vagrant-salt 0.3.2 → 0.4.0
Sign up to get free protection for your applications and to get access to all the features.
- data/README.rst +131 -170
- data/example/complete/Vagrantfile +67 -0
- data/example/complete/salt/custom-bootstrap-salt.sh +2425 -0
- data/example/complete/salt/key/master.pem +30 -0
- data/example/complete/salt/key/master.pub +14 -0
- data/example/complete/salt/key/minion.pem +30 -0
- data/example/complete/salt/key/minion.pub +14 -0
- data/example/complete/salt/master +459 -0
- data/example/{salt/minion.conf → complete/salt/minion} +1 -2
- data/example/{salt → complete/salt}/roots/pillar/top.sls +0 -0
- data/example/complete/salt/roots/salt/nginx.sls +5 -0
- data/example/complete/salt/roots/salt/top.sls +3 -0
- data/example/masterless/Vagrantfile +18 -0
- data/example/masterless/salt/minion +219 -0
- data/example/{salt/roots/salt → masterless/salt/roots/pillar}/top.sls +0 -0
- data/example/masterless/salt/roots/salt/nginx.sls +5 -0
- data/example/masterless/salt/roots/salt/top.sls +3 -0
- data/lib/vagrant-salt.rb +16 -3
- data/lib/vagrant-salt/config.rb +103 -0
- data/lib/vagrant-salt/errors.rb +11 -0
- data/lib/vagrant-salt/plugin.rb +31 -0
- data/lib/vagrant-salt/provisioner.rb +211 -104
- data/lib/vagrant-salt/version.rb +5 -0
- data/scripts/.travis.yml +16 -0
- data/scripts/ChangeLog +39 -0
- data/scripts/LICENSE +16 -0
- data/scripts/README.rst +124 -35
- data/scripts/bootstrap-salt-minion.sh +1815 -381
- data/scripts/bootstrap-salt.sh +2425 -0
- data/scripts/salt-bootstrap.sh +2425 -0
- data/scripts/tests/README.rst +38 -0
- data/scripts/tests/bootstrap/__init__.py +11 -0
- data/{example/salt/key/KEYPAIR_GOES_HERE → scripts/tests/bootstrap/ext/__init__.py} +0 -0
