diff options
author | Alejandro del Castillo <alejandro.delcastillo@ni.com> | 2016-12-14 14:38:14 -0600 |
---|---|---|
committer | Bruce Ashfield <bruce.ashfield@windriver.com> | 2016-12-18 22:41:36 -0500 |
commit | 39e481c1e84ae87e45a84dce2ed57b25fa771c10 (patch) | |
tree | 767c4366638c5bfbaacde7b964d545afa422663f /meta-openstack/recipes-support/salt/files/master | |
parent | 6043a4a17dc5ca9080dac7789e38620b7b1aa372 (diff) | |
download | meta-cloud-services-39e481c1e84ae87e45a84dce2ed57b25fa771c10.tar.gz |
salt: upgrade to 2016.11
Signed-off-by: Alejandro del Castillo <alejandro.delcastillo@ni.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Diffstat (limited to 'meta-openstack/recipes-support/salt/files/master')
-rw-r--r-- | meta-openstack/recipes-support/salt/files/master | 276 |
1 files changed, 242 insertions, 34 deletions
diff --git a/meta-openstack/recipes-support/salt/files/master b/meta-openstack/recipes-support/salt/files/master index 821f5fc..4ecb160 100644 --- a/meta-openstack/recipes-support/salt/files/master +++ b/meta-openstack/recipes-support/salt/files/master | |||
@@ -39,12 +39,22 @@ | |||
39 | # key_logfile, pidfile: | 39 | # key_logfile, pidfile: |
40 | #root_dir: / | 40 | #root_dir: / |
41 | 41 | ||
42 | # The path to the master's configuration file. | ||
43 | #conf_file: /etc/salt/master | ||
44 | |||
42 | # Directory used to store public key data: | 45 | # Directory used to store public key data: |
43 | #pki_dir: /etc/salt/pki/master | 46 | #pki_dir: /etc/salt/pki/master |
44 | 47 | ||
48 | # Key cache. Increases master speed for large numbers of accepted | ||
49 | # keys. Available options: 'sched'. (Updates on a fixed schedule.) | ||
50 | # Note that enabling this feature means that minions will not be | ||
51 | # available to target for up to the length of the maintanence loop | ||
52 | # which by default is 60s. | ||
53 | #key_cache: '' | ||
54 | |||
45 | # Directory to store job and cache data: | 55 | # Directory to store job and cache data: |
46 | # This directory may contain sensitive data and should be protected accordingly. | 56 | # This directory may contain sensitive data and should be protected accordingly. |
47 | # | 57 | # |
48 | #cachedir: /var/cache/salt/master | 58 | #cachedir: /var/cache/salt/master |
49 | 59 | ||
50 | # Directory for custom modules. This directory can contain subdirectories for | 60 | # Directory for custom modules. This directory can contain subdirectories for |
@@ -54,7 +64,7 @@ | |||
54 | 64 | ||
55 | # Directory for custom modules. This directory can contain subdirectories for | 65 | # Directory for custom modules. This directory can contain subdirectories for |
56 | # each of Salt's module types such as "runners", "output", "wheel", "modules", | 66 | # each of Salt's module types such as "runners", "output", "wheel", "modules", |
57 | # "states", "returners", etc. | 67 | # "states", "returners", "engines", etc. |
58 | # Like 'extension_modules' but can take an array of paths | 68 | # Like 'extension_modules' but can take an array of paths |
59 | #module_dirs: <no default> | 69 | #module_dirs: <no default> |
60 | # - /var/cache/salt/minion/extmods | 70 | # - /var/cache/salt/minion/extmods |
@@ -65,6 +75,10 @@ | |||
65 | # Set the number of hours to keep old job information in the job cache: | 75 | # Set the number of hours to keep old job information in the job cache: |
66 | #keep_jobs: 24 | 76 | #keep_jobs: 24 |
67 | 77 | ||
78 | # The number of seconds to wait when the client is requesting information | ||
79 | # about running jobs. | ||
80 | #gather_job_timeout: 10 | ||
81 | |||
68 | # Set the default timeout for the salt command and api. The default is 5 | 82 | # Set the default timeout for the salt command and api. The default is 5 |
69 | # seconds. | 83 | # seconds. |
