2012-10-25 21:30:28 +00:00
|
|
|
.. _configuration-salt-minion:
|
|
|
|
|
2011-10-30 16:04:21 +00:00
|
|
|
===========================
|
|
|
|
Configuring the Salt Minion
|
|
|
|
===========================
|
|
|
|
|
2014-10-08 20:11:34 +00:00
|
|
|
The Salt system is amazingly simple and easy to configure. The two components
|
2011-10-30 16:04:21 +00:00
|
|
|
of the Salt system each have a respective configuration file. The
|
|
|
|
:command:`salt-master` is configured via the master configuration file, and the
|
|
|
|
:command:`salt-minion` is configured via the minion configuration file.
|
|
|
|
|
2011-11-15 10:37:06 +00:00
|
|
|
.. seealso::
|
|
|
|
:ref:`example minion configuration file <configuration-examples-minion>`
|
2011-10-30 16:04:21 +00:00
|
|
|
|
2014-10-08 20:11:34 +00:00
|
|
|
The Salt Minion configuration is very simple. Typically, the only value that
|
|
|
|
needs to be set is the master value so the minion knows where to locate its master.
|
2011-10-30 16:04:21 +00:00
|
|
|
|
2014-07-14 18:22:27 +00:00
|
|
|
By default, the salt-minion configuration will be in :file:`/etc/salt/minion`.
|
|
|
|
A notable exception is FreeBSD, where the configuration will be in
|
|
|
|
:file:`/usr/local/etc/salt/minion`.
|
|
|
|
|
2013-08-07 22:50:51 +00:00
|
|
|
|
|
|
|
|
2011-10-30 16:04:21 +00:00
|
|
|
Minion Primary Configuration
|
2013-08-07 22:50:51 +00:00
|
|
|
============================
|
2011-10-30 16:04:21 +00:00
|
|
|
|
|
|
|
.. conf_minion:: master
|
|
|
|
|
|
|
|
``master``
|
|
|
|
----------
|
|
|
|
|
|
|
|
Default: ``salt``
|
|
|
|
|
|
|
|
The hostname or ipv4 of the master.
|
|
|
|
|
2014-05-28 15:20:41 +00:00
|
|
|
Default: ``salt``
|
|
|
|
|
2011-10-30 16:04:21 +00:00
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
master: salt
|
|
|
|
|
2014-06-09 16:05:10 +00:00
|
|
|
The option can can also be set to a list of masters, enabling
|
|
|
|
:doc:`multi-master </topics/tutorials/multimaster>` mode.
|
2014-05-28 15:20:41 +00:00
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
2014-07-15 10:10:18 +00:00
|
|
|
master:
|
2014-06-09 16:05:10 +00:00
|
|
|
- address1
|
|
|
|
- address2
|
2014-05-28 15:20:41 +00:00
|
|
|
|
2014-07-15 22:53:29 +00:00
|
|
|
.. versionchanged:: 2014.7.0
|
2014-05-30 15:00:28 +00:00
|
|
|
|
2014-06-09 16:05:10 +00:00
|
|
|
The master can be dynamically configured. The :conf_minion:`master` value
|
|
|
|
can be set to an module function which will be executed and will assume
|
|
|
|
that the returning value is the ip or hostname of the desired master. If a
|
|
|
|
function is being specified, then the :conf_minion:`master_type` option
|
|
|
|
must be set to ``func``, to tell the minion that the value is a function to
|
|
|
|
be run and not a fully-qualified domain name.
|
2014-05-30 15:00:28 +00:00
|
|
|
|
2014-06-09 16:05:10 +00:00
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
master: module.function
|
|
|
|
master_type: func
|
|
|
|
|
|
|
|
In addition, instead of using multi-master mode, the minion can be
|
|
|
|
configured to use the list of master addresses as a failover list, trying
|
|
|
|
the first address, then the second, etc. until the minion successfully
|
|
|
|
connects. To enable this behavior, set :conf_minion:`master_type` to
|
|
|
|
``failover``:
|
2014-05-30 15:00:28 +00:00
|
|
|
|
2014-06-09 16:05:10 +00:00
|
|
|
.. code-block:: yaml
|
|
|
|
|
2014-07-15 10:10:18 +00:00
|
|
|
master:
|
2014-06-09 16:05:10 +00:00
|
|
|
- address1
|
|
|
|
- address2
|
|
|
|
master_type: failover
|
2014-05-28 15:20:41 +00:00
|
|
|
|
|
|
|
.. conf_minion:: master_type
|
|
|
|
|
|
|
|
``master_type``
|
|
|
|
---------------
|
|
|
|
|
2014-07-15 22:53:29 +00:00
|
|
|
.. versionadded:: 2014.7.0
|
2014-06-09 16:05:10 +00:00
|
|
|
|
2015-07-24 17:55:56 +00:00
|
|
|
Default: ``str``
|
2014-05-28 15:20:41 +00:00
|
|
|
|
2015-07-24 17:55:56 +00:00
|
|
|
The type of the :conf_minion:`master` variable. Can be ``str``, ``failover`` or
|
2015-06-23 17:40:06 +00:00
|
|
|
``func``.
|
2014-05-30 15:00:28 +00:00
|
|
|
|
2015-06-23 17:40:06 +00:00
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
master_type: failover
|
2014-05-30 15:00:28 +00:00
|
|
|
|
2015-06-23 17:40:06 +00:00
|
|
|
If this option is set to ``failover``, :conf_minion:`master` must be a list of
|
|
|
|
master addresses. The minion will then try each master in the order specified
|
|
|
|
in the list until it successfully connects. :conf_minion:`master_alive_interval`
|
|
|
|
must also be set, this determines how often the minion will verify the presence
|
|
|
|
of the master.
|
2014-06-02 08:01:16 +00:00
|
|
|
|
2014-05-30 15:00:28 +00:00
|
|
|
.. code-block:: yaml
|
|
|
|
|
2014-06-09 16:05:10 +00:00
|
|
|
master_type: func
|
2014-05-30 15:00:28 +00:00
|
|
|
|
2015-06-23 17:40:06 +00:00
|
|
|
If the master needs to be dynamically assigned by executing a function instead
|
|
|
|
of reading in the static master value, set this to ``func``. This can be used
|
|
|
|
to manage the minion's master setting from an execution module. By simply
|
|
|
|
changing the algorithm in the module to return a new master ip/fqdn, restart
|
|
|
|
the minion and it will connect to the new master.
|
2014-05-28 15:20:41 +00:00
|
|
|
|
2016-03-31 02:32:43 +00:00
|
|
|
.. conf_minion:: master_alive_interval
|
|
|
|
|
2015-06-23 17:40:06 +00:00
|
|
|
``master_alive_interval``
|
|
|
|
-------------------------
|
2014-07-15 10:10:18 +00:00
|
|
|
|
2016-03-31 19:50:51 +00:00
|
|
|
Default: ``0``
|
2015-06-23 17:40:06 +00:00
|
|
|
|
|
|
|
Configures how often, in seconds, the minion will verify that the current
|
|
|
|
master is alive and responding. The minion will try to establish a connection
|
|
|
|
to the next master in the list if it finds the existing one is dead.
|
2014-05-28 15:20:41 +00:00
|
|
|
|
2016-03-31 19:50:51 +00:00
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
master_alive_interval: 30
|
|
|
|
|
2016-03-31 02:32:43 +00:00
|
|
|
.. conf_minion:: master_shuffle
|
|
|
|
|
2014-06-02 08:01:16 +00:00
|
|
|
``master_shuffle``
|
2014-06-09 16:05:10 +00:00
|
|
|
------------------
|
|
|
|
|
2014-07-15 22:53:29 +00:00
|
|
|
.. versionadded:: 2014.7.0
|
2014-06-02 08:01:16 +00:00
|
|
|
|
|
|
|
Default: ``False``
|
|
|
|
|
2016-01-03 05:21:51 +00:00
|
|
|
If :conf_minion:`master` is a list of addresses and :conf_minion`master_type` is ``failover``, shuffle them before trying to
|
2014-06-09 16:05:10 +00:00
|
|
|
connect to distribute the minions over all available masters. This uses
|
|
|
|
Python's :func:`random.shuffle <python2:random.shuffle>` method.
|
2014-06-02 08:01:16 +00:00
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
master_shuffle: True
|
|
|
|
|
2016-03-31 02:32:43 +00:00
|
|
|
.. conf_minion:: random_master
|
|
|
|
|
2016-01-03 05:21:51 +00:00
|
|
|
``random_master``
|
2016-03-31 02:32:43 +00:00
|
|
|
-----------------
|
2016-01-03 05:21:51 +00:00
|
|
|
|
|
|
|
Default: ``False``
|
|
|
|
|
|
|
|
If :conf_minion:`master` is a list of addresses, shuffle them before trying to
|
|
|
|
connect to distribute the minions over all available masters. This uses
|
|
|
|
Python's :func:`random.randint <python2:random.randint>` method.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
random_master: True
|
|
|
|
|
2015-04-23 21:33:59 +00:00
|
|
|
.. conf_minion:: retry_dns
|
|
|
|
|
|
|
|
``retry_dns``
|
2016-03-31 02:32:43 +00:00
|
|
|
-------------
|
2015-04-23 21:33:59 +00:00
|
|
|
|
|
|
|
Default: ``30``
|
|
|
|
|
|
|
|
Set the number of seconds to wait before attempting to resolve
|
|
|
|
the master hostname if name resolution fails. Defaults to 30 seconds.
|
|
|
|
Set to zero if the minion should shutdown and not retry.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
2015-07-28 21:54:10 +00:00
|
|
|
|
2015-04-23 21:33:59 +00:00
|
|
|
retry_dns: 30
|
|
|
|
|
2011-10-30 16:04:21 +00:00
|
|
|
.. conf_minion:: master_port
|
|
|
|
|
|
|
|
``master_port``
|
|
|
|
---------------
|
|
|
|
|
|
|
|
Default: ``4506``
|
|
|
|
|
|
|
|
The port of the master ret server, this needs to coincide with the ret_port
|
2012-05-23 04:43:12 +00:00
|
|
|
option on the Salt master.
