|
|
|
@@ -1,18 +1,18 @@ |
|
|
|
# This file managed by Salt, do not edit by hand!! |
|
|
|
# Based on salt version 0.17.4 default config |
|
|
|
{% set reserved_keys = ['master', 'minion', 'cloud', 'salt_cloud_certs'] -%} |
|
|
|
{% set salt = pillar.get('salt', {}) -%} |
|
|
|
{% set master = salt.get('master', {}) -%} |
|
|
|
{% set cfg_salt = pillar.get('salt', {}) -%} |
|
|
|
{% set cfg_master = cfg_salt.get('master', {}) -%} |
|
|
|
{%- macro get_config(configname, default_value) -%} |
|
|
|
{%- if configname in master -%} |
|
|
|
{{ configname }}: {{ master[configname] }} |
|
|
|
{%- elif configname in salt and configname not in reserved_keys -%} |
|
|
|
{{ configname }}: {{ salt[configname] }} |
|
|
|
{%- if configname in cfg_master -%} |
|
|
|
{{ configname }}: {{ cfg_master[configname] }} |
|
|
|
{%- elif configname in cfg_salt and configname not in reserved_keys -%} |
|
|
|
{{ configname }}: {{ cfg_salt[configname] }} |
|
|
|
{%- else -%} |
|
|
|
#{{ configname }}: {{ default_value }} |
|
|
|
{%- endif -%} |
|
|
|
{%- endmacro -%} |
|
|
|
{%- from 'salt/formulas.jinja' import file_roots, formulas -%} |
|
|
|
{%- from 'salt/formulas.jinja' import file_roots, formulas with context -%} |
|
|
|
##### Primary configuration settings ##### |
|
|
|
########################################## |
|
|
|
# This configuration file is used to manage the behavior of the Salt Master |
|
|
|
@@ -148,14 +148,14 @@ |
|
|
|
{{ get_config('event_return_queue', '0') }} |
|
|
|
|
|
|
|
# Only events returns matching tags in a whitelist |
|
|
|
{% if 'event_return_whitelist' in master -%} |
|
|
|
{% if 'event_return_whitelist' in cfg_master -%} |
|
|
|
event_return_whitelist: |
|
|
|
{%- for event_return in event_return_whitelist %} |
|
|
|
{%- for event_return in cfg_master['event_return_whitelist'] %} |
|
|
|
- {{ event_return }} |
|
|
|
{%- endfor -%} |
|
|
|
{% elif 'event_return_whitelist' in salt -%} |
|
|
|
{% elif 'event_return_whitelist' in cfg_salt -%} |
|
|
|
event_return_whitelist: |
|
|
|
{%- for event_return in event_return_whitelist %} |
|
|
|
{%- for event_return in cfg_salt['event_return_whitelist'] %} |
|
|
|
- {{ event_return }} |
|
|
|
{%- endfor -%} |
|
|
|
{% else -%} |
|
|
|
@@ -165,14 +165,14 @@ event_return_whitelist: |
|
|
|
{% endif %} |
|
|
|
|
|
|
|
# Store all event returns _except_ the tags in a blacklist |
|
|
|
{% if 'event_return_blacklist' in master -%} |
|
|
|
{% if 'event_return_blacklist' in cfg_master -%} |
|
|
|
event_return_blacklist: |
|
|
|
{%- for event_return in event_return_blacklist %} |
|
|
|
{%- for event_return in cfg_master['event_return_blacklist'] %} |
|
|
|
- {{ event_return }} |
|
|
|
{%- endfor -%} |
|
|
|
{% elif 'event_return_blacklist' in salt -%} |
|
|
|
{% elif 'event_return_blacklist' in cfg_salt -%} |
|
|
|
event_return_blacklist: |
|
|
|
{%- for event_return in event_return_blacklist %} |
|
|
|
{%- for event_return in cfg_salt['event_return_blacklist'] %} |
|
|
|
- {{ event_return }} |
