Remove old salt references from the puppet
Now that salt has been removed, remove the puppet module ensure absent support. This should be landed after puppet has been run after the previous patch has been landed. Change-Id: I17a8caf19fd78b47d3c4683092aab76564497e05
This commit is contained in:
parent
1d390cc8db
commit
e8fee5ca6d
@ -37,13 +37,6 @@ class openstack_project::puppetmaster (
|
||||
$cron_command = 'sleep $((RANDOM\%600)) && cd /opt/config/production && git fetch -q && git reset -q --hard @{u} && ./install_modules.sh && touch manifests/site.pp'
|
||||
}
|
||||
|
||||
class { 'salt':
|
||||
ensure => absent,
|
||||
}
|
||||
class { 'salt::master':
|
||||
ensure => absent,
|
||||
}
|
||||
|
||||
cron { 'updatepuppetmaster':
|
||||
user => 'root',
|
||||
minute => '*/15',
|
||||
|
@ -24,10 +24,6 @@ class openstack_project::slave (
|
||||
python3 => $python3,
|
||||
}
|
||||
|
||||
class { 'salt':
|
||||
ensure => absent,
|
||||
}
|
||||
|
||||
include jenkins::cgroups
|
||||
include ulimit
|
||||
ulimit::conf { 'limit_jenkins_procs':
|
||||
|
@ -1,61 +0,0 @@
|
||||
# Class salt
|
||||
#
|
||||
class salt (
|
||||
$ensure = present,
|
||||
$salt_master = $::fqdn
|
||||
) {
|
||||
|
||||
if ($ensure == present) {
|
||||
$running_ensure = running
|
||||
} else {
|
||||
$running_ensure = stopped
|
||||
}
|
||||
|
||||
if ($::osfamily == 'Debian') {
|
||||
include apt
|
||||
|
||||
# Wrap in ! defined checks to allow minion and master installs on the
|
||||
# same host.
|
||||
if ($ensure == present) {
|
||||
if ! defined(Apt::Ppa['ppa:saltstack/salt']) {
|
||||
apt::ppa { 'ppa:saltstack/salt': }
|
||||
}
|
||||
Apt::Ppa['ppa:saltstack/salt'] -> Package['salt-minion']
|
||||
} else {
|
||||
file { '/etc/apt/sources.list.d/saltstack-salt-precise.list':
|
||||
ensure => absent
|
||||
}
|
||||
}
|
||||
|
||||
if ! defined(Package['python-software-properties']) {
|
||||
package { 'python-software-properties':
|
||||
ensure => $ensure,
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
package { 'salt-minion':
|
||||
ensure => $ensure
|
||||
}
|
||||
|
||||
file { '/etc/salt/minion':
|
||||
ensure => $ensure,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
content => template('salt/minion.erb'),
|
||||
replace => true,
|
||||
require => Package['salt-minion'],
|
||||
}
|
||||
|
||||
service { 'salt-minion':
