Преглед на файлове

Merge pull request #241 from pcdummy/mongodb

add support for mongodb settings
master
Forrest преди 8 години
родител
ревизия
55864f7cdf
променени са 2 файла, в които са добавени 58 реда и са изтрити 30 реда
  1. +38
    -24
      salt/files/master.d/f_defaults.conf
  2. +20
    -6
      salt/files/minion.d/f_defaults.conf

+ 38
- 24
salt/files/master.d/f_defaults.conf Целия файл

@@ -59,7 +59,7 @@

# Directory to store job and cache data:
# This directory may contain sensitive data and should be protected accordingly.
#
#
{{ get_config('cachedir', '/var/cache/salt/master') }}

# Directory for custom modules. This directory can contain subdirectories for
@@ -133,7 +133,7 @@ module_dirs:
{{ get_config('minion_data_cache', 'True') }}

# Store all returns in the given returner.
# Setting this option requires that any returner-specific configuration also
# Setting this option requires that any returner-specific configuration also
# be set. See various returners in salt/returners for details on required
# configuration values. (See also, event_return_queue below.)
{{ get_config('event_return', 'mysql') }}
@@ -195,12 +195,12 @@ event_return_blacklist:
# the key rotation event as minions reconnect. Consider this carefully if this
# salt master is managing a large number of minions.
#
# If disabled, it is recommended to handle this event by listening for the
# If disabled, it is recommended to handle this event by listening for the
# 'aes_key_rotate' event with the 'key' tag and acting appropriately.
{{ get_config('ping_on_rotate', 'False') }}

# By default, the master deletes its cache of minion data when the key for that
# minion is removed. To preserve the cache after key deletion, set
# minion is removed. To preserve the cache after key deletion, set
# 'preserve_minion_cache' to True.
#
# WARNING: This may have security implications if compromised minions auth with
@@ -379,7 +379,7 @@ client_acl_blacklist:
{% endif %}

# Enforce client_acl & client_acl_blacklist when users have sudo
# access to the salt command.
# access to the salt command.
{{ get_config('sudo_acl', 'False') }}

# The external auth system uses the Salt auth modules to authenticate and
@@ -416,7 +416,7 @@ client_acl_blacklist:
# will cause minion to throw an exception and drop the message.
{{ get_config('sign_pub_message', 'False') }}

# Sign the master auth-replies with a cryptographic signature of the masters public key.
# Sign the master auth-replies with a cryptographic signature of the masters public key.
# Please see the tutorial how to use these settings in the Multimaster-PKI with Failover Tutorial
{{ get_config('master_sign_pubkey', 'False') }}

@@ -424,18 +424,18 @@ client_acl_blacklist:
# master_sign_key_name: <filename_without_suffix>
{{ get_config('master_sign', '{}') }}

# The name of the file in the masters pki-directory that holds the pre-calculated
# The name of the file in the masters pki-directory that holds the pre-calculated
# signature of the masters public-key.
# master_pubkey_signature: <filename>
{{ get_config('master_pubkey_signature', '{}') }}

# Instead of computing the signature for each auth-reply, use a pre-calculated signature.
# Instead of computing the signature for each auth-reply, use a pre-calculated signature.
# The master_pubkey_signature must also be set for this.
{{ get_config('master_use_pubkey_signature', 'False') }}

# Rotate the salt-masters AES-key when a minion-public is deleted with salt-key.
# This is a very important security-setting. Disabling it will enable deleted minions to still
# listen in on the messages published by the salt-master.
# Rotate the salt-masters AES-key when a minion-public is deleted with salt-key.
# This is a very important security-setting. Disabling it will enable deleted minions to still
# listen in on the messages published by the salt-master.
# Do not disable this unless it is absolutely clear what this does.
{{ get_config('rotate_aes_key', 'True') }}

@@ -453,16 +453,16 @@ client_acl_blacklist:
# The base DN under which users can be found in LDAP
{{ get_config('auth.ldap.basedn', '') }}

# The user Salt authenticates to search for a users' Distinguished Name and
# The user Salt authenticates to search for a users' Distinguished Name and
# group membership.
{{ get_config('auth.ldap.binddn', '') }}

# The bind password to go along with the bind dn (binddn).
# The bind password to go along with the bind dn (binddn).
{{ get_config('auth.ldap.bindpw', '') }}

# The filter used to find the DN associated with a user. For most LDAPs use
# the value {% raw %}'uid={{ username }}'{% endraw %}. For Active Directory use the value
# {% raw %}'sAMAccountName={{username}}'{% endraw %}.
# the value {% raw %}'uid={{ username }}'{% endraw %}. For Active Directory use the value
# {% raw %}'sAMAccountName={{username}}'{% endraw %}.
{{ get_config('auth.ldap.filter', '') }}

# The attribute used for user group membership. Defaults to 'memberOf'
@@ -475,7 +475,7 @@ client_acl_blacklist:
# Default value: 'Groups'
{{ get_config('auth.ldap.groupou', 'Groups') }}

# Allows the administrator to strip off a certain set of domain names
# Allows the administrator to strip off a certain set of domain names
# so the hostnames looked up in the directory service can match the minion IDs.
{{ get_config('auth.ldap.minion_stripdomains', []) }}

@@ -646,7 +646,7 @@ master_tops:
# When using multiple environments, each with their own top file, the
# default behaviour is an unordered merge. To prevent top files from
# being merged together and instead to only use the top file from the
# requested environment, set this value to 'same'.
# requested environment, set this value to 'same'.
{{ get_config('top_file_merging_stragety', 'merge') }}

