debops.salt default variables

Upstream configuration

salt__upstream

Enable or disable upstream APT repository.

salt__upstream: '{{ True
                    if (ansible_distribution_release in ["trusty"])
                    else False }}'
salt__upstream_branch

Specify the SaltStack "branch" to install from upstream APT repository. See https://repo.saltstack.com/#debian for more details about available upstream branches.

salt__upstream_branch: 'latest'
salt__upstream_arch_map

A YAML dictionary that maps the ansible_architecture variable with its corresponding processor architecture used in the SaltStack repository URLs.

salt__upstream_arch_map:
  'x86_64': 'amd64'
  'armhf':  'armhf'
salt__upstream_apt_key_id

Specify the upstream APT repository GPG key id to configure.

salt__upstream_apt_key_id: '754A1A7AE731F165D5E6D4BD0E08A149DE57BFBE'
salt__upstream_apt_repo_map

A YAML dictionary that defines the upstream APT repository URLs depending on the current OS distribution, release and processor architecture.

salt__upstream_apt_repo_map:
  Debian: '{{ "deb http://repo.saltstack.com/apt/debian/"
              + ansible_distribution_major_version + "/" + salt__upstream_arch_map[ansible_architecture]
              + "/" + salt__upstream_branch + " " + ansible_distribution_release + " main" }}'
  Ubuntu: '{{ "deb http://repo.saltstack.com/apt/ubuntu/"
              + ansible_distribution_version + "/" + salt__upstream_arch_map[ansible_architecture]
              + "/" + salt__upstream_branch + " " + ansible_distribution_release + " main" }}'

APT packages

salt__base_packages

List of base APT packages to install for Salt Master service.

salt__base_packages: [ 'salt-master' ]
salt__packages

List of additional APT packages to install with Salt Master.

salt__packages: []

Firewall configuration

salt__allow

List of IP addresses or CIDR subnets that can connect to the Salt Master service. If the list is empty, any host is allowed to connect.

salt__allow: []

Salt Master configuration

salt__configuration

Enable or disable configuration of Salt Master by Ansible.

salt__configuration: True
salt__configuration_file

Absolute path of the Salt Master configuration file which will be managed by Ansible.

salt__configuration_file: '/etc/salt/master.d/ansible.conf'

Salt configuration options

salt__interface

Specify the network interface the Salt Master will listen on for connections, using an IP address specification.

salt__interface: '{{ "::" if salt__ipv6 | bool else "0.0.0.0" }}'
salt__ipv6

Enable/disable IPv6 support in Salt Master.

salt__ipv6: True
salt__publish_port

The network port to set up the publication interface.

salt__publish_port: '4505'
salt__return_port

The port used by the return server, this is the server used by Salt to receive execution returns and command executions.

salt__return_port: '4506'
salt__worker_threads

Number of Salt Master workers to run.

salt__worker_threads: '{{ ansible_processor_vcpus }}'
salt__custom_options

Additional Salt Master options in YAML text block format.

salt__custom_options: ''

Configuration for other Ansible roles

salt__keyring__dependent_apt_keys

Configuration for the debops.keyring Ansible role.

salt__keyring__dependent_apt_keys:

  - id: '{{ salt__upstream_apt_key_id }}'
    repo: '{{ salt__upstream_apt_repo_map[ansible_distribution] }}'
    state: '{{ "present" if salt__upstream | bool else "absent" }}'
salt__python__dependent_packages3

Configuration for the debops.python Ansible role.

salt__python__dependent_packages3:

  - 'python3-tornado'
salt__python__dependent_packages2

Configuration for the debops.python Ansible role.

salt__python__dependent_packages2:

  - 'python-tornado'
salt__etc_services__dependent_list

Configuration for the debops.etc_services Ansible role.

salt__etc_services__dependent_list:

  - name: 'salt-publish'
    port: '{{ salt__publish_port }}'
    comment: 'Salt Master (publish)'

  - name: 'salt-return'
    port: '{{ salt__return_port }}'
    comment: 'Salt Master (return)'
salt__ferm__dependent_rules

Configuration for the debops.ferm Ansible role.

salt__ferm__dependent_rules:

  - type: 'accept'
    dport: [ 'salt-publish', 'salt-return' ]
    saddr: '{{ salt__allow }}'
    accept_any: True
    name: 'salt_accept'