70 | #timeout: 5 | 84 | #timeout: 5 |
@@ -77,6 +91,11 @@ | |||
77 | # Set the default outputter used by the salt command. The default is "nested". | 91 | # Set the default outputter used by the salt command. The default is "nested". |
78 | #output: nested | 92 | #output: nested |
79 | 93 | ||
94 | # Set the default output file used by the salt command. Default is to output | ||
95 | # to the CLI and not to a file. Functions the same way as the "--out-file" | ||
96 | # CLI option, only sets this to a single file for all salt commands. | ||
97 | #output_file: None | ||
98 | |||
80 | # Return minions that timeout when running commands like test.ping | 99 | # Return minions that timeout when running commands like test.ping |
81 | #show_timeout: True | 100 | #show_timeout: True |
82 | 101 | ||
@@ -88,6 +107,12 @@ | |||
88 | # (true by default). | 107 | # (true by default). |
89 | # strip_colors: False | 108 | # strip_colors: False |
90 | 109 | ||
110 | # To display a summary of the number of minions targeted, the number of | ||
111 | # minions returned, and the number of minions that did not return, set the | ||
112 | # cli_summary value to True. (False by default.) | ||
113 | # | ||
114 | #cli_summary: False | ||
115 | |||
91 | # Set the directory used to hold unix sockets: | 116 | # Set the directory used to hold unix sockets: |
92 | #sock_dir: /var/run/salt/master | 117 | #sock_dir: /var/run/salt/master |
93 | 118 | ||
@@ -106,7 +131,7 @@ | |||
106 | #minion_data_cache: True | 131 | #minion_data_cache: True |
107 | 132 | ||
108 | # Store all returns in the given returner. | 133 | # Store all returns in the given returner. |
109 | # Setting this option requires that any returner-specific configuration also | 134 | # Setting this option requires that any returner-specific configuration also |
110 | # be set. See various returners in salt/returners for details on required | 135 | # be set. See various returners in salt/returners for details on required |
111 | # configuration values. (See also, event_return_queue below.) | 136 | # configuration values. (See also, event_return_queue below.) |
112 | # | 137 | # |
@@ -118,15 +143,15 @@ | |||
118 | # By default, events are not queued. | 143 | # By default, events are not queued. |
119 | #event_return_queue: 0 | 144 | #event_return_queue: 0 |
120 | 145 | ||
121 | # Only events returns matching tags in a whitelist | 146 | # Only return events matching tags in a whitelist, supports glob matches. |
122 | # event_return_whitelist: | 147 | #event_return_whitelist: |
123 | # - salt/master/a_tag | 148 | # - salt/master/a_tag |
124 | # - salt/master/another_tag | 149 | # - salt/run/*/ret |
125 | 150 | ||
126 | # Store all event returns _except_ the tags in a blacklist | 151 | # Store all event returns **except** the tags in a blacklist, supports globs. |
127 | # event_return_blacklist: | 152 | #event_return_blacklist: |
128 | # - salt/master/not_this_tag | 153 | # - salt/master/not_this_tag |
129 | # - salt/master/or_this_one | 154 | # - salt/wheel/*/ret |
130 | 155 | ||
131 | # Passing very large events can cause the minion to consume large amounts of | 156 | # Passing very large events can cause the minion to consume large amounts of |
132 | # memory. This value tunes the maximum size of a message allowed onto the | 157 | # memory. This value tunes the maximum size of a message allowed onto the |
@@ -145,12 +170,12 @@ | |||
145 | # the key rotation event as minions reconnect. Consider this carefully if this | 170 | # the key rotation event as minions reconnect. Consider this carefully if this |
146 | # salt master is managing a large number of minions. | 171 | # salt master is managing a large number of minions. |
147 | # | 172 | # |
148 | # If disabled, it is recommended to handle this event by listening for the | 173 | # If disabled, it is recommended to handle this event by listening for the |