|
||||
ensure => $running_ensure,
|
||||
enable => true,
|
||||
require => File['/etc/salt/minion'],
|
||||
subscribe => [
|
||||
Package['salt-minion'],
|
||||
File['/etc/salt/minion'],
|
||||
],
|
||||
}
|
||||
}
|
@ -1,133 +0,0 @@
|
||||
# Class salt::master
|
||||
#
|
||||
class salt::master (
|
||||
$ensure = present,
|
||||
) {
|
||||
|
||||
if ($ensure == present) {
|
||||
$directory_ensure = directory
|
||||
$running_ensure = running
|
||||
} else {
|
||||
$directory_ensure = absent
|
||||
$running_ensure = stopped
|
||||
}
|
||||
|
||||
if ($::osfamily == 'Debian') {
|
||||
include apt
|
||||
|
||||
# Wrap in ! defined checks to allow minion and master installs on the
|
||||
# same host.
|
||||
if ($ensure == present) {
|
||||
if ! defined(Apt::Ppa['ppa:saltstack/salt']) {
|
||||
apt::ppa { 'ppa:saltstack/salt': }
|
||||
}
|
||||
Apt::Ppa['ppa:saltstack/salt'] -> Package['salt-master']
|
||||
}
|
||||
|
||||
if ! defined(Package['python-software-properties']) {
|
||||
package { 'python-software-properties':
|
||||
ensure => $ensure,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
package { 'salt-master':
|
||||
ensure => $ensure
|
||||
}
|
||||
|
||||
group { 'salt':
|
||||
ensure => $ensure,
|
||||
system => true,
|
||||
}
|
||||
|
||||
user { 'salt':
|
||||
ensure => $ensure,
|
||||
gid => 'salt',
|
||||
home => '/home/salt',
|
||||
shell => '/bin/bash',
|
||||
system => true,
|
||||
require => Group['salt'],
|
||||
}
|
||||
|
||||
file { '/home/salt':
|
||||
ensure => $directory_ensure,
|
||||
owner => 'salt',
|
||||
group => 'salt',
|
||||
mode => '0755',
|
||||
require => User['salt'],
|
||||
}
|
||||
|
||||
file { '/etc/salt/master':
|
||||
ensure => $ensure,
|
||||
owner => 'salt',
|
||||
group => 'salt',
|
||||
mode => '0644',
|
||||
content => template('salt/master.erb'),
|
||||
replace => true,
|
||||
require => Package['salt-master'],
|
||||
}
|
||||
|
||||
file { '/srv/reactor':
|
||||
ensure => $directory_ensure,
|
||||
owner => 'salt',
|
||||
group => 'salt',
|
||||
mode => '0755',
|
||||
require => [
|
||||
Package['salt-master'],
|
||||
User['salt'],
|
||||
],
|
||||
}
|
||||
|
||||
file { '/srv/reactor/tests.sls':
|
||||
ensure => $ensure,
|
||||
owner => 'salt',
|
||||
group => 'salt',
|
||||
mode => '0644',
|
||||
content => template('salt/tests.reactor.erb'),
|
||||
replace => true,
|
||||
require => [
|
||||
Package['salt-master'],
|
||||
File['/srv/reactor'],
|
||||
],
|
||||
}
|
||||
|
||||
file { '/etc/salt/pki':
|
||||
ensure => $directory_ensure,
|
||||
owner => 'salt',
|
||||
group => 'salt',
|
||||
mode => '0710',
|
||||
require => [
|
||||
Package['salt-master'],
|
||||
User['salt'],
|
||||
],
|
||||
}
|
||||
|
||||
file { '/etc/salt/pki/master':
|
||||
ensure => $directory_ensure,
|
||||
owner => 'salt',
|
||||
group => 'salt',
|
||||
mode => '0770',
|
||||
require => File['/etc/salt/pki'],
|
||||
}
|
||||
|
||||
file { '/etc/salt/pki/master/minions':
|
||||
ensure => $directory_ensure,
|
||||
owner => 'salt',
|
||||
group => 'salt',
|
||||
mode => '0775',
|
||||
require => File['/etc/salt/pki/master'],
|
||||
}
|
||||
|
||||
service { 'salt-master':
