Skip to content
Snippets Groups Projects
pillar.example 13.8 KiB
Newer Older
  • Learn to ignore specific revisions
  • # -*- coding: utf-8 -*-
    # vim: ft=yaml
    ---
    
    Kenneth Wilke's avatar
    Kenneth Wilke committed
    salt:
    
      # Set this to true to clean any non-salt-formula managed files out of
      # /etc/salt/{master,minion}.d ... You really don't want to do this on 2015.2
      # and up as it'll wipe out important files that Salt relies on.
    
      # This state will remove "/etc/salt/minion" when you set this to true.
    
      minion_remove_config: true
    
      # This state will remove "/etc/salt/master" when you set this to true.
    
      master_remove_config: true
    
      # Set this to 'py3' to install the Python 3 packages.
    
      # The default varies between OS versions.
    
      # Set this to false to not have the formula install packages (in the case you
    
      # install Salt via git/pip/etc.)
    
      # Optional: set salt version (if install_packages is set to true)
    
      version: 2017.7.2-1.el7
    
    
      # Pin version provided under 'version' key by using apt-pinning
      # available only on Debian family OS-es
      pin_version: false
    
    
      # to overwrite map.jinja salt packages
      lookup:
    
        salt_master: 'salt-master'
        salt_minion: 'salt-minion'
        salt_syndic: 'salt-syndic'
        salt_cloud: 'salt-cloud'
        salt_ssh: 'salt-ssh'
    
        pyinotify: 'python-pyinotify'  # the package to be installed for pyinotify
    
      # Set which salt repository to use, default to https://repo.saltproject.io
    
      # For older releases use https://archive.repo.saltproject.io
      repo: 'https://archive.repo.saltproject.io'
    
    
      # Set which release of SaltStack to use, default to 'latest'
      # To get the available releases:
    
      # * http://repo.saltproject.io/yum/redhat/7/x86_64/
      # * http://repo.saltproject.io/apt/debian/8/amd64/
    
      release: '2018.3'
    
      # MacOS has no package management.
    
      # Instead, we use file.managed to download an appropriate .pkg file and
      # macpackage.installed to install it 'version', if set (see above), will be
      # used to check the .pkg version to determine if it should be installed
    
      # NOTE: if 'version' is not set version comparison will not occur and the
      # .pkg WILL NOT be installed if a salt .pkg is already installed
      # NOTE: salt_minion_pkg_hash, if set, will be passed into file.managed's
      # source_hash, use URL or hash string
      # yamllint disable rule:line-length
    
      salt_minion_pkg_source: 'https://repo.saltproject.io/osx/salt-2017.7.4-py3-x86_64.pkg'
      salt_minion_pkg_hash: 'https://repo.saltproject.io/osx/salt-2017.7.4-py3-x86_64.pkg.md5'
    
      # yamllint enable rule:line-length
    
      # tofs:
      #   The files_switch key serves as a selector for alternative
      #   directories under the formula files directory. See TOFS pattern
      #   doc for more info.
      #   Note: Any value not evaluated by `config.get` will be used literally.
      #   This can be used to set custom paths, as many levels deep as required.
      #   files_switch:
      #     - any/path/can/be/used/here
      #     - id
      #     - osfinger
      #     - os
      #     - os_family
      #   All aspects of path/file resolution are customisable using the options below.
      #   This is unnecessary in most cases; there are sensible defaults.
      #   path_prefix: template_alt
      #   dirs:
      #     files: files_alt
      #     default: default_alt
    
      #   source_files:
      #     salt-master:
      #       - 'alt_master.d'
    
      #     salt-minion:
      #       - 'alt_minion.d'
    
      # salt master config
    
      master_config_use_TOFS: true
    
    Kenneth Wilke's avatar
    Kenneth Wilke committed
      master:
    
        standalone: false
    
    Kenneth Wilke's avatar
    Kenneth Wilke committed
        fileserver_backend:
          - git
    
    Kenneth Wilke's avatar
    Kenneth Wilke committed
          - roots
        gitfs_remotes:
    
          - git://github.com/saltstack-formulas/salt-formula.git:
    
        s3.keyid: GKTADJGHEIQSXMKKRBJ08H
        s3.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
        s3.buckets:
          - bucket1
          - bucket2
          - bucket3
          - bucket4
    
    Kenneth Wilke's avatar
    Kenneth Wilke committed
        file_roots:
    
    Kenneth Wilke's avatar
    Kenneth Wilke committed
          base:
    
