ExternalMirrors
/
linux-formula
spogulis no https://github.com/salt-formulas/salt-formula-linux
Vērot 1
Pievienot zvaigznīti 0
Atdalīts 1
Kods Problēmas 0 Laidieni 8 Vikivietne Aktivitāte
Saltstack Official Linux Formula
Nevar pievienot vairāk kā 25 tēmas Tēmai ir jāsākas ar burtu vai ciparu, tā var saturēt domu zīmes ('-') un var būt līdz 35 simboliem gara.
506 Revīzijas
26 Atzari
Koks: 1a191e379e
Atzari Tagi
${ item.name }
Izveidot atzaru ${ searchTerm }
no '1a191e379e'
${ noResults }
linux-formula/README.rst

README.rst 40KB
Neapstrādāts Parastais skats Vēsture

Update README.rst
pirms 7 gadiem
Initial commit
pirms 9 gadiem
Update README.rst
pirms 7 gadiem
Initial commit
pirms 9 gadiem
Update README.rst
pirms 7 gadiem
Initial commit
pirms 9 gadiem
Extend linux.user - Add posibility do delete user password - Delete any password, if no other option has been passed - Allow to pass hash\plain password - Allow to unchange password Change-Id: Id2b7234ca5d4417475b2114e74840292fc57d0de
pirms 7 gadiem
Initial commit
pirms 9 gadiem
Extend linux.user - Add posibility do delete user password - Delete any password, if no other option has been passed - Allow to pass hash\plain password - Allow to unchange password Change-Id: Id2b7234ca5d4417475b2114e74840292fc57d0de
pirms 7 gadiem
Initial commit
pirms 9 gadiem
Extend linux.user - Add posibility do delete user password - Delete any password, if no other option has been passed - Allow to pass hash\plain password - Allow to unchange password Change-Id: Id2b7234ca5d4417475b2114e74840292fc57d0de
pirms 7 gadiem
Initial commit
pirms 9 gadiem
Add sudo state, salt-managed aliases,users,groups - apply review comments - add visudo check cmd
pirms 8 gadiem
Update README.rst
pirms 7 gadiem
Add sudo state, salt-managed aliases,users,groups - apply review comments - add visudo check cmd
pirms 8 gadiem
Update README.rst
pirms 7 gadiem
Add sudo state, salt-managed aliases,users,groups - apply review comments - add visudo check cmd
pirms 8 gadiem
Update README.rst fixed typo in sudo part
pirms 7 gadiem
Add sudo state, salt-managed aliases,users,groups - apply review comments - add visudo check cmd
pirms 8 gadiem
Added ability to enable SETENV in sudoers Change-Id: Icee295720a5a2425390a1bcd588841897071938e
pirms 7 gadiem
Add sudo state, salt-managed aliases,users,groups - apply review comments - add visudo check cmd
pirms 8 gadiem
Initial commit
pirms 9 gadiem
Add system.autoupdates state (#61) * Add support for autoupdates only Debian-based systems are supported for now (through unattended-upgrades package) * Fix test on system.autoupdates.pkgs
pirms 8 gadiem
Initial commit
pirms 9 gadiem
Use cron job identifier to be able to update command Change-Id: Id571945585863a08bd2317b57ecc6123a16e1857
pirms 7 gadiem
Initial commit
pirms 9 gadiem
Use cron job identifier to be able to update command Change-Id: Id571945585863a08bd2317b57ecc6123a16e1857
pirms 7 gadiem
Initial commit
pirms 9 gadiem
Support for setting security limits
pirms 9 gadiem
Enable/disable console autologin
pirms 9 gadiem
More options for consoles
pirms 9 gadiem
Enable/disable console autologin
pirms 9 gadiem
Allow setting policy-rc.d
pirms 9 gadiem
Allow setting system locales
pirms 8 gadiem
Fix readme of cs_CZ locales
pirms 8 gadiem
Allow setting system locales
pirms 8 gadiem
Allow configure systemd Change-Id: I54bc92902137899834408732ab852fd96d3f5a53
pirms 7 gadiem
Add linux.system.directory state Change-Id: Ida91f545cc705457d1bc567fbee483e14a202a3a
pirms 7 gadiem
Make linux.system.kernel functional
pirms 9 gadiem
add support for kernel modules Change-Id: I6ba3d72307805341829fe0f6919e326f3698e833
pirms 8 gadiem
RIL-267 Adding cpu governor and kernel module opts (#101) * RIL-267 Adding cpu governor and kernel module opts * RIL-267 Adding cpu governor and kernel module opts * RIL-267 Adding cpu governor and kernel module opts
pirms 7 gadiem
Make linux.system.kernel functional
pirms 9 gadiem
Linux sysctl kernel parameters
pirms 9 gadiem
cpu governor
pirms 8 gadiem
RIL-267 Adding cpu governor and kernel module opts (#101) * RIL-267 Adding cpu governor and kernel module opts * RIL-267 Adding cpu governor and kernel module opts * RIL-267 Adding cpu governor and kernel module opts
pirms 7 gadiem
cpu governor
pirms 8 gadiem
add additional shared libraries (#137) * This merge request gives the ability to add shared libaries without set LD_LIBRARY_PATH variable. 1. Generate file in /etc/ld.so.conf.d/ 2. update /etc/ld.so.cache with ldconfig command example pillars: linux: system: enabled: True ld: libraries: java: - /usr/lib/jvm/jre-openjdk/lib/amd64/server - /opt/java/jre/lib/amd64/server * fix format in README.rst for Shared Libraries * Fix for #137 - change pillar libraries key to library
pirms 7 gadiem
Add ca_certificates into readme Fixes: #120 Change-Id: Idc3b239418630a6d7cb8d5451726095c70fb6247
pirms 7 gadiem
Add support for sysfs Change-Id: I29cfe2cd9dd39b74a1d39313f78dfddc87cb79b8
pirms 7 gadiem
Hugepages support Grub hugepages configuration and mount point action. Change-Id: I49b26871c325b95a7d3f264892a9e997b58765bc Epic: PROD-8959
pirms 8 gadiem
cpu governor
pirms 8 gadiem
SRIOV support Enable SR-IOV support on server. Change-Id: I7dabe340abd398cc0422698112cbdd81804446b7 Epic: PROD-8956
pirms 8 gadiem
Implement isolcpu grub configuration Separate cpu for host os from workload. Change-Id: I5b274a6324fe2fa47c09df82c01e3b95dadb5e53 Epic: PROD-8959
pirms 8 gadiem
cpu governor
pirms 8 gadiem
Initial commit
pirms 9 gadiem
Add system.env, system.profile, system.proxy and configure proxy under system.repo
pirms 8 gadiem
Add dhclient basic configuration Allows configuring general section as well as configuring each dhcp enabled interface separetly. Does not allow alias or lease configuration.
pirms 7 gadiem
Add system.env, system.profile, system.proxy and configure proxy under system.repo
pirms 8 gadiem
Add dhclient basic configuration Allows configuring general section as well as configuring each dhcp enabled interface separetly. Does not allow alias or lease configuration.
pirms 7 gadiem
Add system.env, system.profile, system.proxy and configure proxy under system.repo
pirms 8 gadiem
README fix for purging repos
pirms 7 gadiem
Add linux.system.apt state Change-Id: I1e190f1f5b34a049335efbecffad3dddf7c41644
pirms 7 gadiem
README fix for purging repos
pirms 7 gadiem
Add system.env, system.profile, system.proxy and configure proxy under system.repo
pirms 8 gadiem
rc.local added to linux formula
pirms 9 gadiem
Add system.env, system.profile, system.proxy and configure proxy under system.repo
pirms 8 gadiem
Allow setting system-wide prompt
pirms 9 gadiem
Ensure PS1 is enforced for root
pirms 9 gadiem
rc.local added to linux formula
pirms 9 gadiem
Option to preserve bash history
pirms 9 gadiem
Set message of the day
pirms 9 gadiem
add service management support Change-Id: Iffb55fee41b8398de12554b58a9d36ae2b81e7ff
pirms 7 gadiem
Add atop Change-Id: I59297736406469e5314236cb40851d9a6f94386e
pirms 7 gadiem
RHEL compatibility of motd and prompt
pirms 9 gadiem
Support for haveged
pirms 9 gadiem
RHEL compatibility of motd and prompt
pirms 9 gadiem
Support for haveged
pirms 9 gadiem
Initial commit
pirms 9 gadiem
example usage to disable NM
pirms 9 gadiem
Initial commit
pirms 9 gadiem
example usage to disable NM
pirms 9 gadiem
Initial commit
pirms 9 gadiem
vlan networking support
pirms 9 gadiem
fix fillar syntax
pirms 9 gadiem
vlan networking support
pirms 9 gadiem
Initial commit
pirms 9 gadiem
vlan networking support
pirms 9 gadiem
Initial commit
pirms 9 gadiem
vlan networking support
pirms 9 gadiem
Initial commit
pirms 9 gadiem
One should be able to change ovs port type if its not virtual. If ovs port is virtual, we use OVSIntPort to create it. Otherwise it should be OVSPort. I've added new key: ovs_port_type to not intersect with current deployments and not hurt anyone. I've updated doc to have an example of ovs peering patch. Customer-Found Change-Id: Ieddb5fcc02d410c3cc14c89737992690cb5f3975
pirms 7 gadiem
Initial commit
pirms 9 gadiem
Introduce ipflush_onchange Change-Id: I4dc6d6db82dc4074ed247b7fc0c29bfdc867b0d6
pirms 7 gadiem
ifdown ifup fix PROD-16903 Change-Id: I660f745fc7518836f262b08fb92d39bbbe7a24e8
pirms 7 gadiem
Introduce ipflush_onchange Change-Id: I4dc6d6db82dc4074ed247b7fc0c29bfdc867b0d6
pirms 7 gadiem
Add concat and remove for interfaces.d Change-Id: Ia97c5a79c5298f24aca6ca9148ce48546f3bcb70
pirms 7 gadiem
Add dhclient basic configuration Allows configuring general section as well as configuring each dhcp enabled interface separetly. Does not allow alias or lease configuration.
pirms 7 gadiem
Add linux.network.systemd support
pirms 7 gadiem
Add dhclient basic configuration Allows configuring general section as well as configuring each dhcp enabled interface separetly. Does not allow alias or lease configuration.
pirms 7 gadiem
Add system.env, system.profile, system.proxy and configure proxy under system.repo
pirms 8 gadiem
Allow mining for the dns records for local hosts records Change-Id: I8f2a66c6edafc425794d7cedc8b9217df7ee5951
pirms 7 gadiem
Initial commit
pirms 9 gadiem
Add system.env, system.profile, system.proxy and configure proxy under system.repo
pirms 8 gadiem
Initial commit
pirms 9 gadiem
Add system.env, system.profile, system.proxy and configure proxy under system.repo
pirms 8 gadiem
Initial commit
pirms 9 gadiem
Add system.env, system.profile, system.proxy and configure proxy under system.repo
pirms 8 gadiem