|
||||
ensure => $running_ensure,
|
||||
enable => true,
|
||||
require => [
|
||||
User['salt'],
|
||||
File['/etc/salt/master'],
|
||||
],
|
||||
subscribe => [
|
||||
Package['salt-master'],
|
||||
File['/etc/salt/master'],
|
||||
],
|
||||
}
|
||||
}
|
@ -1,354 +0,0 @@
|
||||
##########################################
|
||||
|
||||
# Per default the master will automatically include all config files
|
||||
# from master.d/*.conf (master.d is a directory in the same directory
|
||||
# as the main master config file)
|
||||
#default_include: master.d/*.conf
|
||||
|
||||
# The address of the interface to bind to
|
||||
#interface: 0.0.0.0
|
||||
|
||||
# The tcp port used by the publisher
|
||||
#publish_port: 4505
|
||||
|
||||
# Refresh the publisher connections when sending out commands, this is a fix
|
||||
# for zeromq losing some minion connections. Default: True
|
||||
#pub_refresh: True
|
||||
|
||||
# The user to run the salt-master as. Salt will update all permissions to
|
||||
# allow the specified user to run the master. If the modified files cause
|
||||
# conflicts set verify_env to False.
|
||||
user: salt
|
||||
|
||||
# Max open files
|
||||
# Each minion connecting to the master uses AT LEAST one file descriptor, the
|
||||
# master subscription connection. If enough minions connect you might start
|
||||
# seeing on the console(and then salt-master crashes):
|
||||
# Too many open files (tcp_listener.cpp:335)
|
||||
# Aborted (core dumped)
|
||||
#
|
||||
# By default this value will be the one of `ulimit -Hn`, ie, the hard limit for
|
||||
# max open files.
|
||||
#
|
||||
# If you wish to set a different value than the default one, uncomment and
|
||||
# configure this setting. Remember that this value CANNOT be higher than the
|
||||
# hard limit. Raising the hard limit depends on your OS and/or distribution,
|
||||
# a good way to find the limit is to search the internet for(for example):
|
||||
# raise max open files hard limit debian
|
||||
#
|
||||
#max_open_files: 100000
|
||||
|
||||
# The number of worker threads to start, these threads are used to manage
|
||||
# return calls made from minions to the master, if the master seems to be
|
||||
# running slowly, increase the number of threads
|
||||
#worker_threads: 5
|
||||
|
||||
# The port used by the communication interface. The ret (return) port is the
|
||||
# interface used for the file server, authentication, job returnes, etc.
|
||||
#ret_port: 4506
|
||||
|
||||
# Specify the location of the daemon process ID file
|
||||
#pidfile: /var/run/salt-master.pid
|
||||
|
||||
# The root directory prepended to these options: pki_dir, cachedir,
|
||||
# sock_dir, log_file, autosign_file, extension_modules
|
||||
#root_dir: /
|
||||
|
||||
# Directory used to store public key data
|
||||
#pki_dir: /etc/salt/pki
|
||||
|
||||
# Directory to store job and cache data
|
||||
#cachedir: /var/cache/salt
|
||||
|
||||
# Verify and set permissions on configuration directories at startup
|
||||
#verify_env: True
|
||||
|
||||
# Set the number of hours to keep old job information in the job cache
|
||||
#keep_jobs: 24
|
||||
|
||||
# Set the default timeout for the salt command and api, the default is 5
|
||||
# seconds
|
||||
#timeout: 5
|
||||
|
||||
# Set the directory used to hold unix sockets
|
||||
#sock_dir: /var/run/salt
|
||||
|
||||
# The master maintains a job cache, while this is a great addition it can be
|
||||
# a burden on the master for larger deployments (over 5000 minions).
|
||||
# Disabling the job cache will make previously executed jobs unavailable to
|
||||
# the jobs system and is not generally recommended.
|
||||
#
|
||||
#job_cache: True
|
||||
|
||||
# Cache minion grains and pillar data in the cachedir.
|
||||
# Disabled due to a salt mine bug affecting RHEL/CentOS minions
|
||||
minion_data_cache: False
|
||||
|
||||
# Set the acceptance level for serialization of messages. This should only be
|
||||
# set if the master is newer than 0.9.5 and the minion are older. This option
|
||||
# allows a 0.9.5 and newer master to communicate with minions 0.9.4 and
|
||||
# earlier. It is not recommended to keep this setting on if the minions are
|
||||
# all 0.9.5 or higher, as leaving pickle as the serialization medium is slow
|
||||
# and opens up security risks
|
||||
#
|
||||
#serial: msgpack
|
||||
|
||||
# The master can include configuration from other files. To enable this,
|
||||
# pass a list of paths to this option. The paths can be either relative or
|
||||
# absolute; if relative, they are considered to be relative to the directory
|
||||
# the main master configuration file lives in (this file). Paths can make use
|
||||
# of shell-style globbing. If no files are matched by a path passed to this
|
||||
# option then the master will log a warning message.
|
||||
#
|
||||
#
|
||||
# Include a config file from some other path:
|
||||
#include: /etc/salt/extra_config
|
||||
#
|
||||
# Include config from several files and directories:
|
||||
#include:
|
||||
# - /etc/salt/extra_config
|
||||
|
||||
|
||||
##### Security settings #####
|
||||
##########################################
|
||||
# Enable "open mode", this mode still maintains encryption, but turns off
|
||||
# authentication, this is only intended for highly secure environments or for
|
||||
# the situation where your keys end up in a bad state. If you run in open mode
|
||||
# you do so at your own risk!
|
||||
#open_mode: False
|
||||
|
||||
# Enable auto_accept, this setting will automatically accept all incoming
|
||||
# public keys from the minions. Note that this is insecure.
|
||||
#auto_accept: False
|
||||
|
||||
# If the autosign_file is specified only incoming keys specified in
|
||||
# the autosign_file will be automatically accepted. This is insecure.
|
||||
# Regular expressions as well as globing lines are supported.
|
||||
#autosign_file: /etc/salt/autosign.conf
|
||||
|
||||
# Enable permissive access to the salt keys. This allows you to run the
|
||||
# master or minion as root, but have a non-root group be given access to
|
||||
# your pki_dir. To make the access explicit, root must belong to the group
|
||||
# you've given access to. This is potentially quite insecure.
|
||||
#
|
||||
# If an autosign_file is specified permissive access will allow group access
|
||||
# to that specific file.
|
||||
#permissive_pki_access: False
|
||||
#
|
||||
# Allow users on the master access to execute specific commands on minions.
|
||||
# This setting should be treated with care since it opens up execution
|
||||
# capabilities to non root users. By default this capability is completely
|
||||
# disabled.
|
||||
#
|
||||
# client_acl:
|
||||
# larry:
|
||||
# - test.ping
|
||||
# - network.*
|
||||
|
||||
|
||||
##### Master Module Management #####
|
||||
##########################################
|
||||
# Manage how master side modules are loaded
|
||||
#
|
||||
# Add any additional locations to look for master runners
|
||||
#runner_dirs: []