    Kenneth Wilke's avatar
    Kenneth Wilke committed
            - /srv/salt
    
        pillar_roots:
          base:
            - /srv/pillar
    
        # for salt-api with tornado rest interface
        rest_tornado:
          port: 8000
          ssl_crt: /etc/pki/api/certs/server.crt
          ssl_key: /etc/pki/api/certs/server.key
    
          debug: false
          disable_ssl: false
          # yamllint disable-line rule:line-length
    
    risca's avatar
    risca committed
        # for profile configuration as https://docs.saltstack.com/en/latest/topics/tutorials/lxc.html#tutorial-lxc-profiles
        lxc.container_profile:
          debian:
            template: download
            options:
              dist: debian
              release: jessie
              arch: amd64
            backing: lvm
            vgname: kimsufi
            size: 10G
        lxc.network_profile:
          basic:
            eth0:
              link: lxcbr0
              type: veth
              flags: up
    
        ## for external auth - LDAP
    
        ## filter to use for Active Directory LDAP
        # auth.ldap.filter: {% raw %}'sAMAccountName={{username}}'{% endraw %}
        ## filter to use for Most other LDAP servers
        # auth.ldap.filter: {% raw %}'uid={{ username }}'{% endraw %}
    
        # Define winrepo provider, by default support order is pygit2, gitpython
        # Set to gitpython for Debian & Ubuntu to get around saltstack/salt#35993
        # where pygit2 is not compiled with pygit2.GIT_FEATURE_HTTPS support
        winrepo_provider: gitpython
    
    
        # optional engine configuration
        engines:
    
          - slack:
              token: xoxp-XXXXX-XXXXXXX   # use Slack's legacy API token
    
              valid_users:
                - someuser
                - otheruser
              valid_commands:
                - test.ping
                - list_jobs
              aliases:
                list_jobs:
                  type: runner
                  cmd: jobs.list_jobs
    
        # optional: these reactors will be configured on the master
        # They override reactors configured in
        # 'salt:reactors' or the old 'salt:reactor' parameters
        reactors:
          - 'master/deploy':
    
              - /srv/salt/reactors/deploy.sls
    
      # salt minion config:
    
      minion_config_use_TOFS: true
    
    Kenneth Wilke's avatar
    Kenneth Wilke committed
      minion:
    
        # standalone setup
    
        master_type: str   # see init.sls & standalone.sls
    
        # single master setup
    
    Kenneth Wilke's avatar
    Kenneth Wilke committed
        master: salt
    
        # multi master setup
    
        # master:
        #   - salt_master_1
        #   - salt_master_2
    
        fileserver_backend:
          - git
          - roots
        gitfs_remotes:
          - git://github.com/saltstack-formulas/salt-formula.git:
    
        file_roots:
          base:
            - /srv/salt
    
        pillar_roots:
          base:
            - /srv/pillar
    
    Kevin Bowling's avatar
    Kevin Bowling committed
          test.bar:
    
            - baz
            - quo
          test.baz:
            spam: sausage
            cheese: bread
    
        # salt mine setup
        mine_interval: 60
        # mine_functions can be set at the top level of the pillar, and
        # that is preferable because it doesn't affect the conf file and
        # doesn't require a minion restart. However, you can configure it
        # here instead if you really want to.
        mine_functions:
          network.interface_ip: [eth0]
    
    
        # Define a minion scheduler
        schedule:
          - highstate:
    
              - function: state.apply
              - minutes: 60
              - returner: redis
    
        # other 'non-default' config
        auth_keytab: /root/auth.keytab
        auth_principal: kadmin/admin
    
    
        # optional engine configuration
    
          - slack:
              token: xoxp-XXXXX-XXXXXXX   # use Slack's legacy API token
    
              valid_users:
                - someuser
                - otheruser
              valid_commands:
                - test.ping
                - list_jobs
              aliases:
                list_jobs:
                  type: runner
                  cmd: jobs.list_jobs
    
        # optional beacons configuration
        beacons:
          load:
            1m:
              - 0.0
              - 2.0
            5m:
              - 0.0
              - 1.5
            15m:
              - 0.1
              - 1.0
            interval: 10
    
    
        # Optional reactors: these reactors will be configured on the minion
        # They override reactors configured in
        # 'salt:reactors' or the old 'salt:reactor' parameters
        reactors:
    
    Javier Bértoli's avatar
    Javier Bértoli committed
          - 'minion/deploy':
    
              - /srv/salt/reactors/deploy.sls
    
        # Optional: Configure an elasticsearch returner
        return: elasticsearch
        elasticsearch:
          hosts:
            - example.elasticsearch.host:9200
            - example.elasticsearch.host2:9200
    
          index: salt
          number_of_shards: 5
          number_of_replicas: 2
    
          debug_returner_payload: true
          states_count: true
          states_order_output: true
          states_single_index: true
    
      # init.sls skips salt.api and salt.syndic states
      # unless those dicts are populated with something
      api:
        somekey: somevalue
      syndic:
        somekey: somevalue
    