- data/scripts/tests/bootstrap/ext/console.py +100 -0
- data/scripts/tests/bootstrap/ext/os_data.py +199 -0
- data/scripts/tests/bootstrap/test_install.py +586 -0
- data/scripts/tests/bootstrap/test_lint.py +27 -0
- data/scripts/tests/bootstrap/test_usage.py +28 -0
- data/scripts/tests/bootstrap/unittesting.py +216 -0
- data/scripts/tests/ext/checkbashisms +640 -0
- data/scripts/tests/install-testsuite-deps.py +99 -0
- data/scripts/tests/runtests.py +207 -0
- data/templates/locales/en.yml +14 -0
- data/vagrant-salt.gemspec +2 -2
- metadata +43 -10
- data/example/Vagrantfile +0 -26
- data/lib/vagrant_init.rb +0 -1
@@ -0,0 +1,30 @@
|
|
1
|
+
-----BEGIN RSA PRIVATE KEY-----
|
2
|
+
MIIFIwIBAAKCAgEAxmIlzFFT8FfhDcv0jNo+hkS/M+VyFqLrOjyH52PoYe3dcgP2
|
3
|
+
05RWj9VYjjauH+W+MPPS0t0WP0SSOzI0DEuEnxwA8SCs2cBkI/4ydc2vJXsgpPOC
|
4
|
+
az3Nrl4KmlRqs0v+lgWr6lukuM9DpEl6vwkSTu9DH7bvjQGawRfjIfRm5bu14iKb
|
5
|
+
slX8yMqzO2T79fUkOwW9ugRKGqB2uhoLhwHtpBHDi6Pa4zuQSfgXus4UreQmI9nP
|
6
|
+
9q3el6AwsXjD/myKwmCJnKV7RHiEC0sxWmlD6OqpdmLfSCYHQ2BitNu0z7SxCevx
|
7
|
+
AL8V7QzXNdUtuLXSV1JIZIrnkOWM69CpPJ+bDh3QOtaUqrK2SY6aaMPC8gq79mvw
|
8
|
+
w4dhvYv7hPiXMdW3Jj30zQMf1MJBOFSam82UfjE25dz8hb/VxbnrB5VLy2vwvWLB
|
9
|
+
xUsCdkChRJ98AyXFQC01rwNXlCP5h05L0tHMbHhusk5y4+bH48ar7oFBGrNX9OHf
|
10
|
+
SETWDhIQdUzNEGwl2Sh0I2reSQs3yos6fUXN64Q0r1flLUCWU/j+/07imfHWI4gm
|
11
|
+
ZoPc7cjaK1bGNASC+SBlMl8xqVCwNZzjT239Ea1QD22MLeZH4zCaCizRpZ1Py14o
|
12
|
+
RJUYVAblGTmxJDciSNotaXpCnCNJowuz+dsM++8ZNuPmUo0Q/o4IxMfb38ECAQEC
|
13
|
+
AQECggEBAOZJ1E7Ean08hhp5xG7fN0j5kEgvOcqDuIBDdJngaIlHHdoV/ggmyxcM
|
14
|
+
CWvbRpBeqSb5sHGt1g4eTGIb2XZDKDC7Xbhqcxh0diK603w3yGmbg6L/dI7XMalf
|
15
|
+
Ni/EGJ6dNP2zbqmYJJYviRKbradddY07lpA3wbgPFxvG6GsXM11DUp07CA5ZB0pQ
|
16
|
+
zd9ht+ua8DfWnbwH9CUnlnAylRDYTfgVRcA4E75vbiVnY7Am+Yu0Aqrxd3Q1wNlZ
|
17
|
+
/Ha7selgStlF6wi/H/9uWVptITAPDM+EuCaIdHqmkptvBkrgu1NFDU8Pxn7g/XnB
|
18
|
+
h81aWNcIc/MMcEj2mWVwOQHKzapBBM0CggEBANyIZmj25qqvP/PmyDsnwHpQAabh
|
19
|
+
JAW4T0hT7wqCDpl965Mxu7JPd9tzXcMzPooGU8q+rEZ81mPMg6Rcm+c7EgZoTGo3
|
20
|
+
NtnYh1tH2YGawbaMzeY3CE335Bdc2FaCkJ1+Tlg3Rv+nYmdtYsE+dOBjE0ukU/L3
|
21
|
+
YZv5FrrL8awfr3/BMFTs/Om2vk7DuH9tpN9qp8IGoowxwLjvotW90kN0PADPzKgo
|
22
|
+
SMbeOYjR3XK/+rhXjNPD2+Q9ILxwXRc1aHez0fkC/wSdqZDA6CEx99QY9wC0aAvS
|
23
|
+
VTk0jcPmPJ0mkkDH22AimyT9uSBnnd8kT6gqXtzTCf4Xvt5hkAww81eP5sUCAQEC
|
24
|
+
AQECggEBAKaPwihsV3L+2MFPeI+GoSekjRSzU/qZ1FCCAa2MyWVqaRqwIwPApT7o
|
25
|
+
Is3P5iTaw6fIWFr+KUWgncJJiE7ZBo0mxYGuaSdafs0giUo++P4jeF1zxLeytoUB
|
26
|
+
KUSHJOgrRkXFwA9euXAxUP6L2pxAuCXev97hJT4/j9BW8x5nN3brS8X2Ms8s/mSK
|
27
|
+
TpKoLIv7w9S/OjbMKFcIR8tEZTUwPLF3UoGebhFHR6kV3GGVxWfWKmGJZm65G6e0
|
28
|
+
DHBGVrteVTNATLHwrz0Mki1YsHKZkWgwbdkIDBltw+tgowq525FP8ZLuPm2javwb
|
29
|
+
nETswOHlDOfLKvrrnkbeoojW4XaVgW8=
|
30
|
+
-----END RSA PRIVATE KEY-----
|
@@ -0,0 +1,14 @@
|
|
1
|
+
-----BEGIN PUBLIC KEY-----
|
2
|
+
MIICIDANBgkqhkiG9w0BAQEFAAOCAg0AMIICCAKCAgEAxmIlzFFT8FfhDcv0jNo+
|
3
|
+
hkS/M+VyFqLrOjyH52PoYe3dcgP205RWj9VYjjauH+W+MPPS0t0WP0SSOzI0DEuE
|
4
|
+
nxwA8SCs2cBkI/4ydc2vJXsgpPOCaz3Nrl4KmlRqs0v+lgWr6lukuM9DpEl6vwkS
|
5
|
+
Tu9DH7bvjQGawRfjIfRm5bu14iKbslX8yMqzO2T79fUkOwW9ugRKGqB2uhoLhwHt
|
6
|
+
pBHDi6Pa4zuQSfgXus4UreQmI9nP9q3el6AwsXjD/myKwmCJnKV7RHiEC0sxWmlD
|
7
|
+
6OqpdmLfSCYHQ2BitNu0z7SxCevxAL8V7QzXNdUtuLXSV1JIZIrnkOWM69CpPJ+b
|
8
|
+
Dh3QOtaUqrK2SY6aaMPC8gq79mvww4dhvYv7hPiXMdW3Jj30zQMf1MJBOFSam82U
|
9
|
+
fjE25dz8hb/VxbnrB5VLy2vwvWLBxUsCdkChRJ98AyXFQC01rwNXlCP5h05L0tHM
|
10
|
+
bHhusk5y4+bH48ar7oFBGrNX9OHfSETWDhIQdUzNEGwl2Sh0I2reSQs3yos6fUXN
|
11
|
+
64Q0r1flLUCWU/j+/07imfHWI4gmZoPc7cjaK1bGNASC+SBlMl8xqVCwNZzjT239
|
12
|
+
Ea1QD22MLeZH4zCaCizRpZ1Py14oRJUYVAblGTmxJDciSNotaXpCnCNJowuz+dsM
|
13
|
+
++8ZNuPmUo0Q/o4IxMfb38ECAQE=
