2012-10-25 21:30:28 +00:00
|
|
|
.. _configuration-salt-master:
|
|
|
|
|
2011-10-30 16:04:21 +00:00
|
|
|
===========================
|
|
|
|
Configuring the Salt Master
|
|
|
|
===========================
|
2011-05-23 06:51:31 +00:00
|
|
|
|
|
|
|
The Salt system is amazingly simple and easy to configure, the two components
|
|
|
|
of the Salt system each have a respective configuration file. The
|
|
|
|
:command:`salt-master` is configured via the master configuration file, and the
|
|
|
|
:command:`salt-minion` is configured via the minion configuration file.
|
|
|
|
|
2012-01-19 05:04:48 +00:00
|
|
|
.. seealso::
|
|
|
|
:ref:`example master configuration file <configuration-examples-master>`
|
2011-05-23 06:51:31 +00:00
|
|
|
|
|
|
|
The configuration file for the salt-master is located at
|
2014-07-14 18:22:27 +00:00
|
|
|
:file:`/etc/salt/master` by default. A notable exception is FreeBSD, where the
|
|
|
|
configuration file is located at :file:`/usr/local/etc/salt`. The available
|
|
|
|
options are as follows:
|
2011-05-23 06:51:31 +00:00
|
|
|
|
2011-05-31 04:16:25 +00:00
|
|
|
Primary Master Configuration
|
2013-08-07 22:50:51 +00:00
|
|
|
============================
|
|
|
|
|
2011-05-31 04:16:25 +00:00
|
|
|
|
2011-05-23 06:51:31 +00:00
|
|
|
.. conf_master:: interface
|
|
|
|
|
|
|
|
``interface``
|
|
|
|
-------------
|
|
|
|
|
|
|
|
Default: ``0.0.0.0`` (all interfaces)
|
|
|
|
|
|
|
|
The local interface to bind to.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
interface: 192.168.0.1
|
|
|
|
|
2014-01-10 05:54:07 +00:00
|
|
|
.. conf_master:: ipv6
|
|
|
|
|
|
|
|
``ipv6``
|
|
|
|
--------
|
|
|
|
|
|
|
|
Default: ``False``
|
|
|
|
|
|
|
|
Whether the master should listen for IPv6 connections. If this is set to True,
|
|
|
|
the interface option must be adjusted too (for example: "interface: '::'")
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
ipv6: True
|
|
|
|
|
2011-05-23 06:51:31 +00:00
|
|
|
.. conf_master:: publish_port
|
|
|
|
|
|
|
|
``publish_port``
|
|
|
|
----------------
|
|
|
|
|
|
|
|
Default: ``4505``
|
|
|
|
|
|
|
|
The network port to set up the publication interface
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
publish_port: 4505
|
|
|
|
|
2014-08-01 23:38:22 +00:00
|
|
|
.. conf_master:: master_id
|
|
|
|
|
|
|
|
``master_id``
|
|
|
|
----------------
|
|
|
|
|
|
|
|
Default: ``None``
|
|
|
|
|
|
|
|
The id to be passed in the publish job to minions. This is used for MultiSyndics
|
|
|
|
to return the job to the requesting master. Note, this must be the same string
|
|
|
|
as the syndic is configured with.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
master_id: MasterOfMaster
|
2012-10-12 05:01:18 +00:00
|
|
|
|
2012-01-19 05:04:48 +00:00
|
|
|
.. conf_master:: user
|
|
|
|
|
|
|
|
``user``
|
2012-05-23 04:43:12 +00:00
|
|
|
--------
|
2012-01-19 05:04:48 +00:00
|
|
|
|
|
|
|
Default: ``root``
|
|
|
|
|
|
|
|
The user to run the Salt processes
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
user: root
|
|
|
|
|
2012-10-12 05:01:18 +00:00
|
|
|
.. conf_master:: max_open_files
|
|
|
|
|
|
|
|
``max_open_files``
|
|
|
|
------------------
|
|
|
|
|
2014-07-13 16:02:33 +00:00
|
|
|
Default: ``100000``
|
2012-10-12 05:01:18 +00:00
|
|
|
|
|
|
|
Each minion connecting to the master uses AT LEAST one file descriptor, the
|
|
|
|
master subscription connection. If enough minions connect you might start
|
2014-07-13 16:02:33 +00:00
|
|
|
seeing on the console(and then salt-master crashes):
|
2012-10-25 20:27:07 +00:00
|
|
|
|
2014-07-13 16:02:33 +00:00
|
|
|
.. code-block:: bash
|
|
|
|
|
|
|
|
Too many open files (tcp_listener.cpp:335)
|
|
|
|
Aborted (core dumped)
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
max_open_files: 100000
|
2012-10-12 05:01:18 +00:00
|
|
|
|
2013-03-18 19:59:27 +00:00
|
|
|
By default this value will be the one of `ulimit -Hn`, i.e., the hard limit for
|
2012-10-12 05:01:18 +00:00
|
|
|
max open files.
|
|
|
|
|
2014-07-13 16:02:33 +00:00
|
|
|
To set a different value than the default one, uncomment and configure this
|
|
|
|
setting. Remember that this value CANNOT be higher than the hard limit. Raising
|
|
|
|
the hard limit depends on the OS and/or distribution, a good way to find the
|
|
|
|
limit is to search the internet for something like this:
|
2012-10-12 05:01:18 +00:00
|
|
|
|
2014-07-13 16:02:33 +00:00
|
|
|
.. code-block:: text
|
2012-10-12 05:01:18 +00:00
|
|
|
|
2014-07-13 16:02:33 +00:00
|
|
|
raise max open files hard limit debian
|
2012-10-12 05:01:18 +00:00
|
|
|
|
2011-05-23 06:51:31 +00:00
|
|
|
.. conf_master:: worker_threads
|
|
|
|
|
|
|
|
``worker_threads``
|
|
|
|
------------------
|
|
|
|
|
|
|
|
Default: ``5``
|
|
|
|
|
|
|
|
The number of threads to start for receiving commands and replies from minions.
|
|
|
|
If minions are stalling on replies because you have many minions, raise the
|
|
|
|
worker_threads value.
|
|
|
|
|
2013-04-22 17:05:30 +00:00
|
|
|
Worker threads should not be put below 3 when using the peer system, but can
|
|
|
|
drop down to 1 worker otherwise.
|
|
|
|
|
2014-08-11 22:09:02 +00:00
|
|
|
.. note::
|
|
|
|
When the master daemon starts, it is expected behaviour to see
|
|
|
|
multiple salt-master processes, even if 'worker_threads' is set to '1'. At
|
|
|
|
a minimum, a controlling process will start along with a Publisher, an
|
|
|
|
EventPublisher, and a number of MWorker procsses will be started. The
|
|
|
|
number of MWorker processes is tuneable by the 'worker_threads'
|
|
|
|
configuration value while the others are not.
|
|
|
|
|
2011-05-23 06:51:31 +00:00
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
worker_threads: 5
|
|
|
|
|
|
|
|
.. conf_master:: ret_port
|
|
|
|
|
|
|
|
``ret_port``
|
|
|
|
------------
|
|
|
|
|
|
|
|
Default: ``4506``
|
|
|
|
|
|
|
|
The port used by the return server, this is the server used by Salt to receive
|
|
|
|
execution returns and command executions.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
ret_port: 4506
|
|
|
|
|
2012-10-12 05:01:18 +00:00
|
|
|
.. conf_master:: pidfile
|
|
|
|
|
|
|
|
``pidfile``
|
|
|
|
-----------
|
|
|
|
|
|
|
|
Default: ``/var/run/salt-master.pid``
|
|
|
|
|
|
|
|
Specify the location of the master pidfile
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
pidfile: /var/run/salt-master.pid
|
|
|
|
|
2012-01-13 19:35:56 +00:00
|
|
|
.. conf_master:: root_dir
|
|
|
|
|
|
|
|
``root_dir``
|
|
|
|
------------
|
|
|
|
|
|
|
|
Default: :file:`/`
|
|
|
|
|
2012-03-09 04:08:45 +00:00
|
|
|
The system root directory to operate from, change this to make Salt run from
|
2014-02-04 21:46:22 +00:00
|
|
|
an alternative root.
|
2012-01-13 19:35:56 +00:00
|
|
|
|
2012-01-16 05:36:49 +00:00
|
|
|
.. code-block:: yaml
|
2012-01-13 19:35:56 +00:00
|
|
|
|
|
|
|
root_dir: /
|
|
|
|
|
2014-02-04 21:46:22 +00:00
|
|
|
.. note::
|
|
|
|
|
|
|
|
This directory is prepended to the following options:
|
|
|
|
:conf_master:`pki_dir`, :conf_master:`cachedir`, :conf_master:`sock_dir`,
|
|
|
|
:conf_master:`log_file`, :conf_master:`autosign_file`,
|
|
|
|
:conf_master:`autoreject_file`, :conf_master:`pidfile`.
|
|
|
|
|
2011-05-23 06:51:31 +00:00
|
|
|
.. conf_master:: pki_dir
|
|
|
|
|
|
|
|
``pki_dir``
|
|
|
|
-----------
|
|
|
|
|
|
|
|
Default: :file:`/etc/salt/pki`
|
|
|
|
|
|
|
|
The directory to store the pki authentication keys.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
pki_dir: /etc/salt/pki
|
|
|
|
|
2014-03-07 23:11:00 +00:00
|
|
|
.. conf_master:: extension_modules
|
|
|
|
|
|
|
|
``extension_modules``
|
|
|
|
---------------------
|
|
|
|
|
|
|
|
Directory for custom modules. This directory can contain subdirectories for
|
|
|
|
each of Salt's module types such as "runners", "output", "wheel", "modules",
|
|
|
|
"states", "returners", etc. This path is appended to :conf_master:`root_dir`.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
extension_modules: srv/modules
|
|
|
|
|
2011-05-23 06:51:31 +00:00
|
|
|
.. conf_master:: cachedir
|
|
|
|
|
|
|
|
``cachedir``
|
|
|
|
------------
|
|
|
|
|
|
|
|
Default: :file:`/var/cache/salt`
|
|
|
|
|
|
|
|
The location used to store cache information, particularly the job information
|
|
|
|
for executed salt commands.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
cachedir: /var/cache/salt
|
|
|
|
|
2014-01-10 05:54:07 +00:00
|
|
|
.. conf_master:: verify_env
|
|
|
|
|
|
|
|
``verify_env``
|
|
|
|
--------------
|
|
|
|
|
|
|
|
Default: ``True``
|
|
|
|
|
|
|
|
Verify and set permissions on configuration directories at startup.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
verify_env: True
|
|
|
|
|
2011-05-31 04:16:25 +00:00
|
|
|
.. conf_master:: keep_jobs
|
|
|
|
|
|
|
|
``keep_jobs``
|
|
|
|
-------------
|
|
|
|
|
|
|
|
Default: ``24``
|
|
|
|
|
|
|
|
Set the number of hours to keep old job information
|
|
|
|
|
2014-01-10 05:54:07 +00:00
|
|
|
.. conf_master:: timeout
|
|
|
|
|
|
|
|
``timeout``
|
|
|
|
-----------
|
|
|
|
|
|
|
|
Default: ``5``
|
|
|
|
|
2014-07-15 10:09:52 +00:00
|
|
|
Set the default timeout for the salt command and api.
|
2014-01-10 05:54:07 +00:00
|
|
|
|
|
|
|
.. conf_master:: loop_interval
|
|
|
|
|
|
|
|
``loop_interval``
|
|
|
|
-----------------
|
|
|
|
|
|
|
|
Default: ``60``
|
|
|
|
|
2014-02-27 13:57:35 +00:00
|
|
|
The loop_interval option controls the seconds for the master's maintenance
|
2014-01-10 05:54:07 +00:00
|
|
|
process check cycle. This process updates file server backends, cleans the
|
|
|
|
job cache and executes the scheduler.
|
|
|
|
|
|
|
|
.. conf_master:: output
|
|
|
|
|
|
|
|
``output``
|
|
|
|
----------
|
|
|
|
|
|
|
|
Default: ``nested``
|
|
|
|
|
|
|
|
Set the default outputter used by the salt command.
