Saltstack Official Salt Formula
Du kannst nicht mehr als 25 Themen auswählen Themen müssen entweder mit einem Buchstaben oder einer Ziffer beginnen. Sie können Bindestriche („-“) enthalten und bis zu 35 Zeichen lang sein.

480 Zeilen
14KB

  1. # -*- coding: utf-8 -*-
  2. # vim: ft=yaml
  3. ---
  4. salt:
  5. # Set this to true to clean any non-salt-formula managed files out of
  6. # /etc/salt/{master,minion}.d ... You really don't want to do this on 2015.2
  7. # and up as it'll wipe out important files that Salt relies on.
  8. clean_config_d_dir: false
  9. # This state will remove "/etc/salt/minion" when you set this to true.
  10. minion_remove_config: true
  11. # This state will remove "/etc/salt/master" when you set this to true.
  12. master_remove_config: true
  13. # Set this to 'py3' to install the Python 3 packages.
  14. # The default varies between OS versions.
  15. py_ver: 'py3'
  16. # Set this to false to not have the formula install packages (in the case you
  17. # install Salt via git/pip/etc.)
  18. install_packages: true
  19. # Optional: set salt version (if install_packages is set to true)
  20. version: '3006.9'
  21. # Pin version provided under 'version' key by using apt-pinning
  22. # available only on Debian family OS-es
  23. pin_version: false
  24. # to overwrite map.jinja salt packages
  25. lookup:
  26. salt_master: 'salt-master'
  27. salt_minion: 'salt-minion'
  28. salt_syndic: 'salt-syndic'
  29. salt_cloud: 'salt-cloud'
  30. salt_ssh: 'salt-ssh'
  31. pyinotify: 'python-pyinotify' # the package to be installed for pyinotify
  32. # Set which salt repository to use
  33. # -> defaults to https://packages.broadcom.com/artifactory
  34. repo: 'https://packages.broadcom.com/artifactory'
  35. # yamllint disable rule:line-length
  36. repo_key_url: 'https://packages.broadcom.com/artifactory/api/security/keypair/SaltProjectKey/public'
  37. # yamllint enable rule:line-length
  38. # Set which release of SaltStack to use, default to 'latest'
  39. # To get the available releases:
  40. # * https://packages.broadcom.com/artifactory/saltproject-rpm/
  41. # * https://packages.broadcom.com/artifactory/saltproject-deb
  42. release: '3006'
  43. # MacOS has no package management.
  44. # Instead, we use file.managed to download an appropriate .pkg file and
  45. # macpackage.installed to install it 'version', if set (see above), will be
  46. # used to check the .pkg version to determine if it should be installed
  47. #
  48. # NOTE: if 'version' is not set version comparison will not occur and the
  49. # .pkg WILL NOT be installed if a salt .pkg is already installed
  50. # NOTE: salt_minion_pkg_hash, if set, will be passed into file.managed's
  51. # source_hash, use URL or hash string
  52. # yamllint disable rule:line-length
  53. salt_minion_pkg_source: 'https://packages.broadcom.com/artifactory/saltproject-generic/macos/3006.9/salt-3006.9-py3-x86_64.pkg'
  54. salt_minion_pkg_hash: 'sha256=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855'
  55. # yamllint enable rule:line-length
  56. # tofs:
  57. # The files_switch key serves as a selector for alternative
  58. # directories under the formula files directory. See TOFS pattern
  59. # doc for more info.
  60. # Note: Any value not evaluated by `config.get` will be used literally.
  61. # This can be used to set custom paths, as many levels deep as required.
  62. # files_switch:
  63. # - any/path/can/be/used/here
  64. # - id
  65. # - osfinger
  66. # - os
  67. # - os_family
  68. # All aspects of path/file resolution are customisable using the options below.
  69. # This is unnecessary in most cases; there are sensible defaults.
