Saltstack Official Salt Formula
Nelze vybrat více než 25 témat Téma musí začínat písmenem nebo číslem, může obsahovat pomlčky („-“) a může být dlouhé až 35 znaků.

483 lines
14KB

  1. # -*- coding: utf-8 -*-
  2. # vim: ft=yaml
  3. ---
  4. salt:
  5. # Set this to true to clean any non-salt-formula managed files out of
  6. # /etc/salt/{master,minion}.d ... You really don't want to do this on 2015.2
  7. # and up as it'll wipe out important files that Salt relies on.
  8. clean_config_d_dir: false
  9. # This state will remove "/etc/salt/minion" when you set this to true.
  10. minion_remove_config: true
  11. # This state will remove "/etc/salt/master" when you set this to true.
  12. master_remove_config: true
  13. # Set this to 'py3' to install the Python 3 packages.
  14. # The default varies between OS versions.
  15. py_ver: 'py3'
  16. # Set this to false to not have the formula install packages (in the case you
  17. # install Salt via git/pip/etc.)
  18. install_packages: true
  19. # Optional: set salt version (if install_packages is set to true)
  20. version: 2017.7.2-1.el7
  21. # Pin version provided under 'version' key by using apt-pinning
  22. # available only on Debian family OS-es
  23. pin_version: false
  24. # to overwrite map.jinja salt packages
  25. lookup:
  26. salt_master: 'salt-master'
  27. salt_minion: 'salt-minion'
  28. salt_syndic: 'salt-syndic'
  29. salt_cloud: 'salt-cloud'
  30. salt_ssh: 'salt-ssh'
  31. pyinotify: 'python-pyinotify' # the package to be installed for pyinotify
  32. # Set which salt repository to use, default to https://repo.saltproject.io
  33. # For older releases use https://archive.repo.saltproject.io
  34. repo: 'https://archive.repo.saltproject.io'
  35. # Set which release of SaltStack to use, default to 'latest'
  36. # To get the available releases:
  37. # * http://repo.saltproject.io/yum/redhat/7/x86_64/
  38. # * http://repo.saltproject.io/apt/debian/8/amd64/
  39. release: '2018.3'
  40. # MacOS has no package management.
  41. # Instead, we use file.managed to download an appropriate .pkg file and
  42. # macpackage.installed to install it 'version', if set (see above), will be
  43. # used to check the .pkg version to determine if it should be installed
  44. #
  45. # NOTE: if 'version' is not set version comparison will not occur and the
  46. # .pkg WILL NOT be installed if a salt .pkg is already installed
  47. # NOTE: salt_minion_pkg_hash, if set, will be passed into file.managed's
  48. # source_hash, use URL or hash string
  49. # yamllint disable rule:line-length
  50. salt_minion_pkg_source: 'https://repo.saltproject.io/osx/salt-2017.7.4-py3-x86_64.pkg'
  51. salt_minion_pkg_hash: 'https://repo.saltproject.io/osx/salt-2017.7.4-py3-x86_64.pkg.md5'
  52. # yamllint enable rule:line-length
  53. # tofs:
  54. # The files_switch key serves as a selector for alternative
  55. # directories under the formula files directory. See TOFS pattern
  56. # doc for more info.
  57. # Note: Any value not evaluated by `config.get` will be used literally.
  58. # This can be used to set custom paths, as many levels deep as required.
  59. # files_switch:
  60. # - any/path/can/be/used/here
  61. # - id
  62. # - osfinger
  63. # - os
  64. # - os_family
  65. # All aspects of path/file resolution are customisable using the options below.
  66. # This is unnecessary in most cases; there are sensible defaults.