|
|
|
|
|
|
|
|
.. conf_master:: color
|
|
|
|
|
|
|
|
``color``
|
|
|
|
---------
|
|
|
|
|
|
|
|
Default: ``True``
|
|
|
|
|
|
|
|
By default output is colored, to disable colored output set the color value
|
|
|
|
to False
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
color: False
|
|
|
|
|
2014-01-12 05:23:09 +00:00
|
|
|
.. conf_master:: sock_dir
|
|
|
|
|
|
|
|
``sock_dir``
|
|
|
|
------------
|
|
|
|
|
|
|
|
Default: :file:`/var/run/salt/master`
|
|
|
|
|
|
|
|
Set the location to use for creating Unix sockets for master process
|
|
|
|
communication
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
sock_dir: /var/run/salt/master
|
|
|
|
|
|
|
|
.. conf_master:: enable_gpu_grains
|
|
|
|
|
|
|
|
``enable_gpu_grains``
|
|
|
|
---------------------
|
|
|
|
|
|
|
|
Default: ``False``
|
|
|
|
|
|
|
|
The master can take a while to start up when lspci and/or dmidecode is used
|
|
|
|
to populate the grains for the master. Enable if you want to see GPU hardware
|
|
|
|
data for your master.
|
|
|
|
|
2012-06-13 21:50:31 +00:00
|
|
|
.. conf_master:: job_cache
|
|
|
|
|
|
|
|
``job_cache``
|
|
|
|
-------------
|
|
|
|
|
|
|
|
Default: ``True``
|
|
|
|
|
|
|
|
The master maintains a job cache, while this is a great addition it can be
|
|
|
|
a burden on the master for larger deployments (over 5000 minions).
|
|
|
|
Disabling the job cache will make previously executed jobs unavailable to
|
|
|
|
the jobs system and is not generally recommended. Normally it is wise to make
|
|
|
|
sure the master has access to a faster IO system or a tmpfs is mounted to the
|
|
|
|
jobs dir
|
|
|
|
|
2014-01-12 05:23:09 +00:00
|
|
|
.. conf_master:: minion_data_cache
|
|
|
|
|
|
|
|
``minion_data_cache``
|
|
|
|
---------------------
|
|
|
|
|
|
|
|
Default: ``True``
|
|
|
|
|
|
|
|
The minion data cache is a cache of information about the minions stored on the
|
|
|
|
master, this information is primarily the pillar and grains data. The data is
|
|
|
|
cached in the Master cachedir under the name of the minion and used to pre
|
|
|
|
determine what minions are expected to reply from executions.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
minion_data_cache: True
|
|
|
|
|
2013-02-02 22:47:04 +00:00
|
|
|
.. conf_master:: ext_job_cache
|
|
|
|
|
|
|
|
``ext_job_cache``
|
|
|
|
-----------------
|
|
|
|
|
2014-01-04 01:22:44 +00:00
|
|
|
Default: ``''``
|
2013-02-02 22:47:04 +00:00
|
|
|
|
|
|
|
Used to specify a default returner for all minions, when this option is set
|
|
|
|
the specified returner needs to be properly configured and the minions will
|
2013-02-04 16:40:21 +00:00
|
|
|
always default to sending returns to this returner. This will also disable the
|
2013-02-02 22:47:04 +00:00
|
|
|
local job cache on the master
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
ext_job_cache: redis
|
|
|
|
|
2013-07-01 17:42:51 +00:00
|
|
|
.. conf_master:: enforce_mine_cache
|
2013-06-25 20:42:09 +00:00
|
|
|
|
|
|
|
``enforce_mine_cache``
|
2013-07-01 17:42:51 +00:00
|
|
|
----------------------
|
2013-06-25 20:42:09 +00:00
|
|
|
|
|
|
|
Default: False
|
|
|
|
|
|
|
|
By-default when disabling the minion_data_cache mine will stop working since
|
|
|
|
it is based on cached data, by enabling this option we explicitly enabling
|
|
|
|
only the cache for the mine system.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
enforce_mine_cache: False
|
|
|
|
|
2014-05-30 14:56:58 +00:00
|
|
|
``max_minions``
|
|
|
|
---------------
|
|
|
|
|
|
|
|
Default: 0
|
|
|
|
|
2014-07-13 18:43:33 +00:00
|
|
|
The number of minions the master should allow to connect. Use this to accommodate
|
2014-05-30 14:56:58 +00:00
|
|
|
the number of minions per master if you have different types of hardware serving
|
2014-05-30 15:04:08 +00:00
|
|
|
your minions. The default of ``0`` means unlimited connections. Please note, that
|
2014-05-30 14:56:58 +00:00
|
|
|
this can slow down the authentication process a bit in large setups.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
max_minions: 100
|
|
|
|
|
2014-05-30 13:51:03 +00:00
|
|
|
``presence_events``
|
|
|
|
----------------------
|
|
|
|
|
|
|
|
Default: False
|
|
|
|
|
2014-07-15 10:09:52 +00:00
|
|
|
When enabled the master regularly sends events of currently connected, lost
|
|
|
|
and newly connected minions on the eventbus.
|
2014-05-30 13:51:03 +00:00
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
presence_events: False
|
|
|
|
|
2013-08-07 22:50:51 +00:00
|
|
|
|
2011-05-31 04:16:25 +00:00
|
|
|
Master Security Settings
|
2013-08-07 22:50:51 +00:00
|
|
|
========================
|
2011-05-31 04:16:25 +00:00
|
|
|
|
2011-05-23 06:51:31 +00:00
|
|
|
.. conf_master:: open_mode
|
|
|
|
|
|
|
|
``open_mode``
|
|
|
|
-------------
|
|
|
|
|
|
|
|
Default: ``False``
|
|
|
|
|
|
|
|
Open mode is a dangerous security feature. One problem encountered with pki
|
|
|
|
authentication systems is that keys can become "mixed up" and authentication
|
|
|
|
begins to fail. Open mode turns off authentication and tells the master to
|
2011-07-27 23:46:53 +00:00
|
|
|
accept all authentication. This will clean up the pki keys received from the
|
2012-03-09 04:05:52 +00:00
|
|
|
minions. Open mode should not be turned on for general use. Open mode should
|
2011-05-23 06:51:31 +00:00
|
|
|
only be used for a short period of time to clean up pki keys. To turn on open
|
2012-03-09 04:05:52 +00:00
|
|
|
mode set this value to ``True``.
|
2011-05-23 06:51:31 +00:00
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
open_mode: False
|
|
|
|
|
2011-05-31 04:16:25 +00:00
|
|
|
.. conf_master:: auto_accept
|
|
|
|
|
|
|
|
``auto_accept``
|
|
|
|
---------------
|
|
|
|
|
|
|
|
Default: ``False``
|
|
|
|
|
2012-03-09 04:05:52 +00:00
|
|
|
Enable auto_accept. This setting will automatically accept all incoming
|
2013-11-21 23:12:31 +00:00
|
|
|
public keys from minions.
|
2011-05-31 04:16:25 +00:00
|
|
|
|
2011-06-23 02:41:10 +00:00
|
|
|
.. code-block:: yaml
|
2011-05-31 04:16:25 +00:00
|
|
|
|
|
|
|
auto_accept: False
|
|
|
|
|
2014-05-10 17:46:03 +00:00
|
|
|
.. conf_master:: autosign_timeout
|
|
|
|
|
|
|
|
``autosign_timeout``
|
2014-05-14 16:23:48 +00:00
|
|
|
--------------------
|
2014-05-10 17:46:03 +00:00
|
|
|
|
2014-07-15 22:53:29 +00:00
|
|
|
.. versionadded:: 2014.7.0
|
2014-05-10 17:46:03 +00:00
|
|
|
|
|
|
|
Default: ``120``
|
|
|
|
|
2014-05-13 17:32:28 +00:00
|
|
|
Time in minutes that a incoming public key with a matching name found in
|
2014-05-10 17:46:03 +00:00
|
|
|
pki_dir/minion_autosign/keyid is automatically accepted. Expired autosign keys
|
|
|
|
are removed when the master checks the minion_autosign directory. This method
|
2014-05-13 17:32:28 +00:00
|
|
|
to auto accept minions can be safer than an autosign_file because the
|
2014-05-10 17:46:03 +00:00
|
|
|
keyid record can expire and is limited to being an exact name match.
|
2014-05-13 17:32:28 +00:00
|
|
|
This should still be considered a less than secure option, due to the fact
|
|
|
|
that trust is based on just the requesting minion id.
|
2014-05-10 17:46:03 +00:00
|
|
|
|
2012-08-24 15:20:19 +00:00
|
|
|
.. conf_master:: autosign_file
|
|
|
|
|
|
|
|
``autosign_file``
|
|
|
|
-----------------
|
|
|
|
|
2013-11-21 23:12:31 +00:00
|
|
|
Default: ``not defined``
|
2012-08-24 15:20:19 +00:00
|
|
|
|
2013-11-21 23:12:31 +00:00
|
|
|
If the ``autosign_file`` is specified incoming keys specified in the autosign_file
|
|
|
|
will be automatically accepted. Matches will be searched for first by string
|
2014-05-13 17:32:28 +00:00
|
|
|
comparison, then by globbing, then by full-string regex matching.
|
|
|
|
This should still be considered a less than secure option, due to the fact
|
|
|
|
that trust is based on just the requesting minion id.
|
2012-08-24 15:20:19 +00:00
|
|
|
|
2014-02-04 21:46:22 +00:00
|
|
|
.. conf_master:: autoreject_file
|
|
|
|
|
2013-11-21 23:12:31 +00:00
|
|
|
``autoreject_file``
|
|
|
|
-------------------
|
|
|
|
|
2014-07-15 22:53:29 +00:00
|
|
|
.. versionadded:: 2014.1.0
|
2013-11-21 23:12:31 +00:00
|
|
|
|
|
|
|
Default: ``not defined``
|
|
|
|
|
|
|
|
Works like :conf_master:`autosign_file`, but instead allows you to specify
|
|
|
|
minion IDs for which keys will automatically be rejected. Will override both
|
|
|
|
membership in the :conf_master:`autosign_file` and the
|
|
|
|
:conf_master:`auto_accept` setting.
|
|
|
|
|
2012-08-18 06:34:40 +00:00
|
|
|
.. conf_master:: client_acl
|
|
|
|
|
|
|
|
``client_acl``
|
|
|
|
--------------
|
|
|
|
|
2013-08-08 20:10:32 +00:00
|
|
|
Default: ``{}``
|
2012-08-18 06:34:40 +00:00
|
|
|
|
|
|
|
Enable user accounts on the master to execute specific modules. These modules
|
|
|
|
can be expressed as regular expressions
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
client_acl:
|
|
|
|
fred:
|
|
|
|
- test.ping
|
|
|
|
- pkg.*
|
|
|
|
|
2013-08-08 20:10:32 +00:00
|
|
|
.. conf_master:: client_acl_blacklist
|
|
|
|
|
|
|
|
``client_acl_blacklist``
|
|
|
|
------------------------
|
|
|
|
|
|
|
|
Default: ``{}``
|
|
|
|
|
|
|
|
Blacklist users or modules
|
|
|
|
|
|
|
|
This example would blacklist all non sudo users, including root from
|
|
|
|
running any commands. It would also blacklist any use of the "cmd"
|
|
|
|
module.
