ExternalMirrors
/
linux-formula
mirror of https://github.com/salt-formulas/salt-formula-linux
Watch 1
Star 0
Fork 1
Code Issues 0 Releases 8 Wiki Activity
Saltstack Official Linux Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
628 Commits
26 Branches
Tree: 6040a3f96d
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '6040a3f96d'
${ noResults }
linux-formula/README.rst

README.rst 47KB
Raw Normal View History

Update README.rst
7 years ago
Initial commit
9 years ago
Update README.rst
7 years ago
Initial commit
9 years ago
Update README.rst
7 years ago
Initial commit
9 years ago
Extend linux.user - Add posibility do delete user password - Delete any password, if no other option has been passed - Allow to pass hash\plain password - Allow to unchange password Change-Id: Id2b7234ca5d4417475b2114e74840292fc57d0de
7 years ago
Initial commit
9 years ago
Enable setting home dir permissions Fixes: PROD-21350 Change-Id: If5a4473296e4d2cb6a80cb7397ac38a66011f39d
6 years ago
Initial commit
9 years ago
Extend linux.user - Add posibility do delete user password - Delete any password, if no other option has been passed - Allow to pass hash\plain password - Allow to unchange password Change-Id: Id2b7234ca5d4417475b2114e74840292fc57d0de
7 years ago
Initial commit
9 years ago
Extend linux.user - Add posibility do delete user password - Delete any password, if no other option has been passed - Allow to pass hash\plain password - Allow to unchange password Change-Id: Id2b7234ca5d4417475b2114e74840292fc57d0de
7 years ago
Initial commit
9 years ago
Add sudo state, salt-managed aliases,users,groups - apply review comments - add visudo check cmd
7 years ago
Update README.rst
7 years ago
Add sudo state, salt-managed aliases,users,groups - apply review comments - add visudo check cmd
7 years ago
Update README.rst
7 years ago
Add sudo state, salt-managed aliases,users,groups - apply review comments - add visudo check cmd
7 years ago
Update README.rst fixed typo in sudo part
7 years ago
Add sudo state, salt-managed aliases,users,groups - apply review comments - add visudo check cmd
7 years ago
Added ability to enable SETENV in sudoers Change-Id: Icee295720a5a2425390a1bcd588841897071938e
7 years ago
Add sudo state, salt-managed aliases,users,groups - apply review comments - add visudo check cmd
7 years ago
Initial commit
9 years ago
Add system.autoupdates state (#61) * Add support for autoupdates only Debian-based systems are supported for now (through unattended-upgrades package) * Fix test on system.autoupdates.pkgs
8 years ago
Initial commit
9 years ago
Use cron job identifier to be able to update command Change-Id: Id571945585863a08bd2317b57ecc6123a16e1857
7 years ago
Initial commit
9 years ago
Use cron job identifier to be able to update command Change-Id: Id571945585863a08bd2317b57ecc6123a16e1857
7 years ago
Initial commit
9 years ago
Support for setting security limits
9 years ago
Enable/disable console autologin
9 years ago
More options for consoles
9 years ago
Enable/disable console autologin
9 years ago
Allow setting policy-rc.d
9 years ago
Allow setting system locales
8 years ago
Fix readme of cs_CZ locales
8 years ago
Allow setting system locales
8 years ago
Allow configure systemd Change-Id: I54bc92902137899834408732ab852fd96d3f5a53
7 years ago
Add linux.system.directory state Change-Id: Ida91f545cc705457d1bc567fbee483e14a202a3a
7 years ago
Added support for managing files by pillar Change-Id: Ibd0a024bcd69089d9835a18f2bb803c952e13967
7 years ago
linux.system.file - hash only if source is defined and ability to set name by param Change-Id: Ia286ac4377c6b03ce16c9dc1a5c7d3441efe7e12
7 years ago
Added support for managing files by pillar Change-Id: Ibd0a024bcd69089d9835a18f2bb803c952e13967
7 years ago
linux.system.file - hash only if source is defined and ability to set name by param Change-Id: Ia286ac4377c6b03ce16c9dc1a5c7d3441efe7e12
7 years ago
Add support file.serialize in linux:system:file Ensure presence of file to be serialized through one of the serializer modules (see: https://docs.saltstack.com/en/latest/ref/serializers/all/index.html):
6 years ago
Make linux.system.kernel functional
9 years ago
add support for kernel modules Change-Id: I6ba3d72307805341829fe0f6919e326f3698e833
8 years ago
added possibility to use list for sysfs params Change-Id: Id9ffc5cbbbb10fd6136d459ed461151a1800e857 related-bug: PROD-21205
6 years ago
RIL-267 Adding cpu governor and kernel module opts (#101) * RIL-267 Adding cpu governor and kernel module opts * RIL-267 Adding cpu governor and kernel module opts * RIL-267 Adding cpu governor and kernel module opts
7 years ago
Make linux.system.kernel functional
9 years ago
Linux sysctl kernel parameters
9 years ago
Handle kernel boot options The 'system.kernel.elevator' and 'system.kernel.isolcpu' options have been kept for backward compatibility and should be used in new fashion way with system.kernel.boot_options parameter. Change-Id: I51f7167b8b8946500df2065ee6b02bcf21809bc9
7 years ago
cpu governor
8 years ago
RIL-267 Adding cpu governor and kernel module opts (#101) * RIL-267 Adding cpu governor and kernel module opts * RIL-267 Adding cpu governor and kernel module opts * RIL-267 Adding cpu governor and kernel module opts
7 years ago
cpu governor
8 years ago
add additional shared libraries (#137) * This merge request gives the ability to add shared libaries without set LD_LIBRARY_PATH variable. 1. Generate file in /etc/ld.so.conf.d/ 2. update /etc/ld.so.cache with ldconfig command example pillars: linux: system: enabled: True ld: libraries: java: - /usr/lib/jvm/jre-openjdk/lib/amd64/server - /opt/java/jre/lib/amd64/server * fix format in README.rst for Shared Libraries * Fix for #137 - change pillar libraries key to library
7 years ago
cgroups PROD-16845 Change-Id: Iabc6f4584e34c988e67ff42ee8ceb20c469823d6
7 years ago
add additional shared libraries (#137) * This merge request gives the ability to add shared libaries without set LD_LIBRARY_PATH variable. 1. Generate file in /etc/ld.so.conf.d/ 2. update /etc/ld.so.cache with ldconfig command example pillars: linux: system: enabled: True ld: libraries: java: - /usr/lib/jvm/jre-openjdk/lib/amd64/server - /opt/java/jre/lib/amd64/server * fix format in README.rst for Shared Libraries * Fix for #137 - change pillar libraries key to library
7 years ago
