Saltstack Official Linux Formula
Ви не можете вибрати більше 25 тем Теми мають розпочинатися з літери або цифри, можуть містити дефіси (-) і не повинні перевищувати 35 символів.

7 роки тому
9 роки тому
7 роки тому
9 роки тому
7 роки тому
9 роки тому
9 роки тому
7 роки тому
7 роки тому
9 роки тому
9 роки тому
9 роки тому
9 роки тому
8 роки тому
8 роки тому
8 роки тому
8 роки тому
9 роки тому
9 роки тому
9 роки тому
9 роки тому
9 роки тому
9 роки тому
9 роки тому
9 роки тому
9 роки тому
9 роки тому
9 роки тому
9 роки тому
9 роки тому
9 роки тому
9 роки тому
9 роки тому
9 роки тому
9 роки тому
9 роки тому
9 роки тому
9 роки тому
9 роки тому
9 роки тому
9 роки тому
9 роки тому
9 роки тому
9 роки тому
9 роки тому
9 роки тому
9 роки тому
9 роки тому
7 роки тому
9 роки тому
9 роки тому
9 роки тому
9 роки тому
9 роки тому
12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271
  1. ============
  2. Linux Fomula
  3. ============
  4. Linux Operating Systems.
  5. * Ubuntu
  6. * CentOS
  7. * RedHat
  8. * Fedora
  9. * Arch
  10. Sample Pillars
  11. ==============
  12. Linux System
  13. ------------
  14. Basic Linux box
  15. .. code-block:: yaml
  16. linux:
  17. system:
  18. enabled: true
  19. name: 'node1'
  20. domain: 'domain.com'
  21. cluster: 'system'
  22. environment: prod
  23. timezone: 'Europe/Prague'
  24. utc: true
  25. Linux with system users, some with password set
  26. .. code-block:: yaml
  27. linux:
  28. system:
  29. ...
  30. user:
  31. jdoe:
  32. name: 'jdoe'
  33. enabled: true
  34. sudo: true
  35. shell: /bin/bash
  36. full_name: 'Jonh Doe'
  37. home: '/home/jdoe'
  38. email: 'jonh@doe.com'
  39. jsmith:
  40. name: 'jsmith'
  41. enabled: true
  42. full_name: 'Password'
  43. home: '/home/jsmith'
  44. password: userpassword
  45. Configure sudo for users and groups under ``/etc/sudoers.d/``.
  46. This ways ``linux.system.sudo`` pillar map to actual sudo attributes:
  47. .. code-block:: jinja
  48. # simplified template:
  49. Cmds_Alias {{ alias }}={{ commands }}
  50. {{ user }} {{ hosts }}=({{ runas }}) NOPASSWD: {{ commands }}
  51. %{{ group }} {{ hosts }}=({{ runas }}) NOPASSWD: {{ commands }}
  52. # when rendered:
  53. saltuser1 ALL=(ALL) NOPASSWD: ALL
  54. .. code-block:: yaml
  55. linux:
  56. system:
  57. sudo:
  58. enabled: true
  59. alias:
  60. host:
  61. LOCAL:
  62. - localhost
  63. PRODUCTION:
  64. - db1
  65. - db2
  66. runas:
  67. DBA:
  68. - postgres
  69. - mysql
  70. SALT:
  71. - root
  72. command:
  73. # Note: This is not 100% safe when ALL keyword is used, user still may modify configs and hide his actions.
  74. # Best practice is to specify full list of commands user is allowed to run.
