diff options
Diffstat (limited to 'meta-openstack/recipes-support/salt/files/minion')
-rw-r--r-- | meta-openstack/recipes-support/salt/files/minion | 366 |
1 files changed, 276 insertions, 90 deletions
diff --git a/meta-openstack/recipes-support/salt/files/minion b/meta-openstack/recipes-support/salt/files/minion index 8fdde14..bd97c43 100644 --- a/meta-openstack/recipes-support/salt/files/minion +++ b/meta-openstack/recipes-support/salt/files/minion | |||
@@ -1,16 +1,52 @@ | |||
1 | ##### Primary configuration settings ##### | 1 | ##### Primary configuration settings ##### |
2 | ########################################## | 2 | ########################################## |
3 | # This configuration file is used to manage the behavior of the Salt Minion. | ||
4 | # With the exception of the location of the Salt Master Server, values that are | ||
5 | # commented out but have an empty line after the comment are defaults that need | ||
6 | # not be set in the config. If there is no blank line after the comment, the | ||
7 | # value is presented as an example and is not the default. | ||
3 | 8 | ||
4 | # Per default the minion will automatically include all config files | 9 | # Per default the minion will automatically include all config files |
5 | # from minion.d/*.conf (minion.d is a directory in the same directory | 10 | # from minion.d/*.conf (minion.d is a directory in the same directory |
6 | # as the main minion config file). | 11 | # as the main minion config file). |
7 | #default_include: minion.d/*.conf | 12 | #default_include: minion.d/*.conf |
8 | 13 | ||
9 | # Set the location of the salt master server, if the master server cannot be | 14 | # Set the location of the salt master server. If the master server cannot be |
10 | # resolved, then the minion will fail to start. | 15 | # resolved, then the minion will fail to start. |
11 | #master: salt | 16 | #master: salt |
12 | 17 | ||
13 | # Set whether the minion should connect to the master via IPv6 | 18 | # Set http proxy information for the minion when doing requests |
19 | #proxy_host: | ||
20 | #proxy_port: | ||
21 | #proxy_username: | ||
22 | #proxy_password: | ||
23 | |||
24 | # If multiple masters are specified in the 'master' setting, the default behavior | ||
25 | # is to always try to connect to them in the order they are listed. If random_master is | ||
26 | # set to True, the order will be randomized instead. This can be helpful in distributing | ||
27 | # the load of many minions executing salt-call requests, for example, from a cron job. | ||
28 | # If only one master is listed, this setting is ignored and a warning will be logged. | ||
29 | # NOTE: If master_type is set to failover, use master_shuffle instead. | ||
30 | #random_master: False | ||
31 | |||
32 | # Use if master_type is set to failover. | ||
33 | #master_shuffle: False | ||
34 | |||
35 | # Minions can connect to multiple masters simultaneously (all masters | ||
36 | # are "hot"), or can be configured to failover if a master becomes | ||
37 | # unavailable. Multiple hot masters are configured by setting this | ||
38 | # value to "str". Failover masters can be requested by setting | ||
39 | # to "failover". MAKE SURE TO SET master_alive_interval if you are | ||
40 | # using failover. | ||
41 | # master_type: str | ||
42 | |||
43 | # Poll interval in seconds for checking if the master is still there. Only | ||
44 | # respected if master_type above is "failover". To disable the interval entirely, | ||
45 | # set the value to -1. (This may be necessary on machines which have high numbers | ||
46 | # of TCP connections, such as load balancers.) | ||
47 | # master_alive_interval: 30 | ||
48 | |||
49 | # Set whether the minion should connect to the master via IPv6: | ||
14 | #ipv6: False | 50 | #ipv6: False |
15 | 51 | ||
16 | # Set the number of seconds to wait before attempting to resolve | 52 | # Set the number of seconds to wait before attempting to resolve |
@@ -18,13 +54,19 @@ | |||
18 | # Set to zero if the minion should shutdown and not retry. | 54 | # Set to zero if the minion should shutdown and not retry. |
19 | # retry_dns: 30 | 55 | # retry_dns: 30 |
20 | 56 | ||
21 | # Set the port used by the master reply and authentication server | 57 | # Set the port used by the master reply and authentication server. |
22 | #master_port: 4506 | 58 | #master_port: 4506 |
23 | 59 | ||
24 | # The user to run salt | 60 | # The user to run salt. |
25 | #user: root | 61 | #user: root |
26 | 62 | ||
27 | # Specify the location of the daemon process ID file | 63 | # Setting sudo_user will cause salt to run all execution modules under an sudo |
64 | # to the user given in sudo_user. The user under which the salt minion process | ||
65 | # itself runs will still be that provided in the user config above, but all | ||
66 | # execution modules run by the minion will be rerouted through sudo. | ||
67 | #sudo_user: saltdev | ||
68 | |||
69 | # Specify the location of the daemon process ID file. | ||
28 | #pidfile: /var/run/salt-minion.pid | 70 | #pidfile: /var/run/salt-minion.pid |
29 | 71 | ||
30 | # The root directory prepended to these options: pki_dir, cachedir, log_file, | 72 | # The root directory prepended to these options: pki_dir, cachedir, log_file, |
@@ -48,7 +90,7 @@ | |||
48 | 90 | ||
