saltstack-formulas/salt-formula
Template
2
0
Fork 0
Code Releases Activity
salt-formula/pillar.example
myii 91b666c75f Improve limitations related to git.latest in salt.formulas (#239) 
* Ensure options for formulas `git.latest` are also based on defaults

* Prevent erroneous remote tracking branch modification by `salt.formulas` #238

* Allow multiple envs to use the same gitdir for `salt.formulas`

* Ensure `gitdir` original branch is checked out after formulas `git.latest`

* Fix erroneous comment re: merging in `salt` pillar
2018-06-10 11:18:20 +02:00

367 lines
10 KiB
Plaintext
Raw Blame History

salt:
# Set this to true to clean any non-salt-formula managed files out of
# /etc/salt/{master,minion}.d ... You really don't want to do this on 2015.2
# and up as it'll wipe out important files that Salt relies on.
clean_config_d_dir: False
# This state will remove "/etc/salt/minion" when you set this to true.
minion_remove_config: True
# This state will remove "/etc/salt/master" when you set this to true.
master_remove_config: True
# Set this to False to not have the formula install packages (in the case you
# install Salt via git/pip/etc.)
install_packages: True
# Optional: set salt version (if install_packages is set to True)
version: 2017.7.2-1.el7
# to overwrite map.jinja salt packages
lookup:
salt_master: 'salt-master'
salt_minion: 'salt-minion'
salt_syndic: 'salt-syndic'
salt_cloud: 'salt-cloud'
salt_ssh: 'salt-ssh'
pyinotify: 'python-pyinotify' the package to be installed for pyinotify
# Set which release of SaltStack to use, default to 'latest'
# To get the available releases:
# * http://repo.saltstack.com/yum/redhat/7/x86_64/
# * http://repo.saltstack.com/apt/debian/8/amd64/
release: "2016.11"
# MacOS has no package management.
# Instead, we use file.managed to download an appropriate .pkg file and macpackage.installed to install it
# 'version', if set (see above), will be used to check the .pkg version to determine if it should be installed
#
# NOTE: if 'version' is not set version comparison will not occur and the .pkg WILL NOT be installed if a salt
# .pkg is already installed
# NOTE: salt_minion_pkg_hash, if set, will be passed into file.managed's source_hash, use URL or hash string
salt_minion_pkg_source: 'https://repo.saltstack.com/osx/salt-2017.7.4-py3-x86_64.pkg'
salt_minion_pkg_hash: 'https://repo.saltstack.com/osx/salt-2017.7.4-py3-x86_64.pkg.md5'
# salt master config
master:
fileserver_backend:
- git
- s3fs
- roots
gitfs_remotes:
- git://github.com/saltstack-formulas/salt-formula.git:
- base: develop
s3.keyid: GKTADJGHEIQSXMKKRBJ08H
s3.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
s3.buckets:
- bucket1
- bucket2
- bucket3
- bucket4
file_roots:
base:
- /srv/salt
pillar_roots:
base:
- /srv/pillar
# for salt-api with tornado rest interface
rest_tornado:
port: 8000
ssl_crt: /etc/pki/api/certs/server.crt
ssl_key: /etc/pki/api/certs/server.key
debug: False
disable_ssl: False
# for profile configuration as https://docs.saltstack.com/en/latest/topics/tutorials/lxc.html#tutorial-lxc-profiles
lxc.container_profile:
debian:
template: download
options:
dist: debian
release: jessie
arch: amd64
backing: lvm
vgname: kimsufi
size: 10G
lxc.network_profile:
basic:
eth0:
link: lxcbr0
type: veth
flags: up
## for external auth - LDAP
# filter to use for Active Directory LDAP
auth.ldap.filter: {% raw %}'sAMAccountName={{username}}'{% endraw %}
# filter to use for Most other LDAP servers
auth.ldap.filter: {% raw %}'uid={{ username }}'{% endraw %}
# Define winrepo provider, by default support order is pygit2, gitpython
# Set to gitpython for Debian & Ubuntu to get around saltstack/salt#35993
# where pygit2 is not compiled with pygit2.GIT_FEATURE_HTTPS support
winrepo_provider: gitpython
# optional engine configuration
engines:
- slack:
token: xoxp-XXXXX-XXXXXXX # use Slack's legacy API token
control: True
valid_users:
- someuser
- otheruser
valid_commands:
- test.ping
- list_jobs
aliases:
list_jobs:
type: runner
cmd: jobs.list_jobs
# optional: these reactors will be configured on the master
# They override reactors configured in
# 'salt:reactors' or the old 'salt:reactor' parameters
reactors:
- 'master/deploy':
- /srv/salt/reactors/deploy.sls
# salt minion config:
minion:
# single master setup
master: salt
# multi master setup
#master:
#- salt_master_1
#- salt_master_2
fileserver_backend:
- git
- roots
gitfs_remotes:
- git://github.com/saltstack-formulas/salt-formula.git:
- base: develop
file_roots:
base:
- /srv/salt
pillar_roots:
base:
- /srv/pillar
module_config:
test: True
test.foo: foo
test.bar:
- baz
- quo
