Saltstack Official Salt Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

472 lines
14KB

  1. # -*- coding: utf-8 -*-
  2. # vim: ft=yaml
  3. ---
  4. salt:
  5. # Set this to true to clean any non-salt-formula managed files out of
  6. # /etc/salt/{master,minion}.d ... You really don't want to do this on 2015.2
  7. # and up as it'll wipe out important files that Salt relies on.
  8. clean_config_d_dir: false
  9. # This state will remove "/etc/salt/minion" when you set this to true.
  10. minion_remove_config: true
  11. # This state will remove "/etc/salt/master" when you set this to true.
  12. master_remove_config: true
  13. # Set this to 'py3' to install the Python 3 packages.
  14. # If this is not set, the Python 2 packages will be installed by default.
  15. py_ver: 'py3'
  16. # Set this to false to not have the formula install packages (in the case you
  17. # install Salt via git/pip/etc.)
  18. install_packages: true
  19. # Optional: set salt version (if install_packages is set to true)
  20. version: 2017.7.2-1.el7
  21. # Pin version provided under 'version' key by using apt-pinning
  22. # available only on Debian family OS-es
  23. pin_version: false
  24. # to overwrite map.jinja salt packages
  25. lookup:
  26. salt_master: 'salt-master'
  27. salt_minion: 'salt-minion'
  28. salt_syndic: 'salt-syndic'
  29. salt_cloud: 'salt-cloud'
  30. salt_ssh: 'salt-ssh'
  31. pyinotify: 'python-pyinotify' # the package to be installed for pyinotify
  32. # Set which release of SaltStack to use, default to 'latest'
  33. # To get the available releases:
  34. # * http://repo.saltstack.com/yum/redhat/7/x86_64/
  35. # * http://repo.saltstack.com/apt/debian/8/amd64/
  36. release: '2018.3'
  37. # MacOS has no package management.
  38. # Instead, we use file.managed to download an appropriate .pkg file and
  39. # macpackage.installed to install it 'version', if set (see above), will be
  40. # used to check the .pkg version to determine if it should be installed
  41. #
  42. # NOTE: if 'version' is not set version comparison will not occur and the
  43. # .pkg WILL NOT be installed if a salt .pkg is already installed
  44. # NOTE: salt_minion_pkg_hash, if set, will be passed into file.managed's
  45. # source_hash, use URL or hash string
  46. # yamllint disable rule:line-length
  47. salt_minion_pkg_source: 'https://repo.saltstack.com/osx/salt-2017.7.4-py3-x86_64.pkg'
  48. salt_minion_pkg_hash: 'https://repo.saltstack.com/osx/salt-2017.7.4-py3-x86_64.pkg.md5'
  49. # yamllint enable rule:line-length
  50. # tofs:
  51. # The files_switch key serves as a selector for alternative
  52. # directories under the formula files directory. See TOFS pattern
  53. # doc for more info.
  54. # Note: Any value not evaluated by `config.get` will be used literally.
  55. # This can be used to set custom paths, as many levels deep as required.
  56. # files_switch:
  57. # - any/path/can/be/used/here
  58. # - id
  59. # - osfinger
  60. # - os
  61. # - os_family
  62. # All aspects of path/file resolution are customisable using the options below.
  63. # This is unnecessary in most cases; there are sensible defaults.
