From: frank Date: Mon, 27 Feb 2012 11:29:42 +0000 (+0100) Subject: committing changes in /etc after emerge run X-Git-Url: https://git.uhu-banane.org/?a=commitdiff_plain;h=ef884f089ced8e6bc68bf3c223a0172ff1d69711;p=config%2Fuhu1%2Fetc.git committing changes in /etc after emerge run Package changes: +app-admin/salt-0.9.7 --- diff --git a/.etckeeper b/.etckeeper index aed4d76..b31dcfe 100755 --- a/.etckeeper +++ b/.etckeeper @@ -1095,6 +1095,9 @@ maybe chmod 0755 './runlevels/boot' maybe chmod 0755 './runlevels/default' maybe chmod 0755 './runlevels/shutdown' maybe chmod 0755 './runlevels/sysinit' +maybe chmod 0755 './salt' +maybe chmod 0644 './salt/master.template' +maybe chmod 0644 './salt/minion.template' maybe chmod 0755 './samba' maybe chmod 0644 './samba/lmhosts' maybe chmod 0644 './samba/smb.conf.default' diff --git a/salt/master.template b/salt/master.template new file mode 100644 index 0000000..6105a89 --- /dev/null +++ b/salt/master.template @@ -0,0 +1,204 @@ +# DO NOT MODIFY THIS FILE. Copy it to: /etc/salt/master +##### Primary configuration settings ##### +########################################## +# The address of the interface to bind to +#interface: 0.0.0.0 + +# The port used by the publisher +#publish_port: 4505 + +# The user to run salt +#user: root + +# The number of worker threads to start, these threads are used to manage +# return calls made from minions to the master, if the master seems to be +# running slowly, increase the number of threads +#worker_threads: 5 + +# The port used by the communication interface +#ret_port: 4506 + +# The root directory prepended to these options: pki_dir, cachedir, +# sock_dir, log_file. +#root_dir: / + +# Directory used to store public key data +#pki_dir: /etc/salt/pki + +# Directory to store job and cache data +#cachedir: /var/cache/salt + +# Set the number of hours to keep old job information +#keep_jobs: 24 + +# Set the default timeout for the salt command and api, the default is 5 +# seconds +#timeout: 5 + +# Set the directory used to hold unix sockets +#sock_dir: /tmp/salt-unix + +# Set the acceptance level for serialization of messages. This should only be +# set if the master is newer than 0.9.5 and the minion are older. This option +# allows a 0.9.5 and newer master to communicate with minions 0.9.4 and +# earlier. It is not recommended to keep this setting on if the minions are +# all 0.9.5 or higher, as leaving pickle as the serialization medium is slow +# and opens up security risks +# +#serial: msgpack + +##### Security settings ##### +########################################## +# Enable "open mode", this mode still maintains encryption, but turns off +# authentication, this is only intended for highly secure environments or for +# the situation where your keys end up in a bad state. If you run in open mode +# you do so at your own risk! +#open_mode: False + +# Enable auto_accept, this setting will automatically accept all incoming +# public keys from the minions. Note that this is insecure. +#auto_accept: False + +##### State System settings ##### +########################################## +# The state system uses a "top" file to tell the minions what environment to +# use and what modules to use. The state_top file is defined relative to the +# root of the base environment. +#state_top: top.sls +# +# The external_nodes option allows Salt to gather data that would normally be +# placed in a top file. The external_nodes option is the executable that will +# return the ENC data. Remember that Salt will look for external nodes AND top +# files and combine the results if both are enabled! +#external_nodes: None +# +# The renderer to use on the minions to render the state data +#renderer: yaml_jinja +# +# The failhard option tells the minions to stop immediately after the first +# failure detected in the state execution, defaults to False +#failhard: False + +##### File Server settings ##### +########################################## +# Salt runs a lightweight file server written in zeromq to deliver files to +# minions. This file server is built into the master daemon and does not +# require a dedicated port. + +# The file server works on environments passed to the master, each environment +# can have multiple root directories, the subdirectories in the multiple file +# roots cannot match, otherwise the downloaded files will not be able to be +# reliably ensured. A base environment is required to house the top file. +# Example: +# file_roots: +# base: +# - /srv/salt/ +# dev: +# - /srv/salt/dev/services +# - /srv/salt/dev/states +# prod: +# - /srv/salt/prod/services +# - /srv/salt/prod/states +# +# Default: +#file_roots: +# base: +# - /srv/salt + +# The hash_type is the hash to use when discovering the hash of a file on +# the master server, the default is md5, but sha1, sha224, sha256, sha384 +# and sha512 are also supported. +#hash_type: md5 + +# The buffer size in the file server can be adjusted here: +#file_buffer_size: 1048576 + +##### Syndic settings ##### +########################################## +# The Salt syndic is used to pass commands through a master from a higher +# master. Using the syndic is simple, if this is a master that will have +# syndic servers(s) below it set the "order_masters" setting to True, if this +# is a master that will be running a syndic daemon for passthrough the +# "syndic_master" setting needs to be set to the location of the master server +# to recieve commands from. +# +# Set the order_masters setting to True if this master will command lower +# masters' syndic interfaces. +#order_masters: False +# +# If this master will be running a salt syndic daemon, syndic_master tells +# this master where to recieve commands from. +#syndic_master: masterofmaster + +##### Peer Publish settings ##### +########################################## +# Salt minions can send commands to other minions, but only if the minion is +# allowed to. By default "Peer Publication" is disabled, and when enabled it +# is enabled for specific minions and specific commands. This allows secure +# compartmentalization of commands based on individual minions. +# +# The configuration uses regular expressions to match minions and then a list +# of regular expressions to match functions. The following will allow the +# minion authenticated as foo.example.com to execute functions from the test +# and pkg modules. +# peer: +# foo.example.com: +# - test.* +# - pkg.* +# +# This will allow all minions to execute all commands: +# peer: +# .*: +# - .* +# This is not recomanded, since it would allow anyone who gets root on any +# single minion to instantly have root on all of the minions! +# + +##### Cluster settings ##### +########################################## +# Salt supports automatic clustering, salt creates a single ip address which +# is shared among the individual salt components using ucarp. The private key +# and all of the minion keys are maintained across the defined cluster masters. +# The failover service is automatically managed via these settings + +# List the identifiers for the other cluster masters in this manner: +# [saltmaster-01.foo.com,saltmaster-02.foo.com,saltmaster-03.foo.com] +# The members of this master array must be running as salt minions to +# facilitate the distribution of cluster information +#cluster_masters: [] + +# The cluster modes are "paranoid" and "full" +# paranoid will only distribute the accepted minion public keys. +# full will also distribute the master private key. +#cluster_mode: paranoid + + +##### Logging settings ##### +########################################## +# The location of the master log file +#log_file: /var/log/salt/master +# +# The level of messages to send to the log file. +# One of 'info', 'quiet', 'critical', 'error', 'debug', 'warning'. +# Default: 'warning' +#log_level: warning +# +# Logger levels can be used to tweak specific loggers logging levels. +# For example, if you want to have the salt library at the 'warning' level, +# but you still wish to have 'salt.modules' at the 'debug' level: +# log_granular_levels: +# 'salt': 'warning', +# 'salt.modules': 'debug' +# +#log_granular_levels: {} + + +##### Node Groups ##### +########################################## +# Node groups allow for logical groupings of minion nodes. +# A group consists of a group name and a compound target. +# +# nodegroups: +# group1: 'L@foo.domain.com,bar.domain.com,baz.domain.com and bl*.domain.com', +# group2: 'G@os:Debian and foo.domain.com', + diff --git a/salt/minion.template b/salt/minion.template new file mode 100644 index 0000000..59c5700 --- /dev/null +++ b/salt/minion.template @@ -0,0 +1,155 @@ +# DO NOT MODIFY THIS FILE. Copy it to: /etc/salt/minion +##### Primary configuration settings ##### +########################################## +# Set the location of the salt master server, if the master server cannot be +# resolved, then the minion will fail to start. +#master: salt + +# Set the port used by the master reply and authentication server +#master_port: 4506 + +# The user to run salt +#user: root + +# The root directory prepended to these options: pki_dir, cachedir, log_file. +#root_dir: / + +# The directory to store the pki information in +#pki_dir: /etc/salt/pki + +# Explicitly declare the id for this minion to use, if left commented the id +# will be the hostname as returned by the python call: socket.getfqdn() +# Since salt uses detached ids it is possible to run multiple minions on the +# same machine but with different ids, this can be useful for salt compute +# clusters. +#id: + +# If the the connection to the server is interrupted, the minion will +# attempt to reconnect. sub_timeout allows you to control the rate +# of reconnection attempts (in seconds). To disable