Browse Source
Merge pull request #19 from tiger-seo/master
sync with https://github.com/saltstack/salt/blob/v0.17.4/conf/master and minionmaster
Seth House
11 years ago
2 changed files with 102 additions and 60 deletions
+ 77
- 47
salt/files/master
View File
| # This file managed by Salt, do not edit by hand!! | # This file managed by Salt, do not edit by hand!! | ||||
| # Based on salt version 0.16.3 default config | |||||
| # Based on salt version 0.17.4 default config | |||||
| {% set salt = pillar.get('salt', {}) -%} | {% set salt = pillar.get('salt', {}) -%} | ||||
| {% set master = salt.get('master', {}) -%} | {% set master = salt.get('master', {}) -%} | ||||
| {%- macro get_config(configname, default_value) -%} | {%- macro get_config(configname, default_value) -%} | ||||
| # The root directory prepended to these options: pki_dir, cachedir, | # The root directory prepended to these options: pki_dir, cachedir, | ||||
| # sock_dir, log_file, autosign_file, extension_modules, key_logfile, pidfile. | # sock_dir, log_file, autosign_file, extension_modules, key_logfile, pidfile. | ||||
| #root_dir: / | |||||
| {{ get_config('root_dir', '/') }} | {{ get_config('root_dir', '/') }} | ||||
| # Directory used to store public key data | # Directory used to store public key data | ||||
| # Set the directory used to hold unix sockets | # Set the directory used to hold unix sockets | ||||
| {{ get_config('sock_dir', '/var/run/salt/master') }} | {{ get_config('sock_dir', '/var/run/salt/master') }} | ||||
| # The master can take a while to start up when lspci and/or dmidecode is used | |||||
| # to populate the grains for the master. Enable if you want to see GPU hardware | |||||
| # data for your master. | |||||
| # | |||||
| {{ get_config('enable_gpu_grains', 'False') }} | |||||
| # The master maintains a job cache, while this is a great addition it can be | # The master maintains a job cache, while this is a great addition it can be | ||||
| # a burden on the master for larger deployments (over 5000 minions). | # a burden on the master for larger deployments (over 5000 minions). | ||||
| # Disabling the job cache will make previously executed jobs unavailable to | # Disabling the job cache will make previously executed jobs unavailable to | ||||
| # | # | ||||
| # | # | ||||
| # Include a config file from some other path: | # Include a config file from some other path: | ||||
| # include: /etc/salt/extra_config | |||||
| #include: /etc/salt/extra_config | |||||
| # | # | ||||
| # Include config from several files and directories: | # Include config from several files and directories: | ||||
| # include: | |||||
| # - /etc/salt/extra_config | |||||
| #include: | |||||
| # - /etc/salt/extra_config | |||||
| {{ get_config('include', '[]') }} | {{ get_config('include', '[]') }} | ||||
| # capabilities to non root users. By default this capability is completely | # capabilities to non root users. By default this capability is completely | ||||
| # disabled. | # disabled. | ||||
| # | # | ||||
| # client_acl: | |||||
| # larry: | |||||
| # - test.ping | |||||
| # - network.* | |||||
| #client_acl: | |||||
| # larry: | |||||
| # - test.ping | |||||
| # - network.* | |||||
| # | # | ||||
| {{ get_config('client_acl', '{}') }} | {{ get_config('client_acl', '{}') }} | ||||
| - {{ mod }} | - {{ mod }} | ||||
| {% endfor -%} | {% endfor -%} | ||||
| {% else -%} | {% else -%} | ||||
| # client_acl_blacklist: | |||||
| # users: | |||||
| # - root | |||||
| # - '^(?!sudo_).*$' # all non sudo users | |||||
| # modules: | |||||
| # - cmd | |||||
| #client_acl_blacklist: | |||||
| # users: | |||||
| # - root | |||||
| # - '^(?!sudo_).*$' # all non sudo users | |||||
| # modules: | |||||
| # - cmd | |||||
| {%- endif %} | {%- endif %} | ||||
| # The external auth system uses the Salt auth modules to authenticate and | # The external auth system uses the Salt auth modules to authenticate and | ||||
| # validate users to access areas of the Salt system. | # validate users to access areas of the Salt system. | ||||
| # | # | ||||
| # external_auth: | |||||