|
14
|
+
-----END PUBLIC KEY-----
|
@@ -0,0 +1,30 @@
|
|
1
|
+
-----BEGIN RSA PRIVATE KEY-----
|
2
|
+
MIIFIwIBAAKCAgEA88CnFQlOsS3eQRAykvqPxG+o8I+VXoXSGvtiN8MoOpzZbb9P
|
3
|
+
5m5Nm9mKyHhimbLhXIrwHOHkZvrRtcE/ceu3E2ymt3WC5CW0t49t0DSwZl5oI5I9
|
4
|
+
16fF+6jzb+LuAKt8K8EYrf5/F/Xu2RxuJTaft2UBrl+rjdCzGxM5hGbK0gB1h4Ti
|
5
|
+
j/j75poVCYVBKcFm6d4Uqs4T/2COTlQKDl/w5UMmBmBqd/5RZ/bW2SzrUjJfIi3t
|
6
|
+
EkgYXVvBRFSCUSrwfFL5WMC22IIl03CJipa9twsGfKPYOnXUgfHt1vLosncOBHQv
|
7
|
+
iM3aTIHcs8lbi4UBaO/pk3WRuEKCBE/Tl1F8JkAR2jFe/EeAeNTC2YYyLgtgVORt
|
8
|
+
kIxBOUY8TWC4qsHNqDb9bX4VlDOAkJyKbz72WNyx4clGjjI/bq0X99INh5yhH6JJ
|
9
|
+
v2Njf4LnTwF6PQc/JZkMq6O73IiNM8WvL72rYbGH7AjIT2QpGBSQvpn9HTS9QOrq
|
10
|
+
bZ4gedebZ7XrrU815/ZgrMkOZykukonhjB7Y4kldX9YK0aDL0J1buo/YVyfz7TMh
|
11
|
+
EfoC9FYZa5s6SvBYVS6QlzTto64S4IudfY/EMf9y3C7GyH1DTbdCTOnKM35lHsDR
|
12
|
+
8ojabHa7O9c4i22rOBLzHpiEucBLpT/y2VwOZI/l4iXFYvrqFJ7XXeZczU0CAQEC
|
13
|
+
AQECggEBAP9Fhvl7EpF9NTZ24v98H9VtOyWvdmJcZT1w1QzNZPyoIIQGwVITfSds
|
14
|
+
U9hD29VBxlJhfdEygMnDRodNHFtqDKBgm0Fq4wNvlEYn61P/y1Jukvv7lJNb3v5D
|
15
|
+
4T4egTDYOFJ3j9L8otxv53fVxBytoR5hXqpO9+QJoJTWXVhLrrMx7AG5w0D/2pMP
|
16
|
+
MRGYAHCgIw1e5Mx9wzN7g4YMcR4pqrH7cy3liGxxVquMTg2k9b0AHuysyYo8iOQv
|
17
|
+
aXiNsglyCz+9MRUq2+EWsoR1NnyhO9d/5Ts20DU776tXZQA9xKQhtTrpWDT6KWyc
|
18
|
+
F14m0lKigtjsIT+mQN2Dy6V+KRfAU2ECggEBAPRytf21R3NIIUMUQp5ljQPHQW5/
|
19
|
+
Ce2s6gKvatm0NiFdxMnayeWdOQYCtMNthPh5jysv2hcmeNL1uJjbU5WUPa35kp7V
|
20
|
+
I5JzpBG/bYG+LmWb1rJ7tWcJJrM0nw1v4imtm3comu4ur/orlZbgM80CPyD9KClC
|
21
|
+
jJKDlhe/EiJhHDvhK1QrSjV/0ol8L2MPXN8nO6MWG8JWXwAfUnywL2Sj2qLFbskJ
|
22
|
+
aotPiM1XCZk+Q5j3GuF1R2sqBTJlriXxehrm20LWrdNq4+Ra1snyoRStEmXn4MAo
|
23
|
+
kdbjtr15isCQCztFBLU9arZ7bBxy7v6Vz82iIBWA0ouZOuajGBhParGZbW0CAQEC
|
24
|
+
AQECggEBAOeOV5VGYBfmP/UYtmNMh3lvyHWK6cTkoQHW82/wx3LOQAUszjvlfCUA
|
25
|
+
+MSd08m1uIj3IMqX9CLc1sxTo5mbnxwkZo4BduaKjDluQcoLgLTeKtVFrnBtySpu
|
26
|
+
hKriA+LF16e28+OgCuSD2y0LzWD1ELMr+96WpLKw6Y81wVP7kJv/DjU6dtAf8Mvu
|
27
|
+
sYWJxMib9sVGIaTfVzkWL2erlBRn7R68x5zlyC5Z++nUZ/e6aJhrQcHGc9a5fvxY
|
28
|
+
zcH1gxNKguNEHUl14o7lkk98/RgSFto1jhdfLlF7pHCtzc21zHF75RLiSWbjNmsx
|
29
|
+
wb8w4QO4WMsCytE9ypB4VQdEMg9qCsw=
|
30
|
+
-----END RSA PRIVATE KEY-----
|
@@ -0,0 +1,14 @@
|
|
1
|
+
-----BEGIN PUBLIC KEY-----
|
2
|
+
MIICIDANBgkqhkiG9w0BAQEFAAOCAg0AMIICCAKCAgEA88CnFQlOsS3eQRAykvqP
|
3
|
+
xG+o8I+VXoXSGvtiN8MoOpzZbb9P5m5Nm9mKyHhimbLhXIrwHOHkZvrRtcE/ceu3
|
4
|
+
E2ymt3WC5CW0t49t0DSwZl5oI5I916fF+6jzb+LuAKt8K8EYrf5/F/Xu2RxuJTaf
|
5
|
+
t2UBrl+rjdCzGxM5hGbK0gB1h4Tij/j75poVCYVBKcFm6d4Uqs4T/2COTlQKDl/w
|
6
|
+
5UMmBmBqd/5RZ/bW2SzrUjJfIi3tEkgYXVvBRFSCUSrwfFL5WMC22IIl03CJipa9
|
7
|
+
twsGfKPYOnXUgfHt1vLosncOBHQviM3aTIHcs8lbi4UBaO/pk3WRuEKCBE/Tl1F8
|
8
|
+
JkAR2jFe/EeAeNTC2YYyLgtgVORtkIxBOUY8TWC4qsHNqDb9bX4VlDOAkJyKbz72
|
9
|
+
WNyx4clGjjI/bq0X99INh5yhH6JJv2Njf4LnTwF6PQc/JZkMq6O73IiNM8WvL72r
|
10
|
+
YbGH7AjIT2QpGBSQvpn9HTS9QOrqbZ4gedebZ7XrrU815/ZgrMkOZykukonhjB7Y
|
11
|
+
4kldX9YK0aDL0J1buo/YVyfz7TMhEfoC9FYZa5s6SvBYVS6QlzTto64S4IudfY/E
|
12
|
+
Mf9y3C7GyH1DTbdCTOnKM35lHsDR8ojabHa7O9c4i22rOBLzHpiEucBLpT/y2VwO
|
13
|
+
ZI/l4iXFYvrqFJ7XXeZczU0CAQE=
|
14
|
+
-----END PUBLIC KEY-----
|
@@ -0,0 +1,459 @@
|
|
1
|
+
##### Primary configuration settings #####
|
2
|
+
##########################################
|
3
|
+
# This configuration file is used to manage the behavior of the Salt Master
|
4
|
+
# Values that are commented out but have no space after the comment are
|
5
|
+
# defaults that need not be set in the config. If there is a space after the
|
6
|
+
# comment that the value is presented as an example and is not the default.
|
7
|
+
|
8
|
+
# Per default, the master will automatically include all config files
|
9
