salt: # Set this to true to clean any non-salt-formula managed files out of # /etc/salt/{master,minion}.d ... You really don't want to do this on 2015.2 # and up as it'll wipe out important files that Salt relies on. clean_config_d_dir: False # This state will remove "/etc/salt/minion" when you set this to true. minion_remove_config: True # This state will remove "/etc/salt/master" when you set this to true. master_remove_config: True # Set this to False to not have the formula install packages (in the case you # install Salt via git/pip/etc.) install_packages: True # Optional: set salt version (if install_packages is set to True) version: 2017.7.2-1.el7 # to overwrite map.jinja salt packages lookup: salt_master: 'salt-master' salt_minion: 'salt-minion' salt_syndic: 'salt-syndic' salt_cloud: 'salt-cloud' salt_ssh: 'salt-ssh' pyinotify: 'python-pyinotify' the package to be installed for pyinotify # Set which release of SaltStack to use, default to 'latest' # To get the available releases: # * http://repo.saltstack.com/yum/redhat/7/x86_64/ # * http://repo.saltstack.com/apt/debian/8/amd64/ release: "2016.11" # MacOS has no package management. # Instead, we use file.managed to download an appropriate .pkg file and macpackage.installed to install it # 'version', if set (see above), will be used to check the .pkg version to determine if it should be installed # # NOTE: if 'version' is not set version comparison will not occur and the .pkg WILL NOT be installed if a salt # .pkg is already installed # NOTE: salt_minion_pkg_hash, if set, will be passed into file.managed's source_hash, use URL or hash string salt_minion_pkg_source: 'https://repo.saltstack.com/osx/salt-2017.7.4-py3-x86_64.pkg' salt_minion_pkg_hash: 'https://repo.saltstack.com/osx/salt-2017.7.4-py3-x86_64.pkg.md5' # salt master config master: fileserver_backend: - git - s3fs - roots gitfs_remotes: - git://github.com/saltstack-formulas/salt-formula.git: - base: develop s3.keyid: GKTADJGHEIQSXMKKRBJ08H s3.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs s3.buckets: - bucket1 - bucket2 - bucket3 - bucket4 file_roots: base: - /srv/salt pillar_roots: base: - /srv/pillar # for salt-api with tornado rest interface rest_tornado: port: 8000 ssl_crt: /etc/pki/api/certs/server.crt ssl_key: /etc/pki/api/certs/server.key debug: False disable_ssl: False # for profile configuration as https://docs.saltstack.com/en/latest/topics/tutorials/lxc.html#tutorial-lxc-profiles lxc.container_profile: debian: template: download options: dist: debian release: jessie arch: amd64 backing: lvm vgname: kimsufi size: 10G lxc.network_profile: basic: eth0: link: lxcbr0 type: veth flags: up ## for external auth - LDAP # filter to use for Active Directory LDAP auth.ldap.filter: {% raw %}'sAMAccountName={{username}}'{% endraw %} # filter to use for Most other LDAP servers auth.ldap.filter: {% raw %}'uid={{ username }}'{% endraw %} # Define winrepo provider, by default support order is pygit2, gitpython # Set to gitpython for Debian & Ubuntu to get around saltstack/salt#35993 # where pygit2 is not compiled with pygit2.GIT_FEATURE_HTTPS support winrepo_provider: gitpython # optional engine configuration engines: - slack: token: xoxp-XXXXX-XXXXXXX # use Slack's legacy API token control: True valid_users: - someuser - otheruser valid_commands: - test.ping - list_jobs aliases: list_jobs: type: runner cmd: jobs.list_jobs # optional: these reactors will be configured on the master # They override reactors configured in # 'salt:reactors' or the old 'salt:reactor' parameters reactors: - 'master/deploy': - /srv/salt/reactors/deploy.sls # salt minion config: minion: # single master setup master: salt # multi master setup #master: #- salt_master_1 #- salt_master_2 fileserver_backend: - git - roots gitfs_remotes: - git://github.com/saltstack-formulas/salt-formula.git: - base: develop file_roots: base: - /srv/salt pillar_roots: base: - /srv/pillar module_config: test: True test.foo: foo test.bar: - baz - quo test.baz: spam: sausage cheese: bread # salt mine setup mine_interval: 60 # mine_functions can be set at the top level of the pillar, and # that is preferable because it doesn't affect the conf file and # doesn't require a minion restart. However, you can configure it # here instead if you really want to. mine_functions: network.interface_ip: [eth0] # Define a minion scheduler schedule: - highstate: - function: state.apply - minutes: 60 - returner: redis # other 'non-default' config auth_keytab: /root/auth.keytab auth_principal: kadmin/admin # optional engine configuration engines: - slack: token: xoxp-XXXXX-XXXXXXX # use Slack's legacy API token control: True valid_users: - someuser - otheruser valid_commands: - test.ping - list_jobs aliases: list_jobs: type: runner cmd: jobs.list_jobs # optional beacons configuration beacons: load: 1m: - 0.0 - 2.0 5m: - 0.0 - 1.5 15m: - 0.1 - 1.0 interval: 10 # Optional reactors: these reactors will be configured on the minion # They override reactors configured in # 'salt:reactors' or the old 'salt:reactor' parameters reactors: - 'minion/deploy': - /srv/salt/reactors/deploy.sls # salt cloud config cloud: master: salt # For non-templated custom cloud provider/profile/map files providers: provider-filename1.conf: vmware-prod: driver: vmware user: myusernameprod password: mypassword vmware-nonprod: driver: vmware user: myusernamenonprod password: mypassword profiles: profile-filename1.conf: server-non-prod: clonefrom: rhel6xtemplatenp grains: platform: name: salt realm: lab subscription_level: standard memory: 8GB num_cpus: 4 password: sUpErsecretey provider: vmware-nonprod maps: map-filename1.map: server-non-prod: - host.mycompany.com: grains: environment: dev1 # You can take profile and map templates from an alternate location # if you want to write your own. template_sources: providers: salt://salt/files/cloud.providers.d profiles: salt://salt/files/cloud.profiles.d maps: salt://salt/files/cloud.maps.d # These settings are used by the default provider templates and # only need to be set for the ones you're using. aws_key: AWSKEYIJSHJAIJS6JSH aws_secret: AWSSECRETYkkDY1iQf9zRtl9+pW+Nm+aZY95 gce_project: test gce_service_account_email_address: 867543072364-orl4h2tpp8jcn1tr9ipj@developer.gserviceaccount.com rsos_user: afeawofghob rsos_tenant: tenant_id_number rsos_apikey: WFJIOJEOIGHSOFHESO rsos_regions: - ORD - DFW - IAD - SYD - HKG ssh_roster: prod1: host: host.example.com user: ubuntu sudo: True priv: /etc/salt/ssh_keys/sshkey.pem gitfs: keys: global: # key and pub end up being the extension used on the key file. values other than key and pub are possible key: | -----BEGIN RSA PRIVATE KEY----- ........... -----END RSA PRIVATE KEY----- pub: | ........... # These reactors will be configured both in the minion and the master reactors: - 'deploy': - /srv/salt/reactors/deploy.sls salt_cloud_certs: aws: pem: | -----BEGIN RSA PRIVATE KEY----- ........... -----END RSA PRIVATE KEY----- gce: pem: | -----BEGIN RSA PRIVATE KEY----- ........... -----END RSA PRIVATE KEY----- salt_formulas: git_opts: # The Git options can be customized differently for each # environment, if an option is missing in a given environment, the # value from "default" is used instead. default: # URL where the formulas git repositories are downloaded from # it will be suffixed with .git baseurl: https://github.com/saltstack-formulas # Directory where Git repositories are downloaded basedir: /srv/formulas # Update the git repository to the latest version (False by default) update: False # Options passed directly to the git.latest state options: rev: master dev: basedir: /srv/formulas/dev update: True options: rev: develop # Options of the file.directory state that creates the directory where # the git repositories of the formulas are stored basedir_opts: makedirs: True user: root group: root mode: 755 # List of formulas to enable in each environment list: base: - salt-formula - postfix-formula dev: - salt-formula - postfix-formula - openssh-formula