Saltstack Official Salt Formula

404 satır
12KB

  1. salt:
  2. # Set this to true to clean any non-salt-formula managed files out of
  3. # /etc/salt/{master,minion}.d ... You really don't want to do this on 2015.2
  4. # and up as it'll wipe out important files that Salt relies on.
  5. clean_config_d_dir: False
  6. # This state will remove "/etc/salt/minion" when you set this to true.
  7. minion_remove_config: True
  8. # This state will remove "/etc/salt/master" when you set this to true.
  9. master_remove_config: True
  10. # Set this to False to not have the formula install packages (in the case you
  11. # install Salt via git/pip/etc.)
  12. install_packages: True
  13. # Optional: set salt version (if install_packages is set to True)
  14. version: 2017.7.2-1.el7
  15. # to overwrite map.jinja salt packages
  16. lookup:
  17. salt_master: 'salt-master'
  18. salt_minion: 'salt-minion'
  19. salt_syndic: 'salt-syndic'
  20. salt_cloud: 'salt-cloud'
  21. salt_ssh: 'salt-ssh'
  22. pyinotify: 'python-pyinotify' # the package to be installed for pyinotify
  23. # Set which release of SaltStack to use, default to 'latest'
  24. # To get the available releases:
  25. # * http://repo.saltstack.com/yum/redhat/7/x86_64/
  26. # * http://repo.saltstack.com/apt/debian/8/amd64/
  27. release: '2018.3'
  28. # MacOS has no package management.
  29. # Instead, we use file.managed to download an appropriate .pkg file and macpackage.installed to install it
  30. # 'version', if set (see above), will be used to check the .pkg version to determine if it should be installed
  31. #
  32. # NOTE: if 'version' is not set version comparison will not occur and the .pkg WILL NOT be installed if a salt
  33. # .pkg is already installed
  34. # NOTE: salt_minion_pkg_hash, if set, will be passed into file.managed's source_hash, use URL or hash string
  35. salt_minion_pkg_source: 'https://repo.saltstack.com/osx/salt-2017.7.4-py3-x86_64.pkg'
  36. salt_minion_pkg_hash: 'https://repo.saltstack.com/osx/salt-2017.7.4-py3-x86_64.pkg.md5'
  37. # salt master config
  38. master:
  39. fileserver_backend:
  40. - git
  41. - s3fs
  42. - roots
  43. gitfs_remotes:
  44. - git://github.com/saltstack-formulas/salt-formula.git:
  45. - base: develop
  46. s3.keyid: GKTADJGHEIQSXMKKRBJ08H
  47. s3.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
  48. s3.buckets:
  49. - bucket1
  50. - bucket2
  51. - bucket3
  52. - bucket4
  53. file_roots:
  54. base:
  55. - /srv/salt
  56. pillar_roots:
  57. base:
  58. - /srv/pillar
  59. # for salt-api with tornado rest interface
  60. rest_tornado:
  61. port: 8000
  62. ssl_crt: /etc/pki/api/certs/server.crt
  63. ssl_key: /etc/pki/api/certs/server.key
  64. debug: False
  65. disable_ssl: False
  66. # for profile configuration as https://docs.saltstack.com/en/latest/topics/tutorials/lxc.html#tutorial-lxc-profiles
  67. lxc.container_profile:
  68. debian:
  69. template: download
  70. options:
  71. dist: debian
  72. release: jessie
  73. arch: amd64
  74. backing: lvm
  75. vgname: kimsufi
  76. size: 10G
  77. lxc.network_profile:
  78. basic:
  79. eth0:
  80. link: lxcbr0
  81. type: veth
  82. flags: up
  83. ## for external auth - LDAP
  84. # filter to use for Active Directory LDAP
  85. auth.ldap.filter: {% raw %}'sAMAccountName={{username}}'{% endraw %}
  86. # filter to use for Most other LDAP servers
  87. auth.ldap.filter: {% raw %}'uid={{ username }}'{% endraw %}
  88. # Define winrepo provider, by default support order is pygit2, gitpython
  89. # Set to gitpython for Debian & Ubuntu to get around saltstack/salt#35993
  90. # where pygit2 is not compiled with pygit2.GIT_FEATURE_HTTPS support
  91. winrepo_provider: gitpython
  92. # optional engine configuration
  93. engines:
  94. - slack:
  95. token: xoxp-XXXXX-XXXXXXX # use Slack's legacy API token
  96. control: True
  97. valid_users:
  98. - someuser
