rubic · January 21, 2012 10:36 · rubic · Jan 21, 2012
diff --git a/master b/master
 ############################################################################
 # My current salt configuration for the master daemon as an unprivileged
 # non-root user.
 # https://gist.github.com/1652306
 ############################################################################

 ##### Primary configuration settings #####
 ##########################################
 # The address of the interface to bind to
 #interface: 0.0.0.0

 # The port used by the publisher
 #publish_port: 4505

 # The user to run salt
 user: salt

 # number of threads to manage return calls from minions
 #worker_threads: 5

 # The port used by the communication interface
 #ret_port: 4506

 # The root directory prepended to these options: pki_dir, cachedir,
 # sock_dir, log_file.
 root_dir: /home/salt/

 # Directory used to store public key data
 pki_dir: .salt/pki

 # Directory to store job and cache data
 cachedir: .salt/cache

 # Set the number of hours to keep old job information
 #keep_jobs: 24

 # Set the directory used to hold unix sockets
 sock_dir: .salt/unix-sock

 #####        Security settings       #####
 ##########################################
 # Enable "open mode", this mode still maintains encryption, but turns off
 # authentication, this is only intended for highly secure environments or for
 # the situation where your keys end up in a bad state. If you run in open mode
 # you do so at your own risk!
 #open_mode: False

 # Enable auto_accept, this setting will automatically accept all incoming
 # public keys from the minions. Note that this is insecure.
 #auto_accept: False

 #####      State System settings     #####
 ##########################################
 # The state system uses a "top" file to tell the minions what environment to
 # use and what modules to use. The state_top file is defined relative to the
 # root of the base environment
 #state_top: top.sls
 #
 # The renderer to use on the minions to render the state data
 #renderer: yaml_jinja
 #
 # The failhard option tells the minions to stop immediately after the first
 # failure detected in the state execution, defaults to False
 #failhard: False

 #####      File Server settings      #####
 ##########################################
 # Salt runs a lightweight file server written in zeromq to deliver files to
 # minions. This file server is built into the master daemon and does not
 # require a dedicated port.

 # The file server works on environments passed to the master, each environment
 # can have multiple root directories, the subdirectories in the multiple file
 # roots cannot match, otherwise the downloaded files will not be able to be
 # reliably ensured. A base environment is required to house the top file
 # Example:
 # file_roots:
 #   base:
 #     - /srv/salt/
 #   dev:
 #     - /srv/salt/dev/services
 #     - /srv/salt/dev/states
 #   prod:
 #     - /srv/salt/prod/services
 #     - /srv/salt/prod/states
 #
 # Default:
 #file_roots:
 #  base:
 #    - /srv/salt

 # The hash_type is the hash to use when discovering the hash of a file on
 # the master server, the default is md5, but sha1, sha224, sha256, sha384
 # and sha512 are also supported.
 #hash_type: md5

 # The buffer size in the file server can be adjusted here:
 #file_buffer_size: 1048576

 #####          Syndic settings       #####
 ##########################################
 # The Salt syndic is used to pass commands through a master from a higher
 # master. Using the syndic is simple, if this is a master that will have
 # syndic servers(s) below it set the "order_masters" setting to True, if this
 # is a master that will be running a syndic daemon for passthrough the
 # "syndic_master" setting needs to be set to the location of the master server
 # to recieve commands from
 #
 # Set the order_masters setting to True if this master will command lower
 # masters' syndic interfaces
 #order_masters: False
 #
 # If this master will be running a salt syndic daemon, then the syndic needs
 # to know where the master it is recieving commands from is, set it with the
 # syndic_master value
 #syndic_master: masterofmaster

 #####      Peer Publish settings     #####
 ##########################################
 # Salt minions can send commands to other minions, but only if the minion is
 # allowed to. By default "Peer Publication" is disabled, and when enabled it
 # is enabled for specific minions and specific commands. This allows secure
 # compartmentalization of commands based on individual minions.
 #
 # The configuration uses regular expressions to match minions and then a list
 # of regular expressions to match functions, the following will allow the
 # minion authenticated as foo.example.com to execute functions from the test
 # and pkg modules
 # peer:
 #   foo.example.com:
 #       - test.*
 #       - pkg.*
 #
 # This will allow all minions to execute all commands:
 # peer:
 #   .*:
 #       - .*
 # This is not recomanded, since it would allow anyone who gets root on any
 # single minion to instantly have root on all of the minions!
 #

