diff --git a/salt/files/master.d/_defaults.conf b/salt/files/master.d/_defaults.conf index 1c9c489..f0bbcb3 100644 --- a/salt/files/master.d/_defaults.conf +++ b/salt/files/master.d/_defaults.conf @@ -1,17 +1,17 @@ # This file managed by Salt, do not edit by hand!! # Based on salt version 0.17.4 default config -{% set reserved_keys = ['master', 'minion', 'cloud', 'salt_cloud_certs'] -%} -{% set salt = pillar.get('salt', {}) -%} -{% set master = salt.get('master', {}) -%} -{%- macro get_config(configname, default_value) -%} -{%- if configname in master -%} +{% set reserved_keys = ['master', 'minion', 'cloud', 'salt_cloud_certs'] %} +{% set salt = pillar.get('salt', {}) %} +{% set master = salt.get('master', {}) %} +{% macro get_config(configname, default_value) %} +{% if configname in master %} {{ configname }}: {{ master[configname] }} -{%- elif configname in salt and configname not in reserved_keys -%} +{% elif configname in salt and configname not in reserved_keys %} {{ configname }}: {{ salt[configname] }} -{%- else -%} +{% else %} #{{ configname }}: {{ default_value }} -{%- endif -%} -{%- endmacro -%} +{% endif %} +{% endmacro %} ##### Primary configuration settings ##### ########################################## # This configuration file is used to manage the behavior of the Salt Master @@ -187,34 +187,34 @@ # module. # This is completely disabled by default. # -{% if 'client_acl_blacklist' in master -%} +{% if 'client_acl_blacklist' in master %} client_acl_blacklist: users: - {% for user in master['client_acl_blacklist'].get('users', []) -%} + {% for user in master['client_acl_blacklist'].get('users', []) %} - {{ user }} - {% endfor -%} + {% endfor %} modules: - {% for mod in master['client_acl_blacklist'].get('modules', []) -%} + {% for mod in master['client_acl_blacklist'].get('modules', []) %} - {{ mod }} - {% endfor -%} -{% elif 'client_acl_blacklist' in salt -%} + {% endfor %} +{% elif 'client_acl_blacklist' in salt %} client_acl_blacklist: users: - {% for user in salt['client_acl_blacklist'].get('users', []) -%} + {% for user in salt['client_acl_blacklist'].get('users', []) %} - {{ user }} - {% endfor -%} + {% endfor %} modules: - {% for mod in salt['client_acl_blacklist'].get('modules', []) -%} + {% for mod in salt['client_acl_blacklist'].get('modules', []) %} - {{ mod }} - {% endfor -%} -{% else -%} + {% endfor %} +{% else %} #client_acl_blacklist: # users: # - root # - '^(?!sudo_).*$' # all non sudo users # modules: # - cmd -{%- endif %} +{% endif %} # The external auth system uses the Salt auth modules to authenticate and # validate users to access areas of the Salt system. @@ -344,27 +344,27 @@ client_acl_blacklist: # prod: # - /srv/salt/prod/services # - /srv/salt/prod/states -{% if 'file_roots' in master -%} +{% if 'file_roots' in master %} file_roots: -{%- for name, roots in master['file_roots']|dictsort %} +{% for name, roots in master['file_roots']|dictsort %} {{ name }}: -{%- for dir in roots %} +{% for dir in roots %} - {{ dir }} -{%- endfor -%} -{%- endfor -%} -{% elif 'file_roots' in salt -%} +{% endfor %} +{% endfor %} +{% elif 'file_roots' in salt %} file_roots: -{%- for name, roots in salt['file_roots']|dictsort %} +{% for name, roots in salt['file_roots']|dictsort %} {{ name }}: -{%- for dir in roots %} +{% for dir in roots %} - {{ dir }} -{%- endfor -%} -{%- endfor -%} -{% else -%} +{% endfor %} +{% endfor %} +{% else %} #file_roots: # base: # - /srv/salt -{%- endif %} +{% endif %} # The hash_type is the hash to use when discovering the hash of a file on # the master server. The default is md5, but sha1, sha224, sha256, sha384 @@ -380,42 +380,42 @@ file_roots: # For example, if you manage your custom modules and states in subversion # and don't want all the '.svn' folders and content synced to your minions, # you could set this to '/\.svn($|/)'. By default nothing is ignored. -{% if 'file_ignore_regex' in master -%} +{% if 'file_ignore_regex' in master %} file_ignore_regex: - {% for regex in master['file_ignore_regex'] -%} + {% for regex in master['file_ignore_regex'] %} - {{ regex }} - {% endfor -%} -{% elif 'file_ignore_regex' in salt -%} + {% endfor %} +{% elif 'file_ignore_regex' in salt %} file_ignore_regex: - {% for regex in salt['file_ignore_regex'] -%} + {% for regex in salt['file_ignore_regex'] %} - {{ regex }} - {% endfor -%} -{% else -%} + {% endfor %} +{% else %} #file_ignore_regex: # - '/\.svn($|/)' # - '/\.git($|/)' -{%- endif %} +{% endif %} # A file glob (or list of file globs) that will be matched against the file # path before syncing the modules and states to the minions. This is similar # to file_ignore_regex above, but works on globs instead of regex. By default # nothing is ignored. -{% if 'file_ignore_glob' in master -%} +{% if 'file_ignore_glob' in master %} file_ignore_glob: - {% for glob in master['file_ignore_glob'] -%} + {% for glob in master['file_ignore_glob'] %} - {{ glob }} - {% endfor -%} -{% elif 'file_ignore_glob' in salt -%} + {% endfor %} +{% elif 'file_ignore_glob' in salt %} file_ignore_glob: - {% for glob in salt['file_ignore_glob'] -%} + {% for glob in salt['file_ignore_glob'] %} - {{ glob }} - {% endfor -%} -{% else -%} + {% endfor %} +{% else %} # file_ignore_glob: # - '*.pyc' # - '*/somefolder/*.bak' # - '*.swp' -{%- endif %} +{% endif %} # File Server Backend # Salt supports a modular fileserver backend system, this system allows @@ -433,11 +433,11 @@ file_ignore_glob: #fileserver_backend: # - git # - roots -{% if 'fileserver_backend' in master -%} +{% if 'fileserver_backend' in master %} fileserver_backend: -{%- for backend in master['fileserver_backend'] %} +{% for backend in master['fileserver_backend'] %} - {{ backend }} -{% endfor -%} +{% endfor %} {% endif %} # # Uncomment the line below if you do not want the file_server to follow @@ -483,23 +483,23 @@ fileserver_backend: # environments. # Note: file:// repos will be treated as a remote, so refs you want used must # exist in that repo as *local* refs. -{% if 'gitfs_remotes' in master -%} +{% if 'gitfs_remotes' in master %} gitfs_remotes: -{%- for remote in master['gitfs_remotes'] %} +{% for remote in master['gitfs_remotes'] %} {% if remote is iterable and remote is not string %} - {%- for repo, children in remote.iteritems() -%} + {% for repo, children in remote.iteritems() %} - {{ repo }}: - {%- for child in children %} - {% for key, value in child.iteritems() -%} + {% for child in children %} + {% for key, value in child.iteritems() %} - {{ key }}: {{ value }} - {%- endfor %} - {%- endfor %} - {%- endfor %} - {%- else -%} + {% endfor %} + {% endfor %} + {% endfor %} + {% else %} - {{ remote }} -{%- endif %} -{%- endfor %} -{%- endif %} +{% endif %} +{% endfor %} +{% endif %} # #gitfs_remotes: # - git://github.com/saltstack/salt-states.git @@ -526,43 +526,43 @@ gitfs_remotes: # Pillar is laid out in the same fashion as the file server, with environments, # a top file and sls files. However, pillar data does not need to be in the # highstate format, and is generally just key/value pairs. -{% if 'pillar_roots' in master -%} +{% if 'pillar_roots' in master %} pillar_roots: -{%- for name, roots in master['pillar_roots']|dictsort %} +{% for name, roots in master['pillar_roots']|dictsort %} {{ name }}: -{%- for dir in roots %} +{% for dir in roots %} - {{ dir }} -{%- endfor -%} -{%- endfor -%} -{% elif 'pillar_roots' in salt -%} +{% endfor %} +{% endfor %} +{% elif 'pillar_roots' in salt %} pillar_roots: -{%- for name, roots in salt['pillar_roots']|dictsort %} +{% for name, roots in salt['pillar_roots']|dictsort %} {{ name }}: -{%- for dir in roots %} +{% for dir in roots %} - {{ dir }} -{%- endfor -%} -{%- endfor -%} +{% endfor %} +{% endfor %} {% else %} #pillar_roots: # base: # - /srv/pillar -{%- endif %} +{% endif %} -{% if 'ext_pillar' in master -%} +{% if 'ext_pillar' in master %} ext_pillar: {% for pillar in master['ext_pillar'] %} - {{ pillar.items()[0][0] }}: {{ pillar.items()[0][1] }} -{% endfor -%} -{% elif 'ext_pillar' in salt -%} +{% endfor %} +{% elif 'ext_pillar' in salt %} ext_pillar: {% for pillar in salt['ext_pillar'] %} - {{ pillar.items()[0][0] }}: {{ pillar.items()[0][1] }} -{% endfor -%} +{% endfor %} {% else %} #ext_pillar: # - hiera: /etc/hiera.yaml # - cmd_yaml: cat /etc/salt/yaml -{%- endif %} +{% endif %} # The pillar_gitfs_ssl_verify option specifies whether to ignore ssl certificate # errors when contacting the pillar gitfs backend. You might want to set this to @@ -628,23 +628,23 @@ ext_pillar: # # This is not recommended, since it would allow anyone who gets root on any # single minion to instantly have root on all of the minions! -{% if 'peer' in master -%} +{% if 'peer' in master %} peer: - {% for name, roots in master['peer'].items() -%} + {% for name, roots in master['peer'].items() %} {{ name }}: - {% for mod in roots -%} + {% for mod in roots %} - {{ mod }} - {% endfor -%} - {% endfor -%} -{% elif 'peer' in salt -%} + {% endfor %} + {% endfor %} +{% elif 'peer' in salt %} peer: - {% for name, roots in salt['peer'].items() -%} + {% for name, roots in salt['peer'].items() %} {{ name }}: - {% for mod in roots -%} + {% for mod in roots %} - {{ mod }} - {% endfor -%} - {% endfor -%} -{% endif -%} + {% endfor %} + {% endfor %} +{% endif %} # Minions can also be allowed to execute runners from the salt master. # Since executing a runner from the minion could be considered a security risk, @@ -663,23 +663,23 @@ peer: #peer_run: # foo.example.com: # - manage.up -{% if 'peer_run' in master -%} +{% if 'peer_run' in master %} peer_run: - {% for name, roots in master['peer_run'].items() -%} + {% for name, roots in master['peer_run'].items() %} {{ name }}: - {% for mod in roots -%} + {% for mod in roots %} - {{ mod }} - {% endfor -%} - {% endfor -%} -{% elif 'peer_run' in salt -%} + {% endfor %} + {% endfor %} +{% elif 'peer_run' in salt %} peer_run: - {% for name, roots in salt['peer_run'].items() -%} + {% for name, roots in salt['peer_run'].items() %} {{ name }}: - {% for mod in roots -%} + {% for mod in roots %} - {{ mod }} - {% endfor -%} - {% endfor -%} -{% endif -%} + {% endfor %} + {% endfor %} +{% endif %} ##### Mine settings ##### ########################################## @@ -745,12 +745,12 @@ peer_run: log_granular_levels: {% for name, lvl in master['log_granular_levels'] %} {{ name }}: {{ lvl }} - {% endfor -%} + {% endfor %} {% elif 'log_granular_levels' in salt %} log_granular_levels: {% for name, lvl in salt['log_granular_levels'] %} {{ name }}: {{ lvl }} - {% endfor -%} + {% endfor %} {% else %} #log_granular_levels: {} {% endif %} @@ -768,12 +768,12 @@ log_granular_levels: nodegroups: {% for name, lvl in master['nodegroups'] %} {{ name }}: {{ lvl }} - {% endfor -%} + {% endfor %} {% elif 'nodegroups' in salt %} nodegroups: {% for name, lvl in salt['nodegroups'] %} {{ name }}: {{ lvl }} - {% endfor -%} + {% endfor %} {% endif %} @@ -798,31 +798,31 @@ nodegroups: win_gitrepos: {% for repo in master['win_gitrepos'] %} - {{ repo }} - {% endfor -%} + {% endfor %} {% elif 'win_gitrepos' in salt %} win_gitrepos: {% for repo in salt['win_gitrepos'] %} - {{ repo }} - {% endfor -%} + {% endfor %} {% else %} #win_gitrepos: # - 'https://github.com/saltstack/salt-winrepo.git' {% endif %} -{% if 'halite' in master -%} +{% if 'halite' in master %} ##### Halite ##### ########################################## halite: - {%- for name, value in master['halite'].iteritems() %} + {% for name, value in master['halite'].iteritems() %} {{ name }}: {{ value }} - {%- endfor %} -{%- endif %} + {% endfor %} +{% endif %} -{% if 'rest_cherrypy' in master -%} +{% if 'rest_cherrypy' in master %} ##### rest_cherrypy ##### ########################################## rest_cherrypy: - {%- for name, value in master['rest_cherrypy'].iteritems() %} + {% for name, value in master['rest_cherrypy'].iteritems() %} {{ name }}: {{ value }} - {%- endfor %} -{%- endif %} + {% endfor %} +{% endif %}