{%- set fqdn = grains['fqdn'] -%} {%- set address = grains['fqdn_ip6'][0] -%} {%- set ssldir = '/etc/ssl/services/' ~ fqdn ~ '/' -%} {%- set crt = ssldir ~ 'fullchain.pem' -%} {%- set key = ssldir ~ 'privkey.pem' -%} include: - infra.nodegroups {% if salt['grains.get']('include_secrets', True) %} - secrets.role.saltmaster {% endif %} salt: master_remove_config: True master: auth.ldap.accountattributename: spn auth.ldap.basedn: o=heroes auth.ldap.binddn: uid=salt,o=heroes auth.ldap.filter: {%- raw %} '(&(spn={{ username }})(objectClass=person)(memberOf=spn=idm_all_persons@infra.opensuse.org,o=heroes))' {%- endraw %} auth.ldap.groupattribute: memberof auth.ldap.groupclass: account auth.ldap.groupou: null auth.ldap.port: 636 auth.ldap.scope: 1 auth.ldap.server: ldap.infra.opensuse.org auth.ldap.tls: True cache: redis cache.redis.unix_socket_path: /run/redis/salt.sock cli_summary: True default_top: production ext_pillar_first: True external_auth: ldap: salt-deploy@infra.opensuse.org: - mine.update - saltutil.refresh_pillar - state.highstate - state.sls - test.ping wheel@infra.opensuse.org%: - .* - '@jobs' - '@runner' - '@wheel' fileserver_backend: - git - roots file_roots: # consider changing back to __env__ after a solution for https://github.com/saltstack/salt/issues/62967 production: - /srv/salt - /usr/share/salt-formulas/states - /srv/formulas gather_job_timeout: 10 ipc_write_buffer: dynamic timeout: 15 gitfs_ssl_verify: True hash_type: sha512 {%- if grains.get('country') == 'cz' %} {#- _needs_ to align with the "ipv6" setting in pillar.common! #} interface: '::' {%- endif %} key_cache: sched netapi_enable_clients: - local ping_on_rotate: True pillar_cache: True pillar_cache_backend: memory pillar_cache_ttl: 1800 pillar_gitfs_ssl_verify: True pillar_merge_lists: True pillar_roots: __env__: - /srv/pillar pillar_source_merging_strategy: smart rest_cherrypy: host: {{ address }} port: 4550 ssl_crt: {{ crt }} ssl_key: {{ key }} show_jid: True sock_pool_size: 30 state_aggregate: True state_compress_ids: True state_output: changes state_verbose: False top_file_merging_strategy: same user: salt worker_threads: {{ grains['num_cpus'] }} zmq_backlog: 10000 pub_hwm: 10000 infrastructure: salt: formulas: {%- for formula in [ 'backupscript', 'bootloader', 'grains', 'infrastructure', 'juniper_junos', 'libvirt', 'lock', 'lunmap', 'mtail', 'multipath', 'network', 'os_update', 'rebootmgr', 'redis', 'redmine', 'rsync', 'suse_ha', 'sysconfig', 'zypper', ] %} - {{ formula }}-formula {%- endfor %} git: formulas: repository: https://gitlab.infra.opensuse.org/infra/salt-formulas-git.git profile: salt: saline: restapi: host: {{ address }} ssl_crt: {{ crt }} ssl_key: {{ key }} log_access_file: /var/log/salt/saline-api-access.log log_error_file: /var/log/salt/saline-api-error.log redis: salt: acllog-max-len: 64 databases: 1 port: 0 tcp-backlog: 511 timeout: 0 rsync: modules: salt-push: path: /srv/salt-git/ comment: /srv/salt-git/ list: 'false' uid: root gid: salt auth users: saltpush read only: false hosts allow: {%- if grains.get('country') == 'cz' %} - 2a07:de40:b27e:1203::126 # gitlab-runner1 - 2a07:de40:b27e:1203::127 # gitlab-runner2 {%- else %} - 172.16.164.126 - 172.16.164.127 {%- endif %} groups: redis: system: true members: - salt zypper: packages: python3-ldap: {} python3-redis: {} saline: {}