| # pam: | |||||
| # fred: | |||||
| # - test.* | |||||
| #external_auth: | |||||
| # pam: | |||||
| # fred: | |||||
| # - test.* | |||||
| # | # | ||||
| {{ get_config('external_auth', '{}') }} | {{ get_config('external_auth', '{}') }} | ||||
| # will be terse unless a state failed, in which case that output will be full. | # will be terse unless a state failed, in which case that output will be full. | ||||
| {{ get_config('state_output', 'full') }} | {{ get_config('state_output', 'full') }} | ||||
| ##### File Server settings ##### | ##### File Server settings ##### | ||||
| ########################################## | ########################################## | ||||
| # Salt runs a lightweight file server written in zeromq to deliver files to | # Salt runs a lightweight file server written in zeromq to deliver files to | ||||
| - {{ glob }} | - {{ glob }} | ||||
| {% endfor -%} | {% endfor -%} | ||||
| {% else -%} | {% else -%} | ||||
| #file_ignore_glob: | |||||
| # file_ignore_glob: | |||||
| # - '*.pyc' | # - '*.pyc' | ||||
| # - '*/somefolder/*.bak' | # - '*/somefolder/*.bak' | ||||
| # - '*.swp' | |||||
| {%- endif %} | {%- endif %} | ||||
| # File Server Backend | # File Server Backend | ||||
| # configured and will be searched for the requested file in the order in which | # configured and will be searched for the requested file in the order in which | ||||
| # they are defined here. The default setting only enables the standard backend | # they are defined here. The default setting only enables the standard backend | ||||
| # "roots" which uses the "file_roots" option. | # "roots" which uses the "file_roots" option. | ||||
| # | |||||
| #fileserver_backend: | #fileserver_backend: | ||||
| # - roots | # - roots | ||||
| # | |||||
| # To use multiple backends list them in the order they are searched: | # To use multiple backends list them in the order they are searched: | ||||
| # fileserver_backend: | |||||
| # - git | |||||
| # - roots | |||||
| # | |||||
| #fileserver_backend: | |||||
| # - git | |||||
| # - roots | |||||
| {% if 'fileserver_backend' in master -%} | {% if 'fileserver_backend' in master -%} | ||||
| fileserver_backend: | fileserver_backend: | ||||
| {%- for backend in master['fileserver_backend'] %} | {%- for backend in master['fileserver_backend'] %} | ||||
| - {{ backend }} | - {{ backend }} | ||||
| {% endfor -%} | {% endfor -%} | ||||
| {% endif %} | {% endif %} | ||||
| # | |||||
| # By default, the Salt fileserver recurses fully into all defined environments | |||||
| # to attempt to find files. To limit this behavior so that the fileserver only | |||||
| # traverses directories with SLS files and special Salt directories like _modules, | |||||
| # enable the option below. This might be useful for installations where a file root | |||||
| # has a very large number of files and performance is impacted. Default is False. | |||||
| # | |||||
| {{ get_config('fileserver_limit_traversal', 'False') }} | |||||
| # | |||||
| # Git fileserver backend configuration | # Git fileserver backend configuration | ||||
| # When using the git fileserver backend at least one git remote needs to be | # When using the git fileserver backend at least one git remote needs to be | ||||
| # defined. The user running the salt master will need read access to the repo. | # defined. The user running the salt master will need read access to the repo. | ||||
| # gitfs_remotes: | |||||
| # - git://github.com/saltstack/salt-states.git | |||||
| # - file:///var/git/saltmaster | |||||
| # | |||||
| #gitfs_remotes: | |||||
| # - git://github.com/saltstack/salt-states.git | |||||
| # - file:///var/git/saltmaster | |||||
| # | |||||
| # The repos will be searched in order to find the file requested by a client | # The repos will be searched in order to find the file requested by a client | ||||
| # and the first repo to have the file will return it. | # and the first repo to have the file will return it. | ||||
| # When using the git backend branches and tags are translated into salt | # When using the git backend branches and tags are translated into salt | ||||
