ExternalMirrors
/
linux-formula
mirror of https://github.com/salt-formulas/salt-formula-linux
Watch 1
Star 0
Fork 1
Code Issues 0 Releases 8 Wiki Activity
Saltstack Official Linux Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
327 Commits
26 Branches
Tree: 1fe61e497e
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '1fe61e497e'
${ noResults }
linux-formula/README.rst

README.rst 32KB
Raw Normal View History

Update README.rst
7 years ago
Initial commit
9 years ago
Update README.rst
7 years ago
Initial commit
9 years ago
Update README.rst
7 years ago
Initial commit
9 years ago
Add sudo state, salt-managed aliases,users,groups - apply review comments - add visudo check cmd
7 years ago
Initial commit
9 years ago
Add sudo state, salt-managed aliases,users,groups - apply review comments - add visudo check cmd
7 years ago
Update README.rst
7 years ago
Add sudo state, salt-managed aliases,users,groups - apply review comments - add visudo check cmd
7 years ago
Update README.rst
7 years ago
Add sudo state, salt-managed aliases,users,groups - apply review comments - add visudo check cmd
7 years ago
Update README.rst fixed typo in sudo part
7 years ago
Add sudo state, salt-managed aliases,users,groups - apply review comments - add visudo check cmd
7 years ago
Added ability to enable SETENV in sudoers Change-Id: Icee295720a5a2425390a1bcd588841897071938e
7 years ago
Add sudo state, salt-managed aliases,users,groups - apply review comments - add visudo check cmd
7 years ago
Initial commit
9 years ago
Add system.autoupdates state (#61) * Add support for autoupdates only Debian-based systems are supported for now (through unattended-upgrades package) * Fix test on system.autoupdates.pkgs
7 years ago
Initial commit
9 years ago
Support for setting security limits
9 years ago
Enable/disable console autologin
9 years ago
More options for consoles
9 years ago
Enable/disable console autologin
9 years ago
Allow setting policy-rc.d
9 years ago
Allow setting system locales
8 years ago
Fix readme of cs_CZ locales
8 years ago
Allow setting system locales
8 years ago
Allow configure systemd Change-Id: I54bc92902137899834408732ab852fd96d3f5a53
7 years ago
Make linux.system.kernel functional
9 years ago
add support for kernel modules Change-Id: I6ba3d72307805341829fe0f6919e326f3698e833
7 years ago
RIL-267 Adding cpu governor and kernel module opts (#101) * RIL-267 Adding cpu governor and kernel module opts * RIL-267 Adding cpu governor and kernel module opts * RIL-267 Adding cpu governor and kernel module opts
7 years ago
Make linux.system.kernel functional
9 years ago
Linux sysctl kernel parameters
9 years ago
cpu governor
8 years ago
RIL-267 Adding cpu governor and kernel module opts (#101) * RIL-267 Adding cpu governor and kernel module opts * RIL-267 Adding cpu governor and kernel module opts * RIL-267 Adding cpu governor and kernel module opts
7 years ago
cpu governor
8 years ago
Hugepages support Grub hugepages configuration and mount point action. Change-Id: I49b26871c325b95a7d3f264892a9e997b58765bc Epic: PROD-8959
7 years ago
cpu governor
8 years ago
SRIOV support Enable SR-IOV support on server. Change-Id: I7dabe340abd398cc0422698112cbdd81804446b7 Epic: PROD-8956
7 years ago
Implement isolcpu grub configuration Separate cpu for host os from workload. Change-Id: I5b274a6324fe2fa47c09df82c01e3b95dadb5e53 Epic: PROD-8959
7 years ago
cpu governor
8 years ago
Initial commit
9 years ago
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 years ago
Add dhclient basic configuration Allows configuring general section as well as configuring each dhcp enabled interface separetly. Does not allow alias or lease configuration.
7 years ago
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 years ago
Add dhclient basic configuration Allows configuring general section as well as configuring each dhcp enabled interface separetly. Does not allow alias or lease configuration.
7 years ago
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 years ago
README fix for purging repos
7 years ago
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 years ago
rc.local added to linux formula
9 years ago
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 years ago
Allow setting system-wide prompt
9 years ago
Ensure PS1 is enforced for root
9 years ago
rc.local added to linux formula
9 years ago
Option to preserve bash history
8 years ago
Set message of the day
9 years ago
add service management support Change-Id: Iffb55fee41b8398de12554b58a9d36ae2b81e7ff
7 years ago
RHEL compatibility of motd and prompt
8 years ago
Support for haveged
8 years ago
RHEL compatibility of motd and prompt
8 years ago
Support for haveged
8 years ago
Initial commit
9 years ago
example usage to disable NM
9 years ago
Initial commit
9 years ago
example usage to disable NM
9 years ago
Initial commit
9 years ago
vlan networking support
9 years ago
fix fillar syntax
9 years ago
vlan networking support
9 years ago
Initial commit
9 years ago
vlan networking support
9 years ago
Initial commit
9 years ago
vlan networking support
9 years ago
Initial commit
9 years ago
Add dhclient basic configuration Allows configuring general section as well as configuring each dhcp enabled interface separetly. Does not allow alias or lease configuration.
7 years ago
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 years ago
Initial commit
9 years ago
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 years ago
Initial commit
9 years ago
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 years ago
Initial commit
9 years ago
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 years ago
Initial commit
9 years ago
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 years ago
Initial commit
9 years ago
Allow enforcing of whole /etc/hosts Parameter purge_hosts will enforce whole /etc/hosts file, removing entries that are not defined in model except defaults for both IPv4 and IPv6 localhost and hostname + fqdn. It's good to use this option if you want to ensure /etc/hosts is always in a clean state however it's not enabled by default for safety. Change-Id: Ieb219b2dd494d5a66ecc52a2ec00dd5157ee2b7a
8 years ago
Initial commit
9 years ago
Allow enforcing of whole /etc/hosts Parameter purge_hosts will enforce whole /etc/hosts file, removing entries that are not defined in model except defaults for both IPv4 and IPv6 localhost and hostname + fqdn. It's good to use this option if you want to ensure /etc/hosts is always in a clean state however it's not enabled by default for safety. Change-Id: Ieb219b2dd494d5a66ecc52a2ec00dd5157ee2b7a
8 years ago
Initial commit
9 years ago
Allow enforcing of whole /etc/hosts Parameter purge_hosts will enforce whole /etc/hosts file, removing entries that are not defined in model except defaults for both IPv4 and IPv6 localhost and hostname + fqdn. It's good to use this option if you want to ensure /etc/hosts is always in a clean state however it's not enabled by default for safety. Change-Id: Ieb219b2dd494d5a66ecc52a2ec00dd5157ee2b7a
8 years ago
Initial commit
9 years ago
Allow enforcing of whole /etc/hosts Parameter purge_hosts will enforce whole /etc/hosts file, removing entries that are not defined in model except defaults for both IPv4 and IPv6 localhost and hostname + fqdn. It's good to use this option if you want to ensure /etc/hosts is always in a clean state however it's not enabled by default for safety. Change-Id: Ieb219b2dd494d5a66ecc52a2ec00dd5157ee2b7a
8 years ago
Allow setting resolv.conf
9 years ago
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 years ago
Allow setting resolv.conf
9 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
Allow setting resolv.conf
9 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
fix options setting in resolv
8 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
Feature: automatically set txqueuelen for all tap* network interfaces Config: linux: network: tap_custom_txqueuelen: 10000 in case of configuration parameter defined will create file: /etc/udev/rules.d/60-net-txqueue.rules with content: KERNEL==”tap[0-9a-z\-]*", RUN+="/sbin/ip link set %k txqueuelen 10000"
7 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
[DPDK] Add ability to set pmd_rxq_affinity for dpdk interfaces This enables a more fine tuned dpdk for better performance. More details on pmd-rxq-affinity config: http://docs.openvswitch.org/en/latest/howto/dpdk/ Change-Id: I630c6af94ff733619fb175f522fc515984862ff6
7 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
Linux OVS dpdk vxlan tunnel endpoint ip address Add possiblity to add ip address and mtu on dpdk ovs bridge to be able use VXLAN as tenant segmentation. Change-Id: I1394d30c5d9935218841b17ff7651dac7b4abefa Epic: PROD-8957
7 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
Allow setting resolv.conf
9 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
[DPDK] Add ability to set pmd_rxq_affinity for dpdk interfaces This enables a more fine tuned dpdk for better performance. More details on pmd-rxq-affinity config: http://docs.openvswitch.org/en/latest/howto/dpdk/ Change-Id: I630c6af94ff733619fb175f522fc515984862ff6
7 years ago
Linux OVS dpdk vxlan tunnel endpoint ip address Add possiblity to add ip address and mtu on dpdk ovs bridge to be able use VXLAN as tenant segmentation. Change-Id: I1394d30c5d9935218841b17ff7651dac7b4abefa Epic: PROD-8957
7 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
[DPDK] Add ability to set pmd_rxq_affinity for dpdk interfaces This enables a more fine tuned dpdk for better performance. More details on pmd-rxq-affinity config: http://docs.openvswitch.org/en/latest/howto/dpdk/ Change-Id: I630c6af94ff733619fb175f522fc515984862ff6
7 years ago
Linux OVS dpdk vxlan tunnel endpoint ip address Add possiblity to add ip address and mtu on dpdk ovs bridge to be able use VXLAN as tenant segmentation. Change-Id: I1394d30c5d9935218841b17ff7651dac7b4abefa Epic: PROD-8957
7 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
Linux OVS dpdk vxlan tunnel endpoint ip address Add possiblity to add ip address and mtu on dpdk ovs bridge to be able use VXLAN as tenant segmentation. Change-Id: I1394d30c5d9935218841b17ff7651dac7b4abefa Epic: PROD-8957
7 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
Initial commit
9 years ago
Fix mount examples in the README The enabled flag is mandatory.
8 years ago
Initial commit
9 years ago
nfs storage mount
7 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
Initial commit
9 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
add swap partition support
9 years ago
Support for LVM
9 years ago
Fix mount examples in the README The enabled flag is mandatory.
8 years ago
Support for LVM
9 years ago
Refactored multipath support
8 years ago
Add linux.storage.loopback state This state allows to configure loopback device(s). This isn't meant to be used in production but offers a cheap way to test Cinder with LVM volumes.
8 years ago
Add support for external config generation
8 years ago
netconsole remote kernel logger To configure: * set system.netconsole.enabled to true * create system.netconsole.target dict * set a record with IP address and MAC and interface as subdict It works with both static and DHCP interfaces, and applies online. You could use bash-scripting in netconsole.conf. You could override the MAC. See tests/pillar/system.sls for further information. Change-Id: I1cbde47575eb5d32a34cd6d79a063f42dbea7643
7 years ago
Refactored multipath support
8 years ago
Initial commit
9 years ago
Unify Makefile, .gitignore and update readme
8 years ago
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398 
  1. ============

