Merge pull request #241 from pcdummy/mongodb

add support for mongodb settings
2016-07-07 10:22:18 -07:00 · 2016-07-07 10:22:18 -07:00 · 55864f7cdf
commit 55864f7cdf
parent e1b664f4d3 6ae81a9640
2 changed files with 58 additions and 30 deletions
--- a/salt/files/master.d/f_defaults.conf
+++ b/salt/files/master.d/f_defaults.conf
@ -59,7 +59,7 @@

 # Directory to store job and cache data:
 # This directory may contain sensitive data and should be protected accordingly.
-# 
+#
 {{ get_config('cachedir', '/var/cache/salt/master') }}

 # Directory for custom modules. This directory can contain subdirectories for
@ -133,7 +133,7 @@ module_dirs:
 {{ get_config('minion_data_cache', 'True') }}

 # Store all returns in the given returner.
-# Setting this option requires that any returner-specific configuration also 
+# Setting this option requires that any returner-specific configuration also
 # be set. See various returners in salt/returners for details on required
 # configuration values. (See also, event_return_queue below.)
 {{ get_config('event_return', 'mysql') }}
@ -195,12 +195,12 @@ event_return_blacklist:
 # the key rotation event as minions reconnect. Consider this carefully if this
 # salt master is managing a large number of minions.
 #
-# If disabled, it is recommended to handle this event by listening for the 
+# If disabled, it is recommended to handle this event by listening for the
 # 'aes_key_rotate' event with the 'key' tag and acting appropriately.
 {{ get_config('ping_on_rotate', 'False') }}

 # By default, the master deletes its cache of minion data when the key for that
-# minion is removed. To preserve the cache after key deletion, set 
+# minion is removed. To preserve the cache after key deletion, set
 # 'preserve_minion_cache' to True.
 #
 # WARNING: This may have security implications if compromised minions auth with
@ -379,7 +379,7 @@ client_acl_blacklist:
 {% endif %}

 # Enforce client_acl & client_acl_blacklist when users have sudo
-# access to the salt command. 
+# access to the salt command.
 {{ get_config('sudo_acl', 'False') }}

 # The external auth system uses the Salt auth modules to authenticate and
@ -416,7 +416,7 @@ client_acl_blacklist:
 # will cause minion to throw an exception and drop the message.
 {{ get_config('sign_pub_message', 'False') }}

-# Sign the master auth-replies with a cryptographic signature of the masters public key. 
+# Sign the master auth-replies with a cryptographic signature of the masters public key.
 # Please see the tutorial how to use these settings in the Multimaster-PKI with Failover Tutorial
 {{ get_config('master_sign_pubkey', 'False') }}

@ -424,18 +424,18 @@ client_acl_blacklist:
 # master_sign_key_name: <filename_without_suffix>
 {{ get_config('master_sign', '{}') }}

-# The name of the file in the masters pki-directory that holds the pre-calculated 
+# The name of the file in the masters pki-directory that holds the pre-calculated
 # signature of the masters public-key.
 # master_pubkey_signature: <filename>
 {{ get_config('master_pubkey_signature', '{}') }}

-# Instead of computing the signature for each auth-reply, use a pre-calculated signature. 
+# Instead of computing the signature for each auth-reply, use a pre-calculated signature.
 # The master_pubkey_signature must also be set for this.
 {{ get_config('master_use_pubkey_signature', 'False') }}

-# Rotate the salt-masters AES-key when a minion-public is deleted with salt-key. 
-# This is a very important security-setting. Disabling it will enable deleted minions to still 
-# listen in on the messages published by the salt-master. 
+# Rotate the salt-masters AES-key when a minion-public is deleted with salt-key.
+# This is a very important security-setting. Disabling it will enable deleted minions to still
+# listen in on the messages published by the salt-master.
 # Do not disable this unless it is absolutely clear what this does.
 {{ get_config('rotate_aes_key', 'True') }}

