pillar.example

rundeck:
    enabled: True

    # /etc/sysconfig/rundeckd (centos) or /etc/default/rundeckd (ubuntu)
    profile:
        # ftp-style
#        source_path: salt://rundeckd-profile-file

        # template-style
        RDECK_JVM: '$RDECK_JVM -Drundeck.jetty.connector.forwarded=true'
        RDECK_HTTPS_PORT: '443'

    # rundeck-config.properties
    config:
        # ftp-style
#        source_path: salt://rundeck-config-file

        # template-style
        server_url: http://localhost:4440
        datasource:
            dbcreate: 'update'
            url: 'jdbc:mysql://1.1.1.1/rundeck?autoReconnect=true'
            username: 'rundeckuser'
            password: 'cPjyvcuWbb83r3yS'
        # all other opts that aren't matched above can be inserted with the following option:
        # extra_opts:
        #   option1: 'value1'
        #   option2: 'value2'
        extra_opts:
            rundeck.projectsStorageType: 'filesystem'

    # OPTIONAL - framework.properties
    #            if set up, you must provide a server uuid, if not it will fails to avoid
    #            same uuid for different servers
    framework:
        # ftp-style
#        source_path: salt://asdfasdfsdf

        # template-style
        server_name: 'localhost'
        server_hostname: 'localhost'
        server_port: '4440'
        server_url: 'http://localhost:4440'
        rdeck_base: '/var/lib/rundeck'
        projects_dir: '/var/rundeck/projects'
        etc_dir: '/etc/rundeck '
        var_dir: '/var/lib/rundeck/var'
        tmp_dir: '/var/lib/rundeck/var/tmp'
        logs_dir: '/var/lib/rundeck/logs'
        libext_dir: '/var/lib/rundeck/libext'
        ssh_keypath: '/var/lib/rundeck/.ssh/id_rsa'
        ssh_user: 'rundeck'
        ssh_timeout: '0'
        server_uuid: 'a2b03d4e-72d9-4be8-b395-180768cb0dcf' # required

    # jaas-loginmodule.conf
    login:
        #
        # ftp-style
        #
        source_path: salt://path-to-jass-loginmodule.conf

        #
        # template-style
        #

        # realm.properties
        file:
            flag: required # OPTIONAL: Default: required
            debug: False
            use_first_pass: True
            try_first_pass: True
            store_pass: True
            clear_pass: True
            case_insensitive: True
            refresh_interval: 10
            file: '/etc/rundeck/realm.properties'

        # pam module
        pam:
            flag: requisite
            debug: False
            service: sshd
            use_unix_groups: True
            supplemental_roles: "readonly,testing"

        # ldap module
        ldap:
            flag: sufficient
            debug: True
            context_factory: 'com.sun.jndi.ldap.LdapCtxFactory'
            provider_url: 'ldap://server:389'
            bind_dn: 'cn=Manager,dc=example,dc=com'
            bind_password: 'secret'
            authentication_method: 'simple'
            force_binding_login: False
            force_binding_login_use_root_context_for_roles: False
            user_base_dn: 'ou=People,dc=test1,dc=example,dc=com'
            user_rdn_attribute: 'uid'
            user_id_attribute: 'uid'
            user_password_attribute: 'userPassword'
            user_object_class: 'account'
            role_base_dn: 'ou=Groups,dc=test1,dc=example,dc=com'
            role_name_attribute: 'cn'
            role_username_member_attribute: 'memberUid'
            role_member_attribute: 'memberUid'
            role_object_class: 'posixGroup'
            role_prefix: 'rundeck_'
            cache_duration_millis: '300000'
            supplemental_roles: 'user'
            report_statistics: True
            timeout_read: '10000'
            timeout_connect: '20000'
            nested_groups: False
            ignore_roles: True
            store_pass: True
            clear_pass: True
            use_first_pass: True
            try_first_pass: True

    # realm.properties
    realm:
        restart: True # restart rundeck if realm.properties file changes. Default False.
                      # Is optional because if the jaas-loginmodule is configured with 
                      # refreshInterval it is not needed to restart the service.
        # ftp-style
#        source_path: salt://users_file

        # template-style
        users:
            admin:
                password: MD5:asdfasdflkajsdfñlasjdf
                groups:
                    - admin
                    - user
            user1:
               password: MD5:asdfasdfasdfasdfasdfasdf
                groups:
                    - user
    # OPTIONAL, upload keys to rundeck-server
    sshkey:
        /var/lib/rundeck/.ssh:
            # id_rsa
            private: |
                -----BEGIN RSA PRIVATE KEY-----
                -----END RSA PRIVATE KEY-----
            # id_rsa.pub
            public:
                - ssh-rsa AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    plugins:
        slack:
            source: https://github.com/rundeck-plugins/slack-incoming-webhook-plugin/releases/download/v1.1/slack-incoming-webhook-plugin-1.1.jar
        salt:
            source: https://github.com/rundeck-plugins/salt-step/releases/download/0.3/rundeck-salt-plugin-0.3.jar