|
2011-10-30 16:04:21 +00:00
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
master_port: 4506
|
|
|
|
|
2012-01-19 05:04:48 +00:00
|
|
|
.. conf_minion:: user
|
|
|
|
|
|
|
|
``user``
|
2012-05-23 04:43:12 +00:00
|
|
|
--------
|
2012-01-19 05:04:48 +00:00
|
|
|
|
|
|
|
Default: ``root``
|
|
|
|
|
|
|
|
The user to run the Salt processes
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
user: root
|
|
|
|
|
2015-04-08 20:41:05 +00:00
|
|
|
.. conf_minion:: sudo_runas
|
|
|
|
|
|
|
|
``sudo_runas``
|
|
|
|
--------------
|
|
|
|
|
|
|
|
Default: None
|
|
|
|
|
|
|
|
The user to run salt remote execution commands as via sudo. If this option is
|
|
|
|
enabled then sudo will be used to change the active user executing the remote
|
|
|
|
command. If enabled the user will need to be allowed access via the sudoers file
|
|
|
|
for the user that the salt minion is configured to run as. The most common
|
|
|
|
option would be to use the root user. If this option is set the ``user`` option
|
|
|
|
should also be set to a non-root user. If migrating from a root minion to a non
|
|
|
|
root minion the minion cache should be cleared and the minion pki directory will
|
|
|
|
need to be changed to the ownership of the new user.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
sudo_user: root
|
|
|
|
|
2015-06-30 07:24:43 +00:00
|
|
|
.. conf_minion:: sudo_user
|
|
|
|
|
|
|
|
``sudo_user``
|
2015-09-17 15:23:24 +00:00
|
|
|
-------------
|
2015-06-30 07:24:43 +00:00
|
|
|
|
|
|
|
Default: ``''``
|
|
|
|
|
2016-03-31 19:50:51 +00:00
|
|
|
Setting ``sudo_user`` will cause salt to run all execution modules under a
|
2015-06-30 07:24:43 +00:00
|
|
|
sudo to the user given in ``sudo_user``. The user under which the salt minion
|
|
|
|
process itself runs will still be that provided in :conf_minion:`user` above,
|
|
|
|
but all execution modules run by the minion will be rerouted through sudo.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
sudo_user: saltadm
|
2015-04-08 20:41:05 +00:00
|
|
|
|
2012-12-27 04:58:35 +00:00
|
|
|
.. conf_minion:: pidfile
|
|
|
|
|
2015-04-08 20:41:05 +00:00
|
|
|
|
2012-12-27 04:58:35 +00:00
|
|
|
``pidfile``
|
|
|
|
-----------
|
|
|
|
|
|
|
|
Default: ``/var/run/salt-minion.pid``
|
|
|
|
|
2012-12-27 17:29:46 +00:00
|
|
|
The location of the daemon's process ID file
|
2012-12-27 04:58:35 +00:00
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
2013-07-30 05:57:34 +00:00
|
|
|
pidfile: /var/run/salt-minion.pid
|
2012-12-27 04:58:35 +00:00
|
|
|
|
|
|
|
.. conf_minion:: root_dir
|
|
|
|
|
|
|
|
``root_dir``
|
|
|
|
------------
|
|
|
|
|
|
|
|
Default: ``/``
|
|
|
|
|
2012-12-27 17:29:46 +00:00
|
|
|
This directory is prepended to the following options: :conf_minion:`pki_dir`,
|
2012-12-27 04:58:35 +00:00
|
|
|
:conf_minion:`cachedir`, :conf_minion:`log_file`, :conf_minion:`sock_dir`, and
|
|
|
|
:conf_minion:`pidfile`.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
root_dir: /
|
|
|
|
|
2011-10-30 16:04:21 +00:00
|
|
|
.. conf_minion:: pki_dir
|
|
|
|
|
|
|
|
``pki_dir``
|
|
|
|
-----------
|
|
|
|
|
2016-03-31 19:50:51 +00:00
|
|
|
Default: ``/etc/salt/pki/minion``
|
2011-10-30 16:04:21 +00:00
|
|
|
|
|
|
|
The directory used to store the minion's public and private keys.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
2016-03-31 19:50:51 +00:00
|
|
|
pki_dir: /etc/salt/pki/minion
|
2011-10-30 16:04:21 +00:00
|
|
|
|
2012-02-20 06:22:24 +00:00
|
|
|
.. conf_minion:: id
|
2011-10-30 16:04:21 +00:00
|
|
|
|
|
|
|
``id``
|
2012-05-23 04:43:12 +00:00
|
|
|
------
|
2011-10-30 16:04:21 +00:00
|
|
|
|
2013-08-15 23:00:08 +00:00
|
|
|
Default: the system's hostname
|
|
|
|
|
|
|
|
.. seealso:: :ref:`Salt Walkthrough <minion-id-generation>`
|
|
|
|
|
|
|
|
The :strong:`Setting up a Salt Minion` section contains detailed
|
|
|
|
information on how the hostname is determined.
|
2011-10-30 16:04:21 +00:00
|
|
|
|
2013-07-21 02:14:59 +00:00
|
|
|
Explicitly declare the id for this minion to use. Since Salt uses detached ids
|
|
|
|
it is possible to run multiple minions on the same machine but with different
|
2013-11-06 19:11:08 +00:00
|
|
|
ids.
|
2011-10-30 16:04:21 +00:00
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
id: foo.bar.com
|
|
|
|
|
2012-12-27 04:58:35 +00:00
|
|
|
.. conf_minion:: append_domain
|
|
|
|
|
|
|
|
``append_domain``
|
|
|
|
-----------------
|
|
|
|
|
|
|
|
Default: ``None``
|
|
|
|
|
|
|
|
Append a domain to a hostname in the event that it does not exist. This is
|
|
|
|
useful for systems where ``socket.getfqdn()`` does not actually result in a
|
|
|
|
FQDN (for instance, Solaris).
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
append_domain: foo.org
|
|
|
|
|
2011-10-30 16:04:21 +00:00
|
|
|
.. conf_minion:: cachedir
|
|
|
|
|
|
|
|
``cachedir``
|
|
|
|
------------
|
|
|
|
|
2016-03-31 19:50:51 +00:00
|
|
|
Default: ``/var/cache/salt/minion``
|
2011-10-30 16:04:21 +00:00
|
|
|
|
|
|
|
The location for minion cache data.
|
|
|
|
|
2015-04-03 23:17:06 +00:00
|
|
|
This directory may contain sensitive data and should be protected accordingly.
|
|
|
|
|
2011-10-30 16:04:21 +00:00
|
|
|
.. code-block:: yaml
|
|
|
|
|
2016-03-31 19:50:51 +00:00
|
|
|
cachedir: /var/cache/salt/minion
|
2011-10-30 16:04:21 +00:00
|
|
|
|
2012-12-27 04:58:35 +00:00
|
|
|
.. conf_minion:: verify_env
|
2012-09-22 01:48:41 +00:00
|
|
|
|
2012-12-27 04:58:35 +00:00
|
|
|
``verify_env``
|
|
|
|
--------------
|
2012-09-22 01:48:41 +00:00
|
|
|
|
2012-12-27 04:58:35 +00:00
|
|
|
Default: ``True``
|
2012-09-22 01:48:41 +00:00
|
|
|
|
2012-12-27 04:58:35 +00:00
|
|
|
Verify and set permissions on configuration directories at startup.
|
2012-09-22 01:48:41 +00:00
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
2012-12-27 04:58:35 +00:00
|
|
|
verify_env: True
|
2012-09-22 01:48:41 +00:00
|
|
|
|
2013-11-06 05:41:56 +00:00
|
|
|
.. note::
|
|
|
|
|
2016-03-22 03:56:17 +00:00
|
|
|
When set to ``True`` the verify_env option requires WRITE access to the
|
2013-11-06 05:41:56 +00:00
|
|
|
configuration directory (/etc/salt/). In certain situations such as
|
2016-03-22 03:56:17 +00:00
|
|
|
mounting /etc/salt/ as read-only for templating this will create a stack
|
|
|
|
trace when :py:func:`state.apply <salt.modules.state.apply_>` is called.
|
2013-11-06 05:41:56 +00:00
|
|
|
|
2012-01-18 07:04:14 +00:00
|
|
|
.. conf_minion:: cache_jobs
|
|
|
|
|
|
|
|
``cache_jobs``
|
|
|
|
--------------
|
|
|
|
|
|
|
|
Default: ``False``
|
|
|
|
|
2012-12-27 04:58:35 +00:00
|
|
|
The minion can locally cache the return data from jobs sent to it, this can be
|
|
|
|
a good way to keep track of the minion side of the jobs the minion has
|
|
|
|
executed. By default this feature is disabled, to enable set cache_jobs to
|
|
|
|
``True``.
|
2012-01-18 07:04:14 +00:00
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
cache_jobs: False
|
|
|
|
|
2016-01-26 15:14:35 +00:00
|
|
|
.. conf_minion:: minion_pillar_cache
|
2016-01-18 20:21:32 +00:00
|
|
|
|
2016-01-26 15:14:35 +00:00
|
|
|
``minion_pillar_cache``
|
2016-02-02 19:19:38 +00:00
|
|
|
-----------------------
|
2016-01-18 20:21:32 +00:00
|
|
|
|
|
|
|
Default: ``False``
|
|
|
|
|
2016-01-21 15:34:58 +00:00
|
|
|
The minion can locally cache rendered pillar data under
|
|
|
|
:conf_minion:`cachedir`/pillar. This allows a temporarily disconnected minion
|
|
|
|
to access previously cached pillar data by invoking salt-call with the --local
|
|
|
|
and --pillar_root=:conf_minion:`cachedir`/pillar options. Before enabling this
|
|
|
|
setting consider that the rendered pillar may contain security sensitive data.
|
|
|
|
Appropriate access restrictions should be in place. By default the saved pillar
|
|
|
|
data will be readable only by the user account running salt. By default this
|
2016-01-26 15:14:35 +00:00
|
|
|
feature is disabled, to enable set minion_pillar_cache to ``True``.
|
2016-01-18 20:21:32 +00:00
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
2016-01-26 15:14:35 +00:00
|
|
|
minion_pillar_cache: False
|
2016-01-18 20:21:32 +00:00
|
|
|
|
2016-04-13 14:01:57 +00:00
|
|
|
.. conf_minion:: grains
|
|
|
|
|
|
|
|
``grains``
|
|
|
|
----------
|
|
|
|
|
|
|
|
Default: (empty)
|
|
|
|
|
|
|
|
.. seealso::
|
|
|
|
:ref:`static-custom-grains`
|
|
|
|
|
|
|
|
Statically assigns grains to the minion.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
grains:
|
|
|
|
roles:
|
|
|
|
- webserver
|
|
|
|
- memcache
|
|
|
|
deployment: datacenter4
|
|
|
|
cabinet: 13
|
|
|
|
cab_u: 14-15
|
|
|
|
|
2015-06-05 23:32:35 +00:00
|
|
|
.. conf_minion:: grains_cache
|
|
|
|
|
|
|
|
``grains_cache``
|
|
|
|
----------------
|
|
|
|
|
|
|
|
Default: ``False``
|
|
|
|
|
|
|
|
The minion can locally cache grain data instead of refreshing the data
|
|
|
|
each time the grain is referenced. By default this feature is disabled,
|
|
|
|
to enable set grains_cache to ``True``.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
2015-07-15 21:20:42 +00:00
|
|
|
grains_cache: False
|
2015-06-05 23:32:35 +00:00
|
|
|
|
|
|
|
|
2015-10-22 19:53:57 +00:00
|
|
|
.. conf_minion:: grains_deep_merge
|
|
|
|
|
|
|
|
``grains_deep_merge``
|
|
|
|
---------------------
|
|
|
|
|
2016-02-10 22:45:28 +00:00
|
|
|
.. versionadded:: 2016.3.0
|
2015-10-22 19:53:57 +00:00
|
|
|
|
|
|
|
Default: ``False``
|
|
|
|
|
|
|
|
The grains can be merged, instead of overridden, using this option.
