|
|
|
@@ -1,17 +1,18 @@ |
|
|
|
# This file managed by Salt, do not edit by hand!! |
|
|
|
# Based on salt version 0.17.4 default config |
|
|
|
{% set reserved_keys = ['master', 'minion', 'cloud', 'salt_cloud_certs'] -%} |
|
|
|
{% set salt = pillar.get('salt', {}) -%} |
|
|
|
{% set minion = salt.get('minion', {}) -%} |
|
|
|
{% set cfg_salt = pillar.get('salt', {}) -%} |
|
|
|
{% set cfg_minion = cfg_salt.get('minion', {}) -%} |
|
|
|
{%- macro get_config(configname, default_value) -%} |
|
|
|
{%- if configname in minion -%} |
|
|
|
{{ configname }}: {{ minion[configname] }} |
|
|
|
{%- elif configname in salt and configname not in reserved_keys -%} |
|
|
|
{{ configname }}: {{ salt[configname] }} |
|
|
|
{%- if configname in cfg_minion -%} |
|
|
|
{{ configname }}: {{ cfg_minion[configname] }} |
|
|
|
{%- elif configname in cfg_salt and configname not in reserved_keys -%} |
|
|
|
{{ configname }}: {{ cfg_salt[configname] }} |
|
|
|
{%- else -%} |
|
|
|
#{{ configname }}: {{ default_value }} |
|
|
|
{%- endif -%} |
|
|
|
{%- endmacro -%} |
|
|
|
{%- from 'salt/formulas.jinja' import file_roots, formulas with context -%} |
|
|
|
##### Primary configuration settings ##### |
|
|
|
########################################## |
|
|
|
|
|
|
|
@@ -20,18 +21,18 @@ |
|
|
|
# as the main minion config file). |
|
|
|
{{ get_config('default_include', 'minion.d/*.conf') }} |
|
|
|
|
|
|
|
# Set the location of the salt master server, if the master server cannot be |
|
|
|
# Set the location of the salt master server. If the master server cannot be |
|
|
|
# resolved, then the minion will fail to start. |
|
|
|
{{ get_config('master', 'salt') }} |
|
|
|
|
|
|
|
# If multiple masters are specified in the 'master' setting, the default behavior |
|
|
|
# is to always try to connect to them in the order they are listed. If random_master is |
|
|
|
# set to True, the order will be randomized instead. This can be helpful in distributing |
|
|
|
# the load of many minions executing salt-call requests, for example from a cron job. |
|
|
|
# the load of many minions executing salt-call requests, for example, from a cron job. |
|
|
|
# If only one master is listed, this setting is ignored and a warning will be logged. |
|
|
|
{{ get_config('random_master', 'False') }} |
|
|
|
|
|
|
|
# Set whether the minion should connect to the master via IPv6 |
|
|
|
# Set whether the minion should connect to the master via IPv6: |
|
|
|
{{ get_config('ipv6', 'False') }} |
|
|
|
|
|
|
|
# Set the number of seconds to wait before attempting to resolve |
|
|
|
@@ -39,13 +40,13 @@ |
|
|
|
# Set to zero if the minion should shutdown and not retry. |
|
|
|
{{ get_config('retry_dns', '30') }} |
|
|
|
|
|
|
|
# Set the port used by the master reply and authentication server |
|
|
|
# Set the port used by the master reply and authentication server. |
|
|
|
{{ get_config('master_port', '4506') }} |
|
|
|
|
|
|
|
# The user to run salt |
|
|
|
# The user to run salt. |
|
|
|
{{ get_config('user', 'root') }} |
|
|
|
|
|
|
|
# Specify the location of the daemon process ID file |
|
|
|
# Specify the location of the daemon process ID file. |
|
|
|
{{ get_config('pidfile', '/var/run/salt-minion.pid') }} |
|
|
|
|
|
|
|
# The root directory prepended to these options: pki_dir, cachedir, log_file, |
|
|
|
@@ -60,8 +61,8 @@ |
|
|
|
# Since salt uses detached ids it is possible to run multiple minions on the |
|
|
|
# same machine but with different ids, this can be useful for salt compute |
|
|
|
# clusters. |
|
|
|
{% if 'id' in minion -%} |
|
|
|
id: {{ minion['id'] }} |
|
|
|
{% if 'id' in cfg_minion -%} |
|
|
|
id: {{ cfg_minion['id'] }} |
|
|
|
{% else -%} |
|
|
|
#id: |
|
|
|
{%- endif %} |
|
|
|
@@ -73,7 +74,7 @@ id: {{ minion['id'] }} |
|
|
|
|
|
|
|
# Custom static grains for this minion can be specified here and used in SLS |
|
|
|