  70. # path_prefix: template_alt
  71. # dirs:
  72. # files: files_alt
  73. # default: default_alt
  74. # source_files:
  75. # salt-master:
  76. # - 'alt_master.d'
  77. # salt-minion:
  78. # - 'alt_minion.d'
  79. # salt master config
  80. master_config_use_TOFS: true
  81. master:
  82. standalone: false
  83. fileserver_backend:
  84. - git
  85. - s3fs
  86. - roots
  87. gitfs_remotes:
  88. - git://github.com/saltstack-formulas/salt-formula.git:
  89. - base: develop
  90. s3.keyid: GKTADJGHEIQSXMKKRBJ08H
  91. s3.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
  92. s3.buckets:
  93. - bucket1
  94. - bucket2
  95. - bucket3
  96. - bucket4
  97. file_roots:
  98. base:
  99. - /srv/salt
  100. pillar_roots:
  101. base:
  102. - /srv/pillar
  103. # for salt-api with tornado rest interface
  104. rest_tornado:
  105. port: 8000
  106. ssl_crt: /etc/pki/api/certs/server.crt
  107. ssl_key: /etc/pki/api/certs/server.key
  108. debug: false
  109. disable_ssl: false
  110. # yamllint disable-line rule:line-length
  111. # for profile configuration as https://docs.saltstack.com/en/latest/topics/tutorials/lxc.html#tutorial-lxc-profiles
  112. lxc.container_profile:
  113. debian:
  114. template: download
  115. options:
  116. dist: debian
  117. release: jessie
  118. arch: amd64
  119. backing: lvm
  120. vgname: kimsufi
  121. size: 10G
  122. lxc.network_profile:
  123. basic:
  124. eth0:
  125. link: lxcbr0
  126. type: veth
  127. flags: up
  128. ## for external auth - LDAP
  129. ## filter to use for Active Directory LDAP
  130. # auth.ldap.filter: {% raw %}'sAMAccountName={{username}}'{% endraw %}
  131. ## filter to use for Most other LDAP servers
  132. # auth.ldap.filter: {% raw %}'uid={{ username }}'{% endraw %}
  133. # Define winrepo provider, by default support order is pygit2, gitpython
  134. # Set to gitpython for Debian & Ubuntu to get around saltstack/salt#35993
  135. # where pygit2 is not compiled with pygit2.GIT_FEATURE_HTTPS support
  136. winrepo_provider: gitpython
  137. # optional engine configuration
  138. engines:
  139. - slack:
  140. token: xoxp-XXXXX-XXXXXXX # use Slack's legacy API token
  141. control: true
  142. valid_users:
  143. - someuser
  144. - otheruser
  145. valid_commands:
  146. - test.ping
  147. - list_jobs
  148. aliases:
  149. list_jobs:
  150. type: runner
  151. cmd: jobs.list_jobs
  152. # optional: these reactors will be configured on the master
  153. # They override reactors configured in
  154. # 'salt:reactors' or the old 'salt:reactor' parameters
  155. reactors:
  156. - 'master/deploy':
  157. - /srv/salt/reactors/deploy.sls
  158. # salt minion config:
  159. minion_config_use_TOFS: true
  160. minion:
  161. # standalone setup
  162. master_type: str # see init.sls & standalone.sls
  163. # single master setup
  164. master: salt
  165. # multi master setup
  166. # master:
  167. # - salt_master_1
  168. # - salt_master_2
  169. fileserver_backend:
  170. - git
  171. - roots
  172. gitfs_remotes:
  173. - git://github.com/saltstack-formulas/salt-formula.git:
  174. - base: develop
  175. file_roots:
  176. base:
  177. - /srv/salt
  178. pillar_roots:
  179. base:
  180. - /srv/pillar
  181. module_config:
  182. test: true
  183. test.foo: foo
  184. test.bar:
  185. - baz
  186. - quo
  187. test.baz:
  188. spam: sausage
  189. cheese: bread
  190. # salt mine setup
  191. mine_interval: 60
  192. # mine_functions can be set at the top level of the pillar, and
  193. # that is preferable because it doesn't affect the conf file and
  194. # doesn't require a minion restart. However, you can configure it
  195. # here instead if you really want to.