  99. - otheruser
  100. valid_commands:
  101. - test.ping
  102. - list_jobs
  103. aliases:
  104. list_jobs:
  105. type: runner
  106. cmd: jobs.list_jobs
  107. # optional: these reactors will be configured on the master
  108. # They override reactors configured in
  109. # 'salt:reactors' or the old 'salt:reactor' parameters
  110. reactors:
  111. - 'master/deploy':
  112. - /srv/salt/reactors/deploy.sls
  113. # salt minion config:
  114. minion:
  115. # single master setup
  116. master: salt
  117. # multi master setup
  118. #master:
  119. #- salt_master_1
  120. #- salt_master_2
  121. fileserver_backend:
  122. - git
  123. - roots
  124. gitfs_remotes:
  125. - git://github.com/saltstack-formulas/salt-formula.git:
  126. - base: develop
  127. file_roots:
  128. base:
  129. - /srv/salt
  130. pillar_roots:
  131. base:
  132. - /srv/pillar
  133. module_config:
  134. test: True
  135. test.foo: foo
  136. test.bar:
  137. - baz
  138. - quo
  139. test.baz:
  140. spam: sausage
  141. cheese: bread
  142. # salt mine setup
  143. mine_interval: 60
  144. # mine_functions can be set at the top level of the pillar, and
  145. # that is preferable because it doesn't affect the conf file and
  146. # doesn't require a minion restart. However, you can configure it
  147. # here instead if you really want to.
  148. mine_functions:
  149. network.interface_ip: [eth0]
  150. # Define a minion scheduler
  151. schedule:
  152. - highstate:
  153. - function: state.apply
  154. - minutes: 60
  155. - returner: redis
  156. # other 'non-default' config
  157. auth_keytab: /root/auth.keytab
  158. auth_principal: kadmin/admin
  159. # optional engine configuration
  160. engines:
  161. - slack:
  162. token: xoxp-XXXXX-XXXXXXX # use Slack's legacy API token
  163. control: True
  164. valid_users:
  165. - someuser
  166. - otheruser
  167. valid_commands:
  168. - test.ping
  169. - list_jobs
  170. aliases:
  171. list_jobs:
  172. type: runner
  173. cmd: jobs.list_jobs
  174. # optional beacons configuration
  175. beacons:
  176. load:
  177. 1m:
  178. - 0.0
  179. - 2.0
  180. 5m:
  181. - 0.0
  182. - 1.5
  183. 15m:
  184. - 0.1
  185. - 1.0
  186. interval: 10
  187. # Optional reactors: these reactors will be configured on the minion
  188. # They override reactors configured in
  189. # 'salt:reactors' or the old 'salt:reactor' parameters
  190. reactors:
  191. - 'minion/deploy':
  192. - /srv/salt/reactors/deploy.sls
  193. # Optional: Configure an elasticsearch returner
  194. return: elasticsearch
  195. elasticsearch:
  196. hosts:
  197. - example.elasticsearch.host:9200
  198. - example.elasticsearch.host2:9200
  199. index_date: True
  200. index: salt
  201. number_of_shards: 5
  202. number_of_replicas: 2
  203. debug_returner_payload: True
  204. states_count: True
  205. states_order_output: True
  206. states_single_index: True
  207. functions_blacklist:
  208. - test.ping
  209. - saltutil.find_job
  210. # salt cloud config
  211. cloud:
  212. master: salt
  213. # For non-templated custom cloud provider/profile/map files
  214. providers:
  215. provider-filename1.conf:
  216. vmware-prod:
  217. driver: vmware
  218. user: myusernameprod
  219. password: mypassword
  220. vmware-nonprod:
  221. driver: vmware
  222. user: myusernamenonprod
  223. password: mypassword
  224. profiles:
  225. profile-filename1.conf:
  226. server-non-prod:
  227. clonefrom: rhel6xtemplatenp
  228. grains:
  229. platform:
  230. name: salt
  231. realm: lab
  232. subscription_level: standard
  233. memory: 8GB
  234. num_cpus: 4
  235. password: sUpErsecretey
  236. provider: vmware-nonprod
  237. maps:
  238. map-filename1.map:
  239. server-non-prod:
  240. - host.mycompany.com:
  241. grains:
  242. environment: dev1
  243. # You can take profile and map templates from an alternate location
  244. # if you want to write your own.