  67. # path_prefix: template_alt
  68. # dirs:
  69. # files: files_alt
  70. # default: default_alt
  71. # source_files:
  72. # salt-master:
  73. # - 'alt_master.d'
  74. # salt-minion:
  75. # - 'alt_minion.d'
  76. # salt master config
  77. master_config_use_TOFS: true
  78. master:
  79. standalone: false
  80. fileserver_backend:
  81. - git
  82. - s3fs
  83. - roots
  84. gitfs_remotes:
  85. - git://github.com/saltstack-formulas/salt-formula.git:
  86. - base: develop
  87. s3.keyid: GKTADJGHEIQSXMKKRBJ08H
  88. s3.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
  89. s3.buckets:
  90. - bucket1
  91. - bucket2
  92. - bucket3
  93. - bucket4
  94. file_roots:
  95. base:
  96. - /srv/salt
  97. pillar_roots:
  98. base:
  99. - /srv/pillar
  100. # for salt-api with tornado rest interface
  101. rest_tornado:
  102. port: 8000
  103. ssl_crt: /etc/pki/api/certs/server.crt
  104. ssl_key: /etc/pki/api/certs/server.key
  105. debug: false
  106. disable_ssl: false
  107. # yamllint disable-line rule:line-length
  108. # for profile configuration as https://docs.saltstack.com/en/latest/topics/tutorials/lxc.html#tutorial-lxc-profiles
  109. lxc.container_profile:
  110. debian:
  111. template: download
  112. options:
  113. dist: debian
  114. release: jessie
  115. arch: amd64
  116. backing: lvm
  117. vgname: kimsufi
  118. size: 10G
  119. lxc.network_profile:
  120. basic:
  121. eth0:
  122. link: lxcbr0
  123. type: veth
  124. flags: up
  125. ## for external auth - LDAP
  126. ## filter to use for Active Directory LDAP
  127. # auth.ldap.filter: {% raw %}'sAMAccountName={{username}}'{% endraw %}
  128. ## filter to use for Most other LDAP servers
  129. # auth.ldap.filter: {% raw %}'uid={{ username }}'{% endraw %}
  130. # Define winrepo provider, by default support order is pygit2, gitpython
  131. # Set to gitpython for Debian & Ubuntu to get around saltstack/salt#35993
  132. # where pygit2 is not compiled with pygit2.GIT_FEATURE_HTTPS support
  133. winrepo_provider: gitpython
  134. # optional engine configuration
  135. engines:
  136. - slack:
  137. token: xoxp-XXXXX-XXXXXXX # use Slack's legacy API token
  138. control: true
  139. valid_users:
  140. - someuser
  141. - otheruser
  142. valid_commands:
  143. - test.ping
  144. - list_jobs
  145. aliases:
  146. list_jobs:
  147. type: runner
  148. cmd: jobs.list_jobs
  149. # Define a master scheduler
  150. schedule:
  151. - update_winrepo:
  152. - function: winrepo.update_git_repos
  153. - hours: 6
  154. # optional: these reactors will be configured on the master
  155. # They override reactors configured in
  156. # 'salt:reactors' or the old 'salt:reactor' parameters
  157. reactors:
  158. - 'master/deploy':
  159. - /srv/salt/reactors/deploy.sls
  160. # salt minion config:
  161. minion_config_use_TOFS: true
  162. minion:
  163. # standalone setup
  164. master_type: str # see init.sls & standalone.sls
  165. # single master setup
  166. master: salt
  167. # multi master setup
  168. # master:
  169. # - salt_master_1
  170. # - salt_master_2
  171. fileserver_backend:
  172. - git
  173. - roots
  174. gitfs_remotes:
  175. - git://github.com/saltstack-formulas/salt-formula.git:
  176. - base: develop
  177. file_roots:
  178. base:
  179. - /srv/salt
  180. pillar_roots:
  181. base:
  182. - /srv/pillar
  183. module_config:
  184. test: true
  185. test.foo: foo
  186. test.bar:
  187. - baz
  188. - quo
  189. test.baz:
  190. spam: sausage
  191. cheese: bread
  192. # salt mine setup
  193. mine_interval: 60
  194. # mine_functions can be set at the top level of the pillar, and
  195. # that is preferable because it doesn't affect the conf file and
  196. # doesn't require a minion restart. However, you can configure it
  197. # here instead if you really want to.
