Saltstack Official Linux Formula
Você não pode selecionar mais de 25 tópicos Os tópicos devem começar com uma letra ou um número, podem incluir traços ('-') e podem ter até 35 caracteres.

7 anos atrás
9 anos atrás
7 anos atrás
9 anos atrás
7 anos atrás
9 anos atrás
9 anos atrás
9 anos atrás
9 anos atrás
7 anos atrás
7 anos atrás
9 anos atrás
9 anos atrás
9 anos atrás
9 anos atrás
8 anos atrás
8 anos atrás
8 anos atrás
8 anos atrás
9 anos atrás
9 anos atrás
9 anos atrás
9 anos atrás
9 anos atrás
9 anos atrás
9 anos atrás
9 anos atrás
9 anos atrás
9 anos atrás
9 anos atrás
9 anos atrás
9 anos atrás
9 anos atrás
9 anos atrás
9 anos atrás
9 anos atrás
9 anos atrás
7 anos atrás
9 anos atrás
9 anos atrás
9 anos atrás
9 anos atrás
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731
  1. ============
  2. Linux Fomula
  3. ============
  4. Linux Operating Systems.
  5. * Ubuntu
  6. * CentOS
  7. * RedHat
  8. * Fedora
  9. * Arch
  10. Sample Pillars
  11. ==============
  12. Linux System
  13. ------------
  14. Basic Linux box
  15. .. code-block:: yaml
  16. linux:
  17. system:
  18. enabled: true
  19. name: 'node1'
  20. domain: 'domain.com'
  21. cluster: 'system'
  22. environment: prod
  23. timezone: 'Europe/Prague'
  24. utc: true
  25. Linux with system users, some with password set:
  26. .. WARNING::
  27. If no 'password' variable has been passed - any predifined password
  28. will be removed.
  29. .. code-block:: yaml
  30. linux:
  31. system:
  32. ...
  33. user:
  34. jdoe:
  35. name: 'jdoe'
  36. enabled: true
  37. sudo: true
  38. shell: /bin/bash
  39. full_name: 'Jonh Doe'
  40. home: '/home/jdoe'
  41. email: 'jonh@doe.com'
  42. jsmith:
  43. name: 'jsmith'
  44. enabled: true
  45. full_name: 'With clear password'
  46. home: '/home/jsmith'
  47. hash_password: true
  48. password: "userpassword"
  49. mark:
  50. name: 'mark'
  51. enabled: true
  52. full_name: "unchange password'
  53. home: '/home/mark'
  54. password: false
  55. elizabeth:
  56. name: 'elizabeth'
  57. enabled: true
  58. full_name: 'With hased password'
  59. home: '/home/elizabeth'
  60. password: "$6$nUI7QEz3$dFYjzQqK5cJ6HQ38KqG4gTWA9eJu3aKx6TRVDFh6BVJxJgFWg2akfAA7f1fCxcSUeOJ2arCO6EEI6XXnHXxG10"
  61. Configure sudo for users and groups under ``/etc/sudoers.d/``.
  62. This ways ``linux.system.sudo`` pillar map to actual sudo attributes:
  63. .. code-block:: jinja
  64. # simplified template:
  65. Cmds_Alias {{ alias }}={{ commands }}
  66. {{ user }} {{ hosts }}=({{ runas }}) NOPASSWD: {{ commands }}
  67. %{{ group }} {{ hosts }}=({{ runas }}) NOPASSWD: {{ commands }}
  68. # when rendered:
  69. saltuser1 ALL=(ALL) NOPASSWD: ALL
  70. .. code-block:: yaml
  71. linux:
  72. system:
  73. sudo:
  74. enabled: true
  75. aliases:
  76. host:
  77. LOCAL:
  78. - localhost
  79. PRODUCTION:
  80. - db1
  81. - db2
  82. runas:
  83. DBA:
  84. - postgres
  85. - mysql
  86. SALT:
  87. - root
  88. command:
  89. # Note: This is not 100% safe when ALL keyword is used, user still may modify configs and hide his actions.
  90. # Best practice is to specify full list of commands user is allowed to run.
  91. SUPPORT_RESTRICTED:
  92. - /bin/vi /etc/sudoers*
  93. - /bin/vim /etc/sudoers*
  94. - /bin/nano /etc/sudoers*
  95. - /bin/emacs /etc/sudoers*
  96. - /bin/su - root
  97. - /bin/su -
  98. - /bin/su
  99. - /usr/sbin/visudo
  100. SUPPORT_SHELLS:
  101. - /bin/sh
  102. - /bin/ksh
  103. - /bin/bash
  104. - /bin/rbash
  105. - /bin/dash
  106. - /bin/zsh
  107. - /bin/csh
  108. - /bin/fish
  109. - /bin/tcsh
  110. - /usr/bin/login
  111. - /usr/bin/su
  112. - /usr/su
  113. ALL_SALT_SAFE:
  114. - /usr/bin/salt state*
  115. - /usr/bin/salt service*
  116. - /usr/bin/salt pillar*
  117. - /usr/bin/salt grains*
  118. - /usr/bin/salt saltutil*
  119. - /usr/bin/salt-call state*
  120. - /usr/bin/salt-call service*
  121. - /usr/bin/salt-call pillar*
  122. - /usr/bin/salt-call grains*
  123. - /usr/bin/salt-call saltutil*
  124. SALT_TRUSTED:
  125. - /usr/bin/salt*
  126. users:
  127. # saltuser1 with default values: saltuser1 ALL=(ALL) NOPASSWD: ALL
  128. saltuser1: {}
  129. saltuser2:
  130. hosts:
  131. - LOCAL
  132. # User Alias DBA
  133. DBA:
  134. hosts:
  135. - ALL
  136. commands:
  137. - ALL_SALT_SAFE
  138. groups:
  139. db-ops:
  140. hosts:
  141. - ALL
  142. - '!PRODUCTION'
  143. runas:
  144. - DBA
  145. commands:
  146. - /bin/cat *
  147. - /bin/less *
  148. - /bin/ls *
  149. salt-ops:
  150. hosts:
  151. - 'ALL'
  152. runas:
  153. - SALT
  154. commands:
  155. - SUPPORT_SHELLS
  156. salt-ops-2nd:
  157. name: salt-ops
  158. nopasswd: false
  159. setenv: true # Enable sudo -E option
  160. runas:
  161. - DBA
  162. commands:
  163. - ALL
  164. - '!SUPPORT_SHELLS'
  165. - '!SUPPORT_RESTRICTED'
  166. Linux with package, latest version
  167. .. code-block:: yaml
  168. linux:
  169. system:
  170. ...