Allow mining for the dns records for local hosts records Change-Id: I8f2a66c6edafc425794d7cedc8b9217df7ee5951
pirms 7 gadiem
Add system.env, system.profile, system.proxy and configure proxy under system.repo
pirms 8 gadiem
Initial commit
pirms 9 gadiem
Allow enforcing of whole /etc/hosts Parameter purge_hosts will enforce whole /etc/hosts file, removing entries that are not defined in model except defaults for both IPv4 and IPv6 localhost and hostname + fqdn. It's good to use this option if you want to ensure /etc/hosts is always in a clean state however it's not enabled by default for safety. Change-Id: Ieb219b2dd494d5a66ecc52a2ec00dd5157ee2b7a
pirms 8 gadiem
Allow mining for the dns records for local hosts records Change-Id: I8f2a66c6edafc425794d7cedc8b9217df7ee5951
pirms 7 gadiem
Allow enforcing of whole /etc/hosts Parameter purge_hosts will enforce whole /etc/hosts file, removing entries that are not defined in model except defaults for both IPv4 and IPv6 localhost and hostname + fqdn. It's good to use this option if you want to ensure /etc/hosts is always in a clean state however it's not enabled by default for safety. Change-Id: Ieb219b2dd494d5a66ecc52a2ec00dd5157ee2b7a
pirms 8 gadiem
Initial commit
pirms 9 gadiem
Allow enforcing of whole /etc/hosts Parameter purge_hosts will enforce whole /etc/hosts file, removing entries that are not defined in model except defaults for both IPv4 and IPv6 localhost and hostname + fqdn. It's good to use this option if you want to ensure /etc/hosts is always in a clean state however it's not enabled by default for safety. Change-Id: Ieb219b2dd494d5a66ecc52a2ec00dd5157ee2b7a
pirms 8 gadiem
Initial commit
pirms 9 gadiem
Allow enforcing of whole /etc/hosts Parameter purge_hosts will enforce whole /etc/hosts file, removing entries that are not defined in model except defaults for both IPv4 and IPv6 localhost and hostname + fqdn. It's good to use this option if you want to ensure /etc/hosts is always in a clean state however it's not enabled by default for safety. Change-Id: Ieb219b2dd494d5a66ecc52a2ec00dd5157ee2b7a
pirms 8 gadiem
Initial commit
pirms 9 gadiem
Allow mining for the dns records for local hosts records Change-Id: I8f2a66c6edafc425794d7cedc8b9217df7ee5951
pirms 7 gadiem
Allow enforcing of whole /etc/hosts Parameter purge_hosts will enforce whole /etc/hosts file, removing entries that are not defined in model except defaults for both IPv4 and IPv6 localhost and hostname + fqdn. It's good to use this option if you want to ensure /etc/hosts is always in a clean state however it's not enabled by default for safety. Change-Id: Ieb219b2dd494d5a66ecc52a2ec00dd5157ee2b7a
pirms 8 gadiem
Allow setting resolv.conf
pirms 9 gadiem
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
pirms 8 gadiem
Allow setting resolv.conf
pirms 9 gadiem
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
pirms 8 gadiem
fix options setting in resolv
pirms 8 gadiem
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
pirms 8 gadiem
Allow mining for the dns records for local hosts records Change-Id: I8f2a66c6edafc425794d7cedc8b9217df7ee5951
pirms 7 gadiem
Feature: automatically set txqueuelen for all tap* network interfaces Config: linux: network: tap_custom_txqueuelen: 10000 in case of configuration parameter defined will create file: /etc/udev/rules.d/60-net-txqueue.rules with content: KERNEL==”tap[0-9a-z\-]*", RUN+="/sbin/ip link set %k txqueuelen 10000"
pirms 8 gadiem
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
pirms 8 gadiem
[DPDK] Enable VT-d in kernel via grub in case vfio-pci PMD driver This is required in order to use vfio-pci driver. More info: http://docs.openvswitch.org/en/latest/intro/install/dpdk/ Change-Id: I1c936ffd4a903b9c6d67cdde6c612019a85f9b9e
pirms 7 gadiem
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
pirms 8 gadiem
[DPDK] Enable VT-d in kernel via grub in case vfio-pci PMD driver This is required in order to use vfio-pci driver. More info: http://docs.openvswitch.org/en/latest/intro/install/dpdk/ Change-Id: I1c936ffd4a903b9c6d67cdde6c612019a85f9b9e
pirms 7 gadiem
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
pirms 8 gadiem
[DPDK] Add ability to set pmd_rxq_affinity for dpdk interfaces This enables a more fine tuned dpdk for better performance. More details on pmd-rxq-affinity config: http://docs.openvswitch.org/en/latest/howto/dpdk/ Change-Id: I630c6af94ff733619fb175f522fc515984862ff6
pirms 7 gadiem
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
pirms 8 gadiem
Linux OVS dpdk vxlan tunnel endpoint ip address Add possiblity to add ip address and mtu on dpdk ovs bridge to be able use VXLAN as tenant segmentation. Change-Id: I1394d30c5d9935218841b17ff7651dac7b4abefa Epic: PROD-8957
pirms 8 gadiem
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
pirms 8 gadiem
Allow setting resolv.conf
pirms 9 gadiem
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
pirms 8 gadiem
[DPDK] Enable VT-d in kernel via grub in case vfio-pci PMD driver This is required in order to use vfio-pci driver. More info: http://docs.openvswitch.org/en/latest/intro/install/dpdk/ Change-Id: I1c936ffd4a903b9c6d67cdde6c612019a85f9b9e
pirms 7 gadiem
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
pirms 8 gadiem
[DPDK] Enable VT-d in kernel via grub in case vfio-pci PMD driver This is required in order to use vfio-pci driver. More info: http://docs.openvswitch.org/en/latest/intro/install/dpdk/ Change-Id: I1c936ffd4a903b9c6d67cdde6c612019a85f9b9e
pirms 7 gadiem
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
pirms 8 gadiem
[DPDK] Add ability to set pmd_rxq_affinity for dpdk interfaces This enables a more fine tuned dpdk for better performance. More details on pmd-rxq-affinity config: http://docs.openvswitch.org/en/latest/howto/dpdk/ Change-Id: I630c6af94ff733619fb175f522fc515984862ff6
pirms 7 gadiem
Linux OVS dpdk vxlan tunnel endpoint ip address Add possiblity to add ip address and mtu on dpdk ovs bridge to be able use VXLAN as tenant segmentation. Change-Id: I1394d30c5d9935218841b17ff7651dac7b4abefa Epic: PROD-8957
pirms 8 gadiem
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
pirms 8 gadiem
[DPDK] Enable VT-d in kernel via grub in case vfio-pci PMD driver This is required in order to use vfio-pci driver. More info: http://docs.openvswitch.org/en/latest/intro/install/dpdk/ Change-Id: I1c936ffd4a903b9c6d67cdde6c612019a85f9b9e
pirms 7 gadiem
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
pirms 8 gadiem
[DPDK] Add ability to set pmd_rxq_affinity for dpdk interfaces This enables a more fine tuned dpdk for better performance. More details on pmd-rxq-affinity config: http://docs.openvswitch.org/en/latest/howto/dpdk/ Change-Id: I630c6af94ff733619fb175f522fc515984862ff6
pirms 7 gadiem
Linux OVS dpdk vxlan tunnel endpoint ip address Add possiblity to add ip address and mtu on dpdk ovs bridge to be able use VXLAN as tenant segmentation. Change-Id: I1394d30c5d9935218841b17ff7651dac7b4abefa Epic: PROD-8957
pirms 8 gadiem
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
pirms 8 gadiem
Linux OVS dpdk vxlan tunnel endpoint ip address Add possiblity to add ip address and mtu on dpdk ovs bridge to be able use VXLAN as tenant segmentation. Change-Id: I1394d30c5d9935218841b17ff7651dac7b4abefa Epic: PROD-8957
pirms 8 gadiem
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
pirms 8 gadiem
Initial commit
pirms 9 gadiem
Fix mount examples in the README The enabled flag is mandatory.
pirms 8 gadiem
Initial commit
pirms 9 gadiem
nfs storage mount
pirms 7 gadiem
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
pirms 8 gadiem
Initial commit
pirms 9 gadiem
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
pirms 8 gadiem
add swap partition support
pirms 9 gadiem
Support for LVM
pirms 9 gadiem
Fix mount examples in the README The enabled flag is mandatory.
pirms 8 gadiem
Support for LVM
pirms 9 gadiem
Disk partitioning Ability to create partitions on empty disks. Change-Id: I0a71da9d62d8f7df3fa03e3f34d49bad6988ba6d
pirms 7 gadiem
add startsector for partitions
pirms 7 gadiem
Disk partitioning Ability to create partitions on empty disks. Change-Id: I0a71da9d62d8f7df3fa03e3f34d49bad6988ba6d
pirms 7 gadiem
add startsector for partitions
pirms 7 gadiem
Disk partitioning Ability to create partitions on empty disks. Change-Id: I0a71da9d62d8f7df3fa03e3f34d49bad6988ba6d
pirms 7 gadiem
Extend by mkfs for XFS filesystem Change-Id: I3a6a8fc227cb9abd785b342584038e34d57a4175
pirms 7 gadiem
Disk partitioning Ability to create partitions on empty disks. Change-Id: I0a71da9d62d8f7df3fa03e3f34d49bad6988ba6d
pirms 7 gadiem
Refactored multipath support
pirms 8 gadiem
Add linux.storage.loopback state This state allows to configure loopback device(s). This isn't meant to be used in production but offers a cheap way to test Cinder with LVM volumes.
pirms 8 gadiem
Add support for external config generation
pirms 8 gadiem
netconsole remote kernel logger To configure: * set system.netconsole.enabled to true * create system.netconsole.target dict * set a record with IP address and MAC and interface as subdict It works with both static and DHCP interfaces, and applies online. You could use bash-scripting in netconsole.conf. You could override the MAC. See tests/pillar/system.sls for further information. Change-Id: I1cbde47575eb5d32a34cd6d79a063f42dbea7643
pirms 7 gadiem
Refactored multipath support
pirms 8 gadiem
Initial commit
pirms 9 gadiem
Unify Makefile, .gitignore and update readme
pirms 8 gadiem
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686 
  1. ============

