sync with https://github.com/saltstack/salt/blob/v0.17.4/conf/master and minion

2014-01-08 15:27:41 +02:00 · 2014-01-08 15:27:41 +02:00 · f4b839a4fb
commit f4b839a4fb
parent bea689e977
2 changed files with 102 additions and 60 deletions
--- a/salt/files/master
+++ b/salt/files/master
@ -1,5 +1,5 @@
 # This file managed by Salt, do not edit by hand!!
-#  Based on salt version 0.16.3 default config
+#  Based on salt version 0.17.4 default config
 {% set salt = pillar.get('salt', {}) -%}
 {% set master = salt.get('master', {}) -%}
 {%- macro get_config(configname, default_value) -%}
@ -70,7 +70,6 @@
 # The root directory prepended to these options: pki_dir, cachedir,
 # sock_dir, log_file, autosign_file, extension_modules, key_logfile, pidfile.
 #root_dir: /
 {{ get_config('root_dir', '/') }}
 # Directory used to store public key data
@ -104,6 +103,12 @@
 # Set the directory used to hold unix sockets
 {{ get_config('sock_dir', '/var/run/salt/master') }}
 # The master can take a while to start up when lspci and/or dmidecode is used
 # to populate the grains for the master. Enable if you want to see GPU hardware
 # data for your master.
 #
 {{ get_config('enable_gpu_grains', 'False') }}
 # The master maintains a job cache, while this is a great addition it can be
 # a burden on the master for larger deployments (over 5000 minions).
 # Disabling the job cache will make previously executed jobs unavailable to
@ -123,11 +128,11 @@
 #
 #
 # Include a config file from some other path:
-# include: /etc/salt/extra_config
+#include: /etc/salt/extra_config
 #
 # Include config from several files and directories:
-# include:
+#include:
-#   - /etc/salt/extra_config
+#  - /etc/salt/extra_config
 {{ get_config('include', '[]') }}
@ -161,10 +166,10 @@
 # capabilities to non root users. By default this capability is completely
 # disabled.
 #
-# client_acl:
+#client_acl:
-#   larry:
+#  larry:
-#     - test.ping
+#    - test.ping
-#     - network.*
+#    - network.*
 #
 {{ get_config('client_acl', '{}') }}
@ -196,21 +201,21 @@ client_acl_blacklist:
    - {{ mod }}
  {% endfor -%}
 {% else -%}
-# client_acl_blacklist:
+#client_acl_blacklist:
-#   users:
+#  users:
-#     - root
+#    - root
-#     - '^(?!sudo_).*$'   #  all non sudo users
+#    - '^(?!sudo_).*$'   #  all non sudo users
-#   modules:
+#  modules:
-#     - cmd
+#    - cmd
 {%- endif %}
 # The external auth system uses the Salt auth modules to authenticate and
 # validate users to access areas of the Salt system.
 #
-# external_auth:
+#external_auth:
-#   pam:
+#  pam:
-#     fred:
+#    fred:
-#       - test.*
+#      - test.*
 #
 {{ get_config('external_auth', '{}') }}
@ -274,6 +279,7 @@ client_acl_blacklist:
 # will be terse unless a state failed, in which case that output will be full.
 {{ get_config('state_output', 'full') }}
 #####      File Server settings      #####
 ##########################################
 # Salt runs a lightweight file server written in zeromq to deliver files to
@ -361,9 +367,10 @@ file_ignore_glob:
  - {{ glob }}
  {% endfor -%}
 {% else -%}
-#file_ignore_glob:
+# file_ignore_glob:
 #  - '*.pyc'
 #  - '*/somefolder/*.bak'
 #  - '*.swp'
 {%- endif %}
 # File Server Backend
@ -373,24 +380,38 @@ file_ignore_glob:
 # configured and will be searched for the requested file in the order in which
 # they are defined here. The default setting only enables the standard backend
 # "roots" which uses the "file_roots" option.
 #
 #fileserver_backend:
 #  - roots
 #
 # To use multiple backends list them in the order they are searched:
-# fileserver_backend:
+#
-#   - git
+#fileserver_backend:
-#   - roots
+#  - git
 #  - roots
 {% if 'fileserver_backend' in master -%}
 fileserver_backend:
 {%- for backend in master['fileserver_backend'] %}
  - {{ backend }}
 {% endfor -%}
 {% endif %}
 #
 # By default, the Salt fileserver recurses fully into all defined environments
 # to attempt to find files. To limit this behavior so that the fileserver only
 # traverses directories with SLS files and special Salt directories like _modules,
 # enable the option below. This might be useful for installations where a file root
 # has a very large number of files and performance is impacted. Default is False.
 #
 {{ get_config('fileserver_limit_traversal', 'False') }}
 #
 # Git fileserver backend configuration
 # When using the git fileserver backend at least one git remote needs to be
 # defined. The user running the salt master will need read access to the repo.
-# gitfs_remotes:
+#
-#   - git://github.com/saltstack/salt-states.git
+#gitfs_remotes:
-#   - file:///var/git/saltmaster
+#  - git://github.com/saltstack/salt-states.git
 #  - file:///var/git/saltmaster
 #
 # The repos will be searched in order to find the file requested by a client
 # and the first repo to have the file will return it.
 # When using the git backend branches and tags are translated into salt
@ -402,6 +423,11 @@ gitfs_remotes:
 {%- for remote in master['gitfs_remotes'] %}
  - {{ remote }}{% endfor -%}
 {%- endif %}
 #
 # The gitfs_root option gives the ability to serve files from a subdirectory
 # within the repository. The path is defined relative to the root of the
 # repository and defaults to the repository root.
 {{ get_config('gitfs_root', 'somefolder/otherfolder') }}
 #####         Pillar settings        #####
@ -444,9 +470,9 @@ ext_pillar:
  - {{ pillar.items()[0][0] }}: {{ pillar.items()[0][1] }}
 {% endfor -%}
 {% else %}
-# ext_pillar:
+#ext_pillar:
-#   - hiera: /etc/hiera.yaml
+#  - hiera: /etc/hiera.yaml
-#   - cmd_yaml: cat /etc/salt/yaml
+#  - cmd_yaml: cat /etc/salt/yaml
 {%- endif %}
 # The pillar_opts option adds the master configuration file data to a dict in
@ -492,15 +518,18 @@ ext_pillar:
 # of regular expressions to match functions. The following will allow the
 # minion authenticated as foo.example.com to execute functions from the test
 # and pkg modules.
-# peer:
+#
-#   foo.example.com:
+#peer:
-#       - test.*
+#  foo.example.com:
-#       - pkg.*
+#    - test.*
 #    - pkg.*
 #
 # This will allow all minions to execute all commands:
-# peer:
+#
-#   .*:
+#peer:
-#       - .*
+#  .*:
 #    - .*
 #
 # This is not recommended, since it would allow anyone who gets root on any
 # single minion to instantly have root on all of the minions!
 {% if 'peer' in master -%}
@ -529,15 +558,15 @@ peer:
 # All peer runner support is turned off by default and must be enabled before
 # using. This will enable all peer runners for all minions:
 #
-# peer_run:
+#peer_run:
-#   .*:
+#  .*:
-#     - .*
+#    - .*
 #
 # To enable just the manage.up runner for the minion foo.example.com:
 #
-# peer_run:
+#peer_run:
-#   foo.example.com:
+#  foo.example.com:
-#     - manage.up
+#    - manage.up
 {% if 'peer_run' in master -%}
 peer_run:
  {% for name, roots in master['peer_run'].items() -%}
@ -610,14 +639,15 @@ log_granular_levels:
 #log_granular_levels: {}
 {% endif %}
 #####         Node Groups           #####
 ##########################################
 # Node groups allow for logical groupings of minion nodes.
 # A group consists of a group name and a compound target.
 #
-# nodegroups:
+#nodegroups:
-#   group1: 'L@foo.domain.com,bar.domain.com,baz.domain.com and bl*.domain.com'
+#  group1: 'L@foo.domain.com,bar.domain.com,baz.domain.com and bl*.domain.com'
-#   group2: 'G@os:Debian and foo.domain.com'
+#  group2: 'G@os:Debian and foo.domain.com'
 {% if 'nodegroups' in master %}
 nodegroups:
  {% for name, lvl in master['nodegroups'] %}
@ -659,6 +689,6 @@ win_gitrepos:
  - {{ repo }}
  {% endfor -%}
 {% else %}
-# win_gitrepos:
+#win_gitrepos:
-#   - 'https://github.com/saltstack/salt-winrepo.git'
+#  - 'https://github.com/saltstack/salt-winrepo.git'