# files just like all other grains. This example sets 4 custom grains, with |
|
|
|
# the 'roles' grain having two values that can be matched against: |
|
|
|
# the 'roles' grain having two values that can be matched against. |
|
|
|
#grains: |
|
|
|
# roles: |
|
|
|
# - webserver |
|
|
|
@@ -83,35 +84,38 @@ id: {{ minion['id'] }} |
|
|
|
# cab_u: 14-15 |
|
|
|
{{ get_config('grains', '{}') }} |
|
|
|
|
|
|
|
# Where cache data goes |
|
|
|
# Where cache data goes. |
|
|
|
{{ get_config('cachedir', '/var/cache/salt/minion') }} |
|
|
|
|
|
|
|
# Verify and set permissions on configuration directories at startup |
|
|
|
# Verify and set permissions on configuration directories at startup. |
|
|
|
{{ get_config('verify_env', 'True') }} |
|
|
|
|
|
|
|
# The minion can locally cache the return data from jobs sent to it, this |
|
|
|
# can be a good way to keep track of jobs the minion has executed |
|
|
|
# (on the minion side). By default this feature is disabled, to enable |
|
|
|
# set cache_jobs to True |
|
|
|
# (on the minion side). By default this feature is disabled, to enable, set |
|
|
|
# cache_jobs to True. |
|
|
|
{{ get_config('cache_jobs', 'False') }} |
|
|
|
|
|
|
|
# set the directory used to hold unix sockets |
|
|
|
# Set the directory used to hold unix sockets. |
|
|
|
{{ get_config('sock_dir', '/var/run/salt/minion') }} |
|
|
|
|
|
|
|
# Set the default outputter used by the salt-call command. The default is |
|
|
|
# "nested" |
|
|
|
# "nested". |
|
|
|
{{ get_config('output', 'nested') }} |
|
|
|
# |
|
|
|
# By default output is colored, to disable colored output set the color value |
|
|
|
# to False |
|
|
|
# By default output is colored. To disable colored output, set the color value |
|
|
|
# to False. |
|
|
|
{{ get_config('color', 'True') }} |
|
|
|
|
|
|
|
# Do not strip off the colored output from nested results and state outputs |
|
|
|
# (true by default). |
|
|
|
{{ get_config('strip_colors', 'False') }} |
|
|
|
|
|
|
|
# Backup files that are replaced by file.managed and file.recurse under |
|
|
|
# 'cachedir'/file_backups relative to their original location and appended |
|
|
|
# with a timestamp. The only valid setting is "minion". Disabled by default. |
|
|
|
# |
|
|
|
# Alternatively this can be specified for each file in state files: |
|
|
|
# |
|
|
|
# /etc/ssh/sshd_config: |
|
|
|
# file.managed: |
|
|
|
# - source: salt://ssh/sshd_config |
|
|
|
@@ -129,23 +133,46 @@ id: {{ minion['id'] }} |
|
|
|
# set to zero, the time between reconnection attempts will stay constant. |
|
|
|
{{ get_config('acceptance_wait_time_max', '0') }} |
|
|
|
|
|
|
|
# If the master rejects the minion's public key, retry instead of exiting. |
|
|
|
# Rejected keys will be handled the same as waiting on acceptance. |
|
|
|
{{ get_config('rejected_retry', 'False') }} |
|
|
|
|
|
|
|
# When the master key changes, the minion will try to re-auth itself to receive |
|
|
|
# the new master key. In larger environments this can cause a SYN flood on the |
|
|
|
# master because all minions try to re-auth immediately. To prevent this and |
|
|
|
# have a minion wait for a random amount of time, use this optional parameter. |
|
|
|
# The wait-time will be a random number of seconds between |
|
|
|
# 0 and the defined value. |
|
|
|
# The wait-time will be a random number of seconds between 0 and the defined value. |
|
|
|
{{ get_config('random_reauth_delay', '60') }} |
|
|
|
|
|
|
|
# When waiting for a master to accept the minion's public key, salt will |
|
|
|
# continuously attempt to reconnect until successful. This is the timeout value, |
|
|
|
# in seconds, for each individual attempt. After this timeout expires, the minion |
|
|
|
# will wait for acceptance_wait_time seconds before trying again. |
|
|
|
# Unless your master is under unusually heavy load, this should be left at the default. |
|
|
|
{{ get_config('auth_timeout', '3') }} |