  2. Linux Fomula

  3. ============

  4. 

  5. Linux Operating Systems.

  6. 

  7. * Ubuntu

  8. * CentOS

  9. * RedHat

  10. * Fedora

  11. * Arch

  12. 

  13. Sample Pillars

  14. ==============

  15. 

  16. 

  17. Linux System

  18. ------------

  19. 

  20. Basic Linux box

  21. 

  22. .. code-block:: yaml

  23. 

  24.     linux:

  25.       system:

  26.         enabled: true

  27.         name: 'node1'

  28.         domain: 'domain.com'

  29.         cluster: 'system'

  30.         environment: prod

  31.         timezone: 'Europe/Prague'

  32.         utc: true

  33. 

  34. Linux with system users, some with password set:

  35. .. WARNING::

  36. If no 'password' variable has been passed - any predifined password

  37. will be removed.

  38. 

  39. .. code-block:: yaml

  40. 

  41.     linux:

  42.       system:

  43.         ...

  44.         user:

  45.           jdoe:

  46.             name: 'jdoe'

  47.             enabled: true

  48.             sudo: true

  49.             shell: /bin/bash

  50.             full_name: 'Jonh Doe'

  51.             home: '/home/jdoe'

  52.             email: 'jonh@doe.com'

  53.           jsmith:

  54.             name: 'jsmith'

  55.             enabled: true

  56.             full_name: 'With clear password'

  57.             home: '/home/jsmith'

  58.             hash_password: true

  59.             password: "userpassword"

  60.           mark:

  61.             name: 'mark'

  62.             enabled: true

  63.             full_name: "unchange password'

  64.             home: '/home/mark'

  65.             password: false

  66.           elizabeth:

  67.             name: 'elizabeth'

  68.             enabled: true

  69.             full_name: 'With hased password'

  70.             home: '/home/elizabeth'

  71.             password: "$6$nUI7QEz3$dFYjzQqK5cJ6HQ38KqG4gTWA9eJu3aKx6TRVDFh6BVJxJgFWg2akfAA7f1fCxcSUeOJ2arCO6EEI6XXnHXxG10"

  72. 

  73. Configure sudo for users and groups under ``/etc/sudoers.d/``.

  74. This ways ``linux.system.sudo`` pillar map to actual sudo attributes:

  75. 

  76. .. code-block:: jinja

  77. 

  78.    # simplified template:

  79.    Cmds_Alias {{ alias }}={{ commands }}

  80.    {{ user }}   {{ hosts }}=({{ runas }}) NOPASSWD: {{ commands }}

  81.    %{{ group }} {{ hosts }}=({{ runas }}) NOPASSWD: {{ commands }}

  82. 

  83.    # when rendered:

  84.    saltuser1 ALL=(ALL) NOPASSWD: ALL

  85. 

  86. .. code-block:: yaml

  87. 

  88.   linux:

  89.     system:

  90.       sudo:

  91.         enabled: true

  92.         aliases:

  93.           host:

  94.             LOCAL:

  95.             - localhost

  96.             PRODUCTION:

  97.             - db1

  98.             - db2

  99.           runas:

  100.             DBA:

  101.             - postgres

  102.             - mysql

  103.             SALT:

  104.             - root

  105.           command:

  106.             # Note: This is not 100% safe when ALL keyword is used, user still may modify configs and hide his actions.

  107.             #       Best practice is to specify full list of commands user is allowed to run.

  108.             SUPPORT_RESTRICTED:

  109.             - /bin/vi /etc/sudoers*

  110.             - /bin/vim /etc/sudoers*

  111.             - /bin/nano /etc/sudoers*

  112.             - /bin/emacs /etc/sudoers*

  113.             - /bin/su - root

  114.             - /bin/su -

  115.             - /bin/su

  116.             - /usr/sbin/visudo

  117.             SUPPORT_SHELLS:

  118.             - /bin/sh

  119.             - /bin/ksh

  120.             - /bin/bash

  121.             - /bin/rbash

  122.             - /bin/dash

  123.             - /bin/zsh

  124.             - /bin/csh

  125.             - /bin/fish

  126.             - /bin/tcsh

  127.             - /usr/bin/login

  128.             - /usr/bin/su

  129.             - /usr/su

  130.             ALL_SALT_SAFE:

  131.             - /usr/bin/salt state*

  132.             - /usr/bin/salt service*

  133.             - /usr/bin/salt pillar*

  134.             - /usr/bin/salt grains*

  135.             - /usr/bin/salt saltutil*

  136.             - /usr/bin/salt-call state*

  137.             - /usr/bin/salt-call service*

  138.             - /usr/bin/salt-call pillar*

  139.             - /usr/bin/salt-call grains*

  140.             - /usr/bin/salt-call saltutil*

  141.             SALT_TRUSTED:

  142.             - /usr/bin/salt*

  143.         users:

  144.           # saltuser1 with default values: saltuser1 ALL=(ALL) NOPASSWD: ALL

  145.           saltuser1: {}

  146.           saltuser2:

  147.             hosts:

  148.             - LOCAL

  149.           # User Alias DBA

  150.           DBA:

  151.             hosts:

  152.             - ALL

  153.             commands:

  154.             - ALL_SALT_SAFE

  155.         groups:

  156.           db-ops:

  157.             hosts:

  158.             - ALL

  159.             - '!PRODUCTION'

  160.             runas:

  161.             - DBA

  162.             commands:

  163.             - /bin/cat *

  164.             - /bin/less *

  165.             - /bin/ls *

  166.           salt-ops:

  167.             hosts:

  168.             - 'ALL'

  169.             runas:

  170.             - SALT

  171.             commands:

  172.             - SUPPORT_SHELLS

  173.           salt-ops-2nd:

  174.             name: salt-ops

  175.             nopasswd: false

  176.             setenv: true # Enable sudo -E option

  177.             runas:

  178.             - DBA

  179.             commands:

  180.             - ALL

  181.             - '!SUPPORT_SHELLS'

  182.             - '!SUPPORT_RESTRICTED'

  183. 

  184. Linux with package, latest version

  185. 

  186. .. code-block:: yaml

  187. 

  188.     linux:

  189.       system:

  190.         ...

  191.         package:

  192.           package-name:

  193.             version: latest

  194. 

  195. Linux with package from certail repo, version with no upgrades

  196. 

  197. .. code-block:: yaml

  198. 

