linux: | |
network: | |
enabled: true | |
hostname: linux | |
fqdn: linux.ci.local | |
system: | |
enabled: true | |
banner: | |
enabled: true | |
contents: | | |
================= WARNING ================= | |
This is tcpcloud network. | |
Unauthorized access is strictly prohibited. | |
=========================================== | |
file: | |
/tmp/sample.txt: | |
source: http://techslides.com/demos/samples/sample.txt | |
source_hash: 5452459724e85b4e12277d5f8aab8fc9 | |
sample2.txt: | |
name: /tmp/sample2.txt | |
source: http://techslides.com/demos/samples/sample.txt | |
test2: | |
name: /tmp/test2.txt | |
contents: | | |
line1 | |
line2 | |
user: root | |
group: root | |
mode: 700 | |
dir_mode: 700 | |
encoding: utf-8 | |
makedirs: true | |
test3: | |
name: /tmp/test3.txt | |
source: salt://linux/files/test/file_template.jinja | |
template: jinja | |
apt: | |
preferences: | |
enabled: true | |
rules: | |
100: | |
enabled: true | |
name: 'Ubuntu origin' | |
pin: 'release o=Ubuntu' | |
priority: 1100 | |
package: '*' | |
5: | |
enabled: true | |
name: 'Ubuntu origin' | |
pin: 'release o=Ubuntu' | |
priority: 1100 | |
package: '*' | |
at: | |
enabled: true | |
user: | |
root: | |
enabled: true | |
testuser: | |
enabled: true | |
cron: | |
enabled: true | |
user: | |
root: | |
enabled: true | |
testuser: | |
enabled: true | |
cluster: default | |
name: linux | |
domain: ci.local | |
environment: prd | |
purge_repos: true | |
service: | |
apt-daily.timer: | |
status: dead | |
tgt: | |
name: tgt | |
status: running | |
enabled: True | |
override: | |
50: | |
target: tgt.service.d | |
content: | | |
[Service] | |
ExecStart= | |
ExecStart=/usr/sbin/tgtd -f --iscsi portal=127.0.0.1:5555 | |
directory: | |
/tmp/test: | |
makedirs: true | |
apparmor: | |
enabled: false | |
haveged: | |
enabled: true | |
prompt: | |
default: "linux.ci.local$" | |
kernel: | |
isolcpu: 1,2,3,4 | |
elevator: deadline | |
boot_options: | |
- pti=off | |
- spectre_v2=auto | |
module: | |
module_1: | |
install: | |
command: /bin/true | |
remove: | |
enabled: false | |
command: /bin/false | |
module_2: | |
install: | |
enabled: false | |
command: /bin/false | |
remove: | |
command: /bin/true | |
module_3: | |
blacklist: true | |
module_4: | |
blacklist: false | |
alias: | |
"module*": | |
enabled: true | |
"module_*": | |
enabled: false | |
module_5: | |
softdep: | |
pre: | |
1: | |
value: module_1 | |
2: | |
value: module_2 | |
enabled: false | |
post: | |
1: | |
value: module_3 | |
2: | |
value: module_4 | |
enabled: false | |
module_6: | |
option: | |
opt_1: 111 | |
opt_2: 222 | |
