Saltstack Official Salt Formula

pillar.example 9.0KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334
  1. salt:
  2. # Set this to true to clean any non-salt-formula managed files out of
  3. # /etc/salt/{master,minion}.d ... You really don't want to do this on 2015.2
  4. # and up as it'll wipe out important files that Salt relies on.
  5. clean_config_d_dir: False
  6. # This state will remove "/etc/salt/minion" when you set this to true.
  7. minion_remove_config: True
  8. # This state will remove "/etc/salt/master" when you set this to true.
  9. master_remove_config: True
  10. # Set this to False to not have the formula install packages (in the case you
  11. # install Salt via git/pip/etc.)
  12. install_packages: True
  13. # Optional: set salt version (if install_packages is set to True)
  14. version: 2017.7.2-1.el7
  15. # to overwrite map.jinja salt packages
  16. lookup:
  17. salt_master: 'salt-master'
  18. salt_minion: 'salt-minion'
  19. salt_syndic: 'salt-syndic'
  20. salt_cloud: 'salt-cloud'
  21. salt_ssh: 'salt-ssh'
  22. pyinotify: 'python-pyinotify' the package to be installed for pyinotify
  23. # Set which release of SaltStack to use, default to 'latest'
  24. # To get the available releases:
  25. # * http://repo.saltstack.com/yum/redhat/7/x86_64/
  26. # * http://repo.saltstack.com/apt/debian/8/amd64/
  27. release: "2016.11"
  28. # salt master config
  29. master:
  30. fileserver_backend:
  31. - git
  32. - s3fs
  33. - roots
  34. gitfs_remotes:
  35. - git://github.com/saltstack-formulas/salt-formula.git:
  36. - base: develop
  37. s3.keyid: GKTADJGHEIQSXMKKRBJ08H
  38. s3.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
  39. s3.buckets:
  40. - bucket1
  41. - bucket2
  42. - bucket3
  43. - bucket4
  44. file_roots:
  45. base:
  46. - /srv/salt
  47. pillar_roots:
  48. base:
  49. - /srv/pillar
  50. # for salt-api with tornado rest interface
  51. rest_tornado:
  52. port: 8000
  53. ssl_crt: /etc/pki/api/certs/server.crt
  54. ssl_key: /etc/pki/api/certs/server.key
  55. debug: False
  56. disable_ssl: False
  57. # for profile configuration as https://docs.saltstack.com/en/latest/topics/tutorials/lxc.html#tutorial-lxc-profiles
  58. lxc.container_profile:
  59. debian:
  60. template: download
  61. options:
  62. dist: debian
  63. release: jessie
  64. arch: amd64
  65. backing: lvm
  66. vgname: kimsufi
  67. size: 10G
  68. lxc.network_profile:
  69. basic:
  70. eth0:
  71. link: lxcbr0
  72. type: veth
  73. flags: up
  74. ## for external auth - LDAP
  75. # filter to use for Active Directory LDAP
  76. auth.ldap.filter: {% raw %}'sAMAccountName={{username}}'{% endraw %}
  77. # filter to use for Most other LDAP servers
  78. auth.ldap.filter: {% raw %}'uid={{ username }}'{% endraw %}
  79. # Define winrepo provider, by default support order is pygit2, gitpython
  80. # Set to gitpython for Debian & Ubuntu to get around saltstack/salt#35993
  81. # where pygit2 is not compiled with pygit2.GIT_FEATURE_HTTPS support
  82. winrepo_provider: gitpython
  83. # optional engine configuration
  84. engines:
  85. - slack:
  86. token: xoxp-XXXXX-XXXXXXX # use Slack's legacy API token
  87. control: True
  88. valid_users:
  89. - someuser
  90. - otheruser
  91. valid_commands:
  92. - test.ping
  93. - list_jobs
  94. aliases:
  95. list_jobs:
  96. type: runner
  97. cmd: jobs.list_jobs
  98. # optional: these reactors will be configured on the master
  99. # They override reactors configured in
  100. # 'salt:reactors' or the old 'salt:reactor' parameters
  101. reactors:
  102. - 'master/deploy':
  103. - /srv/salt/reactors/deploy.sls
  104. # salt minion config:
  105. minion:
  106. # single master setup
  107. master: salt
  108. # multi master setup
  109. #master:
  110. #- salt_master_1
  111. #- salt_master_2
  112. fileserver_backend:
  113. - git
  114. - roots
  115. gitfs_remotes:
  116. - git://github.com/saltstack-formulas/salt-formula.git:
  117. - base: develop
  118. file_roots:
  119. base:
  120. - /srv/salt
  121. pillar_roots:
  122. base:
  123. - /srv/pillar
  124. module_config:
  125. test: True
  126. test.foo: foo
  127. test.bar:
  128. - baz
  129. - quo
  130. test.baz:
  131. spam: sausage
  132. cheese: bread
  133. # salt mine setup
  134. mine_interval: 60
  135. # mine_functions can be set at the top level of the pillar, and
  136. # that is preferable because it doesn't affect the conf file and
  137. # doesn't require a minion restart. However, you can configure it
  138. # here instead if you really want to.