|
|
|
# will wait for acceptance_wait_time seconds before trying again. Unless your master |
|
|
|
# is under unusually heavy load, this should be left at the default. |
|
|
|
{{ get_config('auth_timeout', '60') }} |
|
|
|
|
|
|
|
# Number of consecutive SaltReqTimeoutError that are acceptable when trying to |
|
|
|
# authenticate. |
|
|
|
{{ get_config('auth_tries', '7') }} |
|
|
|
|
|
|
|
# If authentication fails due to SaltReqTimeoutError during a ping_interval, |
|
|
|
# cause sub minion process to restart. |
|
|
|
{{ get_config('auth_safemode', 'False') }} |
|
|
|
|
|
|
|
# Ping Master to ensure connection is alive (minutes). |
|
|
|
{{ get_config('ping_interval', '0') }} |
|
|
|
|
|
|
|
# If you don't have any problems with syn-floods, dont bother with the |
|
|
|
# To auto recover minions if master changes IP address (DDNS) |
|
|
|
# auth_tries: 10 |
|
|
|
# auth_safemode: False |
|
|
|
# ping_interval: 90 |
|
|
|
# restart_on_error: True |
|
|
|
# |
|
|
|
# Minions won't know master is missing until a ping fails. After the ping fail, |
|
|
|
# the minion will attempt authentication and likely fails out and cause a restart. |
|
|
|
# When the minion restarts it will resolve the masters IP and attempt to reconnect. |
|
|
|
|
|
|
|
# If you don't have any problems with syn-floods, don't bother with the |
|
|
|
# three recon_* settings described below, just leave the defaults! |
|
|
|
# |
|
|
|
# The ZeroMQ pull-socket that binds to the masters publishing interface tries |
|
|
|
@@ -154,9 +181,8 @@ id: {{ minion['id'] }} |
|
|
|
# minions reconnect immediately which might flood the master (the ZeroMQ-default |
|
|
|
# is usually a 100ms delay). To prevent this, these three recon_* settings |
|
|
|
# can be used. |
|
|
|
# |
|
|
|
# recon_default: the interval in milliseconds that the socket should wait before |
|
|
|
# trying to reconnect to the master (100ms = 1 second) |
|
|
|
# trying to reconnect to the master (1000ms = 1 second) |
|
|
|
# |
|
|
|
# recon_max: the maximum time a socket should wait. each interval the time to wait |
|
|
|
# is calculated by doubling the previous time. if recon_max is reached, |
|
|
|
@@ -175,23 +201,20 @@ id: {{ minion['id'] }} |
|
|
|
# and recon_max value kind of defeats the purpose of being able to |
|
|
|
# change these settings. If all minions have the same values and your |
|
|
|
# setup is quite large (several thousand minions), they will still |
|
|
|
# flood the master. The desired behaviour is to have timeframe within |
|
|
|
# flood the master. The desired behavior is to have timeframe within |
|
|
|
# all minions try to reconnect. |
|
|
|
|
|
|
|
# Example on how to use these settings: |
|
|
|
# The goal: have all minions reconnect within a 60 second timeframe on a disconnect |
|
|
|
# |
|
|
|
# The settings: |
|
|
|
#recon_default: 1000 |
|
|
|
#recon_max: 59000 |
|
|
|
#recon_randomize: True |
|
|
|
# Example on how to use these settings. The goal: have all minions reconnect within a |
|
|
|
# 60 second timeframe on a disconnect. |
|
|
|
# recon_default: 1000 |
|
|
|
# recon_max: 59000 |
|
|
|
# recon_randomize: True |
|
|
|
# |
|
|
|
# Each minion will have a randomized reconnect value between 'recon_default' |
|
|
|
# and 'recon_default + recon_max', which in this example means between 1000ms |
|
|
|
# 60000ms (or between 1 and 60 seconds). The generated random-value will be |
|
|
|
# doubled after each attempt to reconnect. Lets say the generated random |
|
|
|
# value is 11 seconds (or 11000ms). |
|
|
|
# |
|
|
|
# reconnect 1: wait 11 seconds |
|
|
|
# reconnect 2: wait 22 seconds |
|
|
|
# reconnect 3: wait 33 seconds |
|
|
|
@@ -236,20 +259,25 @@ id: {{ minion['id'] }} |
|
|
|
# is not enabled. |
|
|
|
{{ get_config('grains_cache_expiration', '300') }} |
|
|
|
|
|
|
|
|
|
|
|
# When healing, a dns_check is run. This is to make sure that the originally |
|
|
