-
Notifications
You must be signed in to change notification settings - Fork 0
/
pillar.example
215 lines (198 loc) · 8.09 KB
/
pillar.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
# vim: ft=yaml
# yamllint disable rule:comments-indentation
# yamllint disable rule:line-length
---
salt:
# Settings for salt.api. Requires a master.
api:
# Manage a certificate. You will still need to
# ensure the paths are set in your netapi configuration.
cert:
ca_server: null
cert_key: /etc/salt/pki/api/netapi.key
cert_path: /etc/salt/pki/api/netapi.crt
cn: null
days_remaining: 3
days_valid: 7
intermediate: []
root: ''
signing_cert: null
signing_policy: null
signing_private_key: null
signing_private_key_passphrase: null
# Manage formulae. This is an alternative to the git fileserver
# and usually much faster. Automated updates are possible if the
# git server is a Salt minion, for example by making use of reactors.
# Target this to masters or standalone/masterless minions.
formulae:
# Run `fileserver.clear_file_list_cache` on changes.
# Can be useful when `fileserver_list_cache_time` is set to a
# high value in order to optimize state.apply runtime.
# This requires that the minion applying the state runs on
# a master node.
clear_file_list_cache: false
# Settings for cloning repositories, per saltenv.
config:
# Default settings for all formulae, regardless of saltenv
default:
# Default arguments to git.cloned/git.latest state
args:
parallel: true
# Formulae will be cloned into this directory. If specified
# relative, will be made relative to lookup:srv automatically.
basedir: formula
# Formulae will be cloned by appending /<name> to this URL by default
baseurl: https://github.com/saltstack-formulas
# Use git.latest instead of git.cloned, ensuring that updates are pulled
update: true
# Formula repositories to clone with salt.formulae, per saltenv.
present:
base: []
# Settings for salt.master
master:
# This configuraion will be serialized as a YAML file in
# <master_config_dir>/_managed.conf.
# Since TOFS does not merge files from different matches,
# this can come in handy to fine-tune some settings without
# repeating the whole configuration.
config: {}
# Remove files from the master configuration directory
# that are not found on the fileserver.
config_clean: false
# Remove the default configuration file (usually /etc/salt/master)
config_remove: false
# Settings for salt.minion
minion:
# This configuraion will be serialized as a YAML file in
# <minion_config_dir>/_managed.conf.
# Since TOFS does not merge files from different matches,
# this can come in handy to fine-tune some settings without
# repeating the whole configuration.
config: {}
# Remove files from the minion configuration directory
# that are not found on the fileserver.
config_clean: false
# Remove the default configuration file (usually /etc/salt/minion)
config_remove: false
# Manage pillars. This is an alternative to the git external pillar
# and should be much faster. Automated updates are possible if the
# git server is a Salt minion, for example by making use of reactors.
# Target this to masters or standalone/masterless minions.
pillars:
# Settings for cloning repositories, per saltenv.
config:
# Default settings for cloning pillar repositories, regardless
# of env
default:
args:
parallel: true
basedir: pillars
baseurl: null
# When a pillar cache is in use and you wish to clear it
# after changes to a pillar repository, set this to true.
clear_pillar_cache: false
# You can request minions to update their in-memory pillar
# data on changes of a cloned pillar repository.
# This should be a list of dicts, each dict containing
# `tgt` and `tgt_type`. If you specify a list item as a string,
# `tgt_type` defaults to `glob`. If there is only one glob target,
# you can skip the list and specify it as a plain string.
refresh_pillar: false
update: true
# Pillar repositories to clone with salt.pillars, per env.
present:
base: []
# Ensure python libraries are present in the Salt Python environment.
# Values can be simple names or a single-key mapping to state arguments.
# Whether the names/keys are passed to pip.installed or pkg.installed
# depends on if the minion is packaged as onedir (pip) or classic (pkg).
# You can force `pip.installed` by including `use_pip: true` in the
# state arguments.
python_libs: []
# Ensure python libs are absent from the Salt Python environment.
# Values can be simple names or a single-key mapping to state arguments.
# Whether the names/keys are passed to pip.removed or pkg.absent
# depends on if the minion is packaged as onedir (pip) or classic (pkg).
# You can force `pip.absent` by including `use_pip: true` in the
# state arguments.
python_libs_absent: []
# This is currently only relevant for FreeBSD, where the package
# names are {pyver}-salt-minion etc.
pyver: py311
# Choose which repo to enable. By default, only `official` is available
# on RedHat and Debian families. Irrelevant for Windows/macOS.
repo: official
# Settings for salt.ssh
ssh:
# Manage the contents of the roster file
roster: {}
# Version to install. `latest` will follow the latest releases,
# 3006* will install versions in the 3006 channel etc.
version: 3006*
lookup:
# This is relevant for MacOS. This formula will pull the package
# installer from the official repository by default.
pkg_src:
# This is the URL of a JSON file that specifies meta information
# for all releases.
repo_json: https://repo.saltproject.io/salt/py3/macos/repo.json
# This is the format string used to render the package source
# and source hash (file.managed)
source: https://repo.saltproject.io/salt/py3/macos/salt-{version}-py3-{arch}.pkg
source_hash: https://repo.saltproject.io/salt/py3/macos/salt-{version}-py3-{arch}.pkg.SHA3_512
# For classic packages and pre v3005, specify the exact version in
# the settings above and use this:
# repo_json: ''
# source: https://repo.saltproject.io/osx/salt-{version}-py3-{arch}.pkg
# source_hash: https://repo.saltproject.io/osx/salt-{version}-py3-{arch}.pkg.sha256
bootstrap_repo_file: null
config:
master: /etc/salt/master.d
minion: /etc/salt/minion.d
ssh: /etc/salt/roster
pip_pkg: python3-pip
pkg:
api: salt-api
cloud: salt-cloud
master: salt-master
minion: salt-minion
ssh: salt-ssh
syndic: salt-syndic
rootuser: root
service:
api: salt-api
master: salt-master
minion: salt-minion
syndic: salt-syndic
srv: /srv
sys_deps: []
tofs:
# The files_switch key serves as a selector for alternative
# directories under the formula files directory. See TOFS pattern
# doc for more info.
# Note: Any value not evaluated by `config.get` will be used literally.
# This can be used to set custom paths, as many levels deep as required.
files_switch:
- any/path/can/be/used/here
- id
- roles
- osfinger
- os
- os_family
# All aspects of path/file resolution are customisable using the options below.
# This is unnecessary in most cases; there are sensible defaults.
# Default path: salt://< path_prefix >/< dirs.files >/< dirs.default >
# I.e.: salt://salt/files/default
# path_prefix: template_alt
# dirs:
# files: files_alt
# default: default_alt
# The entries under `source_files` are prepended to the default source files
# given for the state
source_files:
salt-ssh roster is managed:
- roster_alt
- roster_alt.j2
# To override the default directory as a whole:
dirs:
default: default_alt