Add a bunch of config options to the various master/minion files that are missing

I started on these a while ago and never submitted them. I added a couple more today and figured I should get these in. Refs #32400
2025-04-17 10:10:20 +00:00 · 2017-06-15 16:21:47 -06:00 · 2017-06-15 16:21:47 -06:00 · c828ad803a
commit c828ad803a
parent 36cb223ab2
5 changed files with 358 additions and 6 deletions
--- a/conf/master
+++ b/conf/master
@ -91,6 +91,10 @@
 # Set the default outputter used by the salt command. The default is "nested".
 #output: nested

+# To set a list of additional directories to search for salt outputters, set the
+# outputter_dirs option.
+#outputter_dirs: []
+
 # Set the default output file used by the salt command. Default is to output
 # to the CLI and not to a file. Functions the same way as the "--out-file"
 # CLI option, only sets this to a single file for all salt commands.
@ -99,6 +103,9 @@
 # Return minions that timeout when running commands like test.ping
 #show_timeout: True

+# Tell the client to display the jid when a job is published.
+#show_jid: False
+
 # By default, output is colored. To disable colored output, set the color value
 # to False.
 #color: True
@ -440,6 +447,27 @@
 # - /etc/salt/roster.d
 # - /opt/salt/some/more/rosters

+# The ssh password to log in with.
+#ssh_passwd: ''
+
+#The target system's ssh port number.
+#ssh_port: 22
+
+# Comma-separated list of ports to scan.
+#ssh_scan_ports: 22
+
+# Scanning socket timeout for salt-ssh.
+#ssh_scan_timeout: 0.01
+
+# Boolean to run command via sudo.
+#ssh_sudo: False
+
+# Number of seconds to wait for a response when establishing an SSH connection.
+#ssh_timeout: 60
+
+# The user to log in as.
+#ssh_user: root
+
 # The log file of the salt-ssh command:
 #ssh_log_file: /var/log/salt/ssh

@ -453,6 +481,18 @@
 # authentication with minions
 #ssh_use_home_key: False

+# Set this to True to default salt-ssh to run with ``-o IdentitiesOnly=yes``.
+# This option is intended for situations where the ssh-agent offers many
+# different identities and allows ssh to ignore those identities and use the
+# only one specified in options.
+#ssh_identities_only: False
+
+# List-only nodegroups for salt-ssh. Each group must be formed as either a
+# comma-separated list, or a YAML list. This option is useful to group minions
+# into easy-to-target groups when using salt-ssh. These groups can then be
+# targeted with the normal -N argument to salt-ssh.
+#ssh_list_nodegroups: {}
+
 #####    Master Module Management    #####
 ##########################################
 # Manage how master side modules are loaded.
@ -521,6 +561,11 @@
 # If set to 'changes', the output will be full unless the state didn't change.
 #state_output: full

+# The state_output_diff setting changes whether or not the output from
+# successful states is returned. Useful when even the terse output of these
+# states is cluttering the logs. Set it to True to ignore them.
+#state_output_diff: False
+
 # Automatically aggregate all states that have support for mod_aggregate by
 # setting to 'True'. Or pass a list of state module names to automatically
 # aggregate just those types.
@ -561,6 +606,10 @@
 #    - /srv/salt
 #

+# The master_roots setting configures a master-only copy of the file_roots dictionary,
+# used by the state compiler.
+#master_roots: /srv/salt-master
+
 # When using multiple environments, each with their own top file, the
 # default behaviour is an unordered merge. To prevent top files from
 # being merged together and instead to only use the top file from the
--- a/conf/minion
+++ b/conf/minion
@ -151,7 +151,11 @@
 # Set the default outputter used by the salt-call command. The default is
 # "nested".
 #output: nested
-#
+
+# To set a list of additional directories to search for salt outputters, set the
+# outputter_dirs option.
+#outputter_dirs: []
+
 # By default output is colored. To disable colored output, set the color value
 # to False.
 #color: True
@ -231,7 +235,7 @@
 # cause sub minion process to restart.
 #auth_safemode: False

-# Ping Master to ensure connection is alive (minutes).
+# Ping Master to ensure connection is alive (seconds).
 #ping_interval: 0

 # To auto recover minions if master changes IP address (DDNS)
@ -369,6 +373,9 @@
 #    interface: eth0
 #    cidr: '10.0.0.0/8'

+# The number of seconds a mine update runs.
+#mine_interval: 60
+
 # Windows platforms lack posix IPC and must rely on slower TCP based inter-
 # process communications. Set ipc_mode to 'tcp' on such systems
 #ipc_mode: ipc
--- a/doc/ref/configuration/master.rst
+++ b/doc/ref/configuration/master.rst
@ -348,6 +348,19 @@ Default: ``nested``

 Set the default outputter used by the salt command.