  2. Linux Fomula

  3. ============

  4. 

  5. Linux Operating Systems.

  6. 

  7. * Ubuntu

  8. * CentOS

  9. * RedHat

  10. * Fedora

  11. * Arch

  12. 

  13. Sample Pillars

  14. ==============

  15. 

  16. 

  17. Linux System

  18. ------------

  19. 

  20. Basic Linux box

  21. 

  22. .. code-block:: yaml

  23. 

  24.     linux:

  25.       system:

  26.         enabled: true

  27.         name: 'node1'

  28.         domain: 'domain.com'

  29.         cluster: 'system'

  30.         environment: prod

  31.         timezone: 'Europe/Prague'

  32.         utc: true

  33. 

  34. Linux with system users, some with password set

  35. 

  36. .. code-block:: yaml

  37. 

  38.     linux:

  39.       system:

  40.         ...

  41.         user:

  42.           jdoe:

  43.             name: 'jdoe'

  44.             enabled: true

  45.             sudo: true

  46.             shell: /bin/bash

  47.             full_name: 'Jonh Doe'

  48.             home: '/home/jdoe'

  49.             email: 'jonh@doe.com'

  50.           jsmith:

  51.             name: 'jsmith'

  52.             enabled: true

  53.             full_name: 'Password'

  54.             home: '/home/jsmith'

  55.             password: userpassword

  56. 

  57. Configure sudo for users and groups under ``/etc/sudoers.d/``.

  58. This ways ``linux.system.sudo`` pillar map to actual sudo attributes:

  59. 

  60. .. code-block:: jinja

  61. 

  62.    # simplified template:

  63.    Cmds_Alias {{ alias }}={{ commands }}

  64.    {{ user }}   {{ hosts }}=({{ runas }}) NOPASSWD: {{ commands }}

  65.    %{{ group }} {{ hosts }}=({{ runas }}) NOPASSWD: {{ commands }}

  66. 

  67.    # when rendered:

  68.    saltuser1 ALL=(ALL) NOPASSWD: ALL

  69. 

  70. .. code-block:: yaml

  71. 

  72.   linux:

  73.     system:

  74.       sudo:

  75.         enabled: true

  76.         aliases:

  77.           host:

  78.             LOCAL:

  79.             - localhost

  80.             PRODUCTION:

  81.             - db1

  82.             - db2

  83.           runas:

  84.             DBA:

  85.             - postgres

  86.             - mysql

  87.             SALT:

  88.             - root

  89.           command:

  90.             # Note: This is not 100% safe when ALL keyword is used, user still may modify configs and hide his actions.