  75. SUPPORT_RESTRICTED:
  76. - /bin/vi /etc/sudoers*
  77. - /bin/vim /etc/sudoers*
  78. - /bin/nano /etc/sudoers*
  79. - /bin/emacs /etc/sudoers*
  80. - /bin/su - root
  81. - /bin/su -
  82. - /bin/su
  83. - /usr/sbin/visudo
  84. SUPPORT_SHELLS:
  85. - /bin/sh
  86. - /bin/ksh
  87. - /bin/bash
  88. - /bin/rbash
  89. - /bin/dash
  90. - /bin/zsh
  91. - /bin/csh
  92. - /bin/fish
  93. - /bin/tcsh
  94. - /usr/bin/login
  95. - /usr/bin/su
  96. - /usr/su
  97. ALL_SALT_SAFE:
  98. - /usr/bin/salt state*
  99. - /usr/bin/salt service*
  100. - /usr/bin/salt pillar*
  101. - /usr/bin/salt grains*
  102. - /usr/bin/salt saltutil*
  103. - /usr/bin/salt-call state*
  104. - /usr/bin/salt-call service*
  105. - /usr/bin/salt-call pillar*
  106. - /usr/bin/salt-call grains*
  107. - /usr/bin/salt-call saltutil*
  108. SALT_TRUSTED:
  109. - /usr/bin/salt*
  110. users:
  111. # saltuser1 with default values: saltuser1 ALL=(ALL) NOPASSWD: ALL
  112. saltuser1: {}
  113. saltuser2:
  114. hosts:
  115. - LOCAL
  116. # User Alias DBA
  117. DBA:
  118. hosts:
  119. - ALL
  120. commands:
  121. - ALL_SALT_SAFE
  122. groups:
  123. db-ops:
  124. hosts:
  125. - ALL
  126. - '!PRODUCTION'
  127. runas:
  128. - DBA
  129. commands:
  130. - /bin/cat *
  131. - /bin/less *
  132. - /bin/ls *
  133. salt-ops:
  134. hosts:
  135. - 'ALL'
  136. runas:
  137. - SALT
  138. commands:
  139. - SUPPORT_SHELLS
  140. salt-ops-2nd:
  141. name: salt-ops
  142. nopasswd: false
  143. runas:
  144. - DBA
  145. commands:
  146. - ALL
  147. - '!SUPPORT_SHELLS'
  148. - '!SUPPORT_RESTRICTED'
  149. Linux with package, latest version
  150. .. code-block:: yaml
  151. linux:
  152. system:
  153. ...
  154. package:
  155. package-name:
  156. version: latest
  157. Linux with package from certail repo, version with no upgrades
  158. .. code-block:: yaml
  159. linux:
  160. system:
  161. ...
  162. package:
  163. package-name:
  164. version: 2132.323
  165. repo: 'custom-repo'
  166. hold: true
  167. Linux with package from certail repo, version with no GPG verification
  168. .. code-block:: yaml
  169. linux:
  170. system:
  171. ...
  172. package:
  173. package-name:
  174. version: 2132.323
  175. repo: 'custom-repo'
  176. verify: false
  177. Linux with autoupdates (automatically install security package updates)
  178. .. code-block:: yaml
  179. linux:
  180. system:
  181. ...
  182. autoupdates:
  183. enabled: true
  184. mail: root@localhost
  185. mail_only_on_error: true
  186. remove_unused_dependencies: false
  187. automatic_reboot: true
  188. automatic_reboot_time: "02:00"
  189. Linux with cron jobs
  190. .. code-block:: yaml
  191. linux:
  192. system:
  193. ...
  194. job:
  195. cmd1:
  196. command: '/cmd/to/run'
  197. enabled: true
  198. user: 'root'
  199. hour: 2
  200. minute: 0
  201. Linux security limits (limit sensu user memory usage to max 1GB):
  202. .. code-block:: yaml
  203. linux:
  204. system:
  205. ...
  206. limit:
  207. sensu:
  208. enabled: true
  209. domain: sensu
  210. limits:
  211. - type: hard
  212. item: as
  213. value: 1000000
  214. Enable autologin on tty1 (may work only for Ubuntu 14.04):
  215. .. code-block:: yaml
  216. linux:
  217. system:
  218. console:
  219. tty1:
  220. autologin: root
  221. # Enable serial console
  222. ttyS0:
  223. autologin: root
  224. rate: 115200
  225. term: xterm
  226. To disable set autologin to `false`.
  227. Set ``policy-rc.d`` on Debian-based systems. Action can be any available
  228. command in ``while true`` loop and ``case`` context.