  171. package:
  172. package-name:
  173. version: latest
  174. Linux with package from certail repo, version with no upgrades
  175. .. code-block:: yaml
  176. linux:
  177. system:
  178. ...
  179. package:
  180. package-name:
  181. version: 2132.323
  182. repo: 'custom-repo'
  183. hold: true
  184. Linux with package from certail repo, version with no GPG verification
  185. .. code-block:: yaml
  186. linux:
  187. system:
  188. ...
  189. package:
  190. package-name:
  191. version: 2132.323
  192. repo: 'custom-repo'
  193. verify: false
  194. Linux with autoupdates (automatically install security package updates)
  195. .. code-block:: yaml
  196. linux:
  197. system:
  198. ...
  199. autoupdates:
  200. enabled: true
  201. mail: root@localhost
  202. mail_only_on_error: true
  203. remove_unused_dependencies: false
  204. automatic_reboot: true
  205. automatic_reboot_time: "02:00"
  206. Linux with cron jobs
  207. By default it will use name as an identifier, unless identifier key is
  208. explicitly set or False (then it will use Salt's default behavior which is
  209. identifier same as command resulting in not being able to change it)
  210. .. code-block:: yaml
  211. linux:
  212. system:
  213. ...
  214. job:
  215. cmd1:
  216. command: '/cmd/to/run'
  217. identifier: cmd1
  218. enabled: true
  219. user: 'root'
  220. hour: 2
  221. minute: 0
  222. Linux security limits (limit sensu user memory usage to max 1GB):
  223. .. code-block:: yaml
  224. linux:
  225. system:
  226. ...
  227. limit:
  228. sensu:
  229. enabled: true
  230. domain: sensu
  231. limits:
  232. - type: hard
  233. item: as
  234. value: 1000000
  235. Enable autologin on tty1 (may work only for Ubuntu 14.04):
  236. .. code-block:: yaml
  237. linux:
  238. system:
  239. console:
  240. tty1:
  241. autologin: root
  242. # Enable serial console
  243. ttyS0:
  244. autologin: root
  245. rate: 115200
  246. term: xterm
  247. To disable set autologin to `false`.
  248. Set ``policy-rc.d`` on Debian-based systems. Action can be any available
  249. command in ``while true`` loop and ``case`` context.
  250. Following will disallow dpkg to stop/start services for cassandra package automatically:
  251. .. code-block:: yaml
  252. linux:
  253. system:
  254. policyrcd:
  255. - package: cassandra
  256. action: exit 101
  257. - package: '*'
  258. action: switch
  259. Set system locales:
  260. .. code-block:: yaml
  261. linux:
  262. system:
  263. locale:
  264. en_US.UTF-8:
  265. default: true
  266. "cs_CZ.UTF-8 UTF-8":
  267. enabled: true
  268. Systemd settings:
  269. .. code-block:: yaml
  270. linux:
  271. system:
  272. ...
  273. systemd:
  274. system:
  275. Manager:
  276. DefaultLimitNOFILE: 307200
  277. DefaultLimitNPROC: 307200
  278. user:
  279. Manager:
  280. DefaultLimitCPU: 2
  281. DefaultLimitNPROC: 4
  282. Ensure presence of directory:
  283. .. code-block:: yaml
  284. linux:
  285. system:
  286. directory:
  287. /tmp/test:
  288. user: root
  289. group: root
  290. mode: 700
  291. makedirs: true
  292. Kernel
  293. ~~~~~~
  294. Install always up to date LTS kernel and headers from Ubuntu trusty:
  295. .. code-block:: yaml
  296. linux:
  297. system:
  298. kernel:
  299. type: generic
  300. lts: trusty
  301. headers: true
  302. Load kernel modules and add them to `/etc/modules`:
  303. .. code-block:: yaml
  304. linux:
  305. system:
  306. kernel:
  307. modules:
  308. - nf_conntrack
  309. - tp_smapi
  310. - 8021q
  311. Configure or blacklist kernel modules with additional options to `/etc/modprobe.d` following example
  312. will add `/etc/modprobe.d/nf_conntrack.conf` file with line `options nf_conntrack hashsize=262144`:
  313. .. code-block:: yaml
  314. linux:
  315. system:
  316. kernel:
  317. module:
  318. nf_conntrack:
  319. option:
  320. hashsize: 262144
  321. Install specific kernel version and ensure all other kernel packages are
  322. not present. Also install extra modules and headers for this kernel:
  323. .. code-block:: yaml
  324. linux:
  325. system:
  326. kernel:
  327. type: generic
  328. extra: true
  329. headers: true
  330. version: 4.2.0-22
  331. Systcl kernel parameters
  332. .. code-block:: yaml
  333. linux:
  334. system:
  335. kernel:
  336. sysctl:
  337. net.ipv4.tcp_keepalive_intvl: 3
  338. net.ipv4.tcp_keepalive_time: 30
  339. net.ipv4.tcp_keepalive_probes: 8
  340. CPU
  341. ~~~
  342. Enable cpufreq governor for every cpu:
  343. .. code-block:: yaml
  344. linux:
  345. system:
  346. cpu:
  347. governor: performance
  348. CGROUPS
  349. ~~~~~~~
  350. Setup linux cgroups:
  351. .. code-block:: yaml
  352. linux:
  353. system:
  354. cgroup:
  355. enabled: true
  356. group:
  357. ceph_group_1:
  358. controller:
  359. cpu:
  360. shares:
  361. value: 250
  362. cpuacct:
  363. usage:
  364. value: 0
  365. cpuset:
  366. cpus:
  367. value: 1,2,3
  368. memory:
  369. limit_in_bytes:
  370. value: 2G
  371. memsw.limit_in_bytes:
  372. value: 3G
  373. mapping:
  374. subjects:
  375. - '@ceph'
  376. generic_group_1:
  377. controller:
  378. cpu:
  379. shares:
  380. value: 250
  381. cpuacct:
  382. usage:
  383. value: 0
  384. mapping:
  385. subjects:
  386. - '*:firefox'
  387. - 'student:cp'
  388. Shared Libraries
  389. ~~~~~~~~~~~~~~~~
  390. Set additional shared library to Linux system library path
  391. .. code-block:: yaml
  392. linux:
  393. system:
  394. ld:
  395. library:
  396. java:
  397. - /usr/lib/jvm/jre-openjdk/lib/amd64/server
  398. - /opt/java/jre/lib/amd64/server
  399. Certificates
  400. ~~~~~~~~~~~~
  401. Add certificate authority into system trusted CA bundle
  402. .. code-block:: yaml
  403. linux:
  404. system:
  405. ca_certificates:
  406. mycert: |
  407. -----BEGIN CERTIFICATE-----
  408. MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG
  409. A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
  410. cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2
  411. MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV
  412. BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt
  413. YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
  414. ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE
  415. BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is
  416. I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G
  417. CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do
  418. lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc
  419. AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k
  420. -----END CERTIFICATE-----
  421. Sysfs
  422. ~~~~~
  423. Install sysfsutils and set sysfs attributes:
  424. .. code-block:: yaml
  425. linux:
  426. system:
  427. sysfs:
  428. scheduler:
  429. block/sda/queue/scheduler: deadline
  430. power:
  431. mode:
  432. power/state: 0660
  433. owner:
  434. power/state: "root:power"
  435. devices/system/cpu/cpu0/cpufreq/scaling_governor: powersave
  436. Huge Pages
  437. ~~~~~~~~~~~~
  438. Huge Pages give a performance boost to applications that intensively deal
  439. with memory allocation/deallocation by decreasing memory fragmentation.
  440. .. code-block:: yaml
  441. linux:
  442. system:
  443. kernel:
  444. hugepages:
  445. small:
  446. size: 2M
  447. count: 107520
  448. mount_point: /mnt/hugepages_2MB
  449. mount: false/true # default false
  450. large:
  451. default: true # default automatically mounted
  452. size: 1G
  453. count: 210
  454. mount_point: /mnt/hugepages_1GB
  455. Note: not recommended to use both pagesizes in concurrently.
  456. Intel SR-IOV
  457. ~~~~~~~~~~~~
  458. PCI-SIG Single Root I/O Virtualization and Sharing (SR-IOV) specification defines a standardized mechanism to virtualize PCIe devices. The mechanism can virtualize a single PCIe Ethernet controller to appear as multiple PCIe devices.
  459. .. code-block:: yaml
  460. linux:
  461. system:
  462. kernel:
  463. sriov: True
  464. unsafe_interrupts: False # Default is false. for older platforms and AMD we need to add interrupt remapping workaround
  465. rc:
  466. local: |
  467. #!/bin/sh -e
  468. # Enable 7 VF on eth1
  469. echo 7 > /sys/class/net/eth1/device/sriov_numvfs; sleep 2; ifup -a
  470. exit 0
  471. Isolate CPU options
  472. ~~~~~~~~~~~~~~~~~~~
  473. Remove the specified CPUs, as defined by the cpu_number values, from the general kernel
  474. SMP balancing and scheduler algroithms. The only way to move a process onto or off an
  475. "isolated" CPU is via the CPU affinity syscalls. cpu_number begins at 0, so the
  476. maximum value is 1 less than the number of CPUs on the system.
  477. .. code-block:: yaml
  478. linux:
  479. system:
  480. kernel:
  481. isolcpu: 1,2,3,4,5,6,7 # isolate first cpu 0
  482. Repositories
  483. ~~~~~~~~~~~~
  484. RedHat based Linux with additional OpenStack repo
  485. .. code-block:: yaml
  486. linux:
  487. system:
  488. ...
  489. repo:
  490. rdo-icehouse:
  491. enabled: true
  492. source: 'http://repos.fedorapeople.org/repos/openstack/openstack-icehouse/epel-6/'
  493. pgpcheck: 0
  494. Ensure system repository to use czech Debian mirror (``default: true``)
  495. Also pin it's packages with priority 900.
  496. .. code-block:: yaml
  497. linux:
  498. system:
  499. repo:
  500. debian:
  501. default: true
  502. source: "deb http://ftp.cz.debian.org/debian/ jessie main contrib non-free"
  503. # Import signing key from URL if needed
  504. key_url: "http://dummy.com/public.gpg"
  505. pin:
  506. - pin: 'origin "ftp.cz.debian.org"'
  507. priority: 900
  508. package: '*'
  509. Package manager proxy setup globally:
  510. .. code-block:: yaml
  511. linux:
  512. system:
  513. ...
  514. repo:
  515. apt-mk:
  516. source: "deb http://apt-mk.mirantis.com/ stable main salt"
  517. ...
  518. proxy:
  519. pkg:
  520. enabled: true
  521. ftp: ftp://ftp-proxy-for-apt.host.local:2121
  522. ...
  523. # NOTE: Global defaults for any other componet that configure proxy on the system.
  524. # If your environment has just one simple proxy, set it on linux:system:proxy.
