ExternalMirrors
/
old-salt-formula
mirror of https://github.com/saltstack-formulas/salt-formula
Watch 1
Star 0
Fork 1
Code Issues 0 Releases 68 Wiki Activity
Saltstack Official Salt Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
978 Commits
3 Branches
Tree: 1a8512d77f
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '1a8512d77f'
${ noResults }
old-salt-formula/pillar.example

477 lines
14KB
Raw Blame History 

  1. # -*- coding: utf-8 -*-

  2. # vim: ft=yaml

  3. ---

  4. salt:

  5.   # Set this to true to clean any non-salt-formula managed files out of

  6.   # /etc/salt/{master,minion}.d ... You really don't want to do this on 2015.2

  7.   # and up as it'll wipe out important files that Salt relies on.

  8.   clean_config_d_dir: false

  9. 

  10.   # This state will remove "/etc/salt/minion" when you set this to true.

  11.   minion_remove_config: true

  12. 

  13.   # This state will remove "/etc/salt/master" when you set this to true.

  14.   master_remove_config: true

  15. 

  16.   # Set this to 'py3' to install the Python 3 packages.

  17.   # If this is not set, the Python 2 packages will be installed by default.

  18.   py_ver: 'py3'

  19. 

  20.   # Set this to false to not have the formula install packages (in the case you

  21.   # install Salt via git/pip/etc.)

  22.   install_packages: true

  23. 

  24.   # Optional: set salt version (if install_packages is set to true)

  25.   version: 2017.7.2-1.el7

  26. 

  27.   # Pin version provided under 'version' key by using apt-pinning

  28.   # available only on Debian family OS-es

  29.   pin_version: false

  30. 

  31.   # to overwrite map.jinja salt packages

  32.   lookup:

  33.     salt_master: 'salt-master'

  34.     salt_minion: 'salt-minion'

  35.     salt_syndic: 'salt-syndic'

  36.     salt_cloud: 'salt-cloud'

  37.     salt_ssh: 'salt-ssh'

  38.     pyinotify: 'python-pyinotify'  # the package to be installed for pyinotify

  39. 

  40.   # Set which salt repository to use, default to https://repo.saltproject.io

  41.   # For older releases use https://archive.repo.saltproject.io

  42.   repo: 'https://archive.repo.saltproject.io'

  43. 

  44.   # Set which release of SaltStack to use, default to 'latest'

  45.   # To get the available releases:

  46.   # * http://repo.saltproject.io/yum/redhat/7/x86_64/

  47.   # * http://repo.saltproject.io/apt/debian/8/amd64/

  48.   release: '2018.3'

  49. 

  50.   # MacOS has no package management.

  51.   # Instead, we use file.managed to download an appropriate .pkg file and

  52.   # macpackage.installed to install it 'version', if set (see above), will be

  53.   # used to check the .pkg version to determine if it should be installed

  54.   #

  55.   # NOTE: if 'version' is not set version comparison will not occur and the

  56.   # .pkg WILL NOT be installed if a salt .pkg is already installed

  57.   # NOTE: salt_minion_pkg_hash, if set, will be passed into file.managed's

  58.   # source_hash, use URL or hash string

  59.   # yamllint disable rule:line-length

  60.   salt_minion_pkg_source: 'https://repo.saltproject.io/osx/salt-2017.7.4-py3-x86_64.pkg'

  61.   salt_minion_pkg_hash: 'https://repo.saltproject.io/osx/salt-2017.7.4-py3-x86_64.pkg.md5'

  62.   # yamllint enable rule:line-length

  63. 

  64.   # tofs:

  65.   #   The files_switch key serves as a selector for alternative

  66.   #   directories under the formula files directory. See TOFS pattern

  67.   #   doc for more info.

  68.   #   Note: Any value not evaluated by `config.get` will be used literally.

  69.   #   This can be used to set custom paths, as many levels deep as required.

  70.   #   files_switch:

  71.   #     - any/path/can/be/used/here

  72.   #     - id

  73.   #     - osfinger

  74.   #     - os

  75.   #     - os_family

  76.   #   All aspects of path/file resolution are customisable using the options below.

  77.   #   This is unnecessary in most cases; there are sensible defaults.

  78.   #   path_prefix: template_alt

  79.   #   dirs:

  80.   #     files: files_alt

  81.   #     default: default_alt

  82.   #   source_files:

  83.   #     salt-master:

  84.   #       - 'alt_master.d'

  85.   #     salt-minion:

  86.   #       - 'alt_minion.d'

  87. 

