Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / linux / c631b2ed1cbea08459721658d69f840a71c7a420 / . / tests / pillar / system.sls
blob: 5696151e906045cd1ac44d338f189e1b7df3bd2e [file] [log] [blame]
linux:
network:
enabled: true
hostname: linux
fqdn: linux.ci.local
system:
enabled: true
banner:
enabled: true
contents: |
================= WARNING =================
This is tcpcloud network.
Unauthorized access is strictly prohibited.
===========================================
file:
/tmp/sample.txt:
source: http://techslides.com/demos/samples/sample.txt
source_hash: 5452459724e85b4e12277d5f8aab8fc9
sample2.txt:
name: /tmp/sample2.txt
source: http://techslides.com/demos/samples/sample.txt
sample3.tar.gz:
name: /tmp/sample3.tar.gz
secured_source:
protocol: http #optional
user: username
password: password
url: wordpress.org/latest.tar.gz
secured_hash: #optional
url: wordpress.org/latest.tar.gz.md5
test2:
name: /tmp/test2.txt
contents: |
line1
line2
user: root
group: root
mode: 700
dir_mode: 700
encoding: utf-8
makedirs: true
test3:
name: /tmp/test3.txt
source: salt://linux/files/test/file_template.jinja
template: jinja
test4:
decode: True
name: /tmp/test4.txt
encoded_data: dGVzdDQK
apt:
preferences:
enabled: true
rules:
100:
enabled: true
name: 'Ubuntu origin'
pin: 'release o=Ubuntu'
priority: 1100
package: '*'
5:
enabled: true
name: 'Ubuntu origin'
pin: 'release o=Ubuntu'
priority: 1100
package: '*'
at:
enabled: true
user:
root:
enabled: true
testuser:
enabled: true
cron:
enabled: true
user:
root:
enabled: true
testuser:
enabled: true
cluster: default
name: linux
domain: ci.local
environment: prd
purge_repos: true
service:
apt-daily.timer:
status: dead
tgt:
name: tgt
status: running
enabled: True
override:
50:
target: tgt.service.d
content: |
[Service]
ExecStart=
ExecStart=/usr/sbin/tgtd -f --iscsi portal=127.0.0.1:5555
directory:
/tmp/test:
makedirs: true
apparmor:
enabled: false
haveged:
enabled: true
prompt:
default: "linux.ci.local$"
kernel:
isolcpu: 1,2,3,4
elevator: deadline
boot_options:
- pti=off
- spectre_v2=auto
module:
module_1:
install:
command: /bin/true
remove:
enabled: false
command: /bin/false
module_2:
install:
enabled: false
command: /bin/false
remove:
command: /bin/true
module_3:
blacklist: true
module_4:
blacklist: false
alias:
"module*":
enabled: true
"module_*":
enabled: false
module_5:
softdep:
pre:
1:
value: module_1
2:
value: module_2
enabled: false
post:
1:
value: module_3
2:
value: module_4
enabled: false
module_6:
option:
opt_1: 111
opt_2: 222
module_7:
option:
opt_3:
value: 333
opt_4:
enabled: true
value: 444
opt_5:
enabled: false
cgroup:
group:
group_1:
controller:
cpu:
shares:
value: 250
mapping:
subjects:
- '@group1'
sysfs:
enable_apply: true
scheduler:
block/sda/queue/scheduler: deadline
power:
mode:
power/state: 0660
owner:
power/state: "root:power"
devices/system/cpu/cpu0/cpufreq/scaling_governor: powersave