  139. mine_functions:
  140. network.interface_ip: [eth0]
  141. # Define a minion scheduler
  142. schedule:
  143. - highstate:
  144. - function: state.apply
  145. - minutes: 60
  146. - returner: redis
  147. # other 'non-default' config
  148. auth_keytab: /root/auth.keytab
  149. auth_principal: kadmin/admin
  150. # optional engine configuration
  151. engines:
  152. - slack:
  153. token: xoxp-XXXXX-XXXXXXX # use Slack's legacy API token
  154. control: True
  155. valid_users:
  156. - someuser
  157. - otheruser
  158. valid_commands:
  159. - test.ping
  160. - list_jobs
  161. aliases:
  162. list_jobs:
  163. type: runner
  164. cmd: jobs.list_jobs
  165. # optional beacons configuration
  166. beacons:
  167. load:
  168. 1m:
  169. - 0.0
  170. - 2.0
  171. 5m:
  172. - 0.0
  173. - 1.5
  174. 15m:
  175. - 0.1
  176. - 1.0
  177. interval: 10
  178. # Optional reactors: these reactors will be configured on the minion
  179. # They override reactors configured in
  180. # 'salt:reactors' or the old 'salt:reactor' parameters
  181. reactors:
  182. - 'minion/deploy':
  183. - /srv/salt/reactors/deploy.sls
  184. # salt cloud config
  185. cloud:
  186. master: salt
  187. # For non-templated custom cloud provider/profile/map files
  188. providers:
  189. provider-filename1.conf:
  190. vmware-prod:
  191. driver: vmware
  192. user: myusernameprod
  193. password: mypassword
  194. vmware-nonprod:
  195. driver: vmware
  196. user: myusernamenonprod
  197. password: mypassword
  198. profiles:
  199. profile-filename1.conf:
  200. server-non-prod:
  201. clonefrom: rhel6xtemplatenp
  202. grains:
  203. platform:
  204. name: salt
  205. realm: lab
  206. subscription_level: standard
  207. memory: 8GB
  208. num_cpus: 4
  209. password: sUpErsecretey
  210. provider: vmware-nonprod
  211. maps:
  212. map-filename1.map:
  213. server-non-prod:
  214. - host.mycompany.com:
  215. grains:
  216. environment: dev1
  217. # You can take profile and map templates from an alternate location
  218. # if you want to write your own.
  219. template_sources:
  220. providers: salt://salt/files/cloud.providers.d
  221. profiles: salt://salt/files/cloud.profiles.d
  222. maps: salt://salt/files/cloud.maps.d
  223. # These settings are used by the default provider templates and
  224. # only need to be set for the ones you're using.
  225. aws_key: AWSKEYIJSHJAIJS6JSH
  226. aws_secret: AWSSECRETYkkDY1iQf9zRtl9+pW+Nm+aZY95
  227. gce_project: test
  228. gce_service_account_email_address: 867543072364-orl4h2tpp8jcn1tr9ipj@developer.gserviceaccount.com
  229. rsos_user: afeawofghob
  230. rsos_tenant: tenant_id_number
  231. rsos_apikey: WFJIOJEOIGHSOFHESO
  232. rsos_regions:
  233. - ORD
  234. - DFW
  235. - IAD
  236. - SYD
  237. - HKG
  238. ssh_roster:
  239. prod1:
  240. host: host.example.com
  241. user: ubuntu
  242. sudo: True
  243. priv: /etc/salt/ssh_keys/sshkey.pem
  244. gitfs:
  245. keys:
  246. global:
  247. # key and pub end up being the extension used on the key file. values other than key and pub are possible
  248. key: |
  249. -----BEGIN RSA PRIVATE KEY-----
  250. ...........
  251. -----END RSA PRIVATE KEY-----
  252. pub: |
  253. ...........
  254. # These reactors will be configured both in the minion and the master
  255. reactors:
  256. - 'deploy':
  257. - /srv/salt/reactors/deploy.sls
  258. salt_cloud_certs:
  259. aws:
  260. pem: |
  261. -----BEGIN RSA PRIVATE KEY-----
  262. ...........
  263. -----END RSA PRIVATE KEY-----
  264. gce:
  265. pem: |
  266. -----BEGIN RSA PRIVATE KEY-----
  267. ...........
  268. -----END RSA PRIVATE KEY-----
  269. salt_formulas:
  270. git_opts:
  271. # The Git options can be customized differently for each
  272. # environment, if an option is missing in a given environment, the
  273. # value from "default" is used instead.
  274. default:
  275. # URL where the formulas git repositories are downloaded from
  276. # it will be suffixed with <formula-name>.git
  277. baseurl: https://github.com/saltstack-formulas
  278. # Directory where Git repositories are downloaded
  279. basedir: /srv/formulas
  280. # Update the git repository to the latest version (False by default)
  281. update: False
  282. # Options passed directly to the git.latest state
  283. options:
  284. rev: master
  285. dev:
  286. basedir: /srv/formulas/dev
  287. update: True
  288. options:
  289. rev: develop
  290. # Options of the file.directory state that creates the directory where
  291. # the git repositories of the formulas are stored
  292. basedir_opts:
  293. makedirs: True
  294. user: root
  295. group: root
  296. mode: 755
  297. # List of formulas to enable in each environment
  298. list:
  299. base:
  300. - salt-formula
  301. - postfix-formula
  302. dev:
  303. - salt-formula
  304. - postfix-formula
  305. - openssh-formula