-
Notifications
You must be signed in to change notification settings - Fork 1
/
pillar.example
214 lines (210 loc) · 9.21 KB
/
pillar.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
# vim: ft=yaml
# yamllint disable rule:comments-indentation
---
podman:
# This will be disregarded when install_method != pkg or
# debian_unstable / debian_experimental is active.
version: latest
# pkg (= distribution default repository) or repo
# If you choose repo, by default, it will install from alvistack OBS
# repository. This is only supported for Debian and Ubuntu.
# You can switch to another repo (eg kubic unstable), see `lookup:enablerepo`
# and `parameters/os_family/Debian.yaml` or `parameters/os/Ubuntu.yaml`.
# Make sure podman is currently not installed before enabling alternative repos.
install_method: pkg
compose:
# Whether to install docker-compose, podman-compose or nothing.
# For docker-compose, you will need to set `service_enable: true`
# docker, podman, false
install: false
# Install the custom Salt execution and state modules found
# in this formula. They will not be updated automatically once
# they are present.
install_modules: false
# Set to true to install from the github repo's latest commit
# on the default branch or specify an exact git rev to install.
# This switch was introduced because only unreleased versions allowed
# the choice of creating a pod per docker-compose file.
# Since version 1.0.6 was tagged, this is not required for some configs anymore.
# In general, there are many version differences regarding the pod creation
# per docker-compose file. Versions <1 require it, versions 1.0.3/4
# do not support it, versions >=1.0.6 allow the choice (but inverted the
# semantics in comparison to the the unreleased 1.0.4).
# https://github.com/containers/podman-compose/issues/442#issuecomment-1062067920
# https://github.com/containers/podman-compose/commit/f6dbce36181c44d0d08b6f4ca166508542875ce1
podman_compose_rev: false
# Global and user-specific configuration
config:
# Global configuration in /etc/containers
global:
# Global containers.conf settings
# https://github.com/containers/common/blob/main/docs/containers.conf.5.md
containers:
containers: {}
engine: {}
machine: {}
network: {}
secrets: {}
service_destinations: {}
# list of lines in mounts.conf
mounts: []
# Container acceptance policies in policy.json, see
# https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md
# This allows containers from everywhere and you are highly encouraged
# to specify a tighter configuration.
policy:
default:
- type: insecureAcceptAnything
# Global registries.conf settings
# https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md
registries:
# List of registries to configure.
# The example config from the URI above is represented below.
registry: []
# - prefix: example.com/foo
# insecure: false
# blocked: false
# location: internal-registry-for-example.com/bar
# mirror:
# - location: example-mirror-0.local/mirror-for-foo
# - location: example-mirror-1.local/mirrors/foo
# insecure: true
# - location: registry.com
# mirror:
# - location: mirror.registry.com
# List of registries where to look when pulling unqualified images (in order).
unqualified-search-registries:
- docker.io
# Global storage.conf settings
# https://github.com/containers/storage/blob/main/docs/containers-storage.conf.5.md
storage:
storage:
driver: overlay
graphroot: /var/lib/containers/storage
options:
additionalimagestores: []
runroot: /run/containers/storage
# User-specific configuration in $XDG_CONFIG_HOME/containers.
# mapping of username to the different keys as seen in global
# If a user does not exist, skips configuration (will not create a user)
user: {}
# This formula can also manage (rootless) containers.
# Specify them in a mapping of name to arguments. All parameters to podman.create
# and podman.present are supported. In addition, the following are available:
# * env_secrets: [dict] Secrets that should be present in the environment.
# * generate_params: [dict] Arguments to podman.generate_systemd
# (Note that `new` does not work with containers created through the API,
# which also means autoupdates will not work. For context, see
# https://github.com/containers/podman/issues/19688)
containers: {}
# On Debian, it is possible to install higher versions than 3.0
# (current stable repo) by enabling unstable/experimental.
# Version 3.4/4 can be installed that way, although it is
# discouraged to mix stable and unstable/experimental.
# Better use alternative repositories like alvistack (see install_method).
# `version` will be disregarded.
# Note that experimental will fail currently if you are on another branch.
# Having compose enabled, this formula might still default to legacy
# installation during the first run if version is set to latest.
debian_experimental: false
debian_unstable: false
# If you want to use the Salt docker modules with podman, enable
# this. Support is buggy. This will install `podman system service` as a
# long-running system service.
# See https://github.com/saltstack/salt/issues/50624#issuecomment-668495953
salt_compat: false
# SELinux configuration relevant to Podman/containers.
selinux:
# `null` means that it will be left unmanaged, otherwise its value.
# You can include arbitrary booleans in this mapping.
boolean:
# Allow containers to access mounted Samba/CIFS shares
virt_use_samba: null
# Just enable the long-running system service without installing
# Salt compatibility. Has no effect when salt_compat == true.
# The service is socket-activated, hence it is only started once
# it is called.
service_enable: false
# Whether to use `pip.installed` for installing required Python packages.
# Anything other than `pip` will skip the pip states, so ensure the packages
# are included in lookup:(required_pkgs|salt_compat:pkgs). By default, this
# is true for SUSE only.
python_install_method: pip
lookup:
compose:
docker:
compose_version: 2.6.1
latest:
hash: https://github.com/docker/compose/releases/download/v{version}/docker-compose-linux-x86_64.sha256 # yamllint disable-line rule:line-length
source: https://github.com/docker/compose/releases/download/v{version}/docker-compose-linux-x86_64 # yamllint disable-line rule:line-length
legacy:
hash: https://github.com/docker/compose/releases/download/1.29.2/docker-compose-linux-x86_64.sha256 # yamllint disable-line rule:line-length
source: https://github.com/docker/compose/releases/download/1.29.2/docker-compose-linux-x86_64 # yamllint disable-line rule:line-length
legacy_versions:
- '1'
- '2'
- '3'
- '4.0'
podman:
legacy_versions:
- '1'
- '2'
- '3.0'
pip: podman-compose
pip_legacy: podman-compose==0.1.11
repo: https://github.com/containers/podman-compose
config_files:
containers: containers.conf
mounts: mounts.conf
policy: policy.json
registries: registries.conf
seccomp: /usr/share/containers/seccomp.json
storage: storage.conf
containers:
base: /opt/containers
enablerepo: alvistack
required_pkgs:
- git
- python3-pip
salt_compat:
pips:
- docker
pkgs:
- python3-pip
sockets:
docker: /var/run/docker.sock
podman: /var/run/podman/podman.sock
service:
name: podman
path: /etc/systemd/system/{name}.service
socket_path: /etc/systemd/system/{name}.socket
tofs:
# The files_switch key serves as a selector for alternative
# directories under the formula files directory. See TOFS pattern
# doc for more info.
# Note: Any value not evaluated by `config.get` will be used literally.
# This can be used to set custom paths, as many levels deep as required.
files_switch:
- any/path/can/be/used/here
- id
- roles
- osfinger
- os
- os_family
# All aspects of path/file resolution are customisable using the options below.
# This is unnecessary in most cases; there are sensible defaults.
# Default path: salt://< path_prefix >/< dirs.files >/< dirs.default >
# I.e.: salt://podman/files/default
# path_prefix: template_alt
# dirs:
# files: files_alt
# default: default_alt
# The entries under `source_files` are prepended to the default source files
# given for the state
source_files:
Podman service unit file is installed:
- 'podman_alt.service'
- 'podman_alt.service.jinja'
Podman socket unit file is installed:
- 'podman_alt.socket'
- 'podman_alt.socket.jinja'