 #####         Cluster settings       #####
 ##########################################
 # Salt supports automatic clustering, salt creates a single ip address which
 # is shared among the individual salt components using ucarp. The private key
 # and all of the minion keys are maintained across the defined cluster masters
 # The failover service is automatically managed via these settings

 # List the identifiers for the other cluster masters in this manner:
 # [saltmaster-01.foo.com,saltmaster-02.foo.com,saltmaster-03.foo.com]
 # The members of this master array must be running as salt minions to
 # facilitate the distribution of cluster information
 #cluster_masters: []

 # The cluster modes are "paranoid" and "full"
 # paranoid will only distribute the accepted minion public keys.
 # full will also distribute the master private key.
 #cluster_mode: paranoid


 #####         Logging settings       #####
 ##########################################
 # The location of the master log file
 #log_file: /var/log/salt/master
 log_file: .salt/log
 # The level of messages to send to the log file.
 # One of 'info', 'quiet', 'critical', 'error', 'debug', 'warning'.
 # Default: 'warning'
 #log_level: warning
 #
 # Logger levels can be used to tweak specific loggers logging levels.
 # Imagine you want to have the salt library at the 'warning' level, but, you
 # still wish to have 'salt.modules' at the 'debug' level:
 #   log_granular_levels:
 #     'salt': 'warning',
 #     'salt.modules': 'debug'
 #
 #log_granular_levels: {}


 #####         Node Groups           #####
 ##########################################
 # Node groups allow for logical groupings of minion nodes.
 # A group consists of a group name and a compound target.
 #
 # nodegroups:
 #   group1: '[email protected],bar.domain.com,baz.domain.com and bl*.domain.com',
 #   group2: 'G@os:Debian and foo.domain.com',
	############################################################################
	# My current salt configuration for the master daemon as an unprivileged
	# non-root user.
	# https://gist.github.com/1652306
	############################################################################

	##### Primary configuration settings #####
	##########################################
	# The address of the interface to bind to
	#interface: 0.0.0.0

	# The port used by the publisher
	#publish_port: 4505

	# The user to run salt
	user: salt

	# number of threads to manage return calls from minions
	#worker_threads: 5

	# The port used by the communication interface
	#ret_port: 4506

	# The root directory prepended to these options: pki_dir, cachedir,
	# sock_dir, log_file.
	root_dir: /home/salt/

	# Directory used to store public key data
	pki_dir: .salt/pki

	# Directory to store job and cache data
	cachedir: .salt/cache

	# Set the number of hours to keep old job information
	#keep_jobs: 24

	# Set the directory used to hold unix sockets
	sock_dir: .salt/unix-sock

	##### Security settings #####
	##########################################
	# Enable "open mode", this mode still maintains encryption, but turns off
	# authentication, this is only intended for highly secure environments or for
	# the situation where your keys end up in a bad state. If you run in open mode
	# you do so at your own risk!
	#open_mode: False

	# Enable auto_accept, this setting will automatically accept all incoming
	# public keys from the minions. Note that this is insecure.
	#auto_accept: False

	##### State System settings #####
	##########################################
	# The state system uses a "top" file to tell the minions what environment to
	# use and what modules to use. The state_top file is defined relative to the
	# root of the base environment
	#state_top: top.sls
	#
	# The renderer to use on the minions to render the state data
	#renderer: yaml_jinja
	#
	# The failhard option tells the minions to stop immediately after the first
	# failure detected in the state execution, defaults to False
	#failhard: False

	##### File Server settings #####
	##########################################
	# Salt runs a lightweight file server written in zeromq to deliver files to
	# minions. This file server is built into the master daemon and does not
	# require a dedicated port.