|
|
|
|
|
|
|
|
This is completely disabled by default.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
client_acl_blacklist:
|
|
|
|
users:
|
|
|
|
- root
|
|
|
|
- '^(?!sudo_).*$' # all non sudo users
|
|
|
|
modules:
|
|
|
|
- cmd
|
|
|
|
|
|
|
|
.. conf_master:: external_auth
|
|
|
|
|
|
|
|
``external_auth``
|
|
|
|
-----------------
|
|
|
|
|
|
|
|
Default: ``{}``
|
|
|
|
|
|
|
|
The external auth system uses the Salt auth modules to authenticate and
|
|
|
|
validate users to access areas of the Salt system.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
external_auth:
|
|
|
|
pam:
|
|
|
|
fred:
|
|
|
|
- test.*
|
|
|
|
|
|
|
|
.. conf_master:: token_expire
|
|
|
|
|
|
|
|
``token_expire``
|
|
|
|
----------------
|
|
|
|
|
|
|
|
Default: ``43200``
|
|
|
|
|
|
|
|
Time (in seconds) for a newly generated token to live. Default: 12 hours
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
token_expire: 43200
|
|
|
|
|
|
|
|
.. conf_master:: file_recv
|
|
|
|
|
|
|
|
``file_recv``
|
|
|
|
-------------
|
|
|
|
|
|
|
|
Default: ``False``
|
|
|
|
|
|
|
|
Allow minions to push files to the master. This is disabled by default, for
|
|
|
|
security purposes.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
2014-07-15 10:09:52 +00:00
|
|
|
file_recv: False
|
|
|
|
|
|
|
|
.. conf_master:: master_sign_pubkey
|
|
|
|
|
|
|
|
``master_sign_pubkey``
|
|
|
|
----------------------
|
|
|
|
|
|
|
|
Default: ``False``
|
|
|
|
|
|
|
|
Sign the master auth-replies with a cryptographical signature of the masters
|
|
|
|
public key. Please see the tutorial how to use these settings in the
|
|
|
|
`Multimaster-PKI with Failover Tutorial <http://docs.saltstack.com/en/latest/topics/tutorials/multimaster_pki.html>`_
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
master_sign_pubkey: True
|
|
|
|
|
|
|
|
.. conf_master:: master_sign_key_name
|
|
|
|
|
|
|
|
``master_sign_key_name``
|
2014-08-11 14:20:15 +00:00
|
|
|
------------------------
|
2014-07-15 10:09:52 +00:00
|
|
|
|
|
|
|
Default: ``master_sign``
|
|
|
|
|
|
|
|
The customizable name of the signing-key-pair without suffix.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
master_sign_key_name: <filename_without_suffix>
|
|
|
|
|
|
|
|
.. conf_master:: master_pubkey_signature
|
|
|
|
|
|
|
|
``master_pubkey_signature``
|
|
|
|
---------------------------
|
|
|
|
|
|
|
|
Default: ``master_pubkey_signature``
|
|
|
|
|
|
|
|
The name of the file in the masters pki-directory that holds the pre-calculated
|
|
|
|
signature of the masters public-key.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
master_pubkey_signature: <filename>
|
|
|
|
|
|
|
|
.. conf_master:: master_use_pubkey_signature
|
|
|
|
|
|
|
|
``master_use_pubkey_signature``
|
|
|
|
-------------------------------
|
|
|
|
|
|
|
|
Default: ``False``
|
|
|
|
|
|
|
|
Instead of computing the signature for each auth-reply, use a pre-calculated
|
|
|
|
signature. The :conf_master:`master_pubkey_signature` must also be set for this.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
master_use_pubkey_signature: True
|
2013-08-08 20:10:32 +00:00
|
|
|
|
2012-05-19 00:39:22 +00:00
|
|
|
|
|
|
|
Master Module Management
|
2013-08-07 22:50:51 +00:00
|
|
|
========================
|
2012-05-19 00:39:22 +00:00
|
|
|
|
|
|
|
.. conf_master:: runner_dirs
|
|
|
|
|
|
|
|
``runner_dirs``
|
|
|
|
---------------
|
|
|
|
|
|
|
|
Default: ``[]``
|
|
|
|
|
|
|
|
Set additional directories to search for runner modules
|
|
|
|
|
2012-05-21 20:36:34 +00:00
|
|
|
.. conf_master:: cython_enable
|
|
|
|
|
|
|
|
``cython_enable``
|
|
|
|
-----------------
|
|
|
|
|
|
|
|
Default: ``False``
|
|
|
|
|
2014-04-30 21:08:31 +00:00
|
|
|
Set to true to enable Cython modules (.pyx files) to be compiled on the fly on
|
2012-05-23 04:43:12 +00:00
|
|
|
the Salt master
|
2012-05-21 20:36:34 +00:00
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
cython_enable: False
|
|
|
|
|
2014-01-12 05:23:09 +00:00
|
|
|
|
2011-05-31 04:16:25 +00:00
|
|
|
Master State System Settings
|
2013-08-07 22:50:51 +00:00
|
|
|
============================
|
2011-05-31 04:16:25 +00:00
|
|
|
|
|
|
|
.. conf_master:: state_top
|
|
|
|
|
|
|
|
``state_top``
|
|
|
|
-------------
|
|
|
|
|
2012-01-13 19:35:56 +00:00
|
|
|
Default: ``top.sls``
|
2011-05-31 04:16:25 +00:00
|
|
|
|
|
|
|
The state system uses a "top" file to tell the minions what environment to
|
|
|
|
use and what modules to use. The state_top file is defined relative to the
|
|
|
|
root of the base environment
|
|
|
|
|
2011-06-23 02:41:10 +00:00
|
|
|
.. code-block:: yaml
|
2011-05-31 04:16:25 +00:00
|
|
|
|
2012-01-13 19:35:56 +00:00
|
|
|
state_top: top.sls
|
2011-05-31 04:16:25 +00:00
|
|
|
|
2014-01-12 05:23:09 +00:00
|
|
|
.. conf_master:: master_tops
|
|
|
|
|
|
|
|
``master_tops``
|
|
|
|
---------------
|
|
|
|
|
|
|
|
Default: ``{}``
|
|
|
|
|
|
|
|
The master_tops option replaces the external_nodes option by creating
|
2014-04-30 21:08:31 +00:00
|
|
|
a pluggable system for the generation of external top data. The external_nodes
|
2014-01-12 05:23:09 +00:00
|
|
|
option is deprecated by the master_tops option.
|
|
|
|
To gain the capabilities of the classic external_nodes system, use the
|
|
|
|
following configuration:
|
2014-01-12 05:33:04 +00:00
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
master_tops:
|
|
|
|
ext_nodes: <Shell command which returns yaml>
|
2014-01-12 05:23:09 +00:00
|
|
|
|
2012-02-09 18:45:59 +00:00
|
|
|
.. conf_master:: external_nodes
|
|
|
|
|
|
|
|
``external_nodes``
|
|
|
|
------------------
|
|
|
|
|
|
|
|
Default: None
|
|
|
|
|
|
|
|
The external_nodes option allows Salt to gather data that would normally be
|
2012-03-15 00:09:19 +00:00
|
|
|
placed in a top file from and external node controller. The external_nodes
|
2012-02-09 18:45:59 +00:00
|
|
|
option is the executable that will return the ENC data. Remember that Salt
|
|
|
|
will look for external nodes AND top files and combine the results if both
|
|
|
|
are enabled and available!
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
external_nodes: cobbler-ext-nodes
|
|
|
|
|
2011-05-31 04:16:25 +00:00
|
|
|
.. conf_master:: renderer
|
|
|
|
|
|
|
|
``renderer``
|
|
|
|
------------
|
|
|
|
|
|
|
|
Default: ``yaml_jinja``
|
|
|
|
|
|
|
|
The renderer to use on the minions to render the state data
|
|
|
|
|
2011-06-23 02:41:10 +00:00
|
|
|
.. code-block:: yaml
|
2011-05-31 04:16:25 +00:00
|
|
|
|
|
|
|
renderer: yaml_jinja
|
|
|
|
|
2012-01-13 19:35:56 +00:00
|
|
|
.. conf_master:: failhard
|
|
|
|
|
2012-04-27 19:13:42 +00:00
|
|
|
``failhard``
|
|
|
|
------------
|
|
|
|
|
2013-11-09 19:54:39 +00:00
|
|
|
Default: ``False``
|
2012-01-13 19:35:56 +00:00
|
|
|
|
|
|
|
Set the global failhard flag, this informs all states to stop running states
|
|
|
|
at the moment a single state fails
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
failhard: False
|
|
|
|
|
2014-01-12 05:23:09 +00:00
|
|
|
.. conf_master:: state_verbose
|
|
|
|
|
|
|
|
``state_verbose``
|
|
|
|
-----------------
|
|
|
|
|
2014-03-02 15:56:14 +00:00
|
|
|
Default: ``True``
|
2014-01-12 05:23:09 +00:00
|
|
|
|
2014-03-02 15:56:14 +00:00
|
|
|
Controls the verbosity of state runs. By default, the results of all states are
|
|
|
|
returned, but setting this value to ``False`` will cause salt to only display
|
|
|
|
output for states which either failed, or succeeded without making any changes
|
|
|
|
to the minion.
|
2014-01-12 05:23:09 +00:00
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
2014-03-02 15:56:14 +00:00
|
|
|
state_verbose: False
|
2014-01-12 05:23:09 +00:00
|
|
|
|
|
|
|
.. conf_master:: state_output
|
|
|
|
|
|
|
|
``state_output``
|
|
|
|
----------------
|
|
|
|
|
|
|
|
Default: ``full``
|
|
|
|
|
|
|
|
The state_output setting changes if the output is the full multi line
|
|
|
|
output for each changed state if set to 'full', but if set to 'terse'
|
|
|
|
the output will be shortened to a single line. If set to 'mixed', the output
|
|
|
|
will be terse unless a state failed, in which case that output will be full.
|
|
|
|
If set to 'changes', the output will be full unless the state didn't change.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
state_output: full
|
|
|
|
|
2014-07-15 10:09:52 +00:00
|
|
|
.. conf_master:: yaml_utf8
|
2013-12-13 21:40:47 +00:00
|
|
|
|
2013-12-14 05:52:02 +00:00
|
|
|
``yaml_utf8``
|
|
|
|
-------------
|
2013-12-13 21:40:47 +00:00
|
|
|
|
|
|
|
Default: ``False``
|
|
|
|
|
2014-04-09 04:39:46 +00:00
|
|
|
Enable extra routines for yaml renderer used states containing UTF characters
|
2013-12-13 21:40:47 +00:00
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
yaml_utf8: False
|
|
|
|
|
2012-04-27 19:13:42 +00:00
|
|
|
.. conf_master:: test
|
|
|
|
|
|
|
|
``test``
|
|
|
|
--------
|
|
|
|
|
2013-11-09 19:54:39 +00:00
|
|
|
Default: ``False``
|
2012-04-27 19:13:42 +00:00
|
|
|
|
2013-03-18 19:59:27 +00:00
|
|
|
Set all state calls to only test if they are going to actually make changes
|
2012-04-27 19:13:42 +00:00
|
|
|
or just post what changes are going to be made
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
test: False
|
|
|
|
|
2011-05-31 04:16:25 +00:00
|
|
|
Master File Server Settings
|
2013-08-07 22:50:51 +00:00
|
|
|
===========================
|
2011-05-31 04:16:25 +00:00
|
|
|
|
2014-02-19 02:40:48 +00:00
|
|
|
.. conf_master:: fileserver_backend
|
2011-05-31 04:16:25 +00:00
|
|
|
|
2014-02-19 02:40:48 +00:00
|
|
|
``fileserver_backend``
|
|
|
|
----------------------
|
2011-05-31 04:16:25 +00:00
|
|
|
|
2013-08-03 23:53:05 +00:00
|
|
|
Default:
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
2014-02-19 02:40:48 +00:00
|
|
|
fileserver_backend:
|
|
|
|
- roots
|
2011-05-31 04:16:25 +00:00
|
|
|
|
2014-02-19 02:40:48 +00:00
|
|
|
Salt supports a modular fileserver backend system, this system allows the salt
|
|
|
|
master to link directly to third party systems to gather and manage the files
|
|
|
|
available to minions. Multiple backends can be configured and will be searched
|
|
|
|
for the requested file in the order in which they are defined here. The default
|
|
|
|
setting only enables the standard backend ``roots``, which is configured using
|
|
|
|
the :conf_master:`file_roots` option.
|
2012-05-23 04:43:12 +00:00
|
|
|
|
2011-05-31 04:16:25 +00:00
|
|
|
Example:
|
2011-06-25 04:38:27 +00:00
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
2014-02-19 02:40:48 +00:00
|
|
|
fileserver_backend:
|
|
|
|
- roots
|
|
|
|
- git
|
2011-05-31 04:16:25 +00:00
|
|
|
|
|
|
|
.. conf_master:: hash_type
|
|
|
|
|
|
|
|
``hash_type``
|
|
|
|
-------------
|
|
|
|
|
|
|
|
Default: ``md5``
|
|
|
|
|
|
|
|
The hash_type is the hash to use when discovering the hash of a file on
|
2013-08-03 23:53:05 +00:00
|
|
|
the master server. The default is md5, but sha1, sha224, sha256, sha384
|
2011-05-31 04:16:25 +00:00
|
|
|
and sha512 are also supported.