149 | # 'aes_key_rotate' event with the 'key' tag and acting appropriately. | 174 | # 'aes_key_rotate' event with the 'key' tag and acting appropriately. |
150 | # ping_on_rotate: False | 175 | # ping_on_rotate: False |
151 | 176 | ||
152 | # By default, the master deletes its cache of minion data when the key for that | 177 | # By default, the master deletes its cache of minion data when the key for that |
153 | # minion is removed. To preserve the cache after key deletion, set | 178 | # minion is removed. To preserve the cache after key deletion, set |
154 | # 'preserve_minion_cache' to True. | 179 | # 'preserve_minion_cache' to True. |
155 | # | 180 | # |
156 | # WARNING: This may have security implications if compromised minions auth with | 181 | # WARNING: This may have security implications if compromised minions auth with |
@@ -230,6 +255,14 @@ | |||
230 | # ZMQ high-water-mark for EventPublisher pub socket | 255 | # ZMQ high-water-mark for EventPublisher pub socket |
231 | #event_publisher_pub_hwm: 10000 | 256 | #event_publisher_pub_hwm: 10000 |
232 | 257 | ||
258 | # The master may allocate memory per-event and not | ||
259 | # reclaim it. | ||
260 | # To set a high-water mark for memory allocation, use | ||
261 | # ipc_write_buffer to set a high-water mark for message | ||
262 | # buffering. | ||
263 | # Value: In bytes. Set to 'dynamic' to have Salt select | ||
264 | # a value for you. Default is disabled. | ||
265 | # ipc_write_buffer: 'dynamic' | ||
233 | 266 | ||
234 | 267 | ||
235 | ##### Security settings ##### | 268 | ##### Security settings ##### |
@@ -244,7 +277,7 @@ | |||
244 | # public keys from the minions. Note that this is insecure. | 277 | # public keys from the minions. Note that this is insecure. |
245 | #auto_accept: False | 278 | #auto_accept: False |
246 | 279 | ||
247 | # Time in minutes that a incoming public key with a matching name found in | 280 | # Time in minutes that an incoming public key with a matching name found in |
248 | # pki_dir/minion_autosign/keyid is automatically accepted. Expired autosign keys | 281 | # pki_dir/minion_autosign/keyid is automatically accepted. Expired autosign keys |
249 | # are removed when the master checks the minion_autosign directory. | 282 | # are removed when the master checks the minion_autosign directory. |
250 | # 0 equals no timeout | 283 | # 0 equals no timeout |
@@ -272,7 +305,7 @@ | |||
272 | # This setting should be treated with care since it opens up execution | 305 | # This setting should be treated with care since it opens up execution |
273 | # capabilities to non root users. By default this capability is completely | 306 | # capabilities to non root users. By default this capability is completely |
274 | # disabled. | 307 | # disabled. |
275 | #pulisher_acl: | 308 | #publisher_acl: |
276 | # larry: | 309 | # larry: |
277 | # - test.ping | 310 | # - test.ping |
278 | # - network.* | 311 | # - network.* |
@@ -283,6 +316,11 @@ | |||
283 | # running any commands. It would also blacklist any use of the "cmd" | 316 | # running any commands. It would also blacklist any use of the "cmd" |
284 | # module. This is completely disabled by default. | 317 | # module. This is completely disabled by default. |
285 | # | 318 | # |
319 | # | ||
320 | # Check the list of configured users in client ACL against users on the | ||
321 | # system and throw errors if they do not exist. | ||
322 | #client_acl_verify: True | ||
323 | # | ||
286 | #publisher_acl_blacklist: | 324 | #publisher_acl_blacklist: |
287 | # users: | 325 | # users: |
288 | # - root | 326 | # - root |
@@ -295,7 +333,7 @@ | |||
295 | # publisher_acl_blacklist instead. | 333 | # publisher_acl_blacklist instead. |
296 | 334 | ||
