-
Notifications
You must be signed in to change notification settings - Fork 419
/
Copy pathpillar.example
479 lines (441 loc) · 14 KB
/
pillar.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
# -*- coding: utf-8 -*-
# vim: ft=yaml
---
salt:
# Set this to true to clean any non-salt-formula managed files out of
# /etc/salt/{master,minion}.d ... You really don't want to do this on 2015.2
# and up as it'll wipe out important files that Salt relies on.
clean_config_d_dir: false
# This state will remove "/etc/salt/minion" when you set this to true.
minion_remove_config: true
# This state will remove "/etc/salt/master" when you set this to true.
master_remove_config: true
# Set this to 'py3' to install the Python 3 packages.
# The default varies between OS versions.
py_ver: 'py3'
# Set this to false to not have the formula install packages (in the case you
# install Salt via git/pip/etc.)
install_packages: true
# Optional: set salt version (if install_packages is set to true)
version: '3006.9'
# Pin version provided under 'version' key by using apt-pinning
# available only on Debian family OS-es
pin_version: false
# to overwrite map.jinja salt packages
lookup:
salt_master: 'salt-master'
salt_minion: 'salt-minion'
salt_syndic: 'salt-syndic'
salt_cloud: 'salt-cloud'
salt_ssh: 'salt-ssh'
pyinotify: 'python-pyinotify' # the package to be installed for pyinotify
# Set which salt repository to use
# -> defaults to https://packages.broadcom.com/artifactory
repo: 'https://packages.broadcom.com/artifactory'
# yamllint disable rule:line-length
repo_key_url: 'https://packages.broadcom.com/artifactory/api/security/keypair/SaltProjectKey/public'
# yamllint enable rule:line-length
# Set which release of SaltStack to use, default to 'latest'
# To get the available releases:
# * https://packages.broadcom.com/artifactory/saltproject-rpm/
# * https://packages.broadcom.com/artifactory/saltproject-deb
release: '3006'
# MacOS has no package management.
# Instead, we use file.managed to download an appropriate .pkg file and
# macpackage.installed to install it 'version', if set (see above), will be
# used to check the .pkg version to determine if it should be installed
#
# NOTE: if 'version' is not set version comparison will not occur and the
# .pkg WILL NOT be installed if a salt .pkg is already installed
# NOTE: salt_minion_pkg_hash, if set, will be passed into file.managed's
# source_hash, use URL or hash string
# yamllint disable rule:line-length
salt_minion_pkg_source: 'https://packages.broadcom.com/artifactory/saltproject-generic/macos/3006.9/salt-3006.9-py3-x86_64.pkg'
salt_minion_pkg_hash: 'sha256=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855'