  91.             #       Best practice is to specify full list of commands user is allowed to run.

  92.             SUPPORT_RESTRICTED:

  93.             - /bin/vi /etc/sudoers*

  94.             - /bin/vim /etc/sudoers*

  95.             - /bin/nano /etc/sudoers*

  96.             - /bin/emacs /etc/sudoers*

  97.             - /bin/su - root

  98.             - /bin/su -

  99.             - /bin/su

  100.             - /usr/sbin/visudo

  101.             SUPPORT_SHELLS:

  102.             - /bin/sh

  103.             - /bin/ksh

  104.             - /bin/bash

  105.             - /bin/rbash

  106.             - /bin/dash

  107.             - /bin/zsh

  108.             - /bin/csh

  109.             - /bin/fish

  110.             - /bin/tcsh

  111.             - /usr/bin/login

  112.             - /usr/bin/su

  113.             - /usr/su

  114.             ALL_SALT_SAFE:

  115.             - /usr/bin/salt state*

  116.             - /usr/bin/salt service*

  117.             - /usr/bin/salt pillar*

  118.             - /usr/bin/salt grains*

  119.             - /usr/bin/salt saltutil*

  120.             - /usr/bin/salt-call state*

  121.             - /usr/bin/salt-call service*

  122.             - /usr/bin/salt-call pillar*

  123.             - /usr/bin/salt-call grains*

  124.             - /usr/bin/salt-call saltutil*

  125.             SALT_TRUSTED:

  126.             - /usr/bin/salt*

  127.         users:

  128.           # saltuser1 with default values: saltuser1 ALL=(ALL) NOPASSWD: ALL

  129.           saltuser1: {}

  130.           saltuser2:

  131.             hosts:

  132.             - LOCAL

  133.           # User Alias DBA

  134.           DBA:

  135.             hosts:

  136.             - ALL

  137.             commands:

  138.             - ALL_SALT_SAFE

  139.         groups:

  140.           db-ops:

  141.             hosts:

  142.             - ALL

  143.             - '!PRODUCTION'

  144.             runas:

  145.             - DBA

  146.             commands:

  147.             - /bin/cat *

  148.             - /bin/less *

  149.             - /bin/ls *

  150.           salt-ops:

  151.             hosts:

  152.             - 'ALL'

  153.             runas:

  154.             - SALT

  155.             commands:

  156.             - SUPPORT_SHELLS

  157.           salt-ops-2nd:

  158.             name: salt-ops

  159.             nopasswd: false

  160.             setenv: true # Enable sudo -E option

  161.             runas:

  162.             - DBA

  163.             commands:

  164.             - ALL

  165.             - '!SUPPORT_SHELLS'

  166.             - '!SUPPORT_RESTRICTED'

  167. 

  168. Linux with package, latest version

  169. 

  170. .. code-block:: yaml

  171. 

  172.     linux:

  173.       system:

  174.         ...

  175.         package:

  176.           package-name:

  177.             version: latest

  178. 

  179. Linux with package from certail repo, version with no upgrades

  180. 

  181. .. code-block:: yaml

  182. 

  183.     linux:

  184.       system:

  185.         ...

  186.         package:

  187.           package-name:

  188.             version: 2132.323

  189.             repo: 'custom-repo'

  190.             hold: true

  191. 

  192. Linux with package from certail repo, version with no GPG verification

  193. 

  194. .. code-block:: yaml

  195. 

  196.     linux:

  197.       system:

  198.         ...

  199.         package:

  200.           package-name:

  201.             version: 2132.323

  202.             repo: 'custom-repo'

  203.             verify: false

  204. 

  205. Linux with autoupdates (automatically install security package updates)

  206. 

  207. .. code-block:: yaml

  208. 

  209.     linux:

  210.       system:

  211.         ...

  212.         autoupdates:

  213.           enabled: true

  214.           mail: root@localhost

  215.           mail_only_on_error: true

  216.           remove_unused_dependencies: false

  217.           automatic_reboot: true

  218.           automatic_reboot_time: "02:00"

  219. 

  220. Linux with cron jobs

  221. 

  222. .. code-block:: yaml

  223. 

  224.     linux:

  225.       system:

  226.         ...

  227.         job:

  228.           cmd1:

  229.             command: '/cmd/to/run'

  230.             enabled: true

  231.             user: 'root'

  232.             hour: 2

  233.             minute: 0

  234. 

  235. Linux security limits (limit sensu user memory usage to max 1GB):

  236. 

  237. .. code-block:: yaml

  238. 

  239.     linux:

  240.       system:

  241.         ...

  242.         limit:

  243.           sensu:

  244.             enabled: true

  245.             domain: sensu

  246.             limits:

  247.               - type: hard

  248.                 item: as

  249.                 value: 1000000

  250. 

  251. Enable autologin on tty1 (may work only for Ubuntu 14.04):

  252. 

  253. .. code-block:: yaml

  254. 

  255.     linux:

  256.       system:

  257.         console:

  258.           tty1:

  259.             autologin: root

  260.           # Enable serial console

  261.           ttyS0:

  262.             autologin: root

  263.             rate: 115200

  264.             term: xterm

  265. 

  266. To disable set autologin to `false`.

  267. 

  268. Set ``policy-rc.d`` on Debian-based systems. Action can be any available

  269. command in ``while true`` loop and ``case`` context.

  270. Following will disallow dpkg to stop/start services for cassandra package automatically:

  271. 

  272. .. code-block:: yaml

  273. 

  274.     linux:

  275.       system:

  276.         policyrcd:

  277.           - package: cassandra

  278.             action: exit 101

  279.           - package: '*'

  280.             action: switch

  281. 

  282. Set system locales:

  283. 

  284. .. code-block:: yaml

  285. 

  286.     linux:

  287.       system:

  288.         locale:

  289.           en_US.UTF-8:

  290.             default: true

  291.           "cs_CZ.UTF-8 UTF-8":

  292.             enabled: true

  293. 

  294. Systemd settings:

  295. 

  296. .. code-block:: yaml

  297. 

  298.     linux:

  299.       system:

  300.         ...

  301.         systemd:

  302.           system:

  303.             Manager:

  304.               DefaultLimitNOFILE: 307200

  305.               DefaultLimitNPROC: 307200

  306.           user:

  307.             Manager:

  308.               DefaultLimitCPU: 2

  309.               DefaultLimitNPROC: 4

  310. 

  311. Kernel

  312. ~~~~~~

  313. 

  314. Install always up to date LTS kernel and headers from Ubuntu trusty:

  315. 

  316. .. code-block:: yaml

  317. 

  318.     linux:

  319.       system:

  320.         kernel:

  321.           type: generic

  322.           lts: trusty

  323.           headers: true

  324. 