@ -453,16 +453,16 @@ client_acl_blacklist:
 # The base DN under which users can be found in LDAP
 {{ get_config('auth.ldap.basedn', '') }}

-# The user Salt authenticates to search for a users' Distinguished Name and 
+# The user Salt authenticates to search for a users' Distinguished Name and
 # group membership.
 {{ get_config('auth.ldap.binddn', '') }}

-# The bind password to go along with the bind dn (binddn). 
+# The bind password to go along with the bind dn (binddn).
 {{ get_config('auth.ldap.bindpw', '') }}

 # The filter used to find the DN associated with a user. For most LDAPs use
-# the value {% raw %}'uid={{ username }}'{% endraw %}. For Active Directory use the value 
-# {% raw %}'sAMAccountName={{username}}'{% endraw %}. 
+# the value {% raw %}'uid={{ username }}'{% endraw %}. For Active Directory use the value
+# {% raw %}'sAMAccountName={{username}}'{% endraw %}.
 {{ get_config('auth.ldap.filter', '') }}

 # The attribute used for user group membership. Defaults to 'memberOf'
@ -475,7 +475,7 @@ client_acl_blacklist:
 # Default value: 'Groups'
 {{ get_config('auth.ldap.groupou', 'Groups') }}

-# Allows the administrator to strip off a certain set of domain names 
+# Allows the administrator to strip off a certain set of domain names
 # so the hostnames looked up in the directory service can match the minion IDs.
 {{ get_config('auth.ldap.minion_stripdomains', []) }}

@ -646,7 +646,7 @@ master_tops:
 # When using multiple environments, each with their own top file, the
 # default behaviour is an unordered merge. To prevent top files from
 # being merged together and instead to only use the top file from the
-# requested environment, set this value to 'same'. 
+# requested environment, set this value to 'same'.
 {{ get_config('top_file_merging_stragety', 'merge') }}

 # To specify the order in which environments are merged, set the ordering
@ -663,7 +663,7 @@ master_tops:
 # the master server. The default is md5, but sha1, sha224, sha256, sha384
 # and sha512 are also supported.
 #
-# Prior to changing this value, the master should be stopped and all Salt 
+# Prior to changing this value, the master should be stopped and all Salt
 # caches should be cleared.
 {{ get_config('hash_type', 'md5') }}

@ -770,11 +770,11 @@ fileserver_backend:
 # Along with gitfs_password, is used to authenticate to HTTPS remotes.
 {{ get_config('gitfs_user', 'git') }}

-# Along with gitfs_user, is used to authenticate to HTTPS remotes. 
+# Along with gitfs_user, is used to authenticate to HTTPS remotes.
 # This parameter is not required if the repository does not use authentication.
 {{ get_config('gitfs_password', '') }}

-# By default, Salt will not authenticate to an HTTP (non-HTTPS) remote. 
+# By default, Salt will not authenticate to an HTTP (non-HTTPS) remote.
 # This parameter enables authentication over HTTP. Enable this at your own risk.
 {{ get_config('gitfs_insecure_auth', 'False') }}

@ -973,9 +973,9 @@ ext_pillar:
 # be used instead.
 {{ get_config('git_pillar_branch', 'master') }}

-# Environment to use for git_pillar remotes. This is normally derived from 
+# Environment to use for git_pillar remotes. This is normally derived from
 # the branch/tag (or from a per-remote env parameter), but if set this will
-# override the process of deriving the env from the branch/tag name. 
+# override the process of deriving the env from the branch/tag name.
 {{ get_config('git_pillar_env', '') }}

 # Path relative to the root of the repository where the git_pillar top file
@ -983,12 +983,12 @@ ext_pillar:
 {{ get_config('git_pillar_root', 'pillar') }}

 # Specifies whether or not to ignore SSL certificate errors when contacting
-# the remote repository. 
+# the remote repository.
 {{ get_config('git_pillar_ssl_verify', True) }}