|
|
|
|
This allows custom grains to defined different subvalues of a dictionary
|
|
|
|
grain. By default this feature is disabled, to enable set grains_deep_merge
|
|
|
|
to ``True``.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
grains_deep_merge: False
|
|
|
|
|
|
|
|
For example, with these custom grains functions:
|
|
|
|
|
|
|
|
.. code-block:: python
|
|
|
|
|
|
|
|
def custom1_k1():
|
|
|
|
return {'custom1': {'k1': 'v1'}}
|
|
|
|
|
|
|
|
def custom1_k2():
|
|
|
|
return {'custom1': {'k2': 'v2'}}
|
|
|
|
|
|
|
|
Without ``grains_deep_merge``, the result would be:
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
custom1:
|
|
|
|
k1: v1
|
|
|
|
|
|
|
|
With ``grains_deep_merge``, the result will be:
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
custom1:
|
|
|
|
k1: v1
|
|
|
|
k2: v2
|
|
|
|
|
|
|
|
|
2012-12-27 04:58:35 +00:00
|
|
|
.. conf_minion:: sock_dir
|
|
|
|
|
|
|
|
``sock_dir``
|
2014-10-08 20:11:34 +00:00
|
|
|
------------
|
2012-12-27 04:58:35 +00:00
|
|
|
|
|
|
|
Default: ``/var/run/salt/minion``
|
|
|
|
|
2013-03-18 19:59:27 +00:00
|
|
|
The directory where Unix sockets will be kept.
|
2012-12-27 04:58:35 +00:00
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
sock_dir: /var/run/salt/minion
|
|
|
|
|
|
|
|
.. conf_minion:: backup_mode
|
|
|
|
|
|
|
|
``backup_mode``
|
|
|
|
---------------
|
|
|
|
|
2016-03-31 19:50:51 +00:00
|
|
|
Default: ``''``
|
2012-12-27 04:58:35 +00:00
|
|
|
|
|
|
|
Backup files replaced by file.managed and file.recurse under cachedir.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
backup_mode: minion
|
|
|
|
|
2012-01-14 00:27:43 +00:00
|
|
|
.. conf_minion:: acceptance_wait_time
|
|
|
|
|
2012-01-18 07:04:14 +00:00
|
|
|
``acceptance_wait_time``
|
|
|
|
------------------------
|
|
|
|
|
2012-01-14 00:27:43 +00:00
|
|
|
Default: ``10``
|
|
|
|
|
|
|
|
The number of seconds to wait until attempting to re-authenticate with the
|
|
|
|
master.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
acceptance_wait_time: 10
|
|
|
|
|
2013-08-01 01:43:37 +00:00
|
|
|
.. conf_minion:: random_reauth_delay
|
|
|
|
|
|
|
|
``random_reauth_delay``
|
2014-10-08 20:11:34 +00:00
|
|
|
-----------------------
|
2013-08-01 01:43:37 +00:00
|
|
|
|
2016-03-31 19:50:51 +00:00
|
|
|
Default: ``10``
|
|
|
|
|
2013-08-01 01:43:37 +00:00
|
|
|
When the master key changes, the minion will try to re-auth itself to
|
|
|
|
receive the new master key. In larger environments this can cause a syn-flood
|
|
|
|
on the master because all minions try to re-auth immediately. To prevent this
|
|
|
|
and have a minion wait for a random amount of time, use this optional
|
|
|
|
parameter. The wait-time will be a random number of seconds between
|
|
|
|
0 and the defined value.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
random_reauth_delay: 60
|
|
|
|
|
2013-07-27 20:51:38 +00:00
|
|
|
.. conf_minion:: acceptance_wait_time_max
|
|
|
|
|
|
|
|
``acceptance_wait_time_max``
|
2013-08-01 23:59:54 +00:00
|
|
|
----------------------------
|
2013-07-27 20:51:38 +00:00
|
|
|
|
2016-03-31 19:50:51 +00:00
|
|
|
Default: ``0``
|
2013-07-27 20:51:38 +00:00
|
|
|
|
|
|
|
The maximum number of seconds to wait until attempting to re\-authenticate
|
|
|
|
with the master. If set, the wait will increase by acceptance_wait_time
|
|
|
|
seconds each iteration.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
2016-03-31 19:50:51 +00:00
|
|
|
acceptance_wait_time_max: 0
|
2013-07-27 20:51:38 +00:00
|
|
|
|
2014-10-10 15:19:27 +00:00
|
|
|
.. conf_minion:: recon_default
|
2012-12-27 04:58:35 +00:00
|
|
|
|
2014-10-08 20:11:34 +00:00
|
|
|
``recon_default``
|
|
|
|
-----------------
|
|
|
|
|
|
|
|
Default: ``1000``
|
|
|
|
|
|
|
|
The interval in milliseconds that the socket should wait before trying to
|
|
|
|
reconnect to the master (1000ms = 1 second).
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
recon_default: 1000
|
|
|
|
|
2014-10-10 15:19:27 +00:00
|
|
|
.. conf_minion:: recon_max
|
2014-10-08 20:11:34 +00:00
|
|
|
|
|
|
|
``recon_max``
|
|
|
|
-------------
|
|
|
|
|
|
|
|
Default: ``10000``
|
|
|
|
|
|
|
|
The maximum time a socket should wait. Each interval the time to wait is calculated
|
|
|
|
by doubling the previous time. If recon_max is reached, it starts again at
|
|
|
|
the recon_default.
|
|
|
|
|
|
|
|
Short example:
|
|
|
|
- reconnect 1: the socket will wait 'recon_default' milliseconds
|
|
|
|
- reconnect 2: 'recon_default' * 2
|
|
|
|
- reconnect 3: ('recon_default' * 2) * 2
|
|
|
|
- reconnect 4: value from previous interval * 2
|
|
|
|
- reconnect 5: value from previous interval * 2
|
|
|
|
- reconnect x: if value >= recon_max, it starts again with recon_default
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
recon_max: 10000
|
|
|
|
|
2014-10-10 15:19:27 +00:00
|
|
|
.. conf_minion:: recon_randomize
|
2014-10-08 20:11:34 +00:00
|
|
|
|
|
|
|
``recon_randomize``
|
|
|
|
-------------------
|
|
|
|
|
|
|
|
Default: ``True``
|
|
|
|
|
|
|
|
Generate a random wait time on minion start. The wait time will be a random value
|
2016-03-31 19:50:51 +00:00
|
|
|
between recon_default and recon_default + recon_max. Having all minions reconnect
|
2014-10-08 20:11:34 +00:00
|
|
|
with the same recon_default and recon_max value kind of defeats the purpose of being
|
|
|
|
able to change these settings. If all minions have the same values and the setup is
|
|
|
|
quite large (several thousand minions), they will still flood the master. The desired
|
|
|
|
behavior is to have time-frame within all minions try to reconnect.
|
|
|
|
|
2014-10-16 03:44:05 +00:00
|
|
|
.. code-block:: yaml
|
2014-10-08 20:11:34 +00:00
|
|
|
|
|
|
|
recon_randomize: True
|
|
|
|
|
2015-11-06 15:57:00 +00:00
|
|
|
.. conf_minion:: return_retry_timer
|
|
|
|
|
|
|
|
``return_retry_timer``
|
2015-12-21 12:24:27 +00:00
|
|
|
----------------------
|
2015-11-06 15:57:00 +00:00
|
|
|
|
|
|
|
Default: ``5``
|
|
|
|
|
|
|
|
The default timeout for a minion return attempt.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
return_retry_timer: 5
|
|
|
|
|
|
|
|
|
|
|
|
.. conf_minion:: return_retry_timer_max
|
|
|
|
|
|
|
|
``return_retry_timer_max``
|
2015-12-21 12:24:27 +00:00
|
|
|
--------------------------
|
2015-11-06 15:57:00 +00:00
|
|
|
|
|
|
|
Default: ``10``
|
|
|
|
|
|
|
|
The maximum timeout for a minion return attempt. If non-zero the minion return
|
2016-03-31 19:50:51 +00:00
|
|
|
retry timeout will be a random int between ``return_retry_timer`` and
|
2015-11-06 15:57:00 +00:00
|
|
|
``return_retry_timer_max``
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
return_retry_timer_max: 10
|
|
|
|
|
2014-10-16 05:33:37 +00:00
|
|
|
.. conf_minion:: cache_sreqs
|
|
|
|
|
|
|
|
``cache_sreqs``
|
|
|
|
---------------
|
|
|
|
|
|
|
|
Default: ``True``
|
|
|
|
|
|
|
|
The connection to the master ret_port is kept open. When set to False, the minion
|
|
|
|
creates a new connection for every return to the master.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
cache_sreqs: True
|
|
|
|
|
2012-12-27 04:58:35 +00:00
|
|
|
.. conf_minion:: ipc_mode
|
|
|
|
|
|
|
|
``ipc_mode``
|
2014-10-08 20:11:34 +00:00
|
|
|
------------
|
2012-12-27 04:58:35 +00:00
|
|
|
|
|
|
|
Default: ``ipc``
|
|
|
|
|
2013-03-18 19:59:27 +00:00
|
|
|
Windows platforms lack POSIX IPC and must rely on slower TCP based inter-
|
2012-12-27 04:58:35 +00:00
|
|
|
process communications. Set ipc_mode to ``tcp`` on such systems.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
ipc_mode: ipc
|
|
|
|
|
|
|
|
.. conf_minion:: tcp_pub_port
|
|
|
|
|
|
|
|
``tcp_pub_port``
|
|
|
|
----------------
|
|
|
|
|
|
|
|
Default: ``4510``
|
|
|
|
|
|
|
|
Publish port used when :conf_minion:`ipc_mode` is set to ``tcp``.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
tcp_pub_port: 4510
|
|
|
|
|
|
|
|
.. conf_minion:: tcp_pull_port
|
|
|
|
|
|
|
|
``tcp_pull_port``
|
|
|
|
-----------------
|
|
|
|
|
|
|
|
Default: ``4511``
|
|
|
|
|
|
|
|
Pull port used when :conf_minion:`ipc_mode` is set to ``tcp``.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
tcp_pull_port: 4511
|
|
|
|
|
2016-02-24 23:56:52 +00:00
|
|
|
.. conf_minion:: transport
|
|
|
|
|
|
|
|
``transport``
|
|
|
|
-------------
|
|
|
|
|
2016-02-25 16:38:41 +00:00
|
|
|
Default: ``zeromq``
|
2016-02-24 23:56:52 +00:00
|
|
|
|
2016-02-25 16:38:41 +00:00
|
|
|
Changes the underlying transport layer. ZeroMQ is the recommended transport
|
2016-02-24 23:56:52 +00:00
|
|
|
while additional transport layers are under development. Supported values are
|
2016-02-25 16:38:41 +00:00
|
|
|
``zeromq``, ``raet`` (experimental), and ``tcp`` (experimental). This setting has
|
2016-02-24 23:56:52 +00:00
|
|
|
a significant impact on performance and should not be changed unless you know
|
|
|
|
what you are doing! Transports are explained in :ref:`Salt Transports
|
|
|
|
<transports>`.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
transport: zeromq
|
2013-08-07 22:50:51 +00:00
|
|
|
|
|
|
|
|
2011-10-30 16:04:21 +00:00
|
|
|
Minion Module Management
|
2013-08-07 22:50:51 +00:00
|
|
|
========================
|
2011-10-30 16:04:21 +00:00
|
|
|
|
|
|
|
.. conf_minion:: disable_modules
|
|
|
|
|
|
|
|
``disable_modules``
|
|
|
|
-------------------
|
|
|
|
|
|
|
|
Default: ``[]`` (all modules are enabled by default)
|
|
|
|
|
|
|
|
The event may occur in which the administrator desires that a minion should not
|
|
|
|
be able to execute a certain module. The sys module is built into the minion
|
|
|
|
and cannot be disabled.