  325. Load kernel modules and add them to `/etc/modules`:

  326. 

  327. .. code-block:: yaml

  328. 

  329.     linux:

  330.       system:

  331.         kernel:

  332.           modules:

  333.             - nf_conntrack

  334.             - tp_smapi

  335.             - 8021q

  336. 

  337. Configure or blacklist kernel modules with additional options to `/etc/modprobe.d` following example 

  338. will add `/etc/modprobe.d/nf_conntrack.conf` file with line `options nf_conntrack hashsize=262144`:

  339. 

  340. .. code-block:: yaml

  341. 

  342.     linux:

  343.       system:

  344.         kernel:

  345.           module:

  346.             nf_conntrack:

  347.               option:

  348.                 hashsize: 262144

  349. 

  350. 

  351. 

  352. Install specific kernel version and ensure all other kernel packages are

  353. not present. Also install extra modules and headers for this kernel:

  354. 

  355. .. code-block:: yaml

  356. 

  357.     linux:

  358.       system:

  359.         kernel:

  360.           type: generic

  361.           extra: true

  362.           headers: true

  363.           version: 4.2.0-22

  364. 

  365. Systcl kernel parameters

  366. 

  367. .. code-block:: yaml

  368. 

  369.     linux:

  370.       system:

  371.         kernel:

  372.           sysctl:

  373.             net.ipv4.tcp_keepalive_intvl: 3

  374.             net.ipv4.tcp_keepalive_time: 30

  375.             net.ipv4.tcp_keepalive_probes: 8

  376. 

  377. 

  378. CPU

  379. ~~~

  380. 

  381. Enable cpufreq governor for every cpu:

  382. 

  383. .. code-block:: yaml

  384. 

  385.     linux:

  386.       system:

  387.         cpu:

  388.           governor: performance

  389. 

  390. Huge Pages

  391. ~~~~~~~~~~~~

  392. 

  393. Huge Pages give a performance boost to applications that intensively deal

  394. with memory allocation/deallocation by decreasing memory fragmentation.

  395. 

  396. .. code-block:: yaml

  397. 

  398.     linux:

  399.       system:

  400.         kernel:

  401.           hugepages:

  402.             small:

  403.               size: 2M

  404.               count: 107520

  405.               mount_point: /mnt/hugepages_2MB

  406.               mount: false/true # default false

  407.             large:

  408.               default: true # default automatically mounted

  409.               size: 1G

  410.               count: 210

  411.               mount_point: /mnt/hugepages_1GB

  412. 

  413. Note: not recommended to use both pagesizes in concurrently.

  414. 

  415. Intel SR-IOV

  416. ~~~~~~~~~~~~

  417. 

  418. PCI-SIG Single Root I/O Virtualization and Sharing (SR-IOV) specification defines a standardized mechanism to virtualize PCIe devices. The mechanism can virtualize a single PCIe Ethernet controller to appear as multiple PCIe devices.

  419. 

  420. .. code-block:: yaml

  421. 

  422.     linux:

  423.       system:

  424.         kernel:

  425.           sriov: True

  426.           unsafe_interrupts: False # Default is false. for older platforms and AMD we need to add interrupt remapping workaround

  427.         rc:

  428.           local: |

  429.             #!/bin/sh -e

  430.             # Enable 7 VF on eth1

  431.             echo 7 > /sys/class/net/eth1/device/sriov_numvfs; sleep 2; ifup -a

  432.             exit 0

  433. 

  434. Isolate CPU options

  435. ~~~~~~~~~~~~~~~~~~~

  436. 

  437. Remove the specified CPUs, as defined by the cpu_number values, from the general kernel

  438. SMP balancing and scheduler algroithms. The only way to move a process onto or off an

  439. "isolated" CPU is via the CPU affinity syscalls. cpu_number begins at 0, so the

  440. maximum value is 1 less than the number of CPUs on the system.

  441. 

  442. .. code-block:: yaml

  443. 

  444.     linux:

  445.       system:

  446.         kernel:

  447.           isolcpu: 1,2,3,4,5,6,7 # isolate first cpu 0

  448. 

  449. Repositories

  450. ~~~~~~~~~~~~

  451. 

  452. RedHat based Linux with additional OpenStack repo

  453. 

  454. .. code-block:: yaml

  455. 

  456.     linux:

  457.       system:

  458.         ...

  459.         repo:

  460.           rdo-icehouse:

  461.             enabled: true

  462.             source: 'http://repos.fedorapeople.org/repos/openstack/openstack-icehouse/epel-6/'

  463.             pgpcheck: 0

  464. 

  465. Ensure system repository to use czech Debian mirror (``default: true``)

  466. Also pin it's packages with priority 900.

  467. 

  468. .. code-block:: yaml

  469. 

  470.    linux:

  471.      system:

  472.        repo:

  473.          debian:

  474.            default: true

  475.            source: "deb http://ftp.cz.debian.org/debian/ jessie main contrib non-free"

  476.            # Import signing key from URL if needed

  477.            key_url: "http://dummy.com/public.gpg"

  478.            pin:

  479.              - pin: 'origin "ftp.cz.debian.org"'

  480.                priority: 900

  481.                package: '*'

  482. 

  483. 

  484. Package manager proxy setup globally:

  485. 

  486. .. code-block:: yaml

  487. 

  488.     linux:

  489.       system:

  490.         ...

  491.         repo:

  492.           apt-mk:

  493.             source: "deb http://apt-mk.mirantis.com/ stable main salt"

  494.         ...

  495.         proxy:

  496.           pkg:

  497.             enabled: true

  498.             ftp:   ftp://ftp-proxy-for-apt.host.local:2121

  499.           ...

  500.           # NOTE: Global defaults for any other componet that configure proxy on the system.

  501.           #       If your environment has just one simple proxy, set it on linux:system:proxy.

  502.           #

  503.           # fall back system defaults if linux:system:proxy:pkg has no protocol specific entries

  504.           # as for https and http

  505.           ftp:   ftp://proxy.host.local:2121

  506.           http:  http://proxy.host.local:3142

  507.           https: https://proxy.host.local:3143

  508. 

  509. Package manager proxy setup per repository:

  510. 

  511. .. code-block:: yaml

  512. 

  513.     linux:

  514.       system:

  515.         ...

  516.         repo:

  517.           debian:

  518.             source: "deb http://apt-mk.mirantis.com/ stable main salt"

  519.         ...

  520.           apt-mk:

  521.             source: "deb http://apt-mk.mirantis.com/ stable main salt"

  522.             # per repository proxy

  523.             proxy:

  524.               enabled: true

  525.               http:  http://maas-01:8080

  526.               https: http://maas-01:8080

  527.         ...

