Saltstack Official Salt Formula
您最多选择25个主题 主题必须以字母或数字开头,可以包含连字符 (-),并且长度不得超过35个字符

462 行
13KB

  1. # -*- coding: utf-8 -*-
  2. # vim: ft=yaml
  3. ---
  4. salt:
  5. # Set this to true to clean any non-salt-formula managed files out of
  6. # /etc/salt/{master,minion}.d ... You really don't want to do this on 2015.2
  7. # and up as it'll wipe out important files that Salt relies on.
  8. clean_config_d_dir: false
  9. # This state will remove "/etc/salt/minion" when you set this to true.
  10. minion_remove_config: true
  11. # This state will remove "/etc/salt/master" when you set this to true.
  12. master_remove_config: true
  13. # Set this to 'py3' to install the Python 3 packages.
  14. # If this is not set, the Python 2 packages will be installed by default.
  15. py_ver: 'py3'
  16. # Set this to false to not have the formula install packages (in the case you
  17. # install Salt via git/pip/etc.)
  18. install_packages: true
  19. # Optional: set salt version (if install_packages is set to true)
  20. version: 2017.7.2-1.el7
  21. # to overwrite map.jinja salt packages
  22. lookup:
  23. salt_master: 'salt-master'
  24. salt_minion: 'salt-minion'
  25. salt_syndic: 'salt-syndic'
  26. salt_cloud: 'salt-cloud'
  27. salt_ssh: 'salt-ssh'
  28. pyinotify: 'python-pyinotify' # the package to be installed for pyinotify
  29. # Set which release of SaltStack to use, default to 'latest'
  30. # To get the available releases:
  31. # * http://repo.saltstack.com/yum/redhat/7/x86_64/
  32. # * http://repo.saltstack.com/apt/debian/8/amd64/
  33. release: '2018.3'
  34. # MacOS has no package management.
  35. # Instead, we use file.managed to download an appropriate .pkg file and
  36. # macpackage.installed to install it 'version', if set (see above), will be
  37. # used to check the .pkg version to determine if it should be installed
  38. #
  39. # NOTE: if 'version' is not set version comparison will not occur and the
  40. # .pkg WILL NOT be installed if a salt .pkg is already installed
  41. # NOTE: salt_minion_pkg_hash, if set, will be passed into file.managed's
  42. # source_hash, use URL or hash string
  43. # yamllint disable rule:line-length
  44. salt_minion_pkg_source: 'https://repo.saltstack.com/osx/salt-2017.7.4-py3-x86_64.pkg'
  45. salt_minion_pkg_hash: 'https://repo.saltstack.com/osx/salt-2017.7.4-py3-x86_64.pkg.md5'
  46. # yamllint enable rule:line-length
  47. # tofs:
  48. # The files_switch key serves as a selector for alternative
  49. # directories under the formula files directory. See TOFS pattern
  50. # doc for more info.
  51. # Note: Any value not evaluated by `config.get` will be used literally.
  52. # This can be used to set custom paths, as many levels deep as required.
  53. # files_switch:
  54. # - any/path/can/be/used/here
  55. # - id
  56. # - osfinger
  57. # - os
  58. # - os_family
  59. # All aspects of path/file resolution are customisable using the options below.
  60. # This is unnecessary in most cases; there are sensible defaults.