  229. Following will disallow dpkg to stop/start services for cassandra package automatically:
  230. .. code-block:: yaml
  231. linux:
  232. system:
  233. policyrcd:
  234. - package: cassandra
  235. action: exit 101
  236. - package: '*'
  237. action: switch
  238. Set system locales:
  239. .. code-block:: yaml
  240. linux:
  241. system:
  242. locale:
  243. en_US.UTF-8:
  244. default: true
  245. "cs_CZ.UTF-8 UTF-8":
  246. enabled: true
  247. Kernel
  248. ~~~~~~
  249. Install always up to date LTS kernel and headers from Ubuntu trusty:
  250. .. code-block:: yaml
  251. linux:
  252. system:
  253. kernel:
  254. type: generic
  255. lts: trusty
  256. headers: true
  257. Load kernel modules and add them to `/etc/modules`:
  258. .. code-block:: yaml
  259. linux:
  260. system:
  261. kernel:
  262. modules:
  263. - nf_conntrack
  264. - tp_smapi
  265. - 8021q
  266. Install specific kernel version and ensure all other kernel packages are
  267. not present. Also install extra modules and headers for this kernel:
  268. .. code-block:: yaml
  269. linux:
  270. system:
  271. kernel:
  272. type: generic
  273. extra: true
  274. headers: true
  275. version: 4.2.0-22
  276. Systcl kernel parameters
  277. .. code-block:: yaml
  278. linux:
  279. system:
  280. kernel:
  281. sysctl:
  282. net.ipv4.tcp_keepalive_intvl: 3
  283. net.ipv4.tcp_keepalive_time: 30
  284. net.ipv4.tcp_keepalive_probes: 8
  285. CPU
  286. ~~~
  287. Disable ondemand cpu mode service:
  288. .. code-block:: yaml
  289. linux:
  290. system:
  291. cpu:
  292. governor: performance
  293. Huge Pages
  294. ~~~~~~~~~~~~
  295. Huge Pages give a performance boost to applications that intensively deal
  296. with memory allocation/deallocation by decreasing memory fragmentation.
  297. .. code-block:: yaml
  298. linux:
  299. system:
  300. kernel:
  301. hugepages:
  302. small:
  303. size: 2M
  304. count: 107520
  305. mount_point: /mnt/hugepages_2MB
  306. mount: false/true # default false
  307. large:
  308. default: true # default automatically mounted
  309. size: 1G
  310. count: 210
  311. mount_point: /mnt/hugepages_1GB
  312. Note: not recommended to use both pagesizes in concurrently.
  313. Intel SR-IOV
  314. ~~~~~~~~~~~~
  315. PCI-SIG Single Root I/O Virtualization and Sharing (SR-IOV) specification defines a standardized mechanism to virtualize PCIe devices. The mechanism can virtualize a single PCIe Ethernet controller to appear as multiple PCIe devices.
  316. .. code-block:: yaml
  317. linux:
  318. system:
  319. kernel:
  320. sriov: True
  321. unsafe_interrupts: False # Default is false. for older platforms and AMD we need to add interrupt remapping workaround
  322. rc:
  323. local: |
  324. #!/bin/sh -e
  325. # Enable 7 VF on eth1
  326. echo 7 > /sys/class/net/eth1/device/sriov_numvfs; sleep 2; ifup -a
  327. exit 0
  328. Isolate CPU options
  329. ~~~~~~~~~~~~~~~~~~~
  330. Remove the specified CPUs, as defined by the cpu_number values, from the general kernel
  331. SMP balancing and scheduler algroithms. The only way to move a process onto or off an
  332. "isolated" CPU is via the CPU affinity syscalls. cpu_number begins at 0, so the
  333. maximum value is 1 less than the number of CPUs on the system.
  334. .. code-block:: yaml
  335. linux:
  336. system:
  337. kernel:
  338. isolcpu: 1,2,3,4,5,6,7 # isolate first cpu 0
  339. Repositories
  340. ~~~~~~~~~~~~
  341. RedHat based Linux with additional OpenStack repo
  342. .. code-block:: yaml
  343. linux:
  344. system:
  345. ...
  346. repo:
  347. rdo-icehouse:
  348. enabled: true
  349. source: 'http://repos.fedorapeople.org/repos/openstack/openstack-icehouse/epel-6/'
  350. pgpcheck: 0
  351. Ensure system repository to use czech Debian mirror (``default: true``)
  352. Also pin it's packages with priority 900.
  353. .. code-block:: yaml
  354. linux:
  355. system:
  356. repo:
  357. debian:
  358. default: true
  359. source: "deb http://ftp.cz.debian.org/debian/ jessie main contrib non-free"
  360. # Import signing key from URL if needed
  361. key_url: "http://dummy.com/public.gpg"
  362. pin:
  363. - pin: 'origin "ftp.cz.debian.org"'
  364. priority: 900
  365. package: '*'
  366. Package manager proxy setup globally:
  367. .. code-block:: yaml
  368. linux:
  369. system:
  370. ...