  528.         proxy:

  529.           # package manager fallback defaults

  530.           # used if linux:system:repo:apt-mk:proxy has no protocol specific entries

  531.           pkg:

  532.             enabled: true

  533.             ftp:   ftp://proxy.host.local:2121

  534.             #http:  http://proxy.host.local:3142

  535.             #https: https://proxy.host.local:3143

  536.           ...

  537.           # global system fallback system defaults

  538.           ftp:   ftp://proxy.host.local:2121

  539.           http:  http://proxy.host.local:3142

  540.           https: https://proxy.host.local:3143

  541. 

  542. 

  543. Remove all repositories:

  544. 

  545. .. code-block:: yaml

  546. 

  547.     linux:

  548.       system:

  549.         purge_repos: true

  550. 

  551. 

  552. RC

  553. ~~

  554. 

  555. rc.local example

  556. 

  557. .. code-block:: yaml

  558. 

  559.    linux:

  560.      system:

  561.        rc:

  562.          local: |

  563.            #!/bin/sh -e

  564.            #

  565.            # rc.local

  566.            #

  567.            # This script is executed at the end of each multiuser runlevel.

  568.            # Make sure that the script will "exit 0" on success or any other

  569.            # value on error.

  570.            #

  571.            # In order to enable or disable this script just change the execution

  572.            # bits.

  573.            #

  574.            # By default this script does nothing.

  575.            exit 0

  576. 

  577. 

  578. Prompt

  579. ~~~~~~

  580. 

  581. Setting prompt is implemented by creating ``/etc/profile.d/prompt.sh``. Every

  582. user can have different prompt.

  583. 

  584. .. code-block:: yaml

  585. 

  586.     linux:

  587.       system:

  588.         prompt:

  589.           root: \\n\\[\\033[0;37m\\]\\D{%y/%m/%d %H:%M:%S} $(hostname -f)\\[\\e[0m\\]\\n\\[\\e[1;31m\\][\\u@\\h:\\w]\\[\\e[0m\\]

  590.           default: \\n\\D{%y/%m/%d %H:%M:%S} $(hostname -f)\\n[\\u@\\h:\\w]

  591. 

  592. On Debian systems to set prompt system-wide it's necessary to remove setting

  593. PS1 in ``/etc/bash.bashrc`` and ``~/.bashrc`` (which comes from

  594. ``/etc/skel/.bashrc``). This formula will do this automatically, but will not

  595. touch existing user's ``~/.bashrc`` files except root.

  596. 

  597. Bash

  598. ~~~~

  599. 

  600. Fix bash configuration to preserve history across sessions (like ZSH does by

  601. default).

  602. 

  603. .. code-block:: yaml

  604. 

  605.     linux:

  606.       system:

  607.         bash:

  608.           preserve_history: true

  609. 

  610. Message of the day

  611. ~~~~~~~~~~~~~~~~~~

  612. 

  613. ``pam_motd`` from package ``update-motd`` is used for dynamic messages of the

  614. day. Setting custom motd will cleanup existing ones.

  615. 

  616. .. code-block:: yaml

  617. 

  618.     linux:

  619.       system:

  620.         motd:

  621.           - release: |

  622.               #!/bin/sh

  623.               [ -r /etc/lsb-release ] && . /etc/lsb-release

  624. 

  625.               if [ -z "$DISTRIB_DESCRIPTION" ] && [ -x /usr/bin/lsb_release ]; then

  626.               	# Fall back to using the very slow lsb_release utility

  627.               	DISTRIB_DESCRIPTION=$(lsb_release -s -d)

  628.               fi

  629. 

  630.               printf "Welcome to %s (%s %s %s)\n" "$DISTRIB_DESCRIPTION" "$(uname -o)" "$(uname -r)" "$(uname -m)"

  631.           - warning: |

  632.               #!/bin/sh

  633.               printf "This is [company name] network.\n"

  634.               printf "Unauthorized access strictly prohibited.\n"

  635. 

  636. Services

  637. ~~~~~~~~

  638. 

  639. Stop and disable linux service:

  640. 

  641. .. code-block:: yaml

  642. 

  643.     linux:

  644.       system:

  645.         service:

  646.           apt-daily.timer:

  647.             status: dead

  648. 

  649. Possible status is dead (disable service by default), running (enable service by default), enabled, disabled.

  650. 

  651. RHEL / CentOS

  652. ^^^^^^^^^^^^^

  653. 

  654. Unfortunately ``update-motd`` is currently not available for RHEL so there's

  655. no native support for dynamic motd.

  656. You can still set static one, only pillar structure differs:

  657. 

  658. .. code-block:: yaml

  659. 

  660.     linux:

  661.       system:

  662.         motd: |

  663.           This is [company name] network.

  664.           Unauthorized access strictly prohibited.

  665. 

  666. Haveged

  667. ~~~~~~~

  668. 

  669. If you are running headless server and are low on entropy, it may be a good

  670. idea to setup Haveged.

  671. 

  672. .. code-block:: yaml

  673. 

  674.     linux:

  675.       system:

  676.         haveged:

  677.           enabled: true

  678. 

  679. Linux network

  680. -------------

  681. 

  682. Linux with network manager

  683. 

  684. .. code-block:: yaml

  685. 

  686.     linux:

  687.       network:

  688.         enabled: true

  689.         network_manager: true

  690. 

  691. Linux with default static network interfaces, default gateway interface and DNS servers

  692. 

  693. .. code-block:: yaml

  694. 

  695.     linux:

  696.       network:

  697.         enabled: true

  698.         interface:

  699.           eth0:

  700.             enabled: true

  701.             type: eth

  702.             address: 192.168.0.102

  703.             netmask: 255.255.255.0

  704.             gateway: 192.168.0.1

  705.             name_servers:

  706.             - 8.8.8.8

  707.             - 8.8.4.4

  708.             mtu: 1500

  709. 

  710. Linux with bonded interfaces and disabled NetworkManager

  711. 

  712. .. code-block:: yaml

  713. 

  714.     linux:

  715.       network:

  716.         enabled: true

  717.         interface:

  718.           eth0:

  719.             type: eth

  720.             ...

  721.           eth1:

  722.             type: eth

  723.             ...

  724.           bond0:

  725.             enabled: true

  726.             type: bond

  727.             address: 192.168.0.102

  728.             netmask: 255.255.255.0

  729.             mtu: 1500

  730.             use_in:

  731.             - interface: ${linux:interface:eth0}

  732.             - interface: ${linux:interface:eth0}

  733.         network_manager:

  734.           disable: true

  735. 

  736. Linux with vlan interface_params

  737. 

  738. .. code-block:: yaml

  739. 

  740.     linux:

  741.       network:

  742.         enabled: true

  743.         interface:

  744.           vlan69:

  745.             type: vlan

  746.             use_interfaces:

  747.             - interface: ${linux:interface:bond0}

  748. 