  199.     linux:

  200.       system:

  201.         ...

  202.         package:

  203.           package-name:

  204.             version: 2132.323

  205.             repo: 'custom-repo'

  206.             hold: true

  207. 

  208. Linux with package from certail repo, version with no GPG verification

  209. 

  210. .. code-block:: yaml

  211. 

  212.     linux:

  213.       system:

  214.         ...

  215.         package:

  216.           package-name:

  217.             version: 2132.323

  218.             repo: 'custom-repo'

  219.             verify: false

  220. 

  221. Linux with autoupdates (automatically install security package updates)

  222. 

  223. .. code-block:: yaml

  224. 

  225.     linux:

  226.       system:

  227.         ...

  228.         autoupdates:

  229.           enabled: true

  230.           mail: root@localhost

  231.           mail_only_on_error: true

  232.           remove_unused_dependencies: false

  233.           automatic_reboot: true

  234.           automatic_reboot_time: "02:00"

  235. 

  236. Linux with cron jobs

  237. By default it will use name as an identifier, unless identifier key is

  238. explicitly set or False (then it will use Salt's default behavior which is

  239. identifier same as command resulting in not being able to change it)

  240. 

  241. .. code-block:: yaml

  242. 

  243.     linux:

  244.       system:

  245.         ...

  246.         job:

  247.           cmd1:

  248.             command: '/cmd/to/run'

  249.             identifier: cmd1

  250.             enabled: true

  251.             user: 'root'

  252.             hour: 2

  253.             minute: 0

  254. 

  255. Linux security limits (limit sensu user memory usage to max 1GB):

  256. 

  257. .. code-block:: yaml

  258. 

  259.     linux:

  260.       system:

  261.         ...

  262.         limit:

  263.           sensu:

  264.             enabled: true

  265.             domain: sensu

  266.             limits:

  267.               - type: hard

  268.                 item: as

  269.                 value: 1000000

  270. 

  271. Enable autologin on tty1 (may work only for Ubuntu 14.04):

  272. 

  273. .. code-block:: yaml

  274. 

  275.     linux:

  276.       system:

  277.         console:

  278.           tty1:

  279.             autologin: root

  280.           # Enable serial console

  281.           ttyS0:

  282.             autologin: root

  283.             rate: 115200

  284.             term: xterm

  285. 

  286. To disable set autologin to `false`.

  287. 

  288. Set ``policy-rc.d`` on Debian-based systems. Action can be any available

  289. command in ``while true`` loop and ``case`` context.

  290. Following will disallow dpkg to stop/start services for cassandra package automatically:

  291. 

  292. .. code-block:: yaml

  293. 

  294.     linux:

  295.       system:

  296.         policyrcd:

  297.           - package: cassandra

  298.             action: exit 101

  299.           - package: '*'

  300.             action: switch

  301. 

  302. Set system locales:

  303. 

  304. .. code-block:: yaml

  305. 

  306.     linux:

  307.       system:

  308.         locale:

  309.           en_US.UTF-8:

  310.             default: true

  311.           "cs_CZ.UTF-8 UTF-8":

  312.             enabled: true

  313. 

  314. Systemd settings:

  315. 

  316. .. code-block:: yaml

  317. 

  318.     linux:

  319.       system:

  320.         ...

  321.         systemd:

  322.           system:

  323.             Manager:

  324.               DefaultLimitNOFILE: 307200

  325.               DefaultLimitNPROC: 307200

  326.           user:

  327.             Manager:

  328.               DefaultLimitCPU: 2

  329.               DefaultLimitNPROC: 4

  330. 

  331. Ensure presence of directory:

  332. 

  333. .. code-block:: yaml

  334. 

  335.     linux:

  336.       system:

  337.         directory:

  338.           /tmp/test:

  339.             user: root

  340.             group: root

  341.             mode: 700

  342.             makedirs: true

  343. 

  344. Kernel

  345. ~~~~~~

  346. 

  347. Install always up to date LTS kernel and headers from Ubuntu trusty:

  348. 

  349. .. code-block:: yaml

  350. 

  351.     linux:

  352.       system:

  353.         kernel:

  354.           type: generic

  355.           lts: trusty

  356.           headers: true

  357. 

  358. Load kernel modules and add them to `/etc/modules`:

  359. 

  360. .. code-block:: yaml

  361. 

  362.     linux:

  363.       system:

  364.         kernel:

  365.           modules:

  366.             - nf_conntrack

  367.             - tp_smapi

  368.             - 8021q

  369. 

  370. Configure or blacklist kernel modules with additional options to `/etc/modprobe.d` following example 

  371. will add `/etc/modprobe.d/nf_conntrack.conf` file with line `options nf_conntrack hashsize=262144`:

  372. 

  373. .. code-block:: yaml

  374. 

  375.     linux:

  376.       system:

  377.         kernel:

  378.           module:

  379.             nf_conntrack:

  380.               option:

  381.                 hashsize: 262144

  382. 

  383. 

  384. 

  385. Install specific kernel version and ensure all other kernel packages are

  386. not present. Also install extra modules and headers for this kernel:

  387. 

  388. .. code-block:: yaml

  389. 

  390.     linux:

  391.       system:

  392.         kernel:

  393.           type: generic

  394.           extra: true

  395.           headers: true

  396.           version: 4.2.0-22

  397. 

  398. Systcl kernel parameters

  399. 

  400. .. code-block:: yaml

  401. 

  402.     linux:

  403.       system:

  404.         kernel:

  405.           sysctl:

  406.             net.ipv4.tcp_keepalive_intvl: 3

  407.             net.ipv4.tcp_keepalive_time: 30

  408.             net.ipv4.tcp_keepalive_probes: 8

  409. 

  410. 

  411. CPU

  412. ~~~

  413. 

  414. Enable cpufreq governor for every cpu:

  415. 

  416. .. code-block:: yaml

  417. 

  418.     linux:

  419.       system:

  420.         cpu:

  421.           governor: performance

  422. 

  423. 

  424. Shared Libraries

  425. ~~~~~~~~~~~~~~~~

  426. 

  427. Set additional shared library to Linux system library path

  428. 

  429. .. code-block:: yaml

  430. 

  431.     linux:

  432.       system:

  433.         ld:

  434.           library:

  435.             java:

  436.               - /usr/lib/jvm/jre-openjdk/lib/amd64/server

  437.               - /opt/java/jre/lib/amd64/server

  438.     

  439. 

  440. Certificates

  441. ~~~~~~~~~~~~

  442. 

  443. Add certificate authority into system trusted CA bundle

  444. 

  445. .. code-block:: yaml

  446. 

  447.     linux:

  448.       system:

  449.         ca_certificates:

  450.           mycert: |

  451.             -----BEGIN CERTIFICATE-----

  452.             MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG

  453.             A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz

  454.             cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2

  455.             MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV

  456.             BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt

  457.             YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN

  458.             ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE

  459.             BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is

  460.             I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G

  461.             CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do

  462.             lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc

  463.             AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k

  464.             -----END CERTIFICATE-----

  465. 

  466. Sysfs

  467. ~~~~~

  468. 

  469. Install sysfsutils and set sysfs attributes:

  470. 

  471. .. code-block:: yaml

  472. 

  473.     linux:

  474.       system:

  475.         sysfs:

  476.           scheduler:

  477.             block/sda/queue/scheduler: deadline

  478.           power:

  479.             mode:

  480.               power/state: 0660

  481.             owner:

  482.               power/state: "root:power"

  483.             devices/system/cpu/cpu0/cpufreq/scaling_governor: powersave

  484. 

  485. Huge Pages

  486. ~~~~~~~~~~~~

  487. 

  488. Huge Pages give a performance boost to applications that intensively deal

  489. with memory allocation/deallocation by decreasing memory fragmentation.

  490. 

  491. .. code-block:: yaml

  492. 

  493.     linux:

  494.       system:

  495.         kernel:

  496.           hugepages:

  497.             small:

  498.               size: 2M

  499.               count: 107520

  500.               mount_point: /mnt/hugepages_2MB

  501.               mount: false/true # default false

  502.             large:

  503.               default: true # default automatically mounted

  504.               size: 1G

  505.               count: 210

  506.               mount_point: /mnt/hugepages_1GB

  507. 

  508. Note: not recommended to use both pagesizes in concurrently.

  509. 

  510. Intel SR-IOV

  511. ~~~~~~~~~~~~

  512. 

  513. PCI-SIG Single Root I/O Virtualization and Sharing (SR-IOV) specification defines a standardized mechanism to virtualize PCIe devices. The mechanism can virtualize a single PCIe Ethernet controller to appear as multiple PCIe devices.

  514. 

  515. .. code-block:: yaml

  516. 

  517.     linux:

  518.       system:

  519.         kernel:

  520.           sriov: True

  521.           unsafe_interrupts: False # Default is false. for older platforms and AMD we need to add interrupt remapping workaround

  522.         rc:

  523.           local: |

  524.             #!/bin/sh -e

  525.             # Enable 7 VF on eth1

  526.             echo 7 > /sys/class/net/eth1/device/sriov_numvfs; sleep 2; ifup -a

  527.             exit 0

  528. 