added possibility to use list for sysfs params Change-Id: Id9ffc5cbbbb10fd6136d459ed461151a1800e857 related-bug: PROD-21205
6 years ago
add additional shared libraries (#137) * This merge request gives the ability to add shared libaries without set LD_LIBRARY_PATH variable. 1. Generate file in /etc/ld.so.conf.d/ 2. update /etc/ld.so.cache with ldconfig command example pillars: linux: system: enabled: True ld: libraries: java: - /usr/lib/jvm/jre-openjdk/lib/amd64/server - /opt/java/jre/lib/amd64/server * fix format in README.rst for Shared Libraries * Fix for #137 - change pillar libraries key to library
7 years ago
Add ca_certificates into readme Fixes: #120 Change-Id: Idc3b239418630a6d7cb8d5451726095c70fb6247
7 years ago
Add support for sysfs Change-Id: I29cfe2cd9dd39b74a1d39313f78dfddc87cb79b8
7 years ago
added possibility to use list for sysfs params Change-Id: Id9ffc5cbbbb10fd6136d459ed461151a1800e857 related-bug: PROD-21205
6 years ago
Hugepages support Grub hugepages configuration and mount point action. Change-Id: I49b26871c325b95a7d3f264892a9e997b58765bc Epic: PROD-8959
8 years ago
Mend hugepages config * make unique mounted device * hugepages realtime setup for default pagesize only Change-Id: Ifa369f62a993c59c7b2c471b273fa795cc794e24 Closes-Bug: PROD-19825
6 years ago
Hugepages support Grub hugepages configuration and mount point action. Change-Id: I49b26871c325b95a7d3f264892a9e997b58765bc Epic: PROD-8959
8 years ago
cpu governor
8 years ago
SRIOV support Enable SR-IOV support on server. Change-Id: I7dabe340abd398cc0422698112cbdd81804446b7 Epic: PROD-8956
8 years ago
Implement isolcpu grub configuration Separate cpu for host os from workload. Change-Id: I5b274a6324fe2fa47c09df82c01e3b95dadb5e53 Epic: PROD-8959
8 years ago
cpu governor
8 years ago
Initial commit
9 years ago
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 years ago
Add dhclient basic configuration Allows configuring general section as well as configuring each dhcp enabled interface separetly. Does not allow alias or lease configuration.
7 years ago
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 years ago
Add dhclient basic configuration Allows configuring general section as well as configuring each dhcp enabled interface separetly. Does not allow alias or lease configuration.
7 years ago
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 years ago
README fix for purging repos
7 years ago
Add linux.system.apt state Change-Id: I1e190f1f5b34a049335efbecffad3dddf7c41644
7 years ago
README fix for purging repos
7 years ago
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 years ago
rc.local added to linux formula
9 years ago
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 years ago
Allow setting system-wide prompt
9 years ago
Ensure PS1 is enforced for root
9 years ago
rc.local added to linux formula
9 years ago
Option to preserve bash history
8 years ago
Configure interactive logon message This is also covers the following CIS items * CIS 1.7.1.5 Ensure permissions on /etc/issue are configured (Scored) Change-Id: If8c237ff4db7e9ab7ee244278d28f632e73ecb56 Related-Prod: PROD-19166
6 years ago
Set message of the day
9 years ago
Update motd.sls This patch unifies /etc/motd managing approach for both RedHat and Ubuntu systems. Providing a string value via linux:system:motd pillar will configure static /etc/motd and remove dynamic scripts from /etc/update-motd.d (if present). update-motd can safely be removed because Ubuntu supports dynamic motd by pam_motd means since 2009. Related-Prod: PROD-17287 Change-Id: Ic9b7e18abb12cfe8704717b14dc1237e40715319
6 years ago
Set message of the day
9 years ago
Update motd.sls This patch unifies /etc/motd managing approach for both RedHat and Ubuntu systems. Providing a string value via linux:system:motd pillar will configure static /etc/motd and remove dynamic scripts from /etc/update-motd.d (if present). update-motd can safely be removed because Ubuntu supports dynamic motd by pam_motd means since 2009. Related-Prod: PROD-17287 Change-Id: Ic9b7e18abb12cfe8704717b14dc1237e40715319
6 years ago
Set message of the day
9 years ago
add service management support Change-Id: Iffb55fee41b8398de12554b58a9d36ae2b81e7ff
7 years ago
Add atop Change-Id: I59297736406469e5314236cb40851d9a6f94386e
7 years ago
Add support of mcelog service Change-Id: I32c83d63e7f359704ab6cc77dec07a1617880fbb Prod-Related: PROD-20137
6 years ago
RHEL compatibility of motd and prompt
9 years ago
Support for haveged
9 years ago
RHEL compatibility of motd and prompt
9 years ago
Support for haveged
9 years ago
Initial commit
9 years ago
example usage to disable NM
9 years ago
Initial commit
9 years ago
example usage to disable NM
9 years ago
Initial commit
9 years ago
vlan networking support
9 years ago
fix fillar syntax
9 years ago
vlan networking support
9 years ago
Initial commit
9 years ago
vlan networking support
9 years ago
Initial commit
9 years ago
vlan networking support
9 years ago
Initial commit
9 years ago
One should be able to change ovs port type if its not virtual. If ovs port is virtual, we use OVSIntPort to create it. Otherwise it should be OVSPort. I've added new key: ovs_port_type to not intersect with current deployments and not hurt anyone. I've updated doc to have an example of ovs peering patch. Customer-Found Change-Id: Ieddb5fcc02d410c3cc14c89737992690cb5f3975
7 years ago
Add ability to configure VLAN tag on patch port Change-Id: I41f6e9c4feed93d03ac0479f9bd3626e48ad8063 Co-Authored-By: Michael Polenchuk <mpolenchuk@mirantis.com> Closes-Bug: PROD-20729
6 years ago
One should be able to change ovs port type if its not virtual. If ovs port is virtual, we use OVSIntPort to create it. Otherwise it should be OVSPort. I've added new key: ovs_port_type to not intersect with current deployments and not hurt anyone. I've updated doc to have an example of ovs peering patch. Customer-Found Change-Id: Ieddb5fcc02d410c3cc14c89737992690cb5f3975
7 years ago
Add ability to configure VLAN tag on patch port Change-Id: I41f6e9c4feed93d03ac0479f9bd3626e48ad8063 Co-Authored-By: Michael Polenchuk <mpolenchuk@mirantis.com> Closes-Bug: PROD-20729
6 years ago
One should be able to change ovs port type if its not virtual. If ovs port is virtual, we use OVSIntPort to create it. Otherwise it should be OVSPort. I've added new key: ovs_port_type to not intersect with current deployments and not hurt anyone. I've updated doc to have an example of ovs peering patch. Customer-Found Change-Id: Ieddb5fcc02d410c3cc14c89737992690cb5f3975