  749. Linux with wireless interface parameters

  750. 

  751. .. code-block:: yaml

  752. 

  753.     linux:

  754.       network:

  755.         enabled: true

  756.         gateway: 10.0.0.1

  757.         default_interface: eth0

  758.         interface:

  759.           wlan0:

  760.             type: eth

  761.             wireless:

  762.               essid: example

  763.               key: example_key

  764.               security: wpa

  765.               priority: 1

  766. 

  767. Linux networks with routes defined

  768. 

  769. .. code-block:: yaml

  770. 

  771.     linux:

  772.       network:

  773.         enabled: true

  774.         gateway: 10.0.0.1

  775.         default_interface: eth0

  776.         interface:

  777.           eth0:

  778.             type: eth

  779.             route:

  780.               default:

  781.                 address: 192.168.0.123

  782.                 netmask: 255.255.255.0

  783.                 gateway: 192.168.0.1

  784. 

  785. Native Linux Bridges

  786. 

  787. .. code-block:: yaml

  788. 

  789.     linux:

  790.       network:

  791.         interface:

  792.           eth1:

  793.             enabled: true

  794.             type: eth

  795.             proto: manual

  796.             up_cmds:

  797.             - ip address add 0/0 dev $IFACE

  798.             - ip link set $IFACE up

  799.             down_cmds:

  800.             - ip link set $IFACE down

  801.           br-ex:

  802.             enabled: true

  803.             type: bridge

  804.             address: ${linux:network:host:public_local:address}

  805.             netmask: 255.255.255.0

  806.             use_interfaces:

  807.             - eth1

  808. 

  809. OpenVswitch Bridges

  810. 

  811. .. code-block:: yaml

  812. 

  813.     linux:

  814.       network:

  815.         bridge: openvswitch

  816.         interface:

  817.           eth1:

  818.             enabled: true

  819.             type: eth

  820.             proto: manual

  821.             up_cmds:

  822.             - ip address add 0/0 dev $IFACE

  823.             - ip link set $IFACE up

  824.             down_cmds:

  825.             - ip link set $IFACE down

  826.           br-ex:

  827.             enabled: true

  828.             type: bridge

  829.             address: ${linux:network:host:public_local:address}

  830.             netmask: 255.255.255.0

  831.             use_interfaces:

  832.             - eth1

  833. 

  834. DHCP client configuration

  835. 

  836. None of the keys is mandatory, include only those you really need. For full list

  837. of available options under send, supersede, prepend, append refer to dhcp-options(5)

  838. 

  839. .. code-block:: yaml

  840. 

  841.      linux:

  842.        network:

  843.          dhclient:

  844.            enabled: true

  845.            backoff_cutoff: 15

  846.            initial_interval: 10

  847.            reboot: 10

  848.            retry: 60

  849.            select_timeout: 0

  850.            timeout: 120

  851.            send:

  852.              - option: host-name

  853.                declaration: "= gethostname()"

  854.            supersede:

  855.              - option: host-name

  856.                declaration: "spaceship"

  857.              - option: domain-name

  858.                declaration: "domain.home"

  859.              #- option: arp-cache-timeout

  860.              #  declaration: 20

  861.            prepend:

  862.              - option: domain-name-servers

  863.                declaration:

  864.                  - 8.8.8.8

  865.                  - 8.8.4.4

  866.              - option: domain-search

  867.                declaration:

  868.                  - example.com

  869.                  - eng.example.com

  870.            #append:

  871.              #- option: domain-name-servers

  872.              #  declaration: 127.0.0.1

  873.            # ip or subnet to reject dhcp offer from

  874.            reject:

  875.              - 192.33.137.209

  876.              - 10.0.2.0/24

  877.            request:

  878.              - subnet-mask

  879.              - broadcast-address

  880.              - time-offset

  881.              - routers

  882.              - domain-name

  883.              - domain-name-servers

  884.              - domain-search

  885.              - host-name

  886.              - dhcp6.name-servers

  887.              - dhcp6.domain-search

  888.              - dhcp6.fqdn

  889.              - dhcp6.sntp-servers

  890.              - netbios-name-servers

  891.              - netbios-scope

  892.              - interface-mtu

  893.              - rfc3442-classless-static-routes

  894.              - ntp-servers

  895.            require:

  896.              - subnet-mask

  897.              - domain-name-servers

  898.            # if per interface configuration required add below

  899.            interface:

  900.              ens2:

  901.                initial_interval: 11

  902.                reject:

  903.                  - 192.33.137.210

  904.              ens3:

  905.                initial_interval: 12

  906.                reject:

  907.                  - 192.33.137.211

  908. 

  909. 

  910. Configure global environment variables

  911. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  912. 

  913. Linux /etc/environment:

  914. ``/etc/environment`` is for static system wide variable assignment after boot. Variable expansion is frequently not supported.

  915. 

  916. .. code-block:: yaml

  917. 

  918.     linux:

  919.       system:

  920.         env:

  921.           BOB_VARIABLE: Alice

  922.           ...

  923.           BOB_PATH:

  924.             - /srv/alice/bin

  925.             - /srv/bob/bin

  926.           ...

  927.           ftp_proxy:   none

  928.           http_proxy:  http://global-http-proxy.host.local:8080

  929.           https_proxy: ${linux:system:proxy:https}

  930.           no_proxy:

  931.             - 192.168.0.80

  932.             - 192.168.1.80

  933.             - .domain.com

  934.             - .local

  935.         ...

  936.         # NOTE: global defaults proxy configuration.

  937.         proxy:

  938.           ftp:   ftp://proxy.host.local:2121

  939.           http:  http://proxy.host.local:3142

  940.           https: https://proxy.host.local:3143

  941.           noproxy:

  942.             - .domain.com

  943.             - .local

  944. 

  945. Configure profile.d scripts

  946. ~~~~~~~~~~~~~~~~~~~~~~~~~~~

  947. 

  948. Linux /etc/profile.d:

  949. The profile.d scripts are being sourced during .sh execution and support variable expansion in opposite to /etc/environment

  950. global settings in ``/etc/environment``.

  951. 

  952. .. code-block:: yaml

  953. 

  954.     linux:

  955.       system:

  956.         profile:

  957.           locales: |

  958.             export LANG=C

  959.             export LC_ALL=C

  960.           ...

  961.           vi_flavors.sh: |

  962.             export PAGER=view

  963.             export EDITOR=vim

  964.             alias vi=vim

  965.           shell_locales.sh: |

  966.             export LANG=en_US

  967.             export LC_ALL=en_US.UTF-8

  968.           shell_proxies.sh: |

  969.             export FTP_PROXY=ftp://127.0.3.3:2121

  970.             export NO_PROXY='.local'

  971. 

  972. Linux with hosts

  973. ~~~~~~~~~~~~~~~~

  974. 