49 | # Custom static grains for this minion can be specified here and used in SLS | 91 | # Custom static grains for this minion can be specified here and used in SLS |
50 | # files just like all other grains. This example sets 4 custom grains, with | 92 | # files just like all other grains. This example sets 4 custom grains, with |
51 | # the 'roles' grain having two values that can be matched against: | 93 | # the 'roles' grain having two values that can be matched against. |
52 | #grains: | 94 | #grains: |
53 | # roles: | 95 | # roles: |
54 | # - webserver | 96 | # - webserver |
@@ -56,36 +98,40 @@ | |||
56 | # deployment: datacenter4 | 98 | # deployment: datacenter4 |
57 | # cabinet: 13 | 99 | # cabinet: 13 |
58 | # cab_u: 14-15 | 100 | # cab_u: 14-15 |
59 | 101 | # | |
60 | # Where cache data goes | 102 | # Where cache data goes. |
103 | # This data may contain sensitive data and should be protected accordingly. | ||
61 | #cachedir: /var/cache/salt/minion | 104 | #cachedir: /var/cache/salt/minion |
62 | 105 | ||
63 | # Verify and set permissions on configuration directories at startup | 106 | # Verify and set permissions on configuration directories at startup. |
64 | #verify_env: True | 107 | #verify_env: True |
65 | 108 | ||
66 | # The minion can locally cache the return data from jobs sent to it, this | 109 | # The minion can locally cache the return data from jobs sent to it, this |
67 | # can be a good way to keep track of jobs the minion has executed | 110 | # can be a good way to keep track of jobs the minion has executed |
68 | # (on the minion side). By default this feature is disabled, to enable | 111 | # (on the minion side). By default this feature is disabled, to enable, set |
69 | # set cache_jobs to True | 112 | # cache_jobs to True. |
70 | #cache_jobs: False | 113 | #cache_jobs: False |
71 | 114 | ||
72 | # set the directory used to hold unix sockets | 115 | # Set the directory used to hold unix sockets. |
73 | #sock_dir: /var/run/salt/minion | 116 | #sock_dir: /var/run/salt/minion |
74 | 117 | ||
75 | # Set the default outputter used by the salt-call command. The default is | 118 | # Set the default outputter used by the salt-call command. The default is |
76 | # "nested" | 119 | # "nested". |
77 | #output: nested | 120 | #output: nested |
78 | # | 121 | # |
79 | # By default output is colored, to disable colored output set the color value | 122 | # By default output is colored. To disable colored output, set the color value |
80 | # to False | 123 | # to False. |
81 | #color: True | 124 | #color: True |
82 | 125 | ||
126 | # Do not strip off the colored output from nested results and state outputs | ||
127 | # (true by default). | ||
128 | # strip_colors: False | ||
129 | |||
83 | # Backup files that are replaced by file.managed and file.recurse under | 130 | # Backup files that are replaced by file.managed and file.recurse under |
84 | # 'cachedir'/file_backups relative to their original location and appended | 131 | # 'cachedir'/file_backups relative to their original location and appended |
85 | # with a timestamp. The only valid setting is "minion". Disabled by default. | 132 | # with a timestamp. The only valid setting is "minion". Disabled by default. |
86 | # | 133 | # |
87 | # Alternatively this can be specified for each file in state files: | 134 | # Alternatively this can be specified for each file in state files: |
88 | # | ||
89 | # /etc/ssh/sshd_config: | 135 | # /etc/ssh/sshd_config: |
90 | # file.managed: | 136 | # file.managed: |
91 | # - source: salt://ssh/sshd_config | 137 | # - source: salt://ssh/sshd_config |
@@ -103,27 +149,55 @@ | |||
103 | # set to zero, the time between reconnection attempts will stay constant. | 149 | # set to zero, the time between reconnection attempts will stay constant. |
104 | #acceptance_wait_time_max: 0 | 150 | #acceptance_wait_time_max: 0 |
105 | 151 | ||
152 | # If the master rejects the minion's public key, retry instead of exiting. | ||
153 | # Rejected keys will be handled the same as waiting on acceptance. | ||
154 | #rejected_retry: False | ||
155 | |||
106 | # When the master key changes, the minion will try to re-auth itself to receive | 156 | # When the master key changes, the minion will try to re-auth itself to receive |
107 | # the new master key. In larger environments this can cause a SYN flood on the | 157 | # the new master key. In larger environments this can cause a SYN flood on the |
108 | # master because all minions try to re-auth immediately. To prevent this and | 158 | # master because all minions try to re-auth immediately. To prevent this and |
109 | # have a minion wait for a random amount of time, use this optional parameter. | 159 | # have a minion wait for a random amount of time, use this optional parameter. |
110 | # The wait-time will be a random number of seconds between | 160 | # The wait-time will be a random number of seconds between 0 and the defined value. |
111 | # 0 and the defined value. | ||
112 | #random_reauth_delay: 60 | 161 | #random_reauth_delay: 60 |
113 | 162 | ||
163 | # When waiting for a master to accept the minion's public key, salt will | ||
164 | # continuously attempt to reconnect until successful. This is the timeout value, | ||
165 | # in seconds, for each individual attempt. After this timeout expires, the minion | ||
166 | # will wait for acceptance_wait_time seconds before trying again. Unless your master | ||