+.. conf_master:: outputter_dirs
+
+``outputter_dirs``
+------------------
+
+Default: ``[]``
+
+A list of additional directories to search for salt outputters in.
+
+.. code-block:: yaml
+
+    outputter_dirs: []
+
 .. conf_master:: output_file

 ``output_file``
@ -363,6 +376,32 @@ CLI option, only sets this to a single file for all salt commands.

    output_file: /path/output/file

+.. conf_master:: show_timeout
+
+``show_timeout``
+----------------
+
+Default: ``True``
+
+Tell the client to show minions that have timed out.
+
+.. code-block:: yaml
+
+    show_timeout: True
+
+.. conf_master:: show_jid
+
+``show_jid``
+------------
+
+Default: ``False``
+
+Tell the client to display the jid when a job is published.
+
+.. code-block:: yaml
+
+    show_jid: False
+
 .. conf_master:: color

 ``color``
@ -749,6 +788,32 @@ that connect to a master via localhost.

    presence_events: False

+.. conf_master:: ping_on_rotate
+
+``ping_on_rotate``
+------------------
+
+Default: ``False``
+
+By default, the master AES key rotates every 24 hours. The next command
+following a key rotation will trigger a key refresh from the minion which may
+result in minions which do not respond to the first command after a key refresh.
+
+To tell the master to ping all minions immediately after an AES key refresh,
+set ``ping_on_rotate`` to ``True``. This should mitigate the issue where a
+minion does not appear to initially respond after a key is rotated.
+
+Note that ping_on_rotate may cause high load on the master immediately after
+the key rotation event as minions reconnect. Consider this carefully if this
+salt master is managing a large number of minions.
+
+If disabled, it is recommended to handle this event by listening for the
+``aes_key_rotate`` event with the ``key`` tag and acting appropriately.
+
+.. code-block:: yaml
+
+    ping_on_rotate: False
+
 .. conf_master:: transport

 ``transport``
@ -801,6 +866,97 @@ Pass in an alternative location for the salt-ssh roster file.

    roster_file: /root/roster

+.. conf_master:: ssh_passwd
+
+``ssh_passwd``
+--------------
+
+Default: ``''``
+
+The ssh password to log in with.
+
+.. code-block:: yaml
+
+    ssh_passwd: ''
+
+.. conf_master:: ssh_port
+
+``ssh_port``
+------------
+
+Default: ``22``
+
+The target system's ssh port number.
+
+.. code-block:: yaml
+
+    ssh_port: 22
+
+.. conf_master:: ssh_scan_ports
+
+``ssh_scan_ports``
+------------------
+
+Default: ``22``
+
+Comma-separated list of ports to scan.
+
+.. code-block:: yaml
+
+    ssh_scan_ports: 22
+
+.. conf_master:: ssh_scan_timeout
+
+``ssh_scan_timeout``
+--------------------
+
+Default: ``0.01``
+
+Scanning socket timeout for salt-ssh.
+
+.. code-block:: yaml
+
+    ssh_scan_timeout: 0.01
+
+.. conf_master:: ssh_sudo
+
+``ssh_sudo``
+------------
+
+Default: ``False``
+
+Boolean to run command via sudo.
+
+.. code-block:: yaml
+
+    ssh_sudo: False
+
+.. conf_master:: ssh_timeout
+
+``ssh_timeout``
+---------------
+
+Default: ``60``
+
+Number of seconds to wait for a response when establishing an SSH connection.
+
+.. code-block:: yaml
+
+    ssh_timeout: 60
+
+.. conf_master:: ssh_user
+
+``ssh_user``
+------------
+
+Default: ``root``
+
+The user to log in as.
+
+.. code-block:: yaml
+
+    ssh_user: root
+
 .. conf_master:: ssh_log_file

 ``ssh_log_file``
@ -832,6 +988,8 @@ overridden on a per-minion basis in the roster (``minion_opts``)
    ssh_minion_opts:
      gpg_keydir: /root/gpg

+.. conf_master:: ssh_use_home_key
+
 ``ssh_use_home_key``
 --------------------

@ -844,6 +1002,41 @@ authentication with minions

    ssh_use_home_key: False

+.. conf_master:: ssh_identities_only
+
+``ssh_identities_only``
+-----------------------
+
+Default: ``False``
+
+Set this to ``True`` to default salt-ssh to run with ``-o IdentitiesOnly=yes``. This
+option is intended for situations where the ssh-agent offers many different identities
+and allows ssh to ignore those identities and use the only one specified in options.
+
+.. code-block:: yaml
+
+    ssh_identities_only: False
+
+.. conf_master:: ssh_list_nodegroups
+
+``ssh_list_nodegroups``
+-----------------------
+
+Default: ``{}``
+
+List-only nodegroups for salt-ssh. Each group must be formed as either a comma-separated
+list, or a YAML list. This option is useful to group minions into easy-to-target groups
+when using salt-ssh. These groups can then be targeted with the normal -N argument to
+salt-ssh.
+
+.. code-block:: yaml
+
+    ssh_list_nodegroups:
+      groupA: minion1,minion2
+      groupB: minion1,minion3
+
+.. conf_master:: thin_extra_mods
+
 ``thin_extra_mods``
 -------------------