7 years ago
Initial commit
9 years ago
Introduce ipflush_onchange Change-Id: I4dc6d6db82dc4074ed247b7fc0c29bfdc867b0d6
7 years ago
ifdown ifup fix PROD-16903 Change-Id: I660f745fc7518836f262b08fb92d39bbbe7a24e8
7 years ago
Introduce ipflush_onchange Change-Id: I4dc6d6db82dc4074ed247b7fc0c29bfdc867b0d6
7 years ago
Add concat and remove for interfaces.d Change-Id: Ia97c5a79c5298f24aca6ca9148ce48546f3bcb70
7 years ago
Add dhclient basic configuration Allows configuring general section as well as configuring each dhcp enabled interface separetly. Does not allow alias or lease configuration.
7 years ago
Add linux.network.systemd support
7 years ago
Add dhclient basic configuration Allows configuring general section as well as configuring each dhcp enabled interface separetly. Does not allow alias or lease configuration.
7 years ago
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 years ago
Allow mining for the dns records for local hosts records Change-Id: I8f2a66c6edafc425794d7cedc8b9217df7ee5951
7 years ago
Initial commit
9 years ago
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 years ago
Initial commit
9 years ago
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 years ago
Initial commit
9 years ago
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 years ago
Allow mining for the dns records for local hosts records Change-Id: I8f2a66c6edafc425794d7cedc8b9217df7ee5951
7 years ago
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 years ago
Initial commit
9 years ago
Allow enforcing of whole /etc/hosts Parameter purge_hosts will enforce whole /etc/hosts file, removing entries that are not defined in model except defaults for both IPv4 and IPv6 localhost and hostname + fqdn. It's good to use this option if you want to ensure /etc/hosts is always in a clean state however it's not enabled by default for safety. Change-Id: Ieb219b2dd494d5a66ecc52a2ec00dd5157ee2b7a
8 years ago
Allow mining for the dns records for local hosts records Change-Id: I8f2a66c6edafc425794d7cedc8b9217df7ee5951
7 years ago
Allow enforcing of whole /etc/hosts Parameter purge_hosts will enforce whole /etc/hosts file, removing entries that are not defined in model except defaults for both IPv4 and IPv6 localhost and hostname + fqdn. It's good to use this option if you want to ensure /etc/hosts is always in a clean state however it's not enabled by default for safety. Change-Id: Ieb219b2dd494d5a66ecc52a2ec00dd5157ee2b7a
8 years ago
Initial commit
9 years ago
Allow enforcing of whole /etc/hosts Parameter purge_hosts will enforce whole /etc/hosts file, removing entries that are not defined in model except defaults for both IPv4 and IPv6 localhost and hostname + fqdn. It's good to use this option if you want to ensure /etc/hosts is always in a clean state however it's not enabled by default for safety. Change-Id: Ieb219b2dd494d5a66ecc52a2ec00dd5157ee2b7a
8 years ago
Initial commit
9 years ago
Allow enforcing of whole /etc/hosts Parameter purge_hosts will enforce whole /etc/hosts file, removing entries that are not defined in model except defaults for both IPv4 and IPv6 localhost and hostname + fqdn. It's good to use this option if you want to ensure /etc/hosts is always in a clean state however it's not enabled by default for safety. Change-Id: Ieb219b2dd494d5a66ecc52a2ec00dd5157ee2b7a
8 years ago
Initial commit
9 years ago
Allow mining for the dns records for local hosts records Change-Id: I8f2a66c6edafc425794d7cedc8b9217df7ee5951
7 years ago
Allow enforcing of whole /etc/hosts Parameter purge_hosts will enforce whole /etc/hosts file, removing entries that are not defined in model except defaults for both IPv4 and IPv6 localhost and hostname + fqdn. It's good to use this option if you want to ensure /etc/hosts is always in a clean state however it's not enabled by default for safety. Change-Id: Ieb219b2dd494d5a66ecc52a2ec00dd5157ee2b7a
8 years ago
Allow setting resolv.conf
9 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
Allow setting resolv.conf
9 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
fix options setting in resolv
8 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
Allow mining for the dns records for local hosts records Change-Id: I8f2a66c6edafc425794d7cedc8b9217df7ee5951
7 years ago
Feature: automatically set txqueuelen for all tap* network interfaces Config: linux: network: tap_custom_txqueuelen: 10000 in case of configuration parameter defined will create file: /etc/udev/rules.d/60-net-txqueue.rules with content: KERNEL==”tap[0-9a-z\-]*", RUN+="/sbin/ip link set %k txqueuelen 10000"
7 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
[DPDK] Enable VT-d in kernel via grub in case vfio-pci PMD driver This is required in order to use vfio-pci driver. More info: http://docs.openvswitch.org/en/latest/intro/install/dpdk/ Change-Id: I1c936ffd4a903b9c6d67cdde6c612019a85f9b9e
7 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
[DPDK] Enable VT-d in kernel via grub in case vfio-pci PMD driver This is required in order to use vfio-pci driver. More info: http://docs.openvswitch.org/en/latest/intro/install/dpdk/ Change-Id: I1c936ffd4a903b9c6d67cdde6c612019a85f9b9e
7 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
[DPDK] Add ability to set pmd_rxq_affinity for dpdk interfaces This enables a more fine tuned dpdk for better performance. More details on pmd-rxq-affinity config: http://docs.openvswitch.org/en/latest/howto/dpdk/ Change-Id: I630c6af94ff733619fb175f522fc515984862ff6
7 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
Linux OVS dpdk vxlan tunnel endpoint ip address Add possiblity to add ip address and mtu on dpdk ovs bridge to be able use VXLAN as tenant segmentation. Change-Id: I1394d30c5d9935218841b17ff7651dac7b4abefa Epic: PROD-8957
7 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
Allow setting resolv.conf
9 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
[DPDK] Enable VT-d in kernel via grub in case vfio-pci PMD driver This is required in order to use vfio-pci driver. More info: http://docs.openvswitch.org/en/latest/intro/install/dpdk/ Change-Id: I1c936ffd4a903b9c6d67cdde6c612019a85f9b9e
7 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