|
# resolved dns has not changed. If this is something that does not happen in |
|
|
|
# your environment, set this value to False. |
|
|
|
{{ get_config('dns_check', 'True') }} |
|
|
|
|
|
|
|
# Windows platforms lack posix IPC and must rely on slower TCP based inter- |
|
|
|
# process communications. Set ipc_mode to 'tcp' on such systems |
|
|
|
{{ get_config('ipc_mode', 'ipc') }} |
|
|
|
# |
|
|
|
|
|
|
|
# Overwrite the default tcp ports used by the minion when in tcp mode |
|
|
|
{{ get_config('tcp_pub_port', '4510') }} |
|
|
|
{{ get_config('tcp_pull_port', '4511') }} |
|
|
|
|
|
|
|
# Passing very large events can cause the minion to consume large amounts of |
|
|
|
# memory. This value tunes the maximum size of a message allowed onto the |
|
|
|
# minion event bus. The value is expressed in bytes. |
|
|
|
{{ get_config('max_event_size', '1048576') }} |
|
|
|
|
|
|
|
# To detect failed master(s) and fire events on connect/disconnect, set |
|
|
|
# master_alive_interval to the number of seconds to poll the masters for |
|
|
|
# connection events. |
|
|
|
# |
|
|
|
{{ get_config('master_alive_interval', '30') }} |
|
|
|
|
|
|
|
# The minion can include configuration from other files. To enable this, |
|
|
|
# pass a list of paths to this option. The paths can be either relative or |
|
|
|
# absolute; if relative, they are considered to be relative to the directory |
|
|
|
@@ -257,7 +285,6 @@ id: {{ minion['id'] }} |
|
|
|
# of shell-style globbing. If no files are matched by a path passed to this |
|
|
|
# option then the minion will log a warning message. |
|
|
|
# |
|
|
|
# |
|
|
|
# Include a config file from some other path: |
|
|
|
# include: /etc/salt/extra_config |
|
|
|
# |
|
|
|
@@ -265,30 +292,31 @@ id: {{ minion['id'] }} |
|
|
|
#include: |
|
|
|
# - /etc/salt/extra_config |
|
|
|
# - /etc/roles/webserver |
|
|
|
{% if 'include' in minion -%} |
|
|
|
{% if isinstance(minion['include'], list) -%} |
|
|
|
{% if 'include' in cfg_minion -%} |
|
|
|
{% if isinstance(cfg_minion['include'], list) -%} |
|
|
|
include: |
|
|
|
{% for include in minion['include'] -%} |
|
|
|
{% for include in cfg_minion['include'] -%} |
|
|
|
- {{ include }} |
|
|
|
{% endfor -%} |
|
|
|
{% else -%} |
|
|
|
include: minion['include'] |
|
|
|
include: cfg_minion['include'] |
|
|
|
{% endif -%} |
|
|
|
{% elif 'include' in salt -%} |
|
|
|
{% if isinstance(salt['include'], list) -%} |
|
|
|
{% elif 'include' in cfg_salt -%} |
|
|
|
{% if isinstance(cfg_salt['include'], list) -%} |
|
|
|
include: |
|
|
|
{% for include in salt['include'] -%} |
|
|
|
{% for include in cfg_salt['include'] -%} |
|
|
|
- {{ include }} |
|
|
|
{% endfor -%} |
|
|
|
{% else -%} |
|
|
|
include: salt['include'] |
|
|
|
include: cfg_salt['include'] |
|
|
|
{% endif -%} |
|
|
|
{% endif -%} |
|
|
|
|
|
|
|
|
|
|
|
##### Minion module management ##### |
|
|
|
########################################## |
|
|
|
# Disable specific modules. This allows the admin to limit the level of |
|
|
|
# access the master has to the minion |
|
|
|
# access the master has to the minion. |
|
|
|
{{ get_config('disable_modules', '[cmd,test]') }} |
|
|
|
{{ get_config('disable_returners', '[]') }} |
|
|
|
# |
|
|
|
@@ -300,12 +328,12 @@ id: {{ minion['id'] }} |
|
|
|
{{ get_config('returner_dirs', '[]') }} |
|
|
|
{{ get_config('states_dirs', '[]') }} |
|
|
|
{{ get_config('render_dirs', '[]') }} |
|
|
|
{{ get_config('utils_dirs', '[]') }} |
|
|
|
# |
|
|
|
# A module provider can be statically overwritten or extended for the minion |
|
|
|
# via the providers option, in this case the default module will be |
|
|
|
# overwritten by the specified module. In this example the pkg module will |
|
|
|
# be provided by the yumpkg5 module instead of the system default. |
|
|
|
# |
|
|
|
#providers: |
|
|
|
# pkg: yumpkg5 |
|
|
|
{{ get_config('providers', '{}') }} |
|
|
|