  371. repo:
  372. apt-mk:
  373. source: "deb http://apt-mk.mirantis.com/ stable main salt"
  374. ...
  375. proxy:
  376. pkg:
  377. enabled: true
  378. ftp: ftp://ftp-proxy-for-apt.host.local:2121
  379. ...
  380. # NOTE: Global defaults for any other componet that configure proxy on the system.
  381. # If your environment has just one simple proxy, set it on linux:system:proxy.
  382. #
  383. # fall back system defaults if linux:system:proxy:pkg has no protocol specific entries
  384. # as for https and http
  385. ftp: ftp://proxy.host.local:2121
  386. http: http://proxy.host.local:3142
  387. https: https://proxy.host.local:3143
  388. Package manager proxy setup per repository:
  389. .. code-block:: yaml
  390. linux:
  391. system:
  392. ...
  393. repo:
  394. debian:
  395. source: "deb http://apt-mk.mirantis.com/ stable main salt"
  396. ...
  397. apt-mk:
  398. source: "deb http://apt-mk.mirantis.com/ stable main salt"
  399. # per repository proxy
  400. proxy:
  401. enabled: true
  402. http: http://maas-01:8080
  403. https: http://maas-01:8080
  404. ...
  405. proxy:
  406. # package manager fallback defaults
  407. # used if linux:system:repo:apt-mk:proxy has no protocol specific entries
  408. pkg:
  409. enabled: true
  410. ftp: ftp://proxy.host.local:2121
  411. #http: http://proxy.host.local:3142
  412. #https: https://proxy.host.local:3143
  413. ...
  414. # global system fallback system defaults
  415. ftp: ftp://proxy.host.local:2121
  416. http: http://proxy.host.local:3142
  417. https: https://proxy.host.local:3143
  418. Remove all repositories:
  419. .. code-block:: yaml
  420. linux:
  421. system:
  422. purge_repos: true
  423. RC
  424. ~~
  425. rc.local example
  426. .. code-block:: yaml
  427. linux:
  428. system:
  429. rc:
  430. local: |
  431. #!/bin/sh -e
  432. #
  433. # rc.local
  434. #
  435. # This script is executed at the end of each multiuser runlevel.
  436. # Make sure that the script will "exit 0" on success or any other
  437. # value on error.
  438. #
  439. # In order to enable or disable this script just change the execution
  440. # bits.
  441. #
  442. # By default this script does nothing.
  443. exit 0
  444. Prompt
  445. ~~~~~~
  446. Setting prompt is implemented by creating ``/etc/profile.d/prompt.sh``. Every
  447. user can have different prompt.
  448. .. code-block:: yaml
  449. linux:
  450. system:
  451. prompt:
  452. root: \\n\\[\\033[0;37m\\]\\D{%y/%m/%d %H:%M:%S} $(hostname -f)\\[\\e[0m\\]\\n\\[\\e[1;31m\\][\\u@\\h:\\w]\\[\\e[0m\\]
  453. default: \\n\\D{%y/%m/%d %H:%M:%S} $(hostname -f)\\n[\\u@\\h:\\w]
  454. On Debian systems to set prompt system-wide it's necessary to remove setting
  455. PS1 in ``/etc/bash.bashrc`` and ``~/.bashrc`` (which comes from
  456. ``/etc/skel/.bashrc``). This formula will do this automatically, but will not
  457. touch existing user's ``~/.bashrc`` files except root.
  458. Bash
  459. ~~~~
  460. Fix bash configuration to preserve history across sessions (like ZSH does by
  461. default).
  462. .. code-block:: yaml
  463. linux:
  464. system:
  465. bash:
  466. preserve_history: true
  467. Message of the day
  468. ~~~~~~~~~~~~~~~~~~
  469. ``pam_motd`` from package ``update-motd`` is used for dynamic messages of the
  470. day. Setting custom motd will cleanup existing ones.
