Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add support for mongodb settings #241

Merged
merged 2 commits into from
Jul 7, 2016
Merged

add support for mongodb settings #241

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
478fef6
Remove trailing whitespaces in config templates.
jochumdev Jul 7, 2016
6ae81a9
Add support for mongodb connection settings to config templates.
jochumdev Jul 7, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
62 changes: 38 additions & 24 deletions salt/files/master.d/f_defaults.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@

# Directory to store job and cache data:
# This directory may contain sensitive data and should be protected accordingly.
#
#
{{ get_config('cachedir', '/var/cache/salt/master') }}

# Directory for custom modules. This directory can contain subdirectories for
Expand Down Expand Up @@ -133,7 +133,7 @@ module_dirs:
{{ get_config('minion_data_cache', 'True') }}

# Store all returns in the given returner.
# Setting this option requires that any returner-specific configuration also
# Setting this option requires that any returner-specific configuration also
# be set. See various returners in salt/returners for details on required
# configuration values. (See also, event_return_queue below.)
{{ get_config('event_return', 'mysql') }}
Expand Down Expand Up @@ -195,12 +195,12 @@ event_return_blacklist:
# the key rotation event as minions reconnect. Consider this carefully if this
# salt master is managing a large number of minions.
#
# If disabled, it is recommended to handle this event by listening for the
# If disabled, it is recommended to handle this event by listening for the
# 'aes_key_rotate' event with the 'key' tag and acting appropriately.
{{ get_config('ping_on_rotate', 'False') }}

# By default, the master deletes its cache of minion data when the key for that
# minion is removed. To preserve the cache after key deletion, set
# minion is removed. To preserve the cache after key deletion, set
# 'preserve_minion_cache' to True.
#
# WARNING: This may have security implications if compromised minions auth with
Expand Down Expand Up @@ -379,7 +379,7 @@ client_acl_blacklist:
{% endif %}

# Enforce client_acl & client_acl_blacklist when users have sudo
# access to the salt command.
# access to the salt command.
{{ get_config('sudo_acl', 'False') }}

# The external auth system uses the Salt auth modules to authenticate and
Expand Down Expand Up @@ -416,26 +416,26 @@ client_acl_blacklist:
# will cause minion to throw an exception and drop the message.
{{ get_config('sign_pub_message', 'False') }}

# Sign the master auth-replies with a cryptographic signature of the masters public key.
# Sign the master auth-replies with a cryptographic signature of the masters public key.
# Please see the tutorial how to use these settings in the Multimaster-PKI with Failover Tutorial
{{ get_config('master_sign_pubkey', 'False') }}

# The customizable name of the signing-key-pair without suffix.
# master_sign_key_name: <filename_without_suffix>
{{ get_config('master_sign', '{}') }}

# The name of the file in the masters pki-directory that holds the pre-calculated
# The name of the file in the masters pki-directory that holds the pre-calculated
# signature of the masters public-key.
# master_pubkey_signature: <filename>
{{ get_config('master_pubkey_signature', '{}') }}

# Instead of computing the signature for each auth-reply, use a pre-calculated signature.
# Instead of computing the signature for each auth-reply, use a pre-calculated signature.
# The master_pubkey_signature must also be set for this.
{{ get_config('master_use_pubkey_signature', 'False') }}

# Rotate the salt-masters AES-key when a minion-public is deleted with salt-key.
# This is a very important security-setting. Disabling it will enable deleted minions to still
# listen in on the messages published by the salt-master.
# Rotate the salt-masters AES-key when a minion-public is deleted with salt-key.
# This is a very important security-setting. Disabling it will enable deleted minions to still
# listen in on the messages published by the salt-master.
# Do not disable this unless it is absolutely clear what this does.
{{ get_config('rotate_aes_key', 'True') }}

Expand All @@ -453,16 +453,16 @@ client_acl_blacklist:
# The base DN under which users can be found in LDAP
{{ get_config('auth.ldap.basedn', '') }}

# The user Salt authenticates to search for a users' Distinguished Name and
# The user Salt authenticates to search for a users' Distinguished Name and
# group membership.
{{ get_config('auth.ldap.binddn', '') }}

# The bind password to go along with the bind dn (binddn).
# The bind password to go along with the bind dn (binddn).
{{ get_config('auth.ldap.bindpw', '') }}

# The filter used to find the DN associated with a user. For most LDAPs use
# the value {% raw %}'uid={{ username }}'{% endraw %}. For Active Directory use the value
# {% raw %}'sAMAccountName={{username}}'{% endraw %}.
# the value {% raw %}'uid={{ username }}'{% endraw %}. For Active Directory use the value
# {% raw %}'sAMAccountName={{username}}'{% endraw %}.
{{ get_config('auth.ldap.filter', '') }}

# The attribute used for user group membership. Defaults to 'memberOf'
Expand All @@ -475,7 +475,7 @@ client_acl_blacklist:
# Default value: 'Groups'
{{ get_config('auth.ldap.groupou', 'Groups') }}

# Allows the administrator to strip off a certain set of domain names
# Allows the administrator to strip off a certain set of domain names
# so the hostnames looked up in the directory service can match the minion IDs.
{{ get_config('auth.ldap.minion_stripdomains', []) }}

Expand Down Expand Up @@ -646,7 +646,7 @@ master_tops:
# When using multiple environments, each with their own top file, the
# default behaviour is an unordered merge. To prevent top files from
# being merged together and instead to only use the top file from the
# requested environment, set this value to 'same'.
# requested environment, set this value to 'same'.
{{ get_config('top_file_merging_stragety', 'merge') }}