# yamllint enable rule:line-length
# tofs:
# The files_switch key serves as a selector for alternative
# directories under the formula files directory. See TOFS pattern
# doc for more info.
# Note: Any value not evaluated by `config.get` will be used literally.
# This can be used to set custom paths, as many levels deep as required.
# files_switch:
# - any/path/can/be/used/here
# - id
# - osfinger
# - os
# - os_family
# All aspects of path/file resolution are customisable using the options below.
# This is unnecessary in most cases; there are sensible defaults.
# path_prefix: template_alt
# dirs:
# files: files_alt
# default: default_alt
# source_files:
# salt-master:
# - 'alt_master.d'
# salt-minion:
# - 'alt_minion.d'
# salt master config
master_config_use_TOFS: true
master:
standalone: false
fileserver_backend:
- git
- s3fs
- roots
gitfs_remotes:
- git://github.com/saltstack-formulas/salt-formula.git:
- base: develop
s3.keyid: GKTADJGHEIQSXMKKRBJ08H
s3.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
s3.buckets:
- bucket1
- bucket2
- bucket3
- bucket4
file_roots:
base:
- /srv/salt
pillar_roots:
base:
- /srv/pillar
# for salt-api with tornado rest interface
rest_tornado:
port: 8000
ssl_crt: /etc/pki/api/certs/server.crt
ssl_key: /etc/pki/api/certs/server.key
debug: false
disable_ssl: false
# yamllint disable-line rule:line-length
# for profile configuration as https://docs.saltstack.com/en/latest/topics/tutorials/lxc.html#tutorial-lxc-profiles
lxc.container_profile:
debian:
template: download
options:
dist: debian
release: jessie
arch: amd64
backing: lvm
vgname: kimsufi
size: 10G
lxc.network_profile:
basic:
eth0:
link: lxcbr0
type: veth
flags: up
## for external auth - LDAP
## filter to use for Active Directory LDAP
# auth.ldap.filter: {% raw %}'sAMAccountName={{username}}'{% endraw %}
## filter to use for Most other LDAP servers
# auth.ldap.filter: {% raw %}'uid={{ username }}'{% endraw %}
# Define winrepo provider, by default support order is pygit2, gitpython
# Set to gitpython for Debian & Ubuntu to get around saltstack/salt#35993
# where pygit2 is not compiled with pygit2.GIT_FEATURE_HTTPS support
winrepo_provider: gitpython
# optional engine configuration
engines:
- slack:
token: xoxp-XXXXX-XXXXXXX # use Slack's legacy API token
control: true
valid_users:
- someuser
- otheruser
valid_commands:
- test.ping
- list_jobs
aliases:
list_jobs:
type: runner
cmd: jobs.list_jobs
# optional: these reactors will be configured on the master
# They override reactors configured in
# 'salt:reactors' or the old 'salt:reactor' parameters
reactors:
- 'master/deploy':
- /srv/salt/reactors/deploy.sls
# salt minion config:
minion_config_use_TOFS: true
minion:
# standalone setup
master_type: str # see init.sls & standalone.sls
# single master setup
master: salt
# multi master setup
# master:
# - salt_master_1
# - salt_master_2
fileserver_backend:
- git
- roots
gitfs_remotes:
- git://github.com/saltstack-formulas/salt-formula.git:
- base: develop
file_roots:
base:
- /srv/salt
pillar_roots:
base:
- /srv/pillar
module_config:
test: true
test.foo: foo
test.bar:
- baz
- quo
test.baz:
spam: sausage
cheese: bread
# salt mine setup
mine_interval: 60
# mine_functions can be set at the top level of the pillar, and
# that is preferable because it doesn't affect the conf file and
# doesn't require a minion restart. However, you can configure it
# here instead if you really want to.
mine_functions:
network.interface_ip: [eth0]
# Define a minion scheduler
schedule:
- highstate:
- function: state.apply
- minutes: 60
- returner: redis
# other 'non-default' config
auth_keytab: /root/auth.keytab
auth_principal: kadmin/admin
# optional engine configuration
engines:
- slack:
token: xoxp-XXXXX-XXXXXXX # use Slack's legacy API token
control: true
valid_users:
- someuser
- otheruser
valid_commands:
- test.ping
- list_jobs
aliases:
list_jobs:
type: runner
cmd: jobs.list_jobs
# optional beacons configuration
beacons:
load:
1m:
- 0.0
- 2.0
5m:
- 0.0
- 1.5
15m:
- 0.1
- 1.0
interval: 10
# Optional reactors: these reactors will be configured on the minion
# They override reactors configured in
# 'salt:reactors' or the old 'salt:reactor' parameters
reactors:
- 'minion/deploy':
- /srv/salt/reactors/deploy.sls
# Optional: Configure an elasticsearch returner
return: elasticsearch
elasticsearch:
hosts:
- example.elasticsearch.host:9200
- example.elasticsearch.host2:9200
index_date: true
index: salt
number_of_shards: 5
number_of_replicas: 2
debug_returner_payload: true
states_count: true
states_order_output: true
states_single_index: true
functions_blacklist:
- test.ping
- saltutil.find_job
# init.sls skips salt.api and salt.syndic states
# unless those dicts are populated with something
api:
somekey: somevalue
syndic:
somekey: somevalue
# salt cloud config
cloud:
master: salt
# For non-templated custom cloud provider/profile/map files
providers:
provider-filename1.conf:
vmware-prod:
driver: vmware
user: myusernameprod
password: mypassword
vmware-nonprod:
driver: vmware
user: myusernamenonprod
password: mypassword
profiles:
profile-filename1.conf:
server-non-prod:
clonefrom: rhel6xtemplatenp
grains:
platform:
name: salt
realm: lab
subscription_level: standard
memory: 8GB
num_cpus: 4
password: sUpErsecretey
provider: vmware-nonprod
maps:
map-filename1.map:
server-non-prod:
- host.mycompany.com:
grains:
environment: dev1
# You can take profile and map templates from an alternate location
# if you want to write your own.
template_sources:
providers: salt://salt/files/cloud.providers.d
profiles: salt://salt/files/cloud.profiles.d
maps: salt://salt/files/cloud.maps.d
# These settings are used by the default provider templates and
# only need to be set for the ones you're using.
aws_key: AWSKEYIJSHJAIJS6JSH
aws_secret: AWSSECRETYkkDY1iQf9zRtl9+pW+Nm+aZY95
gce_project: test
# yamllint disable-line rule:line-length
gce_service_account_email_address: 867543072364-orl4h2tpp8jcn1tr9ipj@developer.gserviceaccount.com
rsos_user: afeawofghob
rsos_tenant: tenant_id_number
rsos_apikey: WFJIOJEOIGHSOFHESO
rsos_regions:
- ORD
- DFW
- IAD
- SYD
- HKG
ssh_roster:
prod1:
host: host.example.com
user: ubuntu
sudo: true
priv: /etc/salt/ssh_keys/sshkey.pem
gitfs:
keys:
global:
# key and pub end up being the extension used on the key file
# values other than key and pub are possible
key: |
-----BEGIN RSA PRIVATE KEY-----
...........
-----END RSA PRIVATE KEY-----
pub: |
...........
# These reactors will be configured both in the minion and the master
reactors:
- 'deploy':
- /srv/salt/reactors/deploy.sls
# https://docs.saltstack.com/en/latest/ref/states/requisites.html#retrying-states
retry_options:
attempts: 2
until: true
interval: 10
splay: 10
salt_cloud_certs:
aws:
pem: |
-----BEGIN RSA PRIVATE KEY-----
...........
-----END RSA PRIVATE KEY-----
gce:
pem: |
-----BEGIN RSA PRIVATE KEY-----
...........
-----END RSA PRIVATE KEY-----
salt_formulas:
git_opts:
# The Git options can be customized differently for each
# environment, if an option is missing in a given environment, the
# value from "default" is used instead.
default:
# URL where the formulas git repositories are downloaded from
# it will be suffixed with <formula-name>.git
baseurl: https://github.com/saltstack-formulas
# Directory where Git repositories are downloaded
basedir: /srv/formulas
# Update the git repository to the latest version (false by default)
update: false
# Options passed directly to the git.latest state
options:
rev: master
user: username
identity: /path/to/.ssh/id_rsa_github_username
dev:
basedir: /srv/formulas/dev
update: true
options:
rev: develop
# Alternatively, a single directory with multiple branches can be used
# E.g. It is strongly recommended to fork saltstack-formula repositories
# to avoid unexpected changes to your infrastructure
# Then upstream changes can be merged in manually with due consideration
# Specific values for `rev`, `user` & `identity` will override the defaults
production:
baseurl: git@github.com:username
options:
branch: master
remote: origin
staging:
baseurl: git@github.com:username
options:
branch: staging
remote: origin
rev: staging
upstream:
baseurl: git@github.com:saltstack-formulas
update: true
options:
branch: upstream
remote: upstream
# Options of the file.directory state that creates the directory where
# the git repositories of the formulas are stored
basedir_opts:
makedirs: true
user: root
group: root
mode: 755
# Explicitly checkout the original branch for repos after the
# git.latest states have been processed (false by default)
# Enable if using the alternative method (single directory, multiple branches)
checkout_orig_branch: true
# List of formulas to enable in each environment
list:
base:
- salt-formula
- postfix-formula
- nginx-formula: # We can also override some options per formula
rev: 'v1.1.0' # Pin a version
- openssh-formula:
rev: '3e01ad8' # or pin a commit id
dev:
- salt-formula
- postfix-formula
- openssh-formula
- nginx-formula:
# You can also pull from another location
name: 'https://github.com/another-fork-location/salt-formula.git'
rev: 'feat/feature'
# Likewise for the alternative method (single directory, multiple branches)
production:
- salt-formula
- openssh-formula
staging:
- salt-formula
- postfix-formula
- openssh-formula
upstream:
- salt-formula
- postfix-formula
- openssh-formula