@@ -313,14 +341,11 @@ id: {{ minion['id'] }} |
|
|
|
# Enable Cython modules searching and loading. (Default: False) |
|
|
|
{{ get_config('cython_enable', 'False') }} |
|
|
|
# |
|
|
|
# |
|
|
|
# |
|
|
|
# Specify a max size (in bytes) for modules on import |
|
|
|
# this feature is currently only supported on *nix OSs and requires psutil |
|
|
|
# Specify a max size (in bytes) for modules on import. This feature is currently |
|
|
|
# only supported on *nix operating systems and requires psutil. |
|
|
|
{{ get_config('modules_max_memory', '-1') }} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
##### State Management Settings ##### |
|
|
|
########################################### |
|
|
|
# The state management system executes all of the state templates on the minion |
|
|
|
@@ -338,21 +363,21 @@ id: {{ minion['id'] }} |
|
|
|
{{ get_config('renderer', 'yaml_jinja') }} |
|
|
|
# |
|
|
|
# The failhard option tells the minions to stop immediately after the first |
|
|
|
# failure detected in the state execution, defaults to False |
|
|
|
# failure detected in the state execution. Defaults to False. |
|
|
|
{{ get_config('failhard', 'False') }} |
|
|
|
# |
|
|
|
# autoload_dynamic_modules Turns on automatic loading of modules found in the |
|
|
|
# environments on the master. This is turned on by default, to turn of |
|
|
|
# autoloading modules when states run set this value to False |
|
|
|
# autoload_dynamic_modules turns on automatic loading of modules found in the |
|
|
|
# environments on the master. This is turned on by default. To turn of |
|
|
|
# autoloading modules when states run, set this value to False. |
|
|
|
{{ get_config('autoload_dynamic_modules', 'True') }} |
|
|
|
# |
|
|
|
# clean_dynamic_modules keeps the dynamic modules on the minion in sync with |
|
|
|
# the dynamic modules on the master, this means that if a dynamic module is |
|
|
|
# not on the master it will be deleted from the minion. By default this is |
|
|
|
# enabled and can be disabled by changing this value to False |
|
|
|
# not on the master it will be deleted from the minion. By default, this is |
|
|
|
# enabled and can be disabled by changing this value to False. |
|
|
|
{{ get_config('clean_dynamic_modules', 'True') }} |
|
|
|
# |
|
|
|
# Normally the minion is not isolated to any single environment on the master |
|
|
|
# Normally, the minion is not isolated to any single environment on the master |
|
|
|
# when running states, but the environment can be isolated on the minion side |
|
|
|
# by statically setting it. Remember that the recommended way to manage |
|
|
|
# environments is to isolate via the top file. |
|
|
|
@@ -368,14 +393,24 @@ id: {{ minion['id'] }} |
|
|
|
# 'top' -- Read top_file option and execute based on that file on the Master |
|
|
|
{{ get_config('startup_states', "''") }} |
|
|
|
# |
|
|
|
# list of states to run when the minion starts up if startup_states is 'sls' |
|
|
|
# List of states to run when the minion starts up if startup_states is 'sls': |
|
|
|
#sls_list: |
|
|
|
# - edit.vim |
|
|
|
# - hyper |
|
|
|
{{ get_config('sls_list', '[]') }} |
|
|
|
# top file to execute if startup_states is 'top' |
|
|
|
# |
|
|
|
# Top file to execute if startup_states is 'top': |
|
|
|
{{ get_config('top_file', "''") }} |
|
|
|
|
|
|
|
# Automatically aggregate all states that have support for mod_aggregate by |
|
|
|
# setting to True. Or pass a list of state module names to automatically |
|
|
|
# aggregate just those types. |
|
|
|
# |
|
|
|
# state_aggregate: |
|
|
|
# - pkg |
|
|
|
# |
|
|
|
#state_aggregate: False |
|
|
|
|
|
|
|
##### File Directory Settings ##### |
|
|
|
########################################## |
|
|
|
# The Salt Minion can redirect all file server operations to a local directory, |
|
|
|
@@ -386,7 +421,11 @@ id: {{ minion['id'] }} |
|
|
|
# Set the file client. The client defaults to looking on the master server for |
|