|
|
|
|
|
2011-06-23 02:41:10 +00:00
|
|
|
.. code-block:: yaml
|
2011-05-31 04:16:25 +00:00
|
|
|
|
|
|
|
hash_type: md5
|
|
|
|
|
|
|
|
.. conf_master:: file_buffer_size
|
|
|
|
|
|
|
|
``file_buffer_size``
|
|
|
|
--------------------
|
|
|
|
|
|
|
|
Default: ``1048576``
|
|
|
|
|
|
|
|
The buffer size in the file server in bytes
|
|
|
|
|
2011-06-23 02:41:10 +00:00
|
|
|
.. code-block:: yaml
|
2011-05-31 04:16:25 +00:00
|
|
|
|
|
|
|
file_buffer_size: 1048576
|
|
|
|
|
2014-01-12 05:23:09 +00:00
|
|
|
.. conf_master:: file_ignore_regex
|
|
|
|
|
|
|
|
``file_ignore_regex``
|
|
|
|
---------------------
|
|
|
|
|
|
|
|
Default: ``''``
|
|
|
|
|
|
|
|
A regular expression (or a list of expressions) that will be matched
|
|
|
|
against the file path before syncing the modules and states to the minions.
|
|
|
|
This includes files affected by the file.recurse state.
|
|
|
|
For example, if you manage your custom modules and states in subversion
|
|
|
|
and don't want all the '.svn' folders and content synced to your minions,
|
|
|
|
you could set this to '/\.svn($|/)'. By default nothing is ignored.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
file_ignore_regex:
|
|
|
|
- '/\.svn($|/)'
|
|
|
|
- '/\.git($|/)'
|
|
|
|
|
2014-01-12 05:33:04 +00:00
|
|
|
.. conf_master:: file_ignore_glob
|
2014-01-12 05:23:09 +00:00
|
|
|
|
|
|
|
``file_ignore_glob``
|
|
|
|
--------------------
|
|
|
|
|
|
|
|
Default ``''``
|
|
|
|
|
|
|
|
A file glob (or list of file globs) that will be matched against the file
|
|
|
|
path before syncing the modules and states to the minions. This is similar
|
|
|
|
to file_ignore_regex above, but works on globs instead of regex. By default
|
|
|
|
nothing is ignored.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
2014-07-15 10:09:52 +00:00
|
|
|
|
2014-01-12 05:23:09 +00:00
|
|
|
file_ignore_glob:
|
|
|
|
- '\*.pyc'
|
|
|
|
- '\*/somefolder/\*.bak'
|
|
|
|
- '\*.swp'
|
|
|
|
|
2014-02-19 02:40:48 +00:00
|
|
|
roots: Master's Local File Server
|
|
|
|
---------------------------------
|
2014-01-12 05:23:09 +00:00
|
|
|
|
2014-02-19 02:40:48 +00:00
|
|
|
.. conf_master:: file_roots
|
|
|
|
|
|
|
|
``file_roots``
|
|
|
|
**************
|
2014-01-12 05:23:09 +00:00
|
|
|
|
|
|
|
Default:
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
2014-02-19 02:40:48 +00:00
|
|
|
base:
|
|
|
|
- /srv/salt
|
2014-01-12 05:23:09 +00:00
|
|
|
|
2014-02-19 02:40:48 +00:00
|
|
|
Salt runs a lightweight file server written in ZeroMQ to deliver files to
|
|
|
|
minions. This file server is built into the master daemon and does not
|
|
|
|
require a dedicated port.
|
2014-01-12 05:23:09 +00:00
|
|
|
|
2014-02-19 02:40:48 +00:00
|
|
|
The file server works on environments passed to the master. Each environment
|
|
|
|
can have multiple root directories. The subdirectories in the multiple file
|
|
|
|
roots cannot match, otherwise the downloaded files will not be able to be
|
|
|
|
reliably ensured. A base environment is required to house the top file.
|
2014-01-12 05:23:09 +00:00
|
|
|
Example:
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
2014-02-19 02:40:48 +00:00
|
|
|
file_roots:
|
|
|
|
base:
|
|
|
|
- /srv/salt
|
|
|
|
dev:
|
|
|
|
- /srv/salt/dev/services
|
|
|
|
- /srv/salt/dev/states
|
|
|
|
prod:
|
|
|
|
- /srv/salt/prod/services
|
|
|
|
- /srv/salt/prod/states
|
2014-01-04 01:22:44 +00:00
|
|
|
|
2014-02-19 02:40:48 +00:00
|
|
|
git: Git Remote File Server Backend
|
|
|
|
-----------------------------------
|
2014-01-04 01:22:44 +00:00
|
|
|
|
|
|
|
.. conf_master:: gitfs_remotes
|
|
|
|
|
|
|
|
``gitfs_remotes``
|
2014-02-19 02:40:48 +00:00
|
|
|
*****************
|
2014-01-04 01:22:44 +00:00
|
|
|
|
|
|
|
Default: ``[]``
|
|
|
|
|
2014-02-08 11:25:07 +00:00
|
|
|
When using the ``git`` fileserver backend at least one git remote needs to be
|
2014-01-04 01:22:44 +00:00
|
|
|
defined. The user running the salt master will need read access to the repo.
|
|
|
|
|
2014-02-08 11:25:07 +00:00
|
|
|
The repos will be searched in order to find the file requested by a client and
|
|
|
|
the first repo to have the file will return it. Branches and tags are
|
|
|
|
translated into salt environments.
|
2014-01-04 01:22:44 +00:00
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
gitfs_remotes:
|
|
|
|
- git://github.com/saltstack/salt-states.git
|
|
|
|
- file:///var/git/saltmaster
|
|
|
|
|
|
|
|
.. note::
|
2014-02-15 07:19:02 +00:00
|
|
|
|
2014-01-04 01:22:44 +00:00
|
|
|
``file://`` repos will be treated as a remote, so refs you want used must
|
|
|
|
exist in that repo as *local* refs.
|
|
|
|
|
2014-02-15 07:19:02 +00:00
|
|
|
.. note::
|
|
|
|
|
2014-07-15 22:53:29 +00:00
|
|
|
As of 2014.7.0, it is possible to have per-repo versions of the
|
2014-03-26 21:28:26 +00:00
|
|
|
:conf_master:`gitfs_base`, :conf_master:`gitfs_root`, and
|
|
|
|
:conf_master:`gitfs_mountpoint` parameters. For example:
|
2014-02-15 07:19:02 +00:00
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
gitfs_remotes:
|
|
|
|
- https://foo.com/foo.git
|
|
|
|
- https://foo.com/bar.git:
|
|
|
|
- root: salt
|
|
|
|
- mountpoint: salt://foo/bar/baz
|
2014-03-26 21:28:26 +00:00
|
|
|
- base: salt-base
|
2014-02-15 07:19:02 +00:00
|
|
|
- https://foo.com/baz.git:
|
2014-02-19 02:40:48 +00:00
|
|
|
- root: salt/states
|
|
|
|
|
2014-05-21 06:34:28 +00:00
|
|
|
For more information on GitFS remotes, see the :ref:`GitFS Backend Walkthrough
|
|
|
|
<tutorial-gitfs>`.
|
2014-04-22 10:42:10 +00:00
|
|
|
|
2014-02-19 02:40:48 +00:00
|
|
|
.. conf_master:: gitfs_provider
|
|
|
|
|
|
|
|
``gitfs_provider``
|
|
|
|
******************
|
|
|
|
|
2014-07-15 22:53:29 +00:00
|
|
|
.. versionadded:: 2014.7.0
|
2014-02-19 02:40:48 +00:00
|
|
|
|
2014-05-21 20:00:19 +00:00
|
|
|
Default: ``gitpython``
|
|
|
|
|
|
|
|
GitFS defaults to using GitPython_, but this parameter allows for either
|
|
|
|
pygit2_ or dulwich_ to be used instead. If using pygit2, both libgit2 and git
|
|
|
|
itself must also be installed. More information can be found in the :mod:`GitFS
|
|
|
|
backend documentation <salt.fileserver.gitfs>` and the :doc:`GitFS walkthrough
|
|
|
|
</topics/tutorials/gitfs>`.
|
2014-02-19 02:40:48 +00:00
|
|
|
|
|
|
|
.. _GitPython: https://github.com/gitpython-developers/GitPython
|
|
|
|
.. _pygit2: https://github.com/libgit2/pygit2
|
2014-05-21 20:00:19 +00:00
|
|
|
.. _dulwich: https://www.samba.org/~jelmer/dulwich/
|
2014-02-19 02:40:48 +00:00
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
gitfs_provider: pygit2
|
2014-02-15 07:19:02 +00:00
|
|
|
|
2014-01-04 01:22:44 +00:00
|
|
|
.. conf_master:: gitfs_ssl_verify
|
|
|
|
|
|
|
|
``gitfs_ssl_verify``
|
2014-02-19 02:40:48 +00:00
|
|
|
********************
|
2014-01-04 01:22:44 +00:00
|
|
|
|
|
|
|
Default: ``[]``
|
|
|
|
|
2014-04-30 21:08:31 +00:00
|
|
|
The ``gitfs_ssl_verify`` option specifies whether to ignore SSL certificate
|
2014-01-04 01:22:44 +00:00
|
|
|
errors when contacting the gitfs backend. You might want to set this to
|
|
|
|
false if you're using a git backend that uses a self-signed certificate but
|
|
|
|
keep in mind that setting this flag to anything other than the default of True
|
|
|
|
is a security concern, you may want to try using the ssh transport.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
gitfs_ssl_verify: True
|
|
|
|
|
2014-02-15 06:30:47 +00:00
|
|
|
.. conf_master:: gitfs_mountpoint
|
|
|
|
|
|
|
|
``gitfs_mountpoint``
|
2014-02-19 02:40:48 +00:00
|
|
|
********************
|
2014-02-15 06:30:47 +00:00
|
|
|
|
2014-07-15 22:53:29 +00:00
|
|
|
.. versionadded:: 2014.7.0
|
2014-02-15 06:30:47 +00:00
|
|
|
|
|
|
|
Default: ``''``
|
|
|
|
|
|
|
|
Specifies a path on the salt fileserver from which gitfs remotes are served.
|
2014-02-15 07:19:02 +00:00
|
|
|
Can be used in conjunction with :conf_master:`gitfs_root`. Can also be
|
|
|
|
configured on a per-remote basis, see :conf_master:`here <gitfs_remotes>` for
|
|
|
|
more info.
|
2014-02-15 06:30:47 +00:00
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
gitfs_mountpoint: salt://foo/bar
|
|
|
|
|
2014-02-15 07:19:02 +00:00
|
|
|
.. note::
|
|
|
|
|
2014-02-19 02:40:48 +00:00
|
|
|
The ``salt://`` protocol designation can be left off (in other words,
|
|
|
|
``foo/bar`` and ``salt://foo/bar`` are equivalent).
|
2014-02-15 07:19:02 +00:00
|
|
|
|
2014-01-04 01:22:44 +00:00
|
|
|
.. conf_master:: gitfs_root
|
|
|
|
|
|
|
|
``gitfs_root``
|
2014-02-19 02:40:48 +00:00
|
|
|
**************
|
2014-01-04 01:22:44 +00:00
|
|
|
|
|
|
|
Default: ``''``
|
|
|
|
|
2014-02-08 11:25:07 +00:00
|
|
|
Serve files from a subdirectory within the repository, instead of the root.
|
|
|
|
This is useful when there are files in the repository that should not be
|
2014-02-15 07:19:02 +00:00
|
|
|
available to the Salt fileserver. Can be used in conjunction with
|
|
|
|
:conf_master:`gitfs_mountpoint`.
|
2014-01-04 01:22:44 +00:00
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
gitfs_root: somefolder/otherfolder
|
|
|
|
|
2014-07-15 22:53:29 +00:00
|
|
|
.. versionchanged:: 2014.7.0
|
2014-02-15 07:19:02 +00:00
|
|
|
|
|
|
|
Ability to specify gitfs roots on a per-remote basis was added. See
|
|
|
|
:conf_master:`here <gitfs_remotes>` for more info.
|
|
|
|
|
2014-02-08 11:25:07 +00:00
|
|
|
.. conf_master:: gitfs_base
|
|
|
|
|
|
|
|
``gitfs_base``
|
2014-02-19 02:40:48 +00:00
|
|
|
**************
|
2014-02-08 11:25:07 +00:00
|
|
|
|
|
|
|
Default: ``master``
|
|
|
|
|
|
|
|
Defines which branch/tag should be used as the ``base`` environment.