  88.   # salt master config

  89.   master_config_use_TOFS: true

  90.   master:

  91.     standalone: false

  92.     fileserver_backend:

  93.       - git

  94.       - s3fs

  95.       - roots

  96.     gitfs_remotes:

  97.       - git://github.com/saltstack-formulas/salt-formula.git:

  98.           - base: develop

  99.     s3.keyid: GKTADJGHEIQSXMKKRBJ08H

  100.     s3.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs

  101.     s3.buckets:

  102.       - bucket1

  103.       - bucket2

  104.       - bucket3

  105.       - bucket4

  106.     file_roots:

  107.       base:

  108.         - /srv/salt

  109.     pillar_roots:

  110.       base:

  111.         - /srv/pillar

  112.     # for salt-api with tornado rest interface

  113.     rest_tornado:

  114.       port: 8000

  115.       ssl_crt: /etc/pki/api/certs/server.crt

  116.       ssl_key: /etc/pki/api/certs/server.key

  117.       debug: false

  118.       disable_ssl: false

  119.       # yamllint disable-line rule:line-length

  120.     # for profile configuration as https://docs.saltstack.com/en/latest/topics/tutorials/lxc.html#tutorial-lxc-profiles

  121.     lxc.container_profile:

  122.       debian:

  123.         template: download

  124.         options:

  125.           dist: debian

  126.           release: jessie

  127.           arch: amd64

  128.         backing: lvm

  129.         vgname: kimsufi

  130.         size: 10G

  131.     lxc.network_profile:

  132.       basic:

  133.         eth0:

  134.           link: lxcbr0

  135.           type: veth

  136.           flags: up

  137.     ## for external auth - LDAP

  138.     ## filter to use for Active Directory LDAP

  139.     # auth.ldap.filter: {% raw %}'sAMAccountName={{username}}'{% endraw %}

  140.     ## filter to use for Most other LDAP servers

  141.     # auth.ldap.filter: {% raw %}'uid={{ username }}'{% endraw %}

  142. 

  143.     # Define winrepo provider, by default support order is pygit2, gitpython

  144.     # Set to gitpython for Debian & Ubuntu to get around saltstack/salt#35993

  145.     # where pygit2 is not compiled with pygit2.GIT_FEATURE_HTTPS support

  146.     winrepo_provider: gitpython

  147. 

  148.     # optional engine configuration

  149.     engines:

  150.       - slack:

  151.           token: xoxp-XXXXX-XXXXXXX   # use Slack's legacy API token

  152.           control: true

  153.           valid_users:

  154.             - someuser

  155.             - otheruser

  156.           valid_commands:

  157.             - test.ping

  158.             - list_jobs

  159.           aliases:

  160.             list_jobs:

  161.               type: runner

  162.               cmd: jobs.list_jobs

  163. 

  164.     # optional: these reactors will be configured on the master

  165.     # They override reactors configured in

  166.     # 'salt:reactors' or the old 'salt:reactor' parameters

  167.     reactors:

  168.       - 'master/deploy':

  169.           - /srv/salt/reactors/deploy.sls

  170. 

  171.   # salt minion config:

  172.   minion_config_use_TOFS: true

  173.   minion:

  174. 

  175.     # standalone setup

  176.     master_type: str   # see init.sls & standalone.sls

  177. 

  178.     # single master setup

  179.     master: salt

  180. 

  181.     # multi master setup

  182.     # master:

  183.     #   - salt_master_1

  184.     #   - salt_master_2

  185. 

  186.     fileserver_backend:

  187.       - git

  188.       - roots

  189.     gitfs_remotes:

  190.       - git://github.com/saltstack-formulas/salt-formula.git:

  191.           - base: develop

  192.     file_roots:

  193.       base:

  194.         - /srv/salt

  195.     pillar_roots:

  196.       base:

  197.         - /srv/pillar

  198.     module_config:

  199.       test: true

  200.       test.foo: foo

  201.       test.bar:

  202.         - baz

  203.         - quo

  204.       test.baz:

  205.         spam: sausage

  206.         cheese: bread

  207. 

  208.     # salt mine setup

  209.     mine_interval: 60

  210.     # mine_functions can be set at the top level of the pillar, and

  211.     # that is preferable because it doesn't affect the conf file and

  212.     # doesn't require a minion restart. However, you can configure it

  213.     # here instead if you really want to.

  214.     mine_functions:

  215.       network.interface_ip: [eth0]

  216. 

