2
0
salt-formula/pillar.example
hk a932a8cc84 fix: update to modern defaults for Debian family
Don't add key_url as it is deprecated and not needed when
pkgrepo_keyring is set. This has been supported since stretch so make it
the default. Also use py3 repo by default for Debian family as it is now
the only option.

Additionally, Raspbian has been updated to use signed-by by default.
2021-11-05 10:08:00 +01:00

477 lines
14 KiB
YAML

# -*- coding: utf-8 -*-
# vim: ft=yaml
---
salt:
# Set this to true to clean any non-salt-formula managed files out of
# /etc/salt/{master,minion}.d ... You really don't want to do this on 2015.2
# and up as it'll wipe out important files that Salt relies on.
clean_config_d_dir: false
# This state will remove "/etc/salt/minion" when you set this to true.
minion_remove_config: true
# This state will remove "/etc/salt/master" when you set this to true.
master_remove_config: true
# Set this to 'py3' to install the Python 3 packages.
# The default varies between OS versions.
py_ver: 'py3'
# Set this to false to not have the formula install packages (in the case you
# install Salt via git/pip/etc.)
install_packages: true
# Optional: set salt version (if install_packages is set to true)
version: 2017.7.2-1.el7
# Pin version provided under 'version' key by using apt-pinning
# available only on Debian family OS-es
pin_version: false
# to overwrite map.jinja salt packages
lookup:
salt_master: 'salt-master'
salt_minion: 'salt-minion'
salt_syndic: 'salt-syndic'
salt_cloud: 'salt-cloud'
salt_ssh: 'salt-ssh'
pyinotify: 'python-pyinotify' # the package to be installed for pyinotify
# Set which salt repository to use, default to https://repo.saltproject.io
# For older releases use https://archive.repo.saltproject.io
repo: 'https://archive.repo.saltproject.io'
# Set which release of SaltStack to use, default to 'latest'
# To get the available releases:
# * http://repo.saltproject.io/yum/redhat/7/x86_64/
# * http://repo.saltproject.io/apt/debian/8/amd64/
release: '2018.3'
# MacOS has no package management.
# Instead, we use file.managed to download an appropriate .pkg file and
# macpackage.installed to install it 'version', if set (see above), will be
# used to check the .pkg version to determine if it should be installed
#
# NOTE: if 'version' is not set version comparison will not occur and the
# .pkg WILL NOT be installed if a salt .pkg is already installed
# NOTE: salt_minion_pkg_hash, if set, will be passed into file.managed's
# source_hash, use URL or hash string
# yamllint disable rule:line-length
salt_minion_pkg_source: 'https://repo.saltproject.io/osx/salt-2017.7.4-py3-x86_64.pkg'
salt_minion_pkg_hash: 'https://repo.saltproject.io/osx/salt-2017.7.4-py3-x86_64.pkg.md5'