|
|
|
|
|
2012-01-14 00:27:43 +00:00
|
|
|
This setting can also tune the minion, as all modules are loaded into ram
|
2015-07-31 23:34:07 +00:00
|
|
|
disabling modules will lower the minion's ram footprint.
|
2012-01-14 00:27:43 +00:00
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
disable_modules:
|
|
|
|
- test
|
|
|
|
- solr
|
|
|
|
|
|
|
|
.. conf_minion:: disable_returners
|
|
|
|
|
|
|
|
``disable_returners``
|
|
|
|
---------------------
|
|
|
|
|
|
|
|
Default: ``[]`` (all returners are enabled by default)
|
|
|
|
|
2012-03-15 00:09:19 +00:00
|
|
|
If certain returners should be disabled, this is the place
|
2012-01-14 00:27:43 +00:00
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
disable_returners:
|
|
|
|
- mongo_return
|
|
|
|
|
|
|
|
.. conf_minion:: module_dirs
|
|
|
|
|
|
|
|
``module_dirs``
|
|
|
|
---------------
|
|
|
|
|
|
|
|
Default: ``[]``
|
|
|
|
|
2012-05-23 04:43:12 +00:00
|
|
|
A list of extra directories to search for Salt modules
|
2012-01-14 00:27:43 +00:00
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
module_dirs:
|
|
|
|
- /var/lib/salt/modules
|
|
|
|
|
|
|
|
.. conf_minion:: returner_dirs
|
|
|
|
|
|
|
|
``returner_dirs``
|
2012-01-16 05:36:49 +00:00
|
|
|
-----------------
|
2012-01-14 00:27:43 +00:00
|
|
|
|
|
|
|
Default: ``[]``
|
|
|
|
|
2012-05-23 04:43:12 +00:00
|
|
|
A list of extra directories to search for Salt returners
|
2012-01-14 00:27:43 +00:00
|
|
|
|
2011-10-30 16:04:21 +00:00
|
|
|
.. code-block:: yaml
|
|
|
|
|
2016-03-31 19:50:51 +00:00
|
|
|
returner_dirs:
|
2012-01-14 00:27:43 +00:00
|
|
|
- /var/lib/salt/returners
|
|
|
|
|
|
|
|
.. conf_minion:: states_dirs
|
|
|
|
|
|
|
|
``states_dirs``
|
|
|
|
---------------
|
|
|
|
|
|
|
|
Default: ``[]``
|
|
|
|
|
2012-05-23 04:43:12 +00:00
|
|
|
A list of extra directories to search for Salt states
|
2012-01-14 00:27:43 +00:00
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
states_dirs:
|
|
|
|
- /var/lib/salt/states
|
|
|
|
|
|
|
|
|
2014-01-28 12:38:06 +00:00
|
|
|
.. conf_minion:: grains_dirs
|
|
|
|
|
|
|
|
``grains_dirs``
|
|
|
|
---------------
|
|
|
|
|
|
|
|
Default: ``[]``
|
|
|
|
|
|
|
|
A list of extra directories to search for Salt grains
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
grains_dirs:
|
|
|
|
- /var/lib/salt/grains
|
|
|
|
|
|
|
|
|
2012-01-14 00:27:43 +00:00
|
|
|
.. conf_minion:: render_dirs
|
|
|
|
|
|
|
|
``render_dirs``
|
|
|
|
---------------
|
|
|
|
|
|
|
|
Default: ``[]``
|
|
|
|
|
2012-05-23 04:43:12 +00:00
|
|
|
A list of extra directories to search for Salt renderers
|
2012-01-14 00:27:43 +00:00
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
render_dirs:
|
|
|
|
- /var/lib/salt/renderers
|
|
|
|
|
|
|
|
.. conf_minion:: cython_enable
|
|
|
|
|
|
|
|
``cython_enable``
|
|
|
|
-----------------
|
|
|
|
|
|
|
|
Default: ``False``
|
|
|
|
|
2012-05-23 04:43:12 +00:00
|
|
|
Set this value to true to enable auto-loading and compiling of ``.pyx`` modules,
|
2016-03-31 19:50:51 +00:00
|
|
|
This setting requires that ``gcc`` and ``cython`` are installed on the minion.
|
2012-01-14 00:27:43 +00:00
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
cython_enable: False
|
|
|
|
|
2015-08-22 04:30:35 +00:00
|
|
|
.. conf_minion:: enable_zip_modules
|
|
|
|
|
|
|
|
``enable_zip_modules``
|
|
|
|
----------------------
|
|
|
|
|
|
|
|
.. versionadded:: 2015.8.0
|
|
|
|
|
|
|
|
Default: ``False``
|
|
|
|
|
|
|
|
Set this value to true to enable loading of zip archives as extension modules.
|
|
|
|
This allows for packing module code with specific dependencies to avoid conflicts
|
|
|
|
and/or having to install specific modules' dependencies in system libraries.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
enable_zip_modules: False
|
|
|
|
|
2012-10-11 20:17:10 +00:00
|
|
|
.. conf_minion:: providers
|
|
|
|
|
|
|
|
``providers``
|
|
|
|
-------------
|
|
|
|
|
|
|
|
Default: (empty)
|
|
|
|
|
|
|
|
A module provider can be statically overwritten or extended for the minion via
|
2012-12-22 03:39:22 +00:00
|
|
|
the ``providers`` option. This can be done :doc:`on an individual basis in an
|
|
|
|
SLS file <../states/providers>`, or globally here in the minion config, like
|
|
|
|
below.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
providers:
|
|
|
|
service: systemd
|
2012-10-11 20:17:10 +00:00
|
|
|
|
2014-07-15 10:10:18 +00:00
|
|
|
|
2012-01-14 00:27:43 +00:00
|
|
|
State Management Settings
|
2013-08-07 22:50:51 +00:00
|
|
|
=========================
|
2012-01-14 00:27:43 +00:00
|
|
|
|
|
|
|
.. conf_minion:: renderer
|
|
|
|
|
|
|
|
``renderer``
|
|
|
|
------------
|
|
|
|
|
|
|
|
Default: ``yaml_jinja``
|
|
|
|
|
|
|
|
The default renderer used for local state executions
|
|
|
|
|
2012-01-16 05:36:49 +00:00
|
|
|
.. code-block:: yaml
|
2012-01-14 00:27:43 +00:00
|
|
|
|
|
|
|
renderer: yaml_jinja
|
|
|
|
|
|
|
|
.. conf_minion:: state_verbose
|
|
|
|
|
|
|
|
``state_verbose``
|
|
|
|
-----------------
|
|
|
|
|
2016-03-31 19:50:51 +00:00
|
|
|
Default: ``True``
|
2012-01-14 00:27:43 +00:00
|
|
|
|
2016-03-31 19:50:51 +00:00
|
|
|
Controls the verbosity of state runs. By default, the results of all states are
|
|
|
|
returned, but setting this value to ``False`` will cause salt to only display
|
|
|
|
output for states that failed or states that have changes.
|
2012-01-14 00:27:43 +00:00
|
|
|
|
2012-01-16 05:36:49 +00:00
|
|
|
.. code-block:: yaml
|
2012-01-14 00:27:43 +00:00
|
|
|
|
|
|
|
state_verbose: True
|
|
|
|
|
2012-12-11 00:37:42 +00:00
|
|
|
.. conf_minion:: state_output
|
|
|
|
|
|
|
|
``state_output``
|
|
|
|
----------------
|
|
|
|
|
|
|
|
Default: ``full``
|
|
|
|
|
|
|
|
The state_output setting changes if the output is the full multi line
|
|
|
|
output for each changed state if set to 'full', but if set to 'terse'
|
|
|
|
the output will be shortened to a single line.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
state_output: full
|
|
|
|
|
2012-01-14 00:27:43 +00:00
|
|
|
.. conf_minion:: autoload_dynamic_modules
|
|
|
|
|
|
|
|
``autoload_dynamic_modules``
|
|
|
|
----------------------------
|
|
|
|
|
|
|
|
Default: ``True``
|
|
|
|
|
2016-03-31 19:50:51 +00:00
|
|
|
autoload_dynamic_modules turns on automatic loading of modules found in the
|
|
|
|
environments on the master. This is turned on by default. To turn off
|
|
|
|
auto-loading modules when states run, set this value to ``False``.
|
2012-01-14 00:27:43 +00:00
|
|
|
|
2012-01-16 05:36:49 +00:00
|
|
|
.. code-block:: yaml
|
2012-01-14 00:27:43 +00:00
|
|
|
|
|
|
|
autoload_dynamic_modules: True
|
|
|
|
|
|
|
|
.. conf_minion:: clean_dynamic_modules
|
|
|
|
|
|
|
|
Default: ``True``
|
|
|
|
|
|
|
|
clean_dynamic_modules keeps the dynamic modules on the minion in sync with
|
2016-03-31 19:50:51 +00:00
|
|
|
the dynamic modules on the master. This means that if a dynamic module is
|
2012-01-14 00:27:43 +00:00
|
|
|
not on the master it will be deleted from the minion. By default this is
|
2016-03-31 19:50:51 +00:00
|
|
|
enabled and can be disabled by changing this value to ``False``.
