|
- # -*- coding: utf-8 -*-
- # vim: ft=yaml
- ---
- salt:
- # Set this to true to clean any non-salt-formula managed files out of
- # /etc/salt/{master,minion}.d ... You really don't want to do this on 2015.2
- # and up as it'll wipe out important files that Salt relies on.
- clean_config_d_dir: false
-
- # This state will remove "/etc/salt/minion" when you set this to true.
- minion_remove_config: true
-
- # This state will remove "/etc/salt/master" when you set this to true.
- master_remove_config: true
-
- # Set this to 'py3' to install the Python 3 packages.
- # If this is not set, the Python 2 packages will be installed by default.
- py_ver: 'py3'
-
- # Set this to false to not have the formula install packages (in the case you
- # install Salt via git/pip/etc.)
- install_packages: true
-
- # Optional: set salt version (if install_packages is set to true)
- version: 2017.7.2-1.el7
-
- # to overwrite map.jinja salt packages
- lookup:
- salt_master: 'salt-master'
- salt_minion: 'salt-minion'
- salt_syndic: 'salt-syndic'
- salt_cloud: 'salt-cloud'
- salt_ssh: 'salt-ssh'
- pyinotify: 'python-pyinotify' # the package to be installed for pyinotify
-
- # Set which release of SaltStack to use, default to 'latest'
- # To get the available releases:
- # * http://repo.saltstack.com/yum/redhat/7/x86_64/
- # * http://repo.saltstack.com/apt/debian/8/amd64/
- release: '2018.3'
-
- # MacOS has no package management.
- # Instead, we use file.managed to download an appropriate .pkg file and
- # macpackage.installed to install it 'version', if set (see above), will be
- # used to check the .pkg version to determine if it should be installed
- #
- # NOTE: if 'version' is not set version comparison will not occur and the
- # .pkg WILL NOT be installed if a salt .pkg is already installed
- # NOTE: salt_minion_pkg_hash, if set, will be passed into file.managed's
- # source_hash, use URL or hash string
- # yamllint disable rule:line-length
- salt_minion_pkg_source: 'https://repo.saltstack.com/osx/salt-2017.7.4-py3-x86_64.pkg'
- salt_minion_pkg_hash: 'https://repo.saltstack.com/osx/salt-2017.7.4-py3-x86_64.pkg.md5'
- # yamllint enable rule:line-length
-
- # tofs:
- # The files_switch key serves as a selector for alternative
- # directories under the formula files directory. See TOFS pattern
- # doc for more info.
- # Note: Any value not evaluated by `config.get` will be used literally.
- # This can be used to set custom paths, as many levels deep as required.
- # files_switch:
- # - any/path/can/be/used/here
- # - id
- # - osfinger
- # - os
- # - os_family
- # All aspects of path/file resolution are customisable using the options below.
- # This is unnecessary in most cases; there are sensible defaults.
- # path_prefix: template_alt
- # dirs:
- # files: files_alt
- # default: default_alt
- # source_files:
- # salt-master:
- # - 'alt_master.d'
- # salt-minion:
- # - 'alt_minion.d'
-
- # salt master config
- master_config_use_TOFS: true
- master:
- fileserver_backend:
- - git
- - s3fs
- - roots
- gitfs_remotes:
- - git://github.com/saltstack-formulas/salt-formula.git:
- - base: develop
- s3.keyid: GKTADJGHEIQSXMKKRBJ08H
- s3.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
- s3.buckets:
- - bucket1
- - bucket2
- - bucket3
- - bucket4
- file_roots:
- base:
- - /srv/salt
- pillar_roots:
- base:
- - /srv/pillar
- # for salt-api with tornado rest interface
- rest_tornado:
- port: 8000
- ssl_crt: /etc/pki/api/certs/server.crt
- ssl_key: /etc/pki/api/certs/server.key
- debug: false
- disable_ssl: false
- # yamllint disable-line rule:line-length
- # for profile configuration as https://docs.saltstack.com/en/latest/topics/tutorials/lxc.html#tutorial-lxc-profiles
- lxc.container_profile:
- debian:
- template: download
- options:
- dist: debian
- release: jessie
- arch: amd64
- backing: lvm
- vgname: kimsufi
- size: 10G
- lxc.network_profile:
- basic:
- eth0:
- link: lxcbr0
- type: veth
- flags: up