  198. mine_functions:
  199. network.interface_ip: [eth0]
  200. # Define a minion scheduler
  201. schedule:
  202. - highstate:
  203. - function: state.apply
  204. - minutes: 60
  205. - returner: redis
  206. # other 'non-default' config
  207. auth_keytab: /root/auth.keytab
  208. auth_principal: kadmin/admin
  209. # optional engine configuration
  210. engines:
  211. - slack:
  212. token: xoxp-XXXXX-XXXXXXX # use Slack's legacy API token
  213. control: true
  214. valid_users:
  215. - someuser
  216. - otheruser
  217. valid_commands:
  218. - test.ping
  219. - list_jobs
  220. aliases:
  221. list_jobs:
  222. type: runner
  223. cmd: jobs.list_jobs
  224. # optional beacons configuration
  225. beacons:
  226. load:
  227. 1m:
  228. - 0.0
  229. - 2.0
  230. 5m:
  231. - 0.0
  232. - 1.5
  233. 15m:
  234. - 0.1
  235. - 1.0
  236. interval: 10
  237. # Optional reactors: these reactors will be configured on the minion
  238. # They override reactors configured in
  239. # 'salt:reactors' or the old 'salt:reactor' parameters
  240. reactors:
  241. - 'minion/deploy':
  242. - /srv/salt/reactors/deploy.sls
  243. # Optional: Configure an elasticsearch returner
  244. return: elasticsearch
  245. elasticsearch:
  246. hosts:
  247. - example.elasticsearch.host:9200
  248. - example.elasticsearch.host2:9200
  249. index_date: true
  250. index: salt
  251. number_of_shards: 5
  252. number_of_replicas: 2
  253. debug_returner_payload: true
  254. states_count: true
  255. states_order_output: true
  256. states_single_index: true
  257. functions_blacklist:
  258. - test.ping
  259. - saltutil.find_job
  260. # init.sls skips salt.api and salt.syndic states
  261. # unless those dicts are populated with something
  262. api:
  263. somekey: somevalue
  264. syndic:
  265. somekey: somevalue
  266. # salt cloud config
  267. cloud:
  268. master: salt
  269. # For non-templated custom cloud provider/profile/map files
  270. providers:
  271. provider-filename1.conf:
  272. vmware-prod:
  273. driver: vmware
  274. user: myusernameprod
  275. password: mypassword
  276. vmware-nonprod:
  277. driver: vmware
  278. user: myusernamenonprod
  279. password: mypassword
  280. profiles:
  281. profile-filename1.conf:
  282. server-non-prod:
  283. clonefrom: rhel6xtemplatenp
  284. grains:
  285. platform:
  286. name: salt
  287. realm: lab
  288. subscription_level: standard
  289. memory: 8GB
  290. num_cpus: 4
  291. password: sUpErsecretey
  292. provider: vmware-nonprod
  293. maps:
  294. map-filename1.map:
  295. server-non-prod:
  296. - host.mycompany.com:
  297. grains:
  298. environment: dev1
  299. # You can take profile and map templates from an alternate location
  300. # if you want to write your own.
  301. template_sources:
  302. providers: salt://salt/files/cloud.providers.d
  303. profiles: salt://salt/files/cloud.profiles.d
  304. maps: salt://salt/files/cloud.maps.d
  305. # These settings are used by the default provider templates and
  306. # only need to be set for the ones you're using.
  307. aws_key: AWSKEYIJSHJAIJS6JSH
  308. aws_secret: AWSSECRETYkkDY1iQf9zRtl9+pW+Nm+aZY95
  309. gce_project: test
  310. # yamllint disable-line rule:line-length
  311. gce_service_account_email_address: 867543072364-orl4h2tpp8jcn1tr9ipj@developer.gserviceaccount.com
  312. rsos_user: afeawofghob
  313. rsos_tenant: tenant_id_number
  314. rsos_apikey: WFJIOJEOIGHSOFHESO
  315. rsos_regions:
  316. - ORD
  317. - DFW
  318. - IAD
  319. - SYD
  320. - HKG
  321. ssh_roster:
  322. prod1:
  323. host: host.example.com
  324. user: ubuntu
  325. sudo: true
  326. priv: /etc/salt/ssh_keys/sshkey.pem
  327. gitfs:
  328. keys:
  329. global:
  330. # key and pub end up being the extension used on the key file
  331. # values other than key and pub are possible
  332. key: |
  333. -----BEGIN RSA PRIVATE KEY-----
  334. ...........