|
|
# files, but can be directed to look at the local file directory setting |
|
|
|
# defined below by setting it to local. |
|
|
|
{%- if standalone %} |
|
|
|
file_client: local |
|
|
|
{%- else %} |
|
|
|
{{ get_config('file_client', 'remote') }} |
|
|
|
{%- endif %} |
|
|
|
|
|
|
|
# The file directory works on environments passed to the minion, each environment |
|
|
|
# can have multiple root directories, the subdirectories in the multiple file |
|
|
|
@@ -403,23 +442,13 @@ id: {{ minion['id'] }} |
|
|
|
# - /srv/salt/prod/services |
|
|
|
# - /srv/salt/prod/states |
|
|
|
# |
|
|
|
{% if 'file_roots' in minion -%} |
|
|
|
file_roots: |
|
|
|
{%- for name, roots in minion['file_roots']|dictsort %} |
|
|
|
{{ name }}: |
|
|
|
{%- for dir in roots %} |
|
|
|
- {{ dir }} |
|
|
|
{%- endfor -%} |
|
|
|
{%- endfor -%} |
|
|
|
{% elif 'file_roots' in salt -%} |
|
|
|
file_roots: |
|
|
|
{%- for name, roots in salt['file_roots']|dictsort %} |
|
|
|
{{ name }}: |
|
|
|
{%- for dir in roots %} |
|
|
|
- {{ dir }} |
|
|
|
{%- endfor -%} |
|
|
|
{%- endfor -%} |
|
|
|
{% else -%} |
|
|
|
{% if 'file_roots' in cfg_minion -%} |
|
|
|
{{ file_roots(cfg_minion['file_roots']) }} |
|
|
|
{%- elif 'file_roots' in cfg_salt -%} |
|
|
|
{{ file_roots(cfg_salt['file_roots']) }} |
|
|
|
{%- elif formulas|length -%} |
|
|
|
{{ file_roots({'base': ['/srv/salt']}) }} |
|
|
|
{%- else -%} |
|
|
|
#file_roots: |
|
|
|
# base: |
|
|
|
# - /srv/salt |
|
|
|
@@ -429,31 +458,82 @@ file_roots: |
|
|
|
# to attempt to find files. To limit this behavior so that the fileserver only |
|
|
|
# traverses directories with SLS files and special Salt directories like _modules, |
|
|
|
# enable the option below. This might be useful for installations where a file root |
|
|
|
# has a very large number of files and performance is negatively impacted. |
|
|
|
# |
|
|
|
# Default is False. |
|
|
|
# |
|
|
|
# has a very large number of files and performance is negatively impacted. Default |
|
|
|
# is False. |
|
|
|
{{ get_config('fileserver_limit_traversal', 'False') }} |
|
|
|
|
|
|
|
# |
|
|
|
# Git fileserver backend configuration |
|
|
|
# |
|
|
|
# Gitfs can be provided by one of two python modules: GitPython or pygit2. If |
|
|
|
# using pygit2, both libgit2 and git must also be installed. |
|
|
|
{{ get_config('gitfs_provider', 'pygit2') }} |
|
|
|
# |
|
|
|
# When using the git fileserver backend at least one git remote needs to be |
|
|
|
# defined. The user running the salt master will need read access to the repo. |
|
|
|
# |
|
|
|
# The repos will be searched in order to find the file requested by a client |
|
|
|
# and the first repo to have the file will return it. |
|
|
|
# When using the git backend branches and tags are translated into salt |
|
|
|
# environments. |
|
|
|
# Note: file:// repos will be treated as a remote, so refs you want used must |
|
|
|
# exist in that repo as *local* refs. |
|
|
|
{% if 'gitfs_remotes' in cfg_minion -%} |
|
|
|
gitfs_remotes: |
|
|
|
{%- for remote in cfg_minion['gitfs_remotes'] %} |
|
|
|
{%- if remote is iterable and remote is not string %} |
|
|
|
{%- for repo, children in remote.items() %} |
|
|
|
- {{ repo }}: |
|
|
|
{%- for child in children %} |
|
|
|
{%- for key, value in child.items() %} |
|
|
|
- {{ key }}: {{ value }} |
|
|
|
{%- endfor -%} |
|
|
|
{%- endfor -%} |
|
|
|
{%- endfor -%} |
|
|
|
{%- else %} |
|
|
|
- {{ remote }} |
|
|
|
{%- endif -%} |
|
|
|
{%- endfor -%} |
|
|
|
{%- endif %} |
|
|
|
# |
|
|
|
#gitfs_remotes: |
|
|
|
# - git://github.com/saltstack/salt-states.git |
|
|
|
# - file:///var/git/saltmaster |
|
|
|
# |
|
|
|
# The gitfs_ssl_verify option specifies whether to ignore ssl certificate |
|
|
|
# errors when contacting the gitfs backend. You might want to set this to |
|
|
|
# false if you're using a git backend that uses a self-signed certificate but |
|