  975. Parameter purge_hosts will enforce whole /etc/hosts file, removing entries

  976. that are not defined in model except defaults for both IPv4 and IPv6 localhost

  977. and hostname + fqdn.

  978. It's good to use this option if you want to ensure /etc/hosts is always in a

  979. clean state however it's not enabled by default for safety.

  980. 

  981. .. code-block:: yaml

  982. 

  983.     linux:

  984.       network:

  985.         ...

  986.         purge_hosts: true

  987.         host:

  988.           # No need to define this one if purge_hosts is true

  989.           hostname:

  990.             address: 127.0.1.1

  991.             names:

  992.             - ${linux:network:fqdn}

  993.             - ${linux:network:hostname}

  994.           node1:

  995.             address: 192.168.10.200

  996.             names:

  997.             - node2.domain.com

  998.             - service2.domain.com

  999.           node2:

  1000.             address: 192.168.10.201

  1001.             names:

  1002.             - node2.domain.com

  1003.             - service2.domain.com

  1004. 

  1005. 

  1006. Setup resolv.conf, nameservers, domain and search domains

  1007. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  1008. 

  1009. .. code-block:: yaml

  1010. 

  1011.     linux:

  1012.       network:

  1013.         resolv:

  1014.           dns:

  1015.           - 8.8.4.4

  1016.           - 8.8.8.8

  1017.           domain: my.example.com

  1018.           search:

  1019.           - my.example.com

  1020.           - example.com

  1021.           options:

  1022.           - ndots: 5

  1023.           - timeout: 2

  1024.           - attempts: 2

  1025. 

  1026. **setting custom TX queue length for tap interfaces**

  1027. 

  1028. .. code-block:: yaml

  1029. 

  1030.     linux:

  1031.       network:

  1032.         tap_custom_txqueuelen: 10000

  1033. 

  1034. DPDK OVS interfaces

  1035. --------------------

  1036. 

  1037. **DPDK OVS NIC**

  1038. 

  1039. .. code-block:: yaml

  1040. 

  1041.     linux:

  1042.       network:

  1043.         bridge: openvswitch

  1044.         dpdk:

  1045.           enabled: true

  1046.           driver: uio/vfio-pci

  1047.         openvswitch:

  1048.           pmd_cpu_mask: "0x6"

  1049.           dpdk_socket_mem: "1024,1024"

  1050.           dpdk_lcore_mask: "0x400"

  1051.           memory_channels: 2

  1052.         interface:

  1053.           dpkd0:

  1054.             name: ${_param:dpdk_nic}

  1055.             pci: 0000:06:00.0

  1056.             driver: igb_uio/vfio

  1057.             enabled: true

  1058.             type: dpdk_ovs_port

  1059.             n_rxq: 2

  1060.             pmd_rxq_affinity: "0:1,1:2"

  1061.             bridge: br-prv

  1062.             mtu: 9000

  1063.           br-prv:

  1064.             enabled: true

  1065.             type: dpdk_ovs_bridge

  1066. 

  1067. **DPDK OVS Bond**

  1068. 

  1069. .. code-block:: yaml

  1070. 

  1071.     linux:

  1072.       network:

  1073.         bridge: openvswitch

  1074.         dpdk:

  1075.           enabled: true

  1076.           driver: uio/vfio-pci

  1077.         openvswitch:

  1078.           pmd_cpu_mask: "0x6"

  1079.           dpdk_socket_mem: "1024,1024"

  1080.           dpdk_lcore_mask: "0x400"

  1081.           memory_channels: 2

  1082.         interface:

  1083.           dpdk_second_nic:

  1084.             name: ${_param:primary_second_nic}

  1085.             pci: 0000:06:00.0

  1086.             driver: igb_uio/vfio

  1087.             bond: dpdkbond0

  1088.             enabled: true

  1089.             type: dpdk_ovs_port

  1090.             n_rxq: 2

  1091.             pmd_rxq_affinity: "0:1,1:2"

  1092.             mtu: 9000

  1093.           dpdk_first_nic:

  1094.             name: ${_param:primary_first_nic}

  1095.             pci: 0000:05:00.0

  1096.             driver: igb_uio/vfio

  1097.             bond: dpdkbond0

  1098.             enabled: true

  1099.             type: dpdk_ovs_port

  1100.             n_rxq: 2

  1101.             pmd_rxq_affinity: "0:1,1:2"

  1102.             mtu: 9000

  1103.           dpdkbond0:

  1104.             enabled: true

  1105.             bridge: br-prv

  1106.             type: dpdk_ovs_bond

  1107.             mode: active-backup

  1108.           br-prv:

  1109.             enabled: true

  1110.             type: dpdk_ovs_bridge

  1111. 

  1112. **DPDK OVS bridge for VXLAN**

  1113. 

  1114. If VXLAN is used as tenant segmentation then ip address must be set on br-prv

  1115. 

  1116. .. code-block:: yaml

  1117. 

  1118.     linux:

  1119.       network:

  1120.         ...

  1121.         interface:

  1122.           br-prv:

  1123.             enabled: true

  1124.             type: dpdk_ovs_bridge

  1125.             address: 192.168.50.0

  1126.             netmask: 255.255.255.0

  1127.             mtu: 9000

  1128. 

  1129. Linux storage

  1130. -------------

  1131. 

  1132. Linux with mounted Samba

  1133. 

  1134. .. code-block:: yaml

  1135. 

  1136.     linux:

  1137.       storage:

  1138.         enabled: true

  1139.         mount:

  1140.           samba1:

  1141.           - enabled: true

  1142.           - path: /media/myuser/public/

  1143.           - device: //192.168.0.1/storage

  1144.           - file_system: cifs

  1145.           - options: guest,uid=myuser,iocharset=utf8,file_mode=0777,dir_mode=0777,noperm

  1146. 

  1147. NFS mount

  1148. 

  1149. .. code-block:: yaml

  1150. 

  1151.   linux:

  1152.     storage:

  1153.       enabled: true

  1154.       mount:

  1155.         nfs_glance:

  1156.           enabled: true

  1157.           path: /var/lib/glance/images

  1158.           device: 172.16.10.110:/var/nfs/glance

  1159.           file_system: nfs

  1160.           opts: rw,sync

  1161. 

  1162. 

  1163. File swap configuration

  1164. 

  1165. .. code-block:: yaml

  1166. 

  1167.     linux:

  1168.       storage:

  1169.         enabled: true

  1170.         swap:

  1171.           file:

  1172.             enabled: true

  1173.             engine: file

  1174.             device: /swapfile

  1175.             size: 1024

  1176. 

  1177. Partition swap configuration

  1178. 

  1179. .. code-block:: yaml

  1180. 