|
|
|
{%- endfor -%} |
|
|
|
{% else -%} |
|
|
|
@@ -277,17 +277,17 @@ event_return_blacklist: |
|
|
|
# larry: |
|
|
|
# - test.ping |
|
|
|
# - network.* |
|
|
|
{% if 'client_acl' in master -%} |
|
|
|
{% if 'client_acl' in cfg_master -%} |
|
|
|
client_acl: |
|
|
|
{%- for name, user in master['client_acl']|dictsort %} |
|
|
|
{%- for name, user in cfg_master['client_acl']|dictsort %} |
|
|
|
{{ name}}: |
|
|
|
{%- for command in user %} |
|
|
|
- {% raw %}'{% endraw %}{{ command }}{% raw %}'{% endraw %} |
|
|
|
{%- endfor -%} |
|
|
|
{%- endfor -%} |
|
|
|
{% elif 'client_acl' in salt -%} |
|
|
|
{% elif 'client_acl' in cfg_salt -%} |
|
|
|
client_acl: |
|
|
|
{%- for name, user in salt['client_acl']|dictsort %} |
|
|
|
{%- for name, user in cfg_salt['client_acl']|dictsort %} |
|
|
|
{{ name }}: |
|
|
|
{%- for command in user %} |
|
|
|
- {% raw %}'{% endraw %}{{ command }}{% raw %}'{% endraw %} |
|
|
|
@@ -306,24 +306,24 @@ client_acl: |
|
|
|
# running any commands. It would also blacklist any use of the "cmd" |
|
|
|
# module. This is completely disabled by default. |
|
|
|
# |
|
|
|
{% if 'client_acl_blacklist' in master %} |
|
|
|
{% if 'client_acl_blacklist' in cfg_master %} |
|
|
|
client_acl_blacklist: |
|
|
|
users: |
|
|
|
{% for user in master['client_acl_blacklist'].get('users', []) %} |
|
|
|
{% for user in cfg_master['client_acl_blacklist'].get('users', []) %} |
|
|
|
- {{ user }} |
|
|
|
{% endfor %} |
|
|
|
modules: |
|
|
|
{% for mod in master['client_acl_blacklist'].get('modules', []) %} |
|
|
|
{% for mod in cfg_master['client_acl_blacklist'].get('modules', []) %} |
|
|
|
- {{ mod }} |
|
|
|
{% endfor %} |
|
|
|
{% elif 'client_acl_blacklist' in salt %} |
|
|
|
{% elif 'client_acl_blacklist' in cfg_salt %} |
|
|
|
client_acl_blacklist: |
|
|
|
users: |
|
|
|
{% for user in salt['client_acl_blacklist'].get('users', []) %} |
|
|
|
{% for user in cfg_salt['client_acl_blacklist'].get('users', []) %} |
|
|
|
- {{ user }} |
|
|
|
{% endfor %} |
|
|
|
modules: |
|
|
|
{% for mod in salt['client_acl_blacklist'].get('modules', []) %} |
|
|
|
{% for mod in cfg_salt['client_acl_blacklist'].get('modules', []) %} |
|
|
|
- {{ mod }} |
|
|
|
{% endfor %} |
|
|
|
{% else %} |
|
|
|
@@ -473,10 +473,10 @@ client_acl_blacklist: |
|
|
|
# - /srv/salt/prod/services |
|
|
|
# - /srv/salt/prod/states |
|
|
|
|
|
|
|
{% if 'file_roots' in master -%} |
|
|
|
{{ file_roots(master['file_roots']) }} |
|
|
|
{%- elif 'file_roots' in salt -%} |
|
|
|
{{ file_roots(salt['file_roots']) }} |
|
|
|
{% if 'file_roots' in cfg_master -%} |
|
|
|
{{ file_roots(cfg_master['file_roots']) }} |
|
|
|
{%- elif 'file_roots' in cfg_salt -%} |
|
|
|
{{ file_roots(cfg_salt['file_roots']) }} |
|
|
|
{%- elif formulas|length -%} |
|
|
|
{{ file_roots({'base': ['/srv/salt']}) }} |
|
|
|
{%- else -%} |
|
|
|
@@ -502,14 +502,14 @@ client_acl_blacklist: |
|
|
|
# For example, if you manage your custom modules and states in subversion |
|