@ -1163,7 +1356,7 @@ constant names without ssl module prefix: ``CERT_REQUIRED`` or ``PROTOCOL_SSLv23
 .. conf_master:: allow_minion_key_revoke

 ``allow_minion_key_revoke``
------------------
+---------------------------

 Default: ``True``

@ -1464,6 +1657,21 @@ If set to 'changes', the output will be full unless the state didn't change.

    state_output: full

+.. conf_master:: state_output_diff
+
+``state_output_diff``
+---------------------
+
+Default: ``False``
+
+The state_output_diff setting changes whether or not the output from
+successful states is returned. Useful when even the terse output of these
+states is cluttering the logs. Set it to True to ignore them.
+
+.. code-block:: yaml
+
+    state_output_diff: False
+
 .. conf_master:: state_aggregate

 ``state_aggregate``
@ -1754,6 +1962,19 @@ Example:
    For masterless Salt, this parameter must be specified in the minion config
    file.

+.. conf_master:: master_roots
+
+``master_roots``
+----------------
+
+Default: ``/srv/salt-master``
+
+A master-only copy of the file_roots dictionary, used by the state compiler.
+
+.. code-block:: yaml
+
+    master_roots: /srv/salt-master
+
 git: Git Remote File Server Backend
 -----------------------------------

--- a/doc/ref/configuration/minion.rst
+++ b/doc/ref/configuration/minion.rst
@ -319,7 +319,7 @@ The user to run the Salt processes
 .. conf_minion:: sudo_user

 ``sudo_user``
--------------
+-------------

 Default: ``''``

@ -596,6 +596,26 @@ With ``grains_deep_merge``, the result will be:
      k1: v1
      k2: v2

+.. conf_minion:: grains_refresh_every
+
+``grains_refresh_every``
+------------------------
+
+Default: ``0``
+
+The ``grains_refresh_every`` setting allows for a minion to periodically
+check its grains to see if they have changed and, if so, to inform the master
+of the new grains. This operation is moderately expensive, therefore care
+should be taken not to set this value too low.
+
+Note: This value is expressed in minutes.
+
+A value of 10 minutes is a reasonable default.
+
+.. code-block:: yaml
+
+    grains_refresh_every: 0
+
 .. conf_minion:: mine_enabled

 ``mine_enabled``
@ -629,7 +649,7 @@ return for the job cache.
    mine_return_job: False

 ``mine_functions``
-------------------
+------------------

 Default: Empty

@ -647,6 +667,18 @@ Note these can be defined in the pillar for a minion as well.
        interface: eth0
        cidr: '10.0.0.0/8'

+.. conf_minion:: mine_interval
+
+``mine_interval``
+-----------------
+
+Default: ``60``
+
+The number of seconds a mine update runs.
+
+.. code-block:: yaml
+
+    mine_interval: 60

 .. conf_minion:: sock_dir

@ -661,6 +693,19 @@ The directory where Unix sockets will be kept.

    sock_dir: /var/run/salt/minion

+.. conf_minion:: outputter_dirs
+
+``outputter_dirs``
+------------------
+
+Default: ``[]``
+
+A list of additional directories to search for salt outputters in.
+
+.. code-block:: yaml
+
+    outputter_dirs: []
+
 .. conf_minion:: backup_mode

 ``backup_mode``
@ -803,6 +848,20 @@ restart.

    auth_safemode: False

+.. conf_minion:: ping_interval
+
+``ping_interval``
+-----------------
+
+Default: ``0``
+
+Instructs the minion to ping its master(s) every n number of seconds. Used
+primarily as a mitigation technique against minion disconnects.
+
+.. code-block:: yaml
+
+    ping_interval: 0
+
 .. conf_minion:: recon_default

 ``random_startup_delay``
@ -1452,6 +1511,22 @@ the output will be shortened to a single line.

    state_output: full

+
+.. conf_minion:: state_output_diff
+
+``state_output_diff``
+---------------------
+
+Default: ``False``
+
+The state_output_diff setting changes whether or not the output from
+successful states is returned. Useful when even the terse output of these
+states is cluttering the logs. Set it to True to ignore them.
+
+.. code-block:: yaml
+
+    state_output_diff: False
+
 .. conf_minion:: autoload_dynamic_modules

 ``autoload_dynamic_modules``
--- a/salt/config/init.py
+++ b/salt/config/init.py
@ -852,7 +852,7 @@ VALID_OPTS = {

    'queue_dirs': list,

-    # Instructs the minion to ping its master(s) ever n number of seconds. Used
+    # Instructs the minion to ping its master(s) every n number of seconds. Used
    # primarily as a mitigation technique against minion disconnects.
    'ping_interval': int,