test.baz:
spam: sausage
cheese: bread
# salt mine setup
mine_interval: 60
# mine_functions can be set at the top level of the pillar, and
# that is preferable because it doesn't affect the conf file and
# doesn't require a minion restart. However, you can configure it
# here instead if you really want to.
mine_functions:
network.interface_ip: [eth0]
# Define a minion scheduler
schedule:
- highstate:
- function: state.apply
- minutes: 60
- returner: redis
# other 'non-default' config
auth_keytab: /root/auth.keytab
auth_principal: kadmin/admin
# optional engine configuration
engines:
- slack:
token: xoxp-XXXXX-XXXXXXX # use Slack's legacy API token
control: True
valid_users:
- someuser
- otheruser
valid_commands:
- test.ping
- list_jobs
aliases:
list_jobs:
type: runner
cmd: jobs.list_jobs
# optional beacons configuration
beacons:
load:
1m:
- 0.0
- 2.0
5m:
- 0.0
- 1.5
15m:
- 0.1
- 1.0
interval: 10
# Optional reactors: these reactors will be configured on the minion
# They override reactors configured in
# 'salt:reactors' or the old 'salt:reactor' parameters
reactors:
- 'minion/deploy':
- /srv/salt/reactors/deploy.sls
# Optional: Configure an elasticsearch returner
return: elasticsearch
elasticsearch:
hosts:
- example.elasticsearch.host:9200
- example.elasticsearch.host2:9200
index_date: True
index: salt
number_of_shards: 5
number_of_replicas: 2
debug_returner_payload: True
states_count: True
states_order_output: True
states_single_index: True
functions_blacklist:
- test.ping
- saltutil.find_job
# salt cloud config
cloud:
master: salt
# For non-templated custom cloud provider/profile/map files
providers:
provider-filename1.conf:
vmware-prod:
driver: vmware
user: myusernameprod
password: mypassword
vmware-nonprod:
driver: vmware
user: myusernamenonprod
password: mypassword
profiles:
profile-filename1.conf:
server-non-prod:
clonefrom: rhel6xtemplatenp
grains:
platform:
name: salt
realm: lab
subscription_level: standard
memory: 8GB
num_cpus: 4
password: sUpErsecretey
provider: vmware-nonprod
maps:
map-filename1.map:
server-non-prod:
- host.mycompany.com:
grains:
environment: dev1
# You can take profile and map templates from an alternate location
# if you want to write your own.
template_sources:
providers: salt://salt/files/cloud.providers.d
profiles: salt://salt/files/cloud.profiles.d
maps: salt://salt/files/cloud.maps.d
# These settings are used by the default provider templates and
# only need to be set for the ones you're using.
aws_key: AWSKEYIJSHJAIJS6JSH
aws_secret: AWSSECRETYkkDY1iQf9zRtl9+pW+Nm+aZY95
gce_project: test
gce_service_account_email_address: 867543072364-orl4h2tpp8jcn1tr9ipj@developer.gserviceaccount.com
rsos_user: afeawofghob
rsos_tenant: tenant_id_number
rsos_apikey: WFJIOJEOIGHSOFHESO
rsos_regions:
- ORD
- DFW
- IAD
- SYD
- HKG
ssh_roster:
prod1:
host: host.example.com
user: ubuntu
sudo: True
priv: /etc/salt/ssh_keys/sshkey.pem
gitfs:
keys:
global:
# key and pub end up being the extension used on the key file. values other than key and pub are possible
key: |
-----BEGIN RSA PRIVATE KEY-----
...........
-----END RSA PRIVATE KEY-----
pub: |
...........
# These reactors will be configured both in the minion and the master
reactors:
- 'deploy':
- /srv/salt/reactors/deploy.sls
salt_cloud_certs:
aws:
pem: |
-----BEGIN RSA PRIVATE KEY-----
...........
-----END RSA PRIVATE KEY-----
gce:
pem: |
-----BEGIN RSA PRIVATE KEY-----
...........
-----END RSA PRIVATE KEY-----
salt_formulas:
git_opts:
# The Git options can be customized differently for each
# environment, if an option is missing in a given environment, the
# value from "default" is used instead.
default:
# URL where the formulas git repositories are downloaded from
# it will be suffixed with <formula-name>.git
baseurl: https://github.com/saltstack-formulas
# Directory where Git repositories are downloaded
basedir: /srv/formulas
# Update the git repository to the latest version (False by default)
update: False
# Options passed directly to the git.latest state
options:
rev: master
dev:
basedir: /srv/formulas/dev
update: True
options:
rev: develop
# Options of the file.directory state that creates the directory where
# the git repositories of the formulas are stored
basedir_opts:
makedirs: True
user: root
group: root
mode: 755
# Explicitly checkout the original branch for repos after the
# git.latest states have been processed (False by default)
checkout_orig_branch: False
# List of formulas to enable in each environment
list:
base:
- salt-formula
- postfix-formula
dev:
- salt-formula
- postfix-formula
- openssh-formula
View Git Blame Copy Permalink