merge options from 2015.8.7 version in f_defaults.conf
This commit is contained in:
parent
8573ba96e2
commit
bfcaca38a6
@ -1,5 +1,5 @@
|
|||||||
# This file managed by Salt, do not edit by hand!!
|
# This file managed by Salt, do not edit by hand!!
|
||||||
# Based on salt version 2014.7 default config
|
# Based on salt version 2015.8.7 default config
|
||||||
{% set reserved_keys = ['master', 'minion', 'cloud', 'salt_cloud_certs'] -%}
|
{% set reserved_keys = ['master', 'minion', 'cloud', 'salt_cloud_certs'] -%}
|
||||||
{% set cfg_salt = pillar.get('salt', {}) -%}
|
{% set cfg_salt = pillar.get('salt', {}) -%}
|
||||||
{% set cfg_master = cfg_salt.get('master', {}) -%}
|
{% set cfg_master = cfg_salt.get('master', {}) -%}
|
||||||
@ -15,10 +15,11 @@
|
|||||||
{%- from 'salt/formulas.jinja' import file_roots, formulas with context -%}
|
{%- from 'salt/formulas.jinja' import file_roots, formulas with context -%}
|
||||||
##### Primary configuration settings #####
|
##### Primary configuration settings #####
|
||||||
##########################################
|
##########################################
|
||||||
# This configuration file is used to manage the behavior of the Salt Master
|
# This configuration file is used to manage the behavior of the Salt Master.
|
||||||
# Values that are commented out but have no space after the comment are
|
# Values that are commented out but have an empty line after the comment are
|
||||||
# defaults that need not be set in the config. If there is a space after the
|
# defaults that do not need to be set in the config. If there is no blank line
|
||||||
# comment that the value is presented as an example and is not the default.
|
# after the comment then the value is presented as an example and is not the
|
||||||
|
# default.
|
||||||
|
|
||||||
# Per default, the master will automatically include all config files
|
# Per default, the master will automatically include all config files
|
||||||
# from master.d/*.conf (master.d is a directory in the same directory
|
# from master.d/*.conf (master.d is a directory in the same directory
|
||||||
@ -41,30 +42,6 @@
|
|||||||
# modified files cause conflicts, set verify_env to False.
|
# modified files cause conflicts, set verify_env to False.
|
||||||
{{ get_config('user', 'root') }}
|
{{ get_config('user', 'root') }}
|
||||||
|
|
||||||
# Max open files
|
|
||||||
#
|
|
||||||
# Each minion connecting to the master uses AT LEAST one file descriptor, the
|
|
||||||
# master subscription connection. If enough minions connect you might start
|
|
||||||
# seeing on the console (and then salt-master crashes):
|
|
||||||
# Too many open files (tcp_listener.cpp:335)
|
|
||||||
# Aborted (core dumped)
|
|
||||||
#
|
|
||||||
# By default this value will be the one of `ulimit -Hn`, ie, the hard limit for
|
|
||||||
# max open files.
|
|
||||||
#
|
|
||||||
# If you wish to set a different value than the default one, uncomment and
|
|
||||||
# configure this setting. Remember that this value CANNOT be higher than the
|
|
||||||
# hard limit. Raising the hard limit depends on your OS and/or distribution,
|
|
||||||
# a good way to find the limit is to search the internet. For example:
|
|
||||||
# raise max open files hard limit debian
|
|
||||||
#
|
|
||||||
{{ get_config('max_open_files', '100000') }}
|
|
||||||
|
|
||||||
# The number of worker threads to start. These threads are used to manage
|
|
||||||
# return calls made from minions to the master. If the master seems to be
|
|
||||||
# running slowly, increase the number of threads.
|
|
||||||
{{ get_config('worker_threads', '5') }}
|
|
||||||
|
|
||||||
# The port used by the communication interface. The ret (return) port is the
|
# The port used by the communication interface. The ret (return) port is the
|
||||||
# interface used for the file server, authentication, job returns, etc.
|
# interface used for the file server, authentication, job returns, etc.
|
||||||
