Saltstack Official Salt Formula
Ви не можете вибрати більше 25 тем Теми мають розпочинатися з літери або цифри, можуть містити дефіси (-) і не повинні перевищувати 35 символів.

331 lines
8.7KB

  1. salt:
  2. # Set this to true to clean any non-salt-formula managed files out of
  3. # /etc/salt/{master,minion}.d ... You really don't want to do this on 2015.2
  4. # and up as it'll wipe out important files that Salt relies on.
  5. clean_config_d_dir: False
  6. # This state will remove "/etc/salt/minion" when you set this to true.
  7. minion_remove_config: True
  8. # This state will remove "/etc/salt/master" when you set this to true.
  9. master_remove_config: True
  10. # Set this to False to not have the formula install packages (in the case you
  11. # install Salt via git/pip/etc.)
  12. install_packages: True
  13. # to overwrite map.jinja salt packages
  14. lookup:
  15. salt-master: 'salt-master'
  16. salt-minion: 'salt-minion'
  17. salt-syndic: 'salt-syndic'
  18. salt-cloud: 'salt-cloud'
  19. salt-ssh: 'salt-ssh'
  20. # Set which release of SaltStack to use, default to 'latest'
  21. # To get the available releases:
  22. # * http://repo.saltstack.com/yum/redhat/7/x86_64/
  23. # * http://repo.saltstack.com/apt/debian/8/amd64/
  24. release: 2016.11
  25. # salt master config
  26. master:
  27. fileserver_backend:
  28. - git
  29. - s3fs
  30. - roots
  31. gitfs_remotes:
  32. - git://github.com/saltstack-formulas/salt-formula.git:
  33. - base: develop
  34. s3.keyid: GKTADJGHEIQSXMKKRBJ08H
  35. s3.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
  36. s3.buckets:
  37. - bucket1
  38. - bucket2
  39. - bucket3
  40. - bucket4
  41. file_roots:
  42. base:
  43. - /srv/salt
  44. pillar_roots:
  45. base:
  46. - /srv/pillar
  47. # for salt-api with tornado rest interface
  48. rest_tornado:
  49. port: 8000
  50. ssl_crt: /etc/pki/api/certs/server.crt
  51. ssl_key: /etc/pki/api/certs/server.key
  52. debug: False
  53. disable_ssl: False
  54. # for profile configuration as https://docs.saltstack.com/en/latest/topics/tutorials/lxc.html#tutorial-lxc-profiles
  55. lxc.container_profile:
  56. debian:
  57. template: download
  58. options:
  59. dist: debian
  60. release: jessie
  61. arch: amd64
  62. backing: lvm
  63. vgname: kimsufi
  64. size: 10G
  65. lxc.network_profile:
  66. basic:
  67. eth0:
  68. link: lxcbr0
  69. type: veth
  70. flags: up
  71. ## for external auth - LDAP
  72. # filter to use for Active Directory LDAP
  73. auth.ldap.filter: {% raw %}'sAMAccountName={{username}}'{% endraw %}
  74. # filter to use for Most other LDAP servers
  75. auth.ldap.filter: {% raw %}'uid={{ username }}'{% endraw %}
  76. # Define winrepo provider, by default support order is pygit2, gitpython
  77. # Set to gitpython for Debian & Ubuntu to get around saltstack/salt#35993
  78. # where pygit2 is not compiled with pygit2.GIT_FEATURE_HTTPS support
  79. winrepo_provider: gitpython
  80. # optional engine configuration
  81. engines:
  82. slack:
  83. token: xoxp-XXXXX-XXXXXXX
  84. control: True
  85. valid_users:
  86. - someuser
  87. - otheruser
  88. valid_commands:
  89. - test.ping
  90. - list_jobs
  91. aliases:
  92. list_jobs:
  93. type: runner
  94. cmd: jobs.list_jobs
  95. # optional: these reactors will be configured on the master
  96. # They override reactors configured in
  97. # 'salt:reactors' or the old 'salt:reactor' parameters
  98. reactors:
  99. - 'master/deploy':
  100. - /srv/salt/reactors/deploy.sls
  101. # salt minion config:
  102. minion:
  103. # single master setup
  104. master: salt
  105. # multi master setup
  106. #master:
  107. #- salt_master_1
  108. #- salt_master_2
  109. fileserver_backend:
  110. - git
  111. - roots
  112. gitfs_remotes:
  113. - git://github.com/saltstack-formulas/salt-formula.git:
  114. - base: develop
  115. file_roots:
  116. base:
  117. - /srv/salt
  118. pillar_roots:
  119. base:
  120. - /srv/pillar
  121. module_config:
  122. test: True
  123. test.foo: foo
  124. test.bar:
  125. - baz
  126. - quo
  127. test.baz:
  128. spam: sausage
  129. cheese: bread
  130. # salt mine setup
  131. mine_interval: 60
  132. # mine_functions can be set at the top level of the pillar, and
  133. # that is preferable because it doesn't affect the conf file and
  134. # doesn't require a minion restart. However, you can configure it
  135. # here instead if you really want to.