  61. # path_prefix: template_alt
  62. # dirs:
  63. # files: files_alt
  64. # default: default_alt
  65. # source_files:
  66. # salt-master:
  67. # - 'alt_master.d'
  68. # salt-minion:
  69. # - 'alt_minion.d'
  70. # salt master config
  71. master_config_use_TOFS: true
  72. master:
  73. standalone: false
  74. fileserver_backend:
  75. - git
  76. - s3fs
  77. - roots
  78. gitfs_remotes:
  79. - git://github.com/saltstack-formulas/salt-formula.git:
  80. - base: develop
  81. s3.keyid: GKTADJGHEIQSXMKKRBJ08H
  82. s3.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
  83. s3.buckets:
  84. - bucket1
  85. - bucket2
  86. - bucket3
  87. - bucket4
  88. file_roots:
  89. base:
  90. - /srv/salt
  91. pillar_roots:
  92. base:
  93. - /srv/pillar
  94. # for salt-api with tornado rest interface
  95. rest_tornado:
  96. port: 8000
  97. ssl_crt: /etc/pki/api/certs/server.crt
  98. ssl_key: /etc/pki/api/certs/server.key
  99. debug: false
  100. disable_ssl: false
  101. # yamllint disable-line rule:line-length
  102. # for profile configuration as https://docs.saltstack.com/en/latest/topics/tutorials/lxc.html#tutorial-lxc-profiles
  103. lxc.container_profile:
  104. debian:
  105. template: download
  106. options:
  107. dist: debian
  108. release: jessie
  109. arch: amd64
  110. backing: lvm
  111. vgname: kimsufi
  112. size: 10G
  113. lxc.network_profile:
  114. basic:
  115. eth0:
  116. link: lxcbr0
  117. type: veth
  118. flags: up
  119. ## for external auth - LDAP
  120. ## filter to use for Active Directory LDAP
  121. # auth.ldap.filter: {% raw %}'sAMAccountName={{username}}'{% endraw %}
  122. ## filter to use for Most other LDAP servers
  123. # auth.ldap.filter: {% raw %}'uid={{ username }}'{% endraw %}
  124. # Define winrepo provider, by default support order is pygit2, gitpython
  125. # Set to gitpython for Debian & Ubuntu to get around saltstack/salt#35993
  126. # where pygit2 is not compiled with pygit2.GIT_FEATURE_HTTPS support
  127. winrepo_provider: gitpython
  128. # optional engine configuration
  129. engines:
  130. - slack:
  131. token: xoxp-XXXXX-XXXXXXX # use Slack's legacy API token
  132. control: true
  133. valid_users:
  134. - someuser
  135. - otheruser
  136. valid_commands:
  137. - test.ping
  138. - list_jobs
  139. aliases:
  140. list_jobs:
  141. type: runner
  142. cmd: jobs.list_jobs
  143. # optional: these reactors will be configured on the master
  144. # They override reactors configured in
  145. # 'salt:reactors' or the old 'salt:reactor' parameters
  146. reactors:
  147. - 'master/deploy':
  148. - /srv/salt/reactors/deploy.sls
  149. # salt minion config:
  150. minion_config_use_TOFS: true
  151. minion:
  152. # standalone setup
  153. master_type: false # see init.sls & standalone.sls
  154. # single master setup
  155. master: salt
  156. # multi master setup
  157. # master:
  158. # - salt_master_1
  159. # - salt_master_2
  160. fileserver_backend:
  161. - git
  162. - roots
  163. gitfs_remotes:
  164. - git://github.com/saltstack-formulas/salt-formula.git:
  165. - base: develop
  166. file_roots:
  167. base:
  168. - /srv/salt
  169. pillar_roots:
  170. base:
  171. - /srv/pillar
  172. module_config:
  173. test: true
  174. test.foo: foo
  175. test.bar:
  176. - baz
  177. - quo
  178. test.baz:
  179. spam: sausage
  180. cheese: bread
  181. # salt mine setup
  182. mine_interval: 60
  183. # mine_functions can be set at the top level of the pillar, and
  184. # that is preferable because it doesn't affect the conf file and
  185. # doesn't require a minion restart. However, you can configure it
  186. # here instead if you really want to.