|
|
# and don't want all the '.svn' folders and content synced to your minions, |
|
|
|
# you could set this to '/\.svn($|/)'. By default nothing is ignored. |
|
|
|
{% if 'file_ignore_regex' in master %} |
|
|
|
{% if 'file_ignore_regex' in cfg_master %} |
|
|
|
file_ignore_regex: |
|
|
|
{% for regex in master['file_ignore_regex'] %} |
|
|
|
{% for regex in cfg_master['file_ignore_regex'] %} |
|
|
|
- {{ regex }} |
|
|
|
{% endfor %} |
|
|
|
{% elif 'file_ignore_regex' in salt %} |
|
|
|
{% elif 'file_ignore_regex' in cfg_salt %} |
|
|
|
file_ignore_regex: |
|
|
|
{% for regex in salt['file_ignore_regex'] %} |
|
|
|
{% for regex in cfg_salt['file_ignore_regex'] %} |
|
|
|
- {{ regex }} |
|
|
|
{% endfor %} |
|
|
|
{% else %} |
|
|
|
@@ -522,14 +522,14 @@ file_ignore_regex: |
|
|
|
# path before syncing the modules and states to the minions. This is similar |
|
|
|
# to file_ignore_regex above, but works on globs instead of regex. By default |
|
|
|
# nothing is ignored. |
|
|
|
{% if 'file_ignore_glob' in master %} |
|
|
|
{% if 'file_ignore_glob' in cfg_master %} |
|
|
|
file_ignore_glob: |
|
|
|
{% for glob in master['file_ignore_glob'] %} |
|
|
|
{% for glob in cfg_master['file_ignore_glob'] %} |
|
|
|
- {{ glob }} |
|
|
|
{% endfor %} |
|
|
|
{% elif 'file_ignore_glob' in salt %} |
|
|
|
{% elif 'file_ignore_glob' in cfg_salt %} |
|
|
|
file_ignore_glob: |
|
|
|
{% for glob in salt['file_ignore_glob'] %} |
|
|
|
{% for glob in cfg_salt['file_ignore_glob'] %} |
|
|
|
- {{ glob }} |
|
|
|
{% endfor %} |
|
|
|
{% else %} |
|
|
|
@@ -554,9 +554,9 @@ file_ignore_glob: |
|
|
|
#fileserver_backend: |
|
|
|
# - git |
|
|
|
# - roots |
|
|
|
{% if 'fileserver_backend' in master -%} |
|
|
|
{% if 'fileserver_backend' in cfg_master -%} |
|
|
|
fileserver_backend: |
|
|
|
{%- for backend in master['fileserver_backend'] %} |
|
|
|
{%- for backend in cfg_master['fileserver_backend'] %} |
|
|
|
- {{ backend }} |
|
|
|
{%- endfor -%} |
|
|
|
{%- endif %} |
|
|
|
@@ -600,9 +600,9 @@ fileserver_backend: |
|
|
|
# environments. |
|
|
|
# Note: file:// repos will be treated as a remote, so refs you want used must |
|
|
|
# exist in that repo as *local* refs. |
|
|
|
{% if 'gitfs_remotes' in master -%} |
|
|
|
{% if 'gitfs_remotes' in cfg_master -%} |
|
|
|
gitfs_remotes: |
|
|
|
{%- for remote in master['gitfs_remotes'] %} |
|
|
|
{%- for remote in cfg_master['gitfs_remotes'] %} |
|
|
|
{%- if remote is iterable and remote is not string %} |
|
|
|
{%- for repo, children in remote.items() %} |
|
|
|
- {{ repo }}: |
|
|
|
@@ -642,17 +642,17 @@ gitfs_remotes: |
|
|
|
# Pillar is laid out in the same fashion as the file server, with environments, |
|
|
|
# a top file and sls files. However, pillar data does not need to be in the |
|
|
|
# highstate format, and is generally just key/value pairs. |
|
|
|
{% if 'pillar_roots' in master %} |
|
|
|
{% if 'pillar_roots' in cfg_master %} |
|
|
|
pillar_roots: |
|
|
|
{% for name, roots in master['pillar_roots']|dictsort %} |