- ## for external auth - LDAP
- ## filter to use for Active Directory LDAP
- # auth.ldap.filter: {% raw %}'sAMAccountName={{username}}'{% endraw %}
- ## filter to use for Most other LDAP servers
- # auth.ldap.filter: {% raw %}'uid={{ username }}'{% endraw %}
-
- # Define winrepo provider, by default support order is pygit2, gitpython
- # Set to gitpython for Debian & Ubuntu to get around saltstack/salt#35993
- # where pygit2 is not compiled with pygit2.GIT_FEATURE_HTTPS support
- winrepo_provider: gitpython
-
- # optional engine configuration
- engines:
- - slack:
- token: xoxp-XXXXX-XXXXXXX # use Slack's legacy API token
- control: true
- valid_users:
- - someuser
- - otheruser
- valid_commands:
- - test.ping
- - list_jobs
- aliases:
- list_jobs:
- type: runner
- cmd: jobs.list_jobs
-
- # optional: these reactors will be configured on the master
- # They override reactors configured in
- # 'salt:reactors' or the old 'salt:reactor' parameters
- reactors:
- - 'master/deploy':
- - /srv/salt/reactors/deploy.sls
-
- # salt minion config:
- minion_config_use_TOFS: true
- minion:
-
- # single master setup
- master: salt
-
- # multi master setup
- # master:
- # - salt_master_1
- # - salt_master_2
-
- fileserver_backend:
- - git
- - roots
- gitfs_remotes:
- - git://github.com/saltstack-formulas/salt-formula.git:
- - base: develop
- file_roots:
- base:
- - /srv/salt
- pillar_roots:
- base:
- - /srv/pillar
- module_config:
- test: true
- test.foo: foo
- test.bar:
- - baz
- - quo
- test.baz:
- spam: sausage
- cheese: bread
-
- # salt mine setup
- mine_interval: 60
- # mine_functions can be set at the top level of the pillar, and
- # that is preferable because it doesn't affect the conf file and
- # doesn't require a minion restart. However, you can configure it
- # here instead if you really want to.
- mine_functions:
- network.interface_ip: [eth0]
-
- # Define a minion scheduler
- schedule:
- - highstate:
- - function: state.apply
- - minutes: 60
- - returner: redis
-
- # other 'non-default' config
- auth_keytab: /root/auth.keytab
- auth_principal: kadmin/admin
-
- # optional engine configuration
- engines:
- - slack:
- token: xoxp-XXXXX-XXXXXXX # use Slack's legacy API token
- control: true
- valid_users:
- - someuser
- - otheruser
- valid_commands:
- - test.ping
- - list_jobs
- aliases:
- list_jobs:
- type: runner
- cmd: jobs.list_jobs
-
- # optional beacons configuration
- beacons:
- load:
- 1m:
- - 0.0
- - 2.0
- 5m:
- - 0.0
- - 1.5
- 15m:
- - 0.1
- - 1.0
- interval: 10
-
- # Optional reactors: these reactors will be configured on the minion
- # They override reactors configured in
- # 'salt:reactors' or the old 'salt:reactor' parameters
- reactors:
- - 'minion/deploy':
- - /srv/salt/reactors/deploy.sls
-
- # Optional: Configure an elasticsearch returner
- return: elasticsearch
- elasticsearch:
- hosts:
- - example.elasticsearch.host:9200
- - example.elasticsearch.host2:9200
- index_date: true
- index: salt
- number_of_shards: 5
- number_of_replicas: 2
- debug_returner_payload: true
- states_count: true
- states_order_output: true
- states_single_index: true
- functions_blacklist:
- - test.ping
- - saltutil.find_job
-
- # salt cloud config
- cloud:
- master: salt
-
- # For non-templated custom cloud provider/profile/map files
- providers:
- provider-filename1.conf:
- vmware-prod:
- driver: vmware
- user: myusernameprod
- password: mypassword
- vmware-nonprod:
- driver: vmware
- user: myusernamenonprod
- password: mypassword
- profiles:
- profile-filename1.conf:
- server-non-prod:
- clonefrom: rhel6xtemplatenp
- grains:
- platform:
- name: salt
- realm: lab
- subscription_level: standard
- memory: 8GB
- num_cpus: 4
- password: sUpErsecretey
- provider: vmware-nonprod
- maps:
- map-filename1.map:
- server-non-prod:
- - host.mycompany.com:
- grains:
- environment: dev1
-
- # You can take profile and map templates from an alternate location
- # if you want to write your own.
