472 lines
14 KiB
YAML
472 lines
14 KiB
YAML
# -*- coding: utf-8 -*-
|
|
# vim: ft=yaml
|
|
---
|
|
salt:
|
|
# Set this to true to clean any non-salt-formula managed files out of
|
|
# /etc/salt/{master,minion}.d ... You really don't want to do this on 2015.2
|
|
# and up as it'll wipe out important files that Salt relies on.
|
|
clean_config_d_dir: false
|
|
|
|
# This state will remove "/etc/salt/minion" when you set this to true.
|
|
minion_remove_config: true
|
|
|
|
# This state will remove "/etc/salt/master" when you set this to true.
|
|
master_remove_config: true
|
|
|
|
# Set this to 'py3' to install the Python 3 packages.
|
|
# If this is not set, the Python 2 packages will be installed by default.
|
|
py_ver: 'py3'
|
|
|
|
# Set this to false to not have the formula install packages (in the case you
|
|
# install Salt via git/pip/etc.)
|
|
install_packages: true
|
|
|
|
# Optional: set salt version (if install_packages is set to true)
|
|
version: 2017.7.2-1.el7
|
|
|
|
# Pin version provided under 'version' key by using apt-pinning
|
|
# available only on Debian family OS-es
|
|
pin_version: false
|
|
|
|
# to overwrite map.jinja salt packages
|
|
lookup:
|
|
salt_master: 'salt-master'
|
|
salt_minion: 'salt-minion'
|
|
salt_syndic: 'salt-syndic'
|
|
salt_cloud: 'salt-cloud'
|
|
salt_ssh: 'salt-ssh'
|
|
pyinotify: 'python-pyinotify' # the package to be installed for pyinotify
|
|
|
|
# Set which release of SaltStack to use, default to 'latest'
|
|
# To get the available releases:
|
|
# * http://repo.saltstack.com/yum/redhat/7/x86_64/
|
|
# * http://repo.saltstack.com/apt/debian/8/amd64/
|
|
release: '2018.3'
|
|
|
|
# MacOS has no package management.
|
|
# Instead, we use file.managed to download an appropriate .pkg file and
|
|
# macpackage.installed to install it 'version', if set (see above), will be
|
|
# used to check the .pkg version to determine if it should be installed
|
|
#
|
|
# NOTE: if 'version' is not set version comparison will not occur and the
|
|
# .pkg WILL NOT be installed if a salt .pkg is already installed
|
|
# NOTE: salt_minion_pkg_hash, if set, will be passed into file.managed's
|
|
# source_hash, use URL or hash string
|
|
# yamllint disable rule:line-length
|
|
salt_minion_pkg_source: 'https://repo.saltstack.com/osx/salt-2017.7.4-py3-x86_64.pkg'
|
|
salt_minion_pkg_hash: 'https://repo.saltstack.com/osx/salt-2017.7.4-py3-x86_64.pkg.md5'