|
|
|
{% for name, roots in cfg_master['pillar_roots']|dictsort %} |
|
|
|
{{ name }}: |
|
|
|
{% for dir in roots %} |
|
|
|
- {{ dir }} |
|
|
|
{% endfor %} |
|
|
|
{% endfor %} |
|
|
|
{% elif 'pillar_roots' in salt %} |
|
|
|
{% elif 'pillar_roots' in cfg_salt %} |
|
|
|
pillar_roots: |
|
|
|
{% for name, roots in salt['pillar_roots']|dictsort %} |
|
|
|
{% for name, roots in cfg_salt['pillar_roots']|dictsort %} |
|
|
|
{{ name }}: |
|
|
|
{% for dir in roots %} |
|
|
|
- {{ dir }} |
|
|
|
@@ -664,14 +664,14 @@ pillar_roots: |
|
|
|
# - /srv/pillar |
|
|
|
{% endif %} |
|
|
|
# |
|
|
|
{% if 'ext_pillar' in master %} |
|
|
|
{% if 'ext_pillar' in cfg_master %} |
|
|
|
ext_pillar: |
|
|
|
{% for pillar in master['ext_pillar'] %} |
|
|
|
{% for pillar in cfg_master['ext_pillar'] %} |
|
|
|
- {{ pillar.items()[0][0] }}: {{ pillar.items()[0][1] }} |
|
|
|
{% endfor %} |
|
|
|
{% elif 'ext_pillar' in salt %} |
|
|
|
{% elif 'ext_pillar' in cfg_salt %} |
|
|
|
ext_pillar: |
|
|
|
{% for pillar in salt['ext_pillar'] %} |
|
|
|
{% for pillar in cfg_salt['ext_pillar'] %} |
|
|
|
- {{ pillar.items()[0][0] }}: {{ pillar.items()[0][1] }} |
|
|
|
{% endfor %} |
|
|
|
{% else %} |
|
|
|
@@ -747,17 +747,17 @@ ext_pillar: |
|
|
|
# |
|
|
|
# This is not recommended, since it would allow anyone who gets root on any |
|
|
|
# single minion to instantly have root on all of the minions! |
|
|
|
{% if 'peer' in master %} |
|
|
|
{% if 'peer' in cfg_master %} |
|
|
|
peer: |
|
|
|
{% for name, roots in master['peer'].items() %} |
|
|
|
{% for name, roots in cfg_master['peer'].items() %} |
|
|
|
{{ name }}: |
|
|
|
{% for mod in roots %} |
|
|
|
- {{ mod }} |
|
|
|
{% endfor %} |
|
|
|
{% endfor %} |
|
|
|
{% elif 'peer' in salt %} |
|
|
|
{% elif 'peer' in cfg_salt %} |
|
|
|
peer: |
|
|
|
{% for name, roots in salt['peer'].items() %} |
|
|
|
{% for name, roots in cfg_salt['peer'].items() %} |
|
|
|
{{ name }}: |
|
|
|
{% for mod in roots %} |
|
|
|
- {{ mod }} |
|
|
|
@@ -780,17 +780,17 @@ peer: |
|
|
|
#peer_run: |
|
|
|
# foo.example.com: |
|
|
|
# - manage.up |
|
|
|
{% if 'peer_run' in master %} |
|
|
|
{% if 'peer_run' in cfg_master %} |
|
|
|
peer_run: |
|
|
|
{% for name, roots in master['peer_run'].items() %} |
|
|
|
{% for name, roots in cfg_master['peer_run'].items() %} |
|
|
|
{{ name }}: |
|
|
|
{% for mod in roots %} |
|
|
|
- {{ mod }} |
|
|
|
{% endfor %} |
|
|
|
{% endfor %} |
|
|
|
{% elif 'peer_run' in salt %} |
|
|
|
{% elif 'peer_run' in cfg_salt %} |
|
|
|
peer_run: |
|
|
|
{% for name, roots in salt['peer_run'].items() %} |
|
|
|
{% for name, roots in cfg_salt['peer_run'].items() %} |
|
|
|
{{ name }}: |
|
|
|
{% for mod in roots %} |
|
|
|
- {{ mod }} |
|
|
|
@@ -858,14 +858,14 @@ peer_run: |
|
|
|
# 'salt': 'warning' |
|
|
|
# 'salt.modules': 'debug' |
|
|
|
# |
|
|
|
{% if 'log_granular_levels' in master %} |
|
|
|
{% if 'log_granular_levels' in cfg_master %} |
|
|
|
log_granular_levels: |