  529. Isolate CPU options

  530. ~~~~~~~~~~~~~~~~~~~

  531. 

  532. Remove the specified CPUs, as defined by the cpu_number values, from the general kernel

  533. SMP balancing and scheduler algroithms. The only way to move a process onto or off an

  534. "isolated" CPU is via the CPU affinity syscalls. cpu_number begins at 0, so the

  535. maximum value is 1 less than the number of CPUs on the system.

  536. 

  537. .. code-block:: yaml

  538. 

  539.     linux:

  540.       system:

  541.         kernel:

  542.           isolcpu: 1,2,3,4,5,6,7 # isolate first cpu 0

  543. 

  544. Repositories

  545. ~~~~~~~~~~~~

  546. 

  547. RedHat based Linux with additional OpenStack repo

  548. 

  549. .. code-block:: yaml

  550. 

  551.     linux:

  552.       system:

  553.         ...

  554.         repo:

  555.           rdo-icehouse:

  556.             enabled: true

  557.             source: 'http://repos.fedorapeople.org/repos/openstack/openstack-icehouse/epel-6/'

  558.             pgpcheck: 0

  559. 

  560. Ensure system repository to use czech Debian mirror (``default: true``)

  561. Also pin it's packages with priority 900.

  562. 

  563. .. code-block:: yaml

  564. 

  565.    linux:

  566.      system:

  567.        repo:

  568.          debian:

  569.            default: true

  570.            source: "deb http://ftp.cz.debian.org/debian/ jessie main contrib non-free"

  571.            # Import signing key from URL if needed

  572.            key_url: "http://dummy.com/public.gpg"

  573.            pin:

  574.              - pin: 'origin "ftp.cz.debian.org"'

  575.                priority: 900

  576.                package: '*'

  577. 

  578. 

  579. Package manager proxy setup globally:

  580. 

  581. .. code-block:: yaml

  582. 

  583.     linux:

  584.       system:

  585.         ...

  586.         repo:

  587.           apt-mk:

  588.             source: "deb http://apt-mk.mirantis.com/ stable main salt"

  589.         ...

  590.         proxy:

  591.           pkg:

  592.             enabled: true

  593.             ftp:   ftp://ftp-proxy-for-apt.host.local:2121

  594.           ...

  595.           # NOTE: Global defaults for any other componet that configure proxy on the system.

  596.           #       If your environment has just one simple proxy, set it on linux:system:proxy.

  597.           #

  598.           # fall back system defaults if linux:system:proxy:pkg has no protocol specific entries

  599.           # as for https and http

  600.           ftp:   ftp://proxy.host.local:2121

  601.           http:  http://proxy.host.local:3142

  602.           https: https://proxy.host.local:3143

  603. 

  604. Package manager proxy setup per repository:

  605. 

  606. .. code-block:: yaml

  607. 

  608.     linux:

  609.       system:

  610.         ...

  611.         repo:

  612.           debian:

  613.             source: "deb http://apt-mk.mirantis.com/ stable main salt"

  614.         ...

  615.           apt-mk:

  616.             source: "deb http://apt-mk.mirantis.com/ stable main salt"

  617.             # per repository proxy

  618.             proxy:

  619.               enabled: true

  620.               http:  http://maas-01:8080

  621.               https: http://maas-01:8080

  622.         ...

  623.         proxy:

  624.           # package manager fallback defaults

  625.           # used if linux:system:repo:apt-mk:proxy has no protocol specific entries

  626.           pkg:

  627.             enabled: true

  628.             ftp:   ftp://proxy.host.local:2121

  629.             #http:  http://proxy.host.local:3142

  630.             #https: https://proxy.host.local:3143

  631.           ...

  632.           # global system fallback system defaults

  633.           ftp:   ftp://proxy.host.local:2121

  634.           http:  http://proxy.host.local:3142

  635.           https: https://proxy.host.local:3143

  636. 

  637. 

  638. Remove all repositories:

  639. 

  640. .. code-block:: yaml

  641. 

  642.     linux:

  643.       system:

  644.         purge_repos: true

  645. 

  646. Setup custom apt config options:

  647. 

  648. .. code-block:: yaml

  649. 

  650.     linux:

  651.       system:

  652.         apt:

  653.           config:

  654.             compression-workaround:

  655.               "Acquire::CompressionTypes::Order": "gz"

  656.             docker-clean:

  657.               "DPkg::Post-Invoke":

  658.                 - "rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true"

  659.               "APT::Update::Post-Invoke":

  660.                 - "rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true"

  661. 

  662. RC

  663. ~~

  664. 

  665. rc.local example

  666. 

  667. .. code-block:: yaml

  668. 

  669.    linux:

  670.      system:

  671.        rc:

  672.          local: |

  673.            #!/bin/sh -e

  674.            #

  675.            # rc.local

  676.            #

  677.            # This script is executed at the end of each multiuser runlevel.

  678.            # Make sure that the script will "exit 0" on success or any other

  679.            # value on error.

  680.            #

  681.            # In order to enable or disable this script just change the execution

  682.            # bits.

  683.            #

  684.            # By default this script does nothing.

  685.            exit 0

  686. 

  687. 

  688. Prompt

  689. ~~~~~~

  690. 

  691. Setting prompt is implemented by creating ``/etc/profile.d/prompt.sh``. Every

  692. user can have different prompt.

  693. 

  694. .. code-block:: yaml

  695. 

  696.     linux:

  697.       system:

  698.         prompt:

  699.           root: \\n\\[\\033[0;37m\\]\\D{%y/%m/%d %H:%M:%S} $(hostname -f)\\[\\e[0m\\]\\n\\[\\e[1;31m\\][\\u@\\h:\\w]\\[\\e[0m\\]

  700.           default: \\n\\D{%y/%m/%d %H:%M:%S} $(hostname -f)\\n[\\u@\\h:\\w]

  701. 

  702. On Debian systems to set prompt system-wide it's necessary to remove setting

  703. PS1 in ``/etc/bash.bashrc`` and ``~/.bashrc`` (which comes from

  704. ``/etc/skel/.bashrc``). This formula will do this automatically, but will not

  705. touch existing user's ``~/.bashrc`` files except root.

  706. 

  707. Bash

  708. ~~~~

  709. 

  710. Fix bash configuration to preserve history across sessions (like ZSH does by

  711. default).

  712. 

  713. .. code-block:: yaml

  714. 

  715.     linux:

  716.       system:

  717.         bash:

  718.           preserve_history: true

  719. 

  720. Message of the day

  721. ~~~~~~~~~~~~~~~~~~

  722. 

  723. ``pam_motd`` from package ``update-motd`` is used for dynamic messages of the

  724. day. Setting custom motd will cleanup existing ones.

  725. 

  726. .. code-block:: yaml

  727. 

  728.     linux:

  729.       system:

  730.         motd:

  731.           - release: |

  732.               #!/bin/sh

  733.               [ -r /etc/lsb-release ] && . /etc/lsb-release

  734. 

  735.               if [ -z "$DISTRIB_DESCRIPTION" ] && [ -x /usr/bin/lsb_release ]; then

  736.               	# Fall back to using the very slow lsb_release utility

  737.               	DISTRIB_DESCRIPTION=$(lsb_release -s -d)

  738.               fi

  739. 

  740.               printf "Welcome to %s (%s %s %s)\n" "$DISTRIB_DESCRIPTION" "$(uname -o)" "$(uname -r)" "$(uname -m)"

  741.           - warning: |

  742.               #!/bin/sh

  743.               printf "This is [company name] network.\n"

  744.               printf "Unauthorized access strictly prohibited.\n"

  745. 

  746. Services

  747. ~~~~~~~~

  748. 

  749. Stop and disable linux service:

  750. 

  751. .. code-block:: yaml

  752. 

  753.     linux:

  754.       system:

  755.         service:

  756.           apt-daily.timer:

  757.             status: dead

  758. 

  759. Possible status is dead (disable service by default), running (enable service by default), enabled, disabled.

  760. 

  761. Linux with atop service:

  762. 

  763. .. code-block:: yaml

  764. 

  765.     linux:

  766.       system:

  767.         atop:

  768.           enabled: true

  769.           interval: 20

  770.           logpath: "/var/log/atop"

  771.           outfile: "/var/log/atop/daily.log"

  772. 

  773. RHEL / CentOS

  774. ^^^^^^^^^^^^^

  775. 

  776. Unfortunately ``update-motd`` is currently not available for RHEL so there's

  777. no native support for dynamic motd.

  778. You can still set static one, only pillar structure differs:

  779. 

  780. .. code-block:: yaml

  781. 

  782.     linux:

  783.       system:

  784.         motd: |

  785.           This is [company name] network.

  786.           Unauthorized access strictly prohibited.

  787. 

  788. Haveged

  789. ~~~~~~~

  790. 

  791. If you are running headless server and are low on entropy, it may be a good

  792. idea to setup Haveged.

  793. 

  794. .. code-block:: yaml

  795. 

  796.     linux:

  797.       system:

  798.         haveged:

  799.           enabled: true

  800. 

  801. Linux network

  802. -------------

  803. 

  804. Linux with network manager

  805. 

  806. .. code-block:: yaml

  807. 

  808.     linux:

  809.       network:

  810.         enabled: true

  811.         network_manager: true

  812. 