module_7: | |
option: | |
opt_3: | |
value: 333 | |
opt_4: | |
enabled: true | |
value: 444 | |
opt_5: | |
enabled: false | |
cgroup: | |
group: | |
group_1: | |
controller: | |
cpu: | |
shares: | |
value: 250 | |
mapping: | |
subjects: | |
- '@group1' | |
sysfs: | |
enable_apply: true | |
scheduler: | |
block/sda/queue/scheduler: deadline | |
power: | |
mode: | |
power/state: 0660 | |
owner: | |
power/state: "root:power" | |
devices/system/cpu/cpu0/cpufreq/scaling_governor: powersave | |
motd: | |
- warning: | | |
#!/bin/sh | |
printf "WARNING: This is tcpcloud network.\n" | |
printf " Unauthorized access is strictly prohibited.\n" | |
printf "\n" | |
- info: | | |
#!/bin/sh | |
printf -- "--[tcp cloud]---------------------------\n" | |
printf " Hostname | ${linux:system:name}\n" | |
printf " Domain | ${linux:system:domain}\n" | |
printf " System | %s\n" "$(lsb_release -s -d)" | |
printf " Kernel | %s\n" "$(uname -r)" | |
printf -- "----------------------------------------\n" | |
printf "\n" | |
user: | |
root: | |
enabled: true | |
home: /root | |
name: root | |
maxdays: 365 | |
testuser: | |
enabled: true | |
name: testuser | |
password: passw0rd | |
sudo: true | |
uid: 9999 | |
full_name: Test User | |
home: /home/test | |
unique: false | |
groups: | |
- db-ops | |
- salt-ops | |
optional_groups: | |
- docker | |
salt_user1: | |
enabled: true | |
name: saltuser1 | |
sudo: false | |
uid: 9991 | |
full_name: Salt User1 | |
home: /home/saltuser1 | |
home_dir_mode: 755 | |
salt_user2: | |
enabled: true | |
name: saltuser2 | |
sudo: false | |
uid: 9992 | |
full_name: Salt Sudo User2 | |
home: /home/saltuser2 | |
groups: | |
- sudogroup1 | |
group: | |
testgroup: | |
enabled: true | |
name: testgroup | |
gid: 9999 | |
system: true | |
addusers: | |
- salt_user1 | |
- salt_user2 | |
db-ops: | |
enabled: true | |
delusers: | |
- salt_user1 | |
- dontexistatall | |
salt-ops: | |
enabled: true | |
name: salt-ops | |
sudogroup1: | |
enabled: true | |
name: sudogroup1 | |
sudogroup2: | |
enabled: true | |
name: sudogroup2 | |
sudogroup3: | |
enabled: false | |
name: sudogroup3 | |
job: | |
test: | |
enabled: true | |
command: "/bin/sleep 3" | |
user: testuser | |
minute: 0 | |
hour: 13 | |
package: | |
htop: | |
version: latest | |
repo: | |
disabled_repo: | |
source: "deb [arch=amd64] https://download.docker.com/linux/ubuntu xenial stable" | |
enabled: false | |
disabled_repo_left_proxy: | |
source: "deb [arch=amd64] https://download.docker.com/linux/ubuntu xenial stable" | |
enabled: false | |
proxy: | |
enabled: true | |
https: https://127.0.5.1:443 | |