|
|
|
|
|
2014-07-15 22:53:29 +00:00
|
|
|
.. versionchanged:: 2014.7.0
|
2014-03-26 21:28:26 +00:00
|
|
|
Can also be configured on a per-remote basis, see :conf_master:`here
|
|
|
|
<gitfs_remotes>` for more info.
|
|
|
|
|
2014-02-08 11:25:07 +00:00
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
gitfs_base: salt
|
|
|
|
|
2014-02-26 04:49:07 +00:00
|
|
|
.. conf_master:: gitfs_env_whitelist
|
|
|
|
|
|
|
|
``gitfs_env_whitelist``
|
|
|
|
***********************
|
|
|
|
|
2014-07-15 22:53:29 +00:00
|
|
|
.. versionadded:: 2014.7.0
|
2014-02-26 04:49:07 +00:00
|
|
|
|
|
|
|
Default: ``[]``
|
|
|
|
|
|
|
|
Used to restrict which environments are made available. Can speed up state runs
|
|
|
|
if your gitfs remotes contain many branches/tags. Full names, globs, and
|
2014-04-11 16:39:13 +00:00
|
|
|
regular expressions are supported. If using a regular expression, the
|
|
|
|
expression must match the entire minion ID.
|
2014-02-26 04:49:07 +00:00
|
|
|
|
|
|
|
If used, only branches/tags/SHAs which match one of the specified expressions
|
|
|
|
will be exposed as fileserver environments.
|
|
|
|
|
|
|
|
If used in conjunction with :conf_master:`gitfs_env_blacklist`, then the subset
|
2014-04-11 16:39:13 +00:00
|
|
|
of branches/tags/SHAs which match the whitelist but do *not* match the
|
|
|
|
blacklist will be exposed as fileserver environments.
|
2014-02-26 04:49:07 +00:00
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
gitfs_env_whitelist:
|
|
|
|
- base
|
|
|
|
- v1.*
|
|
|
|
- 'mybranch\d+'
|
|
|
|
|
|
|
|
.. conf_master:: gitfs_env_blacklist
|
|
|
|
|
|
|
|
``gitfs_env_blacklist``
|
|
|
|
***********************
|
|
|
|
|
2014-07-15 22:53:29 +00:00
|
|
|
.. versionadded:: 2014.7.0
|
2014-02-26 04:49:07 +00:00
|
|
|
|
|
|
|
Default: ``[]``
|
|
|
|
|
|
|
|
Used to restrict which environments are made available. Can speed up state runs
|
|
|
|
if your gitfs remotes contain many branches/tags. Full names, globs, and
|
2014-04-11 16:39:13 +00:00
|
|
|
regular expressions are supported. If using a regular expression, the
|
|
|
|
expression must match the entire minion ID.
|
2014-02-26 04:49:07 +00:00
|
|
|
|
|
|
|
If used, branches/tags/SHAs which match one of the specified expressions will
|
|
|
|
*not* be exposed as fileserver environments.
|
|
|
|
|
|
|
|
If used in conjunction with :conf_master:`gitfs_env_whitelist`, then the subset
|
2014-04-11 16:39:13 +00:00
|
|
|
of branches/tags/SHAs which match the whitelist but do *not* match the
|
|
|
|
blacklist will be exposed as fileserver environments.
|
2014-02-26 04:49:07 +00:00
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
gitfs_env_blacklist:
|
|
|
|
- base
|
|
|
|
- v1.*
|
|
|
|
- 'mybranch\d+'
|
|
|
|
|
2014-02-19 02:40:48 +00:00
|
|
|
hg: Mercurial Remote File Server Backend
|
|
|
|
----------------------------------------
|
|
|
|
|
2014-02-08 11:25:07 +00:00
|
|
|
.. conf_master:: hgfs_remotes
|
|
|
|
|
|
|
|
``hgfs_remotes``
|
2014-02-19 02:40:48 +00:00
|
|
|
****************
|
2014-02-08 11:25:07 +00:00
|
|
|
|
|
|
|
.. versionadded:: 0.17.0
|
|
|
|
|
|
|
|
Default: ``[]``
|
|
|
|
|
|
|
|
When using the ``hg`` fileserver backend at least one mercurial remote needs to
|
|
|
|
be defined. The user running the salt master will need read access to the repo.
|
|
|
|
|
|
|
|
The repos will be searched in order to find the file requested by a client and
|
|
|
|
the first repo to have the file will return it. Branches and/or bookmarks are
|
|
|
|
translated into salt environments, as defined by the
|
|
|
|
:conf_master:`hgfs_branch_method` parameter.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
hgfs_remotes:
|
|
|
|
- https://username@bitbucket.org/username/reponame
|
|
|
|
|
2014-02-19 02:40:48 +00:00
|
|
|
.. note::
|
|
|
|
|
2014-07-15 22:53:29 +00:00
|
|
|
As of 2014.7.0, it is possible to have per-repo versions of the
|
2014-04-08 21:13:29 +00:00
|
|
|
:conf_master:`hgfs_root`, :conf_master:`hgfs_mountpoint`,
|
|
|
|
:conf_master:`hgfs_base`, and :conf_master:`hgfs_branch_method` parameters.
|
2014-02-19 02:40:48 +00:00
|
|
|
For example:
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
hgfs_remotes:
|
|
|
|
- https://username@bitbucket.org/username/repo1
|
2014-04-08 21:13:29 +00:00
|
|
|
- base: saltstates
|
2014-02-19 02:40:48 +00:00
|
|
|
- https://username@bitbucket.org/username/repo2:
|
|
|
|
- root: salt
|
|
|
|
- mountpoint: salt://foo/bar/baz
|
|
|
|
- https://username@bitbucket.org/username/repo3:
|
|
|
|
- root: salt/states
|
2014-04-08 21:13:29 +00:00
|
|
|
- branch_method: mixed
|
2014-02-19 02:40:48 +00:00
|
|
|
|
2014-02-08 11:25:07 +00:00
|
|
|
.. conf_master:: hgfs_branch_method
|
|
|
|
|
|
|
|
``hgfs_branch_method``
|
2014-02-19 02:40:48 +00:00
|
|
|
**********************
|
2014-02-08 11:25:07 +00:00
|
|
|
|
|
|
|
.. versionadded:: 0.17.0
|
|
|
|
|
|
|
|
Default: ``branches``
|
|
|
|
|
|
|
|
Defines the objects that will be used as fileserver environments.
|
|
|
|
|
2014-02-08 19:14:43 +00:00
|
|
|
* ``branches`` - Only branches and tags will be used
|
|
|
|
* ``bookmarks`` - Only bookmarks and tags will be used
|
|
|
|
* ``mixed`` - Branches, bookmarks, and tags will be used
|
2014-02-08 11:25:07 +00:00
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
hgfs_branch_method: mixed
|
|
|
|
|
|
|
|
.. note::
|
|
|
|
|
2014-07-15 22:53:29 +00:00
|
|
|
Starting in version 2014.1.0, the value of the :conf_master:`hgfs_base`
|
|
|
|
parameter defines which branch is used as the ``base`` environment,
|
|
|
|
allowing for a ``base`` environment to be used with an
|
|
|
|
:conf_master:`hgfs_branch_method` of ``bookmarks``.
|
2014-02-08 19:14:43 +00:00
|
|
|
|
|
|
|
Prior to this release, the ``default`` branch will be used as the ``base``
|
|
|
|
environment.
|
2014-02-08 11:25:07 +00:00
|
|
|
|
2014-02-19 02:40:48 +00:00
|
|
|
.. conf_master:: hgfs_mountpoint
|
|
|
|
|
|
|
|
``hgfs_mountpoint``
|
|
|
|
*******************
|
|
|
|
|
2014-07-15 22:53:29 +00:00
|
|
|
.. versionadded:: 2014.7.0
|
2014-02-19 02:40:48 +00:00
|
|
|
|
|
|
|
Default: ``''``
|
|
|
|
|
|
|
|
Specifies a path on the salt fileserver from which hgfs remotes are served.
|
|
|
|
Can be used in conjunction with :conf_master:`hgfs_root`. Can also be
|
|
|
|
configured on a per-remote basis, see :conf_master:`here <hgfs_remotes>` for
|
|
|
|
more info.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
hgfs_mountpoint: salt://foo/bar
|
|
|
|
|
|
|
|
.. note::
|
|
|
|
|
|
|
|
The ``salt://`` protocol designation can be left off (in other words,
|
|
|
|
``foo/bar`` and ``salt://foo/bar`` are equivalent).
|
|
|
|
|
2014-02-08 11:25:07 +00:00
|
|
|
.. conf_master:: hgfs_root
|
|
|
|
|
|
|
|
``hgfs_root``
|
2014-02-19 02:40:48 +00:00
|
|
|
*************
|
2014-02-08 11:25:07 +00:00
|
|
|
|
|
|
|
.. versionadded:: 0.17.0
|
|
|
|
|
|
|
|
Default: ``''``
|
|
|
|
|
|
|
|
Serve files from a subdirectory within the repository, instead of the root.
|
|
|
|
This is useful when there are files in the repository that should not be
|
2014-02-19 02:40:48 +00:00
|
|
|
available to the Salt fileserver. Can be used in conjunction with
|
|
|
|
:conf_master:`hgfs_mountpoint`.
|
2014-02-08 11:25:07 +00:00
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
hgfs_root: somefolder/otherfolder
|
|
|
|
|
2014-07-15 22:53:29 +00:00
|
|
|
.. versionchanged:: 2014.7.0
|
2014-02-19 02:40:48 +00:00
|
|
|
|
|
|
|
Ability to specify hgfs roots on a per-remote basis was added. See
|
|
|
|
:conf_master:`here <hgfs_remotes>` for more info.
|
|
|
|
|
2014-02-08 11:25:07 +00:00
|
|
|
.. conf_master:: hgfs_base
|
|
|
|
|
|
|
|
``hgfs_base``
|
2014-02-19 02:40:48 +00:00
|
|
|
*************
|
2014-02-08 11:25:07 +00:00
|
|
|
|
2014-07-15 22:53:29 +00:00
|
|
|
.. versionadded:: 2014.1.0
|
2014-02-08 11:25:07 +00:00
|
|
|
|
|
|
|
Default: ``default``
|
|
|
|
|
2014-02-08 19:14:43 +00:00
|
|
|
Defines which branch should be used as the ``base`` environment. Change this if
|
|
|
|
:conf_master:`hgfs_branch_method` is set to ``bookmarks`` to specify which
|
|
|
|
bookmark should be used as the ``base`` environment.
|
2014-02-08 11:25:07 +00:00
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
hgfs_base: salt
|
|
|
|
|
2014-04-08 21:13:29 +00:00
|
|
|
.. conf_master:: hgfs_env_whitelist
|
|
|
|
|
|
|
|
``hgfs_env_whitelist``
|
|
|
|
**********************
|
|
|
|
|
2014-07-15 22:53:29 +00:00
|
|
|
.. versionadded:: 2014.7.0
|
2014-04-08 21:13:29 +00:00
|
|
|
|
|
|
|
Default: ``[]``
|
|
|
|
|
|
|
|
Used to restrict which environments are made available. Can speed up state runs
|
2014-04-11 16:39:13 +00:00
|
|
|
if your hgfs remotes contain many branches/bookmarks/tags. Full names, globs,
|
|
|
|
and regular expressions are supported. If using a regular expression, the
|
|
|
|
expression must match the entire minion ID.
|
2014-04-08 21:13:29 +00:00
|
|
|
|
|
|
|
If used, only branches/bookmarks/tags which match one of the specified
|
|
|
|
expressions will be exposed as fileserver environments.
|
|
|
|
|
|
|
|
If used in conjunction with :conf_master:`hgfs_env_blacklist`, then the subset
|
2014-04-11 16:39:13 +00:00
|
|
|
of branches/bookmarks/tags which match the whitelist but do *not* match the
|
|
|
|
blacklist will be exposed as fileserver environments.
|
2014-04-08 21:13:29 +00:00
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
hgfs_env_whitelist:
|
|
|
|
- base
|
|
|
|
- v1.*
|
|
|
|
- 'mybranch\d+'
|
|
|
|
|
|
|
|
.. conf_master:: hgfs_env_blacklist
|
|
|
|
|
|
|
|
``hgfs_env_blacklist``
|
|
|
|
**********************
|
|
|
|
|
2014-07-15 22:53:29 +00:00
|
|
|
.. versionadded:: 2014.7.0
|
2014-04-08 21:13:29 +00:00
|
|
|
|
|
|
|
Default: ``[]``
|
|
|
|
|
|
|
|
Used to restrict which environments are made available. Can speed up state runs
|
2014-04-11 16:39:13 +00:00
|
|
|
if your hgfs remotes contain many branches/bookmarks/tags. Full names, globs,
|
|
|
|
and regular expressions are supported. If using a regular expression, the
|
|
|
|
expression must match the entire minion ID.