|
||||
#
|
||||
# Enable Cython for master side modules
|
||||
#cython_enable: False
|
||||
#
|
||||
|
||||
##### State System settings #####
|
||||
##########################################
|
||||
# The state system uses a "top" file to tell the minions what environment to
|
||||
# use and what modules to use. The state_top file is defined relative to the
|
||||
# root of the base environment as defined in "File Server settings" below.
|
||||
#state_top: top.sls
|
||||
#
|
||||
# The external_nodes option allows Salt to gather data that would normally be
|
||||
# placed in a top file. The external_nodes option is the executable that will
|
||||
# return the ENC data. Remember that Salt will look for external nodes AND top
|
||||
# files and combine the results if both are enabled!
|
||||
#external_nodes: None
|
||||
#
|
||||
# The renderer to use on the minions to render the state data
|
||||
#renderer: yaml_jinja
|
||||
#
|
||||
# The failhard option tells the minions to stop immediately after the first
|
||||
# failure detected in the state execution, defaults to False
|
||||
#failhard: False
|
||||
#
|
||||
# The state_verbose and state_output settings can be used to change the way
|
||||
# state system data is printed to the display. By default all data is printed.
|
||||
# The state_verbose setting can be set to True or False, when set to False
|
||||
# all data that has a result of True and no changes will be suppressed.
|
||||
#state_verbose: True
|
||||
#
|
||||
# The state_output setting changes if the output is the full multi line
|
||||
# output for each changed state if set to 'full', but if set to 'terse'
|
||||
# the output will be shortened to a single line.
|
||||
#state_output: full
|
||||
|
||||
##### File Server settings #####
|
||||
##########################################
|
||||
# Salt runs a lightweight file server written in zeromq to deliver files to
|
||||
# minions. This file server is built into the master daemon and does not
|
||||
# require a dedicated port.
|
||||
|
||||
# The file server works on environments passed to the master, each environment
|
||||
# can have multiple root directories, the subdirectories in the multiple file
|
||||
# roots cannot match, otherwise the downloaded files will not be able to be
|
||||
# reliably ensured. A base environment is required to house the top file.
|
||||
# Example:
|
||||
# file_roots:
|
||||
# base:
|
||||
# - /srv/salt/
|
||||
# dev:
|
||||
# - /srv/salt/dev/services
|
||||
# - /srv/salt/dev/states
|
||||
# prod:
|
||||
# - /srv/salt/prod/services
|
||||
# - /srv/salt/prod/states
|
||||
#
|
||||
# Default:
|
||||
#file_roots:
|
||||
# base:
|
||||
# - /srv/salt
|
||||
|
||||
# The hash_type is the hash to use when discovering the hash of a file on
|
||||
# the master server, the default is md5, but sha1, sha224, sha256, sha384
|
||||
# and sha512 are also supported.
|
||||
#hash_type: md5
|
||||
|
||||
# The buffer size in the file server can be adjusted here:
|
||||
#file_buffer_size: 1048576
|
||||
|
||||
# Pillar Configurations:
|
||||
# The Salt Pillar, is a system that allows for the building of global data
|
||||
# that is refined based on minion. Basically, the pillar creates data that
|
||||
# can be generated to be specific based on the grains of the minion. Pillar
|
||||
# is laid out in the same fashion as the file server, with environments, a top
|
||||
# file and sls files. The difference is that the data does not need to be
|
||||
# in the highstate format, and is generally just key/value pairs.
|
||||
#
|
||||
#pillar_roots:
|
||||
# base:
|
||||
# - /srv/pillar
|
||||
#
|
||||
#ext_pillar:
|
||||
# - hiera: /etc/hiera.yaml
|
||||
# - cmd_yaml: cat /etc/salt/yaml
|
||||
#
|
||||
|
||||
##### Syndic settings #####
|
||||
##########################################
|
||||
# The Salt syndic is used to pass commands through a master from a higher
|
||||
# master. Using the syndic is simple, if this is a master that will have
|
||||
# syndic servers(s) below it set the "order_masters" setting to True, if this
|
||||
# is a master that will be running a syndic daemon for passthrough the
|
||||
# "syndic_master" setting needs to be set to the location of the master server
|
||||
# to receive commands from.
|
||||
#
|
||||
# Set the order_masters setting to True if this master will command lower
|
||||
# masters' syndic interfaces.
|
||||
#order_masters: False
|
||||
#
|
||||
# If this master will be running a salt syndic daemon, syndic_master tells
|
||||
# this master where to receive commands from.
|
||||
#syndic_master: masterofmaster
|
||||
|
||||
##### Peer Publish settings #####
|
||||
##########################################
|
||||
# Salt minions can send commands to other minions, but only if the minion is
|
||||
# allowed to. By default "Peer Publication" is disabled, and when enabled it
|
||||
# is enabled for specific minions and specific commands. This allows secure
|
||||
# compartmentalization of commands based on individual minions.
|
||||
#
|
||||
# The configuration uses regular expressions to match minions and then a list
|
||||
# of regular expressions to match functions. The following will allow the
|
||||
# minion authenticated as foo.example.com to execute functions from the test
|
||||
# and pkg modules.
|
||||
# peer:
|
||||
# foo.example.com:
|
||||
# - test.*
|
||||
# - pkg.*
|
||||
#
|
||||
# This will allow all minions to execute all commands:
|
||||
# peer:
|
||||
# .*:
|
||||
# - .*
|
||||
# This is not recommended, since it would allow anyone who gets root on any
|
||||
# single minion to instantly have root on all of the minions!
|
||||
#
|
||||
# Minions can also be allowed to execute runners from the salt master.
|
||||
# Since executing a runner from the minion could be considered a security risk,
|
||||
# it needs to be enabled. This setting functions just like the peer setting
|
||||
# except that it opens up runners instead of module functions.
|
||||
#
|
||||
# All peer runner support is turned off by default and must be enabled before
|
||||
# using. This will enable all peer runners for all minions:
|
||||
#
|
||||
# peer_run:
|
||||
# .*:
|
||||
# - .*
|
||||
#
|
||||
# To enable just the manage.up runner for the minion foo.example.com:
|
||||
#
|
||||
# peer_run:
|
||||
# foo.example.com:
|
||||
# - manage.up
|
||||
#
|
||||
|
||||
##### Logging settings #####
|
||||
##########################################
|
||||
# The location of the master log file
|
||||
#log_file: /var/log/salt/master
|
||||
#key_logfile: /var/log/salt/key
|
||||
#
|
||||
# The level of messages to send to the log file.
|
||||
# One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'.
|
||||
# Default: 'warning'
|
||||
#log_level: warning
|
||||
#log_level_logfile:
|
||||
#
|
||||
# The date and time format used in log messages. Allowed date/time formating
|
||||
# can be seen here:
|
||||
# http://docs.python.org/library/time.html#time.strftime
|
||||
#log_datefmt: '%Y-%m-%d %H:%M:%S'
|
||||
#
|
||||
# The format of the console logging messages. Allowed formatting options can
|
||||
# be seen here:
|
||||
# http://docs.python.org/library/logging.html#logrecord-attributes
|
||||
#log_fmt_console: '[%(levelname)-8s] %(message)s'
|
||||
#log_fmt_logfile: '%(asctime)s,%(msecs)03.0f [%(name)-17s][%(levelname)-8s] %(message)s'
|
||||
#
|
||||
# Logger levels can be used to tweak specific loggers logging levels.
|
||||
# For example, if you want to have the salt library at the 'warning' level,
|
||||
# but you still wish to have 'salt.modules' at the 'debug' level:
|
||||
# log_granular_levels:
|
||||
# 'salt': 'warning',
|
||||
# 'salt.modules': 'debug'
|
||||
#
|
||||
#log_granular_levels: {}
|
||||
|
||||
|
||||
##### Node Groups #####
|
||||
##########################################
|
||||
# Node groups allow for logical groupings of minion nodes.
|
||||
# A group consists of a group name and a compound target.
|
||||
#
|
||||
# nodegroups:
|
||||
# group1: 'L@foo.domain.com,bar.domain.com,baz.domain.com and bl*.domain.com'
|
||||
# group2: 'G@os:Debian and foo.domain.com'
|
||||
|
||||
##### Range Cluster settings #####
|
||||
##########################################
|
||||
# The range server (and optional port) that
|
||||
# serves your cluster information
|
||||
#range_server: range:80
|
||||
|
||||
##### Salt Reactor settings #####
|
||||
#########################################
|
||||
# Execute tests.sls when 'jenkins' tag found
|
||||
reactor:
|
||||
- 'jenkins':