  525. #
  526. # fall back system defaults if linux:system:proxy:pkg has no protocol specific entries
  527. # as for https and http
  528. ftp: ftp://proxy.host.local:2121
  529. http: http://proxy.host.local:3142
  530. https: https://proxy.host.local:3143
  531. Package manager proxy setup per repository:
  532. .. code-block:: yaml
  533. linux:
  534. system:
  535. ...
  536. repo:
  537. debian:
  538. source: "deb http://apt-mk.mirantis.com/ stable main salt"
  539. ...
  540. apt-mk:
  541. source: "deb http://apt-mk.mirantis.com/ stable main salt"
  542. # per repository proxy
  543. proxy:
  544. enabled: true
  545. http: http://maas-01:8080
  546. https: http://maas-01:8080
  547. ...
  548. proxy:
  549. # package manager fallback defaults
  550. # used if linux:system:repo:apt-mk:proxy has no protocol specific entries
  551. pkg:
  552. enabled: true
  553. ftp: ftp://proxy.host.local:2121
  554. #http: http://proxy.host.local:3142
  555. #https: https://proxy.host.local:3143
  556. ...
  557. # global system fallback system defaults
  558. ftp: ftp://proxy.host.local:2121
  559. http: http://proxy.host.local:3142
  560. https: https://proxy.host.local:3143
  561. Remove all repositories:
  562. .. code-block:: yaml
  563. linux:
  564. system:
  565. purge_repos: true
  566. Setup custom apt config options:
  567. .. code-block:: yaml
  568. linux:
  569. system:
  570. apt:
  571. config:
  572. compression-workaround:
  573. "Acquire::CompressionTypes::Order": "gz"
  574. docker-clean:
  575. "DPkg::Post-Invoke":
  576. - "rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true"
  577. "APT::Update::Post-Invoke":
  578. - "rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true"
  579. RC
  580. ~~
  581. rc.local example
  582. .. code-block:: yaml
  583. linux:
  584. system:
  585. rc:
  586. local: |
  587. #!/bin/sh -e
  588. #
  589. # rc.local
  590. #
  591. # This script is executed at the end of each multiuser runlevel.
  592. # Make sure that the script will "exit 0" on success or any other
  593. # value on error.
  594. #
  595. # In order to enable or disable this script just change the execution
  596. # bits.
  597. #
  598. # By default this script does nothing.
  599. exit 0
  600. Prompt
  601. ~~~~~~
  602. Setting prompt is implemented by creating ``/etc/profile.d/prompt.sh``. Every
  603. user can have different prompt.
  604. .. code-block:: yaml
  605. linux:
  606. system:
  607. prompt:
  608. root: \\n\\[\\033[0;37m\\]\\D{%y/%m/%d %H:%M:%S} $(hostname -f)\\[\\e[0m\\]\\n\\[\\e[1;31m\\][\\u@\\h:\\w]\\[\\e[0m\\]
  609. default: \\n\\D{%y/%m/%d %H:%M:%S} $(hostname -f)\\n[\\u@\\h:\\w]
  610. On Debian systems to set prompt system-wide it's necessary to remove setting
  611. PS1 in ``/etc/bash.bashrc`` and ``~/.bashrc`` (which comes from
  612. ``/etc/skel/.bashrc``). This formula will do this automatically, but will not
  613. touch existing user's ``~/.bashrc`` files except root.
  614. Bash
  615. ~~~~
  616. Fix bash configuration to preserve history across sessions (like ZSH does by
  617. default).
  618. .. code-block:: yaml
  619. linux:
  620. system:
  621. bash:
  622. preserve_history: true
  623. Message of the day
  624. ~~~~~~~~~~~~~~~~~~
  625. ``pam_motd`` from package ``update-motd`` is used for dynamic messages of the
  626. day. Setting custom motd will cleanup existing ones.
  627. .. code-block:: yaml
  628. linux:
  629. system:
  630. motd:
  631. - release: |
  632. #!/bin/sh
  633. [ -r /etc/lsb-release ] && . /etc/lsb-release
  634. if [ -z "$DISTRIB_DESCRIPTION" ] && [ -x /usr/bin/lsb_release ]; then
  635. # Fall back to using the very slow lsb_release utility
  636. DISTRIB_DESCRIPTION=$(lsb_release -s -d)
  637. fi
  638. printf "Welcome to %s (%s %s %s)\n" "$DISTRIB_DESCRIPTION" "$(uname -o)" "$(uname -r)" "$(uname -m)"
  639. - warning: |
  640. #!/bin/sh
  641. printf "This is [company name] network.\n"
  642. printf "Unauthorized access strictly prohibited.\n"
  643. Services
  644. ~~~~~~~~
  645. Stop and disable linux service:
  646. .. code-block:: yaml
  647. linux:
  648. system:
  649. service:
  650. apt-daily.timer:
  651. status: dead
  652. Possible status is dead (disable service by default), running (enable service by default), enabled, disabled.
  653. Linux with atop service:
  654. .. code-block:: yaml
  655. linux:
  656. system:
  657. atop:
  658. enabled: true
  659. interval: 20
  660. logpath: "/var/log/atop"
  661. outfile: "/var/log/atop/daily.log"
  662. RHEL / CentOS
  663. ^^^^^^^^^^^^^
  664. Unfortunately ``update-motd`` is currently not available for RHEL so there's
  665. no native support for dynamic motd.
  666. You can still set static one, only pillar structure differs:
  667. .. code-block:: yaml
  668. linux:
  669. system:
  670. motd: |
  671. This is [company name] network.
  672. Unauthorized access strictly prohibited.
  673. Haveged
  674. ~~~~~~~
  675. If you are running headless server and are low on entropy, it may be a good
  676. idea to setup Haveged.