|
|
|
{% for name, lvl in master['log_granular_levels'].items() %} |
|
|
|
{% for name, lvl in cfg_master['log_granular_levels'].items() %} |
|
|
|
{{ name }}: {{ lvl }} |
|
|
|
{% endfor %} |
|
|
|
{% elif 'log_granular_levels' in salt %} |
|
|
|
{% elif 'log_granular_levels' in cfg_salt %} |
|
|
|
log_granular_levels: |
|
|
|
{% for name, lvl in salt['log_granular_levels'].items() %} |
|
|
|
{% for name, lvl in cfg_salt['log_granular_levels'].items() %} |
|
|
|
{{ name }}: {{ lvl }} |
|
|
|
{% endfor %} |
|
|
|
{% else %} |
|
|
|
@@ -880,14 +880,14 @@ log_granular_levels: |
|
|
|
#nodegroups: |
|
|
|
# group1: 'L@foo.domain.com,bar.domain.com,baz.domain.com and bl*.domain.com' |
|
|
|
# group2: 'G@os:Debian and foo.domain.com' |
|
|
|
{% if 'nodegroups' in master %} |
|
|
|
{% if 'nodegroups' in cfg_master %} |
|
|
|
nodegroups: |
|
|
|
{% for name, lvl in master['nodegroups'].items() %} |
|
|
|
{% for name, lvl in cfg_master['nodegroups'].items() %} |
|
|
|
{{ name }}: {{ lvl }} |
|
|
|
{% endfor %} |
|
|
|
{% elif 'nodegroups' in salt %} |
|
|
|
{% elif 'nodegroups' in cfg_salt %} |
|
|
|
nodegroups: |
|
|
|
{% for name, lvl in salt['nodegroups'].items() %} |
|
|
|
{% for name, lvl in cfg_salt['nodegroups'].items() %} |
|
|
|
{{ name }}: {{ lvl }} |
|
|
|
{% endfor %} |
|
|
|
{% endif %} |
|
|
|
@@ -909,14 +909,14 @@ nodegroups: |
|
|
|
{{ get_config('win_repo_mastercachefile', '/srv/salt/win/repo/winrepo.p') }} |
|
|
|
|
|
|
|
# List of git repositories to include with the local repo: |
|
|
|
{% if 'win_gitrepos' in master %} |
|
|
|
{% if 'win_gitrepos' in cfg_master %} |
|
|
|
win_gitrepos: |
|
|
|
{% for repo in master['win_gitrepos'] %} |
|
|
|
{% for repo in cfg_master['win_gitrepos'] %} |
|
|
|
- {{ repo }} |
|
|
|
{% endfor %} |
|
|
|
{% elif 'win_gitrepos' in salt %} |
|
|
|
{% elif 'win_gitrepos' in cfg_salt %} |
|
|
|
win_gitrepos: |
|
|
|
{% for repo in salt['win_gitrepos'] %} |
|
|
|
{% for repo in cfg_salt['win_gitrepos'] %} |
|
|
|
- {{ repo }} |
|
|
|
{% endfor %} |
|
|
|
{% else %} |
|
|
|
@@ -929,20 +929,20 @@ win_gitrepos: |
|
|
|
# Which returner(s) will be used for minion's result: |
|
|
|
#return: mysql |
|
|
|
|
|
|
|
{% if 'halite' in master %} |
|
|
|
{% if 'halite' in cfg_master %} |
|
|
|
##### Halite ##### |
|
|
|
########################################## |
|
|
|
halite: |
|
|
|
{% for name, value in master['halite'].items() %} |
|
|
|
{% for name, value in cfg_master['halite'].items() %} |
|
|
|
{{ name }}: {{ value }} |
|
|
|
{% endfor %} |
|
|
|
{% endif %} |
|
|
|
|
|
|
|
{% if 'rest_cherrypy' in master %} |
|
|
|
{% if 'rest_cherrypy' in cfg_master %} |
|
|
|
##### rest_cherrypy ##### |
|
|
|
########################################## |
|
|
|
rest_cherrypy: |
|
|
|
{% for name, value in master['rest_cherrypy'].items() %} |
|
|
|
{% for name, value in cfg_master['rest_cherrypy'].items() %} |
|
|
|
{{ name }}: {{ value }} |
|
|
|
{% endfor %} |
|
|
|
{% endif %} |
Forrest
10 years ago