167 | # is under unusually heavy load, this should be left at the default. | ||
168 | #auth_timeout: 60 | ||
169 | |||
170 | # Number of consecutive SaltReqTimeoutError that are acceptable when trying to | ||
171 | # authenticate. | ||
172 | #auth_tries: 7 | ||
173 | |||
174 | # If authentication fails due to SaltReqTimeoutError during a ping_interval, | ||
175 | # cause sub minion process to restart. | ||
176 | #auth_safemode: False | ||
177 | |||
178 | # Ping Master to ensure connection is alive (minutes). | ||
179 | #ping_interval: 0 | ||
180 | |||
181 | # To auto recover minions if master changes IP address (DDNS) | ||
182 | # auth_tries: 10 | ||
183 | # auth_safemode: False | ||
184 | # ping_interval: 90 | ||
185 | # | ||
186 | # Minions won't know master is missing until a ping fails. After the ping fail, | ||
187 | # the minion will attempt authentication and likely fails out and cause a restart. | ||
188 | # When the minion restarts it will resolve the masters IP and attempt to reconnect. | ||
114 | 189 | ||
115 | # If you don't have any problems with syn-floods, dont bother with the | 190 | # If you don't have any problems with syn-floods, don't bother with the |
116 | # three recon_* settings described below, just leave the defaults! | 191 | # three recon_* settings described below, just leave the defaults! |
117 | # | 192 | # |
118 | # The ZeroMQ pull-socket that binds to the masters publishing interface tries | 193 | # The ZeroMQ pull-socket that binds to the masters publishing interface tries |
119 | # to reconnect immediately, if the socket is disconnected (for example if | 194 | # to reconnect immediately, if the socket is disconnected (for example if |
120 | # the master processes are restarted). In large setups this will have all | 195 | # the master processes are restarted). In large setups this will have all |
121 | # minions reconnect immediately which might flood the master (the ZeroMQ-default | 196 | # minions reconnect immediately which might flood the master (the ZeroMQ-default |
122 | # is usually a 100ms delay). To prevent this, these three recon_* settings | 197 | # is usually a 100ms delay). To prevent this, these three recon_* settings |
123 | # can be used. | 198 | # can be used. |
124 | # | 199 | # recon_default: the interval in milliseconds that the socket should wait before |
125 | # recon_default: the interval in milliseconds that the socket should wait before | 200 | # trying to reconnect to the master (1000ms = 1 second) |
126 | # trying to reconnect to the master (100ms = 1 second) | ||
127 | # | 201 | # |
128 | # recon_max: the maximum time a socket should wait. each interval the time to wait | 202 | # recon_max: the maximum time a socket should wait. each interval the time to wait |
129 | # is calculated by doubling the previous time. if recon_max is reached, | 203 | # is calculated by doubling the previous time. if recon_max is reached, |
@@ -136,29 +210,26 @@ | |||
136 | # reconnect 5: value from previous interval * 2 | 210 | # reconnect 5: value from previous interval * 2 |
137 | # reconnect x: if value >= recon_max, it starts again with recon_default | 211 | # reconnect x: if value >= recon_max, it starts again with recon_default |
138 | # | 212 | # |
139 | # recon_randomize: generate a random wait time on minion start. The wait time will | 213 | # recon_randomize: generate a random wait time on minion start. The wait time will |
140 | # be a random value between recon_default and recon_default + | 214 | # be a random value between recon_default and recon_default + |
141 | # recon_max. Having all minions reconnect with the same recon_default | 215 | # recon_max. Having all minions reconnect with the same recon_default |
142 | # and recon_max value kind of defeats the purpose of being able to | 216 | # and recon_max value kind of defeats the purpose of being able to |
143 | # change these settings. If all minions have the same values and your | 217 | # change these settings. If all minions have the same values and your |
144 | # setup is quite large (several thousand minions), they will still | 218 | # setup is quite large (several thousand minions), they will still |
145 | # flood the master. The desired behaviour is to have timeframe within | 219 | # flood the master. The desired behavior is to have timeframe within |
146 | # all minions try to reconnect. | 220 | # all minions try to reconnect. |
147 | 221 | # | |
148 | # Example on how to use these settings: | 222 | # Example on how to use these settings. The goal: have all minions reconnect within a |
149 | # The goal: have all minions reconnect within a 60 second timeframe on a disconnect | 223 | # 60 second timeframe on a disconnect. |
150 | # | 224 | # recon_default: 1000 |
151 | # The settings: | 225 | # recon_max: 59000 |
152 | #recon_default: 1000 | 226 | # recon_randomize: True |
153 | #recon_max: 59000 | ||
154 | #recon_randomize: True | ||
155 | # | 227 | # |
156 | # Each minion will have a randomized reconnect value between 'recon_default' | 228 | # Each minion will have a randomized reconnect value between 'recon_default' |
157 | # and 'recon_default + recon_max', which in this example means between 1000ms | 229 | # and 'recon_default + recon_max', which in this example means between 1000ms |
