Saltstack Official Salt Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

332 line
8.9KB

  1. salt:
  2. # Set this to true to clean any non-salt-formula managed files out of
  3. # /etc/salt/{master,minion}.d ... You really don't want to do this on 2015.2
  4. # and up as it'll wipe out important files that Salt relies on.
  5. clean_config_d_dir: False
  6. # This state will remove "/etc/salt/minion" when you set this to true.
  7. minion_remove_config: True
  8. # This state will remove "/etc/salt/master" when you set this to true.
  9. master_remove_config: True
  10. # Set this to False to not have the formula install packages (in the case you
  11. # install Salt via git/pip/etc.)
  12. install_packages: True
  13. # to overwrite map.jinja salt packages
  14. lookup:
  15. salt-master: 'salt-master'
  16. salt-minion: 'salt-minion'
  17. salt-syndic: 'salt-syndic'
  18. salt-cloud: 'salt-cloud'
  19. salt-ssh: 'salt-ssh'
  20. pyinotify: 'python-pyinotify' the package to be installed for pyinotify
  21. # Set which release of SaltStack to use, default to 'latest'
  22. # To get the available releases:
  23. # * http://repo.saltstack.com/yum/redhat/7/x86_64/
  24. # * http://repo.saltstack.com/apt/debian/8/amd64/
  25. release: "2016.11"
  26. # salt master config
  27. master:
  28. fileserver_backend:
  29. - git
  30. - s3fs
  31. - roots
  32. gitfs_remotes:
  33. - git://github.com/saltstack-formulas/salt-formula.git:
  34. - base: develop
  35. s3.keyid: GKTADJGHEIQSXMKKRBJ08H
  36. s3.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
  37. s3.buckets:
  38. - bucket1
  39. - bucket2
  40. - bucket3
  41. - bucket4
  42. file_roots:
  43. base:
  44. - /srv/salt
  45. pillar_roots:
  46. base:
  47. - /srv/pillar
  48. # for salt-api with tornado rest interface
  49. rest_tornado:
  50. port: 8000
  51. ssl_crt: /etc/pki/api/certs/server.crt
  52. ssl_key: /etc/pki/api/certs/server.key
  53. debug: False
  54. disable_ssl: False
  55. # for profile configuration as https://docs.saltstack.com/en/latest/topics/tutorials/lxc.html#tutorial-lxc-profiles
  56. lxc.container_profile:
  57. debian:
  58. template: download
  59. options:
  60. dist: debian
  61. release: jessie
  62. arch: amd64
  63. backing: lvm
  64. vgname: kimsufi
  65. size: 10G
  66. lxc.network_profile:
  67. basic:
  68. eth0:
  69. link: lxcbr0
  70. type: veth
  71. flags: up
  72. ## for external auth - LDAP
  73. # filter to use for Active Directory LDAP
  74. auth.ldap.filter: {% raw %}'sAMAccountName={{username}}'{% endraw %}
  75. # filter to use for Most other LDAP servers
  76. auth.ldap.filter: {% raw %}'uid={{ username }}'{% endraw %}
  77. # Define winrepo provider, by default support order is pygit2, gitpython
  78. # Set to gitpython for Debian & Ubuntu to get around saltstack/salt#35993
  79. # where pygit2 is not compiled with pygit2.GIT_FEATURE_HTTPS support
  80. winrepo_provider: gitpython
  81. # optional engine configuration
  82. engines:
  83. - slack:
  84. token: xoxp-XXXXX-XXXXXXX # use Slack's legacy API token
  85. control: True
  86. valid_users:
  87. - someuser
  88. - otheruser
  89. valid_commands:
  90. - test.ping
  91. - list_jobs
  92. aliases:
  93. list_jobs:
  94. type: runner
  95. cmd: jobs.list_jobs
  96. # optional: these reactors will be configured on the master
  97. # They override reactors configured in
  98. # 'salt:reactors' or the old 'salt:reactor' parameters
  99. reactors:
  100. - 'master/deploy':
  101. - /srv/salt/reactors/deploy.sls
  102. # salt minion config:
  103. minion:
  104. # single master setup
  105. master: salt
  106. # multi master setup
  107. #master:
  108. #- salt_master_1
  109. #- salt_master_2
  110. fileserver_backend:
  111. - git
  112. - roots
  113. gitfs_remotes:
  114. - git://github.com/saltstack-formulas/salt-formula.git:
  115. - base: develop
  116. file_roots:
  117. base:
  118. - /srv/salt
  119. pillar_roots:
  120. base:
  121. - /srv/pillar
  122. module_config:
  123. test: True
  124. test.foo: foo
  125. test.bar:
  126. - baz
  127. - quo
  128. test.baz:
  129. spam: sausage
  130. cheese: bread
  131. # salt mine setup
  132. mine_interval: 60
  133. # mine_functions can be set at the top level of the pillar, and
  134. # that is preferable because it doesn't affect the conf file and
  135. # doesn't require a minion restart. However, you can configure it
  136. # here instead if you really want to.
