Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
S
salt-formula
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Wiki
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Deploy
Releases
Model registry
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
GitLab community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
salt
salt-formula
Commits
0c394aba
Commit
0c394aba
authored
12 years ago
by
Antoine Cezar
Browse files
Options
Downloads
Patches
Plain Diff
Add minion managed file
parent
cff32dad
No related branches found
No related tags found
No related merge requests found
Changes
2
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
README.rst
+6
-1
6 additions, 1 deletion
README.rst
salt/files/minion
+431
-0
431 additions, 0 deletions
salt/files/minion
with
437 additions
and
1 deletion
README.rst
+
6
−
1
View file @
0c394aba
...
@@ -13,8 +13,13 @@ salt.master
...
@@ -13,8 +13,13 @@ salt.master
Install a master. Every option available in the master template can be set in the pillar file:
Install a master. Every option available in the master template can be set in the pillar file:
::
salt:
salt:
ret_port: 4506
ret_port: 4506
master:
master:
user: saltuser
user: saltuser
...
...
minion:
user: saltuser
...
This diff is collapsed.
Click to expand it.
salt/files/minion
0 → 100644
+
431
−
0
View file @
0c394aba
# This file managed by Salt, do not edit!!
{% set salt = pillar.get('salt', {}) -%}
{% set minion = salt.get('minion', {}) -%}
##### Primary configuration settings #####
##########################################
# Per default the minion will automatically include all config files
# from minion.d/*.conf (minion.d is a directory in the same directory
# as the main minion config file).
default_include: {{ minion.get('default_include', 'minion.d/*.conf') }}
# Set the location of the salt master server, if the master server cannot be
# resolved, then the minion will fail to start.
master: {{ minion.get('master', 'salt') }}
# Set whether the minion should connect to the master via IPv6
ipv6: {{ minion.get('ipv6', 'False') }}
# Set the number of seconds to wait before attempting to resolve
# the master hostname if name resolution fails. Defaults to 30 seconds.
# Set to zero if the minion should shutdown and not retry.
retry_dns: {{ minion.get('retry_dns', '30') }}
# Set the port used by the master reply and authentication server
master_port: {{ minion.get('master_port', '4506') }}
# The user to run salt
user: {{ minion.get('user', 'root') }}
# Specify the location of the daemon process ID file
pidfile: {{ minion.get('pidfile', '/var/run/salt-minion.pid') }}
# The root directory prepended to these options: pki_dir, cachedir, log_file,
# sock_dir, pidfile.
root_dir: {{ minion.get('root_dir', '/') }}
# The directory to store the pki information in
pki_dir: {{ minion.get('pki_dir', '/etc/salt/pki/minion') }}
# Explicitly declare the id for this minion to use, if left commented the id
# will be the hostname as returned by the python call: socket.getfqdn()
# Since salt uses detached ids it is possible to run multiple minions on the
# same machine but with different ids, this can be useful for salt compute
# clusters.
#id:
{% if minion['id'] is defined -%}
id: minion['id']
{% endif -%}
# Append a domain to a hostname in the event that it does not exist. This is
# useful for systems where socket.getfqdn() does not actually result in a
# FQDN (for instance, Solaris).
#append_domain:
{% if minion['append_domain'] is defined -%}
append_domain: minion['append_domain']
{% endif -%}
# Custom static grains for this minion can be specified here and used in SLS
# files just like all other grains. This example sets 4 custom grains, with
# the 'roles' grain having two values that can be matched against:
#grains:
# roles:
# - webserver
# - memcache
# deployment: datacenter4
# cabinet: 13
# cab_u: 14-15
# Where cache data goes
cachedir: {{ minion.get('cachedir', '/var/cache/salt/minion') }}
# Verify and set permissions on configuration directories at startup
verify_env: {{ minion.get('verify_env', 'True') }}
# The minion can locally cache the return data from jobs sent to it, this
# can be a good way to keep track of jobs the minion has executed
# (on the minion side). By default this feature is disabled, to enable
# set cache_jobs to True
cache_jobs: {{ minion.get('cache_jobs', 'False') }}
# set the directory used to hold unix sockets
sock_dir: {{ minion.get('sock_dir', '/var/run/salt/minion') }}
# Set the default outputter used by the salt-call command. The default is
# "nested"
output: {{ minion.get('output', 'nested') }}
#
# By default output is colored, to disable colored output set the color value
# to False
color: {{ minion.get('color', 'True') }}
# Backup files that are replaced by file.managed and file.recurse under
# 'cachedir'/file_backups relative to their original location and appended
# with a timestamp. The only valid setting is "minion". Disabled by default.
#
# Alternatively this can be specified for each file in state files:
#
# /etc/ssh/sshd_config:
# file.managed:
# - source: salt://ssh/sshd_config
# - backup: minion
#
backup_mode: {{ minion.get('backup_mode', 'minion') }}
# When waiting for a master to accept the minion's public key, salt will
# continuously attempt to reconnect until successful. This is the time, in
# seconds, between those reconnection attempts.
acceptance_wait_time: {{ minion.get('acceptance_wait_time', '10') }}
# The loop_interval sets how long in seconds the minion will wait between
# evaluating the scheduler and running cleanup tasks. This defaults to a
# sane 60 seconds, but if the minion scheduler needs to be evaluated more
# often lower this value
loop_interval: {{ minion.get('loop_interval', '60') }}
# When healing, a dns_check is run. This is to make sure that the originally
# resolved dns has not changed. If this is something that does not happen in
# your environment, set this value to False.
dns_check: {{ minion.get('dns_check', 'True') }}
# Windows platforms lack posix IPC and must rely on slower TCP based inter-
# process communications. Set ipc_mode to 'tcp' on such systems
ipc_mode: {{ minion.get('ipc_mode', 'ipc') }}
#
# Overwrite the default tcp ports used by the minion when in tcp mode
tcp_pub_port: {{ minion.get('tcp_pub_port', '4510') }}
tcp_pull_port: {{ minion.get('tcp_pull_port', '4511') }}
# The minion can include configuration from other files. To enable this,
# pass a list of paths to this option. The paths can be either relative or
# absolute; if relative, they are considered to be relative to the directory
# the main minion configuration file lives in (this file). Paths can make use
# of shell-style globbing. If no files are matched by a path passed to this
# option then the minion will log a warning message.
#
#
# Include a config file from some other path:
# include: /etc/salt/extra_config
#
# Include config from several files and directories:
# include:
# - /etc/salt/extra_config
# - /etc/roles/webserver
##### Minion module management #####
##########################################
# Disable specific modules. This allows the admin to limit the level of
# access the master has to the minion
disable_modules: {{ [','.join(
minion.get('disable_modules', ['cmd', 'test'])
)] }}
disable_returners: {{ [ ','.join(
minion.get('disable_returners', [])
) ] }}
#
# Modules can be loaded from arbitrary paths. This enables the easy deployment
# of third party modules. Modules for returners and minions can be loaded.
# Specify a list of extra directories to search for minion modules and
# returners. These paths must be fully qualified!
module_dirs: {{ [ ','.join(
minion.get('module_dirs', [])
) ] }}
returner_dirs: {{ [ ','.join(
minion.get('returner_dirs', [])
) ] }}
states_dirs: {{ [ ','.join(
minion.get('states_dirs', [])
) ] }}
render_dirs: {{ [ ','.join(
minion.get('render_dirs', [])