158 | # 60000ms (or between 1 and 60 seconds). The generated random-value will be | 230 | # 60000ms (or between 1 and 60 seconds). The generated random-value will be |
159 | # doubled after each attempt to reconnect. Lets say the generated random | 231 | # doubled after each attempt to reconnect. Lets say the generated random |
160 | # value is 11 seconds (or 11000ms). | 232 | # value is 11 seconds (or 11000ms). |
161 | # | ||
162 | # reconnect 1: wait 11 seconds | 233 | # reconnect 1: wait 11 seconds |
163 | # reconnect 2: wait 22 seconds | 234 | # reconnect 2: wait 22 seconds |
164 | # reconnect 3: wait 33 seconds | 235 | # reconnect 3: wait 33 seconds |
@@ -172,29 +243,68 @@ | |||
172 | # | 243 | # |
173 | # In a setup with ~6000 thousand hosts these settings would average the reconnects | 244 | # In a setup with ~6000 thousand hosts these settings would average the reconnects |
174 | # to about 100 per second and all hosts would be reconnected within 60 seconds. | 245 | # to about 100 per second and all hosts would be reconnected within 60 seconds. |
175 | #recon_default: 100 | 246 | # recon_default: 100 |
176 | #recon_max: 5000 | 247 | # recon_max: 5000 |
177 | #recon_randomize: False | 248 | # recon_randomize: False |
178 | 249 | # | |
250 | # | ||
179 | # The loop_interval sets how long in seconds the minion will wait between | 251 | # The loop_interval sets how long in seconds the minion will wait between |
180 | # evaluating the scheduler and running cleanup tasks. This defaults to a | 252 | # evaluating the scheduler and running cleanup tasks. This defaults to a |
181 | # sane 60 seconds, but if the minion scheduler needs to be evaluated more | 253 | # sane 60 seconds, but if the minion scheduler needs to be evaluated more |
182 | # often lower this value | 254 | # often lower this value |
183 | #loop_interval: 60 | 255 | #loop_interval: 60 |
184 | 256 | ||
185 | # When healing, a dns_check is run. This is to make sure that the originally | 257 | # The grains can be merged, instead of overridden, using this option. |
186 | # resolved dns has not changed. If this is something that does not happen in | 258 | # This allows custom grains to defined different subvalues of a dictionary |
187 | # your environment, set this value to False. | 259 | # grain. By default this feature is disabled, to enable set grains_deep_merge |
188 | #dns_check: True | 260 | # to ``True``. |
261 | #grains_deep_merge: False | ||
262 | |||
263 | # The grains_refresh_every setting allows for a minion to periodically check | ||
264 | # its grains to see if they have changed and, if so, to inform the master | ||
265 | # of the new grains. This operation is moderately expensive, therefore | ||
266 | # care should be taken not to set this value too low. | ||
267 | # | ||
268 | # Note: This value is expressed in __minutes__! | ||
269 | # | ||
270 | # A value of 10 minutes is a reasonable default. | ||
271 | # | ||
272 | # If the value is set to zero, this check is disabled. | ||
273 | #grains_refresh_every: 1 | ||
274 | |||
275 | # Cache grains on the minion. Default is False. | ||
276 | #grains_cache: False | ||
277 | |||
278 | # Cache rendered pillar data on the minion. Default is False. | ||
279 | # This may cause 'cachedir'/pillar to contain sensitive data that should be | ||
280 | # protected accordingly. | ||
281 | #minion_pillar_cache: False | ||
282 | |||
283 | # Grains cache expiration, in seconds. If the cache file is older than this | ||
284 | # number of seconds then the grains cache will be dumped and fully re-populated | ||
285 | # with fresh data. Defaults to 5 minutes. Will have no effect if 'grains_cache' | ||
286 | # is not enabled. | ||
287 | # grains_cache_expiration: 300 | ||
189 | 288 | ||
190 | # Windows platforms lack posix IPC and must rely on slower TCP based inter- | 289 | # Windows platforms lack posix IPC and must rely on slower TCP based inter- |
191 | # process communications. Set ipc_mode to 'tcp' on such systems | 290 | # process communications. Set ipc_mode to 'tcp' on such systems |
192 | #ipc_mode: ipc | 291 | #ipc_mode: ipc |
193 | # | 292 | |
194 | # Overwrite the default tcp ports used by the minion when in tcp mode | 293 | # Overwrite the default tcp ports used by the minion when in tcp mode |
195 | #tcp_pub_port: 4510 | 294 | #tcp_pub_port: 4510 |
196 | #tcp_pull_port: 4511 | 295 | #tcp_pull_port: 4511 |
197 | 296 | ||
297 | # Passing very large events can cause the minion to consume large amounts of | ||
298 | # memory. This value tunes the maximum size of a message allowed onto the | ||
299 | # minion event bus. The value is expressed in bytes. | ||
300 | #max_event_size: 1048576 | ||
301 | |||
302 | # To detect failed master(s) and fire events on connect/disconnect, set | ||
303 | # master_alive_interval to the number of seconds to poll the masters for | ||
304 | # connection events. | ||
305 | # | ||
306 | #master_alive_interval: 30 | ||
307 | |||
198 | # The minion can include configuration from other files. To enable this, | 308 | # The minion can include configuration from other files. To enable this, |
199 | # pass a list of paths to this option. The paths can be either relative or | 309 | # pass a list of paths to this option. The paths can be either relative or |
200 | # absolute; if relative, they are considered to be relative to the directory | 310 | # absolute; if relative, they are considered to be relative to the directory |