saltstack: | |
source: "deb [arch=amd64] http://repo.saltstack.com/apt/ubuntu/16.04/amd64/2017.7/ xenial main" | |
key_url: "http://repo.saltstack.com/apt/ubuntu/16.04/amd64/2017.7/SALTSTACK-GPG-KEY.pub" | |
name: 'human readable saltstack reponame' | |
architectures: amd64 | |
clean_file: true | |
pinning: | |
10: | |
enabled: true | |
pin: 'release o=SaltStack' | |
priority: 50 | |
package: 'libsodium18' | |
20: | |
enabled: true | |
pin: 'release o=SaltStack' | |
priority: 1100 | |
package: '*' | |
opencontrail: | |
source: "deb http://ppa.launchpad.net/tcpcloud/contrail-3.0/ubuntu xenial main" | |
keyid: E79EE90C | |
keyserver: keyserver.ubuntu.com | |
architectures: amd64 | |
proxy: | |
enabled: true | |
https: https://127.0.5.1:443 | |
#http: http://127.0.5.2:8080 | |
apt-salt: | |
source: "deb http://apt.mirantis.com/xenial stable salt" | |
#key_url: http://apt.mirantis.com/public.gpg | |
# pub 4096R/A76882D3 2015-06-17 | |
key: | | |
-----BEGIN PGP PUBLIC KEY BLOCK----- | |
Version: GnuPG v1 | |
mQINBFWBfCIBEADf6lnsY9v4rf/x0ribkFlnHnsv1/yD+M+YgZoQxYdf6b7M4/PY | |
zZ/c3uJt4l1vR3Yoocfc1VgtBNfA1ussBqXdmyRBMO1LKdQWnurNxWLW7CwcyNke | |
xeBfhjOqA6tIIXMfor7uUrwlIxJIxK+jc3C3nhM46QZpWX5d4mlkgxKh1G4ZRj4A | |
mEo2NduLUgfmF+gM1MmAbU8ekzciKet4TsM64WAtHyYllGKvuFSdBjsewO3McuhR | |
i1Desb5QdfIU4p3gkIa0EqlkkqX4rowo5qUnl670TNTTZHaz0MxCBoYaGbGhS7gZ | |
6/PLm8fJHmU/phst/QmOY76a5efZWbhhnlyYLIB8UjywN+VDqwkNk9jLUSXHTakh | |
dnL4OuGoNpIzms8juVFlnuOmx+FcfbHMbhAc7aPqFK+6J3YS4kJSfeHWJ6cTGoU1 | |
cLWEhsbU3Gp8am5fnh72RJ7v2sTe/rvCuVtlNufi5SyBPcEUZoxFVWAC/hMeiWzy | |
drBIVC73raf+A+OjH8op9XfkVj6czxQ/451soe3jvCDGgTXPLlts+P5WhgWNpDPa | |
fOfTHn/2o7NwoM7Vp+BQYKAQ78phsolvNNhf+g51ntoLUbxAGKZYzQ5RPsKo+Hq6 | |
96UCFkqhSABk0DvM0LtquzZ+sNoipd02w8EaxQzelDJxvPFGigo1uqGoiQARAQAB | |
tCx0Y3BjbG91ZCBzaWduaW5nIGtleSA8YXV0b2J1aWxkQHRjcGNsb3VkLmV1PokC | |
OwQTAQIAJQIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AFAlWj4K8CGQEACgkQ | |
JACFCadogtPm9xAAl1D1RUY1mttjKk+8KI3tUmgtqLaIGUcB4TPbIhQpFy23TJd6 | |
BnnEaGZ+HSCj3lp/dBoq1xxCqHCziKA04IpPaLpGJf8cqaKOpQpW1ErlSxT6nCQW | |
FrHFxZreBTljKqW3fvRBXNAquj0krJEwv19/3SsQ+CJI2Zkq/HPDw9eJOCu0WcJM | |
PVtAq2SmaDigh1jtFcFoWZ7uFFMQPIWit/RCPkDfkFaf6lbYZ/nnvWON9OAgzWci | |
GJjCp5a7vMyCpTRy6bgNPqM61omCe0iQ4yIcqANXhRYS/DBnjKr9YaDKnlKNUgd1 | |
WRE8QzErQznH/plgISQ+df+8Iunp3SBr/jj1604yyM1Wxppn1+dAoTBU1OPFGVd3 | |
mCEYHUe+v0iTZ69C2c1ISmp2MjciGyE/UPbW9ejUIXtFJAJovZjn6P3glyIQB3wq | |
AW6JE+xEBWH7Ix+Uv6YNAFfj3UO6vNjtuGbTCWYDCEJRkdmeE7QdTYDo7PxgPl1t | |
6xMGPLOBdYNJTEojvRYBTt+6iw0eZ+MCUdUFNeaseQh0p1RgqM9/7t75QCNLl1oO | |
+Cfu4vNef/Tpd3LHcUoQhQ2OViOVFbq1/Yu/natWDPDcXb3peTcNHOjmXAoboWbz | |