  471. .. code-block:: yaml
  472. linux:
  473. system:
  474. motd:
  475. - release: |
  476. #!/bin/sh
  477. [ -r /etc/lsb-release ] && . /etc/lsb-release
  478. if [ -z "$DISTRIB_DESCRIPTION" ] && [ -x /usr/bin/lsb_release ]; then
  479. # Fall back to using the very slow lsb_release utility
  480. DISTRIB_DESCRIPTION=$(lsb_release -s -d)
  481. fi
  482. printf "Welcome to %s (%s %s %s)\n" "$DISTRIB_DESCRIPTION" "$(uname -o)" "$(uname -r)" "$(uname -m)"
  483. - warning: |
  484. #!/bin/sh
  485. printf "This is [company name] network.\n"
  486. printf "Unauthorized access strictly prohibited.\n"
  487. RHEL / CentOS
  488. ^^^^^^^^^^^^^
  489. Unfortunately ``update-motd`` is currently not available for RHEL so there's
  490. no native support for dynamic motd.
  491. You can still set static one, only pillar structure differs:
  492. .. code-block:: yaml
  493. linux:
  494. system:
  495. motd: |
  496. This is [company name] network.
  497. Unauthorized access strictly prohibited.
  498. Haveged
  499. ~~~~~~~
  500. If you are running headless server and are low on entropy, it may be a good
  501. idea to setup Haveged.
  502. .. code-block:: yaml
  503. linux:
  504. system:
  505. haveged:
  506. enabled: true
  507. Linux network
  508. -------------
  509. Linux with network manager
  510. .. code-block:: yaml
  511. linux:
  512. network:
  513. enabled: true
  514. network_manager: true
  515. Linux with default static network interfaces, default gateway interface and DNS servers
  516. .. code-block:: yaml
  517. linux:
  518. network:
  519. enabled: true
  520. interface:
  521. eth0:
  522. enabled: true
  523. type: eth
  524. address: 192.168.0.102
  525. netmask: 255.255.255.0
  526. gateway: 192.168.0.1
  527. name_servers:
  528. - 8.8.8.8
  529. - 8.8.4.4
  530. mtu: 1500
  531. Linux with bonded interfaces and disabled NetworkManager
  532. .. code-block:: yaml
  533. linux:
  534. network:
  535. enabled: true
  536. interface:
  537. eth0:
  538. type: eth
  539. ...
  540. eth1:
  541. type: eth
  542. ...
  543. bond0:
  544. enabled: true
  545. type: bond
  546. address: 192.168.0.102
  547. netmask: 255.255.255.0
  548. mtu: 1500
  549. use_in:
  550. - interface: ${linux:interface:eth0}
  551. - interface: ${linux:interface:eth0}
  552. network_manager:
  553. disable: true
  554. Linux with vlan interface_params
  555. .. code-block:: yaml
  556. linux:
  557. network:
  558. enabled: true
  559. interface:
  560. vlan69:
  561. type: vlan
  562. use_interfaces:
  563. - interface: ${linux:interface:bond0}
  564. Linux with wireless interface parameters
  565. .. code-block:: yaml
  566. linux:
  567. network:
  568. enabled: true
  569. gateway: 10.0.0.1
  570. default_interface: eth0
  571. interface:
  572. wlan0:
  573. type: eth
  574. wireless:
  575. essid: example
  576. key: example_key
  577. security: wpa
  578. priority: 1
  579. Linux networks with routes defined
  580. .. code-block:: yaml
  581. linux:
  582. network:
  583. enabled: true
  584. gateway: 10.0.0.1
  585. default_interface: eth0
  586. interface:
  587. eth0:
  588. type: eth
  589. route:
  590. default:
  591. address: 192.168.0.123
  592. netmask: 255.255.255.0
  593. gateway: 192.168.0.1
  594. Native Linux Bridges
  595. .. code-block:: yaml
  596. linux:
  597. network:
  598. interface:
  599. eth1:
  600. enabled: true
  601. type: eth
  602. proto: manual
  603. up_cmds:
  604. - ip address add 0/0 dev $IFACE
  605. - ip link set $IFACE up
  606. down_cmds:
  607. - ip link set $IFACE down
  608. br-ex:
  609. enabled: true
  610. type: bridge
  611. address: ${linux:network:host:public_local:address}
  612. netmask: 255.255.255.0
  613. use_interfaces:
  614. - eth1
  615. OpenVswitch Bridges
  616. .. code-block:: yaml
  617. linux:
  618. network:
  619. bridge: openvswitch
  620. interface:
  621. eth1:
  622. enabled: true
  623. type: eth
  624. proto: manual
  625. up_cmds:
  626. - ip address add 0/0 dev $IFACE
  627. - ip link set $IFACE up
  628. down_cmds:
  629. - ip link set $IFACE down
  630. br-ex:
  631. enabled: true
  632. type: bridge
  633. address: ${linux:network:host:public_local:address}
  634. netmask: 255.255.255.0
  635. use_interfaces:
  636. - eth1
  637. Configure global environment variables
  638. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  639. Linux /etc/environment:
  640. ``/etc/environment`` is for static system wide variable assignment after boot. Variable expansion is frequently not supported.