[DPDK] Enable VT-d in kernel via grub in case vfio-pci PMD driver This is required in order to use vfio-pci driver. More info: http://docs.openvswitch.org/en/latest/intro/install/dpdk/ Change-Id: I1c936ffd4a903b9c6d67cdde6c612019a85f9b9e
7 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
[DPDK] Add ability to set pmd_rxq_affinity for dpdk interfaces This enables a more fine tuned dpdk for better performance. More details on pmd-rxq-affinity config: http://docs.openvswitch.org/en/latest/howto/dpdk/ Change-Id: I630c6af94ff733619fb175f522fc515984862ff6
7 years ago
Linux OVS dpdk vxlan tunnel endpoint ip address Add possiblity to add ip address and mtu on dpdk ovs bridge to be able use VXLAN as tenant segmentation. Change-Id: I1394d30c5d9935218841b17ff7651dac7b4abefa Epic: PROD-8957
7 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
[DPDK] Enable VT-d in kernel via grub in case vfio-pci PMD driver This is required in order to use vfio-pci driver. More info: http://docs.openvswitch.org/en/latest/intro/install/dpdk/ Change-Id: I1c936ffd4a903b9c6d67cdde6c612019a85f9b9e
7 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
[DPDK] Add ability to set pmd_rxq_affinity for dpdk interfaces This enables a more fine tuned dpdk for better performance. More details on pmd-rxq-affinity config: http://docs.openvswitch.org/en/latest/howto/dpdk/ Change-Id: I630c6af94ff733619fb175f522fc515984862ff6
7 years ago
Linux OVS dpdk vxlan tunnel endpoint ip address Add possiblity to add ip address and mtu on dpdk ovs bridge to be able use VXLAN as tenant segmentation. Change-Id: I1394d30c5d9935218841b17ff7651dac7b4abefa Epic: PROD-8957
7 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
Adding lacp support for ovs dpdk bond Change-Id: Icd1745d401ec275687a007e6683175a13569f2b4
6 years ago
Linux OVS dpdk vxlan tunnel endpoint ip address Add possiblity to add ip address and mtu on dpdk ovs bridge to be able use VXLAN as tenant segmentation. Change-Id: I1394d30c5d9935218841b17ff7651dac7b4abefa Epic: PROD-8957
7 years ago
[dpdk] Support ovs bridge tagging Bring in "tag" option for dpdk/ovs bridges to support vlan-tagged vxlan mode. Change-Id: I7f1f88233694f2c8b968a6cf55584f32879ec042
7 years ago
Linux OVS dpdk vxlan tunnel endpoint ip address Add possiblity to add ip address and mtu on dpdk ovs bridge to be able use VXLAN as tenant segmentation. Change-Id: I1394d30c5d9935218841b17ff7651dac7b4abefa Epic: PROD-8957
7 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
Add ability to add linux network interface into OVS dpdk bridge Change-Id: I1c78c9ccbc14cefff8226db50258b56a713abfd5 Related-Prod: PROD-18111
6 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
Initial commit
9 years ago
Fix mount examples in the README The enabled flag is mandatory.
8 years ago
Initial commit
9 years ago
nfs storage mount
7 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
Initial commit
9 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
add swap partition support
9 years ago
Support for LVM
9 years ago
Fix mount examples in the README The enabled flag is mandatory.
8 years ago
Support for LVM
9 years ago
Disk partitioning Ability to create partitions on empty disks. Change-Id: I0a71da9d62d8f7df3fa03e3f34d49bad6988ba6d
7 years ago
add startsector for partitions
7 years ago
Disk partitioning Ability to create partitions on empty disks. Change-Id: I0a71da9d62d8f7df3fa03e3f34d49bad6988ba6d
7 years ago
add startsector for partitions
7 years ago
Disk partitioning Ability to create partitions on empty disks. Change-Id: I0a71da9d62d8f7df3fa03e3f34d49bad6988ba6d
7 years ago
Extend by mkfs for XFS filesystem Change-Id: I3a6a8fc227cb9abd785b342584038e34d57a4175
7 years ago
Disk partitioning Ability to create partitions on empty disks. Change-Id: I0a71da9d62d8f7df3fa03e3f34d49bad6988ba6d
7 years ago
Refactored multipath support
8 years ago
Presenting pam_ldap auth for linux feature This patch implements pam ldap integration for linux host. Related Prod: PROD-16022 Customer-Found Change-Id: I2a05cfb4821d176724f03c61253700ef1f4d0bd8
7 years ago
* Splitting pam modules: - ldap - mkhomedir * Fixing dependency for mkhomedir refresh * Adding an ability to disable and enable moules Prod-Related: EME-220 Change-Id: I94feab03cef82c515c9c430b9828653e87100425
6 years ago
Presenting pam_ldap auth for linux feature This patch implements pam ldap integration for linux host. Related Prod: PROD-16022 Customer-Found Change-Id: I2a05cfb4821d176724f03c61253700ef1f4d0bd8
7 years ago
Refactored multipath support
8 years ago
Add linux.storage.loopback state This state allows to configure loopback device(s). This isn't meant to be used in production but offers a cheap way to test Cinder with LVM volumes.
8 years ago
Add support for external config generation
8 years ago
netconsole remote kernel logger To configure: * set system.netconsole.enabled to true * create system.netconsole.target dict * set a record with IP address and MAC and interface as subdict It works with both static and DHCP interfaces, and applies online. You could use bash-scripting in netconsole.conf. You could override the MAC. See tests/pillar/system.sls for further information. Change-Id: I1cbde47575eb5d32a34cd6d79a063f42dbea7643
7 years ago
Refactored multipath support
8 years ago
Initial commit
9 years ago
Unify Makefile, .gitignore and update readme
8 years ago
 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730173117321733173417351736173717381739174017411742174317441745174617471748174917501751175217531754175517561757175817591760176117621763176417651766176717681769177017711772177317741775177617771778177917801781178217831784178517861787178817891790179117921793179417951796179717981799180018011802180318041805180618071808180918101811181218131814181518161817181818191820182118221823182418251826182718281829183018311832183318341835183618371838183918401841184218431844184518461847184818491850185118521853185418551856185718581859186018611862186318641865186618671868186918701871187218731874187518761877187818791880188118821883188418851886188718881889189018911892189318941895189618971898189919001901190219031904190519061907190819091910191119121913191419151916191719181919192019211922192319241925192619271928192919301931193219331934193519361937193819391940194119421943194419451946194719481949195019511952195319541955195619571958195919601961196219631964196519661967196819691970197119721973197419751976197719781979 
  1. ============