|
||||
- /srv/reactor/tests.sls
|
@ -1,346 +0,0 @@
|
||||
##########################################
|
||||
|
||||
# Per default the minion will automatically include all config files
|
||||
# from minion.d/*.conf (minion.d is a directory in the same directory
|
||||
# as the main minion config file).
|
||||
#default_include: minion.d/*.conf
|
||||
|
||||
# Set the location of the salt master server, if the master server cannot be
|
||||
# resolved, then the minion will fail to start.
|
||||
master: <%= salt_master %>
|
||||
|
||||
# Set the port used by the master reply and authentication server
|
||||
#master_port: 4506
|
||||
|
||||
# The user to run salt
|
||||
#user: root
|
||||
|
||||
# Specify the location of the daemon process ID file
|
||||
#pidfile: /var/run/salt-minion.pid
|
||||
|
||||
# The root directory prepended to these options: pki_dir, cachedir, log_file.
|
||||
#root_dir: /
|
||||
|
||||
# The directory to store the pki information in
|
||||
#pki_dir: /etc/salt/pki
|
||||
|
||||
# Explicitly declare the id for this minion to use, if left commented the id
|
||||
# will be the hostname as returned by the python call: socket.getfqdn()
|
||||
# Since salt uses detached ids it is possible to run multiple minions on the
|
||||
# same machine but with different ids, this can be useful for salt compute
|
||||
# clusters.
|
||||
#id:
|
||||
|
||||
# Append a domain to a hostname in the event that it does not exist. This is
|
||||
# useful for systems where socket.getfqdn() does not actually result in a
|
||||
# FQDN (for instance, Solaris).
|
||||
#append_domain:
|
||||
|
||||
# Custom static grains for this minion can be specified here and used in SLS
|
||||
# files just like all other grains. This example sets 4 custom grains, with
|
||||
# the 'roles' grain having two values that can be matched against:
|
||||
#grains:
|
||||
# roles:
|
||||
# - webserver
|
||||
# - memcache
|
||||
# deployment: datacenter4
|
||||
# cabinet: 13
|
||||
# cab_u: 14-15
|
||||
|
||||
# If the connection to the server is interrupted, the minion will
|
||||
# attempt to reconnect. sub_timeout allows you to control the rate
|
||||
# of reconnection attempts (in seconds). To disable reconnects, set
|
||||
# this value to 0.
|
||||
#sub_timeout: 60
|
||||
|
||||
# Where cache data goes
|
||||
#cachedir: /var/cache/salt
|
||||
|
||||
# Verify and set permissions on configuration directories at startup
|
||||
#verify_env: True
|
||||
|
||||
# The minion can locally cache the return data from jobs sent to it, this
|
||||
# can be a good way to keep track of jobs the minion has executed
|
||||
# (on the minion side). By default this feature is disabled, to enable
|
||||
# set cache_jobs to True
|
||||
#cache_jobs: False
|
||||
|
||||
# set the directory used to hold unix sockets
|
||||
#sock_dir: /var/run/salt
|
||||
|
||||
# Backup files that are replaced by file.managed and file.recurse under
|
||||
# 'cachedir'/file_backups relative to their original location and appended
|
||||
# with a timestamp. The only valid setting is "minion". Disabled by default.
|
||||
#
|
||||
# Alternatively this can be specified for each file in state files:
|
||||
#
|
||||
# /etc/ssh/sshd_config:
|
||||
# file.managed:
|
||||
# - source: salt://ssh/sshd_config
|
||||
# - backup: minion
|
||||
#
|
||||
#backup_mode: minion
|
||||
|
||||
# When waiting for a master to accept the minion's public key, salt will
|
||||
# continuously attempt to reconnect until successful. This is the time, in
|
||||
# seconds, between those reconnection attempts.
|
||||
#acceptance_wait_time: 10
|
||||
|
||||
# When healing a dns_check is run, this is to make sure that the originally
|
||||
# resolved dns has not changed, if this is something that does not happen in
|
||||
# your environment then set this value to False.
|
||||
#dns_check: True
|
||||
|
||||
# Windows platforms lack posix IPC and must rely on slower TCP based inter-
|
||||
# process communications. Set ipc_mode to 'tcp' on such systems
|
||||
#ipc_mode: ipc
|
||||
#
|
||||
# Overwrite the default tcp ports used by the minion when in tcp mode
|
||||
#tcp_pub_port: 4510
|
||||
#tcp_pull_port: 4511
|
||||
|
||||
# The minion can include configuration from other files. To enable this,
|
||||
# pass a list of paths to this option. The paths can be either relative or
|
||||
# absolute; if relative, they are considered to be relative to the directory
|
||||
# the main minion configuration file lives in (this file). Paths can make use
|
||||
# of shell-style globbing. If no files are matched by a path passed to this
|
||||
# option then the minion will log a warning message.
|
||||
#
|
||||
#
|
||||
# Include a config file from some other path:
|
||||
# include: /etc/salt/extra_config
|
||||
#
|
||||
# Include config from several files and directories:
|
||||
# include:
|
||||
# - /etc/salt/extra_config
|
||||
# - /etc/roles/webserver
|
||||
|
||||
##### Minion module management #####
|
||||
##########################################
|
||||
# Disable specific modules. This allows the admin to limit the level of
|
||||
# access the master has to the minion
|
||||
#disable_modules: [cmd,test]
|
||||
#disable_returners: []
|
||||
#
|
||||
# Modules can be loaded from arbitrary paths. This enables the easy deployment
|
||||
# of third party modules. Modules for returners and minions can be loaded.
|
||||
# Specify a list of extra directories to search for minion modules and
|
||||
# returners. These paths must be fully qualified!
|
||||
#module_dirs: []
|
||||
#returner_dirs: []
|
||||
#states_dirs: []
|
||||
#render_dirs: []