 # When set to False, if there is an update/checkout lock for a git_pillar
 # remote and the pid written to it is not running on the master, the lock
-# file will be automatically cleared and a new lock will be obtained. 
+# file will be automatically cleared and a new lock will be obtained.
 {{ get_config('git_pillar_global_lock', False) }}

 # Git External Pillar Authentication Options
@ -1380,3 +1380,17 @@ consul_config:
  {{ name }}: {{ value }}
  {%- endfor %}
 {%- endif %}
+
+{% if 'mongo' in cfg_master -%}
+#####   mongodb connection settings  #####
+##########################################
+{%- for name, value in cfg_master['mongo'].items() %}
+mongo.{{ name }}: {{ value }}
+{%- endfor %}
+
+{% if 'alternative.mongo' in cfg_master -%}
+{%- for name, value in cfg_master['alternative.mongo'].items() %}
+alternative.mongo.{{ name }}: {{ value }}
+{%- endfor %}
+{% endif %}
+{%- endif %}
--- a/salt/files/minion.d/f_defaults.conf
+++ b/salt/files/minion.d/f_defaults.conf
@ -539,11 +539,11 @@ fileserver_backend:
 # Along with gitfs_password, is used to authenticate to HTTPS remotes.
 {{ get_config('gitfs_user', 'git') }}

-# Along with gitfs_user, is used to authenticate to HTTPS remotes. 
+# Along with gitfs_user, is used to authenticate to HTTPS remotes.
 # This parameter is not required if the repository does not use authentication.
 {{ get_config('gitfs_password', '') }}

-# By default, Salt will not authenticate to an HTTP (non-HTTPS) remote. 
+# By default, Salt will not authenticate to an HTTP (non-HTTPS) remote.
 # This parameter enables authentication over HTTP. Enable this at your own risk.
 {{ get_config('gitfs_insecure_auth', 'False') }}

@ -735,9 +735,9 @@ ext_pillar:
 # be used instead.
 {{ get_config('git_pillar_branch', 'master') }}

-# Environment to use for git_pillar remotes. This is normally derived from 
+# Environment to use for git_pillar remotes. This is normally derived from
 # the branch/tag (or from a per-remote env parameter), but if set this will
-# override the process of deriving the env from the branch/tag name. 
+# override the process of deriving the env from the branch/tag name.
 {{ get_config('git_pillar_env', '') }}

 # Path relative to the root of the repository where the git_pillar top file
@ -745,12 +745,12 @@ ext_pillar:
 {{ get_config('git_pillar_root', 'pillar') }}

 # Specifies whether or not to ignore SSL certificate errors when contacting
-# the remote repository. 
+# the remote repository.
 {{ get_config('git_pillar_ssl_verify', True) }}

 # When set to False, if there is an update/checkout lock for a git_pillar
 # remote and the pid written to it is not running on the master, the lock
-# file will be automatically cleared and a new lock will be obtained. 
+# file will be automatically cleared and a new lock will be obtained.
 {{ get_config('git_pillar_global_lock', False) }}

 # Git External Pillar Authentication Options
@ -991,3 +991,17 @@ ext_pillar:
 # Default match type for filtering events tags: startswith, endswith, find, regex, fnmatch
 #event_match_type: startswith
 {{ get_config('event_match_type', 'startswith') }}
+
+{% if 'mongo' in cfg_minion -%}
+#####   mongodb connection settings  #####
+##########################################
+{%- for name, value in cfg_minion['mongo'].items() %}
+mongo.{{ name }}: {{ value }}
+{%- endfor %}
+
+{% if 'alternative.mongo' in cfg_minion -%}
+{%- for name, value in cfg_minion['alternative.mongo'].items() %}
+alternative.mongo.{{ name }}: {{ value }}
+{%- endfor %}
+{% endif %}
+{%- endif %}