {% else -%}
  586. # gitfs_env_whitelist:
  587. # - base
  588. # - v1.*
  589. {% endif %}
  590. {% if 'gitfs_env_blacklist' in cfg_master -%}
  591. gitfs_env_blacklist:
  592. {%- for git_env in cfg_master['gitfs_env_blacklist'] %}
  593. - {{ git_env }}
  594. {%- endfor -%}
  595. {% else -%}
  596. # gitfs_env_blacklist:
  597. # - bug/*
  598. # - feature/*
  599. {% endif %}
  600. ##### Pillar settings #####
  601. ##########################################
  602. # Salt Pillars allow for the building of global data that can be made selectively
  603. # available to different minions based on minion grain filtering. The Salt
  604. # Pillar is laid out in the same fashion as the file server, with environments,
  605. # a top file and sls files. However, pillar data does not need to be in the
  606. # highstate format, and is generally just key/value pairs.
  607. {% if 'pillar_roots' in cfg_master -%}
  608. pillar_roots:
  609. {%- for name, roots in cfg_master['pillar_roots']|dictsort %}
  610. {{ name }}:
  611. {%- for dir in roots %}
  612. - {{ dir }}
  613. {%- endfor -%}
  614. {%- endfor -%}
  615. {% elif 'pillar_roots' in cfg_salt -%}
  616. pillar_roots:
  617. {%- for name, roots in cfg_salt['pillar_roots']|dictsort %}
  618. {{ name }}:
  619. {%- for dir in roots %}
  620. - {{ dir }}
  621. {%- endfor -%}
  622. {%- endfor -%}
  623. {%- else -%}
  624. #pillar_roots:
  625. # base:
  626. # - /srv/pillar
  627. {%- endif %}
  628. #
  629. {% if 'ext_pillar' in cfg_master %}
  630. ext_pillar:
  631. {%- for pillar in cfg_master['ext_pillar'] -%}
  632. {%- for key in pillar -%}
  633. {%- if pillar[key] is string %}
  634. - {{ key }}: {{ pillar[key] }}
  635. {%- elif pillar[key] is iterable and pillar[key] is not mapping %}
  636. - {{ key }}:
  637. {%- for parameter in pillar[key] %}
  638. - {{ parameter }}
  639. {%- endfor -%}
  640. {%- elif pillar[key] is mapping and pillar[key] is not string %}
  641. - {{ key }}:
  642. {%- for parameter in pillar[key] %}
  643. {{ parameter }}: {{pillar[key][parameter]}}
  644. {%- endfor %}
  645. {%- else %}
  646. # Error in rendering {{ key }}, please read https://docs.saltstack.com/en/latest/topics/development/external_pillars.html#configuration
  647. {% endif %}
  648. {%- endfor -%}
  649. {%- endfor %}
  650. {% elif 'ext_pillar' in cfg_salt %}
  651. ext_pillar:
  652. {% for pillar in cfg_salt['ext_pillar'] %}
  653. - {{ pillar.items()[0][0] }}: {{ pillar.items()[0][1] }}
  654. {% endfor %}
  655. {% else %}
  656. #ext_pillar:
  657. # - hiera: /etc/hiera.yaml
  658. # - cmd_yaml: cat /etc/salt/yaml
  659. {% endif %}
  660. # The ext_pillar_first option allows for external pillar sources to populate
  661. # before file system pillar. This allows for targeting file system pillar from
  662. # ext_pillar.
  663. {{ get_config('ext_pillar_first', 'False') }}
  664. # The pillar_gitfs_ssl_verify option specifies whether to ignore ssl certificate
  665. # errors when contacting the pillar gitfs backend. You might want to set this to
  666. # false if you're using a git backend that uses a self-signed certificate but
  667. # keep in mind that setting this flag to anything other than the default of True
  668. # is a security concern, you may want to try using the ssh transport.
  669. {{ get_config('pillar_gitfs_ssl_verify', 'True') }}
  670. # The pillar_opts option adds the master configuration file data to a dict in
  671. # the pillar called "master". This is used to set simple configurations in the
  672. # master config file that can then be used on minions.