@@ -202,7 +312,6 @@ | |||
202 | # of shell-style globbing. If no files are matched by a path passed to this | 312 | # of shell-style globbing. If no files are matched by a path passed to this |
203 | # option then the minion will log a warning message. | 313 | # option then the minion will log a warning message. |
204 | # | 314 | # |
205 | # | ||
206 | # Include a config file from some other path: | 315 | # Include a config file from some other path: |
207 | # include: /etc/salt/extra_config | 316 | # include: /etc/salt/extra_config |
208 | # | 317 | # |
@@ -210,11 +319,13 @@ | |||
210 | #include: | 319 | #include: |
211 | # - /etc/salt/extra_config | 320 | # - /etc/salt/extra_config |
212 | # - /etc/roles/webserver | 321 | # - /etc/roles/webserver |
213 | 322 | # | |
323 | # | ||
324 | # | ||
214 | ##### Minion module management ##### | 325 | ##### Minion module management ##### |
215 | ########################################## | 326 | ########################################## |
216 | # Disable specific modules. This allows the admin to limit the level of | 327 | # Disable specific modules. This allows the admin to limit the level of |
217 | # access the master has to the minion | 328 | # access the master has to the minion. |
218 | #disable_modules: [cmd,test] | 329 | #disable_modules: [cmd,test] |
219 | #disable_returners: [] | 330 | #disable_returners: [] |
220 | # | 331 | # |
@@ -226,18 +337,22 @@ | |||
226 | #returner_dirs: [] | 337 | #returner_dirs: [] |
227 | #states_dirs: [] | 338 | #states_dirs: [] |
228 | #render_dirs: [] | 339 | #render_dirs: [] |
340 | #utils_dirs: [] | ||
229 | # | 341 | # |
230 | # A module provider can be statically overwritten or extended for the minion | 342 | # A module provider can be statically overwritten or extended for the minion |
231 | # via the providers option, in this case the default module will be | 343 | # via the providers option, in this case the default module will be |
232 | # overwritten by the specified module. In this example the pkg module will | 344 | # overwritten by the specified module. In this example the pkg module will |
233 | # be provided by the yumpkg5 module instead of the system default. | 345 | # be provided by the yumpkg5 module instead of the system default. |
234 | # | ||
235 | #providers: | 346 | #providers: |
236 | # pkg: yumpkg5 | 347 | # pkg: yumpkg5 |
237 | # | 348 | # |
238 | # Enable Cython modules searching and loading. (Default: False) | 349 | # Enable Cython modules searching and loading. (Default: False) |
239 | #cython_enable: False | 350 | #cython_enable: False |
240 | # | 351 | # |
352 | # Specify a max size (in bytes) for modules on import. This feature is currently | ||
353 | # only supported on *nix operating systems and requires psutil. | ||
354 | # modules_max_memory: -1 | ||
355 | |||
241 | 356 | ||
242 | ##### State Management Settings ##### | 357 | ##### State Management Settings ##### |
243 | ########################################### | 358 | ########################################### |
@@ -256,21 +371,19 @@ | |||
256 | #renderer: yaml_jinja | 371 | #renderer: yaml_jinja |
257 | # | 372 | # |
258 | # The failhard option tells the minions to stop immediately after the first | 373 | # The failhard option tells the minions to stop immediately after the first |
259 | # failure detected in the state execution, defaults to False | 374 | # failure detected in the state execution. Defaults to False. |
260 | #failhard: False | 375 | #failhard: False |
261 | # | 376 | # |
262 | # autoload_dynamic_modules Turns on automatic loading of modules found in the | 377 | # Reload the modules prior to a highstate run. |
263 | # environments on the master. This is turned on by default, to turn of | ||
264 | # autoloading modules when states run set this value to False | ||
265 | #autoload_dynamic_modules: True | 378 | #autoload_dynamic_modules: True |
266 | # | 379 | # |
267 | # clean_dynamic_modules keeps the dynamic modules on the minion in sync with | 380 | # clean_dynamic_modules keeps the dynamic modules on the minion in sync with |
268 | # the dynamic modules on the master, this means that if a dynamic module is | 381 | # the dynamic modules on the master, this means that if a dynamic module is |
269 | # not on the master it will be deleted from the minion. By default this is | 382 | # not on the master it will be deleted from the minion. By default, this is |
270 | # enabled and can be disabled by changing this value to False | 383 | # enabled and can be disabled by changing this value to False. |
271 | #clean_dynamic_modules: True | 384 | #clean_dynamic_modules: True |
272 | # | 385 | # |
273 | # Normally the minion is not isolated to any single environment on the master | 386 | # Normally, the minion is not isolated to any single environment on the master |
274 | # when running states, but the environment can be isolated on the minion side | 387 | # when running states, but the environment can be isolated on the minion side |
275 | # by statically setting it. Remember that the recommended way to manage | 388 | # by statically setting it. Remember that the recommended way to manage |
276 | # environments is to isolate via the top file. | 389 | # environments is to isolate via the top file. |
@@ -286,14 +399,23 @@ | |||