297 | # Enforce publisher_acl & publisher_acl_blacklist when users have sudo | 335 | # Enforce publisher_acl & publisher_acl_blacklist when users have sudo |
298 | # access to the salt command. | 336 | # access to the salt command. |
299 | # | 337 | # |
300 | #sudo_acl: False | 338 | #sudo_acl: False |
301 | 339 | ||
@@ -308,6 +346,18 @@ | |||
308 | # | 346 | # |
309 | # Time (in seconds) for a newly generated token to live. Default: 12 hours | 347 | # Time (in seconds) for a newly generated token to live. Default: 12 hours |
310 | #token_expire: 43200 | 348 | #token_expire: 43200 |
349 | # | ||
350 | # Allow eauth users to specify the expiry time of the tokens they generate. | ||
351 | # A boolean applies to all users or a dictionary of whitelisted eauth backends | ||
352 | # and usernames may be given. | ||
353 | # token_expire_user_override: | ||
354 | # pam: | ||
355 | # - fred | ||
356 | # - tom | ||
357 | # ldap: | ||
358 | # - gary | ||
359 | # | ||
360 | #token_expire_user_override: False | ||
311 | 361 | ||
312 | # Allow minions to push files to the master. This is disabled by default, for | 362 | # Allow minions to push files to the master. This is disabled by default, for |
313 | # security purposes. | 363 | # security purposes. |
@@ -344,6 +394,10 @@ | |||
344 | #ssh_minion_opts: | 394 | #ssh_minion_opts: |
345 | # gpg_keydir: /root/gpg | 395 | # gpg_keydir: /root/gpg |
346 | 396 | ||
397 | # Set this to True to default to using ~/.ssh/id_rsa for salt-ssh | ||
398 | # authentication with minions | ||
399 | #ssh_use_home_key: False | ||
400 | |||
347 | ##### Master Module Management ##### | 401 | ##### Master Module Management ##### |
348 | ########################################## | 402 | ########################################## |
349 | # Manage how master side modules are loaded. | 403 | # Manage how master side modules are loaded. |
@@ -455,7 +509,7 @@ | |||
455 | # When using multiple environments, each with their own top file, the | 509 | # When using multiple environments, each with their own top file, the |
456 | # default behaviour is an unordered merge. To prevent top files from | 510 | # default behaviour is an unordered merge. To prevent top files from |
457 | # being merged together and instead to only use the top file from the | 511 | # being merged together and instead to only use the top file from the |
458 | # requested environment, set this value to 'same'. | 512 | # requested environment, set this value to 'same'. |
459 | #top_file_merging_strategy: merge | 513 | #top_file_merging_strategy: merge |
460 | 514 | ||
461 | # To specify the order in which environments are merged, set the ordering | 515 | # To specify the order in which environments are merged, set the ordering |
@@ -469,12 +523,15 @@ | |||
469 | #default_top: base | 523 | #default_top: base |
470 | 524 | ||
471 | # The hash_type is the hash to use when discovering the hash of a file on | 525 | # The hash_type is the hash to use when discovering the hash of a file on |
472 | # the master server. The default is md5, but sha1, sha224, sha256, sha384 | 526 | # the master server. The default is md5 but sha1, sha224, sha256, sha384 |
473 | # and sha512 are also supported. | 527 | # and sha512 are also supported. |
474 | # | 528 | # |
475 | # Prior to changing this value, the master should be stopped and all Salt | 529 | # WARNING: While md5 is also supported, do not use it due to the high chance |
530 | # of possible collisions and thus security breach. | ||
531 | # | ||
532 | # Prior to changing this value, the master should be stopped and all Salt | ||
476 | # caches should be cleared. | 533 | # caches should be cleared. |
477 | #hash_type: md5 | 534 | #hash_type: sha256 |
478 | 535 | ||
479 | # The buffer size in the file server can be adjusted here: | 536 | # The buffer size in the file server can be adjusted here: |