  2. Linux Fomula

  3. ============

  4. 

  5. Linux Operating Systems.

  6. 

  7. * Ubuntu

  8. * CentOS

  9. * RedHat

  10. * Fedora

  11. * Arch

  12. 

  13. Sample Pillars

  14. ==============

  15. 

  16. 

  17. Linux System

  18. ------------

  19. 

  20. Basic Linux box

  21. 

  22. .. code-block:: yaml

  23. 

  24.     linux:

  25.       system:

  26.         enabled: true

  27.         name: 'node1'

  28.         domain: 'domain.com'

  29.         cluster: 'system'

  30.         environment: prod

  31.         timezone: 'Europe/Prague'

  32.         utc: true

  33. 

  34. Linux with system users, some with password set:

  35. .. WARNING::

  36. If no 'password' variable has been passed - any predifined password

  37. will be removed.

  38. 

  39. .. code-block:: yaml

  40. 

  41.     linux:

  42.       system:

  43.         ...

  44.         user:

  45.           jdoe:

  46.             name: 'jdoe'

  47.             enabled: true

  48.             sudo: true

  49.             shell: /bin/bash

  50.             full_name: 'Jonh Doe'

  51.             home: '/home/jdoe'

  52.             home_dir_mode: 755

  53.             email: 'jonh@doe.com'

  54.           jsmith:

  55.             name: 'jsmith'

  56.             enabled: true

  57.             full_name: 'With clear password'

  58.             home: '/home/jsmith'

  59.             hash_password: true

  60.             password: "userpassword"

  61.           mark:

  62.             name: 'mark'

  63.             enabled: true

  64.             full_name: "unchange password'

  65.             home: '/home/mark'

  66.             password: false

  67.           elizabeth:

  68.             name: 'elizabeth'

  69.             enabled: true

  70.             full_name: 'With hased password'

  71.             home: '/home/elizabeth'

  72.             password: "$6$nUI7QEz3$dFYjzQqK5cJ6HQ38KqG4gTWA9eJu3aKx6TRVDFh6BVJxJgFWg2akfAA7f1fCxcSUeOJ2arCO6EEI6XXnHXxG10"

  73. 

  74. Configure sudo for users and groups under ``/etc/sudoers.d/``.

  75. This ways ``linux.system.sudo`` pillar map to actual sudo attributes:

  76. 

  77. .. code-block:: jinja

  78. 

  79.    # simplified template:

  80.    Cmds_Alias {{ alias }}={{ commands }}

  81.    {{ user }}   {{ hosts }}=({{ runas }}) NOPASSWD: {{ commands }}

  82.    %{{ group }} {{ hosts }}=({{ runas }}) NOPASSWD: {{ commands }}

  83. 