    
      # salt cloud config
    
        # For non-templated custom cloud provider/profile/map files
        providers:
          provider-filename1.conf:
            vmware-prod:
              driver: vmware
              user: myusernameprod
              password: mypassword
            vmware-nonprod:
              driver: vmware
              user: myusernamenonprod
              password: mypassword
        profiles:
          profile-filename1.conf:
            server-non-prod:
              clonefrom: rhel6xtemplatenp
              grains:
                platform:
                  name: salt
                  realm: lab
                subscription_level: standard
              memory: 8GB
              num_cpus: 4
              password: sUpErsecretey
              provider: vmware-nonprod
        maps:
          map-filename1.map:
            server-non-prod:
              - host.mycompany.com:
    
    
        # You can take profile and map templates from an alternate location
    
        # if you want to write your own.
        template_sources:
    
          providers: salt://salt/files/cloud.providers.d
          profiles: salt://salt/files/cloud.profiles.d
          maps: salt://salt/files/cloud.maps.d
    
        # These settings are used by the default provider templates and
        # only need to be set for the ones you're using.
    
        aws_key: AWSKEYIJSHJAIJS6JSH
        aws_secret: AWSSECRETYkkDY1iQf9zRtl9+pW+Nm+aZY95
        gce_project: test
    
        # yamllint disable-line rule:line-length
    
        gce_service_account_email_address: 867543072364-orl4h2tpp8jcn1tr9ipj@developer.gserviceaccount.com
    
        rsos_user: afeawofghob
        rsos_tenant: tenant_id_number
        rsos_apikey: WFJIOJEOIGHSOFHESO
        rsos_regions:
          - ORD
          - DFW
          - IAD
          - SYD
          - HKG
    
      gitfs:
        keys:
          global:
    
            # key and pub end up being the extension used on the key file
            # values other than key and pub are possible
    
            key: |
              -----BEGIN RSA PRIVATE KEY-----
              ...........
              -----END RSA PRIVATE KEY-----
            pub: |
              ...........
    
    Javier Bértoli's avatar
    Javier Bértoli committed
      # These reactors will be configured both in the minion and the master
    
            - /srv/salt/reactors/deploy.sls
    
      # https://docs.saltstack.com/en/latest/ref/states/requisites.html#retrying-states
      retry_options:
        attempts: 2
        until: true
        interval: 10
        splay: 10
    
    
    salt_cloud_certs:
      aws:
        pem: |
          -----BEGIN RSA PRIVATE KEY-----
          ...........
          -----END RSA PRIVATE KEY-----
    
      gce:
        pem: |
          -----BEGIN RSA PRIVATE KEY-----
          ...........
          -----END RSA PRIVATE KEY-----
    
    
    salt_formulas:
      git_opts:
        # The Git options can be customized differently for each
        # environment, if an option is missing in a given environment, the
        # value from "default" is used instead.
        default:
    
    Matthew X. Economou's avatar
    Matthew X. Economou committed
          # URL where the formulas git repositories are downloaded from
          # it will be suffixed with <formula-name>.git
          baseurl: https://github.com/saltstack-formulas
    
          # Directory where Git repositories are downloaded
          basedir: /srv/formulas
    
          # Update the git repository to the latest version (false by default)
          update: false
    
          # Options passed directly to the git.latest state
          options:
            rev: master
    
            user: username
            identity: /path/to/.ssh/id_rsa_github_username
    
        dev:
          basedir: /srv/formulas/dev
    
        # Alternatively, a single directory with multiple branches can be used
        # E.g. It is strongly recommended to fork saltstack-formula repositories
        #      to avoid unexpected changes to your infrastructure
        # Then upstream changes can be merged in manually with due consideration
        # Specific values for `rev`, `user` & `identity` will override the defaults
        production:
          baseurl: git@github.com:username
          options:
            branch: master
            remote: origin
        staging:
          baseurl: git@github.com:username
          options:
            branch: staging
            remote: origin
            rev: staging
        upstream:
          baseurl: git@github.com:saltstack-formulas
    
      # Options of the file.directory state that creates the directory where
      # the git repositories of the formulas are stored
      basedir_opts:
    
      # Explicitly checkout the original branch for repos after the
    
      # git.latest states have been processed (false by default)
    
      # Enable if using the alternative method (single directory, multiple branches)
    
      # List of formulas to enable in each environment
      list:
        base:
    
    Matthew X. Economou's avatar
    Matthew X. Economou committed
          - salt-formula
          - postfix-formula
    
          - nginx-formula:  # We can also override some options per formula
              rev: 'v1.1.0'  # Pin a version
          - openssh-formula:
              rev: '3e01ad8'  # or pin a commit id
    
    Matthew X. Economou's avatar
    Matthew X. Economou committed
          - salt-formula
          - postfix-formula
          - openssh-formula
    
          - nginx-formula:
              # You can also pull from another location
              name: 'https://github.com/another-fork-location/salt-formula.git'
              rev: 'feat/feature'
    
        # Likewise for the alternative method (single directory, multiple branches)
        production:
          - salt-formula
          - openssh-formula
        staging:
          - salt-formula
          - postfix-formula
          - openssh-formula
        upstream:
          - salt-formula
          - postfix-formula
          - openssh-formula