286 | # 'top' -- Read top_file option and execute based on that file on the Master | 399 | # 'top' -- Read top_file option and execute based on that file on the Master |
287 | #startup_states: '' | 400 | #startup_states: '' |
288 | # | 401 | # |
289 | # list of states to run when the minion starts up if startup_states is 'sls' | 402 | # List of states to run when the minion starts up if startup_states is 'sls': |
290 | #sls_list: | 403 | #sls_list: |
291 | # - edit.vim | 404 | # - edit.vim |
292 | # - hyper | 405 | # - hyper |
293 | # | 406 | # |
294 | # top file to execute if startup_states is 'top' | 407 | # Top file to execute if startup_states is 'top': |
295 | #top_file: '' | 408 | #top_file: '' |
296 | 409 | ||
410 | # Automatically aggregate all states that have support for mod_aggregate by | ||
411 | # setting to True. Or pass a list of state module names to automatically | ||
412 | # aggregate just those types. | ||
413 | # | ||
414 | # state_aggregate: | ||
415 | # - pkg | ||
416 | # | ||
417 | #state_aggregate: False | ||
418 | |||
297 | ##### File Directory Settings ##### | 419 | ##### File Directory Settings ##### |
298 | ########################################## | 420 | ########################################## |
299 | # The Salt Minion can redirect all file server operations to a local directory, | 421 | # The Salt Minion can redirect all file server operations to a local directory, |
@@ -303,7 +425,8 @@ | |||
303 | 425 | ||
304 | # Set the file client. The client defaults to looking on the master server for | 426 | # Set the file client. The client defaults to looking on the master server for |
305 | # files, but can be directed to look at the local file directory setting | 427 | # files, but can be directed to look at the local file directory setting |
306 | # defined below by setting it to local. | 428 | # defined below by setting it to "local". Setting a local file_client runs the |
429 | # minion in masterless mode. | ||
307 | #file_client: remote | 430 | #file_client: remote |
308 | 431 | ||
309 | # The file directory works on environments passed to the minion, each environment | 432 | # The file directory works on environments passed to the minion, each environment |
@@ -329,15 +452,16 @@ | |||
329 | # to attempt to find files. To limit this behavior so that the fileserver only | 452 | # to attempt to find files. To limit this behavior so that the fileserver only |
330 | # traverses directories with SLS files and special Salt directories like _modules, | 453 | # traverses directories with SLS files and special Salt directories like _modules, |
331 | # enable the option below. This might be useful for installations where a file root | 454 | # enable the option below. This might be useful for installations where a file root |
332 | # has a very large number of files and performance is negatively impacted. | 455 | # has a very large number of files and performance is negatively impacted. Default |
333 | # | 456 | # is False. |
334 | # Default is False. | 457 | #fileserver_limit_traversal: False |
335 | # | ||
336 | # fileserver_limit_traversal: False | ||
337 | 458 | ||
338 | # The hash_type is the hash to use when discovering the hash of a file in | 459 | # The hash_type is the hash to use when discovering the hash of a file in |
339 | # the local fileserver. The default is md5, but sha1, sha224, sha256, sha384 | 460 | # the local fileserver. The default is md5, but sha1, sha224, sha256, sha384 |
340 | # and sha512 are also supported. | 461 | # and sha512 are also supported. |
462 | # | ||
463 | # Warning: Prior to changing this value, the minion should be stopped and all | ||
464 | # Salt caches should be cleared. | ||
341 | #hash_type: md5 | 465 | #hash_type: md5 |
342 | 466 | ||
343 | # The Salt pillar is searched for locally if file_client is set to local. If | 467 | # The Salt pillar is searched for locally if file_client is set to local. If |
@@ -346,7 +470,8 @@ | |||
346 | #pillar_roots: | 470 | #pillar_roots: |
347 | # base: | 471 | # base: |
348 | # - /srv/pillar | 472 | # - /srv/pillar |
349 | 473 | # | |
474 | # | ||
350 | ###### Security settings ##### | 475 | ###### Security settings ##### |
351 | ########################################### | 476 | ########################################### |
352 | # Enable "open mode", this mode still maintains encryption, but turns off | 477 | # Enable "open mode", this mode still maintains encryption, but turns off |
@@ -366,23 +491,34 @@ | |||
366 | # The state_verbose setting can be set to True or False, when set to False | 491 | # The state_verbose setting can be set to True or False, when set to False |
367 | # all data that has a result of True and no changes will be suppressed. | 492 | # all data that has a result of True and no changes will be suppressed. |
368 | #state_verbose: True | 493 | #state_verbose: True |
369 | # | 494 | |
370 | # The state_output setting changes if the output is the full multi line | 495 | # The state_output setting changes if the output is the full multi line |
371 | # output for each changed state if set to 'full', but if set to 'terse' | 496 | # output for each changed state if set to 'full', but if set to 'terse' |
372 | # the output will be shortened to a single line. | 497 | # the output will be shortened to a single line. |
373 | #state_output: full | 498 | #state_output: full |
