浏览代码

Merge pull request #19 from tiger-seo/master

sync with https://github.com/saltstack/salt/blob/v0.17.4/conf/master and minion
tags/v0.57.0
Seth House 11 年前
父节点
当前提交
e45258d633
共有 2 个文件被更改,包括 102 次插入60 次删除
  1. +77
    -47
      salt/files/master
  2. +25
    -13
      salt/files/minion

+ 77
- 47
salt/files/master 查看文件

# This file managed by Salt, do not edit by hand!! # This file managed by Salt, do not edit by hand!!
# Based on salt version 0.16.3 default config
# Based on salt version 0.17.4 default config
{% set salt = pillar.get('salt', {}) -%} {% set salt = pillar.get('salt', {}) -%}
{% set master = salt.get('master', {}) -%} {% set master = salt.get('master', {}) -%}
{%- macro get_config(configname, default_value) -%} {%- macro get_config(configname, default_value) -%}


# The root directory prepended to these options: pki_dir, cachedir, # The root directory prepended to these options: pki_dir, cachedir,
# sock_dir, log_file, autosign_file, extension_modules, key_logfile, pidfile. # sock_dir, log_file, autosign_file, extension_modules, key_logfile, pidfile.
#root_dir: /
{{ get_config('root_dir', '/') }} {{ get_config('root_dir', '/') }}


# Directory used to store public key data # Directory used to store public key data
# Set the directory used to hold unix sockets # Set the directory used to hold unix sockets
{{ get_config('sock_dir', '/var/run/salt/master') }} {{ get_config('sock_dir', '/var/run/salt/master') }}


# The master can take a while to start up when lspci and/or dmidecode is used
# to populate the grains for the master. Enable if you want to see GPU hardware
# data for your master.
#
{{ get_config('enable_gpu_grains', 'False') }}

# The master maintains a job cache, while this is a great addition it can be # The master maintains a job cache, while this is a great addition it can be
# a burden on the master for larger deployments (over 5000 minions). # a burden on the master for larger deployments (over 5000 minions).
# Disabling the job cache will make previously executed jobs unavailable to # Disabling the job cache will make previously executed jobs unavailable to
# #
# #
# Include a config file from some other path: # Include a config file from some other path:
# include: /etc/salt/extra_config
#include: /etc/salt/extra_config
# #
# Include config from several files and directories: # Include config from several files and directories:
# include:
# - /etc/salt/extra_config
#include:
# - /etc/salt/extra_config
{{ get_config('include', '[]') }} {{ get_config('include', '[]') }}




# capabilities to non root users. By default this capability is completely # capabilities to non root users. By default this capability is completely
# disabled. # disabled.
# #
# client_acl:
# larry:
# - test.ping
# - network.*
#client_acl:
# larry:
# - test.ping
# - network.*
# #
{{ get_config('client_acl', '{}') }} {{ get_config('client_acl', '{}') }}


- {{ mod }} - {{ mod }}
{% endfor -%} {% endfor -%}
{% else -%} {% else -%}
# client_acl_blacklist:
# users:
# - root
# - '^(?!sudo_).*$' # all non sudo users
# modules:
# - cmd
#client_acl_blacklist:
# users:
# - root
# - '^(?!sudo_).*$' # all non sudo users
# modules:
# - cmd
{%- endif %} {%- endif %}


# The external auth system uses the Salt auth modules to authenticate and # The external auth system uses the Salt auth modules to authenticate and
# validate users to access areas of the Salt system. # validate users to access areas of the Salt system.
# #
# external_auth:
# pam:
# fred:
# - test.*
#external_auth:
# pam:
# fred:
# - test.*
# #
{{ get_config('external_auth', '{}') }} {{ get_config('external_auth', '{}') }}


# will be terse unless a state failed, in which case that output will be full. # will be terse unless a state failed, in which case that output will be full.
{{ get_config('state_output', 'full') }} {{ get_config('state_output', 'full') }}