reconnects, set +# this value to 0. +#sub_timeout: 60 + +# Where cache data goes +#cachedir: /var/cache/salt + +# The minion can locally cache the return data from jobs sent to it, this +# can be a good way to keep track of jobs the minion has executed +# (on the minion side). By default this feature is disabled, to enable +# set cache_jobs to True +#cache_jobs: False + +# When waiting for a master to accept the minion's public key, salt will +# continuously attempt to reconnect until successful. This is the time, in +# seconds, between those reconnection attempts. +#acceptance_wait_time = 10 + + + +##### Minion module management ##### +########################################## +# Disable specific modules. This allows the admin to limit the level of +# access the master has to the minion +#disable_modules: [cmd,test] +#disable_returners: [] +# +# Modules can be loaded from arbitrary paths. This enables the easy deployment +# of third party modules. Modules for returners and minions can be loaded. +# Specify a list of extra directories to search for minion modules and +# returners. These paths must be fully qualified! +#module_dirs: [] +#returner_dirs: [] +#states_dirs: [] +#render_dirs: [] +# +# Enable Cython modules searching and loading. (Default: False) +#cython_enable: False + +##### State Management Settings ##### +########################################### +# The state management system executes all of the state templates on the minion +# to enable more granular control of system state management. The type of +# template and serialization used for state management needs to be configured +# on the minion, the default renderer is yaml_jinja. This is a yaml file +# rendered from a jinja template, the available options are: +# yaml_jinja +# yaml_mako +# json_jinja +# json_mako +# +#renderer: yaml_jinja +# +# state_verbose allows for the data returned from the minion to be more +# verbose. Normaly only states that fail or states that have changes are +# returned, but setting state_verbose to True will return all states that +# were checked +#state_verbose: False +# +# autoload_dynamic_modules Turns on automatic loading of modules found in the +# environments on the master. This is turned on by default, to turn of +# autoloading modules when states run set this value to False +#autoload_dynamic_modules: True +# +# clean_dynamic_modules keeps the dynamic modules on the minion in sync with +# the dynamic modules on the master, this means that if a dynamic module is +# not on the master it will be deleted from the minion. By default this is +# enabled and can be disabled by changing this value to False +#clean_dynamic_modules: True +# +# Normally the minion is not isolated to any single environment on the master +# when running states, but the environment can be isolated on the minion side +# by statically setting it. Remember that the recommended way to manage +# environments is to issolate via the top file. +#environment: None + +###### Security settings ##### +########################################### +# Enable "open mode", this mode still maintains encryption, but turns off +# authentication, this is only intended for highly secure environments or for +# the situation where your keys end up in a bad state. If you run in open mode +# you do so at your own risk! +#open_mode: False + + +###### Thread settings ##### +########################################### +# Disable multiprocessing support, by default when a minion receives a +# publication a new process is spawned and the command is executed therein. +#multiprocessing: True + +###### Logging settings ##### +########################################### +# The location of the minion log file +#log_file: /var/log/salt/minion +# +# The level of messages to send to the log file. +# One of 'info', 'quiet', 'critical', 'error', 'debug', 'warning'. +# Default: 'warning' +#log_level: warning +# +# Logger levels can be used to tweak specific loggers logging levels. +# For example, if you want to have the salt library at the 'warning' level, +# but you still wish to have 'salt.modules' at the 'debug' level: +# log_granular_levels: { +# 'salt': 'warning', +# 'salt.modules': 'debug' +# } +# +#log_granular_levels: {} + +###### Module configuration ##### +########################################### +# Salt allows for modules to be passed arbitrary configuration data, any data +# passed here in valid yaml format will be passed on to the salt minion modules +# for use. It is STRONGLY recommended that a naming convention be used in which +# the module name is followed by a . and then the value. Also, all top level +# data must be applied via the yaml dict construct, some examples: +# +# A simple value for the test module: +#test.foo: foo +# +# A list for the test module: +#test.bar: [baz,quo] +# +# A dict for the test module: +#test.baz: {spam: sausage, cheese: bread}