motd:
- warning: |
#!/bin/sh
printf "WARNING: This is tcpcloud network.\n"
printf " Unauthorized access is strictly prohibited.\n"
printf "\n"
- info: |
#!/bin/sh
printf -- "--[tcp cloud]---------------------------\n"
printf " Hostname | ${linux:system:name}\n"
printf " Domain | ${linux:system:domain}\n"
printf " System | %s\n" "$(lsb_release -s -d)"
printf " Kernel | %s\n" "$(uname -r)"
printf -- "----------------------------------------\n"
printf "\n"
user:
root:
enabled: true
home: /root
name: root
maxdays: 365
testuser:
enabled: true
name: testuser
password: passw0rd
sudo: true
uid: 9999
full_name: Test User
home: /home/test
unique: false
groups:
- db-ops
- salt-ops
optional_groups:
- docker
salt_user1:
enabled: true
name: saltuser1
sudo: false
uid: 9991
full_name: Salt User1
home: /home/saltuser1
home_dir_mode: 755
salt_user2:
enabled: true
name: saltuser2
sudo: false
uid: 9992
full_name: Salt Sudo User2
home: /home/saltuser2
groups:
- sudogroup1
example:
enabled: false
name: example
sudo: false
full_name: disabled
home: /home/example
email: disabled
force_delete: True
group:
testgroup:
enabled: true
name: testgroup
gid: 9999
system: true
addusers:
- salt_user1
- salt_user2
db-ops:
enabled: true
delusers:
- salt_user1
- dontexistatall
salt-ops:
enabled: true
name: salt-ops
sudogroup1:
enabled: true
name: sudogroup1
sudogroup2:
enabled: true
name: sudogroup2
sudogroup3:
enabled: false
name: sudogroup3
job:
test:
enabled: true
command: "/bin/sleep 3"
user: testuser
minute: 0
hour: 13
package:
htop:
version: latest
repo:
disabled_repo:
source: "deb [arch=amd64] https://download.docker.com/linux/ubuntu xenial stable"
enabled: false
disabled_repo_left_proxy:
source: "deb [arch=amd64] https://download.docker.com/linux/ubuntu xenial stable"
enabled: false
proxy:
enabled: true
https: https://127.0.5.1:443
saltstack:
source: "deb [arch=amd64] http://mirror.mirantis.com/update/2019.2.0/saltstack-2017.7/xenial xenial main"
key_url: "http://mirror.mirantis.com/update/2019.2.0/saltstack-2017.7/xenial/SALTSTACK-GPG-KEY.pub"
name: 'human readable saltstack reponame'
architectures: amd64
clean_file: true
pinning:
10:
enabled: true
pin: 'release o=SaltStack'
priority: 50
package: 'libsodium18'
20:
enabled: true
pin: 'release o=SaltStack'
priority: 1100
package: '*'
opencontrail:
source: "deb http://ppa.launchpad.net/tcpcloud/contrail-3.0/ubuntu xenial main"
keyid: E79EE90C
keyserver: keyserver.ubuntu.com
architectures: amd64
proxy:
enabled: true
https: https://127.0.5.1:443
#http: http://127.0.5.2:8080
apt-salt:
source: "deb http://apt.mirantis.com/xenial stable salt"
#key_url: http://apt.mirantis.com/public.gpg
# pub 4096R/A76882D3 2015-06-17
key: |
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1
mQINBFWBfCIBEADf6lnsY9v4rf/x0ribkFlnHnsv1/yD+M+YgZoQxYdf6b7M4/PY