 {% endif %}
--- a/salt/files/minion
+++ b/salt/files/minion
@ -1,5 +1,5 @@
 # This file managed by Salt, do not edit by hand!!
-#  Based on salt version 0.16.3 default config
+#  Based on salt version 0.17.4 default config
 {% set salt = pillar.get('salt', {}) -%}
 {% set minion = salt.get('minion', {}) -%}
 {%- macro get_config(configname, default_value) -%}
@ -22,6 +22,7 @@
 # Set the location of the salt master server, if the master server cannot be
 # resolved, then the minion will fail to start.
 {{ get_config('master', 'salt') }}
 # Set whether the minion should connect to the master via IPv6
 {{ get_config('ipv6', 'False') }}
@ -106,7 +107,7 @@ id: {{ minion['id'] }}
 # /etc/ssh/sshd_config:
 #   file.managed:
 #     - source: salt://ssh/sshd_config
-#       - backup: minion
+#     - backup: minion
 #
 {{ get_config('backup_mode', 'minion') }}
@ -129,7 +130,7 @@ id: {{ minion['id'] }}
 {{ get_config('random_reauth_delay', '60') }}
-# If you dont have any problems with syn-floods, dont bother with the
+# If you don't have any problems with syn-floods, dont bother with the
 # three recon_* settings described below, just leave the defaults!
 #
 # The ZeroMQ pull-socket that binds to the masters publishing interface tries
@ -166,9 +167,9 @@ id: {{ minion['id'] }}
 # The goal: have all minions reconnect within a 60 second timeframe on a disconnect
 #
 # The settings:
-# recon_default: 1000
+#recon_default: 1000
-# recon_max: 59000
+#recon_max: 59000
-# recon_randomize: True
+#recon_randomize: True
 #
 # Each minion will have a randomized reconnect value between 'recon_default'
 # and 'recon_default + recon_max', which in this example means between 1000ms
@ -224,7 +225,7 @@ id: {{ minion['id'] }}
 # include: /etc/salt/extra_config
 #
 # Include config from several files and directories:
-# include:
+#include:
 #  - /etc/salt/extra_config
 #  - /etc/roles/webserver
 {% if 'include' in minion -%}
@ -268,8 +269,8 @@ id: {{ minion['id'] }}
 # overwritten by the specified module. In this example the pkg module will
 # be provided by the yumpkg5 module instead of the system default.
 #
-# providers:
+#providers:
-#   pkg: yumpkg5
+#  pkg: yumpkg5
 {{ get_config('providers', '{}') }}
 #
 # Enable Cython modules searching and loading. (Default: False)
@ -329,7 +330,7 @@ id: {{ minion['id'] }}
 #  - hyper
 {{ get_config('sls_list', '[]') }}
 # top file to execute if startup_states is 'top'
-{{ get_config('', "''") }}
+{{ get_config('top_file', "''") }}
 #####     File Directory Settings    #####
 ##########################################
@ -338,7 +339,7 @@ id: {{ minion['id'] }}
 # copied completely onto the minion. This is a literal copy of the settings on
 # the master but used to reference a local directory on the minion.
-# Set the file client, the client defaults to looking on the master server for
+# Set the file client. The client defaults to looking on the master server for
 # files, but can be directed to look at the local file directory setting
 # defined below by setting it to local.
 {{ get_config('file_client', 'remote') }}
@ -381,8 +382,18 @@ file_roots:
 #    - /srv/salt
 {%- endif %}
 # By default, the Salt fileserver recurses fully into all defined environments
 # to attempt to find files. To limit this behavior so that the fileserver only
 # traverses directories with SLS files and special Salt directories like _modules,
 # enable the option below. This might be useful for installations where a file root
 # has a very large number of files and performance is negatively impacted.
 #
 # Default is False.
 #
 {{ get_config('fileserver_limit_traversal', 'False') }}
 # The hash_type is the hash to use when discovering the hash of a file in
-# the minion directory, the default is md5, but sha1, sha224, sha256, sha384
+# the local fileserver. The default is md5, but sha1, sha224, sha256, sha384
 # and sha512 are also supported.
 {{ get_config('hash_type', 'md5') }}
@ -469,7 +480,7 @@ pillar_roots:
 # The level of messages to send to the log file.
 # One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'.
 # Default: 'warning'
-{{ get_config('log_level_logfile', 'warning') }}
+{{ get_config('log_level_logfile', '') }}
 # The date and time format used in log messages. Allowed date/time formating
 # can be seen here: http://docs.python.org/library/time.html#time.strftime
@ -515,6 +526,7 @@ pillar_roots:
 {%- endfor %}
 {%- endif %}
 ######      Update settings          ######
 ###########################################
 # Using the features in Esky, a salt minion can both run as a frozen app and