  245. template_sources:
  246. providers: salt://salt/files/cloud.providers.d
  247. profiles: salt://salt/files/cloud.profiles.d
  248. maps: salt://salt/files/cloud.maps.d
  249. # These settings are used by the default provider templates and
  250. # only need to be set for the ones you're using.
  251. aws_key: AWSKEYIJSHJAIJS6JSH
  252. aws_secret: AWSSECRETYkkDY1iQf9zRtl9+pW+Nm+aZY95
  253. gce_project: test
  254. gce_service_account_email_address: 867543072364-orl4h2tpp8jcn1tr9ipj@developer.gserviceaccount.com
  255. rsos_user: afeawofghob
  256. rsos_tenant: tenant_id_number
  257. rsos_apikey: WFJIOJEOIGHSOFHESO
  258. rsos_regions:
  259. - ORD
  260. - DFW
  261. - IAD
  262. - SYD
  263. - HKG
  264. ssh_roster:
  265. prod1:
  266. host: host.example.com
  267. user: ubuntu
  268. sudo: True
  269. priv: /etc/salt/ssh_keys/sshkey.pem
  270. gitfs:
  271. keys:
  272. global:
  273. # key and pub end up being the extension used on the key file. values other than key and pub are possible
  274. key: |
  275. -----BEGIN RSA PRIVATE KEY-----
  276. ...........
  277. -----END RSA PRIVATE KEY-----
  278. pub: |
  279. ...........
  280. # These reactors will be configured both in the minion and the master
  281. reactors:
  282. - 'deploy':
  283. - /srv/salt/reactors/deploy.sls
  284. salt_cloud_certs:
  285. aws:
  286. pem: |
  287. -----BEGIN RSA PRIVATE KEY-----
  288. ...........
  289. -----END RSA PRIVATE KEY-----
  290. gce:
  291. pem: |
  292. -----BEGIN RSA PRIVATE KEY-----
  293. ...........
  294. -----END RSA PRIVATE KEY-----
  295. salt_formulas:
  296. git_opts:
  297. # The Git options can be customized differently for each
  298. # environment, if an option is missing in a given environment, the
  299. # value from "default" is used instead.
  300. default:
  301. # URL where the formulas git repositories are downloaded from
  302. # it will be suffixed with <formula-name>.git
  303. baseurl: https://github.com/saltstack-formulas
  304. # Directory where Git repositories are downloaded
  305. basedir: /srv/formulas
  306. # Update the git repository to the latest version (False by default)
  307. update: False
  308. # Options passed directly to the git.latest state
  309. options:
  310. rev: master
  311. user: username
  312. identity: /path/to/.ssh/id_rsa_github_username
  313. dev:
  314. basedir: /srv/formulas/dev
  315. update: True
  316. options:
  317. rev: develop
  318. # Alternatively, a single directory with multiple branches can be used
  319. # E.g. It is strongly recommended to fork saltstack-formula repositories
  320. # to avoid unexpected changes to your infrastructure
  321. # Then upstream changes can be merged in manually with due consideration
  322. # Specific values for `rev`, `user` & `identity` will override the defaults
  323. production:
  324. baseurl: git@github.com:username
  325. options:
  326. branch: master
  327. remote: origin
  328. staging:
  329. baseurl: git@github.com:username
  330. options:
  331. branch: staging
  332. remote: origin
  333. rev: staging
  334. upstream:
  335. baseurl: git@github.com:saltstack-formulas
  336. update: True
  337. options:
  338. branch: upstream
  339. remote: upstream
  340. # Options of the file.directory state that creates the directory where
  341. # the git repositories of the formulas are stored
  342. basedir_opts:
  343. makedirs: True
  344. user: root
  345. group: root
  346. mode: 755
  347. # Explicitly checkout the original branch for repos after the
  348. # git.latest states have been processed (False by default)
  349. # Enable if using the alternative method (single directory, multiple branches)
  350. checkout_orig_branch: True
  351. # List of formulas to enable in each environment
  352. list:
  353. base:
  354. - salt-formula
  355. - postfix-formula
  356. dev:
  357. - salt-formula
  358. - postfix-formula
  359. - openssh-formula
  360. # Likewise for the alternative method (single directory, multiple branches)
  361. production:
  362. - salt-formula
  363. - openssh-formula
  364. staging:
  365. - salt-formula
  366. - postfix-formula
  367. - openssh-formula
  368. upstream:
  369. - salt-formula
  370. - postfix-formula
  371. - openssh-formula