  136. mine_functions:
  137. network.interface_ip: [eth0]
  138. # Define a minion scheduler
  139. schedule:
  140. - highstate:
  141. - function: state.apply
  142. - minutes: 60
  143. - returner: redis
  144. # other 'non-default' config
  145. auth_keytab: /root/auth.keytab
  146. auth_principal: kadmin/admin
  147. # optional engine configuration
  148. engines:
  149. slack:
  150. token: xoxp-XXXXX-XXXXXXX
  151. control: True
  152. valid_users:
  153. - someuser
  154. - otheruser
  155. valid_commands:
  156. - test.ping
  157. - list_jobs
  158. aliases:
  159. list_jobs:
  160. type: runner
  161. cmd: jobs.list_jobs
  162. # optional beacons configuration
  163. beacons:
  164. load:
  165. 1m:
  166. - 0.0
  167. - 2.0
  168. 5m:
  169. - 0.0
  170. - 1.5
  171. 15m:
  172. - 0.1
  173. - 1.0
  174. interval: 10
  175. # Optional reactors: these reactors will be configured on the minion
  176. # They override reactors configured in
  177. # 'salt:reactors' or the old 'salt:reactor' parameters
  178. reactors:
  179. - 'minion/deploy':
  180. - /srv/salt/reactors/deploy.sls
  181. # salt cloud config
  182. cloud:
  183. master: salt
  184. # For non-templated custom cloud provider/profile/map files
  185. providers:
  186. provider-filename1.conf:
  187. vmware-prod:
  188. driver: vmware
  189. user: myusernameprod
  190. password: mypassword
  191. vmware-nonprod:
  192. driver: vmware
  193. user: myusernamenonprod
  194. password: mypassword
  195. profiles:
  196. profile-filename1.conf:
  197. server-non-prod:
  198. clonefrom: rhel6xtemplatenp
  199. grains:
  200. platform:
  201. name: salt
  202. realm: lab
  203. subscription_level: standard
  204. memory: 8GB
  205. num_cpus: 4
  206. password: sUpErsecretey
  207. provider: vmware-nonprod
  208. maps:
  209. map-filename1.map:
  210. server-non-prod:
  211. - host.mycompany.com:
  212. grains:
  213. environment: dev1
  214. # You can take profile and map templates from an alternate location
  215. # if you want to write your own.
  216. template_sources:
  217. providers: salt://salt/files/cloud.providers.d
  218. profiles: salt://salt/files/cloud.profiles.d
  219. maps: salt://salt/files/cloud.maps.d
  220. # These settings are used by the default provider templates and
  221. # only need to be set for the ones you're using.
  222. aws_key: AWSKEYIJSHJAIJS6JSH
  223. aws_secret: AWSSECRETYkkDY1iQf9zRtl9+pW+Nm+aZY95
  224. gce_project: test
  225. gce_service_account_email_address: 867543072364-orl4h2tpp8jcn1tr9ipj@developer.gserviceaccount.com
  226. rsos_user: afeawofghob
  227. rsos_tenant: tenant_id_number
  228. rsos_apikey: WFJIOJEOIGHSOFHESO
  229. rsos_regions:
  230. - ORD
  231. - DFW
  232. - IAD
  233. - SYD
  234. - HKG
  235. ssh_roster:
  236. prod1:
  237. host: host.example.com
  238. user: ubuntu
  239. sudo: True
  240. priv: /etc/salt/ssh_keys/sshkey.pem
  241. gitfs:
  242. keys:
  243. global:
  244. # key and pub end up being the extension used on the key file. values other than key and pub are possible
  245. key: |
  246. -----BEGIN RSA PRIVATE KEY-----
  247. ...........
  248. -----END RSA PRIVATE KEY-----
  249. pub: |
  250. ...........
  251. # These reactors will be configured both in the minion and the master
  252. reactors:
  253. - 'deploy':
  254. - /srv/salt/reactors/deploy.sls
  255. salt_cloud_certs:
  256. aws:
  257. pem: |
  258. -----BEGIN RSA PRIVATE KEY-----
  259. ...........
  260. -----END RSA PRIVATE KEY-----
  261. gce:
  262. pem: |
  263. -----BEGIN RSA PRIVATE KEY-----
  264. ...........
  265. -----END RSA PRIVATE KEY-----
  266. salt_formulas:
  267. git_opts:
  268. # The Git options can be customized differently for each
  269. # environment, if an option is missing in a given environment, the
  270. # value from "default" is used instead.
  271. default:
  272. # URL where the formulas git repositories are downloaded from
  273. # it will be suffixed with <formula-name>.git
  274. baseurl: https://github.com/saltstack-formulas
  275. # Directory where Git repositories are downloaded
  276. basedir: /srv/formulas
  277. # Update the git repository to the latest version (False by default)
  278. update: False
  279. # Options passed directly to the git.latest state
  280. options:
  281. rev: master
  282. dev:
  283. basedir: /srv/formulas/dev
  284. update: True
  285. options:
  286. rev: develop
  287. # Options of the file.directory state that creates the directory where
  288. # the git repositories of the formulas are stored
  289. basedir_opts:
  290. makedirs: True
  291. user: root
  292. group: root
  293. mode: 755
  294. # List of formulas to enable in each environment
  295. list:
  296. base:
  297. - salt-formula
  298. - postfix-formula
  299. dev:
  300. - salt-formula
  301. - postfix-formula
  302. - openssh-formula