|
|
# yamllint enable rule:line-length
|
|
|
|
# tofs:
|
|
# The files_switch key serves as a selector for alternative
|
|
# directories under the formula files directory. See TOFS pattern
|
|
# doc for more info.
|
|
# Note: Any value not evaluated by `config.get` will be used literally.
|
|
# This can be used to set custom paths, as many levels deep as required.
|
|
# files_switch:
|
|
# - any/path/can/be/used/here
|
|
# - id
|
|
# - osfinger
|
|
# - os
|
|
# - os_family
|
|
# All aspects of path/file resolution are customisable using the options below.
|
|
# This is unnecessary in most cases; there are sensible defaults.
|
|
# path_prefix: template_alt
|
|
# dirs:
|
|
# files: files_alt
|
|
# default: default_alt
|
|
# source_files:
|
|
# salt-master:
|
|
# - 'alt_master.d'
|
|
# salt-minion:
|
|
# - 'alt_minion.d'
|
|
|
|
# salt master config
|
|
master_config_use_TOFS: true
|
|
master:
|
|
standalone: false
|
|
fileserver_backend:
|
|
- git
|
|
- s3fs
|
|
- roots
|
|
gitfs_remotes:
|
|
- git://github.com/saltstack-formulas/salt-formula.git:
|
|
- base: develop
|
|
s3.keyid: GKTADJGHEIQSXMKKRBJ08H
|
|
s3.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
|
|
s3.buckets:
|
|
- bucket1
|
|
- bucket2
|
|
- bucket3
|
|
- bucket4
|
|
file_roots:
|
|
base:
|
|
- /srv/salt
|
|
pillar_roots:
|
|
base:
|
|
- /srv/pillar
|
|
# for salt-api with tornado rest interface
|
|
rest_tornado:
|
|
port: 8000
|
|
ssl_crt: /etc/pki/api/certs/server.crt
|
|
ssl_key: /etc/pki/api/certs/server.key
|
|
debug: false
|
|
disable_ssl: false
|
|
# yamllint disable-line rule:line-length
|
|
# for profile configuration as https://docs.saltstack.com/en/latest/topics/tutorials/lxc.html#tutorial-lxc-profiles
|
|
lxc.container_profile:
|
|
debian:
|
|
template: download
|
|
options:
|
|
dist: debian
|
|
release: jessie
|
|
arch: amd64
|
|
backing: lvm
|
|
vgname: kimsufi
|
|
size: 10G
|
|
lxc.network_profile:
|
|
basic:
|
|
eth0:
|
|
link: lxcbr0
|
|
type: veth
|
|
flags: up
|
|
## for external auth - LDAP
|
|
## filter to use for Active Directory LDAP
|
|
# auth.ldap.filter: {% raw %}'sAMAccountName={{username}}'{% endraw %}
|
|
## filter to use for Most other LDAP servers
|
|
# auth.ldap.filter: {% raw %}'uid={{ username }}'{% endraw %}
|
|
|
|
# Define winrepo provider, by default support order is pygit2, gitpython
|
|
# Set to gitpython for Debian & Ubuntu to get around saltstack/salt#35993
|
|
# where pygit2 is not compiled with pygit2.GIT_FEATURE_HTTPS support
|
|
winrepo_provider: gitpython
|
|
|
|
# optional engine configuration
|
|
engines:
|
|
- slack:
|
|
token: xoxp-XXXXX-XXXXXXX # use Slack's legacy API token
|
|
control: true
|
|
valid_users:
|
|
- someuser
|
|
- otheruser
|
|
valid_commands:
|
|
- test.ping
|
|
- list_jobs
|
|
aliases:
|
|
list_jobs:
|
|
type: runner
|
|
cmd: jobs.list_jobs
|
|
|
|
# Define a master scheduler
|
|
schedule:
|
|
- update_winrepo:
|
|
- function: winrepo.update_git_repos
|
|
- hours: 6
|
|
|
|
# optional: these reactors will be configured on the master
|
|
# They override reactors configured in
|
|
# 'salt:reactors' or the old 'salt:reactor' parameters
|
|
reactors:
|
|
- 'master/deploy':
|
|
- /srv/salt/reactors/deploy.sls
|
|
|
|
# salt minion config:
|
|
minion_config_use_TOFS: true
|
|
minion:
|
|
|
|
# standalone setup
|
|
master_type: false # see init.sls & standalone.sls
|
|
|
|
# single master setup
|
|
master: salt
|
|
|
|
# multi master setup
|
|
# master:
|
|
# - salt_master_1
|
|
# - salt_master_2
|
|
|
|
fileserver_backend:
|
|
- git
|
|
- roots
|
|
gitfs_remotes:
|
|
- git://github.com/saltstack-formulas/salt-formula.git:
|
|
- base: develop
|
|
file_roots:
|
|
base:
|
|
- /srv/salt
|
|
pillar_roots:
|
|
base:
|
|
- /srv/pillar
|
|
module_config:
|
|
test: true
|
|
test.foo: foo
|
|
test.bar:
|
|
- baz
|
|
- quo
|
|
test.baz:
|
|
spam: sausage
|
|
cheese: bread
|
|
|
|
# salt mine setup
|
|
mine_interval: 60
|
|
# mine_functions can be set at the top level of the pillar, and
|
|
# that is preferable because it doesn't affect the conf file and
|
|
# doesn't require a minion restart. However, you can configure it
|
|
# here instead if you really want to.
|
|
mine_functions:
|
|
network.interface_ip: [eth0]
|
|
|
|
# Define a minion scheduler
|
|
schedule:
|
|
- highstate:
|
|
- function: state.apply
|
|
- minutes: 60
|
|
- returner: redis
|
|
|
|
# other 'non-default' config
|
|
auth_keytab: /root/auth.keytab
|
|
auth_principal: kadmin/admin
|
|
|
|
# optional engine configuration
|
|
engines:
|
|
- slack:
|
|
token: xoxp-XXXXX-XXXXXXX # use Slack's legacy API token
|
|
control: true
|
|
valid_users:
|
|
- someuser
|
|
- otheruser
|
|
valid_commands:
|
|
- test.ping
|
|
- list_jobs
|
|
aliases:
|
|
list_jobs:
|
|
type: runner
|
|
cmd: jobs.list_jobs
|
|
|
|
# optional beacons configuration
|
|
beacons:
|
|
load:
|
|
1m:
|
|
- 0.0
|
|
- 2.0
|
|
5m:
|
|
- 0.0
|
|
- 1.5
|
|
15m:
|
|
- 0.1
|
|
- 1.0
|
|
interval: 10
|
|
|
|
# Optional reactors: these reactors will be configured on the minion
|
|
# They override reactors configured in
|
|
# 'salt:reactors' or the old 'salt:reactor' parameters
|
|
reactors:
|
|
- 'minion/deploy':
|
|
- /srv/salt/reactors/deploy.sls
|
|
|
|
# Optional: Configure an elasticsearch returner
|
|
return: elasticsearch
|
|
elasticsearch:
|
|
hosts:
|
|
- example.elasticsearch.host:9200
|
|
- example.elasticsearch.host2:9200
|
|
index_date: true
|
|
index: salt
|
|
number_of_shards: 5
|
|
number_of_replicas: 2
|
|
debug_returner_payload: true
|
|
states_count: true
|
|
states_order_output: true
|
|
states_single_index: true
|
|
functions_blacklist:
|
|
- test.ping
|
|
- saltutil.find_job
|
|
|
|
# init.sls skips salt.api and salt.syndic states
|
|
# unless those dicts are populated with something
|
|
api:
|
|
somekey: somevalue
|
|
syndic:
|
|
somekey: somevalue
|
|
|
|
# salt cloud config
|
|
cloud:
|
|
master: salt
|
|
|
|
# For non-templated custom cloud provider/profile/map files
|
|
providers:
|
|
provider-filename1.conf:
|
|
vmware-prod:
|
|
driver: vmware
|
|
user: myusernameprod
|
|
password: mypassword
|
|
vmware-nonprod:
|
|
driver: vmware
|
|
user: myusernamenonprod
|
|
password: mypassword
|
|
profiles:
|
|
profile-filename1.conf:
|
|
server-non-prod:
|
|
clonefrom: rhel6xtemplatenp
|
|
grains:
|
|
platform:
|
|
name: salt
|
|
realm: lab
|
|
subscription_level: standard
|
|
memory: 8GB
|
|
num_cpus: 4
|
|
password: sUpErsecretey
|
|
provider: vmware-nonprod
|
|
maps:
|
|
map-filename1.map:
|
|
server-non-prod:
|
|
- host.mycompany.com:
|
|
grains:
|
|
environment: dev1
|
|
|
|
# You can take profile and map templates from an alternate location
|
|
# if you want to write your own.
|
|
template_sources:
|
|
providers: salt://salt/files/cloud.providers.d
|
|
profiles: salt://salt/files/cloud.profiles.d
|
|
maps: salt://salt/files/cloud.maps.d
|
|
|
|
# These settings are used by the default provider templates and
|
|
# only need to be set for the ones you're using.
|
|
aws_key: AWSKEYIJSHJAIJS6JSH
|
|
aws_secret: AWSSECRETYkkDY1iQf9zRtl9+pW+Nm+aZY95
|
|
gce_project: test
|
|
# yamllint disable-line rule:line-length
|
|
gce_service_account_email_address: 867543072364-orl4h2tpp8jcn1tr9ipj@developer.gserviceaccount.com
|
|
rsos_user: afeawofghob
|
|
rsos_tenant: tenant_id_number
|
|
rsos_apikey: WFJIOJEOIGHSOFHESO
|
|
rsos_regions:
|
|
- ORD
|
|
- DFW
|
|
- IAD
|
|
- SYD
|
|
- HKG
|
|
|
|
ssh_roster:
|
|
prod1:
|
|
host: host.example.com
|
|
user: ubuntu
|
|
sudo: true
|
|
priv: /etc/salt/ssh_keys/sshkey.pem
|
|
gitfs:
|
|
keys:
|
|
global:
|
|
# key and pub end up being the extension used on the key file
|
|
# values other than key and pub are possible
|
|
key: |
|
|
-----BEGIN RSA PRIVATE KEY-----
|
|
...........