|
+
# from master.d/*.conf (master.d is a directory in the same directory
|
10
|
+
# as the main master config file)
|
11
|
+
#default_include: master.d/*.conf
|
12
|
+
|
13
|
+
# The address of the interface to bind to
|
14
|
+
#interface: 0.0.0.0
|
15
|
+
|
16
|
+
# The tcp port used by the publisher
|
17
|
+
#publish_port: 4505
|
18
|
+
|
19
|
+
# The user to run the salt-master as. Salt will update all permissions to
|
20
|
+
# allow the specified user to run the master. If the modified files cause
|
21
|
+
# conflicts set verify_env to False.
|
22
|
+
#user: root
|
23
|
+
|
24
|
+
# Max open files
|
25
|
+
# Each minion connecting to the master uses AT LEAST one file descriptor, the
|
26
|
+
# master subscription connection. If enough minions connect you might start
|
27
|
+
# seeing on the console(and then salt-master crashes):
|
28
|
+
# Too many open files (tcp_listener.cpp:335)
|
29
|
+
# Aborted (core dumped)
|
30
|
+
#
|
31
|
+
# By default this value will be the one of `ulimit -Hn`, ie, the hard limit for
|
32
|
+
# max open files.
|
33
|
+
#
|
34
|
+
# If you wish to set a different value than the default one, uncomment and
|
35
|
+
# configure this setting. Remember that this value CANNOT be higher than the
|
36
|
+
# hard limit. Raising the hard limit depends on your OS and/or distribution,
|
37
|
+
# a good way to find the limit is to search the internet for(for example):
|
38
|
+
# raise max open files hard limit debian
|
39
|
+
#
|
40
|
+
#max_open_files: 100000
|
41
|
+
|
42
|
+
# The number of worker threads to start, these threads are used to manage
|
43
|
+
# return calls made from minions to the master, if the master seems to be
|
44
|
+
# running slowly, increase the number of threads
|
45
|
+
#worker_threads: 5
|
46
|
+
|
47
|
+
# The port used by the communication interface. The ret (return) port is the
|
48
|
+
# interface used for the file server, authentication, job returnes, etc.
|
49
|
+
#ret_port: 4506
|
50
|
+
|
51
|
+
# Specify the location of the daemon process ID file
|
52
|
+
#pidfile: /var/run/salt-master.pid
|
53
|
+
|
54
|
+
# The root directory prepended to these options: pki_dir, cachedir,
|
55
|
+
# sock_dir, log_file, autosign_file, extension_modules, key_logfile, pidfile.
|
56
|
+
#root_dir: /
|
57
|
+
|
58
|
+
# Directory used to store public key data
|
59
|
+
#pki_dir: /etc/salt/pki/master
|
60
|
+
|
61
|
+
# Directory to store job and cache data
|
62
|
+
#cachedir: /var/cache/salt/master
|
63
|
+
|
64
|
+
# Verify and set permissions on configuration directories at startup
|
65
|
+
#verify_env: True
|
66
|
+
|
67
|
+
# Set the number of hours to keep old job information in the job cache
|
68
|
+
#keep_jobs: 24
|
69
|
+
|
70
|
+
# Set the default timeout for the salt command and api, the default is 5
|
71
|
+
# seconds
|
72
|
+
#timeout: 5
|
73
|
+
|
74
|
+
# The loop_interval option controls the seconds for the master's maintinance
|
75
|
+
# process check cycle. This process updates file server backends, cleans the
|
76
|
+
# job cache and executes the scheduler.
|
77
|
+
#loop_interval: 60
|
78
|
+
|
79
|
+
# Set the default outputter used by the salt command. The default is "nested"
|
80
|
+
#output: nested
|
81
|
+
|
82
|
+
# By default output is colored, to disable colored output set the color value
|
83
|
+
# to False
|
84
|
+
#color: True
|
85
|
+
|
86
|
+
# Set the directory used to hold unix sockets
|
87
|
+
#sock_dir: /var/run/salt/master
|
88
|
+
|
89
|
+
# The master maintains a job cache, while this is a great addition it can be
|
90
|
+
# a burden on the master for larger deployments (over 5000 minions).
|
91
|
+
