Saltstack Official Salt Formula

11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
11 роки тому
10 роки тому
7 роки тому
8 роки тому
7 роки тому
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363
  1. salt:
  2. # Set this to true to clean any non-salt-formula managed files out of
  3. # /etc/salt/{master,minion}.d ... You really don't want to do this on 2015.2
  4. # and up as it'll wipe out important files that Salt relies on.
  5. clean_config_d_dir: False
  6. # This state will remove "/etc/salt/minion" when you set this to true.
  7. minion_remove_config: True
  8. # This state will remove "/etc/salt/master" when you set this to true.
  9. master_remove_config: True
  10. # Set this to False to not have the formula install packages (in the case you
  11. # install Salt via git/pip/etc.)
  12. install_packages: True
  13. # Optional: set salt version (if install_packages is set to True)
  14. version: 2017.7.2-1.el7
  15. # to overwrite map.jinja salt packages
  16. lookup:
  17. salt_master: 'salt-master'
  18. salt_minion: 'salt-minion'
  19. salt_syndic: 'salt-syndic'
  20. salt_cloud: 'salt-cloud'
  21. salt_ssh: 'salt-ssh'
  22. pyinotify: 'python-pyinotify' the package to be installed for pyinotify
  23. # Set which release of SaltStack to use, default to 'latest'
  24. # To get the available releases:
  25. # * http://repo.saltstack.com/yum/redhat/7/x86_64/
  26. # * http://repo.saltstack.com/apt/debian/8/amd64/
  27. release: "2016.11"
  28. # MacOS has no package management.
  29. # Instead, we use file.managed to download an appropriate .pkg file and macpackage.installed to install it
  30. # 'version', if set (see above), will be used to check the .pkg version to determine if it should be installed
  31. #
  32. # NOTE: if 'version' is not set version comparison will not occur and the .pkg WILL NOT be installed if a salt
  33. # .pkg is already installed
  34. # NOTE: salt_minion_pkg_hash, if set, will be passed into file.managed's source_hash, use URL or hash string
  35. salt_minion_pkg_source: 'https://repo.saltstack.com/osx/salt-2017.7.4-py3-x86_64.pkg'
  36. salt_minion_pkg_hash: 'https://repo.saltstack.com/osx/salt-2017.7.4-py3-x86_64.pkg.md5'
  37. # salt master config
  38. master:
  39. fileserver_backend:
  40. - git
  41. - s3fs
  42. - roots
  43. gitfs_remotes:
  44. - git://github.com/saltstack-formulas/salt-formula.git:
  45. - base: develop
  46. s3.keyid: GKTADJGHEIQSXMKKRBJ08H
  47. s3.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
  48. s3.buckets:
  49. - bucket1
  50. - bucket2
  51. - bucket3
  52. - bucket4
  53. file_roots:
  54. base:
  55. - /srv/salt
  56. pillar_roots:
  57. base:
  58. - /srv/pillar
  59. # for salt-api with tornado rest interface
  60. rest_tornado:
  61. port: 8000
  62. ssl_crt: /etc/pki/api/certs/server.crt
  63. ssl_key: /etc/pki/api/certs/server.key
  64. debug: False
  65. disable_ssl: False
  66. # for profile configuration as https://docs.saltstack.com/en/latest/topics/tutorials/lxc.html#tutorial-lxc-profiles
  67. lxc.container_profile:
  68. debian:
  69. template: download
  70. options:
  71. dist: debian
  72. release: jessie
  73. arch: amd64
  74. backing: lvm
  75. vgname: kimsufi
  76. size: 10G
  77. lxc.network_profile:
  78. basic:
  79. eth0:
  80. link: lxcbr0
  81. type: veth
  82. flags: up
  83. ## for external auth - LDAP
  84. # filter to use for Active Directory LDAP
  85. auth.ldap.filter: {% raw %}'sAMAccountName={{username}}'{% endraw %}
  86. # filter to use for Most other LDAP servers
  87. auth.ldap.filter: {% raw %}'uid={{ username }}'{% endraw %}
  88. # Define winrepo provider, by default support order is pygit2, gitpython
  89. # Set to gitpython for Debian & Ubuntu to get around saltstack/salt#35993
  90. # where pygit2 is not compiled with pygit2.GIT_FEATURE_HTTPS support
  91. winrepo_provider: gitpython
  92. # optional engine configuration
  93. engines:
  94. - slack:
  95. token: xoxp-XXXXX-XXXXXXX # use Slack's legacy API token