|
2014-04-08 21:13:29 +00:00
|
|
|
|
|
|
|
If used, branches/bookmarks/tags which match one of the specified expressions
|
|
|
|
will *not* be exposed as fileserver environments.
|
|
|
|
|
|
|
|
If used in conjunction with :conf_master:`hgfs_env_whitelist`, then the subset
|
2014-04-11 16:39:13 +00:00
|
|
|
of branches/bookmarks/tags which match the whitelist but do *not* match the
|
|
|
|
blacklist will be exposed as fileserver environments.
|
2014-04-08 21:13:29 +00:00
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
hgfs_env_blacklist:
|
|
|
|
- base
|
|
|
|
- v1.*
|
|
|
|
- 'mybranch\d+'
|
|
|
|
|
2014-02-20 09:21:36 +00:00
|
|
|
svn: Subversion Remote File Server Backend
|
|
|
|
------------------------------------------
|
|
|
|
|
|
|
|
.. conf_master:: svnfs_remotes
|
|
|
|
|
|
|
|
``svnfs_remotes``
|
2014-02-26 19:52:22 +00:00
|
|
|
*****************
|
2014-02-20 09:21:36 +00:00
|
|
|
|
|
|
|
.. versionadded:: 0.17.0
|
|
|
|
|
|
|
|
Default: ``[]``
|
|
|
|
|
|
|
|
When using the ``svn`` fileserver backend at least one subversion remote needs
|
|
|
|
to be defined. The user running the salt master will need read access to the
|
|
|
|
repo.
|
|
|
|
|
|
|
|
The repos will be searched in order to find the file requested by a client and
|
|
|
|
the first repo to have the file will return it. The trunk, branches, and tags
|
|
|
|
become environments, with the trunk being the ``base`` environment.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
svnfs_remotes:
|
|
|
|
- svn://foo.com/svn/myproject
|
|
|
|
|
|
|
|
.. note::
|
|
|
|
|
2014-07-15 22:53:29 +00:00
|
|
|
As of 2014.7.0, it is possible to have per-repo versions of the following
|
2014-02-20 09:21:36 +00:00
|
|
|
configuration parameters:
|
|
|
|
|
|
|
|
* :conf_master:`svnfs_root`
|
|
|
|
* :conf_master:`svnfs_mountpoint`
|
|
|
|
* :conf_master:`svnfs_trunk`
|
|
|
|
* :conf_master:`svnfs_branches`
|
|
|
|
* :conf_master:`svnfs_tags`
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
svnfs_remotes:
|
|
|
|
- svn://foo.com/svn/project1
|
|
|
|
- svn://foo.com/svn/project2:
|
|
|
|
- root: salt
|
|
|
|
- mountpoint: salt://foo/bar/baz
|
|
|
|
- svn//foo.com/svn/project3:
|
|
|
|
- root: salt/states
|
|
|
|
- branches: branch
|
|
|
|
- tags: tag
|
|
|
|
|
|
|
|
.. conf_master:: svnfs_mountpoint
|
|
|
|
|
|
|
|
``svnfs_mountpoint``
|
|
|
|
********************
|
|
|
|
|
2014-07-15 22:53:29 +00:00
|
|
|
.. versionadded:: 2014.7.0
|
2014-02-20 09:21:36 +00:00
|
|
|
|
|
|
|
Default: ``''``
|
|
|
|
|
|
|
|
Specifies a path on the salt fileserver from which svnfs remotes are served.
|
|
|
|
Can be used in conjunction with :conf_master:`svnfs_root`. Can also be
|
|
|
|
configured on a per-remote basis, see :conf_master:`here <svnfs_remotes>` for
|
|
|
|
more info.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
svnfs_mountpoint: salt://foo/bar
|
|
|
|
|
|
|
|
.. note::
|
|
|
|
|
|
|
|
The ``salt://`` protocol designation can be left off (in other words,
|
|
|
|
``foo/bar`` and ``salt://foo/bar`` are equivalent).
|
|
|
|
|
|
|
|
.. conf_master:: svnfs_root
|
|
|
|
|
|
|
|
``svnfs_root``
|
|
|
|
**************
|
|
|
|
|
|
|
|
.. versionadded:: 0.17.0
|
|
|
|
|
|
|
|
Default: ``''``
|
|
|
|
|
|
|
|
Serve files from a subdirectory within the repository, instead of the root.
|
|
|
|
This is useful when there are files in the repository that should not be
|
|
|
|
available to the Salt fileserver. Can be used in conjunction with
|
|
|
|
:conf_master:`svnfs_mountpoint`.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
svnfs_root: somefolder/otherfolder
|
|
|
|
|
2014-07-15 22:53:29 +00:00
|
|
|
.. versionchanged:: 2014.7.0
|
2014-02-20 09:21:36 +00:00
|
|
|
|
|
|
|
Ability to specify svnfs roots on a per-remote basis was added. See
|
|
|
|
:conf_master:`here <svnfs_remotes>` for more info.
|
|
|
|
|
|
|
|
.. conf_master:: svnfs_trunk
|
|
|
|
|
|
|
|
``svnfs_trunk``
|
|
|
|
***************
|
|
|
|
|
2014-07-15 22:53:29 +00:00
|
|
|
.. versionadded:: 2014.7.0
|
2014-02-20 09:21:36 +00:00
|
|
|
|
|
|
|
Default: ``trunk``
|
|
|
|
|
|
|
|
Path relative to the root of the repository where the trunk is located. Can
|
|
|
|
also be configured on a per-remote basis, see :conf_master:`here
|
|
|
|
<svnfs_remotes>` for more info.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
svnfs_trunk: trunk
|
|
|
|
|
|
|
|
.. conf_master:: svnfs_branches
|
|
|
|
|
|
|
|
``svnfs_branches``
|
|
|
|
******************
|
|
|
|
|
2014-07-15 22:53:29 +00:00
|
|
|
.. versionadded:: 2014.7.0
|
2014-02-20 09:21:36 +00:00
|
|
|
|
|
|
|
Default: ``branches``
|
|
|
|
|
|
|
|
Path relative to the root of the repository where the branches are located. Can
|
|
|
|
also be configured on a per-remote basis, see :conf_master:`here
|
|
|
|
<svnfs_remotes>` for more info.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
svnfs_branches: branches
|
|
|
|
|
|
|
|
.. conf_master:: svnfs_tags
|
|
|
|
|
|
|
|
``svnfs_tags``
|
|
|
|
**************
|
|
|
|
|
2014-07-15 22:53:29 +00:00
|
|
|
.. versionadded:: 2014.7.0
|
2014-02-20 09:21:36 +00:00
|
|
|
|
|
|
|
Default: ``tags``
|
|
|
|
|
|
|
|
Path relative to the root of the repository where the tags is located. Can also
|
|
|
|
be configured on a per-remote basis, see :conf_master:`here <svnfs_remotes>`
|
|
|
|
for more info.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
svnfs_tags: tags
|
|
|
|
|
2014-04-11 16:39:13 +00:00
|
|
|
.. conf_master:: svnfs_env_whitelist
|
|
|
|
|
|
|
|
``svnfs_env_whitelist``
|
|
|
|
***********************
|
|
|
|
|
2014-07-15 22:53:29 +00:00
|
|
|
.. versionadded:: 2014.7.0
|
2014-04-11 16:39:13 +00:00
|
|
|
|
|
|
|
Default: ``[]``
|
|
|
|
|
|
|
|
Used to restrict which environments are made available. Can speed up state runs
|
|
|
|
if your svnfs remotes contain many branches/tags. Full names, globs, and
|
|
|
|
regular expressions are supported. If using a regular expression, the expression
|
|
|
|
must match the entire minion ID.
|
|
|
|
|
|
|
|
If used, only branches/tags which match one of the specified expressions will
|
|
|
|
be exposed as fileserver environments.
|
|
|
|
|
|
|
|
If used in conjunction with :conf_master:`svnfs_env_blacklist`, then the subset
|
|
|
|
of branches/tags which match the whitelist but do *not* match the blacklist
|
|
|
|
will be exposed as fileserver environments.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
svnfs_env_whitelist:
|
|
|
|
- base
|
|
|
|
- v1.*
|
|
|
|
- 'mybranch\d+'
|
|
|
|
|
|
|
|
.. conf_master:: svnfs_env_blacklist
|
|
|
|
|
|
|
|
``svnfs_env_blacklist``
|
|
|
|
***********************
|
|
|
|
|
2014-07-15 22:53:29 +00:00
|
|
|
.. versionadded:: 2014.7.0
|
2014-04-11 16:39:13 +00:00
|
|
|
|
|
|
|
Default: ``[]``
|
|
|
|
|
|
|
|
Used to restrict which environments are made available. Can speed up state runs
|
|
|
|
if your svnfs remotes contain many branches/tags. Full names, globs, and
|
|
|
|
regular expressions are supported. If using a regular expression, the
|
|
|
|
expression must match the entire minion ID.
|
|
|
|
|
|
|
|
If used, branches/tags which match one of the specified expressions will *not*
|
|
|
|
be exposed as fileserver environments.
|
|
|
|
|
|
|
|
If used in conjunction with :conf_master:`svnfs_env_whitelist`, then the subset
|
|
|
|
of branches/tags which match the whitelist but do *not* match the blacklist
|
|
|
|
will be exposed as fileserver environments.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
svnfs_env_blacklist:
|
|
|
|
- base
|
|
|
|
- v1.*
|
|
|
|
- 'mybranch\d+'
|
|
|
|
|
2014-04-07 16:29:24 +00:00
|
|
|
minion: MinionFS Remote File Server Backend
|
|
|
|
-------------------------------------------
|
|
|
|
|
|
|
|
.. conf_master:: minionfs_env
|
|
|
|
|
|
|
|
``minionfs_env``
|
|
|
|
****************
|
|
|
|
|
2014-07-15 22:53:29 +00:00
|
|
|
.. versionadded:: 2014.7.0
|
2014-04-07 16:29:24 +00:00
|
|
|
|
|
|
|
Default: ``base``
|
|
|
|
|
|
|
|
Environment from which MinionFS files are made available.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
minionfs_env: minionfs
|
|
|
|
|
|
|
|
.. conf_master:: minionfs_mountpoint
|
|
|
|
|
|
|
|
``minionfs_mountpoint``
|
|
|
|
***********************
|
|
|
|
|
2014-07-15 22:53:29 +00:00
|
|
|
.. versionadded:: 2014.7.0
|
2014-04-07 16:29:24 +00:00
|
|
|
|
|
|
|
Default: ``''``
|
|
|
|
|
|
|
|
Specifies a path on the salt fileserver from which minionfs files are served.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
minionfs_mountpoint: salt://foo/bar
|
|
|
|
|
|
|
|
.. note::
|
|
|
|
|
|
|
|
The ``salt://`` protocol designation can be left off (in other words,
|
|
|
|
``foo/bar`` and ``salt://foo/bar`` are equivalent).
|
|
|
|
|
|
|
|
.. conf_master:: minionfs_whitelist
|
|
|
|
|
|
|
|
``minionfs_whitelist``
|
|
|
|
**********************
|
|
|
|
|
2014-07-15 22:53:29 +00:00
|
|
|
.. versionadded:: 2014.7.0
|
2014-04-07 16:29:24 +00:00
|
|
|
|
|
|
|
Default: ``[]``
|
|
|
|
|
2014-04-11 16:39:13 +00:00
|
|
|
Used to restrict which minions' pushed files are exposed via minionfs. If using
|
2014-04-07 16:29:24 +00:00
|
|
|
a regular expression, the expression must match the entire minion ID.
|
|
|
|
|
|
|
|
If used, only the pushed files from minions which match one of the specified
|
|
|
|
expressions will be exposed.
