# -*- coding: utf-8 -*- # vim: ft=yaml --- salt: # Set this to true to clean any non-salt-formula managed files out of # /etc/salt/{master,minion}.d ... You really don't want to do this on 2015.2 # and up as it'll wipe out important files that Salt relies on. clean_config_d_dir: false # This state will remove "/etc/salt/minion" when you set this to true. minion_remove_config: true # This state will remove "/etc/salt/master" when you set this to true. master_remove_config: true # Set this to 'py3' to install the Python 3 packages. # The default varies between OS versions. py_ver: 'py3' # Set this to false to not have the formula install packages (in the case you # install Salt via git/pip/etc.) install_packages: true # Optional: set salt version (if install_packages is set to true) version: 2017.7.2-1.el7 # These 2 options apply only to yum/dnf, apt, and zypper-based systems: # Force the package to be held at the installed version (optional) hold_version: false # Allow the upgrade or downgrade of a "held" package version (optional) update_holds: false # to overwrite map.jinja salt packages lookup: salt_master: 'salt-master' salt_minion: 'salt-minion' salt_syndic: 'salt-syndic' salt_cloud: 'salt-cloud' salt_ssh: 'salt-ssh' pyinotify: 'python-pyinotify' # the package to be installed for pyinotify # Set which salt repository to use, default to https://repo.saltproject.io # For older releases use https://archive.repo.saltproject.io repo: 'https://archive.repo.saltproject.io' # Set which release of SaltStack to use, default to 'latest' # To get the available releases: # * http://repo.saltproject.io/yum/redhat/7/x86_64/ # * http://repo.saltproject.io/apt/debian/8/amd64/ release: '2018.3' # MacOS has no package management. # Instead, we use file.managed to download an appropriate .pkg file and # macpackage.installed to install it 'version', if set (see above), will be # used to check the .pkg version to determine if it should be installed # # NOTE: if 'version' is not set version comparison will not occur and the # .pkg WILL NOT be installed if a salt .pkg is already installed # NOTE: salt_minion_pkg_hash, if set, will be passed into file.managed's # source_hash, use URL or hash string # yamllint disable rule:line-length salt_minion_pkg_source: 'https://repo.saltproject.io/osx/salt-2017.7.4-py3-x86_64.pkg' salt_minion_pkg_hash: 'https://repo.saltproject.io/osx/salt-2017.7.4-py3-x86_64.pkg.md5' # yamllint enable rule:line-length # tofs: # The files_switch key serves as a selector for alternative # directories under the formula files directory. See TOFS pattern # doc for more info. # Note: Any value not evaluated by `config.get` will be used literally. # This can be used to set custom paths, as many levels deep as required. # files_switch: # - any/path/can/be/used/here # - id # - osfinger # - os # - os_family # All aspects of path/file resolution are customisable using the options below. # This is unnecessary in most cases; there are sensible defaults. # path_prefix: template_alt # dirs: # files: files_alt # default: default_alt # source_files: # salt-master: # - 'alt_master.d' # salt-minion: # - 'alt_minion.d' # salt master config master_config_use_TOFS: true master: standalone: false fileserver_backend: - git - s3fs - roots gitfs_remotes: - git://github.com/saltstack-formulas/salt-formula.git: - base: develop s3.keyid: GKTADJGHEIQSXMKKRBJ08H s3.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs s3.buckets: - bucket1 - bucket2 - bucket3 - bucket4 file_roots: base: - /srv/salt pillar_roots: base: - /srv/pillar # for salt-api with tornado rest interface rest_tornado: port: 8000 ssl_crt: /etc/pki/api/certs/server.crt ssl_key: /etc/pki/api/certs/server.key debug: false disable_ssl: false # yamllint disable-line rule:line-length # for profile configuration as https://docs.saltstack.com/en/latest/topics/tutorials/lxc.html#tutorial-lxc-profiles lxc.container_profile: debian: template: download options: dist: debian release: jessie arch: amd64 backing: lvm vgname: kimsufi size: 10G lxc.network_profile: basic: eth0: link: lxcbr0 type: veth flags: up ## for external auth - LDAP ## filter to use for Active Directory LDAP # auth.ldap.filter: {% raw %}'sAMAccountName={{username}}'{% endraw %} ## filter to use for Most other LDAP servers # auth.ldap.filter: {% raw %}'uid={{ username }}'{% endraw %} # Define winrepo provider, by default support order is pygit2, gitpython # Set to gitpython for Debian & Ubuntu to get around saltstack/salt#35993 # where pygit2 is not compiled with pygit2.GIT_FEATURE_HTTPS support winrepo_provider: gitpython # optional engine configuration engines: - slack: token: xoxp-XXXXX-XXXXXXX # use Slack's legacy API token control: true valid_users: - someuser - otheruser valid_commands: - test.ping - list_jobs aliases: list_jobs: type: runner cmd: jobs.list_jobs # optional: these reactors will be configured on the master # They override reactors configured in # 'salt:reactors' or the old 'salt:reactor' parameters reactors: - 'master/deploy': - /srv/salt/reactors/deploy.sls # salt minion config: minion_config_use_TOFS: true minion: # standalone setup master_type: str # see init.sls & standalone.sls # single master setup master: salt # multi master setup # master: # - salt_master_1 # - salt_master_2 fileserver_backend: - git - roots gitfs_remotes: - git://github.com/saltstack-formulas/salt-formula.git: - base: develop file_roots: base: - /srv/salt pillar_roots: base: - /srv/pillar module_config: test: true test.foo: foo test.bar: - baz - quo test.baz: spam: sausage cheese: bread # salt mine setup mine_interval: 60 # mine_functions can be set at the top level of the pillar, and # that is preferable because it doesn't affect the conf file and # doesn't require a minion restart. However, you can configure it # here instead if you really want to. mine_functions: network.interface_ip: [eth0] # Define a minion scheduler schedule: - highstate: - function: state.apply - minutes: 60 - returner: redis # other 'non-default' config auth_keytab: /root/auth.keytab auth_principal: kadmin/admin # optional engine configuration engines: - slack: token: xoxp-XXXXX-XXXXXXX # use Slack's legacy API token control: true valid_users: - someuser - otheruser valid_commands: - test.ping - list_jobs aliases: list_jobs: type: runner cmd: jobs.list_jobs # optional beacons configuration beacons: load: 1m: - 0.0 - 2.0 5m: - 0.0 - 1.5 15m: - 0.1 - 1.0 interval: 10 # Optional reactors: these reactors will be configured on the minion # They override reactors configured in # 'salt:reactors' or the old 'salt:reactor' parameters reactors: - 'minion/deploy': - /srv/salt/reactors/deploy.sls # Optional: Configure an elasticsearch returner return: elasticsearch elasticsearch: hosts: - example.elasticsearch.host:9200 - example.elasticsearch.host2:9200 index_date: true index: salt number_of_shards: 5 number_of_replicas: 2 debug_returner_payload: true states_count: true states_order_output: true states_single_index: true functions_blacklist: - test.ping - saltutil.find_job # init.sls skips salt.api and salt.syndic states # unless those dicts are populated with something api: somekey: somevalue syndic: somekey: somevalue # salt cloud config cloud: master: salt # For non-templated custom cloud provider/profile/map files providers: provider-filename1.conf: vmware-prod: driver: vmware user: myusernameprod password: mypassword vmware-nonprod: driver: vmware user: myusernamenonprod password: mypassword profiles: profile-filename1.conf: server-non-prod: clonefrom: rhel6xtemplatenp grains: platform: name: salt realm: lab subscription_level: standard memory: 8GB num_cpus: 4 password: sUpErsecretey provider: vmware-nonprod maps: map-filename1.map: server-non-prod: - host.mycompany.com: grains: environment: dev1 # You can take profile and map templates from an alternate location # if you want to write your own. template_sources: providers: salt://salt/files/cloud.providers.d profiles: salt://salt/files/cloud.profiles.d maps: salt://salt/files/cloud.maps.d # These settings are used by the default provider templates and # only need to be set for the ones you're using. aws_key: AWSKEYIJSHJAIJS6JSH aws_secret: AWSSECRETYkkDY1iQf9zRtl9+pW+Nm+aZY95 gce_project: test # yamllint disable-line rule:line-length gce_service_account_email_address: 867543072364-orl4h2tpp8jcn1tr9ipj@developer.gserviceaccount.com rsos_user: afeawofghob rsos_tenant: tenant_id_number rsos_apikey: WFJIOJEOIGHSOFHESO rsos_regions: - ORD - DFW - IAD - SYD - HKG ssh_roster: prod1: host: host.example.com user: ubuntu sudo: true priv: /etc/salt/ssh_keys/sshkey.pem gitfs: keys: global: # key and pub end up being the extension used on the key file # values other than key and pub are possible key: | -----BEGIN RSA PRIVATE KEY----- ........... -----END RSA PRIVATE KEY----- pub: | ........... # These reactors will be configured both in the minion and the master reactors: - 'deploy': - /srv/salt/reactors/deploy.sls # https://docs.saltstack.com/en/latest/ref/states/requisites.html#retrying-states retry_options: attempts: 2 until: true interval: 10 splay: 10 salt_cloud_certs: aws: pem: | -----BEGIN RSA PRIVATE KEY----- ........... -----END RSA PRIVATE KEY----- gce: pem: | -----BEGIN RSA PRIVATE KEY----- ........... -----END RSA PRIVATE KEY----- salt_formulas: git_opts: # The Git options can be customized differently for each # environment, if an option is missing in a given environment, the # value from "default" is used instead. default: # URL where the formulas git repositories are downloaded from # it will be suffixed with .git baseurl: https://github.com/saltstack-formulas # Directory where Git repositories are downloaded basedir: /srv/formulas # Update the git repository to the latest version (false by default) update: false # Options passed directly to the git.latest state options: rev: master user: username identity: /path/to/.ssh/id_rsa_github_username dev: basedir: /srv/formulas/dev update: true options: rev: develop # Alternatively, a single directory with multiple branches can be used # E.g. It is strongly recommended to fork saltstack-formula repositories # to avoid unexpected changes to your infrastructure # Then upstream changes can be merged in manually with due consideration # Specific values for `rev`, `user` & `identity` will override the defaults production: baseurl: git@github.com:username options: branch: master remote: origin staging: baseurl: git@github.com:username options: branch: staging remote: origin rev: staging upstream: baseurl: git@github.com:saltstack-formulas update: true options: branch: upstream remote: upstream # Options of the file.directory state that creates the directory where # the git repositories of the formulas are stored basedir_opts: makedirs: true user: root group: root mode: 755 # Explicitly checkout the original branch for repos after the # git.latest states have been processed (false by default) # Enable if using the alternative method (single directory, multiple branches) checkout_orig_branch: true # List of formulas to enable in each environment list: base: - salt-formula - postfix-formula - nginx-formula: # We can also override some options per formula rev: 'v1.1.0' # Pin a version - openssh-formula: rev: '3e01ad8' # or pin a commit id dev: - salt-formula - postfix-formula - openssh-formula - nginx-formula: # You can also pull from another location name: 'https://github.com/another-fork-location/salt-formula.git' rev: 'feat/feature' # Likewise for the alternative method (single directory, multiple branches) production: - salt-formula - openssh-formula staging: - salt-formula - postfix-formula - openssh-formula upstream: - salt-formula - postfix-formula - openssh-formula