# To specify the order in which environments are merged, set the ordering
@@ -663,7 +663,7 @@ master_tops:
# the master server. The default is md5, but sha1, sha224, sha256, sha384
# and sha512 are also supported.
#
# Prior to changing this value, the master should be stopped and all Salt
# Prior to changing this value, the master should be stopped and all Salt
# caches should be cleared.
{{ get_config('hash_type', 'md5') }}

@@ -770,11 +770,11 @@ fileserver_backend:
# Along with gitfs_password, is used to authenticate to HTTPS remotes.
{{ get_config('gitfs_user', 'git') }}

# Along with gitfs_user, is used to authenticate to HTTPS remotes.
# Along with gitfs_user, is used to authenticate to HTTPS remotes.
# This parameter is not required if the repository does not use authentication.
{{ get_config('gitfs_password', '') }}

# By default, Salt will not authenticate to an HTTP (non-HTTPS) remote.
# By default, Salt will not authenticate to an HTTP (non-HTTPS) remote.
# This parameter enables authentication over HTTP. Enable this at your own risk.
{{ get_config('gitfs_insecure_auth', 'False') }}

@@ -973,9 +973,9 @@ ext_pillar:
# be used instead.
{{ get_config('git_pillar_branch', 'master') }}

# Environment to use for git_pillar remotes. This is normally derived from
# Environment to use for git_pillar remotes. This is normally derived from
# the branch/tag (or from a per-remote env parameter), but if set this will
# override the process of deriving the env from the branch/tag name.
# override the process of deriving the env from the branch/tag name.
{{ get_config('git_pillar_env', '') }}

# Path relative to the root of the repository where the git_pillar top file
@@ -983,12 +983,12 @@ ext_pillar:
{{ get_config('git_pillar_root', 'pillar') }}

# Specifies whether or not to ignore SSL certificate errors when contacting
# the remote repository.
# the remote repository.
{{ get_config('git_pillar_ssl_verify', True) }}

# When set to False, if there is an update/checkout lock for a git_pillar
# remote and the pid written to it is not running on the master, the lock
# file will be automatically cleared and a new lock will be obtained.
# file will be automatically cleared and a new lock will be obtained.
{{ get_config('git_pillar_global_lock', False) }}

# Git External Pillar Authentication Options
@@ -1380,3 +1380,17 @@ consul_config:
{{ name }}: {{ value }}
{%- endfor %}
{%- endif %}

{% if 'mongo' in cfg_master -%}
##### mongodb connection settings #####
##########################################
{%- for name, value in cfg_master['mongo'].items() %}
mongo.{{ name }}: {{ value }}
{%- endfor %}

{% if 'alternative.mongo' in cfg_master -%}
{%- for name, value in cfg_master['alternative.mongo'].items() %}
alternative.mongo.{{ name }}: {{ value }}
{%- endfor %}
{% endif %}
{%- endif %}

+ 20
- 6
salt/files/minion.d/f_defaults.conf Целия файл

@@ -539,11 +539,11 @@ fileserver_backend:
# Along with gitfs_password, is used to authenticate to HTTPS remotes.
{{ get_config('gitfs_user', 'git') }}

# Along with gitfs_user, is used to authenticate to HTTPS remotes.
# Along with gitfs_user, is used to authenticate to HTTPS remotes.
# This parameter is not required if the repository does not use authentication.
{{ get_config('gitfs_password', '') }}

# By default, Salt will not authenticate to an HTTP (non-HTTPS) remote.
# By default, Salt will not authenticate to an HTTP (non-HTTPS) remote.
# This parameter enables authentication over HTTP. Enable this at your own risk.
{{ get_config('gitfs_insecure_auth', 'False') }}

@@ -735,9 +735,9 @@ ext_pillar:
# be used instead.
{{ get_config('git_pillar_branch', 'master') }}

# Environment to use for git_pillar remotes. This is normally derived from
# Environment to use for git_pillar remotes. This is normally derived from
# the branch/tag (or from a per-remote env parameter), but if set this will
# override the process of deriving the env from the branch/tag name.
# override the process of deriving the env from the branch/tag name.
{{ get_config('git_pillar_env', '') }}

# Path relative to the root of the repository where the git_pillar top file
@@ -745,12 +745,12 @@ ext_pillar:
{{ get_config('git_pillar_root', 'pillar') }}

# Specifies whether or not to ignore SSL certificate errors when contacting
# the remote repository.
# the remote repository.
{{ get_config('git_pillar_ssl_verify', True) }}

# When set to False, if there is an update/checkout lock for a git_pillar
# remote and the pid written to it is not running on the master, the lock
# file will be automatically cleared and a new lock will be obtained.
# file will be automatically cleared and a new lock will be obtained.
{{ get_config('git_pillar_global_lock', False) }}

# Git External Pillar Authentication Options
@@ -991,3 +991,17 @@ ext_pillar:
# Default match type for filtering events tags: startswith, endswith, find, regex, fnmatch
#event_match_type: startswith
{{ get_config('event_match_type', 'startswith') }}

{% if 'mongo' in cfg_minion -%}
##### mongodb connection settings #####
##########################################
{%- for name, value in cfg_minion['mongo'].items() %}
mongo.{{ name }}: {{ value }}
{%- endfor %}

{% if 'alternative.mongo' in cfg_minion -%}
{%- for name, value in cfg_minion['alternative.mongo'].items() %}
alternative.mongo.{{ name }}: {{ value }}
{%- endfor %}
{% endif %}
{%- endif %}

Loading…
Отказ
Запис