  1181.     linux:

  1182.       storage:

  1183.         enabled: true

  1184.         swap:

  1185.           partition:

  1186.             enabled: true

  1187.             engine: partition

  1188.             device: /dev/vg0/swap

  1189. 

  1190. LVM group `vg1` with one device and `data` volume mounted into `/mnt/data`

  1191. 

  1192. .. code-block:: yaml

  1193. 

  1194.     parameters:

  1195.       linux:

  1196.         storage:

  1197.           mount:

  1198.             data:

  1199.               enabled: true

  1200.               device: /dev/vg1/data

  1201.               file_system: ext4

  1202.               path: /mnt/data

  1203.           lvm:

  1204.             vg1:

  1205.               enabled: true

  1206.               devices:

  1207.                 - /dev/sdb

  1208.               volume:

  1209.                 data:

  1210.                   size: 40G

  1211.                   mount: ${linux:storage:mount:data}

  1212. 

  1213. 

  1214. Multipath with Fujitsu Eternus DXL

  1215. 

  1216. .. code-block:: yaml

  1217. 

  1218.     parameters:

  1219.       linux:

  1220.         storage:

  1221.           multipath:

  1222.             enabled: true

  1223.             blacklist_devices:

  1224.             - /dev/sda

  1225.             - /dev/sdb

  1226.             backends:

  1227.             - fujitsu_eternus_dxl

  1228. 

  1229. Multipath with Hitachi VSP 1000

  1230. 

  1231. .. code-block:: yaml

  1232. 

  1233.     parameters:

  1234.       linux:

  1235.         storage:

  1236.           multipath:

  1237.             enabled: true

  1238.             blacklist_devices:

  1239.             - /dev/sda

  1240.             - /dev/sdb

  1241.             backends:

  1242.             - hitachi_vsp1000

  1243. 

  1244. Multipath with IBM Storwize

  1245. 

  1246. .. code-block:: yaml

  1247. 

  1248.     parameters:

  1249.       linux:

  1250.         storage:

  1251.           multipath:

  1252.             enabled: true

  1253.             blacklist_devices:

  1254.             - /dev/sda

  1255.             - /dev/sdb

  1256.             backends:

  1257.             - ibm_storwize

  1258. 

  1259. Multipath with multiple backends

  1260. 

  1261. .. code-block:: yaml

  1262. 

  1263.     parameters:

  1264.       linux:

  1265.         storage:

  1266.           multipath:

  1267.             enabled: true

  1268.             blacklist_devices:

  1269.             - /dev/sda

  1270.             - /dev/sdb

  1271.             - /dev/sdc

  1272.             - /dev/sdd

  1273.             backends:

  1274.             - ibm_storwize

  1275.             - fujitsu_eternus_dxl

  1276.             - hitachi_vsp1000

  1277. 

  1278. Disabled multipath (the default setup)

  1279. 

  1280. .. code-block:: yaml

  1281. 

  1282.     parameters:

  1283.       linux:

  1284.         storage:

  1285.           multipath:

  1286.             enabled: false

  1287. 

  1288. Linux with local loopback device

  1289. 

  1290. .. code-block:: yaml

  1291. 

  1292.     linux:

  1293.       storage:

  1294.         loopback:

  1295.           disk1:

  1296.             file: /srv/disk1

  1297.             size: 50G

  1298. 

  1299. External config generation

  1300. --------------------------

  1301. 

  1302. You are able to use config support metadata between formulas and only generate

  1303. config files for external use, eg. docker, etc.

  1304. 

  1305. .. code-block:: yaml

  1306. 

  1307.     parameters:

  1308.       linux:

  1309.         system:

  1310.           config:

  1311.             pillar:

  1312.               jenkins:

  1313.                 master:

  1314.                   home: /srv/volumes/jenkins

  1315.                   approved_scripts:

  1316.                     - method java.net.URL openConnection

  1317.                   credentials:

  1318.                     - type: username_password

  1319.                       scope: global

  1320.                       id: test

  1321.                       desc: Testing credentials

  1322.                       username: test

  1323.                       password: test

  1324. 

  1325. Netconsole Remote Kernel Logging

  1326. --------------------------------

  1327. 

  1328. Netconsole logger could be configured for configfs-enabled kernels

  1329. (`CONFIG_NETCONSOLE_DYNAMIC` should be enabled). Configuration applies both in

  1330. runtime (if network is already configured), and on-boot after interface

  1331. initialization. Notes:

  1332. 

  1333.  * receiver could be located only in same L3 domain

  1334.    (or you need to configure gateway MAC manually)

  1335.  * receiver's MAC is detected only on configuration time

  1336.  * using broadcast MAC is not recommended

  1337. 

  1338. .. code-block:: yaml

  1339. 

  1340.     parameters:

  1341.       linux:

  1342.         system:

  1343.           netconsole:

  1344.             enabled: true

  1345.             port: 514 (optional)

  1346.             loglevel: debug (optional)

  1347.             target:

  1348.               192.168.0.1:

  1349.                 interface: bond0

  1350.                 mac: "ff:ff:ff:ff:ff:ff" (optional)

  1351. 

  1352. Usage

  1353. =====

  1354. 

  1355. Set mtu of network interface eth0 to 1400

  1356. 

  1357. .. code-block:: bash

  1358. 

  1359.     ip link set dev eth0 mtu 1400

  1360. 

  1361. Read more

  1362. =========

  1363. 

  1364. * https://www.archlinux.org/

  1365. * http://askubuntu.com/questions/175172/how-do-i-configure-proxies-in-ubuntu-server-or-minimal-cli-ubuntu

  1366. 

  1367. Documentation and Bugs

  1368. ======================

  1369. 

  1370. To learn how to install and update salt-formulas, consult the documentation

  1371. available online at:

  1372. 

  1373.     http://salt-formulas.readthedocs.io/

  1374. 

  1375. In the unfortunate event that bugs are discovered, they should be reported to

  1376. the appropriate issue tracker. Use Github issue tracker for specific salt

  1377. formula:

  1378. 

  1379.     https://github.com/salt-formulas/salt-formula-linux/issues

  1380. 

  1381. For feature requests, bug reports or blueprints affecting entire ecosystem,

  1382. use Launchpad salt-formulas project:

  1383. 

  1384.     https://launchpad.net/salt-formulas

  1385. 

  1386. You can also join salt-formulas-users team and subscribe to mailing list:

  1387. 

  1388.     https://launchpad.net/~salt-formulas-users

  1389. 

  1390. Developers wishing to work on the salt-formulas projects should always base

  1391. their work on master branch and submit pull request against specific formula.

  1392. 

  1393.     https://github.com/salt-formulas/salt-formula-linux

  1394. 

  1395. Any questions or feedback is always welcome so feel free to join our IRC

  1396. channel:

  1397. 

  1398.     #salt-formulas @ irc.freenode.net