|
|
|
|
|
|
|
|
If used in conjunction with :conf_master:`minionfs_blacklist`, then the subset
|
|
|
|
of hosts which match the whitelist but do *not* match the blacklist will be
|
|
|
|
exposed.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
minionfs_whitelist:
|
|
|
|
- base
|
|
|
|
- v1.*
|
|
|
|
- 'mybranch\d+'
|
|
|
|
|
|
|
|
.. conf_master:: minionfs_blacklist
|
|
|
|
|
|
|
|
``minionfs_blacklist``
|
|
|
|
**********************
|
|
|
|
|
2014-07-15 22:53:29 +00:00
|
|
|
.. versionadded:: 2014.7.0
|
2014-04-07 16:29:24 +00:00
|
|
|
|
|
|
|
Default: ``[]``
|
|
|
|
|
2014-04-11 16:39:13 +00:00
|
|
|
Used to restrict which minions' pushed files are exposed via minionfs. If using
|
2014-04-07 16:29:24 +00:00
|
|
|
a regular expression, the expression must match the entire minion ID.
|
|
|
|
|
|
|
|
If used, only the pushed files from minions which match one of the specified
|
|
|
|
expressions will *not* be exposed.
|
|
|
|
|
|
|
|
If used in conjunction with :conf_master:`minionfs_whitelist`, then the subset
|
|
|
|
of hosts which match the whitelist but do *not* match the blacklist will be
|
|
|
|
exposed.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
minionfs_blacklist:
|
|
|
|
- base
|
|
|
|
- v1.*
|
|
|
|
- 'mybranch\d+'
|
|
|
|
|
2014-01-04 01:22:44 +00:00
|
|
|
|
2012-08-27 18:53:25 +00:00
|
|
|
.. _pillar-configuration:
|
|
|
|
|
2012-04-27 19:13:42 +00:00
|
|
|
Pillar Configuration
|
2013-08-07 22:50:51 +00:00
|
|
|
====================
|
2012-04-27 19:13:42 +00:00
|
|
|
|
|
|
|
.. conf_master:: pillar_roots
|
|
|
|
|
|
|
|
``pillar_roots``
|
|
|
|
----------------
|
|
|
|
|
2013-08-03 23:53:05 +00:00
|
|
|
Default:
|
2012-04-27 19:13:42 +00:00
|
|
|
|
2013-08-03 23:53:05 +00:00
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
base:
|
|
|
|
- /srv/pillar
|
|
|
|
|
|
|
|
Set the environments and directories used to hold pillar sls data. This
|
|
|
|
configuration is the same as :conf_master:`file_roots`:
|
2012-04-27 19:13:42 +00:00
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
2012-11-12 06:12:40 +00:00
|
|
|
pillar_roots:
|
2012-04-27 19:13:42 +00:00
|
|
|
base:
|
2013-08-03 23:53:05 +00:00
|
|
|
- /srv/pillar
|
2012-04-27 19:13:42 +00:00
|
|
|
dev:
|
2013-08-03 23:53:05 +00:00
|
|
|
- /srv/pillar/dev
|
2012-04-27 19:13:42 +00:00
|
|
|
prod:
|
2013-08-03 23:53:05 +00:00
|
|
|
- /srv/pillar/prod
|
2012-04-27 19:13:42 +00:00
|
|
|
|
|
|
|
.. conf_master:: ext_pillar
|
|
|
|
|
|
|
|
``ext_pillar``
|
|
|
|
--------------
|
|
|
|
|
|
|
|
The ext_pillar option allows for any number of external pillar interfaces to be
|
|
|
|
called when populating pillar data. The configuration is based on ext_pillar
|
2013-10-03 21:41:37 +00:00
|
|
|
functions. The available ext_pillar functions can be found herein:
|
|
|
|
|
|
|
|
:blob:`salt/pillar`
|
|
|
|
|
|
|
|
By default, the ext_pillar interface is not configured to run.
|
2012-04-27 19:13:42 +00:00
|
|
|
|
2013-11-09 19:54:39 +00:00
|
|
|
Default: ``None``
|
2012-04-27 19:13:42 +00:00
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
ext_pillar:
|
|
|
|
- hiera: /etc/hiera.yaml
|
2012-09-28 01:28:08 +00:00
|
|
|
- cmd_yaml: cat /etc/salt/yaml
|
2013-06-26 11:38:37 +00:00
|
|
|
- reclass:
|
|
|
|
inventory_base_uri: /etc/reclass
|
2012-04-27 19:13:42 +00:00
|
|
|
|
2012-08-27 18:53:25 +00:00
|
|
|
There are additional details at :ref:`salt-pillars`
|
2012-04-27 19:13:42 +00:00
|
|
|
|
2014-04-09 04:39:46 +00:00
|
|
|
.. conf_master:: pillar_source_merging_strategy
|
|
|
|
|
|
|
|
``pillar_source_merging_strategy``
|
|
|
|
----------------------------------
|
|
|
|
|
2014-08-07 20:30:24 +00:00
|
|
|
.. versionadded:: 2014.7.0
|
|
|
|
|
2014-04-09 04:39:46 +00:00
|
|
|
Default: ``smart``
|
|
|
|
|
2014-08-11 17:20:28 +00:00
|
|
|
The pillar_source_merging_strategy option allows you to configure merging
|
|
|
|
strategy between different sources. It accepts 3 values:
|
2014-04-09 04:39:46 +00:00
|
|
|
|
|
|
|
* recurse:
|
|
|
|
|
2014-07-13 18:43:33 +00:00
|
|
|
it will merge recursively mapping of data. For example, theses 2 sources:
|
2014-04-09 04:39:46 +00:00
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
foo: 42
|
|
|
|
bar:
|
|
|
|
element1: True
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
bar:
|
|
|
|
element2: True
|
|
|
|
baz: quux
|
|
|
|
|
|
|
|
will be merged as:
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
foo: 42
|
|
|
|
bar:
|
|
|
|
element1: True
|
|
|
|
element2: True
|
|
|
|
baz: quux
|
|
|
|
|
|
|
|
|
|
|
|
* aggregate:
|
|
|
|
|
2014-05-30 15:28:20 +00:00
|
|
|
instructs aggregation of elements between sources that use the #!yamlex rendered.
|
2014-04-09 04:39:46 +00:00
|
|
|
|
|
|
|
For example, these two documents:
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
2014-05-30 15:28:20 +00:00
|
|
|
#!yamlex
|
2014-04-09 04:39:46 +00:00
|
|
|
foo: 42
|
|
|
|
bar: !aggregate {
|
|
|
|
element1: True
|
|
|
|
}
|
|
|
|
baz: !aggregate quux
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
2014-05-30 15:28:20 +00:00
|
|
|
#!yamlex
|
2014-04-09 04:39:46 +00:00
|
|
|
bar: !aggregate {
|
|
|
|
element2: True
|
|
|
|
}
|
|
|
|
baz: !aggregate quux2
|
|
|
|
|
|
|
|
will be merged as:
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
foo: 42
|
|
|
|
bar:
|
|
|
|
element1: True
|
|
|
|
element2: True
|
|
|
|
baz:
|
|
|
|
- quux
|
|
|
|
- quux2
|
|
|
|
|
|
|
|
* smart (default):
|
|
|
|
|
|
|
|
it guesses the best strategy, based on the "renderer" setting.
|
|
|
|
|
|
|
|
|
2012-01-13 19:35:56 +00:00
|
|
|
Syndic Server Settings
|
2013-08-07 22:50:51 +00:00
|
|
|
======================
|
2012-01-13 19:35:56 +00:00
|
|
|
|
2012-03-09 04:05:52 +00:00
|
|
|
A Salt syndic is a Salt master used to pass commands from a higher Salt master to
|
|
|
|
minions below the syndic. Using the syndic is simple. If this is a master that
|
|
|
|
will have syndic servers(s) below it, set the "order_masters" setting to True. If this
|
2012-01-13 19:35:56 +00:00
|
|
|
is a master that will be running a syndic daemon for passthrough the
|
|
|
|
"syndic_master" setting needs to be set to the location of the master server
|
|
|
|
|
2013-07-13 19:53:11 +00:00
|
|
|
Do not not forget that in other word it means that it shares with the local minion it's ID and PKI_DIR.
|
|
|
|
|
2012-01-13 19:35:56 +00:00
|
|
|
.. conf_master:: order_masters
|
|
|
|
|
|
|
|
``order_masters``
|
|
|
|
-----------------
|
|
|
|
|
|
|
|
Default: ``False``
|
|
|
|
|
2012-03-09 04:05:52 +00:00
|
|
|
Extra data needs to be sent with publications if the master is controlling a
|
2012-01-13 19:35:56 +00:00
|
|
|
lower level master via a syndic minion. If this is the case the order_masters
|
|
|
|
value must be set to True
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
order_masters: False
|
|
|
|
|
|
|
|
.. conf_master:: syndic_master
|
|
|
|
|
|
|
|
``syndic_master``
|
|
|
|
-----------------
|
|
|
|
|
|
|
|
Default: ``None``
|
|
|
|
|
|
|
|
If this master will be running a salt-syndic to connect to a higher level
|
2012-03-09 04:05:52 +00:00
|
|
|
master, specify the higher level master with this configuration value
|
2012-01-13 19:35:56 +00:00
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
syndic_master: masterofmasters
|
|
|
|
|
2013-07-13 19:53:11 +00:00
|
|
|
.. conf_master:: syndic_master_port
|
|
|
|
|
|
|
|
``syndic_master_port``
|
|
|
|
-----------------------
|
|
|
|
|
|
|
|
Default: ``4506``
|
|
|
|
|
|
|
|
If this master will be running a salt-syndic to connect to a higher level
|
|
|
|
master, specify the higher level master port with this configuration value
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
syndic_master_port: 4506
|
|
|
|
|
|
|
|
.. conf_master:: syndic_log_file
|
|
|
|
|
|
|
|
.. conf_master:: syndic_master_log_file
|
|
|
|
|
|
|
|
``syndic_pidfile``
|
|
|
|
------------------
|
|
|
|
|
|
|
|
Default: ``salt-syndic.pid``
|
|
|
|
|
|
|
|
If this master will be running a salt-syndic to connect to a higher level
|
|
|
|
master, specify the pidfile of the syndic daemon.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
syndic_pidfile: syndic.pid
|
|
|
|
|
2014-01-12 05:23:09 +00:00
|
|
|
``syndic_log_file``
|
|
|
|
-------------------
|
|
|
|
|
|
|
|
Default: ``syndic.log``
|
|
|
|
|
|
|
|
If this master will be running a salt-syndic to connect to a higher level
|
|
|
|
master, specify the log_file of the syndic daemon.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
syndic_log_file: salt-syndic.log
|
|
|
|
|
|
|
|
|
2012-01-13 19:35:56 +00:00
|
|
|
Peer Publish Settings
|
2013-08-07 22:50:51 +00:00
|
|
|
=====================
|
2012-01-13 19:35:56 +00:00
|
|
|
|
|
|
|
Salt minions can send commands to other minions, but only if the minion is
|
|
|
|
allowed to. By default "Peer Publication" is disabled, and when enabled it
|
|
|
|
is enabled for specific minions and specific commands. This allows secure
|
|
|
|
compartmentalization of commands based on individual minions.
|
|
|
|
|
|
|
|
.. conf_master:: peer
|
|
|
|
|
|
|
|
``peer``
|
|
|
|
--------
|
|
|
|
|
|
|
|
Default: ``{}``
|
|
|
|
|
|
|
|
The configuration uses regular expressions to match minions and then a list
|
2012-03-09 04:05:52 +00:00
|
|
|
of regular expressions to match functions. The following will allow the
|
2012-01-13 19:35:56 +00:00
|
|
|
minion authenticated as foo.example.com to execute functions from the test
|
|
|
|
and pkg modules
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
peer:
|
|
|
|
foo.example.com:
|
|
|
|
- test.*
|
|
|
|
- pkg.*
|
|
|
|
|
|
|
|
This will allow all minions to execute all commands:
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
peer:
|
|
|
|
.*:
|
|
|
|
- .*
|
|
|
|
|
2012-03-09 04:05:52 +00:00
|
|
|
This is not recommended, since it would allow anyone who gets root on any
|
2012-01-13 19:35:56 +00:00
|
|
|
single minion to instantly have root on all of the minions!
