|
|
90d918 |
{%- set fqdn = grains['fqdn'] -%}
|
|
|
90d918 |
{%- set address = grains['fqdn_ip6'][0] -%}
|
|
|
90d918 |
|
|
|
efbbb0 |
{%- set ssldir = '/etc/ssl/services/' ~ fqdn ~ '/' -%}
|
|
|
efbbb0 |
{%- set crt = ssldir ~ 'fullchain.pem' -%}
|
|
|
efbbb0 |
{%- set key = ssldir ~ 'privkey.pem' -%}
|
|
|
90d918 |
|
|
Theo Chatzimichos |
d12b82 |
include:
|
|
|
0bedc0 |
- infra.nodegroups
|
|
|
0bedc0 |
{% if salt['grains.get']('include_secrets', True) %}
|
|
Theo Chatzimichos |
d12b82 |
- secrets.role.saltmaster
|
|
Theo Chatzimichos |
754b1a |
{% endif %}
|
|
Theo Chatzimichos |
d12b82 |
|
|
Theo Chatzimichos |
16b8a6 |
salt:
|
|
|
445ba4 |
master_remove_config: True
|
|
Christian Boltz |
e1c333 |
master:
|
|
|
08b6ef |
auth.ldap.accountattributename: spn
|
|
|
08b6ef |
auth.ldap.basedn: o=heroes
|
|
|
08b6ef |
auth.ldap.binddn: uid=salt,o=heroes
|
|
|
08b6ef |
auth.ldap.filter:
|
|
|
08b6ef |
{%- raw %}
|
|
|
08b6ef |
'(&(spn={{ username }})(objectClass=person)(memberOf=spn=idm_all_persons@infra.opensuse.org,o=heroes))'
|
|
|
08b6ef |
{%- endraw %}
|
|
|
08b6ef |
auth.ldap.groupattribute: memberof
|
|
|
08b6ef |
auth.ldap.groupclass: account
|
|
|
08b6ef |
auth.ldap.groupou: null
|
|
|
08b6ef |
auth.ldap.port: 636
|
|
|
08b6ef |
auth.ldap.scope: 1
|
|
|
08b6ef |
auth.ldap.server: ldap.infra.opensuse.org
|
|
|
08b6ef |
auth.ldap.tls: True
|
|
|
548af6 |
cache: redis
|
|
|
548af6 |
cache.redis.unix_socket_path: /run/redis/salt.sock
|
|
Christian Boltz |
e1c333 |
cli_summary: True
|
|
Christian Boltz |
e1c333 |
default_top: production
|
|
Christian Boltz |
e1c333 |
ext_pillar_first: True
|
|
|
08b6ef |
external_auth:
|
|
|
08b6ef |
ldap:
|
|
|
2e05ba |
salt-deploy@infra.opensuse.org:
|
|
|
2e05ba |
- mine.update
|
|
|
2e05ba |
- saltutil.refresh_pillar
|
|
|
2e05ba |
- state.highstate
|
|
|
2e05ba |
- state.sls
|
|
|
2e05ba |
- test.ping
|
|
|
08b6ef |
wheel@infra.opensuse.org%:
|
|
|
08b6ef |
- .*
|
|
|
08b6ef |
- '@jobs'
|
|
|
08b6ef |
- '@runner'
|
|
|
08b6ef |
- '@wheel'
|
|
Christian Boltz |
e1c333 |
fileserver_backend:
|
|
Christian Boltz |
e1c333 |
- git
|
|
|
3fd44f |
- roots
|
|
|
3fd44f |
file_roots:
|
|
|
8e8460 |
# consider changing back to __env__ after a solution for https://github.com/saltstack/salt/issues/62967
|
|
|
8e8460 |
production:
|
|
|
3c439d |
- /srv/salt
|
|
|
3fd44f |
- /usr/share/salt-formulas/states
|
|
|
6e8cbb |
- /srv/formulas
|
|
|
f7d5f3 |
gather_job_timeout: 10
|
|
|
eab9bd |
ipc_write_buffer: dynamic
|
|
|
f7d5f3 |
timeout: 15
|
|
Christian Boltz |
e1c333 |
gitfs_ssl_verify: True
|
|
Christian Boltz |
e1c333 |
hash_type: sha512
|
|
|
51cf18 |
{%- if grains.get('country') == 'cz' %}
|
|
|
51cf18 |
{#- _needs_ to align with the "ipv6" setting in pillar.common! #}
|
|
|
91952c |
interface: '::'
|
|
|
51cf18 |
{%- endif %}
|
|
|
f7d5f3 |
key_cache: sched
|
|
|
d9d5bc |
netapi_enable_clients:
|
|
|
d9d5bc |
- local
|
|
|
f7d5f3 |
ping_on_rotate: True
|
|
|
f7d5f3 |
pillar_cache: True
|
|
|
2fc95c |
pillar_cache_backend: memory
|
|
|
f7d5f3 |
pillar_cache_ttl: 1800
|
|
Christian Boltz |
e1c333 |
pillar_gitfs_ssl_verify: True
|
|
Christian Boltz |
e1c333 |