|
2012-01-14 00:27:43 +00:00
|
|
|
|
2012-01-16 05:36:49 +00:00
|
|
|
.. code-block:: yaml
|
2012-01-14 00:27:43 +00:00
|
|
|
|
|
|
|
clean_dynamic_modules: True
|
|
|
|
|
2012-02-09 18:57:37 +00:00
|
|
|
.. conf_minion:: environment
|
|
|
|
|
|
|
|
``environment``
|
|
|
|
---------------
|
|
|
|
|
|
|
|
Default: ``None``
|
|
|
|
|
|
|
|
Normally the minion is not isolated to any single environment on the master
|
|
|
|
when running states, but the environment can be isolated on the minion side
|
|
|
|
by statically setting it. Remember that the recommended way to manage
|
|
|
|
environments is to isolate via the top file.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
environment: None
|
2012-01-14 00:27:43 +00:00
|
|
|
|
2013-08-07 22:50:51 +00:00
|
|
|
|
|
|
|
|
2013-08-03 23:53:39 +00:00
|
|
|
File Directory Settings
|
2013-08-07 22:50:51 +00:00
|
|
|
=======================
|
2013-08-03 23:53:39 +00:00
|
|
|
|
|
|
|
.. conf_minion:: file_client
|
|
|
|
|
|
|
|
``file_client``
|
|
|
|
---------------
|
|
|
|
|
|
|
|
Default: ``remote``
|
|
|
|
|
|
|
|
The client defaults to looking on the master server for files, but can be
|
|
|
|
directed to look on the minion by setting this parameter to ``local``.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
file_client: remote
|
|
|
|
|
2014-09-29 01:53:43 +00:00
|
|
|
.. conf_minion:: use_master_when_local
|
|
|
|
|
|
|
|
``use_master_when_local``
|
2014-11-18 07:53:40 +00:00
|
|
|
-------------------------
|
2014-09-29 01:53:43 +00:00
|
|
|
|
|
|
|
Default: ``False``
|
|
|
|
|
|
|
|
When using a local :conf_minion:`file_client`, this parameter is used to allow
|
|
|
|
the client to connect to a master for remote execution.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
use_master_when_local: False
|
|
|
|
|
2013-08-03 23:53:39 +00:00
|
|
|
.. conf_minion:: file_roots
|
|
|
|
|
|
|
|
``file_roots``
|
|
|
|
--------------
|
|
|
|
|
|
|
|
Default:
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
base:
|
|
|
|
- /srv/salt
|
|
|
|
|
|
|
|
When using a local :conf_minion:`file_client`, this parameter is used to setup
|
|
|
|
the fileserver's environments. This parameter operates identically to the
|
2014-09-02 19:36:35 +00:00
|
|
|
:conf_master:`master config parameter <file_roots>` of the same name.
|
2013-08-03 23:53:39 +00:00
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
file_roots:
|
|
|
|
base:
|
|
|
|
- /srv/salt
|
|
|
|
dev:
|
|
|
|
- /srv/salt/dev/services
|
|
|
|
- /srv/salt/dev/states
|
|
|
|
prod:
|
|
|
|
- /srv/salt/prod/services
|
|
|
|
- /srv/salt/prod/states
|
|
|
|
|
[develop] Merge forward from 2016.3 to develop (#32494)
* fix sorting by latest version when called with an attribute
* remove reference to master_alive_check
* Fixes saltstack/salt#28262
* Resolve memory leak in authentication
* outputter virt_list does not exist anymore
* Update proxmox documentation
* Fix documentation on boto_asg and boto_elb modules and states
* modules.win_timezone: don't list all zones in debug log
* Correcty index glusterfs bricks
Fixes issue #32311
* Cleaner deprecation process with decorators
* Add deprecation decorator scaffold
* Capture type error and unhandled exceptions while function calls
* Aware of the current and future version of deprecation
* Implement initially is_deprecated decorator
* Add an alias for the capitalization
* Fix capitalization easier way
* Remove an extra line
* Add successor name to the deprecation decorator.
* Granulate logging and error messages.
* Implement function swapper
* Raise later the caught exception
* Clarify exception message
* Save function original name
* Remove an extra line
* Hide an alternative hidden function name in the error message, preserving the error itself
* Rename variable as private
* Add a method to detect if a function is using its previous version
* Message to the log and/or raise an exception accordingly to the status of used function
* Log an error along with the exception
* Add internal method documentation
* Add documentation and usage process for decorator "is_deprecated"
* Add documentation and process usage for the decorator "with_deprecated"
* Hide private method name
* Fix PEP8, re-word the error message
* Deprecate basic uptime function
* Add initial decorator unit test
* Rename old/new functions, mock versions
* Move frequent data to the test setup
* Add logging on EOL exception
* Rename and document high to low version test on is_deprecated
* Implement a test on low to high version of is_deprecated decorator
* Add a correction to the test description
* Remove a dead code
* Implement a test for high to low version on is_deprecated, using with_successor param
* Correct typso adn mistaeks
* Implement high to low version with successor param on is_deprecated
* Setup a virtual name for the module
* Implement test for with_deprecated should raise an exception if same deprecated function not found
* Implement test for with_deprecated an old function is picked up if configured
* Correct test description purpose
* Implement test with_deprecated when no deprecation is requested
* Add logging test to the configured deprecation request
* Add logging testing when deprecated version wasn't requested
* Implement test EOL for with_deprecated decorator
* Correct test explanation
* Rename the test
* Implement with_deprecated no EOL, deprecated other function name
* Implement with_deprecated, deprecated other function name, EOL reached
* Add test description for the with_deprecated + with_name + EOL
* Fix confusing test names
* Add logging test to the is_deprecated decorator when function as not found.
* Add more test point to each test, remove empty lines
* Bugfix: at certain conditions a wrong alias name is reported to the log
* Fix a typo in a comment
* Add test for the logging
* Disable a pylint: None will _never_ be raised
* Fix test for the deprecated "status.uptime" version
* Bugfix: Do not yank raised exceptions
* Remove unnecessary decorator
* Add test for the new uptime
* Add test for the new uptime fails when /proc/uptime does not exists
* Rename old test case
* Skip test for the UTC time, unless freeze time is used.
* Fix pylint
* Fix documentation
* Bugfix: proxy-pass the docstring of the decorated function
* Lint fix
* Fixes saltstack/salt#28262 for 2015.5 branch
* Update master config docs
* Improve git_pillar documentation/logging
* Add note about different behavior of top file in git_pillar
* Make log entry for a missing pillar SLS file more accurate for git_pillar
* FreeBSD supports packages in format java/openjdk7 so the prior commit broke that functionality. Check freebsd/pkg#1409 for more info.
* FreeBSD supports packages in format java/openjdk7 so the prior commit broke that functionality. Check freebsd/pkg#1409 for more info.
* Update glusterfs_test to be inline with #32312
* Fix salt-cloud paralell provisioning
Closes #31632
* Ignore Raspbian in service.py __virtual__ (#32421)
* Ignore Raspbian in service.py __virtual__
This prevents more than one execution module from trying to load as the
service virtual module.
Refs: #32413
* pack __salt__ before loading provider overrides
We can (and should) pack here since we're just packing a reference to the
object. __salt__ needs to be available when we're loading our provider
overrides
* Fix broken __salt__ dict in provider override
Using ret.items() here sets ``__salt__`` to its items (tuple containing
function name and reference), breaking usage of ``__salt__`` inside
overridden functions.
* Merge #32293 with test fixes (#32418)
* Fix issue #11497
* Remove check for working directory presence in tests
* Fix Domainname introspection
Default value needs to be extracted from the container itself,
because dockerd set Domainname value when network_mode=host.
* Add pgjsonb_queue to queue doc index
* Pylint fixes
* Pass parser options into batch mode
Resolves #31738
* Changed the target file in file.symlink test (#32443)
* Argument name in docs should match actual arg name (#32445)
Fixes #31851
* tests.integration: bypass MacOS TMPDIR, gettempdir (#32447)
Updates 0edd532, 8f558a5.
When logging in as root over `ssh root@host`, `$TMPDIR` and
`tempfile.gettempdir()` are both set to a variation of:
```
/private/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/
```
When logging in as root over `sudo -i`, `$TMPDIR` is unset and
`tempfile.gettempdir()` is set to `/tmp`.
My guess is that the second case is an unintended or uncorrected omision
by Apple as they have introduced the longer, randomized temp path in a
recent version of MacOS.
* Issue #28706: Fix state user.present behavior. (#32448)
- As mentionned in issue #28706, state user.present no longer remove
user from groups if the keyword 'groups' with empty value '[]' is not
explicitly set, salt will assume current groups are still wanted.
* tests.integration: fix 4230c8a
* Move the tables of virtual modules to individual documentation pages
* Add new doc pages to toctree
* Add external ref to windows package manager docs
* Improve docstrings
* Add documentation on virtual module provider overrides to the module docs
* Clarify the scope of the provider param in states.
* Add link to provider override docs to all package providers
* Add link to provider override docs to all service providers
* Add link to provider override docs to all user providers
* dd link to provider override docs to all shadow providers
* Add link to provider override docs to all group providers
* Backport 31164 and 31364 (#32474)
* Don't send REQ while another one is waiting for response.
The message has to be removed from the queue the only *after* it's
already processed to don't confuse send() functionality that expects
empty queue means: there's no active sendings.
* Fixed zeromq ReqMessageClient destroy
* Add link to provider override docs to opkg.py
This is a companion to https://github.com/saltstack/salt/pull/32458, but
this module was not added until the 2016.3 branch, so the documentation
is being updated there for this module.
* Add documentation for some master/minion configs (#32454)
Refs #32400
Adds docs for:
- cli_summary
- event_return_queue
- event_return_whitelist
- event_return_blacklist
- file_recv_max_size
- fileserver_followsymlinks
- fileserver_ignoresymlinks
- fileserver_limit_traversal
* Automatically detect correct MySQL password column for 5.7 and fix setting passwords (#32440)
* Automatically detect MySQL password column
* Fix changing password in MySQL 5.7
* Fix lint test
* Fix unit tests (?)
They will still fail if "authentication_string" is legitimately the right column name, but I don't know what to do about that.