  641. .. code-block:: yaml
  642. linux:
  643. system:
  644. env:
  645. BOB_VARIABLE: Alice
  646. ...
  647. BOB_PATH:
  648. - /srv/alice/bin
  649. - /srv/bob/bin
  650. ...
  651. ftp_proxy: none
  652. http_proxy: http://global-http-proxy.host.local:8080
  653. https_proxy: ${linux:system:proxy:https}
  654. no_proxy:
  655. - 192.168.0.80
  656. - 192.168.1.80
  657. - .domain.com
  658. - .local
  659. ...
  660. # NOTE: global defaults proxy configuration.
  661. proxy:
  662. ftp: ftp://proxy.host.local:2121
  663. http: http://proxy.host.local:3142
  664. https: https://proxy.host.local:3143
  665. noproxy:
  666. - .domain.com
  667. - .local
  668. Configure profile.d scripts
  669. ~~~~~~~~~~~~~~~~~~~~~~~~~~~
  670. Linux /etc/profile.d:
  671. The profile.d scripts are being sourced during .sh execution and support variable expansion in opposite to /etc/environment
  672. global settings in ``/etc/environment``.
  673. .. code-block:: yaml
  674. linux:
  675. system:
  676. profile:
  677. locales: |
  678. export LANG=C
  679. export LC_ALL=C
  680. ...
  681. vi_flavors.sh: |
  682. export PAGER=view
  683. export EDITOR=vim
  684. alias vi=vim
  685. shell_locales.sh: |
  686. export LANG=en_US
  687. export LC_ALL=en_US.UTF-8
  688. shell_proxies.sh: |
  689. export FTP_PROXY=ftp://127.0.3.3:2121
  690. export NO_PROXY='.local'
  691. Linux with hosts
  692. ~~~~~~~~~~~~~~~~
  693. Parameter purge_hosts will enforce whole /etc/hosts file, removing entries
  694. that are not defined in model except defaults for both IPv4 and IPv6 localhost
  695. and hostname + fqdn.
  696. It's good to use this option if you want to ensure /etc/hosts is always in a
  697. clean state however it's not enabled by default for safety.
  698. .. code-block:: yaml
  699. linux:
  700. network:
  701. ...
  702. purge_hosts: true
  703. host:
  704. # No need to define this one if purge_hosts is true
  705. hostname:
  706. address: 127.0.1.1
  707. names:
  708. - ${linux:network:fqdn}
  709. - ${linux:network:hostname}
  710. node1:
  711. address: 192.168.10.200
  712. names:
  713. - node2.domain.com
  714. - service2.domain.com
  715. node2:
  716. address: 192.168.10.201
  717. names:
  718. - node2.domain.com
  719. - service2.domain.com
  720. Setup resolv.conf, nameservers, domain and search domains
  721. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  722. .. code-block:: yaml
  723. linux:
  724. network:
  725. resolv:
  726. dns:
  727. - 8.8.4.4
  728. - 8.8.8.8
  729. domain: my.example.com
  730. search:
  731. - my.example.com
  732. - example.com
  733. options:
  734. - ndots: 5
  735. - timeout: 2
  736. - attempts: 2
  737. **setting custom TX queue length for tap interfaces**
  738. .. code-block:: yaml
  739. linux:
  740. network:
  741. tap_custom_txqueuelen: 10000
  742. DPDK OVS interfaces
  743. --------------------
  744. **DPDK OVS NIC**
  745. .. code-block:: yaml
  746. linux:
  747. network:
  748. bridge: openvswitch
  749. dpdk:
  750. enabled: true
  751. driver: uio/vfio-pci
  752. openvswitch:
  753. pmd_cpu_mask: "0x6"
  754. dpdk_socket_mem: "1024,1024"
  755. dpdk_lcore_mask: "0x400"
  756. memory_channels: 2
  757. interface:
  758. dpkd0:
  759. name: ${_param:dpdk_nic}
  760. pci: 0000:06:00.0
  761. driver: igb_uio/vfio
  762. enabled: true
  763. type: dpdk_ovs_port
  764. n_rxq: 2
  765. bridge: br-prv
  766. mtu: 9000
  767. br-prv:
  768. enabled: true
  769. type: dpdk_ovs_bridge
  770. **DPDK OVS Bond**
  771. .. code-block:: yaml
  772. linux:
  773. network:
  774. bridge: openvswitch
  775. dpdk:
  776. enabled: true
  777. driver: uio/vfio-pci
  778. openvswitch:
  779. pmd_cpu_mask: "0x6"
  780. dpdk_socket_mem: "1024,1024"
  781. dpdk_lcore_mask: "0x400"
  782. memory_channels: 2
  783. interface:
  784. dpdk_second_nic:
  785. name: ${_param:primary_second_nic}
  786. pci: 0000:06:00.0
  787. driver: igb_uio/vfio
  788. bond: dpdkbond0
  789. enabled: true
  790. type: dpdk_ovs_port
  791. n_rxq: 2
  792. mtu: 9000
  793. dpdk_first_nic:
  794. name: ${_param:primary_first_nic}
  795. pci: 0000:05:00.0
  796. driver: igb_uio/vfio
  797. bond: dpdkbond0
  798. enabled: true
  799. type: dpdk_ovs_port
  800. n_rxq: 2
  801. mtu: 9000
  802. dpdkbond0:
  803. enabled: true
  804. bridge: br-prv
  805. type: dpdk_ovs_bond
  806. mode: active-backup
  807. br-prv:
  808. enabled: true
  809. type: dpdk_ovs_bridge
  810. **DPDK OVS bridge for VXLAN**
  811. If VXLAN is used as tenant segmentation then ip address must be set on br-prv
  812. .. code-block:: yaml
  813. linux:
  814. network:
  815. ...
  816. interface:
  817. br-prv:
  818. enabled: true
  819. type: dpdk_ovs_bridge
  820. address: 192.168.50.0
  821. netmask: 255.255.255.0
  822. mtu: 9000
  823. Linux storage
  824. -------------
  825. Linux with mounted Samba
  826. .. code-block:: yaml
  827. linux:
  828. storage:
  829. enabled: true
  830. mount:
  831. samba1:
  832. - enabled: true
  833. - path: /media/myuser/public/
  834. - device: //192.168.0.1/storage
  835. - file_system: cifs
  836. - options: guest,uid=myuser,iocharset=utf8,file_mode=0777,dir_mode=0777,noperm
  837. NFS mount
  838. .. code-block:: yaml
  839. linux:
  840. storage:
  841. enabled: true
  842. mount:
  843. nfs_glance:
  844. enabled: true
  845. path: /var/lib/glance/images
  846. device: 172.16.10.110:/var/nfs/glance
  847. file_system: nfs
  848. opts: rw,sync
  849. File swap configuration
  850. .. code-block:: yaml
  851. linux:
  852. storage:
  853. enabled: true
  854. swap:
  855. file:
  856. enabled: true
  857. engine: file
  858. device: /swapfile
  859. size: 1024
  860. Partition swap configuration
  861. .. code-block:: yaml
  862. linux:
  863. storage:
  864. enabled: true
  865. swap:
  866. partition:
  867. enabled: true
  868. engine: partition
  869. device: /dev/vg0/swap
  870. LVM group `vg1` with one device and `data` volume mounted into `/mnt/data`
  871. .. code-block:: yaml
  872. parameters:
  873. linux:
  874. storage:
  875. mount:
  876. data:
  877. enabled: true
  878. device: /dev/vg1/data
  879. file_system: ext4
  880. path: /mnt/data
  881. lvm:
  882. vg1:
  883. enabled: true
  884. devices:
  885. - /dev/sdb
  886. volume:
  887. data:
  888. size: 40G
  889. mount: ${linux:storage:mount:data}
  890. Multipath with Fujitsu Eternus DXL
  891. .. code-block:: yaml
  892. parameters:
  893. linux:
  894. storage:
  895. multipath:
  896. enabled: true
  897. blacklist_devices:
  898. - /dev/sda
  899. - /dev/sdb
  900. backends:
  901. - fujitsu_eternus_dxl
  902. Multipath with Hitachi VSP 1000
  903. .. code-block:: yaml
  904. parameters:
  905. linux:
  906. storage:
  907. multipath:
  908. enabled: true
  909. blacklist_devices:
  910. - /dev/sda
  911. - /dev/sdb
  912. backends:
  913. - hitachi_vsp1000
  914. Multipath with IBM Storwize
  915. .. code-block:: yaml
  916. parameters:
  917. linux:
  918. storage:
  919. multipath:
  920. enabled: true
  921. blacklist_devices:
  922. - /dev/sda
  923. - /dev/sdb
  924. backends:
  925. - ibm_storwize
  926. Multipath with multiple backends