480 | #file_buffer_size: 1048576 | 537 | #file_buffer_size: 1048576 |
@@ -540,10 +597,37 @@ | |||
540 | 597 | ||
541 | # Git File Server Backend Configuration | 598 | # Git File Server Backend Configuration |
542 | # | 599 | # |
543 | # Gitfs can be provided by one of two python modules: GitPython or pygit2. If | 600 | # Optional parameter used to specify the provider to be used for gitfs. Must |
544 | # using pygit2, both libgit2 and git must also be installed. | 601 | # be one of the following: pygit2, gitpython, or dulwich. If unset, then each |
545 | #gitfs_provider: gitpython | 602 | # will be tried in that same order, and the first one with a compatible |
546 | # | 603 | # version installed will be the provider that is used. |
604 | #gitfs_provider: pygit2 | ||
605 | |||
606 | # Along with gitfs_password, is used to authenticate to HTTPS remotes. | ||
607 | # gitfs_user: '' | ||
608 | |||
609 | # Along with gitfs_user, is used to authenticate to HTTPS remotes. | ||
610 | # This parameter is not required if the repository does not use authentication. | ||
611 | #gitfs_password: '' | ||
612 | |||
613 | # By default, Salt will not authenticate to an HTTP (non-HTTPS) remote. | ||
614 | # This parameter enables authentication over HTTP. Enable this at your own risk. | ||
615 | #gitfs_insecure_auth: False | ||
616 | |||
617 | # Along with gitfs_privkey (and optionally gitfs_passphrase), is used to | ||
618 | # authenticate to SSH remotes. This parameter (or its per-remote counterpart) | ||
619 | # is required for SSH remotes. | ||
620 | #gitfs_pubkey: '' | ||
621 | |||
622 | # Along with gitfs_pubkey (and optionally gitfs_passphrase), is used to | ||
623 | # authenticate to SSH remotes. This parameter (or its per-remote counterpart) | ||
624 | # is required for SSH remotes. | ||
625 | #gitfs_privkey: '' | ||
626 | |||
627 | # This parameter is optional, required only when the SSH key being used to | ||
628 | # authenticate is protected by a passphrase. | ||
629 | #gitfs_passphrase: '' | ||
630 | |||
547 | # When using the git fileserver backend at least one git remote needs to be | 631 | # When using the git fileserver backend at least one git remote needs to be |
548 | # defined. The user running the salt master will need read access to the repo. | 632 | # defined. The user running the salt master will need read access to the repo. |
549 | # | 633 | # |
@@ -551,7 +635,7 @@ | |||
551 | # and the first repo to have the file will return it. | 635 | # and the first repo to have the file will return it. |
552 | # When using the git backend branches and tags are translated into salt | 636 | # When using the git backend branches and tags are translated into salt |
553 | # environments. | 637 | # environments. |
554 | # Note: file:// repos will be treated as a remote, so refs you want used must | 638 | # Note: file:// repos will be treated as a remote, so refs you want used must |
555 | # exist in that repo as *local* refs. | 639 | # exist in that repo as *local* refs. |
556 | #gitfs_remotes: | 640 | #gitfs_remotes: |
557 | # - git://github.com/saltstack/salt-states.git | 641 | # - git://github.com/saltstack/salt-states.git |
@@ -610,10 +694,10 @@ | |||
610 | #pillar_safe_render_error: True | 694 | #pillar_safe_render_error: True |
611 | 695 | ||
612 | # The pillar_source_merging_strategy option allows you to configure merging strategy | 696 | # The pillar_source_merging_strategy option allows you to configure merging strategy |
613 | # between different sources. It accepts four values: recurse, aggregate, overwrite, | 697 | # between different sources. It accepts five values: none, recurse, aggregate, overwrite, |