zZ/c3uJt4l1vR3Yoocfc1VgtBNfA1ussBqXdmyRBMO1LKdQWnurNxWLW7CwcyNke
xeBfhjOqA6tIIXMfor7uUrwlIxJIxK+jc3C3nhM46QZpWX5d4mlkgxKh1G4ZRj4A
mEo2NduLUgfmF+gM1MmAbU8ekzciKet4TsM64WAtHyYllGKvuFSdBjsewO3McuhR
i1Desb5QdfIU4p3gkIa0EqlkkqX4rowo5qUnl670TNTTZHaz0MxCBoYaGbGhS7gZ
6/PLm8fJHmU/phst/QmOY76a5efZWbhhnlyYLIB8UjywN+VDqwkNk9jLUSXHTakh
dnL4OuGoNpIzms8juVFlnuOmx+FcfbHMbhAc7aPqFK+6J3YS4kJSfeHWJ6cTGoU1
cLWEhsbU3Gp8am5fnh72RJ7v2sTe/rvCuVtlNufi5SyBPcEUZoxFVWAC/hMeiWzy
drBIVC73raf+A+OjH8op9XfkVj6czxQ/451soe3jvCDGgTXPLlts+P5WhgWNpDPa
fOfTHn/2o7NwoM7Vp+BQYKAQ78phsolvNNhf+g51ntoLUbxAGKZYzQ5RPsKo+Hq6
96UCFkqhSABk0DvM0LtquzZ+sNoipd02w8EaxQzelDJxvPFGigo1uqGoiQARAQAB
tCx0Y3BjbG91ZCBzaWduaW5nIGtleSA8YXV0b2J1aWxkQHRjcGNsb3VkLmV1PokC
OwQTAQIAJQIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AFAlWj4K8CGQEACgkQ
JACFCadogtPm9xAAl1D1RUY1mttjKk+8KI3tUmgtqLaIGUcB4TPbIhQpFy23TJd6
BnnEaGZ+HSCj3lp/dBoq1xxCqHCziKA04IpPaLpGJf8cqaKOpQpW1ErlSxT6nCQW
FrHFxZreBTljKqW3fvRBXNAquj0krJEwv19/3SsQ+CJI2Zkq/HPDw9eJOCu0WcJM
PVtAq2SmaDigh1jtFcFoWZ7uFFMQPIWit/RCPkDfkFaf6lbYZ/nnvWON9OAgzWci
GJjCp5a7vMyCpTRy6bgNPqM61omCe0iQ4yIcqANXhRYS/DBnjKr9YaDKnlKNUgd1
WRE8QzErQznH/plgISQ+df+8Iunp3SBr/jj1604yyM1Wxppn1+dAoTBU1OPFGVd3
mCEYHUe+v0iTZ69C2c1ISmp2MjciGyE/UPbW9ejUIXtFJAJovZjn6P3glyIQB3wq
AW6JE+xEBWH7Ix+Uv6YNAFfj3UO6vNjtuGbTCWYDCEJRkdmeE7QdTYDo7PxgPl1t
6xMGPLOBdYNJTEojvRYBTt+6iw0eZ+MCUdUFNeaseQh0p1RgqM9/7t75QCNLl1oO
+Cfu4vNef/Tpd3LHcUoQhQ2OViOVFbq1/Yu/natWDPDcXb3peTcNHOjmXAoboWbz
rDkxj5z7vcJ9LMEXviP6Fb/iXDmJh74/o6Agc8efb0WTmFjPFFtMCHrinb+5Ag0E
VYF8IgEQALUVS2GESQ+F1S4b0JIO1M2tVBXiH4N56eUzcDXxXbSZgCgx4aWhk5vJ
Qu7M11gtqIoiRbmuFpUmDOG/kB7DxBZPn8WqcBKpky6GUP/A/emaAZTwNQdcDAhD
foBkJdhVz0D2jnkBffYL055p/r1Ers+iTTNOas/0uc50C32xR823rQ2Nl6/ffIM6
JqfQenhRvqUWPj9oqESHMsqEdceSwS/VC7RN4xQXJXfEWu2q4Ahs62RmvCXnTw1A
sPcpysoBoo8IW+V1MVQEZuAJRn2AGO/Q7uY9TR4guHb3wXRfZ3k0KVUsyqqdusJi
T3DxxBw6GcKdOH6t41Ys3eYgOrc+RcSdcHYSpxaLvEIhwzarZ+mqcp3gz/JkPlXS
2tx2l6NZHcgReOM7IhqMuxzBbpcrsbBmLBemC+u7hoPTjUdTHKEwvWaeXL4vgsqQ
BbEeKmXep5sZg3kHtpXzY9ZfPQrtGB8vHGrfaZIcCKuXwZWGL5GGWKw3TSP4fAIA
jLxLf5MyyXcsugbai2OY/H4sAuvJHsmGtergGknuR+iFdt5el1wgRKP1r1KdmvMm
wsSayc6eSEKd689x3zsmAtnhYM31oMkPdeYRbnN15gLG7vcsVe4jug0YTqQt2WGn
hwjBA0i2qfTorXemWChsxKllvY9aB3ST8I6RMat0kS08FMD+Ced/ABEBAAGJAh8E
GAECAAkFAlWBfCICGwwACgkQJACFCadogtNicA/9HOM402VGHlmuYPcrvEThHqMK
KOTtNFsrrPp67dGYaT8TGTgy1OG4Oys2y+hrwqnUK6dXJxX2/RBfRuO/gw65RCfC
9nWeMkqJTjHJCKNTYfXN4O4ag444UZPcOMq+IyiWF3/sh674zCkCm5DQ/FH8IJ8Y
n4jMoxe7G48PCGtgcJKXo8NBzxwXJH4DCdk7rNdrbrnCwObG8h6530WrmzKuyFCJ
QP5JA0MSx23J2OrK2YmVMhTeO0czJ8fRip9We9/qAfZGUEW+sey+nLmT5OJq04al
Va9g2a4nXxzDy84+hRXQNUeCRYn/ys8d8q9HZNv3K36HlILcuWazNTTh0cuWupBd
SlIEuWbIdbknYpGsmS1cPeGi0bdoLZv90BIVmdOS/vXP02fGUblyANciKcBPRhOI
+z6hzwdZ+QvjPbxZUig5XuvqBhIHoRtMBJdf24ysFuf/d4uZzTC8T4rUQO+L29bt
8riT0dg6cHVwC0VH89FaO1FduvsCtAwdAgxSzOMBECNOmVBThIiWdLnns107Rp4F
ECk+l2UCjl7zwGqJqcd1BQK+UgZwVG2UV11CrhopKU5oGL84n5DaO2n6Rv8wVdrt