  813. Linux with default static network interfaces, default gateway interface and DNS servers

  814. 

  815. .. code-block:: yaml

  816. 

  817.     linux:

  818.       network:

  819.         enabled: true

  820.         interface:

  821.           eth0:

  822.             enabled: true

  823.             type: eth

  824.             address: 192.168.0.102

  825.             netmask: 255.255.255.0

  826.             gateway: 192.168.0.1

  827.             name_servers:

  828.             - 8.8.8.8

  829.             - 8.8.4.4

  830.             mtu: 1500

  831. 

  832. Linux with bonded interfaces and disabled NetworkManager

  833. 

  834. .. code-block:: yaml

  835. 

  836.     linux:

  837.       network:

  838.         enabled: true

  839.         interface:

  840.           eth0:

  841.             type: eth

  842.             ...

  843.           eth1:

  844.             type: eth

  845.             ...

  846.           bond0:

  847.             enabled: true

  848.             type: bond

  849.             address: 192.168.0.102

  850.             netmask: 255.255.255.0

  851.             mtu: 1500

  852.             use_in:

  853.             - interface: ${linux:interface:eth0}

  854.             - interface: ${linux:interface:eth0}

  855.         network_manager:

  856.           disable: true

  857. 

  858. Linux with vlan interface_params

  859. 

  860. .. code-block:: yaml

  861. 

  862.     linux:

  863.       network:

  864.         enabled: true

  865.         interface:

  866.           vlan69:

  867.             type: vlan

  868.             use_interfaces:

  869.             - interface: ${linux:interface:bond0}

  870. 

  871. Linux with wireless interface parameters

  872. 

  873. .. code-block:: yaml

  874. 

  875.     linux:

  876.       network:

  877.         enabled: true

  878.         gateway: 10.0.0.1

  879.         default_interface: eth0

  880.         interface:

  881.           wlan0:

  882.             type: eth

  883.             wireless:

  884.               essid: example

  885.               key: example_key

  886.               security: wpa

  887.               priority: 1

  888. 

  889. Linux networks with routes defined

  890. 

  891. .. code-block:: yaml

  892. 

  893.     linux:

  894.       network:

  895.         enabled: true

  896.         gateway: 10.0.0.1

  897.         default_interface: eth0

  898.         interface:

  899.           eth0:

  900.             type: eth

  901.             route:

  902.               default:

  903.                 address: 192.168.0.123

  904.                 netmask: 255.255.255.0

  905.                 gateway: 192.168.0.1

  906. 

  907. Native Linux Bridges

  908. 

  909. .. code-block:: yaml

  910. 

  911.     linux:

  912.       network:

  913.         interface:

  914.           eth1:

  915.             enabled: true

  916.             type: eth

  917.             proto: manual

  918.             up_cmds:

  919.             - ip address add 0/0 dev $IFACE

  920.             - ip link set $IFACE up

  921.             down_cmds:

  922.             - ip link set $IFACE down

  923.           br-ex:

  924.             enabled: true

  925.             type: bridge

  926.             address: ${linux:network:host:public_local:address}

  927.             netmask: 255.255.255.0

  928.             use_interfaces:

  929.             - eth1

  930. 

  931. OpenVswitch Bridges

  932. 

  933. .. code-block:: yaml

  934. 

  935.     linux:

  936.       network:

  937.         bridge: openvswitch

  938.         interface:

  939.           eth1:

  940.             enabled: true

  941.             type: eth

  942.             proto: manual

  943.             up_cmds:

  944.             - ip address add 0/0 dev $IFACE

  945.             - ip link set $IFACE up

  946.             down_cmds:

  947.             - ip link set $IFACE down

  948.           br-ex:

  949.             enabled: true

  950.             type: bridge

  951.             address: ${linux:network:host:public_local:address}

  952.             netmask: 255.255.255.0

  953.             use_interfaces:

  954.             - eth1

  955.           br-prv:

  956.             enabled: true

  957.             type: ovs_bridge

  958.             mtu: 65000

  959.           br-ens7:

  960.             enabled: true

  961.             name: br-ens7

  962.             type: ovs_bridge

  963.             proto: manual

  964.             mtu: 9000

  965.             use_interfaces:

  966.             - ens7

  967.           patch-br-ens7-br-prv:

  968.             enabled: true

  969.             name: ens7-prv

  970.             ovs_type: ovs_port

  971.             type: ovs_port

  972.             bridge: br-ens7

  973.             port_type: patch

  974.             peer: prv-ens7

  975.             mtu: 65000

  976.           patch-br-prv-br-ens7:

  977.             enabled: true

  978.             name: prv-ens7

  979.             bridge: br-prv

  980.             ovs_type: ovs_port

  981.             type: ovs_port

  982.             port_type: patch

  983.             peer: ens7-prv

  984.             mtu: 65000

  985.           ens7:

  986.             enabled: true

  987.             name: ens7

  988.             proto: manual

  989.             ovs_port_type: OVSPort

  990.             type: ovs_port

  991.             ovs_bridge: br-ens7

  992.             bridge: br-ens7

  993. 

  994. Debian manual proto interfaces

  995. 

  996. When you are changing interface proto from static in up state to manual, you

  997. may need to flush ip addresses. For example, if you want to use the interface

  998. and the ip on the bridge. This can be done by setting the ``ipflush_onchange``

  999. to true.

  1000. 

  1001. .. code-block:: yaml

  1002. 

  1003.     linux:

  1004.       network:

  1005.         interface:

  1006.           eth1:

  1007.             enabled: true

  1008.             type: eth

  1009.             proto: manual

  1010.             mtu: 9100

  1011.             ipflush_onchange: true

  1012. 

  1013. Debian static proto interfaces

  1014. 

  1015. When you are changing interface proto from dhcp in up state to static, you

  1016. may need to flush ip addresses and restart interface to assign ip address from a managed file.

  1017. For example, if you want to use the interface and the ip on the bridge.

  1018. This can be done by setting the ``ipflush_onchange`` with combination

  1019. ``restart_on_ipflush`` param set to to true.

  1020. 

  1021. .. code-block:: yaml

  1022. 

  1023.     linux:

  1024.       network:

  1025.         interface:

  1026.           eth1:

  1027.             enabled: true

  1028.             type: eth

  1029.             proto: static

  1030.             address: 10.1.0.22

  1031.             netmask: 255.255.255.0

  1032.             ipflush_onchange: true

  1033.             restart_on_ipflush: true

  1034. 

  1035. Concatinating and removing interface files

  1036. 

  1037. Debian based distributions have `/etc/network/interfaces.d/` directory, where

  1038. you can store configuration of network interfaces in separate files. You can

  1039. concatinate the files to the defined destination when needed, this operation

  1040. removes the file from the `/etc/network/interfaces.d/`. If you just need to

  1041. remove iface files, you can use the `remove_iface_files` key.

  1042. 

  1043. .. code-block:: yaml

  1044. 

  1045.     linux:

  1046.       network:

  1047.         concat_iface_files:

  1048.         - src: '/etc/network/interfaces.d/50-cloud-init.cfg'

  1049.           dst: '/etc/network/interfaces'

  1050.         remove_iface_files:

  1051.         - '/etc/network/interfaces.d/90-custom.cfg'

  1052. 

  1053. 

  1054. DHCP client configuration

  1055. 

  1056. None of the keys is mandatory, include only those you really need. For full list

  1057. of available options under send, supersede, prepend, append refer to dhcp-options(5)

  1058. 

  1059. .. code-block:: yaml

  1060. 

  1061.      linux:

  1062.        network:

  1063.          dhclient:

  1064.            enabled: true

  1065.            backoff_cutoff: 15

  1066.            initial_interval: 10

  1067.            reboot: 10

  1068.            retry: 60

  1069.            select_timeout: 0

  1070.            timeout: 120

  1071.            send:

  1072.              - option: host-name

  1073.                declaration: "= gethostname()"

  1074.            supersede:

  1075.              - option: host-name

  1076.                declaration: "spaceship"

  1077.              - option: domain-name

  1078.                declaration: "domain.home"

  1079.              #- option: arp-cache-timeout

  1080.              #  declaration: 20

  1081.            prepend:

  1082.              - option: domain-name-servers

  1083.                declaration:

  1084.                  - 8.8.8.8

  1085.                  - 8.8.4.4

  1086.              - option: domain-search

  1087.                declaration:

  1088.                  - example.com

  1089.                  - eng.example.com

  1090.            #append:

  1091.              #- option: domain-name-servers

  1092.              #  declaration: 127.0.0.1

  1093.            # ip or subnet to reject dhcp offer from

  1094.            reject:

  1095.              - 192.33.137.209

  1096.              - 10.0.2.0/24

  1097.            request:

  1098.              - subnet-mask

  1099.              - broadcast-address

  1100.              - time-offset

  1101.              - routers

  1102.              - domain-name

  1103.              - domain-name-servers

  1104.              - domain-search

  1105.              - host-name

  1106.              - dhcp6.name-servers

  1107.              - dhcp6.domain-search

  1108.              - dhcp6.fqdn

  1109.              - dhcp6.sntp-servers

  1110.              - netbios-name-servers

  1111.              - netbios-scope

  1112.              - interface-mtu

  1113.              - rfc3442-classless-static-routes

  1114.              - ntp-servers

  1115.            require:

  1116.              - subnet-mask

  1117.              - domain-name-servers

  1118.            # if per interface configuration required add below

  1119.            interface:

  1120.              ens2:

  1121.                initial_interval: 11

  1122.                reject:

  1123.                  - 192.33.137.210

  1124.              ens3:

  1125.                initial_interval: 12

  1126.                reject:

  1127.                  - 192.33.137.211

  1128. 