  84.    # when rendered:

  85.    saltuser1 ALL=(ALL) NOPASSWD: ALL

  86. 

  87. .. code-block:: yaml

  88. 

  89.   linux:

  90.     system:

  91.       sudo:

  92.         enabled: true

  93.         aliases:

  94.           host:

  95.             LOCAL:

  96.             - localhost

  97.             PRODUCTION:

  98.             - db1

  99.             - db2

  100.           runas:

  101.             DBA:

  102.             - postgres

  103.             - mysql

  104.             SALT:

  105.             - root

  106.           command:

  107.             # Note: This is not 100% safe when ALL keyword is used, user still may modify configs and hide his actions.

  108.             #       Best practice is to specify full list of commands user is allowed to run.

  109.             SUPPORT_RESTRICTED:

  110.             - /bin/vi /etc/sudoers*

  111.             - /bin/vim /etc/sudoers*

  112.             - /bin/nano /etc/sudoers*

  113.             - /bin/emacs /etc/sudoers*

  114.             - /bin/su - root

  115.             - /bin/su -

  116.             - /bin/su

  117.             - /usr/sbin/visudo

  118.             SUPPORT_SHELLS:

  119.             - /bin/sh

  120.             - /bin/ksh

  121.             - /bin/bash

  122.             - /bin/rbash

  123.             - /bin/dash

  124.             - /bin/zsh

  125.             - /bin/csh

  126.             - /bin/fish

  127.             - /bin/tcsh

  128.             - /usr/bin/login

  129.             - /usr/bin/su

  130.             - /usr/su

  131.             ALL_SALT_SAFE:

  132.             - /usr/bin/salt state*

  133.             - /usr/bin/salt service*

  134.             - /usr/bin/salt pillar*

  135.             - /usr/bin/salt grains*

  136.             - /usr/bin/salt saltutil*

  137.             - /usr/bin/salt-call state*

  138.             - /usr/bin/salt-call service*

  139.             - /usr/bin/salt-call pillar*

  140.             - /usr/bin/salt-call grains*

  141.             - /usr/bin/salt-call saltutil*

  142.             SALT_TRUSTED:

  143.             - /usr/bin/salt*

  144.         users:

  145.           # saltuser1 with default values: saltuser1 ALL=(ALL) NOPASSWD: ALL

  146.           saltuser1: {}

  147.           saltuser2:

  148.             hosts:

  149.             - LOCAL

  150.           # User Alias DBA

  151.           DBA:

  152.             hosts:

  153.             - ALL

  154.             commands:

  155.             - ALL_SALT_SAFE

  156.         groups:

  157.           db-ops:

  158.             hosts:

  159.             - ALL

  160.             - '!PRODUCTION'

  161.             runas:

  162.             - DBA

  163.             commands:

  164.             - /bin/cat *

  165.             - /bin/less *

  166.             - /bin/ls *

  167.           salt-ops:

  168.             hosts:

  169.             - 'ALL'

  170.             runas:

  171.             - SALT

  172.             commands:

  173.             - SUPPORT_SHELLS

  174.           salt-ops-2nd:

  175.             name: salt-ops

  176.             nopasswd: false

  177.             setenv: true # Enable sudo -E option

  178.             runas:

  179.             - DBA

  180.             commands:

  181.             - ALL

  182.             - '!SUPPORT_SHELLS'

  183.             - '!SUPPORT_RESTRICTED'

  184. 

  185. Linux with package, latest version

  186. 

  187. .. code-block:: yaml

  188. 

  189.     linux:

  190.       system:

  191.         ...

  192.         package:

  193.           package-name:

  194.             version: latest

  195. 

  196. Linux with package from certail repo, version with no upgrades

  197. 

  198. .. code-block:: yaml

  199. 

  200.     linux:

  201.       system:

  202.         ...

  203.         package:

  204.           package-name:

  205.             version: 2132.323

  206.             repo: 'custom-repo'

  207.             hold: true

  208. 

  209. Linux with package from certail repo, version with no GPG verification

  210. 

  211. .. code-block:: yaml

  212. 

  213.     linux:

  214.       system:

  215.         ...

  216.         package:

  217.           package-name:

  218.             version: 2132.323

  219.             repo: 'custom-repo'

  220.             verify: false

  221. 

  222. Linux with autoupdates (automatically install security package updates)

  223. 

  224. .. code-block:: yaml

  225. 

  226.     linux:

  227.       system:

  228.         ...

  229.         autoupdates:

  230.           enabled: true

  231.           mail: root@localhost

  232.           mail_only_on_error: true

  233.           remove_unused_dependencies: false

  234.           automatic_reboot: true

  235.           automatic_reboot_time: "02:00"

  236. 

  237. Linux with cron jobs

  238. By default it will use name as an identifier, unless identifier key is

  239. explicitly set or False (then it will use Salt's default behavior which is

  240. identifier same as command resulting in not being able to change it)

  241. 

  242. .. code-block:: yaml

  243. 

  244.     linux:

  245.       system:

  246.         ...

  247.         job:

  248.           cmd1:

  249.             command: '/cmd/to/run'

  250.             identifier: cmd1

  251.             enabled: true

  252.             user: 'root'

  253.             hour: 2

  254.             minute: 0

  255. 

  256. Linux security limits (limit sensu user memory usage to max 1GB):

  257. 

  258. .. code-block:: yaml

  259. 

  260.     linux:

  261.       system:

  262.         ...

  263.         limit:

  264.           sensu:

  265.             enabled: true

  266.             domain: sensu

  267.             limits:

  268.               - type: hard

  269.                 item: as

  270.                 value: 1000000

  271. 

  272. Enable autologin on tty1 (may work only for Ubuntu 14.04):

  273. 