374 | # | 499 | |
375 | # Fingerprint of the master public key to double verify the master is valid, | 500 | # The state_output_diff setting changes whether or not the output from |
376 | # the master fingerprint can be found by running "salt-key -F master" on the | 501 | # successful states is returned. Useful when even the terse output of these |
377 | # salt master. | 502 | # states is cluttering the logs. Set it to True to ignore them. |
503 | #state_output_diff: False | ||
504 | |||
505 | # The state_output_profile setting changes whether profile information | ||
506 | # will be shown for each state run. | ||
507 | #state_output_profile: True | ||
508 | |||
509 | # Fingerprint of the master public key to validate the identity of your Salt master | ||
510 | # before the initial key exchange. The master fingerprint can be found by running | ||
511 | # "salt-key -F master" on the Salt master. | ||
378 | #master_finger: '' | 512 | #master_finger: '' |
379 | 513 | ||
514 | |||
380 | ###### Thread settings ##### | 515 | ###### Thread settings ##### |
381 | ########################################### | 516 | ########################################### |
382 | # Disable multiprocessing support, by default when a minion receives a | 517 | # Disable multiprocessing support, by default when a minion receives a |
383 | # publication a new process is spawned and the command is executed therein. | 518 | # publication a new process is spawned and the command is executed therein. |
384 | #multiprocessing: True | 519 | #multiprocessing: True |
385 | 520 | ||
521 | |||
386 | ##### Logging settings ##### | 522 | ##### Logging settings ##### |
387 | ########################################## | 523 | ########################################## |
388 | # The location of the minion log file | 524 | # The location of the minion log file |
@@ -396,14 +532,19 @@ | |||
396 | # | 532 | # |
397 | #log_file: /var/log/salt/minion | 533 | #log_file: /var/log/salt/minion |
398 | #key_logfile: /var/log/salt/key | 534 | #key_logfile: /var/log/salt/key |
399 | # | 535 | |
400 | # The level of messages to send to the console. | 536 | # The level of messages to send to the console. |
401 | # One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'. | 537 | # One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'. |
538 | # | ||
539 | # The following log levels are considered INSECURE and may log sensitive data: | ||
540 | # ['garbage', 'trace', 'debug'] | ||
541 | # | ||
402 | # Default: 'warning' | 542 | # Default: 'warning' |
403 | #log_level: warning | 543 | #log_level: warning |
404 | # | 544 | |
405 | # The level of messages to send to the log file. | 545 | # The level of messages to send to the log file. |
406 | # One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'. | 546 | # One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'. |
547 | # If using 'log_granular_levels' this must be set to the highest desired level. | ||
407 | # Default: 'warning' | 548 | # Default: 'warning' |
408 | #log_level_logfile: | 549 | #log_level_logfile: |
409 | 550 | ||
@@ -411,21 +552,54 @@ | |||
411 | # can be seen here: http://docs.python.org/library/time.html#time.strftime | 552 | # can be seen here: http://docs.python.org/library/time.html#time.strftime |
412 | #log_datefmt: '%H:%M:%S' | 553 | #log_datefmt: '%H:%M:%S' |
413 | #log_datefmt_logfile: '%Y-%m-%d %H:%M:%S' | 554 | #log_datefmt_logfile: '%Y-%m-%d %H:%M:%S' |
414 | # | 555 | |
415 | # The format of the console logging messages. Allowed formatting options can | 556 | # The format of the console logging messages. Allowed formatting options can |
416 | # be seen here: http://docs.python.org/library/logging.html#logrecord-attributes | 557 | # be seen here: http://docs.python.org/library/logging.html#logrecord-attributes |
558 | # | ||
559 | # Console log colors are specified by these additional formatters: | ||
560 | # | ||
561 | # %(colorlevel)s | ||
562 | # %(colorname)s | ||
563 | # %(colorprocess)s | ||
564 | # %(colormsg)s | ||
565 | # | ||
566 | # Since it is desirable to include the surrounding brackets, '[' and ']', in | ||
567 | # the coloring of the messages, these color formatters also include padding as | ||
568 | # well. Color LogRecord attributes are only available for console logging. | ||
569 | # | ||
570 | #log_fmt_console: '%(colorlevel)s %(colormsg)s' | ||
417 | #log_fmt_console: '[%(levelname)-8s] %(message)s' | 571 | #log_fmt_console: '[%(levelname)-8s] %(message)s' |
418 | #log_fmt_logfile: '%(asctime)s,%(msecs)03.0f [%(name)-17s][%(levelname)-8s] %(message)s' | ||
419 | # | 572 | # |
573 | #log_fmt_logfile: '%(asctime)s,%(msecs)03.0f [%(name)-17s][%(levelname)-8s] %(message)s' | ||
574 | |||
420 | # This can be used to control logging levels more specificically. This | 575 | # This can be used to control logging levels more specificically. This |
421 | # example sets the main salt library at the 'warning' level, but sets | 576 | # example sets the main salt library at the 'warning' level, but sets |
422 | # 'salt.modules' to log at the 'debug' level: | 577 | # 'salt.modules' to log at the 'debug' level: |
423 | # log_granular_levels: | 578 | # log_granular_levels: |
424 | # 'salt': 'warning', | 579 | # 'salt': 'warning' |
425 | # 'salt.modules': 'debug' | 580 | # 'salt.modules': 'debug' |
426 | # | 581 | # |