  673. {{ get_config('pillar_opts', 'True') }}
  674. # The pillar_source_merging_strategy option allows you to configure merging strategy
  675. # between different sources. It accepts four values: recurse, aggregate, overwrite,
  676. # or smart. Recurse will merge recursively mapping of data. Aggregate instructs
  677. # aggregation of elements between sources that use the #!yamlex renderer. Overwrite
  678. # will verwrite elements according the order in which they are processed. This is
  679. # behavior of the 2014.1 branch and earlier. Smart guesses the best strategy based
  680. # on the "renderer" setting and is the default value.
  681. {{ get_config('pillar_source_merging_strategy', 'smart') }}
  682. ##### Syndic settings #####
  683. ##########################################
  684. # The Salt syndic is used to pass commands through a master from a higher
  685. # master. Using the syndic is simple, if this is a master that will have
  686. # syndic servers(s) below it set the "order_masters" setting to True, if this
  687. # is a master that will be running a syndic daemon for passthrough the
  688. # "syndic_master" setting needs to be set to the location of the master server
  689. # to receive commands from.
  690. # Set the order_masters setting to True if this master will command lower
  691. # masters' syndic interfaces.
  692. {{ get_config('order_masters', 'False') }}
  693. # If this master will be running a salt syndic daemon, syndic_master tells
  694. # this master where to receive commands from.
  695. {{ get_config('syndic_master', 'masterofmaster') }}
  696. # This is the 'ret_port' of the MasterOfMaster:
  697. {{ get_config('syndic_master_port', '4506') }}
  698. # PID file of the syndic daemon:
  699. {{ get_config('syndic_pidfile', '/var/run/salt-syndic.pid') }}
  700. # LOG file of the syndic daemon:
  701. {{ get_config('syndic_log_file', 'syndic.log') }}
  702. ##### Peer Publish settings #####
  703. ##########################################
  704. # Salt minions can send commands to other minions, but only if the minion is
  705. # allowed to. By default "Peer Publication" is disabled, and when enabled it
  706. # is enabled for specific minions and specific commands. This allows secure
  707. # compartmentalization of commands based on individual minions.
  708. # The configuration uses regular expressions to match minions and then a list
  709. # of regular expressions to match functions. The following will allow the
  710. # minion authenticated as foo.example.com to execute functions from the test
  711. # and pkg modules.
  712. #peer:
  713. # foo.example.com:
  714. # - test.*
  715. # - pkg.*
  716. #
  717. # This will allow all minions to execute all commands:
  718. #peer:
  719. # .*:
  720. # - .*
  721. #
  722. # This is not recommended, since it would allow anyone who gets root on any
  723. # single minion to instantly have root on all of the minions!
  724. {% if 'peer' in cfg_master %}
  725. peer:
  726. {% for name, roots in cfg_master['peer'].items() %}
  727. {{ name }}:
  728. {% for mod in roots %}
  729. - {{ mod }}
  730. {% endfor %}
  731. {% endfor %}
  732. {% elif 'peer' in cfg_salt %}
  733. peer:
  734. {% for name, roots in cfg_salt['peer'].items() %}
  735. {{ name }}:
  736. {% for mod in roots %}
  737. - {{ mod }}
  738. {% endfor %}
  739. {% endfor %}
  740. {% endif %}
  741. # Minions can also be allowed to execute runners from the salt master.
  742. # Since executing a runner from the minion could be considered a security risk,
  743. # it needs to be enabled. This setting functions just like the peer setting
  744. # except that it opens up runners instead of module functions.