##### File Server settings ##### ##### File Server settings #####
########################################## ##########################################
# Salt runs a lightweight file server written in zeromq to deliver files to # Salt runs a lightweight file server written in zeromq to deliver files to
- {{ glob }} - {{ glob }}
{% endfor -%} {% endfor -%}
{% else -%} {% else -%}
#file_ignore_glob:
# file_ignore_glob:
# - '*.pyc' # - '*.pyc'
# - '*/somefolder/*.bak' # - '*/somefolder/*.bak'
# - '*.swp'
{%- endif %} {%- endif %}


# File Server Backend # File Server Backend
# configured and will be searched for the requested file in the order in which # configured and will be searched for the requested file in the order in which
# they are defined here. The default setting only enables the standard backend # they are defined here. The default setting only enables the standard backend
# "roots" which uses the "file_roots" option. # "roots" which uses the "file_roots" option.
#
#fileserver_backend: #fileserver_backend:
# - roots # - roots
#
# To use multiple backends list them in the order they are searched: # To use multiple backends list them in the order they are searched:
# fileserver_backend:
# - git
# - roots
#
#fileserver_backend:
# - git
# - roots
{% if 'fileserver_backend' in master -%} {% if 'fileserver_backend' in master -%}
fileserver_backend: fileserver_backend:
{%- for backend in master['fileserver_backend'] %} {%- for backend in master['fileserver_backend'] %}
- {{ backend }} - {{ backend }}
{% endfor -%} {% endfor -%}
{% endif %} {% endif %}
#
# By default, the Salt fileserver recurses fully into all defined environments
# to attempt to find files. To limit this behavior so that the fileserver only
# traverses directories with SLS files and special Salt directories like _modules,
# enable the option below. This might be useful for installations where a file root
# has a very large number of files and performance is impacted. Default is False.
#
{{ get_config('fileserver_limit_traversal', 'False') }}
#
# Git fileserver backend configuration # Git fileserver backend configuration
# When using the git fileserver backend at least one git remote needs to be # When using the git fileserver backend at least one git remote needs to be
# defined. The user running the salt master will need read access to the repo. # defined. The user running the salt master will need read access to the repo.
# gitfs_remotes:
# - git://github.com/saltstack/salt-states.git
# - file:///var/git/saltmaster
#
#gitfs_remotes:
# - git://github.com/saltstack/salt-states.git
# - file:///var/git/saltmaster
#
# The repos will be searched in order to find the file requested by a client # The repos will be searched in order to find the file requested by a client
# and the first repo to have the file will return it. # and the first repo to have the file will return it.
# When using the git backend branches and tags are translated into salt # When using the git backend branches and tags are translated into salt
{%- for remote in master['gitfs_remotes'] %} {%- for remote in master['gitfs_remotes'] %}
- {{ remote }}{% endfor -%} - {{ remote }}{% endfor -%}
{%- endif %} {%- endif %}
#
# The gitfs_root option gives the ability to serve files from a subdirectory
# within the repository. The path is defined relative to the root of the
# repository and defaults to the repository root.
{{ get_config('gitfs_root', 'somefolder/otherfolder') }}




##### Pillar settings ##### ##### Pillar settings #####
- {{ pillar.items()[0][0] }}: {{ pillar.items()[0][1] }} - {{ pillar.items()[0][0] }}: {{ pillar.items()[0][1] }}
{% endfor -%} {% endfor -%}
{% else %} {% else %}
# ext_pillar:
# - hiera: /etc/hiera.yaml
# - cmd_yaml: cat /etc/salt/yaml
#ext_pillar:
# - hiera: /etc/hiera.yaml
# - cmd_yaml: cat /etc/salt/yaml
{%- endif %} {%- endif %}