# Disabling the job cache will make previously executed jobs unavailable to
|
92
|
+
# the jobs system and is not generally recommended.
|
93
|
+
#
|
94
|
+
#job_cache: True
|
95
|
+
|
96
|
+
# Cache minion grains and pillar data in the cachedir.
|
97
|
+
#minion_data_cache: True
|
98
|
+
|
99
|
+
# The master can include configuration from other files. To enable this,
|
100
|
+
# pass a list of paths to this option. The paths can be either relative or
|
101
|
+
# absolute; if relative, they are considered to be relative to the directory
|
102
|
+
# the main master configuration file lives in (this file). Paths can make use
|
103
|
+
# of shell-style globbing. If no files are matched by a path passed to this
|
104
|
+
# option then the master will log a warning message.
|
105
|
+
#
|
106
|
+
#
|
107
|
+
# Include a config file from some other path:
|
108
|
+
# include: /etc/salt/extra_config
|
109
|
+
#
|
110
|
+
# Include config from several files and directories:
|
111
|
+
# include:
|
112
|
+
# - /etc/salt/extra_config
|
113
|
+
|
114
|
+
|
115
|
+
##### Security settings #####
|
116
|
+
##########################################
|
117
|
+
# Enable "open mode", this mode still maintains encryption, but turns off
|
118
|
+
# authentication, this is only intended for highly secure environments or for
|
119
|
+
# the situation where your keys end up in a bad state. If you run in open mode
|
120
|
+
# you do so at your own risk!
|
121
|
+
#open_mode: False
|
122
|
+
|
123
|
+
# Enable auto_accept, this setting will automatically accept all incoming
|
124
|
+
# public keys from the minions. Note that this is insecure.
|
125
|
+
#auto_accept: False
|
126
|
+
|
127
|
+
# If the autosign_file is specified only incoming keys specified in
|
128
|
+
# the autosign_file will be automatically accepted. This is insecure.
|
129
|
+
# Regular expressions as well as globing lines are supported.
|
130
|
+
#autosign_file: /etc/salt/autosign.conf
|
131
|
+
|
132
|
+
# Enable permissive access to the salt keys. This allows you to run the
|
133
|
+
# master or minion as root, but have a non-root group be given access to
|
134
|
+
# your pki_dir. To make the access explicit, root must belong to the group
|
135
|
+
# you've given access to. This is potentially quite insecure.
|
136
|
+
# If an autosign_file is specified, enabling permissive_pki_access will allow group access
|
137
|
+
# to that specific file.
|
138
|
+
#permissive_pki_access: False
|
139
|
+
|
140
|
+
# Allow users on the master access to execute specific commands on minions.
|
141
|
+
# This setting should be treated with care since it opens up execution
|
142
|
+
# capabilities to non root users. By default this capability is completely
|
143
|
+
# disabled.
|
144
|
+
#
|
145
|
+
# client_acl:
|
146
|
+
# larry:
|
147
|
+
# - test.ping
|
148
|
+
# - network.*
|
149
|
+
#
|
150
|
+
|
151
|
+
# Blacklist any of the following users or modules
|
152
|
+
#
|
153
|
+
# This example would blacklist all non sudo users, including root from
|
154
|
+
# running any commands. It would also blacklist any use of the "cmd"
|
155
|
+
# module.
|
156
|
+
# This is completely disabled by default.
|
157
|
+
#
|
158
|
+
# client_acl_blacklist:
|
159
|
+
# users:
|
160
|
+
# - root
|
161
|
+
# - '^(?!sudo_).*$' # all non sudo users
|
162
|
+
# modules:
|
163
|
+
# - cmd
|
164
|
+
|
165
|
+
# The external auth system uses the Salt auth modules to authenticate and
|
166
|
+
# validate users to access areas of the Salt system
|
167
|
+
#
|
168
|
+
# external_auth:
|
169
|
+
# pam:
|
170
|
+
# fred:
|
171
|
+
# - test.*
|
172
|
+
#
|
173
|
+