pillar_merge_lists: True
|
|
|
3c439d |
pillar_roots:
|
|
|
3c439d |
__env__:
|
|
|
3c439d |
- /srv/pillar
|
|
Christian Boltz |
e1c333 |
pillar_source_merging_strategy: smart
|
|
|
90d918 |
rest_cherrypy:
|
|
|
90d918 |
host: {{ address }}
|
|
|
90d918 |
port: 4550
|
|
|
90d918 |
ssl_crt: {{ crt }}
|
|
|
90d918 |
ssl_key: {{ key }}
|
|
|
cd5c73 |
show_jid: True
|
|
|
eab9bd |
sock_pool_size: 30
|
|
|
d69167 |
state_aggregate: True
|
|
|
26c1c7 |
state_compress_ids: True
|
|
Christian Boltz |
e1c333 |
state_output: changes
|
|
Christian Boltz |
e1c333 |
state_verbose: False
|
|
Christian Boltz |
e1c333 |
top_file_merging_strategy: same
|
|
Christian Boltz |
e1c333 |
user: salt
|
|
|
f7d5f3 |
worker_threads: {{ grains['num_cpus'] }}
|
|
|
eab9bd |
zmq_backlog: 10000
|
|
|
eab9bd |
pub_hwm: 10000
|
|
Christian Boltz |
af69ac |
|
|
|
564158 |
infrastructure:
|
|
|
564158 |
salt:
|
|
|
564158 |
formulas:
|
|
|
c215e0 |
{%- for formula in [
|
|
|
b90027 |
'backupscript',
|
|
|
c215e0 |
'bootloader',
|
|
|
c215e0 |
'grains',
|
|
|
f1990c |
'infrastructure',
|
|
|
c215e0 |
'juniper_junos',
|
|
|
c215e0 |
'libvirt',
|
|
|
f1990c |
'lock',
|
|
|
c215e0 |
'lunmap',
|
|
|
1423d2 |
'mtail',
|
|
|
c215e0 |
'multipath',
|
|
|
c215e0 |
'network',
|
|
|
c215e0 |
'os_update',
|
|
|
c215e0 |
'rebootmgr',
|
|
|
c215e0 |
'redis',
|
|
|
f1990c |
'redmine',
|
|
|
c215e0 |
'rsync',
|
|
|
c215e0 |
'suse_ha',
|
|
|
0009a6 |
'sysconfig',
|
|
|
c215e0 |
'zypper',
|
|
|
c215e0 |
]
|
|
|
c215e0 |
%}
|
|
|
564158 |
- {{ formula }}-formula
|
|
|
564158 |
{%- endfor %}
|
|
|
d03f9e |
git:
|
|
|
d03f9e |
formulas:
|
|
|
d03f9e |
repository: https://gitlab.infra.opensuse.org/infra/salt-formulas-git.git
|
|
|
3fd44f |
|
|
|
e2a2b0 |
profile:
|
|
|
e2a2b0 |
salt:
|
|
|
d3cca0 |
saline:
|
|
|
d3cca0 |
restapi:
|
|
|
90d918 |
host: {{ address }}
|
|
|
90d918 |
ssl_crt: {{ crt }}
|
|
|
90d918 |
ssl_key: {{ key }}
|
|
|
d3cca0 |
log_access_file: /var/log/salt/saline-api-access.log
|
|
|
d3cca0 |
log_error_file: /var/log/salt/saline-api-error.log
|
|
|
706790 |
|
|
|
745011 |
redis:
|
|
|
745011 |
salt:
|
|
|
745011 |
acllog-max-len: 64
|
|
|
745011 |
databases: 1
|
|
|
745011 |
port: 0
|
|
|
745011 |
tcp-backlog: 511
|
|
|
745011 |
timeout: 0
|
|
|
745011 |
|
|
|
706790 |
rsync:
|
|
|
706790 |
modules:
|
|
|
706790 |
salt-push:
|
|
|
706790 |
path: /srv/salt-git/
|
|
|
706790 |
comment: /srv/salt-git/
|
|
|
706790 |
list: 'false'
|
|
|
706790 |
uid: root
|
|
|
706790 |
gid: salt
|
|
|
bf212c |
auth users: saltpush
|
|
|
bf212c |
read only: false
|
|
|
bf212c |
hosts allow:
|
|
|
4ffa56 |
{%- if grains.get('country') == 'cz' %}
|
|
|
786b6b |
- 2a07:de40:b27e:1203::126 # gitlab-runner1
|
|
|
786b6b |
- 2a07:de40:b27e:1203::127 # gitlab-runner2
|
|
|
4ffa56 |
{%- else %}
|
|
|
4ffa56 |
- 172.16.164.126
|
|
|
4ffa56 |
- 172.16.164.127
|
|
|
4ffa56 |
{%- endif %}
|
|
|
745011 |
|
|
|
70c6ac |
groups:
|
|
|
745011 |
redis:
|
|
|
169fd0 |
system: true
|
|
|
745011 |
members:
|
|
|
745011 |
- salt
|
|
|
745011 |
|
|
|
745011 |
zypper:
|
|
|
745011 |
packages:
|
|
|
08b6ef |
python3-ldap: {}
|
|
|
745011 |
python3-redis: {}
|
|
|
d3cca0 |
saline: {}
|