  187. mine_functions:
  188. network.interface_ip: [eth0]
  189. # Define a minion scheduler
  190. schedule:
  191. - highstate:
  192. - function: state.apply
  193. - minutes: 60
  194. - returner: redis
  195. # other 'non-default' config
  196. auth_keytab: /root/auth.keytab
  197. auth_principal: kadmin/admin
  198. # optional engine configuration
  199. engines:
  200. - slack:
  201. token: xoxp-XXXXX-XXXXXXX # use Slack's legacy API token
  202. control: true
  203. valid_users:
  204. - someuser
  205. - otheruser
  206. valid_commands:
  207. - test.ping
  208. - list_jobs
  209. aliases:
  210. list_jobs:
  211. type: runner
  212. cmd: jobs.list_jobs
  213. # optional beacons configuration
  214. beacons:
  215. load:
  216. 1m:
  217. - 0.0
  218. - 2.0
  219. 5m:
  220. - 0.0
  221. - 1.5
  222. 15m:
  223. - 0.1
  224. - 1.0
  225. interval: 10
  226. # Optional reactors: these reactors will be configured on the minion
  227. # They override reactors configured in
  228. # 'salt:reactors' or the old 'salt:reactor' parameters
  229. reactors:
  230. - 'minion/deploy':
  231. - /srv/salt/reactors/deploy.sls
  232. # Optional: Configure an elasticsearch returner
  233. return: elasticsearch
  234. elasticsearch:
  235. hosts:
  236. - example.elasticsearch.host:9200
  237. - example.elasticsearch.host2:9200
  238. index_date: true
  239. index: salt
  240. number_of_shards: 5
  241. number_of_replicas: 2
  242. debug_returner_payload: true
  243. states_count: true
  244. states_order_output: true
  245. states_single_index: true
  246. functions_blacklist:
  247. - test.ping
  248. - saltutil.find_job
  249. # init.sls skips salt.api and salt.syndic states
  250. # unless those dicts are populated with something
  251. api:
  252. somekey: somevalue
  253. syndic:
  254. somekey: somevalue
  255. # salt cloud config
  256. cloud:
  257. master: salt
  258. # For non-templated custom cloud provider/profile/map files
  259. providers:
  260. provider-filename1.conf:
  261. vmware-prod:
  262. driver: vmware
  263. user: myusernameprod
  264. password: mypassword
  265. vmware-nonprod:
  266. driver: vmware
  267. user: myusernamenonprod
  268. password: mypassword
  269. profiles:
  270. profile-filename1.conf:
  271. server-non-prod:
  272. clonefrom: rhel6xtemplatenp
  273. grains:
  274. platform:
  275. name: salt
  276. realm: lab
  277. subscription_level: standard
  278. memory: 8GB
  279. num_cpus: 4
  280. password: sUpErsecretey
  281. provider: vmware-nonprod
  282. maps:
  283. map-filename1.map:
  284. server-non-prod:
  285. - host.mycompany.com:
  286. grains:
  287. environment: dev1
  288. # You can take profile and map templates from an alternate location
  289. # if you want to write your own.
  290. template_sources:
  291. providers: salt://salt/files/cloud.providers.d
  292. profiles: salt://salt/files/cloud.profiles.d
  293. maps: salt://salt/files/cloud.maps.d
  294. # These settings are used by the default provider templates and
  295. # only need to be set for the ones you're using.
  296. aws_key: AWSKEYIJSHJAIJS6JSH
  297. aws_secret: AWSSECRETYkkDY1iQf9zRtl9+pW+Nm+aZY95
  298. gce_project: test
  299. # yamllint disable-line rule:line-length
  300. gce_service_account_email_address: 867543072364-orl4h2tpp8jcn1tr9ipj@developer.gserviceaccount.com
  301. rsos_user: afeawofghob
  302. rsos_tenant: tenant_id_number
  303. rsos_apikey: WFJIOJEOIGHSOFHESO
  304. rsos_regions:
  305. - ORD
  306. - DFW
  307. - IAD
  308. - SYD
  309. - HKG
  310. ssh_roster:
  311. prod1:
  312. host: host.example.com
  313. user: ubuntu
  314. sudo: true
  315. priv: /etc/salt/ssh_keys/sshkey.pem
  316. gitfs:
  317. keys:
  318. global:
  319. # key and pub end up being the extension used on the key file
  320. # values other than key and pub are possible
  321. key: |
  322. -----BEGIN RSA PRIVATE KEY-----
  323. ...........