* Additional unit test fix
* Only unsub if we have a jid
Closes #32479
2016-04-11 23:07:15 +00:00
|
|
|
.. conf_minion:: fileserver_followsymlinks
|
|
|
|
|
|
|
|
``fileserver_followsymlinks``
|
|
|
|
-----------------------------
|
|
|
|
|
|
|
|
.. versionadded:: 2014.1.0
|
|
|
|
|
|
|
|
Default: ``True``
|
|
|
|
|
|
|
|
By default, the file_server follows symlinks when walking the filesystem tree.
|
|
|
|
Currently this only applies to the default roots fileserver_backend.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
fileserver_followsymlinks: True
|
|
|
|
|
|
|
|
.. conf_minion:: fileserver_ignoresymlinks
|
|
|
|
|
|
|
|
``fileserver_ignoresymlinks``
|
|
|
|
-----------------------------
|
|
|
|
|
|
|
|
.. versionadded:: 2014.1.0
|
|
|
|
|
|
|
|
Default: ``False``
|
|
|
|
|
|
|
|
If you do not want symlinks to be treated as the files they are pointing to,
|
|
|
|
set ``fileserver_ignoresymlinks`` to ``True``. By default this is set to
|
|
|
|
False. When set to ``True``, any detected symlink while listing files on the
|
|
|
|
Master will not be returned to the Minion.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
fileserver_ignoresymlinks: False
|
|
|
|
|
|
|
|
.. conf_minion:: fileserver_limit_traversal
|
|
|
|
|
|
|
|
``fileserver_limit_traversal``
|
|
|
|
------------------------------
|
|
|
|
|
|
|
|
.. versionadded:: 2014.1.0
|
|
|
|
|
|
|
|
Default: ``False``
|
|
|
|
|
|
|
|
By default, the Salt fileserver recurses fully into all defined environments
|
|
|
|
to attempt to find files. To limit this behavior so that the fileserver only
|
|
|
|
traverses directories with SLS files and special Salt directories like _modules,
|
|
|
|
set ``fileserver_limit_traversal`` to ``True``. This might be useful for
|
|
|
|
installations where a file root has a very large number of files and performance
|
|
|
|
is impacted.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
fileserver_limit_traversal: False
|
|
|
|
|
2014-09-02 19:36:35 +00:00
|
|
|
.. conf_minion:: hash_type
|
2013-08-03 23:53:39 +00:00
|
|
|
|
|
|
|
``hash_type``
|
|
|
|
-------------
|
|
|
|
|
|
|
|
Default: ``md5``
|
|
|
|
|
|
|
|
The hash_type is the hash to use when discovering the hash of a file on the
|
2014-12-12 19:34:34 +00:00
|
|
|
local fileserver. The default is md5, but sha1, sha224, sha256, sha384, and
|
2013-08-03 23:53:39 +00:00
|
|
|
sha512 are also supported.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
hash_type: md5
|
|
|
|
|
2016-02-24 23:56:52 +00:00
|
|
|
Pillar Settings
|
|
|
|
===============
|
|
|
|
|
2013-08-03 23:53:39 +00:00
|
|
|
.. conf_minion:: pillar_roots
|
|
|
|
|
|
|
|
``pillar_roots``
|
|
|
|
----------------
|
|
|
|
|
|
|
|
Default:
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
base:
|
|
|
|
- /srv/pillar
|
|
|
|
|
|
|
|
When using a local :conf_minion:`file_client`, this parameter is used to setup
|
|
|
|
the pillar environments.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
pillar_roots:
|
|
|
|
base:
|
|
|
|
- /srv/pillar
|
|
|
|
dev:
|
|
|
|
- /srv/pillar/dev
|
|
|
|
prod:
|
|
|
|
- /srv/pillar/prod
|
|
|
|
|
2016-02-24 23:56:52 +00:00
|
|
|
.. conf_minion:: pillarenv
|
|
|
|
|
|
|
|
``pillarenv``
|
|
|
|
-------------
|
|
|
|
|
|
|
|
Default: ``None``
|
|
|
|
|
|
|
|
Isolates the pillar environment on the minion side. This functions the same as
|
|
|
|
the environment setting, but for pillar instead of states.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
2013-08-07 22:50:51 +00:00
|
|
|
|
2016-02-24 23:56:52 +00:00
|
|
|
pillarenv: None
|
2013-08-07 22:50:51 +00:00
|
|
|
|
[develop] Merge forward from 2016.3 to develop (#32494)
* fix sorting by latest version when called with an attribute
* remove reference to master_alive_check
* Fixes saltstack/salt#28262
* Resolve memory leak in authentication
* outputter virt_list does not exist anymore
* Update proxmox documentation
* Fix documentation on boto_asg and boto_elb modules and states
* modules.win_timezone: don't list all zones in debug log
* Correcty index glusterfs bricks
Fixes issue #32311
* Cleaner deprecation process with decorators
* Add deprecation decorator scaffold
* Capture type error and unhandled exceptions while function calls
* Aware of the current and future version of deprecation
* Implement initially is_deprecated decorator
* Add an alias for the capitalization
* Fix capitalization easier way
* Remove an extra line
* Add successor name to the deprecation decorator.
* Granulate logging and error messages.
* Implement function swapper
* Raise later the caught exception
* Clarify exception message
* Save function original name
* Remove an extra line
* Hide an alternative hidden function name in the error message, preserving the error itself
* Rename variable as private
* Add a method to detect if a function is using its previous version
* Message to the log and/or raise an exception accordingly to the status of used function
* Log an error along with the exception
* Add internal method documentation
* Add documentation and usage process for decorator "is_deprecated"
* Add documentation and process usage for the decorator "with_deprecated"
* Hide private method name
* Fix PEP8, re-word the error message
* Deprecate basic uptime function
* Add initial decorator unit test
* Rename old/new functions, mock versions
* Move frequent data to the test setup
* Add logging on EOL exception
* Rename and document high to low version test on is_deprecated
* Implement a test on low to high version of is_deprecated decorator
* Add a correction to the test description
* Remove a dead code
* Implement a test for high to low version on is_deprecated, using with_successor param
* Correct typso adn mistaeks
* Implement high to low version with successor param on is_deprecated
* Setup a virtual name for the module
* Implement test for with_deprecated should raise an exception if same deprecated function not found
* Implement test for with_deprecated an old function is picked up if configured
* Correct test description purpose
* Implement test with_deprecated when no deprecation is requested
* Add logging test to the configured deprecation request
* Add logging testing when deprecated version wasn't requested
* Implement test EOL for with_deprecated decorator
* Correct test explanation
* Rename the test
* Implement with_deprecated no EOL, deprecated other function name
* Implement with_deprecated, deprecated other function name, EOL reached
* Add test description for the with_deprecated + with_name + EOL
* Fix confusing test names
* Add logging test to the is_deprecated decorator when function as not found.
* Add more test point to each test, remove empty lines
* Bugfix: at certain conditions a wrong alias name is reported to the log
* Fix a typo in a comment
* Add test for the logging
* Disable a pylint: None will _never_ be raised
* Fix test for the deprecated "status.uptime" version
* Bugfix: Do not yank raised exceptions
* Remove unnecessary decorator
* Add test for the new uptime
* Add test for the new uptime fails when /proc/uptime does not exists
* Rename old test case
* Skip test for the UTC time, unless freeze time is used.
* Fix pylint
* Fix documentation
* Bugfix: proxy-pass the docstring of the decorated function
* Lint fix
* Fixes saltstack/salt#28262 for 2015.5 branch
* Update master config docs
* Improve git_pillar documentation/logging
* Add note about different behavior of top file in git_pillar
* Make log entry for a missing pillar SLS file more accurate for git_pillar
* FreeBSD supports packages in format java/openjdk7 so the prior commit broke that functionality. Check freebsd/pkg#1409 for more info.
* FreeBSD supports packages in format java/openjdk7 so the prior commit broke that functionality. Check freebsd/pkg#1409 for more info.
* Update glusterfs_test to be inline with #32312
* Fix salt-cloud paralell provisioning
Closes #31632
* Ignore Raspbian in service.py __virtual__ (#32421)
* Ignore Raspbian in service.py __virtual__
This prevents more than one execution module from trying to load as the
service virtual module.
Refs: #32413
* pack __salt__ before loading provider overrides
We can (and should) pack here since we're just packing a reference to the
object. __salt__ needs to be available when we're loading our provider
overrides
* Fix broken __salt__ dict in provider override
Using ret.items() here sets ``__salt__`` to its items (tuple containing
function name and reference), breaking usage of ``__salt__`` inside
overridden functions.
* Merge #32293 with test fixes (#32418)
* Fix issue #11497
* Remove check for working directory presence in tests
* Fix Domainname introspection
Default value needs to be extracted from the container itself,
because dockerd set Domainname value when network_mode=host.
* Add pgjsonb_queue to queue doc index
* Pylint fixes
* Pass parser options into batch mode
Resolves #31738
* Changed the target file in file.symlink test (#32443)
* Argument name in docs should match actual arg name (#32445)
Fixes #31851
* tests.integration: bypass MacOS TMPDIR, gettempdir (#32447)
Updates 0edd532, 8f558a5.
When logging in as root over `ssh root@host`, `$TMPDIR` and
`tempfile.gettempdir()` are both set to a variation of:
```
/private/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/
```
When logging in as root over `sudo -i`, `$TMPDIR` is unset and
`tempfile.gettempdir()` is set to `/tmp`.
My guess is that the second case is an unintended or uncorrected omision
by Apple as they have introduced the longer, randomized temp path in a
recent version of MacOS.
* Issue #28706: Fix state user.present behavior. (#32448)
- As mentionned in issue #28706, state user.present no longer remove
user from groups if the keyword 'groups' with empty value '[]' is not
explicitly set, salt will assume current groups are still wanted.
* tests.integration: fix 4230c8a
* Move the tables of virtual modules to individual documentation pages
* Add new doc pages to toctree
* Add external ref to windows package manager docs
* Improve docstrings
* Add documentation on virtual module provider overrides to the module docs
* Clarify the scope of the provider param in states.
* Add link to provider override docs to all package providers
* Add link to provider override docs to all service providers
* Add link to provider override docs to all user providers
* dd link to provider override docs to all shadow providers
* Add link to provider override docs to all group providers
* Backport 31164 and 31364 (#32474)
* Don't send REQ while another one is waiting for response.
The message has to be removed from the queue the only *after* it's
already processed to don't confuse send() functionality that expects
empty queue means: there's no active sendings.
* Fixed zeromq ReqMessageClient destroy
* Add link to provider override docs to opkg.py
This is a companion to https://github.com/saltstack/salt/pull/32458, but
this module was not added until the 2016.3 branch, so the documentation
is being updated there for this module.
* Add documentation for some master/minion configs (#32454)
Refs #32400
Adds docs for:
- cli_summary
- event_return_queue
- event_return_whitelist
- event_return_blacklist
- file_recv_max_size
- fileserver_followsymlinks
- fileserver_ignoresymlinks
- fileserver_limit_traversal
* Automatically detect correct MySQL password column for 5.7 and fix setting passwords (#32440)
* Automatically detect MySQL password column
* Fix changing password in MySQL 5.7
* Fix lint test
* Fix unit tests (?)
They will still fail if "authentication_string" is legitimately the right column name, but I don't know what to do about that.