  96. control: True
  97. valid_users:
  98. - someuser
  99. - otheruser
  100. valid_commands:
  101. - test.ping
  102. - list_jobs
  103. aliases:
  104. list_jobs:
  105. type: runner
  106. cmd: jobs.list_jobs
  107. # optional: these reactors will be configured on the master
  108. # They override reactors configured in
  109. # 'salt:reactors' or the old 'salt:reactor' parameters
  110. reactors:
  111. - 'master/deploy':
  112. - /srv/salt/reactors/deploy.sls
  113. # salt minion config:
  114. minion:
  115. # single master setup
  116. master: salt
  117. # multi master setup
  118. #master:
  119. #- salt_master_1
  120. #- salt_master_2
  121. fileserver_backend:
  122. - git
  123. - roots
  124. gitfs_remotes:
  125. - git://github.com/saltstack-formulas/salt-formula.git:
  126. - base: develop
  127. file_roots:
  128. base:
  129. - /srv/salt
  130. pillar_roots:
  131. base:
  132. - /srv/pillar
  133. module_config:
  134. test: True
  135. test.foo: foo
  136. test.bar:
  137. - baz
  138. - quo
  139. test.baz:
  140. spam: sausage
  141. cheese: bread
  142. # salt mine setup
  143. mine_interval: 60
  144. # mine_functions can be set at the top level of the pillar, and
  145. # that is preferable because it doesn't affect the conf file and
  146. # doesn't require a minion restart. However, you can configure it
  147. # here instead if you really want to.
  148. mine_functions:
  149. network.interface_ip: [eth0]
  150. # Define a minion scheduler
  151. schedule:
  152. - highstate:
  153. - function: state.apply
  154. - minutes: 60
  155. - returner: redis
  156. # other 'non-default' config
  157. auth_keytab: /root/auth.keytab
  158. auth_principal: kadmin/admin
  159. # optional engine configuration
  160. engines:
  161. - slack:
  162. token: xoxp-XXXXX-XXXXXXX # use Slack's legacy API token
  163. control: True
  164. valid_users:
  165. - someuser
  166. - otheruser
  167. valid_commands:
  168. - test.ping
  169. - list_jobs
  170. aliases:
  171. list_jobs:
  172. type: runner
  173. cmd: jobs.list_jobs
  174. # optional beacons configuration
  175. beacons:
  176. load:
  177. 1m:
  178. - 0.0
  179. - 2.0
  180. 5m:
  181. - 0.0
  182. - 1.5
  183. 15m:
  184. - 0.1
  185. - 1.0
  186. interval: 10
  187. # Optional reactors: these reactors will be configured on the minion
  188. # They override reactors configured in
  189. # 'salt:reactors' or the old 'salt:reactor' parameters
  190. reactors:
  191. - 'minion/deploy':
  192. - /srv/salt/reactors/deploy.sls
  193. # Optional: Configure an elasticsearch returner
  194. return: elasticsearch
  195. elasticsearch:
  196. hosts:
  197. - example.elasticsearch.host:9200
  198. - example.elasticsearch.host2:9200
  199. index_date: True
  200. index: salt
  201. number_of_shards: 5
  202. number_of_replicas: 2
  203. debug_returner_payload: True
  204. states_count: True
  205. states_order_output: True
  206. states_single_index: True
  207. functions_blacklist:
  208. - test.ping
  209. - saltutil.find_job
  210. # salt cloud config
  211. cloud:
  212. master: salt
  213. # For non-templated custom cloud provider/profile/map files
  214. providers:
  215. provider-filename1.conf:
  216. vmware-prod:
  217. driver: vmware
  218. user: myusernameprod
  219. password: mypassword
  220. vmware-nonprod:
  221. driver: vmware
  222. user: myusernamenonprod
  223. password: mypassword
  224. profiles:
  225. profile-filename1.conf:
  226. server-non-prod:
  227. clonefrom: rhel6xtemplatenp
  228. grains:
  229. platform:
  230. name: salt
  231. realm: lab
  232. subscription_level: standard
  233. memory: 8GB
  234. num_cpus: 4
  235. password: sUpErsecretey
  236. provider: vmware-nonprod
  237. maps:
  238. map-filename1.map:
  239. server-non-prod:
  240. - host.mycompany.com:
  241. grains:
  242. environment: dev1
  243. # You can take profile and map templates from an alternate location
  244. # if you want to write your own.