|
|
# keep in mind that setting this flag to anything other than the default of True |
|
|
|
# is a security concern, you may want to try using the ssh transport. |
|
|
|
{{ get_config('gitfs_ssl_verify', 'True') }} |
|
|
|
|
|
|
|
# The gitfs_root option gives the ability to serve files from a subdirectory |
|
|
|
# within the repository. The path is defined relative to the root of the |
|
|
|
# repository and defaults to the repository root. |
|
|
|
{{ get_config('gitfs_root', 'somefolder/otherfolder') }} |
|
|
|
|
|
|
|
# The hash_type is the hash to use when discovering the hash of a file in |
|
|
|
# the local fileserver. The default is md5, but sha1, sha224, sha256, sha384 |
|
|
|
# and sha512 are also supported. |
|
|
|
# |
|
|
|
# Warning: Prior to changing this value, the minion should be stopped and all |
|
|
|
# Salt caches should be cleared. |
|
|
|
{{ get_config('hash_type', 'md5') }} |
|
|
|
|
|
|
|
# The Salt pillar is searched for locally if file_client is set to local. If |
|
|
|
# this is the case, and pillar data is defined, then the pillar_roots need to |
|
|
|
# also be configured on the minion: |
|
|
|
{% if 'pillar_roots' in minion -%} |
|
|
|
{% if 'pillar_roots' in cfg_minion -%} |
|
|
|
pillar_roots: |
|
|
|
{%- for name, roots in minion['pillar_roots']|dictsort %} |
|
|
|
{%- for name, roots in cfg_minion['pillar_roots']|dictsort %} |
|
|
|
{{ name }}: |
|
|
|
{%- for dir in roots %} |
|
|
|
- {{ dir }} |
|
|
|
{%- endfor -%} |
|
|
|
{%- endfor -%} |
|
|
|
{% elif 'pillar_roots' in salt -%} |
|
|
|
{% elif 'pillar_roots' in cfg_salt -%} |
|
|
|
pillar_roots: |
|
|
|
{%- for name, roots in salt['pillar_roots']|dictsort %} |
|
|
|
{%- for name, roots in cfg_salt['pillar_roots']|dictsort %} |
|
|
|
{{ name }}: |
|
|
|
{%- for dir in roots %} |
|
|
|
- {{ dir }} |
|
|
|
@@ -465,6 +545,7 @@ pillar_roots: |
|
|
|
# - /srv/salt |
|
|
|
{%- endif %} |
|
|
|
|
|
|
|
|
|
|
|
###### Security settings ##### |
|
|
|
########################################### |
|
|
|
# Enable "open mode", this mode still maintains encryption, but turns off |
|
|
|
@@ -484,12 +565,17 @@ pillar_roots: |
|
|
|
# The state_verbose setting can be set to True or False, when set to False |
|
|
|
# all data that has a result of True and no changes will be suppressed. |
|
|
|
{{ get_config('state_verbose', 'True') }} |
|
|
|
# |
|
|
|
|
|
|
|
# The state_output setting changes if the output is the full multi line |
|
|
|
# output for each changed state if set to 'full', but if set to 'terse' |
|
|
|
# the output will be shortened to a single line. |
|
|
|
{{ get_config('state_output', 'full') }} |
|
|
|
# |
|
|
|
|
|
|
|
# The state_output_diff setting changes whether or not the output from |
|
|
|
# successful states is returned. Useful when even the terse output of these |
|
|
|
# states is cluttering the logs. Set it to True to ignore them. |
|
|
|
{{ get_config('state_output_diff', 'False') }} |
|
|
|
|
|
|
|
# Fingerprint of the master public key to double verify the master is valid, |
|
|
|
# the master fingerprint can be found by running "salt-key -F master" on the |
|
|
|
# salt master. |
|
|
|
@@ -501,6 +587,7 @@ pillar_roots: |
|
|
|
# publication a new process is spawned and the command is executed therein. |
|
|
|
{{ get_config('multiprocessing', 'True') }} |
|
|
|
|
|
|
|
|
|
|
|
##### Logging settings ##### |
|
|
|
########################################## |
|
|
|
# The location of the minion log file |
|
|
|
@@ -514,14 +601,15 @@ pillar_roots: |
|
|
|
# |
|
|
|
{{ get_config('log_file', '/var/log/salt/minion') }} |
|
|
|
{{ get_config('key_logfile', ' /var/log/salt/key') }} |
|
|
|
# |
|
|
|
|
|
|
|
# The level of messages to send to the console. |
|
|
|
# One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'. |
|
|
|
# Default: 'warning' |
|
|
|
{{ get_config('log_level', 'warning') }} |