  196. mine_functions:
  197. network.interface_ip: [eth0]
  198. # Define a minion scheduler
  199. schedule:
  200. - highstate:
  201. - function: state.apply
  202. - minutes: 60
  203. - returner: redis
  204. # other 'non-default' config
  205. auth_keytab: /root/auth.keytab
  206. auth_principal: kadmin/admin
  207. # optional engine configuration
  208. engines:
  209. - slack:
  210. token: xoxp-XXXXX-XXXXXXX # use Slack's legacy API token
  211. control: true
  212. valid_users:
  213. - someuser
  214. - otheruser
  215. valid_commands:
  216. - test.ping
  217. - list_jobs
  218. aliases:
  219. list_jobs:
  220. type: runner
  221. cmd: jobs.list_jobs
  222. # optional beacons configuration
  223. beacons:
  224. load:
  225. 1m:
  226. - 0.0
  227. - 2.0
  228. 5m:
  229. - 0.0
  230. - 1.5
  231. 15m:
  232. - 0.1
  233. - 1.0
  234. interval: 10
  235. # Optional reactors: these reactors will be configured on the minion
  236. # They override reactors configured in
  237. # 'salt:reactors' or the old 'salt:reactor' parameters
  238. reactors:
  239. - 'minion/deploy':
  240. - /srv/salt/reactors/deploy.sls
  241. # Optional: Configure an elasticsearch returner
  242. return: elasticsearch
  243. elasticsearch:
  244. hosts:
  245. - example.elasticsearch.host:9200
  246. - example.elasticsearch.host2:9200
  247. index_date: true
  248. index: salt
  249. number_of_shards: 5
  250. number_of_replicas: 2
  251. debug_returner_payload: true
  252. states_count: true
  253. states_order_output: true
  254. states_single_index: true
  255. functions_blacklist:
  256. - test.ping
  257. - saltutil.find_job
  258. # init.sls skips salt.api and salt.syndic states
  259. # unless those dicts are populated with something
  260. api:
  261. somekey: somevalue
  262. syndic:
  263. somekey: somevalue
  264. # salt cloud config
  265. cloud:
  266. master: salt
  267. # For non-templated custom cloud provider/profile/map files
  268. providers:
  269. provider-filename1.conf:
  270. vmware-prod:
  271. driver: vmware
  272. user: myusernameprod
  273. password: mypassword
  274. vmware-nonprod:
  275. driver: vmware
  276. user: myusernamenonprod
  277. password: mypassword
  278. profiles:
  279. profile-filename1.conf:
  280. server-non-prod:
  281. clonefrom: rhel6xtemplatenp
  282. grains:
  283. platform:
  284. name: salt
  285. realm: lab
  286. subscription_level: standard
  287. memory: 8GB
  288. num_cpus: 4
  289. password: sUpErsecretey
  290. provider: vmware-nonprod
  291. maps:
  292. map-filename1.map:
  293. server-non-prod:
  294. - host.mycompany.com:
  295. grains:
  296. environment: dev1
  297. # You can take profile and map templates from an alternate location
  298. # if you want to write your own.
  299. template_sources:
  300. providers: salt://salt/files/cloud.providers.d
  301. profiles: salt://salt/files/cloud.profiles.d
  302. maps: salt://salt/files/cloud.maps.d
  303. # These settings are used by the default provider templates and
  304. # only need to be set for the ones you're using.
  305. aws_key: AWSKEYIJSHJAIJS6JSH
  306. aws_secret: AWSSECRETYkkDY1iQf9zRtl9+pW+Nm+aZY95
  307. gce_project: test
  308. # yamllint disable-line rule:line-length
  309. gce_service_account_email_address: 867543072364-orl4h2tpp8jcn1tr9ipj@developer.gserviceaccount.com
  310. rsos_user: afeawofghob
  311. rsos_tenant: tenant_id_number
  312. rsos_apikey: WFJIOJEOIGHSOFHESO
  313. rsos_regions:
  314. - ORD
  315. - DFW
  316. - IAD
  317. - SYD
  318. - HKG
  319. ssh_roster:
  320. prod1:
  321. host: host.example.com
  322. user: ubuntu
  323. sudo: true
  324. priv: /etc/salt/ssh_keys/sshkey.pem
  325. gitfs:
  326. keys:
  327. global:
  328. # key and pub end up being the extension used on the key file
  329. # values other than key and pub are possible
  330. key: |
  331. -----BEGIN RSA PRIVATE KEY-----
  332. ...........