  1129. Linux network systemd settings:

  1130. 

  1131. .. code-block:: yaml

  1132. 

  1133.     linux:

  1134.       network:

  1135.         ...

  1136.         systemd:

  1137.           link:

  1138.             10-iface-dmz:

  1139.               Match:

  1140.                 MACAddress: c8:5b:67:fa:1a:af

  1141.                 OriginalName: eth0

  1142.               Link:

  1143.                 Name: dmz0

  1144.           netdev:

  1145.             20-bridge-dmz:

  1146.               match:

  1147.                 name: dmz0

  1148.               network:

  1149.                 mescription: bridge

  1150.                 bridge: br-dmz0

  1151.           network:

  1152.           # works with lowercase, keys are by default capitalized

  1153.             40-dhcp:

  1154.               match:

  1155.                 name: '*'

  1156.               network:

  1157.                 DHCP: yes

  1158. 

  1159. 

  1160. Configure global environment variables

  1161. 

  1162. Use ``/etc/environment`` for static system wide variable assignment after

  1163. boot. Variable expansion is frequently not supported.

  1164. 

  1165. .. code-block:: yaml

  1166. 

  1167.     linux:

  1168.       system:

  1169.         env:

  1170.           BOB_VARIABLE: Alice

  1171.           ...

  1172.           BOB_PATH:

  1173.             - /srv/alice/bin

  1174.             - /srv/bob/bin

  1175.           ...

  1176.           ftp_proxy:   none

  1177.           http_proxy:  http://global-http-proxy.host.local:8080

  1178.           https_proxy: ${linux:system:proxy:https}

  1179.           no_proxy:

  1180.             - 192.168.0.80

  1181.             - 192.168.1.80

  1182.             - .domain.com

  1183.             - .local

  1184.         ...

  1185.         # NOTE: global defaults proxy configuration.

  1186.         proxy:

  1187.           ftp:   ftp://proxy.host.local:2121

  1188.           http:  http://proxy.host.local:3142

  1189.           https: https://proxy.host.local:3143

  1190.           noproxy:

  1191.             - .domain.com

  1192.             - .local

  1193. 

  1194. Configure profile.d scripts

  1195. 

  1196. The profile.d scripts are being sourced during .sh execution and support

  1197. variable expansion in opposite to /etc/environment global settings in

  1198. ``/etc/environment``.

  1199. 

  1200. .. code-block:: yaml

  1201. 

  1202.     linux:

  1203.       system:

  1204.         profile:

  1205.           locales: |

  1206.             export LANG=C

  1207.             export LC_ALL=C

  1208.           ...

  1209.           vi_flavors.sh: |

  1210.             export PAGER=view

  1211.             export EDITOR=vim

  1212.             alias vi=vim

  1213.           shell_locales.sh: |

  1214.             export LANG=en_US

  1215.             export LC_ALL=en_US.UTF-8

  1216.           shell_proxies.sh: |

  1217.             export FTP_PROXY=ftp://127.0.3.3:2121

  1218.             export NO_PROXY='.local'

  1219. 

  1220. Linux with hosts

  1221. 

  1222. Parameter purge_hosts will enforce whole /etc/hosts file, removing entries

  1223. that are not defined in model except defaults for both IPv4 and IPv6 localhost

  1224. and hostname + fqdn.

  1225. 

  1226. It's good to use this option if you want to ensure /etc/hosts is always in a

  1227. clean state however it's not enabled by default for safety.

  1228. 

  1229. .. code-block:: yaml

  1230. 

  1231.     linux:

  1232.       network:

  1233.         purge_hosts: true

  1234.         host:

  1235.           # No need to define this one if purge_hosts is true

  1236.           hostname:

  1237.             address: 127.0.1.1

  1238.             names:

  1239.             - ${linux:network:fqdn}

  1240.             - ${linux:network:hostname}

  1241.           node1:

  1242.             address: 192.168.10.200

  1243.             names:

  1244.             - node2.domain.com

  1245.             - service2.domain.com

  1246.           node2:

  1247.             address: 192.168.10.201

  1248.             names:

  1249.             - node2.domain.com

  1250.             - service2.domain.com

  1251. 

  1252. Linux with hosts collected from mine

  1253. 

  1254. In this case all dns records defined within infrastrucuture will be passed to

  1255. local hosts records or any DNS server. Only hosts with `grain` parameter to

  1256. true will be propagated to the mine.

  1257. 

  1258. .. code-block:: yaml

  1259. 

  1260.     linux:

  1261.       network:

  1262.         purge_hosts: true

  1263.         mine_dns_records: true

  1264.         host:

  1265.           node1:

  1266.             address: 192.168.10.200

  1267.             grain: true

  1268.             names:

  1269.             - node2.domain.com

  1270.             - service2.domain.com

  1271. 

  1272. Setup resolv.conf, nameservers, domain and search domains

  1273. 

  1274. .. code-block:: yaml

  1275. 

  1276.     linux:

  1277.       network:

  1278.         resolv:

  1279.           dns:

  1280.           - 8.8.4.4

  1281.           - 8.8.8.8

  1282.           domain: my.example.com

  1283.           search:

  1284.           - my.example.com

  1285.           - example.com

  1286.           options:

  1287.           - ndots: 5

  1288.           - timeout: 2

  1289.           - attempts: 2

  1290. 

  1291. setting custom TX queue length for tap interfaces

  1292. 

  1293. .. code-block:: yaml

  1294. 

  1295.     linux:

  1296.       network:

  1297.         tap_custom_txqueuelen: 10000

  1298. 

  1299. DPDK OVS interfaces

  1300. 

  1301. **DPDK OVS NIC**

  1302. 

  1303. .. code-block:: yaml

  1304. 

  1305.     linux:

  1306.       network:

  1307.         bridge: openvswitch

  1308.         dpdk:

  1309.           enabled: true

  1310.           driver: uio/vfio

  1311.         openvswitch:

  1312.           pmd_cpu_mask: "0x6"

  1313.           dpdk_socket_mem: "1024,1024"

  1314.           dpdk_lcore_mask: "0x400"

  1315.           memory_channels: 2

  1316.         interface:

  1317.           dpkd0:

  1318.             name: ${_param:dpdk_nic}

  1319.             pci: 0000:06:00.0

  1320.             driver: igb_uio/vfio-pci

  1321.             enabled: true

  1322.             type: dpdk_ovs_port

  1323.             n_rxq: 2

  1324.             pmd_rxq_affinity: "0:1,1:2"

  1325.             bridge: br-prv

  1326.             mtu: 9000

  1327.           br-prv:

  1328.             enabled: true

  1329.             type: dpdk_ovs_bridge

  1330. 

  1331. **DPDK OVS Bond**

  1332. 

  1333. .. code-block:: yaml

  1334. 

  1335.     linux:

  1336.       network:

  1337.         bridge: openvswitch

  1338.         dpdk:

  1339.           enabled: true

  1340.           driver: uio/vfio

  1341.         openvswitch:

  1342.           pmd_cpu_mask: "0x6"

  1343.           dpdk_socket_mem: "1024,1024"

  1344.           dpdk_lcore_mask: "0x400"

  1345.           memory_channels: 2

  1346.         interface:

  1347.           dpdk_second_nic:

  1348.             name: ${_param:primary_second_nic}

  1349.             pci: 0000:06:00.0

  1350.             driver: igb_uio/vfio-pci

  1351.             bond: dpdkbond0

  1352.             enabled: true

  1353.             type: dpdk_ovs_port

  1354.             n_rxq: 2

  1355.             pmd_rxq_affinity: "0:1,1:2"

  1356.             mtu: 9000

  1357.           dpdk_first_nic:

  1358.             name: ${_param:primary_first_nic}

  1359.             pci: 0000:05:00.0

  1360.             driver: igb_uio/vfio-pci

  1361.             bond: dpdkbond0

  1362.             enabled: true

  1363.             type: dpdk_ovs_port

  1364.             n_rxq: 2

  1365.             pmd_rxq_affinity: "0:1,1:2"

  1366.             mtu: 9000

  1367.           dpdkbond0:

  1368.             enabled: true

  1369.             bridge: br-prv

  1370.             type: dpdk_ovs_bond

  1371.             mode: active-backup

  1372.           br-prv:

  1373.             enabled: true

  1374.             type: dpdk_ovs_bridge

  1375. 

  1376. **DPDK OVS bridge for VXLAN**

  1377. 

  1378. If VXLAN is used as tenant segmentation then ip address must be set on br-prv

  1379. 

  1380. .. code-block:: yaml

  1381. 

  1382.     linux:

  1383.       network:

  1384.         ...