| {%- for remote in master['gitfs_remotes'] %} | {%- for remote in master['gitfs_remotes'] %} | ||||
| - {{ remote }}{% endfor -%} | - {{ remote }}{% endfor -%} | ||||
| {%- endif %} | {%- endif %} | ||||
| # | |||||
| # The gitfs_root option gives the ability to serve files from a subdirectory | |||||
| # within the repository. The path is defined relative to the root of the | |||||
| # repository and defaults to the repository root. | |||||
| {{ get_config('gitfs_root', 'somefolder/otherfolder') }} | |||||
| ##### Pillar settings ##### | ##### Pillar settings ##### | ||||
| - {{ pillar.items()[0][0] }}: {{ pillar.items()[0][1] }} | - {{ pillar.items()[0][0] }}: {{ pillar.items()[0][1] }} | ||||
| {% endfor -%} | {% endfor -%} | ||||
| {% else %} | {% else %} | ||||
| # ext_pillar: | |||||
| # - hiera: /etc/hiera.yaml | |||||
| # - cmd_yaml: cat /etc/salt/yaml | |||||
| #ext_pillar: | |||||
| # - hiera: /etc/hiera.yaml | |||||
| # - cmd_yaml: cat /etc/salt/yaml | |||||
| {%- endif %} | {%- endif %} | ||||
| # The pillar_opts option adds the master configuration file data to a dict in | # The pillar_opts option adds the master configuration file data to a dict in | ||||
| # of regular expressions to match functions. The following will allow the | # of regular expressions to match functions. The following will allow the | ||||
| # minion authenticated as foo.example.com to execute functions from the test | # minion authenticated as foo.example.com to execute functions from the test | ||||
| # and pkg modules. | # and pkg modules. | ||||
| # peer: | |||||
| # foo.example.com: | |||||
| # - test.* | |||||
| # - pkg.* | |||||
| # | |||||
| #peer: | |||||
| # foo.example.com: | |||||
| # - test.* | |||||
| # - pkg.* | |||||
| # | # | ||||
| # This will allow all minions to execute all commands: | # This will allow all minions to execute all commands: | ||||
| # peer: | |||||
| # .*: | |||||
| # - .* | |||||
| # | |||||
| #peer: | |||||
| # .*: | |||||
| # - .* | |||||
| # | |||||
| # This is not recommended, since it would allow anyone who gets root on any | # This is not recommended, since it would allow anyone who gets root on any | ||||
| # single minion to instantly have root on all of the minions! | # single minion to instantly have root on all of the minions! | ||||
| {% if 'peer' in master -%} | {% if 'peer' in master -%} | ||||
| # All peer runner support is turned off by default and must be enabled before | # All peer runner support is turned off by default and must be enabled before | ||||
| # using. This will enable all peer runners for all minions: | # using. This will enable all peer runners for all minions: | ||||
| # | # | ||||
| # peer_run: | |||||
| # .*: | |||||
| # - .* | |||||
| #peer_run: | |||||
| # .*: | |||||
| # - .* | |||||
| # | # | ||||
| # To enable just the manage.up runner for the minion foo.example.com: | # To enable just the manage.up runner for the minion foo.example.com: | ||||
| # | # | ||||
| # peer_run: | |||||
| # foo.example.com: | |||||
| # - manage.up | |||||
| #peer_run: | |||||
| # foo.example.com: | |||||
| # - manage.up | |||||
| {% if 'peer_run' in master -%} | {% if 'peer_run' in master -%} | ||||
| peer_run: | peer_run: | ||||
| {% for name, roots in master['peer_run'].items() -%} | {% for name, roots in master['peer_run'].items() -%} | ||||
| #log_granular_levels: {} | #log_granular_levels: {} | ||||
| {% endif %} | {% endif %} | ||||
| ##### Node Groups ##### | ##### Node Groups ##### | ||||
| ########################################## | ########################################## | ||||
| # Node groups allow for logical groupings of minion nodes. | # Node groups allow for logical groupings of minion nodes. | ||||
| # A group consists of a group name and a compound target. | # A group consists of a group name and a compound target. | ||||
| # | # | ||||
| # nodegroups: | |||||
| # group1: 'L@foo.domain.com,bar.domain.com,baz.domain.com and bl*.domain.com' | |||||
| # group2: 'G@os:Debian and foo.domain.com' | |||||
| #nodegroups: | |||||