|
|
|
# |
|
|
|
|
|
|
|
# The level of messages to send to the log file. |
|
|
|
# One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'. |
|
|
|
# If using 'log_granular_levels' this must be set to the highest desired level. |
|
|
|
# Default: 'warning' |
|
|
|
{{ get_config('log_level_logfile', '') }} |
|
|
|
|
|
|
|
@@ -529,21 +617,22 @@ pillar_roots: |
|
|
|
# can be seen here: http://docs.python.org/library/time.html#time.strftime |
|
|
|
{{ get_config('log_datefmt', "'%H:%M:%S'") }} |
|
|
|
{{ get_config('log_datefmt_logfile', "'%Y-%m-%d %H:%M:%S'") }} |
|
|
|
# |
|
|
|
|
|
|
|
# The format of the console logging messages. Allowed formatting options can |
|
|
|
# be seen here: http://docs.python.org/library/logging.html#logrecord-attributes |
|
|
|
{{ get_config('log_fmt_console', "'[%(levelname)-8s] %(message)s'") }} |
|
|
|
{{ get_config('log_fmt_logfile', "'%(asctime)s,%(msecs)03.0f [%(name)-17s][%(levelname)-8s] %(message)s'") }} |
|
|
|
# |
|
|
|
|
|
|
|
# This can be used to control logging levels more specificically. This |
|
|
|
# example sets the main salt library at the 'warning' level, but sets |
|
|
|
# 'salt.modules' to log at the 'debug' level: |
|
|
|
# log_granular_levels: |
|
|
|
# 'salt': 'warning', |
|
|
|
# 'salt': 'warning' |
|
|
|
# 'salt.modules': 'debug' |
|
|
|
# |
|
|
|
{{ get_config('log_granular_levels', '{}') }} |
|
|
|
|
|
|
|
|
|
|
|
###### Module configuration ##### |
|
|
|
########################################### |
|
|
|
# Salt allows for modules to be passed arbitrary configuration data, any data |
|
|
|
@@ -563,8 +652,8 @@ pillar_roots: |
|
|
|
# |
|
|
|
# A dict for the test module: |
|
|
|
#test.baz: {spam: sausage, cheese: bread} |
|
|
|
{%- if 'module_config' in minion %} |
|
|
|
{%- for modkey, modval in minion.module_config.items() %} |
|
|
|
{%- if 'module_config' in cfg_minion %} |
|
|
|
{%- for modkey, modval in cfg_minion.module_config.items() %} |
|
|
|
{{ modkey }}: {{ modval }} |
|
|
|
{%- endfor %} |
|
|
|
{%- endif %} |
|
|
|
@@ -591,20 +680,20 @@ pillar_roots: |
|
|
|
# the risk that it could tear down the connection the master and minion |
|
|
|
# without informing either party that their connection has been taken away. |
|
|
|
# Enabling TCP Keepalives prevents this from happening. |
|
|
|
# |
|
|
|
|
|
|
|
# Overall state of TCP Keepalives, enable (1 or True), disable (0 or False) |
|
|
|
# or leave to the OS defaults (-1), on Linux, typically disabled. Default True, enabled. |
|
|
|
{{ get_config('tcp_keepalive', 'True') }} |
|
|
|
# |
|
|
|
|
|
|
|
# How long before the first keepalive should be sent in seconds. Default 300 |
|
|
|
# to send the first keepalive after 5 minutes, OS default (-1) is typically 7200 seconds |
|
|
|
# on Linux see /proc/sys/net/ipv4/tcp_keepalive_time. |
|
|
|
{{ get_config('tcp_keepalive_idle', '300') }} |
|
|
|
# |
|
|
|
|
|
|
|
# How many lost probes are needed to consider the connection lost. Default -1 |
|
|
|
# to use OS defaults, typically 9 on Linux, see /proc/sys/net/ipv4/tcp_keepalive_probes. |
|
|
|
{{ get_config('tcp_keepalive_cnt', '-1') }} |
|
|
|
# |
|
|
|
|
|
|
|
# How often, in seconds, to send keepalives after the first one. Default -1 to |
|
|
|
# use OS defaults, typically 75 seconds on Linux, see |
|
|
|
# /proc/sys/net/ipv4/tcp_keepalive_intvl. |
|
|
|
@@ -613,5 +702,10 @@ pillar_roots: |
|
|
|
|
|
|
|
###### Windows Software settings ###### |
|
|
|
############################################ |
|
|
|
# Location of the repository cache file on the master |
|
|
|
# Location of the repository cache file on the master: |
|
|
|
{{ get_config('win_repo_cachefile', 'salt://win/repo/winrepo.p') }} |
|
|
|
|
|
|
|
###### Returner settings ###### |
|
|
|
############################################ |
|
|
|
# Which returner(s) will be used for minion's result: |
|
|
|
#return: mysql |
Tim O'Guin
10 years ago