  745. #
  746. # All peer runner support is turned off by default and must be enabled before
  747. # using. This will enable all peer runners for all minions:
  748. #peer_run:
  749. # .*:
  750. # - .*
  751. #
  752. # To enable just the manage.up runner for the minion foo.example.com:
  753. #peer_run:
  754. # foo.example.com:
  755. # - manage.up
  756. {% if 'peer_run' in cfg_master %}
  757. peer_run:
  758. {% for name, roots in cfg_master['peer_run'].items() %}
  759. {{ name }}:
  760. {% for mod in roots %}
  761. - {{ mod }}
  762. {% endfor %}
  763. {% endfor %}
  764. {% elif 'peer_run' in cfg_salt %}
  765. peer_run:
  766. {% for name, roots in cfg_salt['peer_run'].items() %}
  767. {{ name }}:
  768. {% for mod in roots %}
  769. - {{ mod }}
  770. {% endfor %}
  771. {% endfor %}
  772. {% endif %}
  773. ##### Mine settings #####
  774. ##########################################
  775. # Restrict mine.get access from minions. By default any minion has a full access
  776. # to get all mine data from master cache. In acl definion below, only pcre matches
  777. # are allowed.
  778. # mine_get:
  779. # .*:
  780. # - .*
  781. #
  782. # The example below enables minion foo.example.com to get 'network.interfaces' mine
  783. # data only, minions web* to get all network.* and disk.* mine data and all other
  784. # minions won't get any mine data.
  785. {% if 'mine_get' in cfg_master -%}
  786. mine_get:
  787. {%- for minion, data in cfg_master['mine_get']|dictsort %}
  788. {{ minion }}:
  789. {%- for command in data %}
  790. - {% raw %}'{% endraw %}{{ command }}{% raw %}'{% endraw %}
  791. {%- endfor -%}
  792. {%- endfor -%}
  793. {% elif 'mine_get' in cfg_salt -%}
  794. mine_get:
  795. {%- for minion, data in cfg_salt['mine_get']|dictsort %}
  796. {{ minion }}:
  797. {%- for command in data %}
  798. - {% raw %}'{% endraw %}{{ command }}{% raw %}'{% endraw %}
  799. {%- endfor -%}
  800. {%- endfor -%}
  801. {% else -%}
  802. # mine_get:
  803. # foo.example.com:
  804. # - network.interfaces
  805. # web.*:
  806. # - network.*
  807. # - disk.*
  808. {%- endif %}
  809. ##### Logging settings #####
  810. ##########################################
  811. # The location of the master log file
  812. # The master log can be sent to a regular file, local path name, or network
  813. # location. Remote logging works best when configured to use rsyslogd(8) (e.g.:
  814. # ``file:///dev/log``), with rsyslogd(8) configured for network logging. The URI
  815. # format is: <file|udp|tcp>://<host|socketpath>:<port-if-required>/<log-facility>
  816. #log_file: /var/log/salt/master
  817. #log_file: file:///dev/log
  818. #log_file: udp://loghost:10514
  819. {{ get_config('log_file', '/var/log/salt/master') }}
  820. {{ get_config('key_logfile', '/var/log/salt/key') }}
  821. # The level of messages to send to the console.
  822. # One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'.
  823. {{ get_config('log_level', 'warning') }}
  824. # The level of messages to send to the log file.
  825. # One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'.
  826. {{ get_config('log_level_logfile', 'warning') }}
  827. # The date and time format used in log messages. Allowed date/time formating
  828. # can be seen here: http://docs.python.org/library/time.html#time.strftime
  829. {{ get_config('log_datefmt', "'%H:%M:%S'") }}
  830. {{ get_config('log_datefmt_logfile', "'%Y-%m-%d %H:%M:%S'") }}
  831. # The format of the console logging messages. Allowed formatting options can
  832. # be seen here: http://docs.python.org/library/logging.html#logrecord-attributes
  833. {{ get_config('log_fmt_console', "'[%(levelname)-8s] %(message)s'") }}
  834. {{ get_config('log_fmt_logfile', "'%(asctime)s,%(msecs)03.0f [%(name)-17s][%(levelname)-8s] %(message)s'") }}
  835. # This can be used to control logging levels more specificically. This
  836. # example sets the main salt library at the 'warning' level, but sets
  837. # 'salt.modules' to log at the 'debug' level:
  838. # log_granular_levels:
  839. # 'salt': 'warning'
  840. # 'salt.modules': 'debug'
  841. #
  842. {% if 'log_granular_levels' in cfg_master %}
  843. log_granular_levels:
  844. {% for name, lvl in cfg_master['log_granular_levels'].items() %}
  845. {{ name }}: {{ lvl }}
  846. {% endfor %}
  847. {% elif 'log_granular_levels' in cfg_salt %}
  848. log_granular_levels:
  849. {% for name, lvl in cfg_salt['log_granular_levels'].items() %}
  850. {{ name }}: {{ lvl }}
  851. {% endfor %}
  852. {% else %}
  853. #log_granular_levels: {}
  854. {% endif %}
  855. ##### Node Groups #####
  856. ##########################################
  857. # Node groups allow for logical groupings of minion nodes. A group consists of a group
  858. # name and a compound target.