  64. # path_prefix: template_alt
  65. # dirs:
  66. # files: files_alt
  67. # default: default_alt
  68. # source_files:
  69. # salt-master:
  70. # - 'alt_master.d'
  71. # salt-minion:
  72. # - 'alt_minion.d'
  73. # salt master config
  74. master_config_use_TOFS: true
  75. master:
  76. standalone: false
  77. fileserver_backend:
  78. - git
  79. - s3fs
  80. - roots
  81. gitfs_remotes:
  82. - git://github.com/saltstack-formulas/salt-formula.git:
  83. - base: develop
  84. s3.keyid: GKTADJGHEIQSXMKKRBJ08H
  85. s3.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
  86. s3.buckets:
  87. - bucket1
  88. - bucket2
  89. - bucket3
  90. - bucket4
  91. file_roots:
  92. base:
  93. - /srv/salt
  94. pillar_roots:
  95. base:
  96. - /srv/pillar
  97. # for salt-api with tornado rest interface
  98. rest_tornado:
  99. port: 8000
  100. ssl_crt: /etc/pki/api/certs/server.crt
  101. ssl_key: /etc/pki/api/certs/server.key
  102. debug: false
  103. disable_ssl: false
  104. # yamllint disable-line rule:line-length
  105. # for profile configuration as https://docs.saltstack.com/en/latest/topics/tutorials/lxc.html#tutorial-lxc-profiles
  106. lxc.container_profile:
  107. debian:
  108. template: download
  109. options:
  110. dist: debian
  111. release: jessie
  112. arch: amd64
  113. backing: lvm
  114. vgname: kimsufi
  115. size: 10G
  116. lxc.network_profile:
  117. basic:
  118. eth0:
  119. link: lxcbr0
  120. type: veth
  121. flags: up
  122. ## for external auth - LDAP
  123. ## filter to use for Active Directory LDAP
  124. # auth.ldap.filter: {% raw %}'sAMAccountName={{username}}'{% endraw %}
  125. ## filter to use for Most other LDAP servers
  126. # auth.ldap.filter: {% raw %}'uid={{ username }}'{% endraw %}
  127. # Define winrepo provider, by default support order is pygit2, gitpython
  128. # Set to gitpython for Debian & Ubuntu to get around saltstack/salt#35993
  129. # where pygit2 is not compiled with pygit2.GIT_FEATURE_HTTPS support
  130. winrepo_provider: gitpython
  131. # optional engine configuration
  132. engines:
  133. - slack:
  134. token: xoxp-XXXXX-XXXXXXX # use Slack's legacy API token
  135. control: true
  136. valid_users:
  137. - someuser
  138. - otheruser
  139. valid_commands:
  140. - test.ping
  141. - list_jobs
  142. aliases:
  143. list_jobs:
  144. type: runner
  145. cmd: jobs.list_jobs
  146. # Define a master scheduler
  147. schedule:
  148. - update_winrepo:
  149. - function: winrepo.update_git_repos
  150. - hours: 6
  151. # optional: these reactors will be configured on the master
  152. # They override reactors configured in
  153. # 'salt:reactors' or the old 'salt:reactor' parameters
  154. reactors:
  155. - 'master/deploy':
  156. - /srv/salt/reactors/deploy.sls
  157. # salt minion config:
  158. minion_config_use_TOFS: true
  159. minion:
  160. # standalone setup
  161. master_type: false # see init.sls & standalone.sls
  162. # single master setup
  163. master: salt
  164. # multi master setup
  165. # master:
  166. # - salt_master_1
  167. # - salt_master_2
  168. fileserver_backend:
  169. - git
  170. - roots
  171. gitfs_remotes:
  172. - git://github.com/saltstack-formulas/salt-formula.git:
  173. - base: develop
  174. file_roots:
  175. base:
  176. - /srv/salt
  177. pillar_roots:
  178. base:
  179. - /srv/pillar
  180. module_config:
  181. test: true
  182. test.foo: foo
  183. test.bar:
  184. - baz
  185. - quo
  186. test.baz:
  187. spam: sausage
  188. cheese: bread
  189. # salt mine setup
  190. mine_interval: 60
  191. # mine_functions can be set at the top level of the pillar, and
  192. # that is preferable because it doesn't affect the conf file and
  193. # doesn't require a minion restart. However, you can configure it
  194. # here instead if you really want to.