|
|
-----END RSA PRIVATE KEY-----
|
|
pub: |
|
|
...........
|
|
|
|
# These reactors will be configured both in the minion and the master
|
|
reactors:
|
|
- 'deploy':
|
|
- /srv/salt/reactors/deploy.sls
|
|
|
|
salt_cloud_certs:
|
|
aws:
|
|
pem: |
|
|
-----BEGIN RSA PRIVATE KEY-----
|
|
...........
|
|
-----END RSA PRIVATE KEY-----
|
|
|
|
gce:
|
|
pem: |
|
|
-----BEGIN RSA PRIVATE KEY-----
|
|
...........
|
|
-----END RSA PRIVATE KEY-----
|
|
|
|
salt_formulas:
|
|
git_opts:
|
|
# The Git options can be customized differently for each
|
|
# environment, if an option is missing in a given environment, the
|
|
# value from "default" is used instead.
|
|
default:
|
|
# URL where the formulas git repositories are downloaded from
|
|
# it will be suffixed with <formula-name>.git
|
|
baseurl: https://github.com/saltstack-formulas
|
|
# Directory where Git repositories are downloaded
|
|
basedir: /srv/formulas
|
|
# Update the git repository to the latest version (false by default)
|
|
update: false
|
|
# Options passed directly to the git.latest state
|
|
options:
|
|
rev: master
|
|
user: username
|
|
identity: /path/to/.ssh/id_rsa_github_username
|
|
dev:
|
|
basedir: /srv/formulas/dev
|
|
update: true
|
|
options:
|
|
rev: develop
|
|
# Alternatively, a single directory with multiple branches can be used
|
|
# E.g. It is strongly recommended to fork saltstack-formula repositories
|
|
# to avoid unexpected changes to your infrastructure
|
|
# Then upstream changes can be merged in manually with due consideration
|
|
# Specific values for `rev`, `user` & `identity` will override the defaults
|
|
production:
|
|
baseurl: git@github.com:username
|
|
options:
|
|
branch: master
|
|
remote: origin
|
|
staging:
|
|
baseurl: git@github.com:username
|
|
options:
|
|
branch: staging
|
|
remote: origin
|
|
rev: staging
|
|
upstream:
|
|
baseurl: git@github.com:saltstack-formulas
|
|
update: true
|
|
options:
|
|
branch: upstream
|
|
remote: upstream
|
|
# Options of the file.directory state that creates the directory where
|
|
# the git repositories of the formulas are stored
|
|
basedir_opts:
|
|
makedirs: true
|
|
user: root
|
|
group: root
|
|
mode: 755
|
|
# Explicitly checkout the original branch for repos after the
|
|
# git.latest states have been processed (false by default)
|
|
# Enable if using the alternative method (single directory, multiple branches)
|
|
checkout_orig_branch: true
|
|
# List of formulas to enable in each environment
|
|
list:
|
|
base:
|
|
- salt-formula
|
|
- postfix-formula
|
|
- nginx-formula: # We can also override some options per formula
|
|
rev: 'v1.1.0' # Pin a version
|
|
- openssh-formula:
|
|
rev: '3e01ad8' # or pin a commit id
|
|
dev:
|
|
- salt-formula
|
|
- postfix-formula
|
|
- openssh-formula
|
|
- nginx-formula:
|
|
# You can also pull from another location
|
|
name: 'https://github.com/another-fork-location/salt-formula.git'
|
|
rev: 'feat/feature'
|
|
# Likewise for the alternative method (single directory, multiple branches)
|
|
production:
|
|
- salt-formula
|
|
- openssh-formula
|
|
staging:
|
|
- salt-formula
|
|
- postfix-formula
|
|
- openssh-formula
|
|
upstream:
|
|
- salt-formula
|
|
- postfix-formula
|
|
- openssh-formula
|