- template_sources:
- providers: salt://salt/files/cloud.providers.d
- profiles: salt://salt/files/cloud.profiles.d
- maps: salt://salt/files/cloud.maps.d
-
- # These settings are used by the default provider templates and
- # only need to be set for the ones you're using.
- aws_key: AWSKEYIJSHJAIJS6JSH
- aws_secret: AWSSECRETYkkDY1iQf9zRtl9+pW+Nm+aZY95
- gce_project: test
- # yamllint disable-line rule:line-length
- gce_service_account_email_address: 867543072364-orl4h2tpp8jcn1tr9ipj@developer.gserviceaccount.com
- rsos_user: afeawofghob
- rsos_tenant: tenant_id_number
- rsos_apikey: WFJIOJEOIGHSOFHESO
- rsos_regions:
- - ORD
- - DFW
- - IAD
- - SYD
- - HKG
-
- ssh_roster:
- prod1:
- host: host.example.com
- user: ubuntu
- sudo: true
- priv: /etc/salt/ssh_keys/sshkey.pem
- gitfs:
- keys:
- global:
- # key and pub end up being the extension used on the key file
- # values other than key and pub are possible
- key: |
- -----BEGIN RSA PRIVATE KEY-----
- ...........
- -----END RSA PRIVATE KEY-----
- pub: |
- ...........
-
- # These reactors will be configured both in the minion and the master
- reactors:
- - 'deploy':
- - /srv/salt/reactors/deploy.sls
-
- salt_cloud_certs:
- aws:
- pem: |
- -----BEGIN RSA PRIVATE KEY-----
- ...........
- -----END RSA PRIVATE KEY-----
-
- gce:
- pem: |
- -----BEGIN RSA PRIVATE KEY-----
- ...........
- -----END RSA PRIVATE KEY-----
-
- salt_formulas:
- git_opts:
- # The Git options can be customized differently for each
- # environment, if an option is missing in a given environment, the
- # value from "default" is used instead.
- default:
- # URL where the formulas git repositories are downloaded from
- # it will be suffixed with <formula-name>.git
- baseurl: https://github.com/saltstack-formulas
- # Directory where Git repositories are downloaded
- basedir: /srv/formulas
- # Update the git repository to the latest version (false by default)
- update: false
- # Options passed directly to the git.latest state
- options:
- rev: master
- user: username
- identity: /path/to/.ssh/id_rsa_github_username
- dev:
- basedir: /srv/formulas/dev
- update: true
- options:
- rev: develop
- # Alternatively, a single directory with multiple branches can be used
- # E.g. It is strongly recommended to fork saltstack-formula repositories
- # to avoid unexpected changes to your infrastructure
- # Then upstream changes can be merged in manually with due consideration
- # Specific values for `rev`, `user` & `identity` will override the defaults
- production:
- baseurl: git@github.com:username
- options:
- branch: master
- remote: origin
- staging:
- baseurl: git@github.com:username
- options:
- branch: staging
- remote: origin
- rev: staging
- upstream:
- baseurl: git@github.com:saltstack-formulas
- update: true
- options:
- branch: upstream
- remote: upstream
- # Options of the file.directory state that creates the directory where
- # the git repositories of the formulas are stored
- basedir_opts:
- makedirs: true
- user: root
- group: root
- mode: 755
- # Explicitly checkout the original branch for repos after the
- # git.latest states have been processed (false by default)
- # Enable if using the alternative method (single directory, multiple branches)
- checkout_orig_branch: true
- # List of formulas to enable in each environment
- list:
- base:
- - salt-formula
- - postfix-formula
- - nginx-formula: # We can also override some options per formula
- rev: 'v1.1.0' # Pin a version
- - openssh-formula:
- rev: '3e01ad8' # or pin a commit id
- dev:
- - salt-formula
- - postfix-formula
- - openssh-formula
- - nginx-formula:
- # You can also pull from another location
- name: 'https://github.com/another-fork-location/salt-formula.git'
- rev: 'feat/feature'
- # Likewise for the alternative method (single directory, multiple branches)
- production:
- - salt-formula
- - openssh-formula
- staging:
- - salt-formula
- - postfix-formula
- - openssh-formula
- upstream:
- - salt-formula
- - postfix-formula
- - openssh-formula
|
