2
0
salt-formula/pillar.example

462 lines
13 KiB
YAML

# -*- coding: utf-8 -*-
# vim: ft=yaml
---
salt:
# Set this to true to clean any non-salt-formula managed files out of
# /etc/salt/{master,minion}.d ... You really don't want to do this on 2015.2
# and up as it'll wipe out important files that Salt relies on.
clean_config_d_dir: false
# This state will remove "/etc/salt/minion" when you set this to true.
minion_remove_config: true
# This state will remove "/etc/salt/master" when you set this to true.
master_remove_config: true
# Set this to 'py3' to install the Python 3 packages.
# If this is not set, the Python 2 packages will be installed by default.
py_ver: 'py3'
# Set this to false to not have the formula install packages (in the case you
# install Salt via git/pip/etc.)
install_packages: true
# Optional: set salt version (if install_packages is set to true)
version: 2017.7.2-1.el7
# to overwrite map.jinja salt packages
lookup:
salt_master: 'salt-master'
salt_minion: 'salt-minion'
salt_syndic: 'salt-syndic'
salt_cloud: 'salt-cloud'
salt_ssh: 'salt-ssh'
pyinotify: 'python-pyinotify' # the package to be installed for pyinotify
# Set which release of SaltStack to use, default to 'latest'
# To get the available releases:
# * http://repo.saltstack.com/yum/redhat/7/x86_64/
# * http://repo.saltstack.com/apt/debian/8/amd64/
release: '2018.3'
# MacOS has no package management.
# Instead, we use file.managed to download an appropriate .pkg file and
# macpackage.installed to install it 'version', if set (see above), will be
# used to check the .pkg version to determine if it should be installed
#
# NOTE: if 'version' is not set version comparison will not occur and the
# .pkg WILL NOT be installed if a salt .pkg is already installed
# NOTE: salt_minion_pkg_hash, if set, will be passed into file.managed's
# source_hash, use URL or hash string
# yamllint disable rule:line-length
salt_minion_pkg_source: 'https://repo.saltstack.com/osx/salt-2017.7.4-py3-x86_64.pkg'
salt_minion_pkg_hash: 'https://repo.saltstack.com/osx/salt-2017.7.4-py3-x86_64.pkg.md5'
# yamllint enable rule:line-length
# tofs:
# The files_switch key serves as a selector for alternative
# directories under the formula files directory. See TOFS pattern
# doc for more info.
# Note: Any value not evaluated by `config.get` will be used literally.
# This can be used to set custom paths, as many levels deep as required.
# files_switch:
# - any/path/can/be/used/here
# - id
# - osfinger
# - os
# - os_family
# All aspects of path/file resolution are customisable using the options below.
# This is unnecessary in most cases; there are sensible defaults.
# path_prefix: template_alt
# dirs:
# files: files_alt
# default: default_alt
# source_files:
# salt-master:
# - 'alt_master.d'
# salt-minion:
# - 'alt_minion.d'
# salt master config
master_config_use_TOFS: true
master:
standalone: false
fileserver_backend:
- git
- s3fs
- roots
gitfs_remotes:
- git://github.com/saltstack-formulas/salt-formula.git:
- base: develop
s3.keyid: GKTADJGHEIQSXMKKRBJ08H
s3.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
s3.buckets:
- bucket1
- bucket2
- bucket3
- bucket4
file_roots:
base:
- /srv/salt
pillar_roots:
base:
- /srv/pillar
# for salt-api with tornado rest interface
rest_tornado:
port: 8000
ssl_crt: /etc/pki/api/certs/server.crt
ssl_key: /etc/pki/api/certs/server.key
debug: false
disable_ssl: false
# yamllint disable-line rule:line-length
# for profile configuration as https://docs.saltstack.com/en/latest/topics/tutorials/lxc.html#tutorial-lxc-profiles
lxc.container_profile:
debian:
template: download
options:
dist: debian
release: jessie
arch: amd64
backing: lvm
vgname: kimsufi
size: 10G
lxc.network_profile:
basic:
eth0:
link: lxcbr0
type: veth
flags: up
## for external auth - LDAP
## filter to use for Active Directory LDAP
# auth.ldap.filter: {% raw %}'sAMAccountName={{username}}'{% endraw %}
## filter to use for Most other LDAP servers
# auth.ldap.filter: {% raw %}'uid={{ username }}'{% endraw %}
# Define winrepo provider, by default support order is pygit2, gitpython
# Set to gitpython for Debian & Ubuntu to get around saltstack/salt#35993
# where pygit2 is not compiled with pygit2.GIT_FEATURE_HTTPS support
winrepo_provider: gitpython
# optional engine configuration
engines:
- slack:
token: xoxp-XXXXX-XXXXXXX # use Slack's legacy API token
control: true
valid_users:
- someuser
- otheruser
valid_commands:
- test.ping
- list_jobs
aliases:
list_jobs:
type: runner
cmd: jobs.list_jobs
# optional: these reactors will be configured on the master
# They override reactors configured in
# 'salt:reactors' or the old 'salt:reactor' parameters
reactors:
- 'master/deploy':
- /srv/salt/reactors/deploy.sls
# salt minion config:
minion_config_use_TOFS: true
minion:
# standalone setup
master_type: false # see init.sls & standalone.sls
# single master setup
master: salt
# multi master setup
# master:
# - salt_master_1
# - salt_master_2
fileserver_backend:
- git
- roots
gitfs_remotes:
- git://github.com/saltstack-formulas/salt-formula.git:
- base: develop
file_roots:
base:
- /srv/salt
pillar_roots:
base:
- /srv/pillar
module_config:
test: true
test.foo: foo
test.bar:
- baz
- quo
test.baz:
spam: sausage
cheese: bread
# salt mine setup
mine_interval: 60
# mine_functions can be set at the top level of the pillar, and
# that is preferable because it doesn't affect the conf file and
# doesn't require a minion restart. However, you can configure it
# here instead if you really want to.
mine_functions:
network.interface_ip: [eth0]
# Define a minion scheduler
schedule:
- highstate:
- function: state.apply
- minutes: 60
- returner: redis
# other 'non-default' config
auth_keytab: /root/auth.keytab
auth_principal: kadmin/admin
# optional engine configuration
engines:
- slack:
token: xoxp-XXXXX-XXXXXXX # use Slack's legacy API token
control: true
valid_users:
- someuser
- otheruser
valid_commands:
- test.ping
- list_jobs
aliases:
list_jobs:
type: runner
cmd: jobs.list_jobs
# optional beacons configuration
beacons:
load:
1m:
- 0.0
- 2.0
5m:
- 0.0
- 1.5
15m:
- 0.1
- 1.0
interval: 10
# Optional reactors: these reactors will be configured on the minion
# They override reactors configured in
# 'salt:reactors' or the old 'salt:reactor' parameters
reactors:
- 'minion/deploy':
- /srv/salt/reactors/deploy.sls
# Optional: Configure an elasticsearch returner
return: elasticsearch
elasticsearch:
hosts:
- example.elasticsearch.host:9200
- example.elasticsearch.host2:9200
index_date: true
index: salt
number_of_shards: 5
number_of_replicas: 2
debug_returner_payload: true
states_count: true
states_order_output: true
states_single_index: true
functions_blacklist:
- test.ping
- saltutil.find_job
# init.sls skips salt.api and salt.syndic states
# unless those dicts are populated with something
api:
somekey: somevalue
syndic:
somekey: somevalue
# salt cloud config
cloud:
master: salt
# For non-templated custom cloud provider/profile/map files
providers:
provider-filename1.conf:
vmware-prod:
driver: vmware
user: myusernameprod
password: mypassword
vmware-nonprod:
driver: vmware
user: myusernamenonprod
password: mypassword
profiles:
profile-filename1.conf:
server-non-prod:
clonefrom: rhel6xtemplatenp
grains:
platform:
name: salt
realm: lab
subscription_level: standard
memory: 8GB
num_cpus: 4
password: sUpErsecretey
provider: vmware-nonprod
maps:
map-filename1.map:
server-non-prod:
- host.mycompany.com:
grains:
environment: dev1
# You can take profile and map templates from an alternate location
# if you want to write your own.
template_sources:
providers: salt://salt/files/cloud.providers.d
profiles: salt://salt/files/cloud.profiles.d
maps: salt://salt/files/cloud.maps.d
# These settings are used by the default provider templates and
# only need to be set for the ones you're using.
aws_key: AWSKEYIJSHJAIJS6JSH
aws_secret: AWSSECRETYkkDY1iQf9zRtl9+pW+Nm+aZY95
gce_project: test
# yamllint disable-line rule:line-length
gce_service_account_email_address: 867543072364-orl4h2tpp8jcn1tr9ipj@developer.gserviceaccount.com
rsos_user: afeawofghob
rsos_tenant: tenant_id_number
rsos_apikey: WFJIOJEOIGHSOFHESO
rsos_regions:
- ORD
- DFW
- IAD
- SYD
- HKG
ssh_roster:
prod1:
host: host.example.com
user: ubuntu
sudo: true
priv: /etc/salt/ssh_keys/sshkey.pem
gitfs:
keys:
global:
# key and pub end up being the extension used on the key file
# values other than key and pub are possible
key: |
-----BEGIN RSA PRIVATE KEY-----
...........
-----END RSA PRIVATE KEY-----
pub: |
...........
# These reactors will be configured both in the minion and the master
reactors:
- 'deploy':
- /srv/salt/reactors/deploy.sls
salt_cloud_certs:
aws:
pem: |
-----BEGIN RSA PRIVATE KEY-----
...........
-----END RSA PRIVATE KEY-----
gce:
pem: |
-----BEGIN RSA PRIVATE KEY-----
...........
-----END RSA PRIVATE KEY-----
salt_formulas:
git_opts:
# The Git options can be customized differently for each
# environment, if an option is missing in a given environment, the
# value from "default" is used instead.
default:
# URL where the formulas git repositories are downloaded from
# it will be suffixed with <formula-name>.git
baseurl: https://github.com/saltstack-formulas
# Directory where Git repositories are downloaded
basedir: /srv/formulas
# Update the git repository to the latest version (false by default)
update: false
# Options passed directly to the git.latest state
options:
rev: master
user: username
identity: /path/to/.ssh/id_rsa_github_username
dev:
basedir: /srv/formulas/dev
update: true
options:
rev: develop
# Alternatively, a single directory with multiple branches can be used
# E.g. It is strongly recommended to fork saltstack-formula repositories
# to avoid unexpected changes to your infrastructure
# Then upstream changes can be merged in manually with due consideration
# Specific values for `rev`, `user` & `identity` will override the defaults
production:
baseurl: git@github.com:username
options:
branch: master
remote: origin
staging:
baseurl: git@github.com:username
options:
branch: staging
remote: origin
rev: staging
upstream:
baseurl: git@github.com:saltstack-formulas
update: true
options:
branch: upstream
remote: upstream
# Options of the file.directory state that creates the directory where
# the git repositories of the formulas are stored
basedir_opts:
makedirs: true
user: root
group: root
mode: 755
# Explicitly checkout the original branch for repos after the
# git.latest states have been processed (false by default)
# Enable if using the alternative method (single directory, multiple branches)
checkout_orig_branch: true
# List of formulas to enable in each environment
list:
base:
- salt-formula
- postfix-formula
- nginx-formula: # We can also override some options per formula
rev: 'v1.1.0' # Pin a version
- openssh-formula:
rev: '3e01ad8' # or pin a commit id
dev:
- salt-formula
- postfix-formula
- openssh-formula
- nginx-formula:
# You can also pull from another location
name: 'https://github.com/another-fork-location/salt-formula.git'
rev: 'feat/feature'
# Likewise for the alternative method (single directory, multiple branches)
production:
- salt-formula
- openssh-formula
staging:
- salt-formula
- postfix-formula
- openssh-formula
upstream:
- salt-formula
- postfix-formula
- openssh-formula