{{ get_config('ret_port', '4506') }}
|
{{ get_config('ret_port', '4506') }}
|
||||||
@ -81,6 +58,8 @@
|
|||||||
{{ get_config('pki_dir', '/etc/salt/pki/master') }}
|
{{ get_config('pki_dir', '/etc/salt/pki/master') }}
|
||||||
|
|
||||||
# Directory to store job and cache data:
|
# Directory to store job and cache data:
|
||||||
|
# This directory may contain sensitive data and should be protected accordingly.
|
||||||
|
#
|
||||||
{{ get_config('cachedir', '/var/cache/salt/master') }}
|
{{ get_config('cachedir', '/var/cache/salt/master') }}
|
||||||
|
|
||||||
# Directory for custom modules. This directory can contain subdirectories for
|
# Directory for custom modules. This directory can contain subdirectories for
|
||||||
@ -88,6 +67,25 @@
|
|||||||
# "states", "returners", etc.
|
# "states", "returners", etc.
|
||||||
{{ get_config('extension_modules', '<no default>') }}
|
{{ get_config('extension_modules', '<no default>') }}
|
||||||
|
|
||||||
|
# Directory for custom modules. This directory can contain subdirectories for
|
||||||
|
# each of Salt's module types such as "runners", "output", "wheel", "modules",
|
||||||
|
# "states", "returners", etc.
|
||||||
|
# Like 'extension_modules' but can take an array of paths
|
||||||
|
{% if 'module_dirs' in cfg_master -%}
|
||||||
|
module_dirs:
|
||||||
|
{%- for dir in cfg_master['module_dirs'] %}
|
||||||
|
- {{ dir}}
|
||||||
|
{%- endfor -%}
|
||||||
|
{% elif 'module_dirs' in cfg_salt -%}
|
||||||
|
module_dirs:
|
||||||
|
{%- for dir in cfg_salt['module_dirs'] %}
|
||||||
|
- {{ dir}}
|
||||||
|
{%- endfor -%}
|
||||||
|
{% else -%}
|
||||||
|
#module_dirs: <no default>
|
||||||
|
# - /var/cache/salt/minion/extmods
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
# Verify and set permissions on configuration directories at startup:
|
# Verify and set permissions on configuration directories at startup:
|
||||||
{{ get_config('verify_env', 'True') }}
|
{{ get_config('verify_env', 'True') }}
|
||||||
|
|
||||||
@ -109,9 +107,6 @@
|
|||||||
# Return minions that timeout when running commands like test.ping
|
# Return minions that timeout when running commands like test.ping
|
||||||
{{ get_config('show_timeout', 'True') }}
|
{{ get_config('show_timeout', 'True') }}
|
||||||
|
|
||||||
# Display the jid when a job is published
|
|
||||||
{{ get_config('show_jid', 'False') }}
|
|
||||||
|
|
||||||
# By default, output is colored. To disable colored output, set the color value
|
# By default, output is colored. To disable colored output, set the color value
|
||||||
# to False.
|
# to False.
|
||||||
{{ get_config('color', 'True') }}
|
{{ get_config('color', 'True') }}
|
||||||
@ -141,7 +136,6 @@
|
|||||||
# Setting this option requires that any returner-specific configuration also
|
# Setting this option requires that any returner-specific configuration also
|
||||||
# be set. See various returners in salt/returners for details on required
|
# be set. See various returners in salt/returners for details on required
|
||||||
# configuration values. (See also, event_return_queue below.)
|
# configuration values. (See also, event_return_queue below.)
|
||||||
#
|
|
||||||
{{ get_config('event_return', 'mysql') }}
|
{{ get_config('event_return', 'mysql') }}
|
||||||
|
|
||||||
# On busy systems, enabling event_returns can cause a considerable load on
|
# On busy systems, enabling event_returns can cause a considerable load on
|
||||||
@ -182,7 +176,6 @@ event_return_blacklist:
|
|||||||
# event_return_blacklist:
|
# event_return_blacklist:
|
||||||
# - salt/master/not_this_tag
|
# - salt/master/not_this_tag
|
||||||
# - salt/master/or_this_one
|
# - salt/master/or_this_one
|
||||||
|
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
# Passing very large events can cause the minion to consume large amounts of
|
# Passing very large events can cause the minion to consume large amounts of
|
||||||
@ -236,6 +229,58 @@ event_return_blacklist:
|
|||||||
# - /etc/salt/extra_config
|
# - /etc/salt/extra_config
|
||||||
{{ get_config('include', '[]') }}
|
{{ get_config('include', '[]') }}
|
||||||
|
|
||||||
|
##### Large-scale tuning settings #####
|
||||||
|
##########################################
|
||||||
|
# Max open files
|
||||||
|
#
|
||||||
|
# Each minion connecting to the master uses AT LEAST one file descriptor, the
|
||||||
|
# master subscription connection. If enough minions connect you might start
|
||||||
|
# seeing on the console (and then salt-master crashes):
|
||||||
|
# Too many open files (tcp_listener.cpp:335)
|
||||||
|
# Aborted (core dumped)
|
||||||
|
#
|
||||||
|
# By default this value will be the one of `ulimit -Hn`, ie, the hard limit for
|
||||||
|
# max open files.
|
||||||
|
#
|
||||||
|
# If you wish to set a different value than the default one, uncomment and
|
||||||
|
# configure this setting. Remember that this value CANNOT be higher than the
|
||||||
|
# hard limit. Raising the hard limit depends on your OS and/or distribution,
|
||||||
|
# a good way to find the limit is to search the internet. For example:
|
||||||
|
# raise max open files hard limit debian
|
||||||
|
#
|
||||||
|
{{ get_config('max_open_files', '100000') }}
|
||||||
|
|
||||||
|
# The number of worker threads to start. These threads are used to manage
|
||||||
|
# return calls made from minions to the master. If the master seems to be
|
||||||
|
# running slowly, increase the number of threads. This setting can not be
|
||||||
|
# set lower than 3.
|
||||||
|
{{ get_config('worker_threads', '5') }}
|
||||||
|
|
||||||
|
# Set the ZeroMQ high water marks
|
||||||
|
# http://api.zeromq.org/3-2:zmq-setsockopt
|
||||||
|
|
||||||
|
# The publisher interface ZeroMQPubServerChannel
|
||||||
|
{{ get_config('pub_hwm', '1000') }}
|
||||||
|
|
||||||
|
# These two ZMQ HWM settings, salt_event_pub_hwm and event_publisher_pub_hwm
|
||||||
|
# are significant for masters with thousands of minions. When these are
|
||||||
|
# insufficiently high it will manifest in random responses missing in the CLI
|
||||||
|
# and even missing from the job cache. Masters that have fast CPUs and many
|
||||||
|
# cores with appropriate worker_threads will not need these set as high.
|
||||||
|
|
||||||
|
# On deployment with 8,000 minions, 2.4GHz CPUs, 24 cores, 32GiB memory has
|
||||||
|
# these settings:
|
||||||
|
#
|
||||||
|
# salt_event_pub_hwm: 128000
|
||||||
|
# event_publisher_pub_hwm: 64000
|
||||||
|
|
||||||
|
# ZMQ high-water-mark for SaltEvent pub socket
|
||||||
|
{{ get_config('salt_event_pub_hwm', '20000') }}
|
||||||
|
|
||||||
|
# ZMQ high-water-mark for EventPublisher pub socket
|
||||||
|
{{ get_config('event_publisher_pub_hwm', '10000') }}
|
||||||
|
|
||||||
|
|
||||||
##### Security settings #####
|
##### Security settings #####
|
||||||
##########################################
|
##########################################
|
||||||
# Enable "open mode", this mode still maintains encryption, but turns off
|
# Enable "open mode", this mode still maintains encryption, but turns off
|
||||||
@ -276,10 +321,6 @@ event_return_blacklist:
|
|||||||
# This setting should be treated with care since it opens up execution
|
# This setting should be treated with care since it opens up execution
|
||||||
# capabilities to non root users. By default this capability is completely
|
# capabilities to non root users. By default this capability is completely
|
||||||
# disabled.
|
# disabled.
|
||||||
#client_acl:
|
|
||||||
# larry:
|
|
||||||
# - test.ping
|
|
||||||
# - network.*
|
|
||||||
{% if 'client_acl' in cfg_master -%}
|
{% if 'client_acl' in cfg_master -%}
|
||||||
client_acl:
|
client_acl:
|
||||||
{%- for name, user in cfg_master['client_acl']|dictsort %}
|
{%- for name, user in cfg_master['client_acl']|dictsort %}
|
||||||
@ -308,7 +349,6 @@ client_acl:
|
|||||||
# This example would blacklist all non sudo users, including root from
|
# This example would blacklist all non sudo users, including root from
|
||||||
# running any commands. It would also blacklist any use of the "cmd"
|
# running any commands. It would also blacklist any use of the "cmd"
|
||||||
# module. This is completely disabled by default.
|
# module. This is completely disabled by default.
|
||||||
#
|
|
||||||
{% if 'client_acl_blacklist' in cfg_master %}
|
{% if 'client_acl_blacklist' in cfg_master %}
|
||||||
client_acl_blacklist:
|
client_acl_blacklist:
|
||||||
users:
|
users:
|
||||||
@ -340,7 +380,6 @@ client_acl_blacklist:
|
|||||||
|
|
||||||
# Enforce client_acl & client_acl_blacklist when users have sudo
|
# Enforce client_acl & client_acl_blacklist when users have sudo
|
||||||
# access to the salt command.
|
# access to the salt command.
|
||||||
#
|
|
||||||
{{ get_config('sudo_acl', 'False') }}
|
{{ get_config('sudo_acl', 'False') }}
|
||||||
|
|
||||||
# The external auth system uses the Salt auth modules to authenticate and
|
# The external auth system uses the Salt auth modules to authenticate and
|
||||||
@ -377,9 +416,41 @@ client_acl_blacklist:
|
|||||||
# will cause minion to throw an exception and drop the message.
|
# will cause minion to throw an exception and drop the message.
|
||||||
{{ get_config('sign_pub_message', 'False') }}
|
{{ get_config('sign_pub_message', 'False') }}
|
||||||
|
|
||||||
|
# Sign the master auth-replies with a cryptographic signature of the masters public key.
|
||||||
|
# Please see the tutorial how to use these settings in the Multimaster-PKI with Failover Tutorial
|
||||||
{{ get_config('master_sign_pubkey', 'False') }}
|
{{ get_config('master_sign_pubkey', 'False') }}
|
||||||
|
|
||||||
|
# The customizable name of the signing-key-pair without suffix.
|
||||||
|
# master_sign_key_name: <filename_without_suffix>
|
||||||
|
{{ get_config('master_sign', '{}') }}
|
||||||
|
|
||||||
|
# The name of the file in the masters pki-directory that holds the pre-calculated
|
||||||
|
# signature of the masters public-key.
|
||||||
|
# master_pubkey_signature: <filename>
|
||||||
|
{{ get_config('master_pubkey_signature', '{}') }}
|
||||||
|
|
||||||
|
# Instead of computing the signature for each auth-reply, use a pre-calculated signature.
|
||||||
|
# The master_pubkey_signature must also be set for this.
|
||||||
|
{{ get_config('master_use_pubkey_signature', 'False') }}
|
||||||
|
|
||||||
|
# Rotate the salt-masters AES-key when a minion-public is deleted with salt-key.
|
||||||
|
# This is a very important security-setting. Disabling it will enable deleted minions to still
|
||||||
|
# listen in on the messages published by the salt-master.
|
||||||
|
# Do not disable this unless it is absolutely clear what this does.
|
||||||
|
{{ get_config('rotate_aes_key', 'True') }}
|
||||||
|
|
||||||
|
##### Salt-SSH Configuration #####
|
||||||
|
##########################################
|
||||||
|
|
||||||
|
# Pass in an alternative location for the salt-ssh roster file
|
||||||
|
{{ get_config('roster_file', '/etc/salt/roster') }}
|
||||||
|
|
||||||
|
# Pass in minion option overrides that will be inserted into the SHIM for
|
||||||
|
# salt-ssh calls. The local minion config is not used for salt-ssh. Can be
|
||||||
|
# overridden on a per-minion basis in the roster (`minion_opts`)
|
||||||
|
#ssh_minion_opts:
|
||||||
|
# gpg_keydir: /root/gpg
|
||||||
|
{{ get_config('ssh_minion_opts', '{}') }}
|
||||||
|
|
||||||
##### Master Module Management #####
|
##### Master Module Management #####
|
||||||
##########################################
|
##########################################
|
||||||
@ -408,6 +479,7 @@ client_acl_blacklist:
|
|||||||
# master_tops:
|
# master_tops:
|
||||||
# ext_nodes: <Shell command which returns yaml>
|
# ext_nodes: <Shell command which returns yaml>
|
||||||
#
|
#
|
||||||
|
#master_tops: {}
|
||||||
{% if 'master_tops' in cfg_master %}
|
{% if 'master_tops' in cfg_master %}
|
||||||
master_tops:
|
master_tops:
|
||||||
{%- for master in cfg_master['master_tops'] -%}
|
{%- for master in cfg_master['master_tops'] -%}
|
||||||
@ -438,7 +510,7 @@ master_tops:
|
|||||||
# (block, not variable tag!). Defaults to False, corresponds to the Jinja
|
# (block, not variable tag!). Defaults to False, corresponds to the Jinja
|
||||||
# environment init variable "trim_blocks".
|
# environment init variable "trim_blocks".
|
||||||
{{ get_config('jinja_trim_blocks', 'False') }}
|
{{ get_config('jinja_trim_blocks', 'False') }}
|
||||||
#
|
|
||||||
# If this is set to True leading spaces and tabs are stripped from the start
|
# If this is set to True leading spaces and tabs are stripped from the start
|
||||||
# of a line to a block. Defaults to False, corresponds to the Jinja
|
# of a line to a block. Defaults to False, corresponds to the Jinja
|
||||||
# environment init variable "lstrip_blocks".
|
# environment init variable "lstrip_blocks".
|
||||||
@ -462,13 +534,19 @@ master_tops:
|
|||||||
{{ get_config('state_output', 'full') }}
|
{{ get_config('state_output', 'full') }}
|
||||||
|
|
||||||
# Automatically aggregate all states that have support for mod_aggregate by
|
# Automatically aggregate all states that have support for mod_aggregate by
|
||||||
# setting to True. Or pass a list of state module names to automatically
|
# setting to 'True'. Or pass a list of state module names to automatically
|
||||||
# aggregate just those types.
|
# aggregate just those types.
|
||||||
#
|
#
|
||||||
# state_aggregate:
|
# state_aggregate:
|
||||||
# - pkg
|
# - pkg
|
||||||
#
|
#
|
||||||
#state_aggregate: False
|
#state_aggregate: False
|
||||||
|
{{ get_config('state_aggregate', '{}') }}
|
||||||
|
|
||||||
|
# Send progress events as each function in a state run completes execution
|
||||||
|
# by setting to 'True'. Progress events are in the format
|
||||||
|
# 'salt/job/<JID>/prog/<MID>/<RUN NUM>'.
|
||||||
|
{{ get_config('state_events', 'False') }}
|
||||||
|
|
||||||
##### File Server settings #####
|
##### File Server settings #####
|
||||||
##########################################
|
##########################################
|
||||||
@ -490,7 +568,7 @@ master_tops:
|
|||||||
# prod:
|
# prod:
|
||||||
# - /srv/salt/prod/services
|
# - /srv/salt/prod/services
|
||||||
# - /srv/salt/prod/states
|
# - /srv/salt/prod/states
|
||||||
|
#
|
||||||
{% if 'file_roots' in cfg_master -%}
|
{% if 'file_roots' in cfg_master -%}
|
||||||
{{ file_roots(cfg_master['file_roots']) }}
|
{{ file_roots(cfg_master['file_roots']) }}
|
||||||
{%- elif 'file_roots' in cfg_salt -%}
|
{%- elif 'file_roots' in cfg_salt -%}
|
||||||
@ -503,6 +581,22 @@ master_tops:
|
|||||||
# - /srv/salt
|
# - /srv/salt
|
||||||
{%- endif %}
|
{%- endif %}
|
||||||
|
|
||||||
|
# When using multiple environments, each with their own top file, the
|
||||||
|
# default behaviour is an unordered merge. To prevent top files from
|
||||||
|
# being merged together and instead to only use the top file from the
|
||||||
|
# requested environment, set this value to 'same'.
|
||||||
|
{{ get_config('top_file_merging_stragety', 'merge') }}
|
||||||
|
|
||||||
|
# To specify the order in which environments are merged, set the ordering
|
||||||
|
# in the env_order option. Given a conflict, the last matching value will
|
||||||
|
# win.
|
||||||
|
{{ get_config('env_order', '["base", "dev", "prod"]') }}
|
||||||
|
|
||||||
|
# If top_file_merging_strategy is set to 'same' and an environment does not
|
||||||
|
# contain a top file, the top file in the environment specified by default_top
|
||||||
|
# will be used instead.
|
||||||
|
{{ get_config('default_top', 'base') }}
|
||||||
|
|
||||||
# The hash_type is the hash to use when discovering the hash of a file on
|
# The hash_type is the hash to use when discovering the hash of a file on
|
||||||
# the master server. The default is md5, but sha1, sha224, sha256, sha384
|
# the master server. The default is md5, but sha1, sha224, sha256, sha384
|
||||||
# and sha512 are also supported.
|
# and sha512 are also supported.
|
||||||
@ -578,26 +672,26 @@ fileserver_backend:
|
|||||||
- {{ backend }}
|
- {{ backend }}
|
||||||
{%- endfor -%}
|
{%- endfor -%}
|
||||||
{%- endif %}
|
{%- endif %}
|
||||||
#
|
|
||||||
# Uncomment the line below if you do not want the file_server to follow
|
# Uncomment the line below if you do not want the file_server to follow
|
||||||
# symlinks when walking the filesystem tree. This is set to True
|
# symlinks when walking the filesystem tree. This is set to True
|
||||||
# by default. Currently this only applies to the default roots
|
# by default. Currently this only applies to the default roots
|
||||||
# fileserver_backend.
|
# fileserver_backend.
|
||||||
{{ get_config('fileserver_followsymlinks', 'False') }}
|
{{ get_config('fileserver_followsymlinks', 'False') }}
|
||||||
#
|
|
||||||
# Uncomment the line below if you do not want symlinks to be
|
# Uncomment the line below if you do not want symlinks to be
|
||||||
# treated as the files they are pointing to. By default this is set to
|
# treated as the files they are pointing to. By default this is set to
|
||||||
# False. By uncommenting the line below, any detected symlink while listing
|
# False. By uncommenting the line below, any detected symlink while listing
|
||||||
# files on the Master will not be returned to the Minion.
|
# files on the Master will not be returned to the Minion.
|
||||||
{{ get_config('fileserver_ignoresymlinks', 'True') }}
|
{{ get_config('fileserver_ignoresymlinks', 'True') }}
|
||||||
#
|
|
||||||
# By default, the Salt fileserver recurses fully into all defined environments
|
# By default, the Salt fileserver recurses fully into all defined environments
|
||||||
# to attempt to find files. To limit this behavior so that the fileserver only
|
# to attempt to find files. To limit this behavior so that the fileserver only
|
||||||
# traverses directories with SLS files and special Salt directories like _modules,
|
# traverses directories with SLS files and special Salt directories like _modules,
|
||||||
# enable the option below. This might be useful for installations where a file root
|
# enable the option below. This might be useful for installations where a file root
|
||||||
# has a very large number of files and performance is impacted. Default is False.
|
# has a very large number of files and performance is impacted. Default is False.
|
||||||
{{ get_config('fileserver_limit_traversal', 'False') }}
|
{{ get_config('fileserver_limit_traversal', 'False') }}
|
||||||
#
|
|
||||||
# The fileserver can fire events off every time the fileserver is updated,
|
# The fileserver can fire events off every time the fileserver is updated,
|
||||||
# these are disabled by default, but can be easily turned on by setting this
|
# these are disabled by default, but can be easily turned on by setting this
|
||||||
# flag to True
|
# flag to True
|
||||||
@ -608,7 +702,7 @@ fileserver_backend:
|
|||||||
# Gitfs can be provided by one of two python modules: GitPython or pygit2. If
|
# Gitfs can be provided by one of two python modules: GitPython or pygit2. If
|
||||||
# using pygit2, both libgit2 and git must also be installed.
|
# using pygit2, both libgit2 and git must also be installed.
|
||||||
{{ get_config('gitfs_provider', 'gitpython') }}
|
{{ get_config('gitfs_provider', 'gitpython') }}
|
||||||
#
|
|
||||||
# When using the git fileserver backend at least one git remote needs to be
|
# When using the git fileserver backend at least one git remote needs to be
|
||||||
# defined. The user running the salt master will need read access to the repo.
|
# defined. The user running the salt master will need read access to the repo.
|
||||||
#
|
#
|
||||||
@ -646,7 +740,7 @@ gitfs_remotes:
|
|||||||
# keep in mind that setting this flag to anything other than the default of True
|
# keep in mind that setting this flag to anything other than the default of True
|
||||||
# is a security concern, you may want to try using the ssh transport.
|
# is a security concern, you may want to try using the ssh transport.
|
||||||
{{ get_config('gitfs_ssl_verify', 'True') }}
|
{{ get_config('gitfs_ssl_verify', 'True') }}
|
||||||
#
|
|
||||||
# The gitfs_root option gives the ability to serve files from a subdirectory
|
# The gitfs_root option gives the ability to serve files from a subdirectory
|
||||||
# within the repository. The path is defined relative to the root of the
|
# within the repository. The path is defined relative to the root of the
|
||||||
# repository and defaults to the repository root.
|
# repository and defaults to the repository root.
|
||||||
@ -676,7 +770,6 @@ gitfs_env_blacklist:
|
|||||||
# - feature/*
|
# - feature/*
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
|
||||||
##### Pillar settings #####
|
##### Pillar settings #####
|
||||||
##########################################
|
##########################################
|
||||||
# Salt Pillars allow for the building of global data that can be made selectively
|
# Salt Pillars allow for the building of global data that can be made selectively
|
||||||
@ -705,7 +798,7 @@ pillar_roots:
|
|||||||
# base:
|
# base:
|
||||||
# - /srv/pillar
|
# - /srv/pillar
|
||||||
{%- endif %}
|
{%- endif %}
|
||||||
#
|
|
||||||
{% if 'ext_pillar' in cfg_master %}
|
{% if 'ext_pillar' in cfg_master %}
|
||||||
ext_pillar:
|
ext_pillar:
|
||||||
{%- for pillar in cfg_master['ext_pillar'] -%}
|
{%- for pillar in cfg_master['ext_pillar'] -%}
|
||||||
@ -755,6 +848,13 @@ ext_pillar:
|
|||||||
# master config file that can then be used on minions.
|
# master config file that can then be used on minions.
|
||||||
{{ get_config('pillar_opts', 'True') }}
|
{{ get_config('pillar_opts', 'True') }}
|
||||||
|
|
||||||
|
# The pillar_safe_render_error option prevents the master from passing pillar
|
||||||
|
# render errors to the minion. This is set on by default because the error could
|
||||||
|
# contain templating data which would give that minion information it shouldn't
|
||||||
|
# have, like a password! When set true the error message will only show:
|
||||||
|
# Rendering SLS 'my.sls' failed. Please see master log for details.
|
||||||
|
{{ get_config('pillar_safe_render_error', 'True') }}
|
||||||
|
|
||||||
# The pillar_source_merging_strategy option allows you to configure merging strategy
|
# The pillar_source_merging_strategy option allows you to configure merging strategy
|
||||||
# between different sources. It accepts four values: recurse, aggregate, overwrite,
|
# between different sources. It accepts four values: recurse, aggregate, overwrite,
|
||||||
# or smart. Recurse will merge recursively mapping of data. Aggregate instructs
|
# or smart. Recurse will merge recursively mapping of data. Aggregate instructs
|
||||||
@ -764,13 +864,18 @@ ext_pillar:
|
|||||||
# on the "renderer" setting and is the default value.
|
# on the "renderer" setting and is the default value.
|
||||||
{{ get_config('pillar_source_merging_strategy', 'smart') }}
|
{{ get_config('pillar_source_merging_strategy', 'smart') }}
|
||||||
|
|
||||||
|
# Recursively merge lists by aggregating them instead of replacing them.
|
||||||
|
{{ get_config('pillar_merge_lists', 'False') }}
|
||||||
|
|
||||||
|
|
||||||
##### Syndic settings #####
|
##### Syndic settings #####
|
||||||
##########################################
|
##########################################
|
||||||
# The Salt syndic is used to pass commands through a master from a higher
|
# The Salt syndic is used to pass commands through a master from a higher
|
||||||
# master. Using the syndic is simple, if this is a master that will have
|
# master. Using the syndic is simple. If this is a master that will have
|
||||||
# syndic servers(s) below it set the "order_masters" setting to True, if this
|
# syndic servers(s) below it, then set the "order_masters" setting to True.
|
||||||
# is a master that will be running a syndic daemon for passthrough the
|
#
|
||||||
# "syndic_master" setting needs to be set to the location of the master server
|
# If this is a master that will be running a syndic daemon for passthrough, then
|
||||||
|
# the "syndic_master" setting needs to be set to the location of the master server
|
||||||
# to receive commands from.
|
# to receive commands from.
|
||||||
|
|
||||||
# Set the order_masters setting to True if this master will command lower
|
# Set the order_masters setting to True if this master will command lower
|
||||||
@ -790,6 +895,7 @@ ext_pillar:
|
|||||||
# LOG file of the syndic daemon:
|
# LOG file of the syndic daemon:
|
||||||
{{ get_config('syndic_log_file', 'syndic.log') }}
|
{{ get_config('syndic_log_file', 'syndic.log') }}
|
||||||
|
|
||||||
|
|
||||||
##### Peer Publish settings #####
|
##### Peer Publish settings #####
|
||||||
##########################################
|
##########################################
|
||||||
# Salt minions can send commands to other minions, but only if the minion is
|
# Salt minions can send commands to other minions, but only if the minion is
|
||||||
@ -864,9 +970,8 @@ peer_run:
|
|||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
|
||||||
##### Mine settings #####
|
##### Mine settings #####
|
||||||
##########################################
|
#####################################
|
||||||
# Restrict mine.get access from minions. By default any minion has a full access
|
# Restrict mine.get access from minions. By default any minion has a full access
|
||||||
# to get all mine data from master cache. In acl definion below, only pcre matches
|
# to get all mine data from master cache. In acl definion below, only pcre matches
|
||||||
# are allowed.
|
# are allowed.
|
||||||
@ -902,7 +1007,6 @@ mine_get:
|
|||||||
# - disk.*
|
# - disk.*
|
||||||
{%- endif %}
|
{%- endif %}
|
||||||
|
|
||||||
|
|
||||||
##### Logging settings #####
|
##### Logging settings #####
|
||||||
##########################################
|
##########################################
|
||||||
# The location of the master log file
|
# The location of the master log file
|
||||||
@ -919,10 +1023,15 @@ mine_get:
|
|||||||
|
|
||||||
# The level of messages to send to the console.
|
# The level of messages to send to the console.
|
||||||
# One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'.
|
# One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'.
|
||||||
|
#
|
||||||
|
# The following log levels are considered INSECURE and may log sensitive data:
|
||||||
|
# ['garbage', 'trace', 'debug']
|
||||||
|
#
|
||||||
{{ get_config('log_level', 'warning') }}
|
{{ get_config('log_level', 'warning') }}
|
||||||
|
|
||||||
# The level of messages to send to the log file.
|
# The level of messages to send to the log file.
|
||||||
# One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'.
|
# One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'.
|
||||||
|
# If using 'log_granular_levels' this must be set to the highest desired level.
|
||||||
{{ get_config('log_level_logfile', 'warning') }}
|
{{ get_config('log_level_logfile', 'warning') }}
|
||||||
|
|
||||||
# The date and time format used in log messages. Allowed date/time formating
|
# The date and time format used in log messages. Allowed date/time formating
|
||||||
@ -932,7 +1041,21 @@ mine_get:
|
|||||||
|
|
||||||
# The format of the console logging messages. Allowed formatting options can
|
# The format of the console logging messages. Allowed formatting options can
|
||||||
# be seen here: http://docs.python.org/library/logging.html#logrecord-attributes
|
# be seen here: http://docs.python.org/library/logging.html#logrecord-attributes
|
||||||
|
#
|
||||||
|
# Console log colors are specified by these additional formatters:
|
||||||
|
#
|
||||||
|
# %(colorlevel)s
|
||||||
|
# %(colorname)s
|
||||||
|
# %(colorprocess)s
|
||||||
|
# %(colormsg)s
|
||||||
|
#
|
||||||
|
# Since it is desirable to include the surrounding brackets, '[' and ']', in
|
||||||
|
# the coloring of the messages, these color formatters also include padding as
|
||||||
|
# well. Color LogRecord attributes are only available for console logging.
|
||||||
|
#
|
||||||
|
{{ get_config('log_fmt_console', "'%(colorlevel)s %(colormsg)s'") }}
|
||||||
{{ get_config('log_fmt_console', "'[%(levelname)-8s] %(message)s'") }}
|
{{ get_config('log_fmt_console', "'[%(levelname)-8s] %(message)s'") }}
|
||||||
|
|
||||||
{{ get_config('log_fmt_logfile', "'%(asctime)s,%(msecs)03.0f [%(name)-17s][%(levelname)-8s] %(message)s'") }}
|
{{ get_config('log_fmt_logfile', "'%(asctime)s,%(msecs)03.0f [%(name)-17s][%(levelname)-8s] %(message)s'") }}
|
||||||
|
|
||||||
# This can be used to control logging levels more specificically. This
|
# This can be used to control logging levels more specificically. This
|
||||||
@ -956,8 +1079,7 @@ log_granular_levels:
|
|||||||
#log_granular_levels: {}
|
#log_granular_levels: {}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
##### Node Groups ######
|
||||||
##### Node Groups #####
|
|
||||||
##########################################
|
##########################################
|
||||||
# Node groups allow for logical groupings of minion nodes. A group consists of a group
|
# Node groups allow for logical groupings of minion nodes. A group consists of a group
|
||||||
# name and a compound target.
|
# name and a compound target.
|
||||||
@ -976,7 +1098,6 @@ nodegroups:
|
|||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
|
||||||
##### Range Cluster settings #####
|
##### Range Cluster settings #####
|
||||||
##########################################
|
##########################################
|
||||||
# The range server (and optional port) that serves your cluster information
|
# The range server (and optional port) that serves your cluster information
|
||||||
@ -984,8 +1105,33 @@ nodegroups:
|
|||||||
#
|
#
|
||||||
{{ get_config('range_server', 'range:80') }}
|
{{ get_config('range_server', 'range:80') }}
|
||||||
|
|
||||||
|
|
||||||
##### Windows Software Repo settings #####
|
##### Windows Software Repo settings #####
|
||||||
##############################################
|
###########################################
|
||||||
|
# Location of the repo on the master:
|
||||||
|
{{ get_config('win_repo_dir_ng', '/srv/salt/win/repo-ng') }}
|
||||||
|
|
||||||
|
# List of git repositories to include with the local repo:
|
||||||
|
{% if 'win_gitrepos_ng' in cfg_master %}
|
||||||
|
win_gitrepos_ng:
|
||||||
|
{% for repo in cfg_master['win_gitrepos_ng'] %}
|
||||||
|
- {{ repo }}
|
||||||
|
{% endfor %}
|
||||||
|
{% elif 'win_gitrepos_ng' in cfg_salt %}
|
||||||
|
win_gitrepos_ng:
|
||||||
|
{% for repo in cfg_salt['win_gitrepos_ng'] %}
|
||||||
|
- {{ repo }}
|
||||||
|
{% endfor %}
|
||||||
|
{% else %}
|
||||||
|
#winrepo_remotes_ng:
|
||||||
|
# - 'https://github.com/saltstack/salt-winrepo-ng.git'
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
|
||||||
|
##### Windows Software Repo settings - Pre 2015.8 #####
|
||||||
|
########################################################
|
||||||
|
# Legacy repo settings for pre-2015.8 Windows minions.
|
||||||
|
#
|
||||||
# Location of the repo on the master:
|
# Location of the repo on the master:
|
||||||
{{ get_config('win_repo', '/srv/salt/win/repo') }}
|
{{ get_config('win_repo', '/srv/salt/win/repo') }}
|
||||||
|
|
||||||
@ -1004,7 +1150,7 @@ win_gitrepos:
|
|||||||
- {{ repo }}
|
- {{ repo }}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% else %}
|
{% else %}
|
||||||
#win_gitrepos:
|
#winrepo_remotes:
|
||||||
# - 'https://github.com/saltstack/salt-winrepo.git'
|
# - 'https://github.com/saltstack/salt-winrepo.git'
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
@ -1012,6 +1158,13 @@ win_gitrepos:
|
|||||||
############################################
|
############################################
|
||||||
# Which returner(s) will be used for minion's result:
|
# Which returner(s) will be used for minion's result:
|
||||||
#return: mysql
|
#return: mysql
|
||||||
|
{{ get_config('return', '')}}
|
||||||
|
|
||||||
|
|
||||||
|
###### Miscellaneous settings ######
|
||||||
|
############################################
|
||||||
|
# Default match type for filtering events tags: startswith, endswith, find, regex, fnmatch
|
||||||
|
{{ get_config('event_match_type', 'startswith') }}
|
||||||
|
|
||||||
{% if 'halite' in cfg_master %}
|
{% if 'halite' in cfg_master %}
|
||||||
##### Halite #####
|
##### Halite #####
|
||||||
|
Loading…
Reference in New Issue
Block a user