  335. -----END RSA PRIVATE KEY-----
  336. pub: |
  337. ...........
  338. # These reactors will be configured both in the minion and the master
  339. reactors:
  340. - 'deploy':
  341. - /srv/salt/reactors/deploy.sls
  342. # https://docs.saltstack.com/en/latest/ref/states/requisites.html#retrying-states
  343. retry_options:
  344. attempts: 2
  345. until: true
  346. interval: 10
  347. splay: 10
  348. salt_cloud_certs:
  349. aws:
  350. pem: |
  351. -----BEGIN RSA PRIVATE KEY-----
  352. ...........
  353. -----END RSA PRIVATE KEY-----
  354. gce:
  355. pem: |
  356. -----BEGIN RSA PRIVATE KEY-----
  357. ...........
  358. -----END RSA PRIVATE KEY-----
  359. salt_formulas:
  360. git_opts:
  361. # The Git options can be customized differently for each
  362. # environment, if an option is missing in a given environment, the
  363. # value from "default" is used instead.
  364. default:
  365. # URL where the formulas git repositories are downloaded from
  366. # it will be suffixed with <formula-name>.git
  367. baseurl: https://github.com/saltstack-formulas
  368. # Directory where Git repositories are downloaded
  369. basedir: /srv/formulas
  370. # Update the git repository to the latest version (false by default)
  371. update: false
  372. # Options passed directly to the git.latest state
  373. options:
  374. rev: master
  375. user: username
  376. identity: /path/to/.ssh/id_rsa_github_username
  377. dev:
  378. basedir: /srv/formulas/dev
  379. update: true
  380. options:
  381. rev: develop
  382. # Alternatively, a single directory with multiple branches can be used
  383. # E.g. It is strongly recommended to fork saltstack-formula repositories
  384. # to avoid unexpected changes to your infrastructure
  385. # Then upstream changes can be merged in manually with due consideration
  386. # Specific values for `rev`, `user` & `identity` will override the defaults
  387. production:
  388. baseurl: git@github.com:username
  389. options:
  390. branch: master
  391. remote: origin
  392. staging:
  393. baseurl: git@github.com:username
  394. options:
  395. branch: staging
  396. remote: origin
  397. rev: staging
  398. upstream:
  399. baseurl: git@github.com:saltstack-formulas
  400. update: true
  401. options:
  402. branch: upstream
  403. remote: upstream
  404. # Options of the file.directory state that creates the directory where
  405. # the git repositories of the formulas are stored
  406. basedir_opts:
  407. makedirs: true
  408. user: root
  409. group: root
  410. mode: 755
  411. # Explicitly checkout the original branch for repos after the
  412. # git.latest states have been processed (false by default)
  413. # Enable if using the alternative method (single directory, multiple branches)
  414. checkout_orig_branch: true
  415. # List of formulas to enable in each environment
  416. list:
  417. base:
  418. - salt-formula
  419. - postfix-formula
  420. - nginx-formula: # We can also override some options per formula
  421. rev: 'v1.1.0' # Pin a version
  422. - openssh-formula:
  423. rev: '3e01ad8' # or pin a commit id
  424. dev:
  425. - salt-formula
  426. - postfix-formula
  427. - openssh-formula
  428. - nginx-formula:
  429. # You can also pull from another location
  430. name: 'https://github.com/another-fork-location/salt-formula.git'
  431. rev: 'feat/feature'
  432. # Likewise for the alternative method (single directory, multiple branches)
  433. production:
  434. - salt-formula
  435. - openssh-formula
  436. staging:
  437. - salt-formula
  438. - postfix-formula
  439. - openssh-formula
  440. upstream:
  441. - salt-formula
  442. - postfix-formula
  443. - openssh-formula