  274. .. code-block:: yaml

  275. 

  276.     linux:

  277.       system:

  278.         console:

  279.           tty1:

  280.             autologin: root

  281.           # Enable serial console

  282.           ttyS0:

  283.             autologin: root

  284.             rate: 115200

  285.             term: xterm

  286. 

  287. To disable set autologin to `false`.

  288. 

  289. Set ``policy-rc.d`` on Debian-based systems. Action can be any available

  290. command in ``while true`` loop and ``case`` context.

  291. Following will disallow dpkg to stop/start services for cassandra package automatically:

  292. 

  293. .. code-block:: yaml

  294. 

  295.     linux:

  296.       system:

  297.         policyrcd:

  298.           - package: cassandra

  299.             action: exit 101

  300.           - package: '*'

  301.             action: switch

  302. 

  303. Set system locales:

  304. 

  305. .. code-block:: yaml

  306. 

  307.     linux:

  308.       system:

  309.         locale:

  310.           en_US.UTF-8:

  311.             default: true

  312.           "cs_CZ.UTF-8 UTF-8":

  313.             enabled: true

  314. 

  315. Systemd settings:

  316. 

  317. .. code-block:: yaml

  318. 

  319.     linux:

  320.       system:

  321.         ...

  322.         systemd:

  323.           system:

  324.             Manager:

  325.               DefaultLimitNOFILE: 307200

  326.               DefaultLimitNPROC: 307200

  327.           user:

  328.             Manager:

  329.               DefaultLimitCPU: 2

  330.               DefaultLimitNPROC: 4

  331. 

  332. Ensure presence of directory:

  333. 

  334. .. code-block:: yaml

  335. 

  336.     linux:

  337.       system:

  338.         directory:

  339.           /tmp/test:

  340.             user: root

  341.             group: root

  342.             mode: 700

  343.             makedirs: true

  344. 

  345. Ensure presence of file by specifying it's source:

  346. 

  347. .. code-block:: yaml

  348. 

  349.     linux:

  350.       system:

  351.         file:

  352.           /tmp/test.txt:

  353.             source: http://example.com/test.txt

  354.             user: root #optional

  355.             group: root #optional

  356.             mode: 700 #optional

  357.             dir_mode: 700 #optional

  358.             encoding: utf-8 #optional

  359.             hash: <<hash>> or <<URI to hash>> #optional

  360.             makedirs: true #optional

  361. 

  362.     linux:

  363.       system:

  364.         file:

  365.           test.txt:

  366.             name: /tmp/test.txt

  367.             source: http://example.com/test.txt

  368. 

  369. Ensure presence of file by specifying it's contents:

  370. 

  371. .. code-block:: yaml

  372. 

  373.     linux:

  374.       system:

  375.         file:

  376.           /tmp/test.txt:

  377.             contents: |

  378.               line1

  379.               line2

  380. 

  381.     linux:

  382.       system:

  383.         file:

  384.           /tmp/test.txt:

  385.             contents_pillar: linux:network:hostname

  386. 

  387.     linux:

  388.       system:

  389.         file:

  390.           /tmp/test.txt:

  391.             contents_grains: motd

  392. 

  393. Ensure presence of file to be serialized through one of the serializer modules

  394. (see: https://docs.saltstack.com/en/latest/ref/serializers/all/index.html):

  395. 

  396. .. code-block:: yaml

  397. 

  398.     linux:

  399.       system:

  400.         file:

  401.           /tmp/test.json:

  402.             serialize: json

  403.             contents:

  404.               foo: 1

  405.               bar: 'bar'

  406. 

  407. Kernel

  408. ~~~~~~

  409. 

  410. Install always up to date LTS kernel and headers from Ubuntu trusty:

  411. 

  412. .. code-block:: yaml

  413. 

  414.     linux:

  415.       system:

  416.         kernel:

  417.           type: generic

  418.           lts: trusty

  419.           headers: true

  420. 

  421. Load kernel modules and add them to `/etc/modules`:

  422. 

  423. .. code-block:: yaml

  424. 

  425.     linux:

  426.       system:

  427.         kernel:

  428.           modules:

  429.             - nf_conntrack

  430.             - tp_smapi

  431.             - 8021q

  432. 

  433. Configure or blacklist kernel modules with additional options to `/etc/modprobe.d` following example

  434. will add `/etc/modprobe.d/nf_conntrack.conf` file with line `options nf_conntrack hashsize=262144`:

  435. 

  436. .. code-block:: yaml

  437. 

  438.     linux:

  439.       system:

  440.         kernel:

  441.           module:

  442.             nf_conntrack:

  443.               option:

  444.                 hashsize: 262144

  445. 

  446. 

  447. 

  448. Install specific kernel version and ensure all other kernel packages are

  449. not present. Also install extra modules and headers for this kernel:

  450. 

  451. .. code-block:: yaml

  452. 

  453.     linux:

  454.       system:

  455.         kernel:

  456.           type: generic

  457.           extra: true

  458.           headers: true

  459.           version: 4.2.0-22

  460. 

  461. Systcl kernel parameters

  462. 

  463. .. code-block:: yaml

  464. 

  465.     linux:

  466.       system:

  467.         kernel:

  468.           sysctl:

  469.             net.ipv4.tcp_keepalive_intvl: 3

  470.             net.ipv4.tcp_keepalive_time: 30

  471.             net.ipv4.tcp_keepalive_probes: 8

  472. 

  473. Configure kernel boot options:

  474. 

  475. .. code-block:: yaml

  476. 

  477.     linux:

  478.       system:

  479.         kernel:

  480.           boot_options:

  481.             - elevator=deadline

  482.             - spectre_v2=off

  483.             - nopti

  484. 

  485. 

  486. CPU

  487. ~~~

  488. 