* Additional unit test fix
* Only unsub if we have a jid
Closes #32479
2016-04-11 23:07:15 +00:00
|
|
|
.. conf_minion:: file_recv_max_size
|
|
|
|
|
|
|
|
``file_recv_max_size``
|
|
|
|
----------------------
|
|
|
|
|
|
|
|
.. versionadded:: 2014.7.0
|
|
|
|
|
|
|
|
Default: ``100``
|
|
|
|
|
|
|
|
Set a hard-limit on the size of the files that can be pushed to the master.
|
|
|
|
It will be interpreted as megabytes.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
file_recv_max_size: 100
|
|
|
|
|
2012-01-14 00:27:43 +00:00
|
|
|
Security Settings
|
2013-08-07 22:50:51 +00:00
|
|
|
=================
|
2011-10-30 16:04:21 +00:00
|
|
|
|
|
|
|
.. conf_minion:: open_mode
|
|
|
|
|
|
|
|
``open_mode``
|
|
|
|
-------------
|
|
|
|
|
|
|
|
Default: ``False``
|
|
|
|
|
2012-05-23 04:43:12 +00:00
|
|
|
Open mode can be used to clean out the PKI key received from the Salt master,
|
2011-10-30 16:04:21 +00:00
|
|
|
turn on open mode, restart the minion, then turn off open mode and restart the
|
|
|
|
minion to clean the keys.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
open_mode: False
|
2012-01-14 00:27:43 +00:00
|
|
|
|
2015-08-07 02:23:22 +00:00
|
|
|
.. conf_minion:: master_finger
|
|
|
|
|
|
|
|
``master_finger``
|
|
|
|
-----------------
|
|
|
|
|
|
|
|
Default: ``''``
|
|
|
|
|
|
|
|
Fingerprint of the master public key to validate the identity of your Salt master
|
|
|
|
before the initial key exchange. The master fingerprint can be found by running
|
|
|
|
"salt-key -F master" on the Salt master.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
master_finger: 'ba:30:65:2a:d6:9e:20:4f:d8:b2:f3:a7:d4:65:11:13'
|
|
|
|
|
2014-07-15 10:10:18 +00:00
|
|
|
.. conf_minion:: verify_master_pubkey_sign
|
|
|
|
|
|
|
|
``verify_master_pubkey_sign``
|
|
|
|
-----------------------------
|
|
|
|
|
|
|
|
Default: ``False``
|
|
|
|
|
|
|
|
Enables verification of the master-public-signature returned by the master in
|
|
|
|
auth-replies. Please see the tutorial on how to configure this properly
|
|
|
|
`Multimaster-PKI with Failover Tutorial <http://docs.saltstack.com/en/latest/topics/tutorials/multimaster_pki.html>`_
|
|
|
|
|
2014-07-15 22:53:29 +00:00
|
|
|
.. versionadded:: 2014.7.0
|
2014-07-15 10:10:18 +00:00
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
verify_master_pubkey_sign: True
|
|
|
|
|
|
|
|
If this is set to ``True``, :conf_master:`master_sign_pubkey` must be also set
|
|
|
|
to ``True`` in the master configuration file.
|
|
|
|
|
|
|
|
|
|
|
|
.. conf_minion:: master_sign_key_name
|
|
|
|
|
|
|
|
``master_sign_key_name``
|
|
|
|
------------------------
|
|
|
|
|
|
|
|
Default: ``master_sign``
|
|
|
|
|
2014-09-17 23:00:18 +00:00
|
|
|
The filename without the *.pub* suffix of the public key that should be used
|
|
|
|
for verifying the signature from the master. The file must be located in the
|
|
|
|
minion's pki directory.
|
2014-07-15 10:10:18 +00:00
|
|
|
|
2014-07-15 22:53:29 +00:00
|
|
|
.. versionadded:: 2014.7.0
|
2014-07-15 10:10:18 +00:00
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
master_sign_key_name: <filename_without_suffix>
|
|
|
|
|
|
|
|
.. conf_minion:: always_verify_signature
|
|
|
|
|
|
|
|
``always_verify_signature``
|
|
|
|
---------------------------
|
|
|
|
|
|
|
|
Default: ``False``
|
|
|
|
|
2016-03-31 19:50:51 +00:00
|
|
|
If :conf_minion:`verify_master_pubkey_sign` is enabled, the signature is only verified
|
2014-07-15 10:10:18 +00:00
|
|
|
if the public-key of the master changes. If the signature should always be verified,
|
|
|
|
this can be set to ``True``.
|
|
|
|
|
2014-07-15 22:53:29 +00:00
|
|
|
.. versionadded:: 2014.7.0
|
2014-07-15 10:10:18 +00:00
|
|
|
|
|
|
|
.. code-block:: yaml
|
2013-08-07 22:50:51 +00:00
|
|
|
|
2014-07-15 10:10:18 +00:00
|
|
|
always_verify_signature: True
|
2013-08-07 22:50:51 +00:00
|
|
|
|
2012-01-14 00:27:43 +00:00
|
|
|
Thread Settings
|
2013-08-07 22:50:51 +00:00
|
|
|
===============
|
2012-01-14 00:27:43 +00:00
|
|
|
|
|
|
|
.. conf_minion:: multiprocessing
|
|
|
|
|
|
|
|
Default: ``True``
|
|
|
|
|
2015-10-22 15:45:54 +00:00
|
|
|
If `multiprocessing` is enabled when a minion receives a
|
2012-01-14 00:27:43 +00:00
|
|
|
publication a new process is spawned and the command is executed therein.
|
2015-10-22 15:45:54 +00:00
|
|
|
Conversely, if `multiprocessing` is disabled the new publication will be run
|
|
|
|
executed in a thread.
|
|
|
|
|
2012-01-14 00:27:43 +00:00
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
multiprocessing: True
|
|
|
|
|
2013-07-25 07:07:18 +00:00
|
|
|
|
2013-08-07 22:50:51 +00:00
|
|
|
|
|
|
|
|
2013-07-25 07:07:18 +00:00
|
|
|
.. _minion-logging-settings:
|
|
|
|
|
2012-01-14 00:27:43 +00:00
|
|
|
Minion Logging Settings
|
2013-08-07 22:50:51 +00:00
|
|
|
=======================
|
2012-01-14 00:27:43 +00:00
|
|
|
|
|
|
|
.. conf_minion:: log_file
|
|
|
|
|
|
|
|
``log_file``
|
|
|
|
------------
|
|
|
|
|
2013-08-07 22:50:51 +00:00
|
|
|
Default: ``/var/log/salt/minion``
|
|
|
|
|
2014-07-15 10:10:18 +00:00
|
|
|
The minion log can be sent to a regular file, local path name, or network
|
2013-12-14 00:33:32 +00:00
|
|
|
location. See also :conf_log:`log_file`.
|
2012-01-14 00:27:43 +00:00
|
|
|
|
2013-08-07 22:50:51 +00:00
|
|
|
Examples:
|
2013-01-10 07:45:11 +00:00
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
2013-01-11 00:51:44 +00:00
|
|
|
log_file: /var/log/salt/minion
|
2013-01-10 07:45:11 +00:00
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
2013-01-11 00:51:44 +00:00
|
|
|
log_file: file:///dev/log
|
2012-01-14 00:27:43 +00:00
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
2013-01-11 00:51:44 +00:00
|
|
|
log_file: udp://loghost:10514
|
2012-01-14 00:27:43 +00:00
|
|
|
|
2013-08-07 22:50:51 +00:00
|
|
|
|
2012-01-14 00:27:43 +00:00
|
|
|
.. conf_minion:: log_level
|
|
|
|
|
|
|
|
``log_level``
|
|
|
|
-------------
|
|
|
|
|
2015-09-18 20:59:01 +00:00
|
|
|
Default: ``info``
|
2012-01-14 00:27:43 +00:00
|
|
|
|
2013-12-14 00:33:32 +00:00
|
|
|
The level of messages to send to the console. See also :conf_log:`log_level`.
|
2012-01-14 00:27:43 +00:00
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
log_level: warning
|
|
|
|
|
2013-08-07 22:50:51 +00:00
|
|
|
|
2013-01-10 07:45:11 +00:00
|
|
|
.. conf_minion:: log_level_logfile
|
|
|
|
|
|
|
|
``log_level_logfile``
|
|
|
|
---------------------
|
|
|
|
|
2015-09-18 20:59:01 +00:00
|
|
|
Default: ``info``
|
2013-01-10 07:45:11 +00:00
|
|
|
|
2014-07-15 10:10:18 +00:00
|
|
|
The level of messages to send to the log file. See also
|
2015-02-12 18:47:59 +00:00
|
|
|
:conf_log:`log_level_logfile`. When it is not set explicitly
|
|
|
|
it will inherit the level set by :conf_log:`log_level` option.
|
2013-01-10 07:45:11 +00:00
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
log_level_logfile: warning
|
|
|
|
|
2013-08-07 22:50:51 +00:00
|
|
|
|
2013-01-10 07:45:11 +00:00
|
|
|
.. conf_minion:: log_datefmt
|
|
|
|
|
|
|
|
``log_datefmt``
|
|
|
|
---------------
|
|
|
|
|
|
|
|
Default: ``%H:%M:%S``
|
|
|
|
|
2014-07-15 10:10:18 +00:00
|
|
|
The date and time format used in console log messages. See also
|
2013-12-14 00:33:32 +00:00
|
|
|
:conf_log:`log_datefmt`.
|
2013-01-10 07:45:11 +00:00
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
log_datefmt: '%H:%M:%S'
|
|
|
|
|
2013-08-07 22:50:51 +00:00
|
|
|
|
2013-01-10 07:45:11 +00:00
|
|
|
.. conf_minion:: log_datefmt_logfile
|
|
|
|
|
|
|
|
``log_datefmt_logfile``
|
|
|
|
-----------------------
|
|
|
|
|
|
|
|
Default: ``%Y-%m-%d %H:%M:%S``
|
|
|
|
|
2014-07-15 10:10:18 +00:00
|
|
|
The date and time format used in log file messages. See also
|
2013-12-14 00:33:32 +00:00
|
|
|
:conf_log:`log_datefmt_logfile`.
|
2013-01-10 07:45:11 +00:00
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
log_datefmt_logfile: '%Y-%m-%d %H:%M:%S'
|
|
|
|
|
2013-08-07 22:50:51 +00:00
|
|
|
|
2013-01-10 07:45:11 +00:00
|
|
|
.. conf_minion:: log_fmt_console
|
|
|
|
|
|
|
|
``log_fmt_console``
|
|
|
|
-------------------
|
|
|
|
|
|
|
|
Default: ``[%(levelname)-8s] %(message)s``
|
|
|
|
|
2014-07-15 10:10:18 +00:00
|
|
|
The format of the console logging messages. See also
|
2013-12-14 00:33:32 +00:00
|
|
|
:conf_log:`log_fmt_console`.
|
2013-01-10 07:45:11 +00:00
|
|
|
|
2015-07-28 21:54:10 +00:00
|
|
|
.. note::
|
|
|
|
Log colors are enabled in ``log_fmt_console`` rather than the
|
|
|
|
:conf_minion:`color` config since the logging system is loaded before the
|
|
|
|
minion config.
|
|
|
|
|
|
|
|
Console log colors are specified by these additional formatters:
|
|
|
|
|
|
|
|
%(colorlevel)s
|
|
|
|
%(colorname)s
|
|
|
|
%(colorprocess)s
|
|
|
|
%(colormsg)s
|
|
|
|
|
|
|
|
Since it is desirable to include the surrounding brackets, '[' and ']', in
|
|
|
|
the coloring of the messages, these color formatters also include padding
|
|
|
|
as well. Color LogRecord attributes are only available for console
|
|
|
|
logging.
|
|
|
|
|
2013-01-10 07:45:11 +00:00
|
|
|
.. code-block:: yaml
|
|
|
|
|
2015-07-28 21:54:10 +00:00
|
|
|
log_fmt_console: '%(colorlevel)s %(colormsg)s'
|
2013-01-10 07:45:11 +00:00
|
|
|
log_fmt_console: '[%(levelname)-8s] %(message)s'
|
|
|
|
|
2013-08-07 22:50:51 +00:00
|
|
|
|
2013-01-10 07:45:11 +00:00
|
|
|
.. conf_minion:: log_fmt_logfile
|
|
|
|
|
|
|
|
``log_fmt_logfile``
|
|
|
|
-------------------
|
|
|
|
|
|
|
|
Default: ``%(asctime)s,%(msecs)03.0f [%(name)-17s][%(levelname)-8s] %(message)s``
|
|
|
|
|
2014-07-15 10:10:18 +00:00
|
|
|
The format of the log file logging messages. See also
|
2013-12-14 00:33:32 +00:00
|
|
|
:conf_log:`log_fmt_logfile`.