  1385.         interface:

  1386.           br-prv:

  1387.             enabled: true

  1388.             type: dpdk_ovs_bridge

  1389.             address: 192.168.50.0

  1390.             netmask: 255.255.255.0

  1391.             mtu: 9000

  1392. 

  1393. Linux storage

  1394. -------------

  1395. 

  1396. Linux with mounted Samba

  1397. 

  1398. .. code-block:: yaml

  1399. 

  1400.     linux:

  1401.       storage:

  1402.         enabled: true

  1403.         mount:

  1404.           samba1:

  1405.           - enabled: true

  1406.           - path: /media/myuser/public/

  1407.           - device: //192.168.0.1/storage

  1408.           - file_system: cifs

  1409.           - options: guest,uid=myuser,iocharset=utf8,file_mode=0777,dir_mode=0777,noperm

  1410. 

  1411. NFS mount

  1412. 

  1413. .. code-block:: yaml

  1414. 

  1415.   linux:

  1416.     storage:

  1417.       enabled: true

  1418.       mount:

  1419.         nfs_glance:

  1420.           enabled: true

  1421.           path: /var/lib/glance/images

  1422.           device: 172.16.10.110:/var/nfs/glance

  1423.           file_system: nfs

  1424.           opts: rw,sync

  1425. 

  1426. 

  1427. File swap configuration

  1428. 

  1429. .. code-block:: yaml

  1430. 

  1431.     linux:

  1432.       storage:

  1433.         enabled: true

  1434.         swap:

  1435.           file:

  1436.             enabled: true

  1437.             engine: file

  1438.             device: /swapfile

  1439.             size: 1024

  1440. 

  1441. Partition swap configuration

  1442. 

  1443. .. code-block:: yaml

  1444. 

  1445.     linux:

  1446.       storage:

  1447.         enabled: true

  1448.         swap:

  1449.           partition:

  1450.             enabled: true

  1451.             engine: partition

  1452.             device: /dev/vg0/swap

  1453. 

  1454. LVM group `vg1` with one device and `data` volume mounted into `/mnt/data`

  1455. 

  1456. .. code-block:: yaml

  1457. 

  1458.     parameters:

  1459.       linux:

  1460.         storage:

  1461.           mount:

  1462.             data:

  1463.               enabled: true

  1464.               device: /dev/vg1/data

  1465.               file_system: ext4

  1466.               path: /mnt/data

  1467.           lvm:

  1468.             vg1:

  1469.               enabled: true

  1470.               devices:

  1471.                 - /dev/sdb

  1472.               volume:

  1473.                 data:

  1474.                   size: 40G

  1475.                   mount: ${linux:storage:mount:data}

  1476. 

  1477. Create partitions on disk. Specify size in MB. It expects empty

  1478. disk without any existing partitions. (set startsector=1, if you want to start partitions from 2048)

  1479. 

  1480. .. code-block:: yaml

  1481. 

  1482.       linux:

  1483.         storage:

  1484.           disk:

  1485.             first_drive:

  1486.               startsector: 1

  1487.               name: /dev/loop1

  1488.               type: gpt

  1489.               partitions:

  1490.                 - size: 200 #size in MB

  1491.                   type: fat32

  1492.                 - size: 300 #size in MB

  1493.                   mkfs: True

  1494.                   type: xfs

  1495.             /dev/vda1:

  1496.               partitions:

  1497.                 - size: 5

  1498.                   type: ext2

  1499.                 - size: 10

  1500.                   type: ext4

  1501. 

  1502. Multipath with Fujitsu Eternus DXL

  1503. 

  1504. .. code-block:: yaml

  1505. 

  1506.     parameters:

  1507.       linux:

  1508.         storage:

  1509.           multipath:

  1510.             enabled: true

  1511.             blacklist_devices:

  1512.             - /dev/sda

  1513.             - /dev/sdb

  1514.             backends:

  1515.             - fujitsu_eternus_dxl

  1516. 

  1517. Multipath with Hitachi VSP 1000

  1518. 

  1519. .. code-block:: yaml

  1520. 

  1521.     parameters:

  1522.       linux:

  1523.         storage:

  1524.           multipath:

  1525.             enabled: true

  1526.             blacklist_devices:

  1527.             - /dev/sda

  1528.             - /dev/sdb

  1529.             backends:

  1530.             - hitachi_vsp1000

  1531. 

  1532. Multipath with IBM Storwize

  1533. 

  1534. .. code-block:: yaml

  1535. 

  1536.     parameters:

  1537.       linux:

  1538.         storage:

  1539.           multipath:

  1540.             enabled: true

  1541.             blacklist_devices:

  1542.             - /dev/sda

  1543.             - /dev/sdb

  1544.             backends:

  1545.             - ibm_storwize

  1546. 

  1547. Multipath with multiple backends

  1548. 

  1549. .. code-block:: yaml

  1550. 

  1551.     parameters:

  1552.       linux:

  1553.         storage:

  1554.           multipath:

  1555.             enabled: true

  1556.             blacklist_devices:

  1557.             - /dev/sda

  1558.             - /dev/sdb

  1559.             - /dev/sdc

  1560.             - /dev/sdd

  1561.             backends:

  1562.             - ibm_storwize

  1563.             - fujitsu_eternus_dxl

  1564.             - hitachi_vsp1000

  1565. 

  1566. Disabled multipath (the default setup)

  1567. 

  1568. .. code-block:: yaml

  1569. 

  1570.     parameters:

  1571.       linux:

  1572.         storage:

  1573.           multipath:

  1574.             enabled: false

  1575. 

  1576. Linux with local loopback device

  1577. 

  1578. .. code-block:: yaml

  1579. 

  1580.     linux:

  1581.       storage:

  1582.         loopback:

  1583.           disk1:

  1584.             file: /srv/disk1

  1585.             size: 50G

  1586. 

  1587. External config generation

  1588. --------------------------

  1589. 

  1590. You are able to use config support metadata between formulas and only generate

  1591. config files for external use, eg. docker, etc.

  1592. 

  1593. .. code-block:: yaml

  1594. 

  1595.     parameters:

  1596.       linux:

  1597.         system:

  1598.           config:

  1599.             pillar:

  1600.               jenkins:

  1601.                 master:

  1602.                   home: /srv/volumes/jenkins

  1603.                   approved_scripts:

  1604.                     - method java.net.URL openConnection

  1605.                   credentials:

  1606.                     - type: username_password

  1607.                       scope: global

  1608.                       id: test

  1609.                       desc: Testing credentials

  1610.                       username: test

  1611.                       password: test

  1612. 

  1613. Netconsole Remote Kernel Logging

  1614. --------------------------------

  1615. 

  1616. Netconsole logger could be configured for configfs-enabled kernels

  1617. (`CONFIG_NETCONSOLE_DYNAMIC` should be enabled). Configuration applies both in

  1618. runtime (if network is already configured), and on-boot after interface

  1619. initialization. Notes:

  1620. 

  1621.  * receiver could be located only in same L3 domain

  1622.    (or you need to configure gateway MAC manually)

  1623.  * receiver's MAC is detected only on configuration time

  1624.  * using broadcast MAC is not recommended

  1625. 

  1626. .. code-block:: yaml

  1627. 

  1628.     parameters:

  1629.       linux:

  1630.         system:

  1631.           netconsole:

  1632.             enabled: true

  1633.             port: 514 (optional)

  1634.             loglevel: debug (optional)

  1635.             target:

  1636.               192.168.0.1:

  1637.                 interface: bond0

  1638.                 mac: "ff:ff:ff:ff:ff:ff" (optional)

  1639. 

  1640. Usage

  1641. =====

  1642. 

  1643. Set mtu of network interface eth0 to 1400

  1644. 

  1645. .. code-block:: bash

  1646. 

  1647.     ip link set dev eth0 mtu 1400

  1648. 

  1649. Read more

  1650. =========

  1651. 

  1652. * https://www.archlinux.org/

  1653. * http://askubuntu.com/questions/175172/how-do-i-configure-proxies-in-ubuntu-server-or-minimal-cli-ubuntu

  1654. 

  1655. Documentation and Bugs

  1656. ======================

  1657. 

  1658. To learn how to install and update salt-formulas, consult the documentation

  1659. available online at:

  1660. 

  1661.     http://salt-formulas.readthedocs.io/

  1662. 

  1663. In the unfortunate event that bugs are discovered, they should be reported to

  1664. the appropriate issue tracker. Use Github issue tracker for specific salt

  1665. formula:

  1666. 

  1667.     https://github.com/salt-formulas/salt-formula-linux/issues

  1668. 

  1669. For feature requests, bug reports or blueprints affecting entire ecosystem,

  1670. use Launchpad salt-formulas project:

  1671. 

  1672.     https://launchpad.net/salt-formulas

  1673. 

  1674. You can also join salt-formulas-users team and subscribe to mailing list:

  1675. 

  1676.     https://launchpad.net/~salt-formulas-users

  1677. 

  1678. Developers wishing to work on the salt-formulas projects should always base

  1679. their work on master branch and submit pull request against specific formula.

  1680. 

  1681.     https://github.com/salt-formulas/salt-formula-linux

  1682. 

  1683. Any questions or feedback is always welcome so feel free to join our IRC

  1684. channel:

  1685. 

  1686.     #salt-formulas @ irc.freenode.net