blob: 59f4908e4004096e5bcb152dcd979029db058583 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
|
{%- import_yaml 'formulas.yaml' as formulas -%}
include:
- role.salt.common
salt:
interface: ${'secret_salt:master:interface'}
master_remove_config: True
extmods: {'modules': ['nbroles.py'], 'pillar': ['lookup.py']}
master:
cache: redis
cli_summary: True
# to-do: package extension modules
extension_modules: /opt/extmods
gpg_keydir: ${'secret_salt:master:gpg_keydir'}
ipv6: True
file_ignore_glob:
- '*.pyc'
- '*.swp'
fileserver_backend:
- roots
- git
file_roots:
production:
{%- for formula in formulas %}
- /srv/formulas/{{ formula }}-formula
{%- endfor %}
gitfs_root: salt
gitfs_remotes:
- https://git.com.de/LibertaCasa/salt.git:
- user: ${'secret_salt:master:gitfs_remotes:LibertaCasa:user'}
- password: ${'secret_salt:master:gitfs_remotes:LibertaCasa:password'}
ext_pillar:
- netbox:
api_url: ${'secret_salt:master:ext_pillar:netbox:api_url'}
api_token: ${'secret_salt:master:ext_pillar:netbox:api_token'}
virtual_machines: True
interfaces: True
interface_ips: True
site_details: False
site_prefixes: False
- git:
- production https://git.com.de/LibertaCasa/salt.git:
- root: pillar
- user: ${'secret_salt:master:ext_pillar:git:LibertaCasa:user'}
- password: ${'secret_salt:master:ext_pillar:git:LibertaCasa:password'}
- production https://git.com.de/Lysergic/salt.git:
- root: ${'secret_salt:master:ext_pillar:git:Lysergic:root'}
- user: ${'secret_salt:master:ext_pillar:git:Lysergic:user'}
- password: ${'secret_salt:master:ext_pillar:git:Lysergic:password'}
- lookup: {}
ext_pillar_first: True
pillar_merge_lists: True
pillar_source_merging_strategy: smart
top_file_merging_strategy: same
env_order: ['production']
log_level: info
show_jid: True
timeout: 20
gather_job_timeout: 20
keep_jobs: 30
user: ${'secret_salt:master:user'}
syndic_user: ${'secret_salt:master:syndic_user'}
cache.redis.unix_socket_path: ${'secret_salt:master:cache.redis.unix_socket_path'}
cache.redis.password: ${'secret_salt:master:cache.redis.password'}
rest_cherrypy:
host: '::'
port: 4550
ssl_crt: ${'secret_salt:master:rest_cherrypy:ssl_crt'}
ssl_key: ${'secret_salt:master:rest_cherrypy:ssl_key'}
auth.ldap.server: ${'secret_salt:master:auth.ldap.server'}
auth.ldap.port: ${'secret_salt:master:auth.ldap.port'}
auth.ldap.tls: True
auth.ldap.scope: 2
auth.ldap.accountattributename: ${'secret_salt:master:auth.ldap.accountattributename'}
auth.ldap.groupou: ${'secret_salt:master:auth.ldap.groupou'}
auth.ldap.groupclass: ${'secret_salt:master:auth.ldap.groupclass'}
auth.ldap.basedn: ${'secret_salt:master:auth.ldap.basedn'}
auth.ldap.binddn: ${'secret_salt:master:auth.ldap.binddn'}
auth.ldap.bindpw: ${'secret_salt:master:auth.ldap.bindpw'}
auth.ldap.filter: ${'secret_salt:master:auth.ldap.filter'}
firewalld:
zones:
internal:
services:
- salt-master
ports:
- comment: salt-api
port: 4550
protocol: tcp
|