|
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403 |
- salt:
- # Set this to true to clean any non-salt-formula managed files out of
- # /etc/salt/{master,minion}.d ... You really don't want to do this on 2015.2
- # and up as it'll wipe out important files that Salt relies on.
- clean_config_d_dir: False
-
- # This state will remove "/etc/salt/minion" when you set this to true.
- minion_remove_config: True
-
- # This state will remove "/etc/salt/master" when you set this to true.
- master_remove_config: True
-
- # Set this to False to not have the formula install packages (in the case you
- # install Salt via git/pip/etc.)
- install_packages: True
-
- # Optional: set salt version (if install_packages is set to True)
- version: 2017.7.2-1.el7
-
- # to overwrite map.jinja salt packages
- lookup:
- salt_master: 'salt-master'
- salt_minion: 'salt-minion'
- salt_syndic: 'salt-syndic'
- salt_cloud: 'salt-cloud'
- salt_ssh: 'salt-ssh'
- pyinotify: 'python-pyinotify' # the package to be installed for pyinotify
-
- # Set which release of SaltStack to use, default to 'latest'
- # To get the available releases:
- # * http://repo.saltstack.com/yum/redhat/7/x86_64/
- # * http://repo.saltstack.com/apt/debian/8/amd64/
- release: '2018.3'
-
- # MacOS has no package management.
- # Instead, we use file.managed to download an appropriate .pkg file and macpackage.installed to install it
- # 'version', if set (see above), will be used to check the .pkg version to determine if it should be installed
- #
- # NOTE: if 'version' is not set version comparison will not occur and the .pkg WILL NOT be installed if a salt
- # .pkg is already installed
- # NOTE: salt_minion_pkg_hash, if set, will be passed into file.managed's source_hash, use URL or hash string
- salt_minion_pkg_source: 'https://repo.saltstack.com/osx/salt-2017.7.4-py3-x86_64.pkg'
- salt_minion_pkg_hash: 'https://repo.saltstack.com/osx/salt-2017.7.4-py3-x86_64.pkg.md5'
-
- # salt master config
- master:
- fileserver_backend:
- - git
- - s3fs
- - roots
- gitfs_remotes:
- - git://github.com/saltstack-formulas/salt-formula.git:
- - base: develop
- s3.keyid: GKTADJGHEIQSXMKKRBJ08H
- s3.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
- s3.buckets:
- - bucket1
- - bucket2
- - bucket3
- - bucket4
- file_roots:
- base:
- - /srv/salt
- pillar_roots:
- base:
- - /srv/pillar
- # for salt-api with tornado rest interface
- rest_tornado:
- port: 8000
- ssl_crt: /etc/pki/api/certs/server.crt
- ssl_key: /etc/pki/api/certs/server.key
- debug: False
- disable_ssl: False
- # for profile configuration as https://docs.saltstack.com/en/latest/topics/tutorials/lxc.html#tutorial-lxc-profiles
- lxc.container_profile:
- debian:
- template: download
- options:
- dist: debian
- release: jessie
- arch: amd64
- backing: lvm
- vgname: kimsufi
- size: 10G
- lxc.network_profile:
- basic:
- eth0:
- link: lxcbr0
- type: veth
- flags: up
- ## for external auth - LDAP
- # filter to use for Active Directory LDAP
- auth.ldap.filter: {% raw %}'sAMAccountName={{username}}'{% endraw %}
- # filter to use for Most other LDAP servers
- auth.ldap.filter: {% raw %}'uid={{ username }}'{% endraw %}
-
- # Define winrepo provider, by default support order is pygit2, gitpython
- # Set to gitpython for Debian & Ubuntu to get around saltstack/salt#35993
- # where pygit2 is not compiled with pygit2.GIT_FEATURE_HTTPS support
- winrepo_provider: gitpython
-
- # optional engine configuration
- engines:
- - slack:
- token: xoxp-XXXXX-XXXXXXX # use Slack's legacy API token
- control: True
- valid_users:
- - someuser
- - otheruser
- valid_commands:
- - test.ping
- - list_jobs
- aliases:
- list_jobs:
- type: runner
- cmd: jobs.list_jobs
-
- # optional: these reactors will be configured on the master
- # They override reactors configured in
- # 'salt:reactors' or the old 'salt:reactor' parameters
- reactors:
- - 'master/deploy':
- - /srv/salt/reactors/deploy.sls
-
- # salt minion config:
- minion:
-
- # single master setup
- master: salt
-
- # multi master setup
- #master:
- #- salt_master_1
- #- salt_master_2
-
- fileserver_backend:
- - git
- - roots
- gitfs_remotes:
- - git://github.com/saltstack-formulas/salt-formula.git:
- - base: develop
- file_roots:
- base:
- - /srv/salt
- pillar_roots:
- base:
- - /srv/pillar
- module_config:
- test: True
- test.foo: foo
- test.bar:
- - baz
- - quo
- test.baz:
- spam: sausage
- cheese: bread
-
- # salt mine setup
- mine_interval: 60
- # mine_functions can be set at the top level of the pillar, and
- # that is preferable because it doesn't affect the conf file and
- # doesn't require a minion restart. However, you can configure it
- # here instead if you really want to.