  217.     # Define a minion scheduler

  218.     schedule:

  219.       - highstate:

  220.           - function: state.apply

  221.           - minutes: 60

  222.           - returner: redis

  223. 

  224.     # other 'non-default' config

  225.     auth_keytab: /root/auth.keytab

  226.     auth_principal: kadmin/admin

  227. 

  228.     # optional engine configuration

  229.     engines:

  230.       - slack:

  231.           token: xoxp-XXXXX-XXXXXXX   # use Slack's legacy API token

  232.           control: true

  233.           valid_users:

  234.             - someuser

  235.             - otheruser

  236.           valid_commands:

  237.             - test.ping

  238.             - list_jobs

  239.           aliases:

  240.             list_jobs:

  241.               type: runner

  242.               cmd: jobs.list_jobs

  243. 

  244.     # optional beacons configuration

  245.     beacons:

  246.       load:

  247.         1m:

  248.           - 0.0

  249.           - 2.0

  250.         5m:

  251.           - 0.0

  252.           - 1.5

  253.         15m:

  254.           - 0.1

  255.           - 1.0

  256.         interval: 10

  257. 

  258.     # Optional reactors: these reactors will be configured on the minion

  259.     # They override reactors configured in

  260.     # 'salt:reactors' or the old 'salt:reactor' parameters

  261.     reactors:

  262.       - 'minion/deploy':

  263.           - /srv/salt/reactors/deploy.sls

  264. 

  265.     # Optional: Configure an elasticsearch returner

  266.     return: elasticsearch

  267.     elasticsearch:

  268.       hosts:

  269.         - example.elasticsearch.host:9200

  270.         - example.elasticsearch.host2:9200

  271.       index_date: true

  272.       index: salt

  273.       number_of_shards: 5

  274.       number_of_replicas: 2

  275.       debug_returner_payload: true

  276.       states_count: true

  277.       states_order_output: true

  278.       states_single_index: true

  279.       functions_blacklist:

  280.         - test.ping

  281.         - saltutil.find_job

  282. 

  283.   # init.sls skips salt.api and salt.syndic states

  284.   # unless those dicts are populated with something

  285.   api:

  286.     somekey: somevalue

  287.   syndic:

  288.     somekey: somevalue

  289. 

  290.   # salt cloud config

  291.   cloud:

  292.     master: salt

  293. 

  294.     # For non-templated custom cloud provider/profile/map files

  295.     providers:

  296.       provider-filename1.conf:

  297.         vmware-prod:

  298.           driver: vmware

  299.           user: myusernameprod

  300.           password: mypassword

  301.         vmware-nonprod:

  302.           driver: vmware

  303.           user: myusernamenonprod

  304.           password: mypassword

  305.     profiles:

  306.       profile-filename1.conf:

  307.         server-non-prod:

  308.           clonefrom: rhel6xtemplatenp

  309.           grains:

  310.             platform:

  311.               name: salt

  312.               realm: lab

  313.             subscription_level: standard

  314.           memory: 8GB

  315.           num_cpus: 4

  316.           password: sUpErsecretey

  317.           provider: vmware-nonprod

  318.     maps:

  319.       map-filename1.map:

  320.         server-non-prod:

  321.           - host.mycompany.com:

  322.               grains:

  323.                 environment: dev1

  324. 

  325.     # You can take profile and map templates from an alternate location

  326.     # if you want to write your own.

  327.     template_sources:

  328.       providers: salt://salt/files/cloud.providers.d

  329.       profiles: salt://salt/files/cloud.profiles.d

  330.       maps: salt://salt/files/cloud.maps.d

  331. 

  332.     # These settings are used by the default provider templates and

  333.     # only need to be set for the ones you're using.

  334.     aws_key: AWSKEYIJSHJAIJS6JSH

  335.     aws_secret: AWSSECRETYkkDY1iQf9zRtl9+pW+Nm+aZY95

  336.     gce_project: test

  337.     # yamllint disable-line rule:line-length

  338.     gce_service_account_email_address: 867543072364-orl4h2tpp8jcn1tr9ipj@developer.gserviceaccount.com

  339.     rsos_user: afeawofghob

  340.     rsos_tenant: tenant_id_number

  341.     rsos_apikey: WFJIOJEOIGHSOFHESO

  342.     rsos_regions:

  343.       - ORD

  344.       - DFW

  345.       - IAD

  346.       - SYD

  347.       - HKG

  348. 