  245. template_sources:
  246. providers: salt://salt/files/cloud.providers.d
  247. profiles: salt://salt/files/cloud.profiles.d
  248. maps: salt://salt/files/cloud.maps.d
  249. # These settings are used by the default provider templates and
  250. # only need to be set for the ones you're using.
  251. aws_key: AWSKEYIJSHJAIJS6JSH
  252. aws_secret: AWSSECRETYkkDY1iQf9zRtl9+pW+Nm+aZY95
  253. gce_project: test
  254. gce_service_account_email_address: 867543072364-orl4h2tpp8jcn1tr9ipj@developer.gserviceaccount.com
  255. rsos_user: afeawofghob
  256. rsos_tenant: tenant_id_number
  257. rsos_apikey: WFJIOJEOIGHSOFHESO
  258. rsos_regions:
  259. - ORD
  260. - DFW
  261. - IAD
  262. - SYD
  263. - HKG
  264. ssh_roster:
  265. prod1:
  266. host: host.example.com
  267. user: ubuntu
  268. sudo: True
  269. priv: /etc/salt/ssh_keys/sshkey.pem
  270. gitfs:
  271. keys:
  272. global:
  273. # key and pub end up being the extension used on the key file. values other than key and pub are possible
  274. key: |
  275. -----BEGIN RSA PRIVATE KEY-----
  276. ...........
  277. -----END RSA PRIVATE KEY-----
  278. pub: |
  279. ...........
  280. # These reactors will be configured both in the minion and the master
  281. reactors:
  282. - 'deploy':
  283. - /srv/salt/reactors/deploy.sls
  284. salt_cloud_certs:
  285. aws:
  286. pem: |
  287. -----BEGIN RSA PRIVATE KEY-----
  288. ...........
  289. -----END RSA PRIVATE KEY-----
  290. gce:
  291. pem: |
  292. -----BEGIN RSA PRIVATE KEY-----
  293. ...........
  294. -----END RSA PRIVATE KEY-----
  295. salt_formulas:
  296. git_opts:
  297. # The Git options can be customized differently for each
  298. # environment, if an option is missing in a given environment, the
  299. # value from "default" is used instead.
  300. default:
  301. # URL where the formulas git repositories are downloaded from
  302. # it will be suffixed with <formula-name>.git
  303. baseurl: https://github.com/saltstack-formulas
  304. # Directory where Git repositories are downloaded
  305. basedir: /srv/formulas
  306. # Update the git repository to the latest version (False by default)
  307. update: False
  308. # Options passed directly to the git.latest state
  309. options:
  310. rev: master
  311. dev:
  312. basedir: /srv/formulas/dev
  313. update: True
  314. options:
  315. rev: develop
  316. # Options of the file.directory state that creates the directory where
  317. # the git repositories of the formulas are stored
  318. basedir_opts:
  319. makedirs: True
  320. user: root
  321. group: root
  322. mode: 755
  323. # List of formulas to enable in each environment
  324. list:
  325. base:
  326. - salt-formula
  327. - postfix-formula
  328. dev:
  329. - salt-formula
  330. - postfix-formula
  331. - openssh-formula