rDkxj5z7vcJ9LMEXviP6Fb/iXDmJh74/o6Agc8efb0WTmFjPFFtMCHrinb+5Ag0E | |
VYF8IgEQALUVS2GESQ+F1S4b0JIO1M2tVBXiH4N56eUzcDXxXbSZgCgx4aWhk5vJ | |
Qu7M11gtqIoiRbmuFpUmDOG/kB7DxBZPn8WqcBKpky6GUP/A/emaAZTwNQdcDAhD | |
foBkJdhVz0D2jnkBffYL055p/r1Ers+iTTNOas/0uc50C32xR823rQ2Nl6/ffIM6 | |
JqfQenhRvqUWPj9oqESHMsqEdceSwS/VC7RN4xQXJXfEWu2q4Ahs62RmvCXnTw1A | |
sPcpysoBoo8IW+V1MVQEZuAJRn2AGO/Q7uY9TR4guHb3wXRfZ3k0KVUsyqqdusJi | |
T3DxxBw6GcKdOH6t41Ys3eYgOrc+RcSdcHYSpxaLvEIhwzarZ+mqcp3gz/JkPlXS | |
2tx2l6NZHcgReOM7IhqMuxzBbpcrsbBmLBemC+u7hoPTjUdTHKEwvWaeXL4vgsqQ | |
BbEeKmXep5sZg3kHtpXzY9ZfPQrtGB8vHGrfaZIcCKuXwZWGL5GGWKw3TSP4fAIA | |
jLxLf5MyyXcsugbai2OY/H4sAuvJHsmGtergGknuR+iFdt5el1wgRKP1r1KdmvMm | |
wsSayc6eSEKd689x3zsmAtnhYM31oMkPdeYRbnN15gLG7vcsVe4jug0YTqQt2WGn | |
hwjBA0i2qfTorXemWChsxKllvY9aB3ST8I6RMat0kS08FMD+Ced/ABEBAAGJAh8E | |
GAECAAkFAlWBfCICGwwACgkQJACFCadogtNicA/9HOM402VGHlmuYPcrvEThHqMK | |
KOTtNFsrrPp67dGYaT8TGTgy1OG4Oys2y+hrwqnUK6dXJxX2/RBfRuO/gw65RCfC | |
9nWeMkqJTjHJCKNTYfXN4O4ag444UZPcOMq+IyiWF3/sh674zCkCm5DQ/FH8IJ8Y | |
n4jMoxe7G48PCGtgcJKXo8NBzxwXJH4DCdk7rNdrbrnCwObG8h6530WrmzKuyFCJ | |
QP5JA0MSx23J2OrK2YmVMhTeO0czJ8fRip9We9/qAfZGUEW+sey+nLmT5OJq04al | |
Va9g2a4nXxzDy84+hRXQNUeCRYn/ys8d8q9HZNv3K36HlILcuWazNTTh0cuWupBd | |
SlIEuWbIdbknYpGsmS1cPeGi0bdoLZv90BIVmdOS/vXP02fGUblyANciKcBPRhOI | |
+z6hzwdZ+QvjPbxZUig5XuvqBhIHoRtMBJdf24ysFuf/d4uZzTC8T4rUQO+L29bt | |
8riT0dg6cHVwC0VH89FaO1FduvsCtAwdAgxSzOMBECNOmVBThIiWdLnns107Rp4F | |
ECk+l2UCjl7zwGqJqcd1BQK+UgZwVG2UV11CrhopKU5oGL84n5DaO2n6Rv8wVdrt | |
MKvqi7EkgvZpY0IHJ7rp0Gzrv0qmwJaUFCWFogITNyijb1JVsUgDTMhAkEgEsIYy | |
jtcwJrHue5Xn8UPSLkE= | |
=SWiA | |
-----END PGP PUBLIC KEY BLOCK----- | |
architectures: amd64 | |
proxy: | |
enabled: true | |
apt-salt-nightly: | |
source: "deb http://apt.mirantis.com/xenial nightly salt" | |
key_url: http://apt.mirantis.com/public.gpg | |
architectures: amd64 | |
proxy: | |
enabled: false | |
apt-extra-nightly: | |
source: "deb http://apt.mirantis.com/xenial nightly extra" | |
key_url: http://apt.mirantis.com/public.gpg | |
architectures: amd64 | |
locale: | |
en_US: | |
enabled: true | |
default: true | |
cs_CZ: | |
enabled: true | |
autoupdates: | |
enabled: true | |
sudo: | |
enabled: true | |
alias: | |
runas: | |
DBA: | |
- postgres | |
- mysql | |
SALT: | |
- root | |
host: | |
LOCAL: | |
- localhost | |
PRODUCTION: | |
- db1 | |
- db2 | |
command: | |
SUDO_RESTRICTED_SU: | |
- /bin/vi /etc/sudoers | |
- /bin/su - root | |
- /bin/su - | |
- /bin/su | |
- /usr/sbin/visudo | |
SUDO_SHELLS: | |
- /bin/sh | |
- /bin/ksh | |
- /bin/bash | |
- /bin/rbash | |