  333. -----END RSA PRIVATE KEY-----
  334. pub: |
  335. ...........
  336. # These reactors will be configured both in the minion and the master
  337. reactors:
  338. - 'deploy':
  339. - /srv/salt/reactors/deploy.sls
  340. # https://docs.saltstack.com/en/latest/ref/states/requisites.html#retrying-states
  341. retry_options:
  342. attempts: 2
  343. until: true
  344. interval: 10
  345. splay: 10
  346. salt_cloud_certs:
  347. aws:
  348. pem: |
  349. -----BEGIN RSA PRIVATE KEY-----
  350. ...........
  351. -----END RSA PRIVATE KEY-----
  352. gce:
  353. pem: |
  354. -----BEGIN RSA PRIVATE KEY-----
  355. ...........
  356. -----END RSA PRIVATE KEY-----
  357. salt_formulas:
  358. git_opts:
  359. # The Git options can be customized differently for each
  360. # environment, if an option is missing in a given environment, the
  361. # value from "default" is used instead.
  362. default:
  363. # URL where the formulas git repositories are downloaded from
  364. # it will be suffixed with <formula-name>.git
  365. baseurl: https://github.com/saltstack-formulas
  366. # Directory where Git repositories are downloaded
  367. basedir: /srv/formulas
  368. # Update the git repository to the latest version (false by default)
  369. update: false
  370. # Options passed directly to the git.latest state
  371. options:
  372. rev: master
  373. user: username
  374. identity: /path/to/.ssh/id_rsa_github_username
  375. dev:
  376. basedir: /srv/formulas/dev
  377. update: true
  378. options:
  379. rev: develop
  380. # Alternatively, a single directory with multiple branches can be used
  381. # E.g. It is strongly recommended to fork saltstack-formula repositories
  382. # to avoid unexpected changes to your infrastructure
  383. # Then upstream changes can be merged in manually with due consideration
  384. # Specific values for `rev`, `user` & `identity` will override the defaults
  385. production:
  386. baseurl: git@github.com:username
  387. options:
  388. branch: master
  389. remote: origin
  390. staging:
  391. baseurl: git@github.com:username
  392. options:
  393. branch: staging
  394. remote: origin
  395. rev: staging
  396. upstream:
  397. baseurl: git@github.com:saltstack-formulas
  398. update: true
  399. options:
  400. branch: upstream
  401. remote: upstream
  402. # Options of the file.directory state that creates the directory where
  403. # the git repositories of the formulas are stored
  404. basedir_opts:
  405. makedirs: true
  406. user: root
  407. group: root
  408. mode: 755
  409. # Explicitly checkout the original branch for repos after the
  410. # git.latest states have been processed (false by default)
  411. # Enable if using the alternative method (single directory, multiple branches)
  412. checkout_orig_branch: true
  413. # List of formulas to enable in each environment
  414. list:
  415. base:
  416. - salt-formula
  417. - postfix-formula
  418. - nginx-formula: # We can also override some options per formula
  419. rev: 'v1.1.0' # Pin a version
  420. - openssh-formula:
  421. rev: '3e01ad8' # or pin a commit id
  422. dev:
  423. - salt-formula
  424. - postfix-formula
  425. - openssh-formula
  426. - nginx-formula:
  427. # You can also pull from another location
  428. name: 'https://github.com/another-fork-location/salt-formula.git'
  429. rev: 'feat/feature'
  430. # Likewise for the alternative method (single directory, multiple branches)
  431. production:
  432. - salt-formula
  433. - openssh-formula
  434. staging:
  435. - salt-formula
  436. - postfix-formula
  437. - openssh-formula
  438. upstream:
  439. - salt-formula
  440. - postfix-formula
  441. - openssh-formula