  195. mine_functions:
  196. network.interface_ip: [eth0]
  197. # Define a minion scheduler
  198. schedule:
  199. - highstate:
  200. - function: state.apply
  201. - minutes: 60
  202. - returner: redis
  203. # other 'non-default' config
  204. auth_keytab: /root/auth.keytab
  205. auth_principal: kadmin/admin
  206. # optional engine configuration
  207. engines:
  208. - slack:
  209. token: xoxp-XXXXX-XXXXXXX # use Slack's legacy API token
  210. control: true
  211. valid_users:
  212. - someuser
  213. - otheruser
  214. valid_commands:
  215. - test.ping
  216. - list_jobs
  217. aliases:
  218. list_jobs:
  219. type: runner
  220. cmd: jobs.list_jobs
  221. # optional beacons configuration
  222. beacons:
  223. load:
  224. 1m:
  225. - 0.0
  226. - 2.0
  227. 5m:
  228. - 0.0
  229. - 1.5
  230. 15m:
  231. - 0.1
  232. - 1.0
  233. interval: 10
  234. # Optional reactors: these reactors will be configured on the minion
  235. # They override reactors configured in
  236. # 'salt:reactors' or the old 'salt:reactor' parameters
  237. reactors:
  238. - 'minion/deploy':
  239. - /srv/salt/reactors/deploy.sls
  240. # Optional: Configure an elasticsearch returner
  241. return: elasticsearch
  242. elasticsearch:
  243. hosts:
  244. - example.elasticsearch.host:9200
  245. - example.elasticsearch.host2:9200
  246. index_date: true
  247. index: salt
  248. number_of_shards: 5
  249. number_of_replicas: 2
  250. debug_returner_payload: true
  251. states_count: true
  252. states_order_output: true
  253. states_single_index: true
  254. functions_blacklist:
  255. - test.ping
  256. - saltutil.find_job
  257. # init.sls skips salt.api and salt.syndic states
  258. # unless those dicts are populated with something
  259. api:
  260. somekey: somevalue
  261. syndic:
  262. somekey: somevalue
  263. # salt cloud config
  264. cloud:
  265. master: salt
  266. # For non-templated custom cloud provider/profile/map files
  267. providers:
  268. provider-filename1.conf:
  269. vmware-prod:
  270. driver: vmware
  271. user: myusernameprod
  272. password: mypassword
  273. vmware-nonprod:
  274. driver: vmware
  275. user: myusernamenonprod
  276. password: mypassword
  277. profiles:
  278. profile-filename1.conf:
  279. server-non-prod:
  280. clonefrom: rhel6xtemplatenp
  281. grains:
  282. platform:
  283. name: salt
  284. realm: lab
  285. subscription_level: standard
  286. memory: 8GB
  287. num_cpus: 4
  288. password: sUpErsecretey
  289. provider: vmware-nonprod
  290. maps:
  291. map-filename1.map:
  292. server-non-prod:
  293. - host.mycompany.com:
  294. grains:
  295. environment: dev1
  296. # You can take profile and map templates from an alternate location
  297. # if you want to write your own.
  298. template_sources:
  299. providers: salt://salt/files/cloud.providers.d
  300. profiles: salt://salt/files/cloud.profiles.d
  301. maps: salt://salt/files/cloud.maps.d
  302. # These settings are used by the default provider templates and
  303. # only need to be set for the ones you're using.
  304. aws_key: AWSKEYIJSHJAIJS6JSH
  305. aws_secret: AWSSECRETYkkDY1iQf9zRtl9+pW+Nm+aZY95
  306. gce_project: test
  307. # yamllint disable-line rule:line-length
  308. gce_service_account_email_address: 867543072364-orl4h2tpp8jcn1tr9ipj@developer.gserviceaccount.com
  309. rsos_user: afeawofghob
  310. rsos_tenant: tenant_id_number
  311. rsos_apikey: WFJIOJEOIGHSOFHESO
  312. rsos_regions:
  313. - ORD
  314. - DFW
  315. - IAD
  316. - SYD
  317. - HKG
  318. ssh_roster:
  319. prod1:
  320. host: host.example.com
  321. user: ubuntu
  322. sudo: true
  323. priv: /etc/salt/ssh_keys/sshkey.pem
  324. gitfs:
  325. keys:
  326. global:
  327. # key and pub end up being the extension used on the key file
  328. # values other than key and pub are possible
  329. key: |
  330. -----BEGIN RSA PRIVATE KEY-----
  331. ...........