614 | # or smart. Recurse will merge recursively mapping of data. Aggregate instructs | 698 | # or smart. None will not do any merging at all. Recurse will merge recursively mapping of data. |
615 | # aggregation of elements between sources that use the #!yamlex renderer. Overwrite | 699 | # Aggregate instructs aggregation of elements between sources that use the #!yamlex renderer. Overwrite |
616 | # will verwrite elements according the order in which they are processed. This is | 700 | # will overwrite elements according the order in which they are processed. This is |
617 | # behavior of the 2014.1 branch and earlier. Smart guesses the best strategy based | 701 | # behavior of the 2014.1 branch and earlier. Smart guesses the best strategy based |
618 | # on the "renderer" setting and is the default value. | 702 | # on the "renderer" setting and is the default value. |
619 | #pillar_source_merging_strategy: smart | 703 | #pillar_source_merging_strategy: smart |
@@ -621,6 +705,107 @@ | |||
621 | # Recursively merge lists by aggregating them instead of replacing them. | 705 | # Recursively merge lists by aggregating them instead of replacing them. |
622 | #pillar_merge_lists: False | 706 | #pillar_merge_lists: False |
623 | 707 | ||
708 | # Set this option to 'True' to force a 'KeyError' to be raised whenever an | ||
709 | # attempt to retrieve a named value from pillar fails. When this option is set | ||
710 | # to 'False', the failed attempt returns an empty string. Default is 'False'. | ||
711 | #pillar_raise_on_missing: False | ||
712 | |||
713 | # Git External Pillar (git_pillar) Configuration Options | ||
714 | # | ||
715 | # Specify the provider to be used for git_pillar. Must be either pygit2 or | ||
716 | # gitpython. If unset, then both will be tried in that same order, and the | ||
717 | # first one with a compatible version installed will be the provider that | ||
718 | # is used. | ||
719 | #git_pillar_provider: pygit2 | ||
720 | |||
721 | # If the desired branch matches this value, and the environment is omitted | ||
722 | # from the git_pillar configuration, then the environment for that git_pillar | ||
723 | # remote will be base. | ||
724 | #git_pillar_base: master | ||
725 | |||
726 | # If the branch is omitted from a git_pillar remote, then this branch will | ||
727 | # be used instead | ||
728 | #git_pillar_branch: master | ||
729 | |||
730 | # Environment to use for git_pillar remotes. This is normally derived from | ||
731 | # the branch/tag (or from a per-remote env parameter), but if set this will | ||
732 | # override the process of deriving the env from the branch/tag name. | ||
733 | #git_pillar_env: '' | ||
734 | |||
735 | # Path relative to the root of the repository where the git_pillar top file | ||
736 | # and SLS files are located. | ||
737 | #git_pillar_root: '' | ||
738 | |||
739 | # Specifies whether or not to ignore SSL certificate errors when contacting | ||
740 | # the remote repository. | ||
741 | #git_pillar_ssl_verify: False | ||
742 | |||
743 | # When set to False, if there is an update/checkout lock for a git_pillar | ||
744 | # remote and the pid written to it is not running on the master, the lock | ||
745 | # file will be automatically cleared and a new lock will be obtained. | ||
746 | #git_pillar_global_lock: True | ||
747 | |||
748 | # Git External Pillar Authentication Options | ||
749 | # | ||
750 | # Along with git_pillar_password, is used to authenticate to HTTPS remotes. | ||
751 | #git_pillar_user: '' | ||
752 | |||
753 | # Along with git_pillar_user, is used to authenticate to HTTPS remotes. | ||
754 | # This parameter is not required if the repository does not use authentication. | ||
755 | #git_pillar_password: '' | ||
756 | |||
757 | # By default, Salt will not authenticate to an HTTP (non-HTTPS) remote. | ||
758 | # This parameter enables authentication over HTTP. | ||