# Time (in seconds) for a newly generated token to live. Default: 12 hours
|
174
|
+
# token_expire: 43200
|
175
|
+
|
176
|
+
|
177
|
+
##### Master Module Management #####
|
178
|
+
##########################################
|
179
|
+
# Manage how master side modules are loaded
|
180
|
+
|
181
|
+
# Add any additional locations to look for master runners
|
182
|
+
#runner_dirs: []
|
183
|
+
|
184
|
+
# Enable Cython for master side modules
|
185
|
+
#cython_enable: False
|
186
|
+
|
187
|
+
|
188
|
+
##### State System settings #####
|
189
|
+
##########################################
|
190
|
+
# The state system uses a "top" file to tell the minions what environment to
|
191
|
+
# use and what modules to use. The state_top file is defined relative to the
|
192
|
+
# root of the base environment as defined in "File Server settings" below.
|
193
|
+
#state_top: top.sls
|
194
|
+
|
195
|
+
# The master_tops option replaces the external_nodes option by creating
|
196
|
+
# a plugable system for the generation of external top data. The external_nodes
|
197
|
+
# option is deprecated by the master_tops option.
|
198
|
+
# To gain the capabilities of the classic external_nodes system, use the
|
199
|
+
# following configuration:
|
200
|
+
# master_tops:
|
201
|
+
# ext_nodes: <Shell command which returns yaml>
|
202
|
+
#
|
203
|
+
#master_tops: {}
|
204
|
+
|
205
|
+
# The external_nodes option allows Salt to gather data that would normally be
|
206
|
+
# placed in a top file. The external_nodes option is the executable that will
|
207
|
+
# return the ENC data. Remember that Salt will look for external nodes AND top
|
208
|
+
# files and combine the results if both are enabled!
|
209
|
+
#external_nodes: None
|
210
|
+
|
211
|
+
# The renderer to use on the minions to render the state data
|
212
|
+
#renderer: yaml_jinja
|
213
|
+
|
214
|
+
# The failhard option tells the minions to stop immediately after the first
|
215
|
+
# failure detected in the state execution, defaults to False
|
216
|
+
#failhard: False
|
217
|
+
|
218
|
+
# The state_verbose and state_output settings can be used to change the way
|
219
|
+
# state system data is printed to the display. By default all data is printed.
|
220
|
+
# The state_verbose setting can be set to True or False, when set to False
|
221
|
+
# all data that has a result of True and no changes will be suppressed.
|
222
|
+
#state_verbose: True
|
223
|
+
|
224
|
+
# The state_output setting changes if the output is the full multi line
|
225
|
+
# output for each changed state if set to 'full', but if set to 'terse'
|
226
|
+
# the output will be shortened to a single line.
|
227
|
+
#state_output: full
|
228
|
+
|
229
|
+
|
230
|
+
##### File Server settings #####
|
231
|
+
##########################################
|
232
|
+
# Salt runs a lightweight file server written in zeromq to deliver files to
|
233
|
+
# minions. This file server is built into the master daemon and does not
|
234
|
+
# require a dedicated port.
|
235
|
+
|
236
|
+
# The file server works on environments passed to the master, each environment
|
237
|
+
# can have multiple root directories, the subdirectories in the multiple file
|
238
|
+
# roots cannot match, otherwise the downloaded files will not be able to be
|
239
|
+
# reliably ensured. A base environment is required to house the top file.
|
240
|
+
# Example:
|
241
|
+
# file_roots:
|
242
|
+
# base:
|
243
|
+
# - /srv/salt/
|
244
|
+
# dev:
|
245
|
+
# - /srv/salt/dev/services
|
246
|
+
# - /srv/salt/dev/states
|
247
|
+
# prod:
|
248
|
+
# - /srv/salt/prod/services
|
249
|
+
# - /srv/salt/prod/states
|
250
|
+
|
251
|
+
#file_roots:
|
252
|
+
# base:
|
253
|
+
# - /srv/salt
|
254
|
+
|
255
|
+
# The hash_type is the hash to use when discovering the hash of a file on
|
256
|
+
# the master server, the default is md5, but sha1, sha224, sha256, sha384
|
257
|
+
# and sha512 are also supported.
|
258
|
+
#hash_type: md5
|
259
|
+
|
260
|
+
# The buffer size in the file server can be adjusted here:
|
261
|
+
#file_buffer_size: 1048576
|
262
|
+
|
263
|
+
# A regular expression (or a list of expressions) that will be matched
|
264
|
+
# against the file path before syncing the modules and states to the minions.
|
265
|
+
# This includes files affected by the file.recurse state.
|
266
|
+
# For example, if you manage your custom modules and states in subversion
|
267
|
+
# and don't want all the '.svn' folders and content synced to your minions,
|
268
|
+
# you could set this to '/\.svn($|/)'. By default nothing is ignored.
|
269
|
+
# file_ignore_regex:
|
270
|
+
# - '/\.svn($|/)'
|
271
|
+
# - '/\.git($|/)'
|
272
|
+
|
273
|
+
# A file glob (or list of file globs) that will be matched against the file
|
274
|
+
# path before syncing the modules and states to the minions. This is similar
|
275
|
+
# to file_ignore_regex above, but works on globs instead of regex. By default
|
276
|
+
# nothing is ignored.
|
277
|
+
# file_ignore_glob:
|
278
|
+
# - '*.pyc'
|
279
|
+
# - '*/somefolder/*.bak'
|
280
|
+
|
281
|
+
# File Server Backend
|
282
|
+
# Salt supports a modular fileserver backend system, this system allows
|
283
|
+
# the salt master to link directly to third party systems to gather and
|
284
|
+
# manage the files available to minions. Multiple backends can be
|
285
|
+
# configured and will be searched for the requested file in the order in which
|
286
|
+
# they are defined here. The default setting only enables the standard backend
|
287
|
+
# "roots" which uses the "file_roots" option.
|
288
|
+
#fileserver_backend:
|
289
|
+
# - roots
|
290
|
+
# To use multiple backends list them in the order they are searched:
|
291
|
+
# fileserver_backend:
|
292
|
+
# - git
|
293
|
+
# - roots
|
294
|
+
|
295
|
+
# Git fileserver backend configuration
|
296
|
+
# When using the git fileserver backend at least one git remote needs to be
|
297
|
+
# defined. The user running the salt master will need read access to the repo.
|
298
|
+
# gitfs_remotes:
|
299
|
+
# - git://github.com/saltstack/salt-states.git
|
300
|
+
# - file:///var/git/saltmaster
|
301
|
+
# The repos will be searched in order to find the file requested by a client
|
302
|
+
# and the first repo to have the file will return it.
|
303
|
+
# When using the git backend branches and tags are translated into salt
|
304
|
+
# environments.
|
305
|
+
|
306
|
+
|
307
|
+
##### Pillar settings #####
|
308
|
+
##########################################
|
309
|
+
# Salt Pillars allow for the building of global data that can be made selectively
|
310
|
+
# available to different minions based on minion grain filtering. The Salt
|
311
|
+
# Pillar is laid out in the same fashion as the file server, with environments,
|
312
|
+
# a top file and sls files. However, pillar data does not need to be in the
|
313
|
+
# highstate format, and is generally just key/value pairs.
|
314
|
+
|
315
|
+
#pillar_roots:
|
316
|
+
# base:
|
317
|
+
# - /srv/pillar
|
318
|
+
|
319
|
+
# ext_pillar:
|
320
|
+
# - hiera: /etc/hiera.yaml
|
321
|
+
# - cmd_yaml: cat /etc/salt/yaml
|
322
|
+
|
323
|
+
# The pillar_opts option adds the master configuration file data to a dict in
|
324
|
+
# the pillar called "master". This is used to set simple configurations in the
|
325
|
+
# master config file that can then be used on minions.
|
326
|
+
#pillar_opts: True
|
327
|
+
|
328
|
+
|
329
|
+
##### Syndic settings #####
|
330
|
+
##########################################
|
331
|
+
# The Salt syndic is used to pass commands through a master from a higher
|
332
|
+
# master. Using the syndic is simple, if this is a master that will have
|
333
|
+
# syndic servers(s) below it set the "order_masters" setting to True, if this
|
334
|
+
# is a master that will be running a syndic daemon for passthrough the
|
335
|
+
# "syndic_master" setting needs to be set to the location of the master server
|
336
|
+
# to receive commands from.
|
337
|
+
|
338
|
+
# Set the order_masters setting to True if this master will command lower
|
339
|
+
# masters' syndic interfaces.
|
340
|
+
#order_masters: False
|
341
|
+
|
342
|
+
# If this master will be running a salt syndic daemon, syndic_master tells
|
343
|
+
# this master where to receive commands from.
|
344
|
+
#syndic_master: masterofmaster
|
345
|
+
|
346
|
+
|
347
|
+
##### Peer Publish settings #####
|
348
|
+
##########################################
|
349
|
+
# Salt minions can send commands to other minions, but only if the minion is
|
350
|
+
# allowed to. By default "Peer Publication" is disabled, and when enabled it
|
351
|
+
# is enabled for specific minions and specific commands. This allows secure
|
352
|
+
# compartmentalization of commands based on individual minions.
|
353
|
+
|
354
|
+
# The configuration uses regular expressions to match minions and then a list
|
355
|
+
# of regular expressions to match functions. The following will allow the
|
356
|
+
# minion authenticated as foo.example.com to execute functions from the test
|
357
|
+
# and pkg modules.
|
358
|
+
# peer:
|
359
|
+
# foo.example.com:
|
360
|
+
# - test.*
|
361
|
+
# - pkg.*
|
362
|
+
#
|
363
|
+
# This will allow all minions to execute all commands:
|
364
|
+
# peer:
|
365
|
+
# .*:
|
366
|
+
# - .*
|
367
|
+
# This is not recommended, since it would allow anyone who gets root on any
|
368
|
+
# single minion to instantly have root on all of the minions!
|
369
|
+
|
370
|
+
# Minions can also be allowed to execute runners from the salt master.
|
371
|
+
# Since executing a runner from the minion could be considered a security risk,
|
372
|
+
# it needs to be enabled. This setting functions just like the peer setting
|
373
|
+
# except that it opens up runners instead of module functions.
|
374
|
+
#
|
375
|
+
# All peer runner support is turned off by default and must be enabled before
|
376
|
+
# using. This will enable all peer runners for all minions:
|
377
|
+
#
|
378
|
+
# peer_run:
|
379
|
+
# .*:
|
380
|
+
# - .*
|
381
|
+
#
|
382
|
+
# To enable just the manage.up runner for the minion foo.example.com:
|
383
|
+
#
|
384
|
+
# peer_run:
|
385
|
+
# foo.example.com:
|
386
|
+
# - manage.up
|
387
|
+
|
388
|
+
|
389
|
+
##### Logging settings #####
|
390
|
+
##########################################
|
391
|
+
# The location of the master log file
|
392
|
+
# The master log can be sent to a regular file, local path name, or network
|
393
|
+
# location. Remote logging works best when configured to use rsyslogd(8) (e.g.:
|
394
|
+
# ``file:///dev/log``), with rsyslogd(8) configured for network logging. The URI
|
395
|
+
# format is: <file|udp|tcp>://<host|socketpath>:<port-if-required>/<log-facility>
|
396
|
+
#log_file: /var/log/salt/master
|
397
|
+
#log_file: file:///dev/log
|
398
|
+
#log_file: udp://loghost:10514
|
399
|
+
|
400
|
+
#log_file: /var/log/salt/master
|
401
|
+
#key_logfile: /var/log/salt/key
|
402
|
+
|
403
|
+
# The level of messages to send to the console.
|
404
|
+
# One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'.
|
405
|
+
#log_level: warning
|
406
|
+
|
407
|
+
# The level of messages to send to the log file.
|
408
|
+
# One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'.
|
409
|
+
#log_level_logfile: warning
|
410
|
+
|
411
|
+
# The date and time format used in log messages. Allowed date/time formating
|
412
|
+
# can be seen here: http://docs.python.org/library/time.html#time.strftime
|
413
|
+
#log_datefmt: '%H:%M:%S'
|
414
|
+
#log_datefmt_logfile: '%Y-%m-%d %H:%M:%S'
|
415
|
+
|
416
|
+
# The format of the console logging messages. Allowed formatting options can
|
417
|
+
# be seen here: http://docs.python.org/library/logging.html#logrecord-attributes
|
418
|
+
#log_fmt_console: '[%(levelname)-8s] %(message)s'
|
419
|
+
#log_fmt_logfile: '%(asctime)s,%(msecs)03.0f [%(name)-17s][%(levelname)-8s] %(message)s'
|
420
|
+
|
421
|
+
# This can be used to control logging levels more specificically. This
|
422
|
+
# example sets the main salt library at the 'warning' level, but sets
|
423
|
+
# 'salt.modules' to log at the 'debug' level:
|
424
|
+
# log_granular_levels:
|
425
|
+
# 'salt': 'warning',
|
426
|
+
# 'salt.modules': 'debug'
|
427
|
+
#
|
428
|
+
#log_granular_levels: {}
|
429
|
+
|
430
|
+
|
431
|
+
##### Node Groups #####
|
432
|
+
##########################################
|
433
|
+
# Node groups allow for logical groupings of minion nodes.
|
434
|
+
# A group consists of a group name and a compound target.
|
435
|
+
#
|
436
|
+
# nodegroups:
|
437
|
+
# group1: 'L@foo.domain.com,bar.domain.com,baz.domain.com and bl*.domain.com'
|
438
|
+
# group2: 'G@os:Debian and foo.domain.com'
|
439
|
+
|
440
|
+
|
441
|
+
##### Range Cluster settings #####
|
442
|
+
##########################################
|
443
|
+
# The range server (and optional port) that serves your cluster information
|
444
|
+
# https://github.com/grierj/range/wiki/Introduction-to-Range-with-YAML-files
|
445
|
+
#
|
446
|
+
# range_server: range:80
|
447
|
+
|
448
|
+
|
449
|
+
##### Windows Software Repo settings #####
|
450
|
+
##############################################
|
451
|
+
# Location of the repo on the master
|
452
|
+
# win_repo: '/srv/salt/win/repo'
|
453
|
+
|
454
|
+
# Location of the master's repo cache file
|
455
|
+
# win_repo_mastercachefile: '/srv/salt/win/repo/winrepo.p'
|
456
|
+
|
457
|
+
# List of git repositories to include with the local repo
|
458
|
+
# win_gitrepos:
|
459
|
+
# - 'https://github.com/saltstack/salt-winrepo.git'
|