# yamllint enable rule:line-length
# tofs:
# The files_switch key serves as a selector for alternative
# directories under the formula files directory. See TOFS pattern
# doc for more info.
# Note: Any value not evaluated by `config.get` will be used literally.
# This can be used to set custom paths, as many levels deep as required.
# files_switch:
# - any/path/can/be/used/here
# - id
# - osfinger
# - os
# - os_family
# All aspects of path/file resolution are customisable using the options below.
# This is unnecessary in most cases; there are sensible defaults.
# path_prefix: template_alt
# dirs:
# files: files_alt
# default: default_alt
# source_files:
# salt-master:
# - 'alt_master.d'
# salt-minion:
# - 'alt_minion.d'
# salt master config
master_config_use_TOFS: true
master:
standalone: false
fileserver_backend:
- git
- s3fs
- roots
gitfs_remotes:
- git://github.com/saltstack-formulas/salt-formula.git:
- base: develop
s3.keyid: GKTADJGHEIQSXMKKRBJ08H
s3.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
s3.buckets:
- bucket1
- bucket2
- bucket3
- bucket4
file_roots:
base:
- /srv/salt
pillar_roots:
base:
- /srv/pillar
# for salt-api with tornado rest interface
rest_tornado:
port: 8000
ssl_crt: /etc/pki/api/certs/server.crt
ssl_key: /etc/pki/api/certs/server.key
debug: false
disable_ssl: false
# yamllint disable-line rule:line-length
# for profile configuration as https://docs.saltstack.com/en/latest/topics/tutorials/lxc.html#tutorial-lxc-profiles
lxc.container_profile:
debian:
template: download
options:
dist: debian
release: jessie
arch: amd64
backing: lvm
vgname: kimsufi
size: 10G
lxc.network_profile:
basic:
eth0:
link: lxcbr0
type: veth
flags: up
## for external auth - LDAP
## filter to use for Active Directory LDAP
# auth.ldap.filter: {% raw %}'sAMAccountName={{username}}'{% endraw %}
## filter to use for Most other LDAP servers
# auth.ldap.filter: {% raw %}'uid={{ username }}'{% endraw %}
# Define winrepo provider, by default support order is pygit2, gitpython
# Set to gitpython for Debian & Ubuntu to get around saltstack/salt#35993
# where pygit2 is not compiled with pygit2.GIT_FEATURE_HTTPS support
winrepo_provider: gitpython
# optional engine configuration
engines:
- slack:
token: xoxp-XXXXX-XXXXXXX # use Slack's legacy API token
control: true
valid_users:
- someuser
- otheruser
valid_commands:
- test.ping
- list_jobs
aliases:
list_jobs:
type: runner
cmd: jobs.list_jobs
# optional: these reactors will be configured on the master
# They override reactors configured in
# 'salt:reactors' or the old 'salt:reactor' parameters
reactors:
- 'master/deploy':
- /srv/salt/reactors/deploy.sls
# salt minion config:
minion_config_use_TOFS: true
minion:
# standalone setup
master_type: str # see init.sls & standalone.sls
# single master setup
master: salt
# multi master setup
# master:
# - salt_master_1
# - salt_master_2
fileserver_backend:
- git
- roots
gitfs_remotes:
- git://github.com/saltstack-formulas/salt-formula.git:
- base: develop
file_roots:
base:
- /srv/salt
pillar_roots:
base:
- /srv/pillar
module_config:
test: true
test.foo: foo
test.bar:
- baz
- quo
test.baz:
spam: sausage
cheese: bread
# salt mine setup
mine_interval: 60
# mine_functions can be set at the top level of the pillar, and
# that is preferable because it doesn't affect the conf file and
# doesn't require a minion restart. However, you can configure it
# here instead if you really want to.
mine_functions:
network.interface_ip: [eth0]
# Define a minion scheduler
schedule:
- highstate:
- function: state.apply
- minutes: 60
- returner: redis
# other 'non-default' config
auth_keytab: /root/auth.keytab
auth_principal: kadmin/admin
# optional engine configuration
engines:
- slack:
token: xoxp-XXXXX-XXXXXXX # use Slack's legacy API token
control: true
valid_users:
- someuser
- otheruser
valid_commands:
- test.ping
- list_jobs
aliases:
list_jobs:
type: runner
cmd: jobs.list_jobs
# optional beacons configuration
beacons:
load:
1m:
- 0.0
- 2.0
5m:
- 0.0
- 1.5
15m:
- 0.1
- 1.0
interval: 10
# Optional reactors: these reactors will be configured on the minion
# They override reactors configured in
# 'salt:reactors' or the old 'salt:reactor' parameters
reactors:
- 'minion/deploy':
- /srv/salt/reactors/deploy.sls
# Optional: Configure an elasticsearch returner
return: elasticsearch
elasticsearch:
hosts:
- example.elasticsearch.host:9200
- example.elasticsearch.host2:9200
index_date: true
index: salt
number_of_shards: 5
number_of_replicas: 2
debug_returner_payload: true
states_count: true
states_order_output: true
states_single_index: true
functions_blacklist:
- test.ping
- saltutil.find_job
# init.sls skips salt.api and salt.syndic states
# unless those dicts are populated with something
api:
somekey: somevalue
syndic:
somekey: somevalue
# salt cloud config
cloud:
master: salt
# For non-templated custom cloud provider/profile/map files
providers:
provider-filename1.conf:
vmware-prod:
driver: vmware
user: myusernameprod
password: mypassword
vmware-nonprod:
driver: vmware
user: myusernamenonprod
password: mypassword
profiles:
profile-filename1.conf:
server-non-prod:
clonefrom: rhel6xtemplatenp
grains:
platform:
name: salt
realm: lab
subscription_level: standard
memory: 8GB
num_cpus: 4
password: sUpErsecretey
provider: vmware-nonprod
maps:
map-filename1.map:
server-non-prod:
- host.mycompany.com:
grains:
environment: dev1
# You can take profile and map templates from an alternate location
# if you want to write your own.
template_sources:
providers: salt://salt/files/cloud.providers.d
profiles: salt://salt/files/cloud.profiles.d
maps: salt://salt/files/cloud.maps.d
# These settings are used by the default provider templates and
# only need to be set for the ones you're using.
aws_key: AWSKEYIJSHJAIJS6JSH
aws_secret: AWSSECRETYkkDY1iQf9zRtl9+pW+Nm+aZY95
gce_project: test
# yamllint disable-line rule:line-length
gce_service_account_email_address: 867543072364-orl4h2tpp8jcn1tr9ipj@developer.gserviceaccount.com
rsos_user: afeawofghob
rsos_tenant: tenant_id_number
rsos_apikey: WFJIOJEOIGHSOFHESO
rsos_regions:
- ORD
- DFW
- IAD
- SYD
- HKG
ssh_roster:
prod1:
host: host.example.com
user: ubuntu
sudo: true
priv: /etc/salt/ssh_keys/sshkey.pem
gitfs:
keys:
global:
# key and pub end up being the extension used on the key file
# values other than key and pub are possible
key: |
-----BEGIN RSA PRIVATE KEY-----
...........
-----END RSA PRIVATE KEY-----
pub: |
...........
# These reactors will be configured both in the minion and the master
reactors:
- 'deploy':
- /srv/salt/reactors/deploy.sls
# https://docs.saltstack.com/en/latest/ref/states/requisites.html#retrying-states
retry_options:
attempts: 2
until: true
interval: 10
splay: 10
salt_cloud_certs:
aws:
pem: |
-----BEGIN RSA PRIVATE KEY-----
...........
-----END RSA PRIVATE KEY-----
gce:
pem: |
-----BEGIN RSA PRIVATE KEY-----
...........
-----END RSA PRIVATE KEY-----
salt_formulas:
git_opts:
# The Git options can be customized differently for each
# environment, if an option is missing in a given environment, the
# value from "default" is used instead.
default:
# URL where the formulas git repositories are downloaded from
# it will be suffixed with <formula-name>.git
baseurl: https://github.com/saltstack-formulas
# Directory where Git repositories are downloaded
basedir: /srv/formulas
# Update the git repository to the latest version (false by default)
update: false
# Options passed directly to the git.latest state
options:
rev: master
user: username
identity: /path/to/.ssh/id_rsa_github_username
dev:
basedir: /srv/formulas/dev
update: true
options:
rev: develop
# Alternatively, a single directory with multiple branches can be used
# E.g. It is strongly recommended to fork saltstack-formula repositories
# to avoid unexpected changes to your infrastructure
# Then upstream changes can be merged in manually with due consideration
# Specific values for `rev`, `user` & `identity` will override the defaults
production:
baseurl: git@github.com:username
options:
branch: master
remote: origin
staging:
baseurl: git@github.com:username
options:
branch: staging
remote: origin
rev: staging
upstream:
baseurl: git@github.com:saltstack-formulas
update: true
options:
branch: upstream
remote: upstream
# Options of the file.directory state that creates the directory where
# the git repositories of the formulas are stored
basedir_opts:
makedirs: true
user: root
group: root
mode: 755
# Explicitly checkout the original branch for repos after the
# git.latest states have been processed (false by default)
# Enable if using the alternative method (single directory, multiple branches)
checkout_orig_branch: true
# List of formulas to enable in each environment
list:
base:
- salt-formula
- postfix-formula
- nginx-formula: # We can also override some options per formula
rev: 'v1.1.0' # Pin a version
- openssh-formula:
rev: '3e01ad8' # or pin a commit id
dev:
- salt-formula
- postfix-formula
- openssh-formula
- nginx-formula:
# You can also pull from another location
name: 'https://github.com/another-fork-location/salt-formula.git'
rev: 'feat/feature'
# Likewise for the alternative method (single directory, multiple branches)
production:
- salt-formula
- openssh-formula
staging:
- salt-formula
- postfix-formula
- openssh-formula
upstream:
- salt-formula
- postfix-formula
- openssh-formula