759 | #git_pillar_insecure_auth: False | ||
760 | |||
761 | # Along with git_pillar_privkey (and optionally git_pillar_passphrase), | ||
762 | # is used to authenticate to SSH remotes. | ||
763 | #git_pillar_pubkey: '' | ||
764 | |||
765 | # Along with git_pillar_pubkey (and optionally git_pillar_passphrase), | ||
766 | # is used to authenticate to SSH remotes. | ||
767 | #git_pillar_privkey: '' | ||
768 | |||
769 | # This parameter is optional, required only when the SSH key being used | ||
770 | # to authenticate is protected by a passphrase. | ||
771 | #git_pillar_passphrase: '' | ||
772 | |||
773 | # A master can cache pillars locally to bypass the expense of having to render them | ||
774 | # for each minion on every request. This feature should only be enabled in cases | ||
775 | # where pillar rendering time is known to be unsatisfactory and any attendant security | ||
776 | # concerns about storing pillars in a master cache have been addressed. | ||
777 | # | ||
778 | # When enabling this feature, be certain to read through the additional ``pillar_cache_*`` | ||
779 | # configuration options to fully understand the tunable parameters and their implications. | ||
780 | # | ||
781 | # Note: setting ``pillar_cache: True`` has no effect on targeting Minions with Pillars. | ||
782 | # See https://docs.saltstack.com/en/latest/topics/targeting/pillar.html | ||
783 | #pillar_cache: False | ||
784 | |||
785 | # If and only if a master has set ``pillar_cache: True``, the cache TTL controls the amount | ||
786 | # of time, in seconds, before the cache is considered invalid by a master and a fresh | ||
787 | # pillar is recompiled and stored. | ||
788 | #pillar_cache_ttl: 3600 | ||
789 | |||
790 | # If and only if a master has set `pillar_cache: True`, one of several storage providers | ||
791 | # can be utililzed. | ||
792 | # | ||
793 | # `disk`: The default storage backend. This caches rendered pillars to the master cache. | ||
794 | # Rendered pillars are serialized and deserialized as msgpack structures for speed. | ||
795 | # Note that pillars are stored UNENCRYPTED. Ensure that the master cache | ||
796 | # has permissions set appropriately. (Same defaults are provided.) | ||
797 | # | ||
798 | # memory: [EXPERIMENTAL] An optional backend for pillar caches which uses a pure-Python | ||
799 | # in-memory data structure for maximal performance. There are several caveats, | ||
800 | # however. First, because each master worker contains its own in-memory cache, | ||
801 | # there is no guarantee of cache consistency between minion requests. This | ||
802 | # works best in situations where the pillar rarely if ever changes. Secondly, | ||
803 | # and perhaps more importantly, this means that unencrypted pillars will | ||
804 | # be accessible to any process which can examine the memory of the ``salt-master``! | ||
805 | # This may represent a substantial security risk. | ||
806 | # | ||
807 | #pillar_cache_backend: disk | ||
808 | |||
624 | 809 | ||
625 | ##### Syndic settings ##### | 810 | ##### Syndic settings ##### |
626 | ########################################## | 811 | ########################################## |
@@ -649,6 +834,12 @@ | |||
649 | # LOG file of the syndic daemon: | 834 | # LOG file of the syndic daemon: |
650 | #syndic_log_file: syndic.log | 835 | #syndic_log_file: syndic.log |
651 | 836 | ||
837 | # The behaviour of the multi-syndic when connection to a master of masters failed. | ||
838 | # Can specify ``random`` (default) or ``ordered``. If set to ``random``, masters | ||
839 | # will be iterated in random order. If ``ordered`` is specified, the configured | ||
840 | # order will be used. | ||
841 | #syndic_failover: random | ||
842 | |||
652 | 843 | ||
653 | ##### Peer Publish settings ##### | 844 | ##### Peer Publish settings ##### |