  324. -----END RSA PRIVATE KEY-----
  325. pub: |
  326. ...........
  327. # These reactors will be configured both in the minion and the master
  328. reactors:
  329. - 'deploy':
  330. - /srv/salt/reactors/deploy.sls
  331. salt_cloud_certs:
  332. aws:
  333. pem: |
  334. -----BEGIN RSA PRIVATE KEY-----
  335. ...........
  336. -----END RSA PRIVATE KEY-----
  337. gce:
  338. pem: |
  339. -----BEGIN RSA PRIVATE KEY-----
  340. ...........
  341. -----END RSA PRIVATE KEY-----
  342. salt_formulas:
  343. git_opts:
  344. # The Git options can be customized differently for each
  345. # environment, if an option is missing in a given environment, the
  346. # value from "default" is used instead.
  347. default:
  348. # URL where the formulas git repositories are downloaded from
  349. # it will be suffixed with <formula-name>.git
  350. baseurl: https://github.com/saltstack-formulas
  351. # Directory where Git repositories are downloaded
  352. basedir: /srv/formulas
  353. # Update the git repository to the latest version (false by default)
  354. update: false
  355. # Options passed directly to the git.latest state
  356. options:
  357. rev: master
  358. user: username
  359. identity: /path/to/.ssh/id_rsa_github_username
  360. dev:
  361. basedir: /srv/formulas/dev
  362. update: true
  363. options:
  364. rev: develop
  365. # Alternatively, a single directory with multiple branches can be used
  366. # E.g. It is strongly recommended to fork saltstack-formula repositories
  367. # to avoid unexpected changes to your infrastructure
  368. # Then upstream changes can be merged in manually with due consideration
  369. # Specific values for `rev`, `user` & `identity` will override the defaults
  370. production:
  371. baseurl: git@github.com:username
  372. options:
  373. branch: master
  374. remote: origin
  375. staging:
  376. baseurl: git@github.com:username
  377. options:
  378. branch: staging
  379. remote: origin
  380. rev: staging
  381. upstream:
  382. baseurl: git@github.com:saltstack-formulas
  383. update: true
  384. options:
  385. branch: upstream
  386. remote: upstream
  387. # Options of the file.directory state that creates the directory where
  388. # the git repositories of the formulas are stored
  389. basedir_opts:
  390. makedirs: true
  391. user: root
  392. group: root
  393. mode: 755
  394. # Explicitly checkout the original branch for repos after the
  395. # git.latest states have been processed (false by default)
  396. # Enable if using the alternative method (single directory, multiple branches)
  397. checkout_orig_branch: true
  398. # List of formulas to enable in each environment
  399. list:
  400. base:
  401. - salt-formula
  402. - postfix-formula
  403. - nginx-formula: # We can also override some options per formula
  404. rev: 'v1.1.0' # Pin a version
  405. - openssh-formula:
  406. rev: '3e01ad8' # or pin a commit id
  407. dev:
  408. - salt-formula
  409. - postfix-formula
  410. - openssh-formula
  411. - nginx-formula:
  412. # You can also pull from another location
  413. name: 'https://github.com/another-fork-location/salt-formula.git'
  414. rev: 'feat/feature'
  415. # Likewise for the alternative method (single directory, multiple branches)
  416. production:
  417. - salt-formula
  418. - openssh-formula
  419. staging:
  420. - salt-formula
  421. - postfix-formula
  422. - openssh-formula
  423. upstream:
  424. - salt-formula
  425. - postfix-formula
  426. - openssh-formula