  677. .. code-block:: yaml
  678. linux:
  679. system:
  680. haveged:
  681. enabled: true
  682. Linux network
  683. -------------
  684. Linux with network manager
  685. .. code-block:: yaml
  686. linux:
  687. network:
  688. enabled: true
  689. network_manager: true
  690. Linux with default static network interfaces, default gateway interface and DNS servers
  691. .. code-block:: yaml
  692. linux:
  693. network:
  694. enabled: true
  695. interface:
  696. eth0:
  697. enabled: true
  698. type: eth
  699. address: 192.168.0.102
  700. netmask: 255.255.255.0
  701. gateway: 192.168.0.1
  702. name_servers:
  703. - 8.8.8.8
  704. - 8.8.4.4
  705. mtu: 1500
  706. Linux with bonded interfaces and disabled NetworkManager
  707. .. code-block:: yaml
  708. linux:
  709. network:
  710. enabled: true
  711. interface:
  712. eth0:
  713. type: eth
  714. ...
  715. eth1:
  716. type: eth
  717. ...
  718. bond0:
  719. enabled: true
  720. type: bond
  721. address: 192.168.0.102
  722. netmask: 255.255.255.0
  723. mtu: 1500
  724. use_in:
  725. - interface: ${linux:interface:eth0}
  726. - interface: ${linux:interface:eth0}
  727. network_manager:
  728. disable: true
  729. Linux with vlan interface_params
  730. .. code-block:: yaml
  731. linux:
  732. network:
  733. enabled: true
  734. interface:
  735. vlan69:
  736. type: vlan
  737. use_interfaces:
  738. - interface: ${linux:interface:bond0}
  739. Linux with wireless interface parameters
  740. .. code-block:: yaml
  741. linux:
  742. network:
  743. enabled: true
  744. gateway: 10.0.0.1
  745. default_interface: eth0
  746. interface:
  747. wlan0:
  748. type: eth
  749. wireless:
  750. essid: example
  751. key: example_key
  752. security: wpa
  753. priority: 1
  754. Linux networks with routes defined
  755. .. code-block:: yaml
  756. linux:
  757. network:
  758. enabled: true
  759. gateway: 10.0.0.1
  760. default_interface: eth0
  761. interface:
  762. eth0:
  763. type: eth
  764. route:
  765. default:
  766. address: 192.168.0.123
  767. netmask: 255.255.255.0
  768. gateway: 192.168.0.1
  769. Native Linux Bridges
  770. .. code-block:: yaml
  771. linux:
  772. network:
  773. interface:
  774. eth1:
  775. enabled: true
  776. type: eth
  777. proto: manual
  778. up_cmds:
  779. - ip address add 0/0 dev $IFACE
  780. - ip link set $IFACE up
  781. down_cmds:
  782. - ip link set $IFACE down
  783. br-ex:
  784. enabled: true
  785. type: bridge
  786. address: ${linux:network:host:public_local:address}
  787. netmask: 255.255.255.0
  788. use_interfaces:
  789. - eth1
  790. OpenVswitch Bridges
  791. .. code-block:: yaml
  792. linux:
  793. network:
  794. bridge: openvswitch
  795. interface:
  796. eth1:
  797. enabled: true
  798. type: eth
  799. proto: manual
  800. up_cmds:
  801. - ip address add 0/0 dev $IFACE
  802. - ip link set $IFACE up
  803. down_cmds:
  804. - ip link set $IFACE down
  805. br-ex:
  806. enabled: true
  807. type: bridge
  808. address: ${linux:network:host:public_local:address}
  809. netmask: 255.255.255.0
  810. use_interfaces:
  811. - eth1
  812. br-prv:
  813. enabled: true
  814. type: ovs_bridge
  815. mtu: 65000
  816. br-ens7:
  817. enabled: true
  818. name: br-ens7
  819. type: ovs_bridge
  820. proto: manual
  821. mtu: 9000
  822. use_interfaces:
  823. - ens7
  824. patch-br-ens7-br-prv:
  825. enabled: true
  826. name: ens7-prv
  827. ovs_type: ovs_port
  828. type: ovs_port
  829. bridge: br-ens7
  830. port_type: patch
  831. peer: prv-ens7
  832. mtu: 65000
  833. patch-br-prv-br-ens7:
  834. enabled: true
  835. name: prv-ens7
  836. bridge: br-prv
  837. ovs_type: ovs_port
  838. type: ovs_port
  839. port_type: patch
  840. peer: ens7-prv
  841. mtu: 65000
  842. ens7:
  843. enabled: true
  844. name: ens7
  845. proto: manual
  846. ovs_port_type: OVSPort
  847. type: ovs_port
  848. ovs_bridge: br-ens7
  849. bridge: br-ens7
  850. Debian manual proto interfaces
  851. When you are changing interface proto from static in up state to manual, you
  852. may need to flush ip addresses. For example, if you want to use the interface
  853. and the ip on the bridge. This can be done by setting the ``ipflush_onchange``
  854. to true.
  855. .. code-block:: yaml
  856. linux:
  857. network:
  858. interface:
  859. eth1:
  860. enabled: true
  861. type: eth
  862. proto: manual
  863. mtu: 9100
  864. ipflush_onchange: true
  865. Debian static proto interfaces
  866. When you are changing interface proto from dhcp in up state to static, you
  867. may need to flush ip addresses and restart interface to assign ip address from a managed file.
  868. For example, if you want to use the interface and the ip on the bridge.
  869. This can be done by setting the ``ipflush_onchange`` with combination
  870. ``restart_on_ipflush`` param set to to true.
  871. .. code-block:: yaml
  872. linux:
  873. network:
  874. interface:
  875. eth1:
  876. enabled: true
  877. type: eth
  878. proto: static
  879. address: 10.1.0.22
  880. netmask: 255.255.255.0
  881. ipflush_onchange: true
  882. restart_on_ipflush: true
  883. Concatinating and removing interface files
  884. Debian based distributions have `/etc/network/interfaces.d/` directory, where
  885. you can store configuration of network interfaces in separate files. You can
  886. concatinate the files to the defined destination when needed, this operation
  887. removes the file from the `/etc/network/interfaces.d/`. If you just need to
  888. remove iface files, you can use the `remove_iface_files` key.