	# The file server works on environments passed to the master, each environment
	# can have multiple root directories, the subdirectories in the multiple file
	# roots cannot match, otherwise the downloaded files will not be able to be
	# reliably ensured. A base environment is required to house the top file
	# Example:
	# file_roots:
	# base:
	# - /srv/salt/
	# dev:
	# - /srv/salt/dev/services
	# - /srv/salt/dev/states
	# prod:
	# - /srv/salt/prod/services
	# - /srv/salt/prod/states
	#
	# Default:
	#file_roots:
	# base:
	# - /srv/salt

	# The hash_type is the hash to use when discovering the hash of a file on
	# the master server, the default is md5, but sha1, sha224, sha256, sha384
	# and sha512 are also supported.
	#hash_type: md5

	# The buffer size in the file server can be adjusted here:
	#file_buffer_size: 1048576

	##### Syndic settings #####
	##########################################
	# The Salt syndic is used to pass commands through a master from a higher
	# master. Using the syndic is simple, if this is a master that will have
	# syndic servers(s) below it set the "order_masters" setting to True, if this
	# is a master that will be running a syndic daemon for passthrough the
	# "syndic_master" setting needs to be set to the location of the master server
	# to recieve commands from
	#
	# Set the order_masters setting to True if this master will command lower
	# masters' syndic interfaces
	#order_masters: False
	#
	# If this master will be running a salt syndic daemon, then the syndic needs
	# to know where the master it is recieving commands from is, set it with the
	# syndic_master value
	#syndic_master: masterofmaster

	##### Peer Publish settings #####
	##########################################
	# Salt minions can send commands to other minions, but only if the minion is
	# allowed to. By default "Peer Publication" is disabled, and when enabled it
	# is enabled for specific minions and specific commands. This allows secure
	# compartmentalization of commands based on individual minions.
	#
	# The configuration uses regular expressions to match minions and then a list
	# of regular expressions to match functions, the following will allow the
	# minion authenticated as foo.example.com to execute functions from the test
	# and pkg modules
	# peer:
	# foo.example.com:
	# - test.*
	# - pkg.*
	#
	# This will allow all minions to execute all commands:
	# peer:
	# .*:
	# - .*
	# This is not recomanded, since it would allow anyone who gets root on any
	# single minion to instantly have root on all of the minions!
	#

	##### Cluster settings #####
	##########################################
	# Salt supports automatic clustering, salt creates a single ip address which
	# is shared among the individual salt components using ucarp. The private key
	# and all of the minion keys are maintained across the defined cluster masters
	# The failover service is automatically managed via these settings

	# List the identifiers for the other cluster masters in this manner:
	# [saltmaster-01.foo.com,saltmaster-02.foo.com,saltmaster-03.foo.com]
	# The members of this master array must be running as salt minions to
	# facilitate the distribution of cluster information
	#cluster_masters: []

	# The cluster modes are "paranoid" and "full"
	# paranoid will only distribute the accepted minion public keys.
	# full will also distribute the master private key.
	#cluster_mode: paranoid


	##### Logging settings #####
	##########################################
	# The location of the master log file
	#log_file: /var/log/salt/master
	log_file: .salt/log
	# The level of messages to send to the log file.
	# One of 'info', 'quiet', 'critical', 'error', 'debug', 'warning'.
	# Default: 'warning'
	#log_level: warning
	#
	# Logger levels can be used to tweak specific loggers logging levels.
	# Imagine you want to have the salt library at the 'warning' level, but, you
	# still wish to have 'salt.modules' at the 'debug' level:
	# log_granular_levels:
	# 'salt': 'warning',
	# 'salt.modules': 'debug'
	#
	#log_granular_levels: {}


	##### Node Groups #####
	##########################################
	# Node groups allow for logical groupings of minion nodes.
	# A group consists of a group name and a compound target.
	#
	# nodegroups:
	# group1: '[email protected],bar.domain.com,baz.domain.com and bl*.domain.com',
	# group2: 'G@os:Debian and foo.domain.com',