# The pillar_opts option adds the master configuration file data to a dict in # The pillar_opts option adds the master configuration file data to a dict in
# of regular expressions to match functions. The following will allow the # of regular expressions to match functions. The following will allow the
# minion authenticated as foo.example.com to execute functions from the test # minion authenticated as foo.example.com to execute functions from the test
# and pkg modules. # and pkg modules.
# peer:
# foo.example.com:
# - test.*
# - pkg.*
#
#peer:
# foo.example.com:
# - test.*
# - pkg.*
# #
# This will allow all minions to execute all commands: # This will allow all minions to execute all commands:
# peer:
# .*:
# - .*
#
#peer:
# .*:
# - .*
#
# This is not recommended, since it would allow anyone who gets root on any # This is not recommended, since it would allow anyone who gets root on any
# single minion to instantly have root on all of the minions! # single minion to instantly have root on all of the minions!
{% if 'peer' in master -%} {% if 'peer' in master -%}
# All peer runner support is turned off by default and must be enabled before # All peer runner support is turned off by default and must be enabled before
# using. This will enable all peer runners for all minions: # using. This will enable all peer runners for all minions:
# #
# peer_run:
# .*:
# - .*
#peer_run:
# .*:
# - .*
# #
# To enable just the manage.up runner for the minion foo.example.com: # To enable just the manage.up runner for the minion foo.example.com:
# #
# peer_run:
# foo.example.com:
# - manage.up
#peer_run:
# foo.example.com:
# - manage.up
{% if 'peer_run' in master -%} {% if 'peer_run' in master -%}
peer_run: peer_run:
{% for name, roots in master['peer_run'].items() -%} {% for name, roots in master['peer_run'].items() -%}
#log_granular_levels: {} #log_granular_levels: {}
{% endif %} {% endif %}



##### Node Groups ##### ##### Node Groups #####
########################################## ##########################################
# Node groups allow for logical groupings of minion nodes. # Node groups allow for logical groupings of minion nodes.
# A group consists of a group name and a compound target. # A group consists of a group name and a compound target.
# #
# nodegroups:
# group1: 'L@foo.domain.com,bar.domain.com,baz.domain.com and bl*.domain.com'
# group2: 'G@os:Debian and foo.domain.com'
#nodegroups:
# group1: 'L@foo.domain.com,bar.domain.com,baz.domain.com and bl*.domain.com'
# group2: 'G@os:Debian and foo.domain.com'
{% if 'nodegroups' in master %} {% if 'nodegroups' in master %}
nodegroups: nodegroups:
{% for name, lvl in master['nodegroups'] %} {% for name, lvl in master['nodegroups'] %}
- {{ repo }} - {{ repo }}
{% endfor -%} {% endfor -%}
{% else %} {% else %}
# win_gitrepos:
# - 'https://github.com/saltstack/salt-winrepo.git'
#win_gitrepos:
# - 'https://github.com/saltstack/salt-winrepo.git'
{% endif %} {% endif %}

+ 25
- 13
salt/files/minion 查看文件

# This file managed by Salt, do not edit by hand!! # This file managed by Salt, do not edit by hand!!
# Based on salt version 0.16.3 default config
# Based on salt version 0.17.4 default config
{% set salt = pillar.get('salt', {}) -%} {% set salt = pillar.get('salt', {}) -%}
{% set minion = salt.get('minion', {}) -%} {% set minion = salt.get('minion', {}) -%}
{%- macro get_config(configname, default_value) -%} {%- macro get_config(configname, default_value) -%}
# Set the location of the salt master server, if the master server cannot be # Set the location of the salt master server, if the master server cannot be
# resolved, then the minion will fail to start. # resolved, then the minion will fail to start.
{{ get_config('master', 'salt') }} {{ get_config('master', 'salt') }}

# Set whether the minion should connect to the master via IPv6 # Set whether the minion should connect to the master via IPv6
{{ get_config('ipv6', 'False') }} {{ get_config('ipv6', 'False') }}


# /etc/ssh/sshd_config: # /etc/ssh/sshd_config:
# file.managed: # file.managed:
# - source: salt://ssh/sshd_config # - source: salt://ssh/sshd_config
# - backup: minion
# - backup: minion
# #
{{ get_config('backup_mode', 'minion') }} {{ get_config('backup_mode', 'minion') }}


{{ get_config('random_reauth_delay', '60') }} {{ get_config('random_reauth_delay', '60') }}