|
||||
#
|
||||
# A module provider can be statically overwritten or extended for the minion
|
||||
# via the providers option, in this case the default module will be
|
||||
# overwritten by the specified module. In this example the pkg module will
|
||||
# be provided by the yumpkg5 module instead of the system default.
|
||||
#
|
||||
# providers:
|
||||
# pkg: yumpkg5
|
||||
#
|
||||
# Enable Cython modules searching and loading. (Default: False)
|
||||
#cython_enable: False
|
||||
#
|
||||
|
||||
##### State Management Settings #####
|
||||
###########################################
|
||||
# The state management system executes all of the state templates on the minion
|
||||
# to enable more granular control of system state management. The type of
|
||||
# template and serialization used for state management needs to be configured
|
||||
# on the minion, the default renderer is yaml_jinja. This is a yaml file
|
||||
# rendered from a jinja template, the available options are:
|
||||
# yaml_jinja
|
||||
# yaml_mako
|
||||
# json_jinja
|
||||
# json_mako
|
||||
#
|
||||
#renderer: yaml_jinja
|
||||
#
|
||||
# The failhard option tells the minions to stop immediately after the first
|
||||
# failure detected in the state execution, defaults to False
|
||||
#failhard: False
|
||||
#
|
||||
# state_verbose allows for the data returned from the minion to be more
|
||||
# verbose. Normally only states that fail or states that have changes are
|
||||
# returned, but setting state_verbose to True will return all states that
|
||||
# were checked
|
||||
#state_verbose: False
|
||||
#
|
||||
# autoload_dynamic_modules Turns on automatic loading of modules found in the
|
||||
# environments on the master. This is turned on by default, to turn of
|
||||
# autoloading modules when states run set this value to False
|
||||
#autoload_dynamic_modules: True
|
||||
#
|
||||
# clean_dynamic_modules keeps the dynamic modules on the minion in sync with
|
||||
# the dynamic modules on the master, this means that if a dynamic module is
|
||||
# not on the master it will be deleted from the minion. By default this is
|
||||
# enabled and can be disabled by changing this value to False
|
||||
#clean_dynamic_modules: True
|
||||
#
|
||||
# Normally the minion is not isolated to any single environment on the master
|
||||
# when running states, but the environment can be isolated on the minion side
|
||||
# by statically setting it. Remember that the recommended way to manage
|
||||
# environments is to isolate via the top file.
|
||||
#environment: None
|
||||
#
|
||||
# If using the local file directory, then the state top file name needs to be
|
||||
# defined, by default this is top.sls.
|
||||
#state_top: top.sls
|
||||
#
|
||||
# Run states when the minion daemon starts. To enable, set startup_states to:
|
||||
# 'highstate' -- Execute state.highstate
|
||||
# 'sls' -- Read in the sls_list option and execute the named sls files
|
||||
# 'top' -- Read top_file option and execute based on that file on the Master
|
||||
#startup_states: ''
|
||||
#
|
||||
# list of states to run when the minion starts up if startup_states is 'sls'
|
||||
#sls_list:
|
||||
# - edit.vim
|
||||
# - hyper
|
||||
#
|
||||
# top file to execute if startup_states is 'top'
|
||||
#top_file: ''
|
||||
|
||||
##### File Directory Settings #####
|
||||
##########################################
|
||||
# The Salt Minion can redirect all file server operations to a local directory,
|
||||
# this allows for the same state tree that is on the master to be used if
|
||||
# copied completely onto the minion. This is a literal copy of the settings on
|
||||
# the master but used to reference a local directory on the minion.
|
||||
|
||||
# Set the file client, the client defaults to looking on the master server for
|
||||
# files, but can be directed to look at the local file directory setting
|
||||
# defined below by setting it to local.
|
||||
#file_client: remote
|
||||
|
||||
# The file directory works on environments passed to the minion, each environment
|
||||
# can have multiple root directories, the subdirectories in the multiple file
|
||||
# roots cannot match, otherwise the downloaded files will not be able to be
|
||||
# reliably ensured. A base environment is required to house the top file.
|
||||
# Example:
|
||||
# file_roots:
|
||||
# base:
|
||||
# - /srv/salt/
|
||||
# dev:
|
||||
# - /srv/salt/dev/services
|
||||
# - /srv/salt/dev/states
|
||||
# prod:
|
||||
# - /srv/salt/prod/services
|
||||
# - /srv/salt/prod/states
|
||||
#
|
||||
# Default:
|
||||
#file_roots:
|
||||
# base:
|
||||
# - /srv/salt
|
||||
|
||||
# The hash_type is the hash to use when discovering the hash of a file in
|
||||
# the minion directory, the default is md5, but sha1, sha224, sha256, sha384
|
||||
# and sha512 are also supported.
|
||||
#hash_type: md5
|
||||
|
||||
# The Salt pillar is searched for locally if file_client is set to local. If
|
||||
# this is the case, and pillar data is defined, then the pillar_roots need to
|
||||
# also be configured on the minion:
|
||||
#pillar_roots:
|
||||
# base:
|
||||
# - /srv/pillar
|
||||
|
||||
###### Security settings #####
|
||||
###########################################
|
||||
# Enable "open mode", this mode still maintains encryption, but turns off
|
||||
# authentication, this is only intended for highly secure environments or for
|
||||
# the situation where your keys end up in a bad state. If you run in open mode
|
||||
# you do so at your own risk!
|
||||
#open_mode: False
|
||||
|
||||
# Enable permissive access to the salt keys. This allows you to run the
|
||||
# master or minion as root, but have a non-root group be given access to
|
||||
# your pki_dir. To make the access explicit, root must belong to the group
|
||||
# you've given access to. This is potentially quite insecure.
|
||||
#permissive_pki_access: False
|
||||
|
||||
# The state_verbose and state_output settings can be used to change the way
|
||||
# state system data is printed to the display. By default all data is printed.
|
||||
# The state_verbose setting can be set to True or False, when set to False
|
||||
# all data that has a result of True and no changes will be suppressed.
|
||||
#state_verbose: True
|
||||
#
|
||||
# The state_output setting changes if the output is the full multi line
|
||||
# output for each changed state if set to 'full', but if set to 'terse'
|
||||
# the output will be shortened to a single line.
|
||||
#state_output: full
|
||||
#
|
||||
# Fingerprint of the master public key to double verify the master is valid,
|
||||
# the master fingerprint can be found by running "salt-key -F master" on the
|
||||
# salt master.
|
||||
#master_finger: ''
|
||||
|
||||
###### Thread settings #####
|
||||
###########################################
|
||||
# Disable multiprocessing support, by default when a minion receives a
|
||||
# publication a new process is spawned and the command is executed therein.
|
||||
#multiprocessing: True
|
||||
|
||||
###### Logging settings #####
|
||||
###########################################
|
||||
# The location of the minion log file
|
||||
#log_file: /var/log/salt/minion
|
||||
#
|
||||
# The level of messages to send to the log file.
|
||||
# One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'.
|
||||
# Default: 'warning'
|
||||
#log_level: warning
|
||||
#log_level_logfile:
|
||||
#
|
||||
# The date and time format used in log messages. Allowed date/time formating
|
||||
# can be seen on http://docs.python.org/library/time.html#time.strftime
|
||||
#log_datefmt: '%Y-%m-%d %H:%M:%S'
|
||||
#
|
||||
# The format of the console logging messages. Allowed formatting options can
|
||||
# be seen on http://docs.python.org/library/logging.html#logrecord-attributes
|
||||
#log_fmt_console: '[%(levelname)-8s] %(message)s'
|
||||
#log_fmt_logfile: '%(asctime)s,%(msecs)03.0f [%(name)-17s][%(levelname)-8s] %(message)s'
|
||||
#
|
||||
# Logger levels can be used to tweak specific loggers logging levels.
|
||||
# For example, if you want to have the salt library at the 'warning' level,
|
||||
# but you still wish to have 'salt.modules' at the 'debug' level:
|
||||
# log_granular_levels: {
|
||||
# 'salt': 'warning',
|
||||
# 'salt.modules': 'debug'
|
||||
# }
|
||||
#
|
||||
#log_granular_levels: {}
|
||||
|
||||
###### Module configuration #####
|
||||
###########################################
|
||||
# Salt allows for modules to be passed arbitrary configuration data, any data
|
||||
# passed here in valid yaml format will be passed on to the salt minion modules
|
||||
# for use. It is STRONGLY recommended that a naming convention be used in which
|
||||
# the module name is followed by a . and then the value. Also, all top level
|
||||
# data must be applied via the yaml dict construct, some examples:
|
||||
#
|
||||
# You can specify that all modules should run in test mode:
|
||||
#test: True
|
||||
#
|
||||
# A simple value for the test module:
|
||||
#test.foo: foo
|
||||
#
|
||||
# A list for the test module:
|
||||
#test.bar: [baz,quo]
|
||||
#
|
||||
# A dict for the test module:
|
||||
#test.baz: {spam: sausage, cheese: bread}
|
||||
|
||||
|
||||
###### Update settings ######
|
||||
###########################################
|
||||
# Using the features in Esky, a salt minion can both run as a frozen app and
|
||||
# be updated on the fly. These options control how the update process
|
||||
# (saltutil.update()) behaves.
|
||||
#
|
||||
# The url for finding and downloading updates. Disabled by default.
|
||||
#update_url: False
|
||||
#
|
||||
# The list of services to restart after a successful update. Empty by default.
|
||||
#update_restart_services: []
|
@ -1,3 +0,0 @@
|
||||
puppet_run:
|
||||
cmd.puppet.run:
|
||||
- tgt: '*'
|
Loading…
Reference in New Issue
Block a user