135 lines
5.2 KiB
YAML
135 lines
5.2 KiB
YAML
##### Primary configuration settings #####
|
|
##########################################
|
|
# This configuration file is used to manage the behavior of the Salt Master.
|
|
# Values that are commented out but have an empty line after the comment are
|
|
# defaults that do not need to be set in the config. If there is no blank line
|
|
# after the comment then the value is presented as an example and is not the
|
|
# default.
|
|
|
|
# The master will automatically include all config files from:
|
|
default_include: {{SALT_CONFS_DIR}}/*.conf
|
|
|
|
# The user under which the salt master will run.
|
|
user: {{SALT_USER}}
|
|
|
|
# Directory used to store public key data:
|
|
pki_dir: {{SALT_KEYS_DIR}}
|
|
|
|
# Directory to store job and cache data:
|
|
# This directory may contain sensitive data and should be protected accordingly.
|
|
cachedir: {{SALT_CACHE_DIR}}/master
|
|
|
|
# Directory for custom modules. This directory can contain subdirectories for
|
|
# each of Salt's module types such as "runners", "output", "wheel", "modules",
|
|
# "states", "returners", "engines", "utils", etc.
|
|
extension_modules: {{SALT_CACHE_DIR}}/master/extmods
|
|
|
|
|
|
##### Large-scale tuning settings #####
|
|
##########################################
|
|
# The number of worker threads to start. These threads are used to manage
|
|
# return calls made from minions to the master. If the master seems to be
|
|
# running slowly, increase the number of threads. This setting can not be
|
|
# set lower than 3.
|
|
worker_threads: {{SALT_WORKER_THREADS}}
|
|
|
|
|
|
##### Security settings #####
|
|
##########################################
|
|
# Enable passphrase protection of the Master signing_key. This only applies if
|
|
# master_sign_pubkey is set to True. This is disabled by default.
|
|
master_sign_pubkey: {{SALT_MASTER_SIGN_PUBKEY}}
|
|
master_sign_key_name: {{SALT_MASTER_SIGN_KEY_NAME}}
|
|
master_pubkey_signature: {{SALT_MASTER_PUBKEY_SIGNATURE}}
|
|
master_use_pubkey_signature: {{SALT_MASTER_USE_PUBKEY_SIGNATURE}}
|
|
|
|
# Use TLS/SSL encrypted connection between master and minion.
|
|
# Can be set to a dictionary containing keyword arguments corresponding to Python's
|
|
# 'ssl.wrap_socket' method.
|
|
# Default is None.
|
|
#ssl:
|
|
# keyfile: <path_to_keyfile>
|
|
# certfile: <path_to_certfile>
|
|
# ssl_version: PROTOCOL_TLSv1_2
|
|
|
|
|
|
##### Salt-SSH Configuration #####
|
|
##########################################
|
|
# The log file of the salt-ssh command:
|
|
ssh_log_file: {{SALT_LOGS_DIR}}/salt/ssh
|
|
|
|
|
|
##### File Server settings #####
|
|
##########################################
|
|
# Salt runs a lightweight file server written in zeromq to deliver files to
|
|
# minions. This file server is built into the master daemon and does not
|
|
# require a dedicated port.
|
|
|
|
# The file server works on environments passed to the master, each environment
|
|
# can have multiple root directories, the subdirectories in the multiple file
|
|
# roots cannot match, otherwise the downloaded files will not be able to be
|
|
# reliably ensured. A base environment is required to house the top file.
|
|
file_roots:
|
|
base:
|
|
- {{SALT_BASE_DIR}}/salt
|
|
## cdalvaro managed block - file_roots-base - begin
|
|
## cdalvaro managed block - file_roots-base - end
|
|
|
|
# The master_roots setting configures a master-only copy of the file_roots dictionary,
|
|
# used by the state compiler.
|
|
master_roots:
|
|
base:
|
|
- {{SALT_BASE_DIR}}/salt-master
|
|
|
|
|
|
##### Pillar settings #####
|
|
##########################################
|
|
# Salt Pillars allow for the building of global data that can be made selectively
|
|
# available to different minions based on minion grain filtering. The Salt
|
|
# Pillar is laid out in the same fashion as the file server, with environments,
|
|
# a top file and sls files. However, pillar data does not need to be in the
|
|
# highstate format, and is generally just key/value pairs.
|
|
pillar_roots:
|
|
base:
|
|
- {{SALT_BASE_DIR}}/pillar
|
|
|
|
|
|
###### Reactor Settings #####
|
|
###########################################
|
|
# Configure the number of workers for the runner/wheel in the reactor.
|
|
reactor_worker_threads: {{SALT_REACTOR_WORKER_THREADS}}
|
|
|
|
|
|
##### Syndic settings #####
|
|
##########################################
|
|
# The Salt syndic is used to pass commands through a master from a higher
|
|
# master. Using the syndic is simple. If this is a master that will have
|
|
# syndic servers(s) below it, then set the "order_masters" setting to True.
|
|
#
|
|
# If this is a master that will be running a syndic daemon for passthrough, then
|
|
# the "syndic_master" setting needs to be set to the location of the master server
|
|
# to receive commands from.
|
|
|
|
# The log file of the salt-syndic daemon:
|
|
syndic_log_file: {{SALT_LOGS_DIR}}/salt/syndic
|
|
|
|
|
|
##### Logging settings #####
|
|
##########################################
|
|
# The location of the master log file
|
|
log_file: {{SALT_LOGS_DIR}}/salt/master.log
|
|
key_logfile: {{SALT_LOGS_DIR}}/salt/key.log
|
|
|
|
# The level of messages to send to the console.
|
|
# One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'.
|
|
#
|
|
# The following log levels are considered INSECURE and may log sensitive data:
|
|
# ['garbage', 'trace', 'debug']
|
|
#
|
|
log_level: {{SALT_LOG_LEVEL}}
|
|
|
|
# The level of messages to send to the log file.
|
|
# One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'.
|
|
# If using 'log_granular_levels' this must be set to the highest desired level.
|
|
log_level_logfile: {{SALT_LEVEL_LOGFILE}}
|