# If you dont have any problems with syn-floods, dont bother with the
# If you don't have any problems with syn-floods, dont bother with the
# three recon_* settings described below, just leave the defaults! # three recon_* settings described below, just leave the defaults!
# #
# The ZeroMQ pull-socket that binds to the masters publishing interface tries # The ZeroMQ pull-socket that binds to the masters publishing interface tries
# The goal: have all minions reconnect within a 60 second timeframe on a disconnect # The goal: have all minions reconnect within a 60 second timeframe on a disconnect
# #
# The settings: # The settings:
# recon_default: 1000
# recon_max: 59000
# recon_randomize: True
#recon_default: 1000
#recon_max: 59000
#recon_randomize: True
# #
# Each minion will have a randomized reconnect value between 'recon_default' # Each minion will have a randomized reconnect value between 'recon_default'
# and 'recon_default + recon_max', which in this example means between 1000ms # and 'recon_default + recon_max', which in this example means between 1000ms
# include: /etc/salt/extra_config # include: /etc/salt/extra_config
# #
# Include config from several files and directories: # Include config from several files and directories:
# include:
#include:
# - /etc/salt/extra_config # - /etc/salt/extra_config
# - /etc/roles/webserver # - /etc/roles/webserver
{% if 'include' in minion -%} {% if 'include' in minion -%}
# overwritten by the specified module. In this example the pkg module will # overwritten by the specified module. In this example the pkg module will
# be provided by the yumpkg5 module instead of the system default. # be provided by the yumpkg5 module instead of the system default.
# #
# providers:
# pkg: yumpkg5
#providers:
# pkg: yumpkg5
{{ get_config('providers', '{}') }} {{ get_config('providers', '{}') }}
# #
# Enable Cython modules searching and loading. (Default: False) # Enable Cython modules searching and loading. (Default: False)
# - hyper # - hyper
{{ get_config('sls_list', '[]') }} {{ get_config('sls_list', '[]') }}
# top file to execute if startup_states is 'top' # top file to execute if startup_states is 'top'
{{ get_config('', "''") }}
{{ get_config('top_file', "''") }}


##### File Directory Settings ##### ##### File Directory Settings #####
########################################## ##########################################
# copied completely onto the minion. This is a literal copy of the settings on # copied completely onto the minion. This is a literal copy of the settings on
# the master but used to reference a local directory on the minion. # the master but used to reference a local directory on the minion.


# Set the file client, the client defaults to looking on the master server for
# Set the file client. The client defaults to looking on the master server for
# files, but can be directed to look at the local file directory setting # files, but can be directed to look at the local file directory setting
# defined below by setting it to local. # defined below by setting it to local.
{{ get_config('file_client', 'remote') }} {{ get_config('file_client', 'remote') }}
# - /srv/salt # - /srv/salt
{%- endif %} {%- endif %}


# By default, the Salt fileserver recurses fully into all defined environments
# to attempt to find files. To limit this behavior so that the fileserver only
# traverses directories with SLS files and special Salt directories like _modules,
# enable the option below. This might be useful for installations where a file root
# has a very large number of files and performance is negatively impacted.
#
# Default is False.
#
{{ get_config('fileserver_limit_traversal', 'False') }}

# The hash_type is the hash to use when discovering the hash of a file in # The hash_type is the hash to use when discovering the hash of a file in
# the minion directory, the default is md5, but sha1, sha224, sha256, sha384
# the local fileserver. The default is md5, but sha1, sha224, sha256, sha384
# and sha512 are also supported. # and sha512 are also supported.
{{ get_config('hash_type', 'md5') }} {{ get_config('hash_type', 'md5') }}


# The level of messages to send to the log file. # The level of messages to send to the log file.
# One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'. # One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'.
# Default: 'warning' # Default: 'warning'
{{ get_config('log_level_logfile', 'warning') }}
{{ get_config('log_level_logfile', '') }}


# The date and time format used in log messages. Allowed date/time formating # The date and time format used in log messages. Allowed date/time formating
# can be seen here: http://docs.python.org/library/time.html#time.strftime # can be seen here: http://docs.python.org/library/time.html#time.strftime
{%- endfor %} {%- endfor %}
{%- endif %} {%- endif %}



###### Update settings ###### ###### Update settings ######
########################################### ###########################################
# Using the features in Esky, a salt minion can both run as a frozen app and # Using the features in Esky, a salt minion can both run as a frozen app and

正在加载...
取消
保存