  889. .. code-block:: yaml
  890. linux:
  891. network:
  892. concat_iface_files:
  893. - src: '/etc/network/interfaces.d/50-cloud-init.cfg'
  894. dst: '/etc/network/interfaces'
  895. remove_iface_files:
  896. - '/etc/network/interfaces.d/90-custom.cfg'
  897. DHCP client configuration
  898. None of the keys is mandatory, include only those you really need. For full list
  899. of available options under send, supersede, prepend, append refer to dhcp-options(5)
  900. .. code-block:: yaml
  901. linux:
  902. network:
  903. dhclient:
  904. enabled: true
  905. backoff_cutoff: 15
  906. initial_interval: 10
  907. reboot: 10
  908. retry: 60
  909. select_timeout: 0
  910. timeout: 120
  911. send:
  912. - option: host-name
  913. declaration: "= gethostname()"
  914. supersede:
  915. - option: host-name
  916. declaration: "spaceship"
  917. - option: domain-name
  918. declaration: "domain.home"
  919. #- option: arp-cache-timeout
  920. # declaration: 20
  921. prepend:
  922. - option: domain-name-servers
  923. declaration:
  924. - 8.8.8.8
  925. - 8.8.4.4
  926. - option: domain-search
  927. declaration:
  928. - example.com
  929. - eng.example.com
  930. #append:
  931. #- option: domain-name-servers
  932. # declaration: 127.0.0.1
  933. # ip or subnet to reject dhcp offer from
  934. reject:
  935. - 192.33.137.209
  936. - 10.0.2.0/24
  937. request:
  938. - subnet-mask
  939. - broadcast-address
  940. - time-offset
  941. - routers
  942. - domain-name
  943. - domain-name-servers
  944. - domain-search
  945. - host-name
  946. - dhcp6.name-servers
  947. - dhcp6.domain-search
  948. - dhcp6.fqdn
  949. - dhcp6.sntp-servers
  950. - netbios-name-servers
  951. - netbios-scope
  952. - interface-mtu
  953. - rfc3442-classless-static-routes
  954. - ntp-servers
  955. require:
  956. - subnet-mask
  957. - domain-name-servers
  958. # if per interface configuration required add below
  959. interface:
  960. ens2:
  961. initial_interval: 11
  962. reject:
  963. - 192.33.137.210
  964. ens3:
  965. initial_interval: 12
  966. reject:
  967. - 192.33.137.211
  968. Linux network systemd settings:
  969. .. code-block:: yaml
  970. linux:
  971. network:
  972. ...
  973. systemd:
  974. link:
  975. 10-iface-dmz:
  976. Match:
  977. MACAddress: c8:5b:67:fa:1a:af
  978. OriginalName: eth0
  979. Link:
  980. Name: dmz0
  981. netdev:
  982. 20-bridge-dmz:
  983. match:
  984. name: dmz0
  985. network:
  986. mescription: bridge
  987. bridge: br-dmz0
  988. network:
  989. # works with lowercase, keys are by default capitalized
  990. 40-dhcp:
  991. match:
  992. name: '*'
  993. network:
  994. DHCP: yes
  995. Configure global environment variables
  996. Use ``/etc/environment`` for static system wide variable assignment after
  997. boot. Variable expansion is frequently not supported.
  998. .. code-block:: yaml
  999. linux:
  1000. system:
  1001. env:
  1002. BOB_VARIABLE: Alice
  1003. ...
  1004. BOB_PATH:
  1005. - /srv/alice/bin
  1006. - /srv/bob/bin
  1007. ...
  1008. ftp_proxy: none
  1009. http_proxy: http://global-http-proxy.host.local:8080
  1010. https_proxy: ${linux:system:proxy:https}
  1011. no_proxy:
  1012. - 192.168.0.80
  1013. - 192.168.1.80
  1014. - .domain.com
  1015. - .local
  1016. ...
  1017. # NOTE: global defaults proxy configuration.
  1018. proxy:
  1019. ftp: ftp://proxy.host.local:2121
  1020. http: http://proxy.host.local:3142
  1021. https: https://proxy.host.local:3143
  1022. noproxy:
  1023. - .domain.com
  1024. - .local
  1025. Configure profile.d scripts
  1026. The profile.d scripts are being sourced during .sh execution and support
  1027. variable expansion in opposite to /etc/environment global settings in
  1028. ``/etc/environment``.
  1029. .. code-block:: yaml
  1030. linux:
  1031. system:
  1032. profile:
  1033. locales: |
  1034. export LANG=C
  1035. export LC_ALL=C
  1036. ...
  1037. vi_flavors.sh: |
  1038. export PAGER=view
  1039. export EDITOR=vim
  1040. alias vi=vim
  1041. shell_locales.sh: |
  1042. export LANG=en_US
  1043. export LC_ALL=en_US.UTF-8
  1044. shell_proxies.sh: |
  1045. export FTP_PROXY=ftp://127.0.3.3:2121
  1046. export NO_PROXY='.local'
  1047. Linux with hosts
  1048. Parameter purge_hosts will enforce whole /etc/hosts file, removing entries
  1049. that are not defined in model except defaults for both IPv4 and IPv6 localhost
  1050. and hostname + fqdn.
  1051. It's good to use this option if you want to ensure /etc/hosts is always in a
  1052. clean state however it's not enabled by default for safety.
  1053. .. code-block:: yaml
  1054. linux:
  1055. network:
  1056. purge_hosts: true
  1057. host:
  1058. # No need to define this one if purge_hosts is true
  1059. hostname:
  1060. address: 127.0.1.1
  1061. names:
  1062. - ${linux:network:fqdn}
  1063. - ${linux:network:hostname}
  1064. node1:
  1065. address: 192.168.10.200
  1066. names:
  1067. - node2.domain.com
  1068. - service2.domain.com
  1069. node2:
  1070. address: 192.168.10.201
  1071. names:
  1072. - node2.domain.com
  1073. - service2.domain.com
  1074. Linux with hosts collected from mine
  1075. In this case all dns records defined within infrastrucuture will be passed to
  1076. local hosts records or any DNS server. Only hosts with `grain` parameter to
  1077. true will be propagated to the mine.