  137. mine_functions:
  138. network.interface_ip: [eth0]
  139. # Define a minion scheduler
  140. schedule:
  141. - highstate:
  142. - function: state.apply
  143. - minutes: 60
  144. - returner: redis
  145. # other 'non-default' config
  146. auth_keytab: /root/auth.keytab
  147. auth_principal: kadmin/admin
  148. # optional engine configuration
  149. engines:
  150. - slack:
  151. token: xoxp-XXXXX-XXXXXXX # use Slack's legacy API token
  152. control: True
  153. valid_users:
  154. - someuser
  155. - otheruser
  156. valid_commands:
  157. - test.ping
  158. - list_jobs
  159. aliases:
  160. list_jobs:
  161. type: runner
  162. cmd: jobs.list_jobs
  163. # optional beacons configuration
  164. beacons:
  165. load:
  166. 1m:
  167. - 0.0
  168. - 2.0
  169. 5m:
  170. - 0.0
  171. - 1.5
  172. 15m:
  173. - 0.1
  174. - 1.0
  175. interval: 10
  176. # Optional reactors: these reactors will be configured on the minion
  177. # They override reactors configured in
  178. # 'salt:reactors' or the old 'salt:reactor' parameters
  179. reactors:
  180. - 'minion/deploy':
  181. - /srv/salt/reactors/deploy.sls
  182. # salt cloud config
  183. cloud:
  184. master: salt
  185. # For non-templated custom cloud provider/profile/map files
  186. providers:
  187. provider-filename1.conf:
  188. vmware-prod:
  189. driver: vmware
  190. user: myusernameprod
  191. password: mypassword
  192. vmware-nonprod:
  193. driver: vmware
  194. user: myusernamenonprod
  195. password: mypassword
  196. profiles:
  197. profile-filename1.conf:
  198. server-non-prod:
  199. clonefrom: rhel6xtemplatenp
  200. grains:
  201. platform:
  202. name: salt
  203. realm: lab
  204. subscription_level: standard
  205. memory: 8GB
  206. num_cpus: 4
  207. password: sUpErsecretey
  208. provider: vmware-nonprod
  209. maps:
  210. map-filename1.map:
  211. server-non-prod:
  212. - host.mycompany.com:
  213. grains:
  214. environment: dev1
  215. # You can take profile and map templates from an alternate location
  216. # if you want to write your own.
  217. template_sources:
  218. providers: salt://salt/files/cloud.providers.d
  219. profiles: salt://salt/files/cloud.profiles.d
  220. maps: salt://salt/files/cloud.maps.d
  221. # These settings are used by the default provider templates and
  222. # only need to be set for the ones you're using.
  223. aws_key: AWSKEYIJSHJAIJS6JSH
  224. aws_secret: AWSSECRETYkkDY1iQf9zRtl9+pW+Nm+aZY95
  225. gce_project: test
  226. gce_service_account_email_address: 867543072364-orl4h2tpp8jcn1tr9ipj@developer.gserviceaccount.com
  227. rsos_user: afeawofghob
  228. rsos_tenant: tenant_id_number
  229. rsos_apikey: WFJIOJEOIGHSOFHESO
  230. rsos_regions:
  231. - ORD
  232. - DFW
  233. - IAD
  234. - SYD
  235. - HKG
  236. ssh_roster:
  237. prod1:
  238. host: host.example.com
  239. user: ubuntu
  240. sudo: True
  241. priv: /etc/salt/ssh_keys/sshkey.pem
  242. gitfs:
  243. keys:
  244. global:
  245. # key and pub end up being the extension used on the key file. values other than key and pub are possible
  246. key: |
  247. -----BEGIN RSA PRIVATE KEY-----
  248. ...........
  249. -----END RSA PRIVATE KEY-----
  250. pub: |
  251. ...........
  252. # These reactors will be configured both in the minion and the master
  253. reactors:
  254. - 'deploy':
  255. - /srv/salt/reactors/deploy.sls
  256. salt_cloud_certs:
  257. aws:
  258. pem: |
  259. -----BEGIN RSA PRIVATE KEY-----
  260. ...........
  261. -----END RSA PRIVATE KEY-----
  262. gce:
  263. pem: |
  264. -----BEGIN RSA PRIVATE KEY-----
  265. ...........
  266. -----END RSA PRIVATE KEY-----
  267. salt_formulas:
  268. git_opts:
  269. # The Git options can be customized differently for each
  270. # environment, if an option is missing in a given environment, the
  271. # value from "default" is used instead.
  272. default:
  273. # URL where the formulas git repositories are downloaded from
  274. # it will be suffixed with <formula-name>.git
  275. baseurl: https://github.com/saltstack-formulas
  276. # Directory where Git repositories are downloaded
  277. basedir: /srv/formulas
  278. # Update the git repository to the latest version (False by default)
  279. update: False
  280. # Options passed directly to the git.latest state
  281. options:
  282. rev: master
  283. dev:
  284. basedir: /srv/formulas/dev
  285. update: True
  286. options:
  287. rev: develop
  288. # Options of the file.directory state that creates the directory where
  289. # the git repositories of the formulas are stored
  290. basedir_opts:
  291. makedirs: True
  292. user: root
  293. group: root
  294. mode: 755
  295. # List of formulas to enable in each environment
  296. list:
  297. base:
  298. - salt-formula
  299. - postfix-formula
  300. dev:
  301. - salt-formula
  302. - postfix-formula
  303. - openssh-formula