|
2013-01-10 07:45:11 +00:00
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
log_fmt_logfile: '%(asctime)s,%(msecs)03.0f [%(name)-17s][%(levelname)-8s] %(message)s'
|
|
|
|
|
2013-08-07 22:50:51 +00:00
|
|
|
|
2012-01-14 00:27:43 +00:00
|
|
|
.. conf_minion:: log_granular_levels
|
|
|
|
|
|
|
|
``log_granular_levels``
|
|
|
|
-----------------------
|
|
|
|
|
|
|
|
Default: ``{}``
|
|
|
|
|
2014-07-15 10:10:18 +00:00
|
|
|
This can be used to control logging levels more specifically. See also
|
2013-12-14 00:33:32 +00:00
|
|
|
:conf_log:`log_granular_levels`.
|
2013-08-07 22:50:51 +00:00
|
|
|
|
2016-01-07 21:26:33 +00:00
|
|
|
.. conf_minion:: zmq_monitor
|
|
|
|
|
|
|
|
``zmq_monitor``
|
|
|
|
---------------
|
|
|
|
|
|
|
|
Default: ``False``
|
|
|
|
|
|
|
|
To diagnose issues with minions disconnecting or missing returns, ZeroMQ
|
|
|
|
supports the use of monitor sockets to log connection events. This
|
|
|
|
feature requires ZeroMQ 4.0 or higher.
|
|
|
|
|
|
|
|
To enable ZeroMQ monitor sockets, set 'zmq_monitor' to 'True' and log at a
|
|
|
|
debug level or higher.
|
|
|
|
|
|
|
|
A sample log event is as follows:
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
[DEBUG ] ZeroMQ event: {'endpoint': 'tcp://127.0.0.1:4505', 'event': 512,
|
|
|
|
'value': 27, 'description': 'EVENT_DISCONNECTED'}
|
|
|
|
|
|
|
|
All events logged will include the string ``ZeroMQ event``. A connection event
|
|
|
|
should be logged as the minion starts up and initially connects to the
|
|
|
|
master. If not, check for debug log level and that the necessary version of
|
|
|
|
ZeroMQ is installed.
|
2012-01-14 00:27:43 +00:00
|
|
|
|
2014-08-29 15:39:28 +00:00
|
|
|
.. conf_minion:: failhard
|
|
|
|
|
|
|
|
``failhard``
|
|
|
|
------------
|
|
|
|
|
|
|
|
Default: ``False``
|
|
|
|
|
2016-03-31 19:50:51 +00:00
|
|
|
Set the global failhard flag. This informs all states to stop running states
|
2014-08-29 15:39:28 +00:00
|
|
|
at the moment a single state fails
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
failhard: False
|
|
|
|
|
2013-08-07 22:50:51 +00:00
|
|
|
Include Configuration
|
|
|
|
=====================
|
2012-06-26 19:53:27 +00:00
|
|
|
|
|
|
|
.. conf_minion:: include
|
|
|
|
|
2012-08-24 15:14:21 +00:00
|
|
|
``default_include``
|
|
|
|
-------------------
|
|
|
|
|
|
|
|
Default: ``minion.d/*.conf``
|
|
|
|
|
|
|
|
The minion can include configuration from other files. Per default the
|
|
|
|
minion will automatically include all config files from `minion.d/*.conf`
|
|
|
|
where minion.d is relative to the directory of the minion configuration
|
|
|
|
file.
|
|
|
|
|
2012-06-26 19:53:27 +00:00
|
|
|
``include``
|
|
|
|
-----------
|
|
|
|
|
|
|
|
Default: ``not defined``
|
|
|
|
|
|
|
|
The minion can include configuration from other files. To enable this,
|
|
|
|
pass a list of paths to this option. The paths can be either relative or
|
|
|
|
absolute; if relative, they are considered to be relative to the directory
|
2012-08-24 15:14:21 +00:00
|
|
|
the main minion configuration file lives in. Paths can make use of
|
2012-06-26 19:54:56 +00:00
|
|
|
shell-style globbing. If no files are matched by a path passed to this
|
2012-06-26 19:53:27 +00:00
|
|
|
option then the minion will log a warning message.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
2012-08-24 15:14:21 +00:00
|
|
|
|
2012-06-26 19:53:27 +00:00
|
|
|
# Include files from a minion.d directory in the same
|
|
|
|
# directory as the minion config file
|
2013-10-02 12:36:47 +00:00
|
|
|
include: minion.d/*.conf
|
2012-06-26 19:53:27 +00:00
|
|
|
|
|
|
|
# Include a single extra file into the configuration
|
|
|
|
include: /etc/roles/webserver
|
|
|
|
|
|
|
|
# Include several files and the minion.d directory
|
|
|
|
include:
|
|
|
|
- extra_config
|
|
|
|
- minion.d/*
|
|
|
|
- /etc/roles/webserver
|
2012-09-12 03:44:00 +00:00
|
|
|
|
|
|
|
|
2013-08-07 22:50:51 +00:00
|
|
|
|
2012-09-12 03:44:00 +00:00
|
|
|
Frozen Build Update Settings
|
2013-08-07 22:50:51 +00:00
|
|
|
============================
|
2012-09-12 03:44:00 +00:00
|
|
|
|
|
|
|
These options control how :py:func:`salt.modules.saltutil.update` works with esky
|
|
|
|
frozen apps. For more information look at `<https://github.com/cloudmatrix/esky/>`_.
|
|
|
|
|
|
|
|
.. conf_minion:: update_url
|
|
|
|
|
|
|
|
``update_url``
|
|
|
|
--------------
|
|
|
|
|
|
|
|
Default: ``False`` (Update feature is disabled)
|
|
|
|
|
|
|
|
The url to use when looking for application updates. Esky depends on directory
|
|
|
|
listings to search for new versions. A webserver running on your Master is a
|
|
|
|
good starting point for most setups.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
update_url: 'http://salt.example.com/minion-updates'
|
|
|
|
|
|
|
|
.. conf_minion:: update_restart_services
|
|
|
|
|
|
|
|
``update_restart_services``
|
|
|
|
---------------------------
|
|
|
|
|
|
|
|
Default: ``[]`` (service restarting on update is disabled)
|
|
|
|
|
2012-09-12 05:23:31 +00:00
|
|
|
A list of services to restart when the minion software is updated. This would
|
|
|
|
typically just be a list containing the minion's service name, but you may
|
|
|
|
have other services that need to go with it.
|
2012-09-12 03:44:00 +00:00
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
update_restart_services: ['salt-minion']
|
2015-08-09 07:54:17 +00:00
|
|
|
|
|
|
|
|
2015-08-21 07:34:39 +00:00
|
|
|
.. _winrepo-minion-config-opts:
|
|
|
|
|
|
|
|
Standalone Minion Windows Software Repo Settings
|
|
|
|
================================================
|
2015-08-09 07:54:17 +00:00
|
|
|
|
|
|
|
.. important::
|
|
|
|
To use these config options, the minion must be running in masterless mode
|
|
|
|
(set :conf_minion:`file_client` to ``local``).
|
|
|
|
|
|
|
|
.. conf_minion:: winrepo_dir
|
|
|
|
.. conf_minion:: win_repo
|
|
|
|
|
|
|
|
``winrepo_dir``
|
|
|
|
---------------
|
|
|
|
|
|
|
|
.. versionchanged:: 2015.8.0
|
2015-08-21 07:34:39 +00:00
|
|
|
Renamed from ``win_repo`` to ``winrepo_dir``. Also, this option did not
|
|
|
|
have a default value until this version.
|
2015-08-09 07:54:17 +00:00
|
|
|
|
2015-08-21 07:34:39 +00:00
|
|
|
Default: ``C:\salt\srv\salt\win\repo``
|
2015-08-09 07:54:17 +00:00
|
|
|
|
|
|
|
Location on the minion where the :conf_minion:`winrepo_remotes` are checked
|
|
|
|
out.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
2015-08-21 07:34:39 +00:00
|
|
|
winrepo_dir: 'D:\winrepo'
|
2015-08-09 07:54:17 +00:00
|
|
|
|
|
|
|
.. conf_minion:: winrepo_cachefile
|
2015-08-21 07:34:39 +00:00
|
|
|
.. conf_minion:: win_repo_cachefile
|
2015-08-09 07:54:17 +00:00
|
|
|
|
|
|
|
``winrepo_cachefile``
|
|
|
|
---------------------
|
|
|
|
|
|
|
|
.. versionchanged:: 2015.8.0
|
2015-08-21 07:34:39 +00:00
|
|
|
Renamed from ``win_repo_cachefile`` to ``winrepo_cachefile``. Also,
|
|
|
|
this option did not have a default value until this version.
|
2015-08-09 07:54:17 +00:00
|
|
|
|
|
|
|
Default: ``winrepo.p``
|
|
|
|
|
|
|
|
Path relative to :conf_minion:`winrepo_dir` where the winrepo cache should be
|
|
|
|
created.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
winrepo_cachefile: winrepo.p
|
|
|
|
|
|
|
|
.. conf_minion:: winrepo_remotes
|
|
|
|
.. conf_minion:: win_gitrepos
|
|
|
|
|
|
|
|
``winrepo_remotes``
|
|
|
|
-------------------
|
|
|
|
|
2015-08-21 07:34:39 +00:00
|
|
|
.. versionchanged:: 2015.8.0
|
|
|
|
Renamed from ``win_gitrepos`` to ``winrepo_remotes``. Also, this option did
|
|
|
|
not have a default value until this version.
|
|
|
|
|
|
|
|
|
2015-08-09 07:54:17 +00:00
|
|
|
.. versionadded:: 2015.8.0
|
|
|
|
|
|
|
|
Default: ``['https://github.com/saltstack/salt-winrepo.git']``
|
|
|
|
|
|
|
|
List of git repositories to checkout and include in the winrepo
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
winrepo_remotes:
|
|
|
|
- https://github.com/saltstack/salt-winrepo.git
|
|
|
|
|
|
|
|
To specify a specific revision of the repository, prepend a commit ID to the
|
|
|
|
URL of the the repository:
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
winrepo_remotes:
|
|
|
|
- '<commit_id> https://github.com/saltstack/salt-winrepo.git'
|
|
|
|
|
|
|
|
Replace ``<commit_id>`` with the SHA1 hash of a commit ID. Specifying a commit
|
|
|
|
ID is useful in that it allows one to revert back to a previous version in the
|
|
|
|
event that an error is introduced in the latest revision of the repo.
|