427 | #log_granular_levels: {} | 582 | #log_granular_levels: {} |
428 | 583 | ||
584 | # To diagnose issues with minions disconnecting or missing returns, ZeroMQ | ||
585 | # supports the use of monitor sockets to log connection events. This | ||
586 | # feature requires ZeroMQ 4.0 or higher. | ||
587 | # | ||
588 | # To enable ZeroMQ monitor sockets, set 'zmq_monitor' to 'True' and log at a | ||
589 | # debug level or higher. | ||
590 | # | ||
591 | # A sample log event is as follows: | ||
592 | # | ||
593 | # [DEBUG ] ZeroMQ event: {'endpoint': 'tcp://127.0.0.1:4505', 'event': 512, | ||
594 | # 'value': 27, 'description': 'EVENT_DISCONNECTED'} | ||
595 | # | ||
596 | # All events logged will include the string 'ZeroMQ event'. A connection event | ||
597 | # should be logged as the minion starts up and initially connects to the | ||
598 | # master. If not, check for debug log level and that the necessary version of | ||
599 | # ZeroMQ is installed. | ||
600 | # | ||
601 | #zmq_monitor: False | ||
602 | |||
429 | ###### Module configuration ##### | 603 | ###### Module configuration ##### |
430 | ########################################### | 604 | ########################################### |
431 | # Salt allows for modules to be passed arbitrary configuration data, any data | 605 | # Salt allows for modules to be passed arbitrary configuration data, any data |
@@ -445,8 +619,8 @@ | |||
445 | # | 619 | # |
446 | # A dict for the test module: | 620 | # A dict for the test module: |
447 | #test.baz: {spam: sausage, cheese: bread} | 621 | #test.baz: {spam: sausage, cheese: bread} |
448 | 622 | # | |
449 | 623 | # | |
450 | ###### Update settings ###### | 624 | ###### Update settings ###### |
451 | ########################################### | 625 | ########################################### |
452 | # Using the features in Esky, a salt minion can both run as a frozen app and | 626 | # Using the features in Esky, a salt minion can both run as a frozen app and |
@@ -468,27 +642,39 @@ | |||
468 | # the risk that it could tear down the connection the master and minion | 642 | # the risk that it could tear down the connection the master and minion |
469 | # without informing either party that their connection has been taken away. | 643 | # without informing either party that their connection has been taken away. |
470 | # Enabling TCP Keepalives prevents this from happening. | 644 | # Enabling TCP Keepalives prevents this from happening. |
471 | # | 645 | |
472 | # Overall state of TCP Keepalives, enable (1 or True), disable (0 or False) | 646 | # Overall state of TCP Keepalives, enable (1 or True), disable (0 or False) |
473 | # or leave to the OS defaults (-1), on Linux, typically disabled. Default True, enabled. | 647 | # or leave to the OS defaults (-1), on Linux, typically disabled. Default True, enabled. |
474 | #tcp_keepalive: True | 648 | #tcp_keepalive: True |
475 | # | 649 | |
476 | # How long before the first keepalive should be sent in seconds. Default 300 | 650 | # How long before the first keepalive should be sent in seconds. Default 300 |
477 | # to send the first keepalive after 5 minutes, OS default (-1) is typically 7200 seconds | 651 | # to send the first keepalive after 5 minutes, OS default (-1) is typically 7200 seconds |
478 | # on Linux see /proc/sys/net/ipv4/tcp_keepalive_time. | 652 | # on Linux see /proc/sys/net/ipv4/tcp_keepalive_time. |
479 | #tcp_keepalive_idle: 300 | 653 | #tcp_keepalive_idle: 300 |
480 | # | 654 | |
481 | # How many lost probes are needed to consider the connection lost. Default -1 | 655 | # How many lost probes are needed to consider the connection lost. Default -1 |
482 | # to use OS defaults, typically 9 on Linux, see /proc/sys/net/ipv4/tcp_keepalive_probes. | 656 | # to use OS defaults, typically 9 on Linux, see /proc/sys/net/ipv4/tcp_keepalive_probes. |
483 | #tcp_keepalive_cnt: -1 | 657 | #tcp_keepalive_cnt: -1 |
484 | # | 658 | |
485 | # How often, in seconds, to send keepalives after the first one. Default -1 to | 659 | # How often, in seconds, to send keepalives after the first one. Default -1 to |
486 | # use OS defaults, typically 75 seconds on Linux, see | 660 | # use OS defaults, typically 75 seconds on Linux, see |
487 | # /proc/sys/net/ipv4/tcp_keepalive_intvl. | 661 | # /proc/sys/net/ipv4/tcp_keepalive_intvl. |
488 | #tcp_keepalive_intvl: -1 | 662 | #tcp_keepalive_intvl: -1 |
489 | 663 | ||
490 | 664 | ||
491 | ###### Windows Software settings ###### | 665 | ###### Windows Software settings ###### |
492 | ############################################ | 666 | ############################################ |
493 | # Location of the repository cache file on the master | 667 | # Location of the repository cache file on the master: |
494 | #win_repo_cachefile: 'salt://win/repo/winrepo.p' | 668 | #win_repo_cachefile: 'salt://win/repo/winrepo.p' |
669 | |||
670 | |||
671 | ###### Returner settings ###### | ||
672 | ############################################ | ||
673 | # Which returner(s) will be used for minion's result: | ||
674 | #return: mysql | ||
675 | |||
676 | |||
677 | ###### Miscellaneous settings ###### | ||
678 | ############################################ | ||
679 | # Default match type for filtering events tags: startswith, endswith, find, regex, fnmatch | ||
680 | #event_match_type: startswith | ||