  332. -----END RSA PRIVATE KEY-----
  333. pub: |
  334. ...........
  335. # These reactors will be configured both in the minion and the master
  336. reactors:
  337. - 'deploy':
  338. - /srv/salt/reactors/deploy.sls
  339. salt_cloud_certs:
  340. aws:
  341. pem: |
  342. -----BEGIN RSA PRIVATE KEY-----
  343. ...........
  344. -----END RSA PRIVATE KEY-----
  345. gce:
  346. pem: |
  347. -----BEGIN RSA PRIVATE KEY-----
  348. ...........
  349. -----END RSA PRIVATE KEY-----
  350. salt_formulas:
  351. git_opts:
  352. # The Git options can be customized differently for each
  353. # environment, if an option is missing in a given environment, the
  354. # value from "default" is used instead.
  355. default:
  356. # URL where the formulas git repositories are downloaded from
  357. # it will be suffixed with <formula-name>.git
  358. baseurl: https://github.com/saltstack-formulas
  359. # Directory where Git repositories are downloaded
  360. basedir: /srv/formulas
  361. # Update the git repository to the latest version (false by default)
  362. update: false
  363. # Options passed directly to the git.latest state
  364. options:
  365. rev: master
  366. user: username
  367. identity: /path/to/.ssh/id_rsa_github_username
  368. dev:
  369. basedir: /srv/formulas/dev
  370. update: true
  371. options:
  372. rev: develop
  373. # Alternatively, a single directory with multiple branches can be used
  374. # E.g. It is strongly recommended to fork saltstack-formula repositories
  375. # to avoid unexpected changes to your infrastructure
  376. # Then upstream changes can be merged in manually with due consideration
  377. # Specific values for `rev`, `user` & `identity` will override the defaults
  378. production:
  379. baseurl: git@github.com:username
  380. options:
  381. branch: master
  382. remote: origin
  383. staging:
  384. baseurl: git@github.com:username
  385. options:
  386. branch: staging
  387. remote: origin
  388. rev: staging
  389. upstream:
  390. baseurl: git@github.com:saltstack-formulas
  391. update: true
  392. options:
  393. branch: upstream
  394. remote: upstream
  395. # Options of the file.directory state that creates the directory where
  396. # the git repositories of the formulas are stored
  397. basedir_opts:
  398. makedirs: true
  399. user: root
  400. group: root
  401. mode: 755
  402. # Explicitly checkout the original branch for repos after the
  403. # git.latest states have been processed (false by default)
  404. # Enable if using the alternative method (single directory, multiple branches)
  405. checkout_orig_branch: true
  406. # List of formulas to enable in each environment
  407. list:
  408. base:
  409. - salt-formula
  410. - postfix-formula
  411. - nginx-formula: # We can also override some options per formula
  412. rev: 'v1.1.0' # Pin a version
  413. - openssh-formula:
  414. rev: '3e01ad8' # or pin a commit id
  415. dev:
  416. - salt-formula
  417. - postfix-formula
  418. - openssh-formula
  419. - nginx-formula:
  420. # You can also pull from another location
  421. name: 'https://github.com/another-fork-location/salt-formula.git'
  422. rev: 'feat/feature'
  423. # Likewise for the alternative method (single directory, multiple branches)
  424. production:
  425. - salt-formula
  426. - openssh-formula
  427. staging:
  428. - salt-formula
  429. - postfix-formula
  430. - openssh-formula
  431. upstream:
  432. - salt-formula
  433. - postfix-formula
  434. - openssh-formula