- /bin/dash | |
- /bin/zsh | |
- /bin/csh | |
- /bin/fish | |
- /bin/tcsh | |
- /usr/bin/login | |
- /usr/bin/su | |
- /usr/su | |
SUDO_SALT_SAFE: | |
- /usr/bin/salt state* | |
- /usr/bin/salt service* | |
- /usr/bin/salt pillar* | |
- /usr/bin/salt grains* | |
- /usr/bin/salt saltutil* | |
- /usr/bin/salt-call state* | |
- /usr/bin/salt-call service* | |
- /usr/bin/salt-call pillar* | |
- /usr/bin/salt-call grains* | |
- /usr/bin/salt-call saltutil* | |
SUDO_SALT_TRUSTED: | |
- /usr/bin/salt* | |
users: | |
saltuser1: {} | |
saltuser2: | |
hosts: | |
- LOCAL | |
# User Alias: | |
DBA: | |
hosts: | |
- ALL | |
commands: | |
- SUDO_SALT_SAFE | |
groups: | |
db-ops: | |
hosts: | |
- ALL | |
- '!PRODUCTION' | |
runas: | |
- DBA | |
commands: | |
- /bin/cat * | |
- /bin/less * | |
- /bin/ls * | |
- SUDO_SALT_SAFE | |
- '!SUDO_SHELLS' | |
- '!SUDO_RESTRICTED_SU' | |
salt-ops: | |
hosts: | |
- 'ALL' | |
runas: | |
- SALT | |
commands: | |
- SUDO_SALT_TRUSTED | |
salt-ops2: | |
name: salt-ops | |
runas: | |
- DBA | |
commands: | |
- SUDO_SHELLS | |
sudogroup1: | |
commands: | |
- ALL | |
sudogroup2: | |
commands: | |
- ALL | |
hosts: | |
- localhost | |
users: | |
- test | |
nopasswd: false | |
sudogroup3: | |
commands: | |
- ALL | |
env: | |
BOB_VARIABLE: Alice | |
BOB_PATH: | |
- /srv/alice/bin | |
- /srv/bob/bin | |
HTTPS_PROXY: https://127.0.4.1:443 | |
http_proxy: http://127.0.4.2:80 | |
ftp_proxy: ftp://127.0.4.3:2121 | |
no_proxy: | |
- 192.168.0.1 | |
- 192.168.0.2 | |
- .saltstack.com | |
- .ubuntu.com | |
- .mirantis.com | |
- .launchpad.net | |
- .dummy.net | |
- .local | |
LANG: C | |
LC_ALL: C | |
login_defs: | |
PASS_MAX_DAYS: | |
value: 99 | |
shell: | |
umask: '027' | |
timeout: 900 | |
profile: | |
vi_flavors.sh: | | |
export PAGER=view | |
alias vi=vim | |
locales: | | |
export LANG=en_US | |
export LC_ALL=en_US.UTF-8 | |
# pillar for proxy configuration | |
proxy: | |
# for package managers | |
pkg: | |
enabled: true | |
https: https://127.0.2.1:4443 | |
#http: http://127.0.2.2 | |
ftp: none | |
# fallback, system defaults | |
https: https://127.0.1.1:443 | |
#http: http://127.0.1.2 | |
ftp: ftp://127.0.1.3 | |
noproxy: | |
- host1 | |
- host2 | |
- .local | |
# pillars for netconsole setup | |
netconsole: | |
enabled: true | |
port: 514 | |
loglevel: debug | |
target: | |
192.168.0.1: | |
mac: "ff:ff:ff:ff:ff:ff" | |
interface: bond0 | |
atop: | |
enabled: true | |
interval: 20 | |
logpath: "/var/mylog/atop" | |
outfile: "/var/mylog/atop/daily.log" | |
mcelog: | |
enabled: true | |
logging: | |
syslog: true | |
syslog_error: true |