| # group1: 'L@foo.domain.com,bar.domain.com,baz.domain.com and bl*.domain.com' | |||||
| # group2: 'G@os:Debian and foo.domain.com' | |||||
| {% if 'nodegroups' in master %} | {% if 'nodegroups' in master %} | ||||
| nodegroups: | nodegroups: | ||||
| {% for name, lvl in master['nodegroups'] %} | {% for name, lvl in master['nodegroups'] %} | ||||
| - {{ repo }} | - {{ repo }} | ||||
| {% endfor -%} | {% endfor -%} | ||||
| {% else %} | {% else %} | ||||
| # win_gitrepos: | |||||
| # - 'https://github.com/saltstack/salt-winrepo.git' | |||||
| #win_gitrepos: | |||||
| # - 'https://github.com/saltstack/salt-winrepo.git' | |||||
| {% endif %} | {% endif %} |
+ 25
- 13
salt/files/minion
View File
| # This file managed by Salt, do not edit by hand!! | # This file managed by Salt, do not edit by hand!! | ||||
| # Based on salt version 0.16.3 default config | |||||
| # Based on salt version 0.17.4 default config | |||||
| {% set salt = pillar.get('salt', {}) -%} | {% set salt = pillar.get('salt', {}) -%} | ||||
| {% set minion = salt.get('minion', {}) -%} | {% set minion = salt.get('minion', {}) -%} | ||||
| {%- macro get_config(configname, default_value) -%} | {%- macro get_config(configname, default_value) -%} | ||||
| # Set the location of the salt master server, if the master server cannot be | # Set the location of the salt master server, if the master server cannot be | ||||
| # resolved, then the minion will fail to start. | # resolved, then the minion will fail to start. | ||||
| {{ get_config('master', 'salt') }} | {{ get_config('master', 'salt') }} | ||||
| # Set whether the minion should connect to the master via IPv6 | # Set whether the minion should connect to the master via IPv6 | ||||
| {{ get_config('ipv6', 'False') }} | {{ get_config('ipv6', 'False') }} | ||||
| # /etc/ssh/sshd_config: | # /etc/ssh/sshd_config: | ||||
| # file.managed: | # file.managed: | ||||
| # - source: salt://ssh/sshd_config | # - source: salt://ssh/sshd_config | ||||
| # - backup: minion | |||||
| # - backup: minion | |||||
| # | # | ||||
| {{ get_config('backup_mode', 'minion') }} | {{ get_config('backup_mode', 'minion') }} | ||||
| {{ get_config('random_reauth_delay', '60') }} | {{ get_config('random_reauth_delay', '60') }} | ||||
| # If you dont have any problems with syn-floods, dont bother with the | |||||
| # If you don't have any problems with syn-floods, dont bother with the | |||||
| # three recon_* settings described below, just leave the defaults! | # three recon_* settings described below, just leave the defaults! | ||||
| # | # | ||||
| # The ZeroMQ pull-socket that binds to the masters publishing interface tries | # The ZeroMQ pull-socket that binds to the masters publishing interface tries | ||||
| # The goal: have all minions reconnect within a 60 second timeframe on a disconnect | # The goal: have all minions reconnect within a 60 second timeframe on a disconnect | ||||
| # | # | ||||
| # The settings: | # The settings: | ||||
| # recon_default: 1000 | |||||
| # recon_max: 59000 | |||||
| # recon_randomize: True | |||||
| #recon_default: 1000 | |||||
| #recon_max: 59000 | |||||
| #recon_randomize: True | |||||
| # | # | ||||
| # Each minion will have a randomized reconnect value between 'recon_default' | # Each minion will have a randomized reconnect value between 'recon_default' | ||||
| # and 'recon_default + recon_max', which in this example means between 1000ms | # and 'recon_default + recon_max', which in this example means between 1000ms | ||||
| # include: /etc/salt/extra_config | # include: /etc/salt/extra_config | ||||
| # | # | ||||
| # Include config from several files and directories: | # Include config from several files and directories: | ||||
| # include: | |||||
| #include: | |||||
| # - /etc/salt/extra_config | # - /etc/salt/extra_config | ||||
| # - /etc/roles/webserver | # - /etc/roles/webserver | ||||
| {% if 'include' in minion -%} | {% if 'include' in minion -%} | ||||
| # overwritten by the specified module. In this example the pkg module will | # overwritten by the specified module. In this example the pkg module will | ||||