  1078. .. code-block:: yaml
  1079. linux:
  1080. network:
  1081. purge_hosts: true
  1082. mine_dns_records: true
  1083. host:
  1084. node1:
  1085. address: 192.168.10.200
  1086. grain: true
  1087. names:
  1088. - node2.domain.com
  1089. - service2.domain.com
  1090. Setup resolv.conf, nameservers, domain and search domains
  1091. .. code-block:: yaml
  1092. linux:
  1093. network:
  1094. resolv:
  1095. dns:
  1096. - 8.8.4.4
  1097. - 8.8.8.8
  1098. domain: my.example.com
  1099. search:
  1100. - my.example.com
  1101. - example.com
  1102. options:
  1103. - ndots: 5
  1104. - timeout: 2
  1105. - attempts: 2
  1106. setting custom TX queue length for tap interfaces
  1107. .. code-block:: yaml
  1108. linux:
  1109. network:
  1110. tap_custom_txqueuelen: 10000
  1111. DPDK OVS interfaces
  1112. **DPDK OVS NIC**
  1113. .. code-block:: yaml
  1114. linux:
  1115. network:
  1116. bridge: openvswitch
  1117. dpdk:
  1118. enabled: true
  1119. driver: uio/vfio
  1120. openvswitch:
  1121. pmd_cpu_mask: "0x6"
  1122. dpdk_socket_mem: "1024,1024"
  1123. dpdk_lcore_mask: "0x400"
  1124. memory_channels: 2
  1125. interface:
  1126. dpkd0:
  1127. name: ${_param:dpdk_nic}
  1128. pci: 0000:06:00.0
  1129. driver: igb_uio/vfio-pci
  1130. enabled: true
  1131. type: dpdk_ovs_port
  1132. n_rxq: 2
  1133. pmd_rxq_affinity: "0:1,1:2"
  1134. bridge: br-prv
  1135. mtu: 9000
  1136. br-prv:
  1137. enabled: true
  1138. type: dpdk_ovs_bridge
  1139. **DPDK OVS Bond**
  1140. .. code-block:: yaml
  1141. linux:
  1142. network:
  1143. bridge: openvswitch
  1144. dpdk:
  1145. enabled: true
  1146. driver: uio/vfio
  1147. openvswitch:
  1148. pmd_cpu_mask: "0x6"
  1149. dpdk_socket_mem: "1024,1024"
  1150. dpdk_lcore_mask: "0x400"
  1151. memory_channels: 2
  1152. interface:
  1153. dpdk_second_nic:
  1154. name: ${_param:primary_second_nic}
  1155. pci: 0000:06:00.0
  1156. driver: igb_uio/vfio-pci
  1157. bond: dpdkbond0
  1158. enabled: true
  1159. type: dpdk_ovs_port
  1160. n_rxq: 2
  1161. pmd_rxq_affinity: "0:1,1:2"
  1162. mtu: 9000
  1163. dpdk_first_nic:
  1164. name: ${_param:primary_first_nic}
  1165. pci: 0000:05:00.0
  1166. driver: igb_uio/vfio-pci
  1167. bond: dpdkbond0
  1168. enabled: true
  1169. type: dpdk_ovs_port
  1170. n_rxq: 2
  1171. pmd_rxq_affinity: "0:1,1:2"
  1172. mtu: 9000
  1173. dpdkbond0:
  1174. enabled: true
  1175. bridge: br-prv
  1176. type: dpdk_ovs_bond
  1177. mode: active-backup
  1178. br-prv:
  1179. enabled: true
  1180. type: dpdk_ovs_bridge
  1181. **DPDK OVS bridge for VXLAN**
  1182. If VXLAN is used as tenant segmentation then ip address must be set on br-prv
  1183. .. code-block:: yaml
  1184. linux:
  1185. network:
  1186. ...
  1187. interface:
  1188. br-prv:
  1189. enabled: true
  1190. type: dpdk_ovs_bridge
  1191. address: 192.168.50.0
  1192. netmask: 255.255.255.0
  1193. mtu: 9000
  1194. Linux storage
  1195. -------------
  1196. Linux with mounted Samba
  1197. .. code-block:: yaml
  1198. linux:
  1199. storage:
  1200. enabled: true
  1201. mount:
  1202. samba1:
  1203. - enabled: true
  1204. - path: /media/myuser/public/
  1205. - device: //192.168.0.1/storage
  1206. - file_system: cifs
  1207. - options: guest,uid=myuser,iocharset=utf8,file_mode=0777,dir_mode=0777,noperm
  1208. NFS mount
  1209. .. code-block:: yaml
  1210. linux:
  1211. storage:
  1212. enabled: true
  1213. mount:
  1214. nfs_glance:
  1215. enabled: true
  1216. path: /var/lib/glance/images
  1217. device: 172.16.10.110:/var/nfs/glance
  1218. file_system: nfs
  1219. opts: rw,sync
  1220. File swap configuration
  1221. .. code-block:: yaml
  1222. linux:
  1223. storage:
  1224. enabled: true
  1225. swap:
  1226. file:
  1227. enabled: true
  1228. engine: file
  1229. device: /swapfile
  1230. size: 1024
  1231. Partition swap configuration
  1232. .. code-block:: yaml
  1233. linux:
  1234. storage:
  1235. enabled: true
  1236. swap:
  1237. partition:
  1238. enabled: true
  1239. engine: partition
  1240. device: /dev/vg0/swap
  1241. LVM group `vg1` with one device and `data` volume mounted into `/mnt/data`
  1242. .. code-block:: yaml
  1243. parameters:
  1244. linux:
  1245. storage:
  1246. mount:
  1247. data:
  1248. enabled: true
  1249. device: /dev/vg1/data
  1250. file_system: ext4
  1251. path: /mnt/data
  1252. lvm:
  1253. vg1:
  1254. enabled: true
  1255. devices:
  1256. - /dev/sdb
  1257. volume:
  1258. data:
  1259. size: 40G
  1260. mount: ${linux:storage:mount:data}
  1261. Create partitions on disk. Specify size in MB. It expects empty
  1262. disk without any existing partitions. (set startsector=1, if you want to start partitions from 2048)
  1263. .. code-block:: yaml
  1264. linux:
  1265. storage:
  1266. disk:
  1267. first_drive:
  1268. startsector: 1
  1269. name: /dev/loop1
  1270. type: gpt
  1271. partitions:
  1272. - size: 200 #size in MB
  1273. type: fat32
  1274. - size: 300 #size in MB
  1275. mkfs: True
  1276. type: xfs
  1277. /dev/vda1:
  1278. partitions:
  1279. - size: 5
  1280. type: ext2
  1281. - size: 10
  1282. type: ext4
  1283. Multipath with Fujitsu Eternus DXL
  1284. .. code-block:: yaml
  1285. parameters:
  1286. linux:
  1287. storage:
  1288. multipath:
  1289. enabled: true
  1290. blacklist_devices:
  1291. - /dev/sda
  1292. - /dev/sdb
  1293. backends:
  1294. - fujitsu_eternus_dxl
  1295. Multipath with Hitachi VSP 1000
  1296. .. code-block:: yaml
  1297. parameters:
  1298. linux:
  1299. storage:
  1300. multipath:
  1301. enabled: true
  1302. blacklist_devices:
  1303. - /dev/sda
  1304. - /dev/sdb
  1305. backends:
  1306. - hitachi_vsp1000
  1307. Multipath with IBM Storwize
  1308. .. code-block:: yaml
  1309. parameters:
  1310. linux:
  1311. storage:
  1312. multipath:
  1313. enabled: true
  1314. blacklist_devices:
  1315. - /dev/sda
  1316. - /dev/sdb
  1317. backends:
  1318. - ibm_storwize
  1319. Multipath with multiple backends
  1320. .. code-block:: yaml
  1321. parameters:
  1322. linux:
  1323. storage:
  1324. multipath:
  1325. enabled: true
  1326. blacklist_devices:
  1327. - /dev/sda
  1328. - /dev/sdb
  1329. - /dev/sdc
  1330. - /dev/sdd
  1331. backends:
  1332. - ibm_storwize
  1333. - fujitsu_eternus_dxl
  1334. - hitachi_vsp1000
  1335. Disabled multipath (the default setup)
  1336. .. code-block:: yaml
  1337. parameters:
  1338. linux:
  1339. storage:
  1340. multipath:
  1341. enabled: false
  1342. Linux with local loopback device
  1343. .. code-block:: yaml
  1344. linux:
  1345. storage:
  1346. loopback:
  1347. disk1:
  1348. file: /srv/disk1
  1349. size: 50G
  1350. External config generation
  1351. --------------------------
  1352. You are able to use config support metadata between formulas and only generate
  1353. config files for external use, eg. docker, etc.
  1354. .. code-block:: yaml
  1355. parameters:
  1356. linux:
  1357. system:
  1358. config:
  1359. pillar:
  1360. jenkins:
  1361. master:
  1362. home: /srv/volumes/jenkins
  1363. approved_scripts:
  1364. - method java.net.URL openConnection
  1365. credentials:
  1366. - type: username_password
  1367. scope: global
  1368. id: test
  1369. desc: Testing credentials
  1370. username: test
  1371. password: test
  1372. Netconsole Remote Kernel Logging
  1373. --------------------------------
  1374. Netconsole logger could be configured for configfs-enabled kernels
  1375. (`CONFIG_NETCONSOLE_DYNAMIC` should be enabled). Configuration applies both in
  1376. runtime (if network is already configured), and on-boot after interface
  1377. initialization. Notes:
  1378. * receiver could be located only in same L3 domain
  1379. (or you need to configure gateway MAC manually)
  1380. * receiver's MAC is detected only on configuration time
  1381. * using broadcast MAC is not recommended
  1382. .. code-block:: yaml
  1383. parameters:
  1384. linux:
  1385. system:
  1386. netconsole:
  1387. enabled: true
  1388. port: 514 (optional)
  1389. loglevel: debug (optional)
  1390. target:
  1391. 192.168.0.1:
  1392. interface: bond0
  1393. mac: "ff:ff:ff:ff:ff:ff" (optional)
  1394. Usage
  1395. =====
  1396. Set mtu of network interface eth0 to 1400
  1397. .. code-block:: bash
  1398. ip link set dev eth0 mtu 1400
  1399. Read more
  1400. =========
  1401. * https://www.archlinux.org/
  1402. * http://askubuntu.com/questions/175172/how-do-i-configure-proxies-in-ubuntu-server-or-minimal-cli-ubuntu
  1403. Documentation and Bugs
  1404. ======================
  1405. To learn how to install and update salt-formulas, consult the documentation
  1406. available online at:
  1407. http://salt-formulas.readthedocs.io/
  1408. In the unfortunate event that bugs are discovered, they should be reported to
  1409. the appropriate issue tracker. Use Github issue tracker for specific salt
  1410. formula:
  1411. https://github.com/salt-formulas/salt-formula-linux/issues
  1412. For feature requests, bug reports or blueprints affecting entire ecosystem,
  1413. use Launchpad salt-formulas project:
  1414. https://launchpad.net/salt-formulas
  1415. You can also join salt-formulas-users team and subscribe to mailing list:
  1416. https://launchpad.net/~salt-formulas-users
  1417. Developers wishing to work on the salt-formulas projects should always base
  1418. their work on master branch and submit pull request against specific formula.
  1419. https://github.com/salt-formulas/salt-formula-linux
  1420. Any questions or feedback is always welcome so feel free to join our IRC
  1421. channel:
  1422. #salt-formulas @ irc.freenode.net