  927. .. code-block:: yaml
  928. parameters:
  929. linux:
  930. storage:
  931. multipath:
  932. enabled: true
  933. blacklist_devices:
  934. - /dev/sda
  935. - /dev/sdb
  936. - /dev/sdc
  937. - /dev/sdd
  938. backends:
  939. - ibm_storwize
  940. - fujitsu_eternus_dxl
  941. - hitachi_vsp1000
  942. Disabled multipath (the default setup)
  943. .. code-block:: yaml
  944. parameters:
  945. linux:
  946. storage:
  947. multipath:
  948. enabled: false
  949. Linux with local loopback device
  950. .. code-block:: yaml
  951. linux:
  952. storage:
  953. loopback:
  954. disk1:
  955. file: /srv/disk1
  956. size: 50G
  957. External config generation
  958. --------------------------
  959. You are able to use config support metadata between formulas and only generate
  960. config files for external use, eg. docker, etc.
  961. .. code-block:: yaml
  962. parameters:
  963. linux:
  964. system:
  965. config:
  966. pillar:
  967. jenkins:
  968. master:
  969. home: /srv/volumes/jenkins
  970. approved_scripts:
  971. - method java.net.URL openConnection
  972. credentials:
  973. - type: username_password
  974. scope: global
  975. id: test
  976. desc: Testing credentials
  977. username: test
  978. password: test
  979. Netconsole Remote Kernel Logging
  980. --------------------------------
  981. Netconsole logger could be configured for configfs-enabled kernels
  982. (`CONFIG_NETCONSOLE_DYNAMIC` should be enabled). Configuration applies both in
  983. runtime (if network is already configured), and on-boot after interface
  984. initialization. Notes:
  985. * receiver could be located only in same L3 domain
  986. (or you need to configure gateway MAC manually)
  987. * receiver's MAC is detected only on configuration time
  988. * using broadcast MAC is not recommended
  989. .. code-block:: yaml
  990. parameters:
  991. linux:
  992. system:
  993. netconsole:
  994. enabled: true
  995. port: 514 (optional)
  996. loglevel: debug (optional)
  997. target:
  998. 192.168.0.1:
  999. interface: bond0
  1000. mac: "ff:ff:ff:ff:ff:ff" (optional)
  1001. Usage
  1002. =====
  1003. Set mtu of network interface eth0 to 1400
  1004. .. code-block:: bash
  1005. ip link set dev eth0 mtu 1400
  1006. Read more
  1007. =========
  1008. * https://www.archlinux.org/
  1009. * http://askubuntu.com/questions/175172/how-do-i-configure-proxies-in-ubuntu-server-or-minimal-cli-ubuntu
  1010. Documentation and Bugs
  1011. ======================
  1012. To learn how to install and update salt-formulas, consult the documentation
  1013. available online at:
  1014. http://salt-formulas.readthedocs.io/
  1015. In the unfortunate event that bugs are discovered, they should be reported to
  1016. the appropriate issue tracker. Use Github issue tracker for specific salt
  1017. formula:
  1018. https://github.com/salt-formulas/salt-formula-linux/issues
  1019. For feature requests, bug reports or blueprints affecting entire ecosystem,
  1020. use Launchpad salt-formulas project:
  1021. https://launchpad.net/salt-formulas
  1022. You can also join salt-formulas-users team and subscribe to mailing list:
  1023. https://launchpad.net/~salt-formulas-users
  1024. Developers wishing to work on the salt-formulas projects should always base
  1025. their work on master branch and submit pull request against specific formula.
  1026. https://github.com/salt-formulas/salt-formula-linux
  1027. Any questions or feedback is always welcome so feel free to join our IRC
  1028. channel:
  1029. #salt-formulas @ irc.freenode.net