MKvqi7EkgvZpY0IHJ7rp0Gzrv0qmwJaUFCWFogITNyijb1JVsUgDTMhAkEgEsIYy
jtcwJrHue5Xn8UPSLkE=
=SWiA
-----END PGP PUBLIC KEY BLOCK-----
architectures: amd64
proxy:
enabled: true
apt-salt-nightly:
source: "deb http://apt.mirantis.com/xenial nightly salt"
key_url: http://apt.mirantis.com/public.gpg
architectures: amd64
proxy:
enabled: false
apt-extra-nightly:
source: "deb http://apt.mirantis.com/xenial nightly extra"
key_url: http://apt.mirantis.com/public.gpg
architectures: amd64
locale:
en_US:
enabled: true
default: true
cs_CZ:
enabled: true
autoupdates:
enabled: true
sudo:
enabled: true
alias:
runas:
DBA:
- postgres
- mysql
SALT:
- root
host:
LOCAL:
- localhost
PRODUCTION:
- db1
- db2
command:
SUDO_RESTRICTED_SU:
- /bin/vi /etc/sudoers
- /bin/su - root
- /bin/su -
- /bin/su
- /usr/sbin/visudo
SUDO_SHELLS:
- /bin/sh
- /bin/ksh
- /bin/bash
- /bin/rbash
- /bin/dash
- /bin/zsh
- /bin/csh
- /bin/fish
- /bin/tcsh
- /usr/bin/login
- /usr/bin/su
- /usr/su
SUDO_SALT_SAFE:
- /usr/bin/salt state*
- /usr/bin/salt service*
- /usr/bin/salt pillar*
- /usr/bin/salt grains*
- /usr/bin/salt saltutil*
- /usr/bin/salt-call state*
- /usr/bin/salt-call service*
- /usr/bin/salt-call pillar*
- /usr/bin/salt-call grains*
- /usr/bin/salt-call saltutil*
SUDO_SALT_TRUSTED:
- /usr/bin/salt*
users:
saltuser1: {}
saltuser2:
hosts:
- LOCAL
# User Alias:
DBA:
hosts:
- ALL
commands:
- SUDO_SALT_SAFE
groups:
db-ops:
hosts:
- ALL
- '!PRODUCTION'
runas:
- DBA
commands:
- /bin/cat *
- /bin/less *
- /bin/ls *
- SUDO_SALT_SAFE
- '!SUDO_SHELLS'
- '!SUDO_RESTRICTED_SU'
salt-ops:
hosts:
- 'ALL'
runas:
- SALT
commands:
- SUDO_SALT_TRUSTED
salt-ops2:
name: salt-ops
runas:
- DBA
commands:
- SUDO_SHELLS
sudogroup1:
commands:
- ALL
sudogroup2:
commands:
- ALL
hosts:
- localhost
users:
- test
nopasswd: false
sudogroup3:
commands:
- ALL
env:
BOB_VARIABLE: Alice
BOB_PATH:
- /srv/alice/bin
- /srv/bob/bin
HTTPS_PROXY: https://127.0.4.1:443
http_proxy: http://127.0.4.2:80
ftp_proxy: ftp://127.0.4.3:2121
no_proxy:
- 192.168.0.1
- 192.168.0.2
- .saltstack.com
- .ubuntu.com
- .mirantis.com
- .launchpad.net
- .dummy.net
- .local
LANG: C
LC_ALL: C
login_defs:
PASS_MAX_DAYS:
value: 99
shell:
umask: '027'
timeout: 900
profile:
vi_flavors.sh: |
export PAGER=view
alias vi=vim
locales: |
export LANG=en_US
export LC_ALL=en_US.UTF-8
# pillar for proxy configuration
proxy:
# for package managers
pkg:
enabled: true
https: https://127.0.2.1:4443
#http: http://127.0.2.2
ftp: none
# fallback, system defaults
https: https://127.0.1.1:443
#http: http://127.0.1.2
ftp: ftp://127.0.1.3
noproxy:
- host1
- host2
- .local
# pillars for netconsole setup
netconsole:
enabled: true
port: 514
loglevel: debug
target:
192.168.0.1:
mac: "ff:ff:ff:ff:ff:ff"
interface: bond0
atop:
enabled: true
interval: 20
logpath: "/var/mylog/atop"
outfile: "/var/mylog/atop/daily.log"
mcelog:
enabled: true
logging:
syslog: true
syslog_error: true