  859. #nodegroups:
  860. # group1: 'L@foo.domain.com,bar.domain.com,baz.domain.com and bl*.domain.com'
  861. # group2: 'G@os:Debian and foo.domain.com'
  862. {% if 'nodegroups' in cfg_master %}
  863. nodegroups:
  864. {% for name, lvl in cfg_master['nodegroups'].items() %}
  865. {{ name }}: {{ lvl }}
  866. {% endfor %}
  867. {% elif 'nodegroups' in cfg_salt %}
  868. nodegroups:
  869. {% for name, lvl in cfg_salt['nodegroups'].items() %}
  870. {{ name }}: {{ lvl }}
  871. {% endfor %}
  872. {% endif %}
  873. ##### Range Cluster settings #####
  874. ##########################################
  875. # The range server (and optional port) that serves your cluster information
  876. # https://github.com/ytoolshed/range/wiki/%22yamlfile%22-module-file-spec
  877. #
  878. {{ get_config('range_server', 'range:80') }}
  879. ##### Windows Software Repo settings #####
  880. ##############################################
  881. # Location of the repo on the master:
  882. {{ get_config('win_repo', '/srv/salt/win/repo') }}
  883. # Location of the master's repo cache file:
  884. {{ get_config('win_repo_mastercachefile', '/srv/salt/win/repo/winrepo.p') }}
  885. # List of git repositories to include with the local repo:
  886. {% if 'win_gitrepos' in cfg_master %}
  887. win_gitrepos:
  888. {% for repo in cfg_master['win_gitrepos'] %}
  889. - {{ repo }}
  890. {% endfor %}
  891. {% elif 'win_gitrepos' in cfg_salt %}
  892. win_gitrepos:
  893. {% for repo in cfg_salt['win_gitrepos'] %}
  894. - {{ repo }}
  895. {% endfor %}
  896. {% else %}
  897. #win_gitrepos:
  898. # - 'https://github.com/saltstack/salt-winrepo.git'
  899. {% endif %}
  900. ##### Returner settings ######
  901. ############################################
  902. # Which returner(s) will be used for minion's result:
  903. #return: mysql
  904. {% if 'halite' in cfg_master %}
  905. ##### Halite #####
  906. ##########################################
  907. halite:
  908. {% for name, value in cfg_master['halite'].items() %}
  909. {{ name }}: {{ value }}
  910. {% endfor %}
  911. {% endif %}
  912. {% if 'rest_cherrypy' in cfg_master %}
  913. ##### rest_cherrypy #####
  914. ##########################################
  915. rest_cherrypy:
  916. {% for name, value in cfg_master['rest_cherrypy'].items() %}
  917. {{ name }}: {{ value }}
  918. {%- endfor %}
  919. {%- endif %}
  920. {% if 'rest_tornado' in cfg_master %}
  921. ##### rest_tornado #####
  922. ###########################################
  923. rest_tornado:
  924. {% for name, value in cfg_master['rest_tornado'].items() %}
  925. {{ name }}: {{ value }}
  926. {%- endfor %}
  927. {%- endif %}
  928. {% if 'presence_events' in cfg_master %}
  929. ##### presence events #####
  930. ##########################################
  931. {{ get_config('presence_events', 'False') }}
  932. {% endif %}
  933. {% if 'consul_config' in cfg_master %}
  934. ##### consul_config #####
  935. ##########################################
  936. consul_config:
  937. {% for name, value in cfg_master['consul_config'].items() %}
  938. {{ name }}: {{ value }}
  939. {%- endfor %}
  940. {%- endif %}