|
|
|
|
|
2013-11-06 18:03:31 +00:00
|
|
|
By adding an additional layer you can limit the target hosts in addition to the
|
|
|
|
accessible commands:
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
peer:
|
|
|
|
foo.example.com:
|
|
|
|
'db*':
|
|
|
|
- test.*
|
|
|
|
- pkg.*
|
|
|
|
|
2012-06-03 03:05:17 +00:00
|
|
|
.. conf_master:: peer_run
|
|
|
|
|
|
|
|
``peer_run``
|
|
|
|
------------
|
|
|
|
|
|
|
|
Default: ``{}``
|
|
|
|
|
|
|
|
The peer_run option is used to open up runners on the master to access from the
|
|
|
|
minions. The peer_run configuration matches the format of the peer
|
|
|
|
configuration.
|
|
|
|
|
|
|
|
The following example would allow foo.example.com to execute the manage.up
|
|
|
|
runner:
|
|
|
|
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
peer_run:
|
|
|
|
foo.example.com:
|
|
|
|
- manage.up
|
|
|
|
|
2013-08-07 22:50:51 +00:00
|
|
|
|
2013-07-25 07:07:18 +00:00
|
|
|
.. _master-logging-settings:
|
|
|
|
|
2011-05-31 04:16:25 +00:00
|
|
|
Master Logging Settings
|
2013-08-07 22:50:51 +00:00
|
|
|
=======================
|
2011-05-31 04:16:25 +00:00
|
|
|
|
|
|
|
.. conf_master:: log_file
|
|
|
|
|
|
|
|
``log_file``
|
|
|
|
------------
|
|
|
|
|
2013-08-07 22:50:51 +00:00
|
|
|
Default: ``/var/log/salt/master``
|
2011-05-31 04:16:25 +00:00
|
|
|
|
2013-10-03 21:41:37 +00:00
|
|
|
The master log can be sent to a regular file, local path name, or network
|
2013-12-14 00:33:32 +00:00
|
|
|
location. See also :conf_log:`log_file`.
|
2013-08-07 22:50:51 +00:00
|
|
|
|
|
|
|
Examples:
|
2013-01-10 07:45:11 +00:00
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
2013-01-11 00:51:44 +00:00
|
|
|
log_file: /var/log/salt/master
|
2013-01-10 07:45:11 +00:00
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
2013-01-11 00:51:44 +00:00
|
|
|
log_file: file:///dev/log
|
2011-05-31 04:16:25 +00:00
|
|
|
|
2011-06-23 02:41:10 +00:00
|
|
|
.. code-block:: yaml
|
2011-05-31 04:16:25 +00:00
|
|
|
|
2013-01-11 00:51:44 +00:00
|
|
|
log_file: udp://loghost:10514
|
2011-05-31 04:16:25 +00:00
|
|
|
|
2013-08-07 22:50:51 +00:00
|
|
|
|
|
|
|
|
2011-05-31 04:16:25 +00:00
|
|
|
.. conf_master:: log_level
|
|
|
|
|
|
|
|
``log_level``
|
|
|
|
-------------
|
|
|
|
|
|
|
|
Default: ``warning``
|
|
|
|
|
2013-12-14 00:33:32 +00:00
|
|
|
The level of messages to send to the console. See also :conf_log:`log_level`.
|
2011-05-31 04:16:25 +00:00
|
|
|
|
2011-06-23 02:41:10 +00:00
|
|
|
.. code-block:: yaml
|
2011-05-31 04:16:25 +00:00
|
|
|
|
|
|
|
log_level: warning
|
|
|
|
|
2013-08-07 22:50:51 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
2013-01-10 07:45:11 +00:00
|
|
|
.. conf_master:: log_level_logfile
|
|
|
|
|
|
|
|
``log_level_logfile``
|
|
|
|
---------------------
|
|
|
|
|
|
|
|
Default: ``warning``
|
|
|
|
|
2013-10-03 21:41:37 +00:00
|
|
|
The level of messages to send to the log file. See also
|
2013-12-14 00:33:32 +00:00
|
|
|
:conf_log:`log_level_logfile`.
|
2013-01-10 07:45:11 +00:00
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
log_level_logfile: warning
|
|
|
|
|
2013-08-07 22:50:51 +00:00
|
|
|
|
|
|
|
|
2013-01-10 07:45:11 +00:00
|
|
|
.. conf_master:: log_datefmt
|
|
|
|
|
|
|
|
``log_datefmt``
|
|
|
|
---------------
|
|
|
|
|
|
|
|
Default: ``%H:%M:%S``
|
|
|
|
|
2013-10-03 21:41:37 +00:00
|
|
|
The date and time format used in console log messages. See also
|
2013-12-14 00:33:32 +00:00
|
|
|
:conf_log:`log_datefmt`.
|
2013-01-10 07:45:11 +00:00
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
log_datefmt: '%H:%M:%S'
|
|
|
|
|
2013-08-07 22:50:51 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
2013-01-10 07:45:11 +00:00
|
|
|
.. conf_master:: log_datefmt_logfile
|
|
|
|
|
|
|
|
``log_datefmt_logfile``
|
|
|
|
-----------------------
|
|
|
|
|
|
|
|
Default: ``%Y-%m-%d %H:%M:%S``
|
|
|
|
|
2013-10-03 21:41:37 +00:00
|
|
|
The date and time format used in log file messages. See also
|
2013-12-14 00:33:32 +00:00
|
|
|
:conf_log:`log_datefmt_logfile`.
|
2013-01-10 07:45:11 +00:00
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
log_datefmt_logfile: '%Y-%m-%d %H:%M:%S'
|
|
|
|
|
2013-08-07 22:50:51 +00:00
|
|
|
|
|
|
|
|
2013-01-10 07:45:11 +00:00
|
|
|
.. conf_master:: log_fmt_console
|
|
|
|
|
|
|
|
``log_fmt_console``
|
|
|
|
-------------------
|
|
|
|
|
|
|
|
Default: ``[%(levelname)-8s] %(message)s``
|
|
|
|
|
2013-10-03 21:41:37 +00:00
|
|
|
The format of the console logging messages. See also
|
2013-12-14 00:33:32 +00:00
|
|
|
:conf_log:`log_fmt_console`.
|
2013-01-10 07:45:11 +00:00
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
log_fmt_console: '[%(levelname)-8s] %(message)s'
|
|
|
|
|
2013-08-07 22:50:51 +00:00
|
|
|
|
|
|
|
|
2013-01-10 07:45:11 +00:00
|
|
|
.. conf_master:: log_fmt_logfile
|
|
|
|
|
|
|
|
``log_fmt_logfile``
|
|
|
|
-------------------
|
|
|
|
|
|
|
|
Default: ``%(asctime)s,%(msecs)03.0f [%(name)-17s][%(levelname)-8s] %(message)s``
|
|
|
|
|
2013-10-03 21:41:37 +00:00
|
|
|
The format of the log file logging messages. See also
|
2013-12-14 00:33:32 +00:00
|
|
|
:conf_log:`log_fmt_logfile`.
|
2013-01-10 07:45:11 +00:00
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
log_fmt_logfile: '%(asctime)s,%(msecs)03.0f [%(name)-17s][%(levelname)-8s] %(message)s'
|
|
|
|
|
2013-08-07 22:50:51 +00:00
|
|
|
|
|
|
|
|
2011-05-31 04:16:25 +00:00
|
|
|
.. conf_master:: log_granular_levels
|
|
|
|
|
|
|
|
``log_granular_levels``
|
|
|
|
-----------------------
|
|
|
|
|
|
|
|
Default: ``{}``
|
|
|
|
|
2013-10-03 21:41:37 +00:00
|
|
|
This can be used to control logging levels more specifically. See also
|
2013-12-14 00:33:32 +00:00
|
|
|
:conf_log:`log_granular_levels`.
|
2013-08-07 22:50:51 +00:00
|
|
|
|
2011-06-25 04:38:27 +00:00
|
|
|
|
2014-01-12 05:23:09 +00:00
|
|
|
Node Groups
|
|
|
|
===========
|
|
|
|
|
|
|
|
.. conf_master:: nodegroups
|
|
|
|
|
|
|
|
Default: ``{}``
|
|
|
|
|
|
|
|
Node groups allow for logical groupings of minion nodes.
|
|
|
|
A group consists of a group name and a compound target.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
nodegroups:
|
|
|
|
group1: 'L@foo.domain.com,bar.domain.com,baz.domain.com or bl*.domain.com'
|
|
|
|
group2: 'G@os:Debian and foo.domain.com'
|
|
|
|
|
|
|
|
|
|
|
|
Range Cluster Settings
|
|
|
|
======================
|
|
|
|
|
|
|
|
.. conf_master:: range_server
|
|
|
|
|
|
|
|
``range_server``
|
|
|
|
----------------
|
|
|
|
|
|
|
|
Default: ``''``
|
|
|
|
|
|
|
|
The range server (and optional port) that serves your cluster information
|
2014-08-20 17:54:29 +00:00
|
|
|
https://github.com/ytoolshed/range/wiki/%22yamlfile%22-module-file-spec
|
2014-01-12 05:23:09 +00:00
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
range_server: range:80
|
|
|
|
|
2011-06-25 04:38:27 +00:00
|
|
|
|
2013-08-07 22:50:51 +00:00
|
|
|
Include Configuration
|
|
|
|
=====================
|
2012-08-24 15:14:21 +00:00
|
|
|
|
2013-01-10 07:45:11 +00:00
|
|
|
.. conf_master:: default_include
|
|
|
|
|
2012-08-24 15:14:21 +00:00
|
|
|
``default_include``
|
|
|
|
-------------------
|
|
|
|
|
|
|
|
Default: ``master.d/*.conf``
|
|
|
|
|
2013-02-21 08:15:27 +00:00
|
|
|
The master can include configuration from other files. Per default the
|
2013-08-07 22:50:51 +00:00
|
|
|
master will automatically include all config files from ``master.d/*.conf``
|
|
|
|
where ``master.d`` is relative to the directory of the master configuration
|
2012-08-24 15:14:21 +00:00
|
|
|
file.
|
2013-08-07 22:50:51 +00:00
|
|
|
|
|
|
|
|
|
|
|
.. conf_master:: include
|
|
|
|
|
|
|
|
``include``
|
|
|
|
-----------
|
|
|
|
|
|
|
|
Default: ``not defined``
|
|
|
|
|
|
|
|
The master can include configuration from other files. To enable this,
|
|
|
|
pass a list of paths to this option. The paths can be either relative or
|
|
|
|
absolute; if relative, they are considered to be relative to the directory
|
|
|
|
the main minion configuration file lives in. Paths can make use of
|
|
|
|
shell-style globbing. If no files are matched by a path passed to this
|
|
|
|
option then the master will log a warning message.
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
# Include files from a master.d directory in the same
|
|
|
|
# directory as the master config file
|
2013-10-03 21:41:37 +00:00
|
|
|
include: master.d/*
|
2013-08-07 22:50:51 +00:00
|
|
|
|
|
|
|
# Include a single extra file into the configuration
|
|
|
|
include: /etc/roles/webserver
|
|
|
|
|
|
|
|
# Include several files and the master.d directory
|
|
|
|
include:
|
|
|
|
- extra_config
|
|
|
|
- master.d/*
|
|
|
|
- /etc/roles/webserver
|
|
|
|
|
2014-01-12 05:23:09 +00:00
|
|
|
|
|
|
|
Windows Software Repo Settings
|
2014-03-05 21:21:11 +00:00
|
|
|
==============================
|
2014-01-12 05:23:09 +00:00
|
|
|
|
|
|
|
.. conf_master:: win_repo
|
|
|
|
|
|
|
|
``win_repo``
|
|
|
|
------------
|
|
|
|
|
|
|
|
Default: ``/srv/salt/win/repo``
|
|
|
|
|
|
|
|
Location of the repo on the master
|
|
|
|
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
win_repo: '/srv/salt/win/repo'
|
|
|
|
|
|
|
|
.. conf_master:: win_repo_mastercachefile
|
|
|
|
|
|
|
|
``win_repo_mastercachefile``
|
|
|
|
----------------------------
|
|
|
|
|
|
|
|
Default: ``/srv/salt/win/repo/winrepo.p``
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
win_repo_mastercachefile: '/srv/salt/win/repo/winrepo.p'
|
|
|
|
|
|
|
|
.. conf_master:: win_gitrepos
|
|
|
|
|
|
|
|
``win_gitrepos``
|
|
|
|
----------------
|
|
|
|
|
|
|
|
Default: ``''``
|
|
|
|
|
|
|
|
List of git repositories to include with the local repo
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
win_gitrepos:
|
|
|
|
- 'https://github.com/saltstack/salt-winrepo.git'
|