) ] }}
#
# A module provider can be statically overwritten or extended for the minion
# via the providers option, in this case the default module will be
# overwritten by the specified module. In this example the pkg module will
# be provided by the yumpkg5 module instead of the system default.
#
# providers:
# pkg: yumpkg5
#
# Enable Cython modules searching and loading. (Default: False)
cython_enable: {{ minion.get('cython_enable', 'False') }}
#
##### State Management Settings #####
###########################################
# The state management system executes all of the state templates on the minion
# to enable more granular control of system state management. The type of
# template and serialization used for state management needs to be configured
# on the minion, the default renderer is yaml_jinja. This is a yaml file
# rendered from a jinja template, the available options are:
# yaml_jinja
# yaml_mako
# yaml_wempy
# json_jinja
# json_mako
# json_wempy
#
renderer: {{ minion.get('renderer', 'yaml_jinja') }}
#
# The failhard option tells the minions to stop immediately after the first
# failure detected in the state execution, defaults to False
failhard: {{ minion.get('failhard', 'False') }}
#
# autoload_dynamic_modules Turns on automatic loading of modules found in the
# environments on the master. This is turned on by default, to turn of
# autoloading modules when states run set this value to False
autoload_dynamic_modules: {{ minion.get('autoload_dynamic_modules', 'True') }}
#
# clean_dynamic_modules keeps the dynamic modules on the minion in sync with
# the dynamic modules on the master, this means that if a dynamic module is
# not on the master it will be deleted from the minion. By default this is
# enabled and can be disabled by changing this value to False
clean_dynamic_modules: {{ minion.get('clean_dynamic_modules', 'True') }}
#
# Normally the minion is not isolated to any single environment on the master
# when running states, but the environment can be isolated on the minion side
# by statically setting it. Remember that the recommended way to manage
# environments is to isolate via the top file.
environment: {{ minion.get('environment', 'None') }}
#
# If using the local file directory, then the state top file name needs to be
# defined, by default this is top.sls.
state_top: {{ minion.get('state_top', 'top.sls') }}
#
# Run states when the minion daemon starts. To enable, set startup_states to:
# 'highstate' -- Execute state.highstate
# 'sls' -- Read in the sls_list option and execute the named sls files
# 'top' -- Read top_file option and execute based on that file on the Master
startup_states: {{ salt.get('startup_states', "''") }}
#
# list of states to run when the minion starts up if startup_states is 'sls'
#sls_list:
# - edit.vim
# - hyper
#
# top file to execute if startup_states is 'top'
top_file: {{ salt.get('top_file', "''") }}
##### File Directory Settings #####
##########################################
# The Salt Minion can redirect all file server operations to a local directory,
# this allows for the same state tree that is on the master to be used if
# copied completely onto the minion. This is a literal copy of the settings on
# the master but used to reference a local directory on the minion.
# Set the file client, the client defaults to looking on the master server for
# files, but can be directed to look at the local file directory setting
# defined below by setting it to local.
file_client: {{ minion.get('file_client', 'remote') }}
# The file directory works on environments passed to the minion, each environment
# can have multiple root directories, the subdirectories in the multiple file
# roots cannot match, otherwise the downloaded files will not be able to be
# reliably ensured. A base environment is required to house the top file.
# Example:
# file_roots:
# base:
# - /srv/salt/
# dev:
# - /srv/salt/dev/services
# - /srv/salt/dev/states
# prod:
# - /srv/salt/prod/services
# - /srv/salt/prod/states
#
# Default:
#file_roots:
# base:
# - /srv/salt
# The hash_type is the hash to use when discovering the hash of a file in
# the minion directory, the default is md5, but sha1, sha224, sha256, sha384
# and sha512 are also supported.
hash_type: {{ minion.get('hash_type', 'md5') }}
# The Salt pillar is searched for locally if file_client is set to local. If
# this is the case, and pillar data is defined, then the pillar_roots need to
# also be configured on the minion:
#pillar_roots:
# base:
# - /srv/pillar
###### Security settings #####
###########################################
# Enable "open mode", this mode still maintains encryption, but turns off
# authentication, this is only intended for highly secure environments or for
# the situation where your keys end up in a bad state. If you run in open mode
# you do so at your own risk!
open_mode: {{ minion.get('open_mode', 'False') }}
# Enable permissive access to the salt keys. This allows you to run the
# master or minion as root, but have a non-root group be given access to
# your pki_dir. To make the access explicit, root must belong to the group
# you've given access to. This is potentially quite insecure.
permissive_pki_access: {{ minion.get('permissive_pki_access', 'False') }}
# The state_verbose and state_output settings can be used to change the way
# state system data is printed to the display. By default all data is printed.
# The state_verbose setting can be set to True or False, when set to False
# all data that has a result of True and no changes will be suppressed.
state_verbose: {{ minion.get('state_verbose', 'True') }}
#
# The state_output setting changes if the output is the full multi line
# output for each changed state if set to 'full', but if set to 'terse'
# the output will be shortened to a single line.
state_output: {{ minion.get('state_output', 'full') }}
#
# Fingerprint of the master public key to double verify the master is valid,
# the master fingerprint can be found by running "salt-key -F master" on the
# salt master.
master_finger: {{ salt.get('master_finger', "''") }}
###### Thread settings #####
###########################################
# Disable multiprocessing support, by default when a minion receives a
# publication a new process is spawned and the command is executed therein.
multiprocessing: {{ minion.get('multiprocessing', 'True') }}
##### Logging settings #####
##########################################
# The location of the minion log file
# The minion log can be sent to a regular file, local path name, or network
# location. Remote logging works best when configured to use rsyslogd(8) (e.g.:
# ``file:///dev/log``), with rsyslogd(8) configured for network logging. The URI
# format is: <file|udp|tcp>://<host|socketpath>:<port-if-required>/<log-facility>
#log_file: /var/log/salt/minion
#log_file: file:///dev/log
#log_file: udp://loghost:10514
#
#log_file: /var/log/salt/minion
#key_logfile: /var/log/salt/key
#
# The level of messages to send to the console.
# One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'.
# Default: 'warning'
#log_level: warning
#
# The level of messages to send to the log file.
# One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'.
# Default: 'warning'
log_level_logfile: {{ minion.get('log_level_logfile', 'warning') }}
# The date and time format used in log messages. Allowed date/time formating
# can be seen here: http://docs.python.org/library/time.html#time.strftime
#log_datefmt: '%H:%M:%S'
#log_datefmt_logfile: '%Y-%m-%d %H:%M:%S'
#
# The format of the console logging messages. Allowed formatting options can
# be seen here: http://docs.python.org/library/logging.html#logrecord-attributes
#log_fmt_console: '[%(levelname)-8s] %(message)s'
#log_fmt_logfile: '%(asctime)s,%(msecs)03.0f [%(name)-17s][%(levelname)-8s] %(message)s'
#
# This can be used to control logging levels more specificically. This
# example sets the main salt library at the 'warning' level, but sets
# 'salt.modules' to log at the 'debug' level:
# log_granular_levels:
# 'salt': 'warning',
# 'salt.modules': 'debug'
#
#log_granular_levels: {}
###### Module configuration #####
###########################################
# Salt allows for modules to be passed arbitrary configuration data, any data
# passed here in valid yaml format will be passed on to the salt minion modules
# for use. It is STRONGLY recommended that a naming convention be used in which
# the module name is followed by a . and then the value. Also, all top level
# data must be applied via the yaml dict construct, some examples:
#
# You can specify that all modules should run in test mode:
#test: True
#
# A simple value for the test module:
#test.foo: foo
#
# A list for the test module:
#test.bar: [baz,quo]
#
# A dict for the test module:
#test.baz: {spam: sausage, cheese: bread}
###### Update settings ######
###########################################
# Using the features in Esky, a salt minion can both run as a frozen app and
# be updated on the fly. These options control how the update process
# (saltutil.update()) behaves.
#
# The url for finding and downloading updates. Disabled by default.
update_url: {{ minion.get('update_url', 'False') }}
#
# The list of services to restart after a successful update. Empty by default.
update_restart_services: {{ [ ','.join(
minion.get('update_restart_services', [])
) ] }}
###### Keepalive settings ######
############################################
# ZeroMQ now includes support for configuring SO_KEEPALIVE if supported by
# the OS. If connections between the minion and the master pass through
# a state tracking device such as a firewall or VPN gateway, there is
# the risk that it could tear down the connection the master and minion
# without informing either party that their connection has been taken away.
# Enabling TCP Keepalives prevents this from happening.
#
# Overall state of TCP Keepalives, enable (1 or True), disable (0 or False)
# or leave to the OS defaults (-1), on Linux, typically disabled. Default True, enabled.
tcp_keepalive: {{ minion.get('tcp_keepalive', 'True') }}
#
# How long before the first keepalive should be sent in seconds. Default 300
# to send the first keepalive after 5 minutes, OS default (-1) is typically 7200 seconds
# on Linux see /proc/sys/net/ipv4/tcp_keepalive_time.
tcp_keepalive_idle: {{ minion.get('tcp_keepalive_idle', '300') }}
#
# How many lost probes are needed to consider the connection lost. Default -1
# to use OS defaults, typically 9 on Linux, see /proc/sys/net/ipv4/tcp_keepalive_probes.
tcp_keepalive_cnt: {{ minion.get('tcp_keepalive_cnt', '-1') }}
#
# How often, in seconds, to send keepalives after the first one. Default -1 to
# use OS defaults, typically 75 seconds on Linux, see
# /proc/sys/net/ipv4/tcp_keepalive_intvl.
tcp_keepalive_intvl: {{ minion.get('tcp_keepalive_intvl', '-1') }}
###### Windows Software settings ######
############################################
# Location of the repository cache file on the master
# win_repo_cachefile: 'salt://win/repo/winrepo.p'
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