- mine_functions:
- network.interface_ip: [eth0]
-
- # Define a minion scheduler
- schedule:
- - highstate:
- - function: state.apply
- - minutes: 60
- - returner: redis
-
- # other 'non-default' config
- auth_keytab: /root/auth.keytab
- auth_principal: kadmin/admin
-
- # optional engine configuration
- engines:
- - slack:
- token: xoxp-XXXXX-XXXXXXX # use Slack's legacy API token
- control: True
- valid_users:
- - someuser
- - otheruser
- valid_commands:
- - test.ping
- - list_jobs
- aliases:
- list_jobs:
- type: runner
- cmd: jobs.list_jobs
-
- # optional beacons configuration
- beacons:
- load:
- 1m:
- - 0.0
- - 2.0
- 5m:
- - 0.0
- - 1.5
- 15m:
- - 0.1
- - 1.0
- interval: 10
-
- # Optional reactors: these reactors will be configured on the minion
- # They override reactors configured in
- # 'salt:reactors' or the old 'salt:reactor' parameters
- reactors:
- - 'minion/deploy':
- - /srv/salt/reactors/deploy.sls
-
- # Optional: Configure an elasticsearch returner
- return: elasticsearch
- elasticsearch:
- hosts:
- - example.elasticsearch.host:9200
- - example.elasticsearch.host2:9200
- index_date: True
- index: salt
- number_of_shards: 5
- number_of_replicas: 2
- debug_returner_payload: True
- states_count: True
- states_order_output: True
- states_single_index: True
- functions_blacklist:
- - test.ping
- - saltutil.find_job
-
- # salt cloud config
- cloud:
- master: salt
-
- # For non-templated custom cloud provider/profile/map files
- providers:
- provider-filename1.conf:
- vmware-prod:
- driver: vmware
- user: myusernameprod
- password: mypassword
- vmware-nonprod:
- driver: vmware
- user: myusernamenonprod
- password: mypassword
- profiles:
- profile-filename1.conf:
- server-non-prod:
- clonefrom: rhel6xtemplatenp
- grains:
- platform:
- name: salt
- realm: lab
- subscription_level: standard
- memory: 8GB
- num_cpus: 4
- password: sUpErsecretey
- provider: vmware-nonprod
- maps:
- map-filename1.map:
- server-non-prod:
- - host.mycompany.com:
- grains:
- environment: dev1
-
- # You can take profile and map templates from an alternate location
- # if you want to write your own.
- template_sources:
- providers: salt://salt/files/cloud.providers.d
- profiles: salt://salt/files/cloud.profiles.d
- maps: salt://salt/files/cloud.maps.d
-
- # These settings are used by the default provider templates and
- # only need to be set for the ones you're using.
- aws_key: AWSKEYIJSHJAIJS6JSH
- aws_secret: AWSSECRETYkkDY1iQf9zRtl9+pW+Nm+aZY95
- gce_project: test
- gce_service_account_email_address: 867543072364-orl4h2tpp8jcn1tr9ipj@developer.gserviceaccount.com
- rsos_user: afeawofghob
- rsos_tenant: tenant_id_number
- rsos_apikey: WFJIOJEOIGHSOFHESO
- rsos_regions:
- - ORD
- - DFW
- - IAD
- - SYD
- - HKG
-
- ssh_roster:
- prod1:
- host: host.example.com
- user: ubuntu
- sudo: True
- priv: /etc/salt/ssh_keys/sshkey.pem
- gitfs:
- keys:
- global:
- # key and pub end up being the extension used on the key file. values other than key and pub are possible
- key: |
- -----BEGIN RSA PRIVATE KEY-----
- ...........
- -----END RSA PRIVATE KEY-----
- pub: |
- ...........
-
- # These reactors will be configured both in the minion and the master
- reactors:
- - 'deploy':
- - /srv/salt/reactors/deploy.sls
-
- salt_cloud_certs:
- aws:
- pem: |
- -----BEGIN RSA PRIVATE KEY-----
- ...........
- -----END RSA PRIVATE KEY-----
-
- gce:
- pem: |
- -----BEGIN RSA PRIVATE KEY-----
- ...........
- -----END RSA PRIVATE KEY-----
-
- salt_formulas:
- git_opts:
- # The Git options can be customized differently for each
- # environment, if an option is missing in a given environment, the
- # value from "default" is used instead.
- default:
- # URL where the formulas git repositories are downloaded from
- # it will be suffixed with <formula-name>.git
- baseurl: https://github.com/saltstack-formulas
- # Directory where Git repositories are downloaded
- basedir: /srv/formulas
- # Update the git repository to the latest version (False by default)
- update: False
- # Options passed directly to the git.latest state
- options:
- rev: master
- user: username
- identity: /path/to/.ssh/id_rsa_github_username
- dev:
- basedir: /srv/formulas/dev
- update: True
- options:
- rev: develop
- # Alternatively, a single directory with multiple branches can be used
- # E.g. It is strongly recommended to fork saltstack-formula repositories
- # to avoid unexpected changes to your infrastructure
- # Then upstream changes can be merged in manually with due consideration
- # Specific values for `rev`, `user` & `identity` will override the defaults
- production:
- baseurl: git@github.com:username
- options:
- branch: master
- remote: origin
- staging:
- baseurl: git@github.com:username
- options:
- branch: staging
- remote: origin
- rev: staging
- upstream:
- baseurl: git@github.com:saltstack-formulas
- update: True
- options:
- branch: upstream
- remote: upstream
- # Options of the file.directory state that creates the directory where
- # the git repositories of the formulas are stored
- basedir_opts:
- makedirs: True
- user: root
- group: root
- mode: 755
- # Explicitly checkout the original branch for repos after the
- # git.latest states have been processed (False by default)
- # Enable if using the alternative method (single directory, multiple branches)
- checkout_orig_branch: True
- # List of formulas to enable in each environment
- list:
- base:
- - salt-formula
- - postfix-formula
- dev:
- - salt-formula
- - postfix-formula
- - openssh-formula
- # Likewise for the alternative method (single directory, multiple branches)
- production:
- - salt-formula
- - openssh-formula
- staging:
- - salt-formula
- - postfix-formula
- - openssh-formula
- upstream:
- - salt-formula
- - postfix-formula
- - openssh-formula
-
|