| # be provided by the yumpkg5 module instead of the system default. | # be provided by the yumpkg5 module instead of the system default. | ||||
| # | # | ||||
| # providers: | |||||
| # pkg: yumpkg5 | |||||
| #providers: | |||||
| # pkg: yumpkg5 | |||||
| {{ get_config('providers', '{}') }} | {{ get_config('providers', '{}') }} | ||||
| # | # | ||||
| # Enable Cython modules searching and loading. (Default: False) | # Enable Cython modules searching and loading. (Default: False) | ||||
| # - hyper | # - hyper | ||||
| {{ get_config('sls_list', '[]') }} | {{ get_config('sls_list', '[]') }} | ||||
| # top file to execute if startup_states is 'top' | # top file to execute if startup_states is 'top' | ||||
| {{ get_config('', "''") }} | |||||
| {{ get_config('top_file', "''") }} | |||||
| ##### File Directory Settings ##### | ##### File Directory Settings ##### | ||||
| ########################################## | ########################################## | ||||
| # copied completely onto the minion. This is a literal copy of the settings on | # copied completely onto the minion. This is a literal copy of the settings on | ||||
| # the master but used to reference a local directory on the minion. | # the master but used to reference a local directory on the minion. | ||||
| # Set the file client, the client defaults to looking on the master server for | |||||
| # Set the file client. The client defaults to looking on the master server for | |||||
| # files, but can be directed to look at the local file directory setting | # files, but can be directed to look at the local file directory setting | ||||
| # defined below by setting it to local. | # defined below by setting it to local. | ||||
| {{ get_config('file_client', 'remote') }} | {{ get_config('file_client', 'remote') }} | ||||
| # - /srv/salt | # - /srv/salt | ||||
| {%- endif %} | {%- endif %} | ||||
| # By default, the Salt fileserver recurses fully into all defined environments | |||||
| # to attempt to find files. To limit this behavior so that the fileserver only | |||||
| # traverses directories with SLS files and special Salt directories like _modules, | |||||
| # enable the option below. This might be useful for installations where a file root | |||||
| # has a very large number of files and performance is negatively impacted. | |||||
| # | |||||
| # Default is False. | |||||
| # | |||||
| {{ get_config('fileserver_limit_traversal', 'False') }} | |||||
| # The hash_type is the hash to use when discovering the hash of a file in | # The hash_type is the hash to use when discovering the hash of a file in | ||||
| # the minion directory, the default is md5, but sha1, sha224, sha256, sha384 | |||||
| # the local fileserver. The default is md5, but sha1, sha224, sha256, sha384 | |||||
| # and sha512 are also supported. | # and sha512 are also supported. | ||||
| {{ get_config('hash_type', 'md5') }} | {{ get_config('hash_type', 'md5') }} | ||||
| # The level of messages to send to the log file. | # The level of messages to send to the log file. | ||||
| # One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'. | # One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'. | ||||
| # Default: 'warning' | # Default: 'warning' | ||||
| {{ get_config('log_level_logfile', 'warning') }} | |||||
| {{ get_config('log_level_logfile', '') }} | |||||
| # The date and time format used in log messages. Allowed date/time formating | # The date and time format used in log messages. Allowed date/time formating | ||||
| # can be seen here: http://docs.python.org/library/time.html#time.strftime | # can be seen here: http://docs.python.org/library/time.html#time.strftime | ||||
| {%- endfor %} | {%- endfor %} | ||||
| {%- endif %} | {%- endif %} | ||||
| ###### Update settings ###### | ###### Update settings ###### | ||||
| ########################################### | ########################################### | ||||
| # Using the features in Esky, a salt minion can both run as a frozen app and | # Using the features in Esky, a salt minion can both run as a frozen app and |
Loading…