# To specify the order in which environments are merged, set the ordering
Expand All @@ -663,7 +663,7 @@ master_tops:
# the master server. The default is md5, but sha1, sha224, sha256, sha384
# and sha512 are also supported.
#
# Prior to changing this value, the master should be stopped and all Salt
# Prior to changing this value, the master should be stopped and all Salt
# caches should be cleared.
{{ get_config('hash_type', 'md5') }}

Expand Down Expand Up @@ -770,11 +770,11 @@ fileserver_backend:
# Along with gitfs_password, is used to authenticate to HTTPS remotes.
{{ get_config('gitfs_user', 'git') }}

# Along with gitfs_user, is used to authenticate to HTTPS remotes.
# Along with gitfs_user, is used to authenticate to HTTPS remotes.
# This parameter is not required if the repository does not use authentication.
{{ get_config('gitfs_password', '') }}

# By default, Salt will not authenticate to an HTTP (non-HTTPS) remote.
# By default, Salt will not authenticate to an HTTP (non-HTTPS) remote.
# This parameter enables authentication over HTTP. Enable this at your own risk.
{{ get_config('gitfs_insecure_auth', 'False') }}

Expand Down Expand Up @@ -973,22 +973,22 @@ ext_pillar:
# be used instead.
{{ get_config('git_pillar_branch', 'master') }}

# Environment to use for git_pillar remotes. This is normally derived from
# Environment to use for git_pillar remotes. This is normally derived from
# the branch/tag (or from a per-remote env parameter), but if set this will
# override the process of deriving the env from the branch/tag name.
# override the process of deriving the env from the branch/tag name.
{{ get_config('git_pillar_env', '') }}

# Path relative to the root of the repository where the git_pillar top file
# and SLS files are located.
{{ get_config('git_pillar_root', 'pillar') }}

# Specifies whether or not to ignore SSL certificate errors when contacting
# the remote repository.
# the remote repository.
{{ get_config('git_pillar_ssl_verify', True) }}

# When set to False, if there is an update/checkout lock for a git_pillar
# remote and the pid written to it is not running on the master, the lock
# file will be automatically cleared and a new lock will be obtained.
# file will be automatically cleared and a new lock will be obtained.
{{ get_config('git_pillar_global_lock', False) }}

# Git External Pillar Authentication Options
Expand Down Expand Up @@ -1380,3 +1380,17 @@ consul_config:
{{ name }}: {{ value }}
{%- endfor %}
{%- endif %}

{% if 'mongo' in cfg_master -%}
##### mongodb connection settings #####
##########################################
{%- for name, value in cfg_master['mongo'].items() %}
mongo.{{ name }}: {{ value }}
{%- endfor %}

{% if 'alternative.mongo' in cfg_master -%}
{%- for name, value in cfg_master['alternative.mongo'].items() %}
alternative.mongo.{{ name }}: {{ value }}
{%- endfor %}
{% endif %}
{%- endif %}
26 changes: 20 additions & 6 deletions salt/files/minion.d/f_defaults.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -539,11 +539,11 @@ fileserver_backend:
# Along with gitfs_password, is used to authenticate to HTTPS remotes.
{{ get_config('gitfs_user', 'git') }}

# Along with gitfs_user, is used to authenticate to HTTPS remotes.
# Along with gitfs_user, is used to authenticate to HTTPS remotes.
# This parameter is not required if the repository does not use authentication.
{{ get_config('gitfs_password', '') }}

# By default, Salt will not authenticate to an HTTP (non-HTTPS) remote.
# By default, Salt will not authenticate to an HTTP (non-HTTPS) remote.
# This parameter enables authentication over HTTP. Enable this at your own risk.
{{ get_config('gitfs_insecure_auth', 'False') }}

Expand Down Expand Up @@ -735,22 +735,22 @@ ext_pillar:
# be used instead.
{{ get_config('git_pillar_branch', 'master') }}

# Environment to use for git_pillar remotes. This is normally derived from
# Environment to use for git_pillar remotes. This is normally derived from
# the branch/tag (or from a per-remote env parameter), but if set this will
# override the process of deriving the env from the branch/tag name.
# override the process of deriving the env from the branch/tag name.
{{ get_config('git_pillar_env', '') }}

# Path relative to the root of the repository where the git_pillar top file
# and SLS files are located.
{{ get_config('git_pillar_root', 'pillar') }}

# Specifies whether or not to ignore SSL certificate errors when contacting
# the remote repository.
# the remote repository.
{{ get_config('git_pillar_ssl_verify', True) }}

# When set to False, if there is an update/checkout lock for a git_pillar
# remote and the pid written to it is not running on the master, the lock
# file will be automatically cleared and a new lock will be obtained.
# file will be automatically cleared and a new lock will be obtained.
{{ get_config('git_pillar_global_lock', False) }}

# Git External Pillar Authentication Options
Expand Down Expand Up @@ -991,3 +991,17 @@ ext_pillar:
# Default match type for filtering events tags: startswith, endswith, find, regex, fnmatch
#event_match_type: startswith
{{ get_config('event_match_type', 'startswith') }}

{% if 'mongo' in cfg_minion -%}
##### mongodb connection settings #####
##########################################
{%- for name, value in cfg_minion['mongo'].items() %}
mongo.{{ name }}: {{ value }}
{%- endfor %}

{% if 'alternative.mongo' in cfg_minion -%}
{%- for name, value in cfg_minion['alternative.mongo'].items() %}
alternative.mongo.{{ name }}: {{ value }}
{%- endfor %}
{% endif %}
{%- endif %}