654 | ########################################## | 845 | ########################################## |
@@ -738,7 +929,7 @@ | |||
738 | # If using 'log_granular_levels' this must be set to the highest desired level. | 929 | # If using 'log_granular_levels' this must be set to the highest desired level. |
739 | #log_level_logfile: warning | 930 | #log_level_logfile: warning |
740 | 931 | ||
741 | # The date and time format used in log messages. Allowed date/time formating | 932 | # The date and time format used in log messages. Allowed date/time formatting |
742 | # can be seen here: http://docs.python.org/library/time.html#time.strftime | 933 | # can be seen here: http://docs.python.org/library/time.html#time.strftime |
743 | #log_datefmt: '%H:%M:%S' | 934 | #log_datefmt: '%H:%M:%S' |
744 | #log_datefmt_logfile: '%Y-%m-%d %H:%M:%S' | 935 | #log_datefmt_logfile: '%Y-%m-%d %H:%M:%S' |
@@ -760,7 +951,7 @@ | |||
760 | #log_fmt_console: '%(colorlevel)s %(colormsg)s' | 951 | #log_fmt_console: '%(colorlevel)s %(colormsg)s' |
761 | #log_fmt_console: '[%(levelname)-8s] %(message)s' | 952 | #log_fmt_console: '[%(levelname)-8s] %(message)s' |
762 | # | 953 | # |
763 | #log_fmt_logfile: '%(asctime)s,%(msecs)03.0f [%(name)-17s][%(levelname)-8s] %(message)s' | 954 | #log_fmt_logfile: '%(asctime)s,%(msecs)03d [%(name)-17s][%(levelname)-8s] %(message)s' |
764 | 955 | ||
765 | # This can be used to control logging levels more specificically. This | 956 | # This can be used to control logging levels more specificically. This |
766 | # example sets the main salt library at the 'warning' level, but sets | 957 | # example sets the main salt library at the 'warning' level, but sets |
@@ -774,11 +965,18 @@ | |||
774 | 965 | ||
775 | ##### Node Groups ###### | 966 | ##### Node Groups ###### |
776 | ########################################## | 967 | ########################################## |
777 | # Node groups allow for logical groupings of minion nodes. A group consists of a group | 968 | # Node groups allow for logical groupings of minion nodes. A group consists of |
778 | # name and a compound target. | 969 | # a group name and a compound target. Nodgroups can reference other nodegroups |
970 | # with 'N@' classifier. Ensure that you do not have circular references. | ||
971 | # | ||
779 | #nodegroups: | 972 | #nodegroups: |
780 | # group1: 'L@foo.domain.com,bar.domain.com,baz.domain.com and bl*.domain.com' | 973 | # group1: 'L@foo.domain.com,bar.domain.com,baz.domain.com or bl*.domain.com' |
781 | # group2: 'G@os:Debian and foo.domain.com' | 974 | # group2: 'G@os:Debian and foo.domain.com' |
975 | # group3: 'G@os:Debian and N@group1' | ||
976 | # group4: | ||
977 | # - 'G@foo:bar' | ||
978 | # - 'or' | ||
979 | # - 'G@foo:baz' | ||
782 | 980 | ||
783 | 981 | ||
784 | ##### Range Cluster settings ##### | 982 | ##### Range Cluster settings ##### |
@@ -824,3 +1022,13 @@ | |||
824 | ############################################ | 1022 | ############################################ |
825 | # Default match type for filtering events tags: startswith, endswith, find, regex, fnmatch | 1023 | # Default match type for filtering events tags: startswith, endswith, find, regex, fnmatch |
826 | #event_match_type: startswith | 1024 | #event_match_type: startswith |
1025 | |||
1026 | # Save runner returns to the job cache | ||
1027 | #runner_returns: True | ||
1028 | |||
1029 | # Permanently include any available Python 3rd party modules into Salt Thin | ||
1030 | # when they are generated for Salt-SSH or other purposes. | ||
1031 | # The modules should be named by the names they are actually imported inside the Python. | ||
1032 | # The value of the parameters can be either one module or a comma separated list of them. | ||
1033 | #thin_extra_mods: foo,bar | ||
1034 | |||