  349.   ssh_roster:

  350.     prod1:

  351.       host: host.example.com

  352.       user: ubuntu

  353.       sudo: true

  354.       priv: /etc/salt/ssh_keys/sshkey.pem

  355.   gitfs:

  356.     keys:

  357.       global:

  358.         # key and pub end up being the extension used on the key file

  359.         # values other than key and pub are possible

  360.         key: |

  361.           -----BEGIN RSA PRIVATE KEY-----

  362.           ...........

  363.           -----END RSA PRIVATE KEY-----

  364.         pub: |

  365.           ...........

  366. 

  367.   # These reactors will be configured both in the minion and the master

  368.   reactors:

  369.     - 'deploy':

  370.         - /srv/salt/reactors/deploy.sls

  371. 

  372.   # https://docs.saltstack.com/en/latest/ref/states/requisites.html#retrying-states

  373.   retry_options:

  374.     attempts: 2

  375.     until: true

  376.     interval: 10

  377.     splay: 10

  378. 

  379. salt_cloud_certs:

  380.   aws:

  381.     pem: |

  382.       -----BEGIN RSA PRIVATE KEY-----

  383.       ...........

  384.       -----END RSA PRIVATE KEY-----

  385. 

  386.   gce:

  387.     pem: |

  388.       -----BEGIN RSA PRIVATE KEY-----

  389.       ...........

  390.       -----END RSA PRIVATE KEY-----

  391. 

  392. salt_formulas:

  393.   git_opts:

  394.     # The Git options can be customized differently for each

  395.     # environment, if an option is missing in a given environment, the

  396.     # value from "default" is used instead.

  397.     default:

  398.       # URL where the formulas git repositories are downloaded from

  399.       # it will be suffixed with <formula-name>.git

  400.       baseurl: https://github.com/saltstack-formulas

  401.       # Directory where Git repositories are downloaded

  402.       basedir: /srv/formulas

  403.       # Update the git repository to the latest version (false by default)

  404.       update: false

  405.       # Options passed directly to the git.latest state

  406.       options:

  407.         rev: master

  408.         user: username

  409.         identity: /path/to/.ssh/id_rsa_github_username

  410.     dev:

  411.       basedir: /srv/formulas/dev

  412.       update: true

  413.       options:

  414.         rev: develop

  415.     # Alternatively, a single directory with multiple branches can be used

  416.     # E.g. It is strongly recommended to fork saltstack-formula repositories

  417.     #      to avoid unexpected changes to your infrastructure

  418.     # Then upstream changes can be merged in manually with due consideration

  419.     # Specific values for `rev`, `user` & `identity` will override the defaults

  420.     production:

  421.       baseurl: git@github.com:username

  422.       options:

  423.         branch: master

  424.         remote: origin

  425.     staging:

  426.       baseurl: git@github.com:username

  427.       options:

  428.         branch: staging

  429.         remote: origin

  430.         rev: staging

  431.     upstream:

  432.       baseurl: git@github.com:saltstack-formulas

  433.       update: true

  434.       options:

  435.         branch: upstream

  436.         remote: upstream

  437.   # Options of the file.directory state that creates the directory where

  438.   # the git repositories of the formulas are stored

  439.   basedir_opts:

  440.     makedirs: true

  441.     user: root

  442.     group: root

  443.     mode: 755

  444.   # Explicitly checkout the original branch for repos after the

  445.   # git.latest states have been processed (false by default)

  446.   # Enable if using the alternative method (single directory, multiple branches)

  447.   checkout_orig_branch: true

  448.   # List of formulas to enable in each environment

  449.   list:

  450.     base:

  451.       - salt-formula

  452.       - postfix-formula

  453.       - nginx-formula:  # We can also override some options per formula

  454.           rev: 'v1.1.0'  # Pin a version

  455.       - openssh-formula:

  456.           rev: '3e01ad8'  # or pin a commit id

  457.     dev:

  458.       - salt-formula

  459.       - postfix-formula

  460.       - openssh-formula

  461.       - nginx-formula:

  462.           # You can also pull from another location

  463.           name: 'https://github.com/another-fork-location/salt-formula.git'

  464.           rev: 'feat/feature'

  465.     # Likewise for the alternative method (single directory, multiple branches)

  466.     production:

  467.       - salt-formula

  468.       - openssh-formula

  469.     staging:

  470.       - salt-formula

  471.       - postfix-formula

  472.       - openssh-formula

  473.     upstream:

  474.       - salt-formula

  475.       - postfix-formula

  476.       - openssh-formula