  489. Enable cpufreq governor for every cpu:

  490. 

  491. .. code-block:: yaml

  492. 

  493.     linux:

  494.       system:

  495.         cpu:

  496.           governor: performance

  497. 

  498. 

  499. CGROUPS

  500. ~~~~~~~

  501. 

  502. Setup linux cgroups:

  503. 

  504. .. code-block:: yaml

  505. 

  506.     linux:

  507.       system:

  508.         cgroup:

  509.           enabled: true

  510.           group:

  511.             ceph_group_1:

  512.               controller:

  513.                 cpu:

  514.                   shares:

  515.                     value: 250

  516.                 cpuacct:

  517.                   usage:

  518.                     value: 0

  519.                 cpuset:

  520.                   cpus:

  521.                     value: 1,2,3

  522.                 memory:

  523.                   limit_in_bytes:

  524.                     value: 2G

  525.                   memsw.limit_in_bytes:

  526.                     value: 3G

  527.               mapping:

  528.                 subjects:

  529.                 - '@ceph'

  530.             generic_group_1:

  531.               controller:

  532.                 cpu:

  533.                   shares:

  534.                     value: 250

  535.                 cpuacct:

  536.                   usage:

  537.                     value: 0

  538.               mapping:

  539.                 subjects:

  540.                 - '*:firefox'

  541.                 - 'student:cp'

  542. 

  543. 

  544. Shared Libraries

  545. ~~~~~~~~~~~~~~~~

  546. 

  547. Set additional shared library to Linux system library path

  548. 

  549. .. code-block:: yaml

  550. 

  551.     linux:

  552.       system:

  553.         ld:

  554.           library:

  555.             java:

  556.               - /usr/lib/jvm/jre-openjdk/lib/amd64/server

  557.               - /opt/java/jre/lib/amd64/server

  558. 

  559. 

  560. Certificates

  561. ~~~~~~~~~~~~

  562. 

  563. Add certificate authority into system trusted CA bundle

  564. 

  565. .. code-block:: yaml

  566. 

  567.     linux:

  568.       system:

  569.         ca_certificates:

  570.           mycert: |

  571.             -----BEGIN CERTIFICATE-----

  572.             MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG

  573.             A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz

  574.             cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2

  575.             MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV

  576.             BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt

  577.             YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN

  578.             ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE

  579.             BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is

  580.             I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G

  581.             CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do

  582.             lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc

  583.             AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k

  584.             -----END CERTIFICATE-----

  585. 

  586. Sysfs

  587. ~~~~~

  588. 

  589. Install sysfsutils and set sysfs attributes:

  590. 

  591. .. code-block:: yaml

  592. 

  593.     linux:

  594.       system:

  595.         sysfs:

  596.           scheduler:

  597.             block/sda/queue/scheduler: deadline

  598.           power:

  599.             mode:

  600.               power/state: 0660

  601.             owner:

  602.               power/state: "root:power"

  603.             devices/system/cpu/cpu0/cpufreq/scaling_governor: powersave

  604. 

  605. Optional: You can also use list that will ensure order of items.

  606. 

  607. .. code-block:: yaml

  608. 

  609.     linux:

  610.       system:

  611.         sysfs:

  612.           scheduler:

  613.             block/sda/queue/scheduler: deadline

  614.           power:

  615.             - mode:

  616.                 power/state: 0660

  617.             - owner:

  618.                 power/state: "root:power"

  619.             - devices/system/cpu/cpu0/cpufreq/scaling_governor: powersave

  620. 

  621. Huge Pages

  622. ~~~~~~~~~~~~

  623. 

  624. Huge Pages give a performance boost to applications that intensively deal

  625. with memory allocation/deallocation by decreasing memory fragmentation.

  626. 

  627. .. code-block:: yaml

  628. 

  629.     linux:

  630.       system:

  631.         kernel:

  632.           hugepages:

  633.             small:

  634.               size: 2M

  635.               count: 107520

  636.               mount_point: /mnt/hugepages_2MB

  637.               mount: false/true # default is true (mount immediately) / false (just save in the fstab)

  638.             large:

  639.               default: true # default automatically mounted

  640.               size: 1G

  641.               count: 210

  642.               mount_point: /mnt/hugepages_1GB

  643. 

  644. Note: not recommended to use both pagesizes in concurrently.

  645. 

  646. Intel SR-IOV

  647. ~~~~~~~~~~~~

  648. 

  649. PCI-SIG Single Root I/O Virtualization and Sharing (SR-IOV) specification defines a standardized mechanism to virtualize PCIe devices. The mechanism can virtualize a single PCIe Ethernet controller to appear as multiple PCIe devices.

  650. 

  651. .. code-block:: yaml

  652. 

  653.     linux:

  654.       system:

  655.         kernel:

  656.           sriov: True

  657.           unsafe_interrupts: False # Default is false. for older platforms and AMD we need to add interrupt remapping workaround

  658.         rc:

  659.           local: |

  660.             #!/bin/sh -e

  661.             # Enable 7 VF on eth1

  662.             echo 7 > /sys/class/net/eth1/device/sriov_numvfs; sleep 2; ifup -a

  663.             exit 0

  664. 

  665. Isolate CPU options

  666. ~~~~~~~~~~~~~~~~~~~

  667. 

  668. Remove the specified CPUs, as defined by the cpu_number values, from the general kernel

  669. SMP balancing and scheduler algroithms. The only way to move a process onto or off an

  670. "isolated" CPU is via the CPU affinity syscalls. cpu_number begins at 0, so the

  671. maximum value is 1 less than the number of CPUs on the system.

  672. 

  673. .. code-block:: yaml

  674. 

  675.     linux:

  676.       system:

  677.         kernel:

  678.           isolcpu: 1,2,3,4,5,6,7 # isolate first cpu 0

  679. 

  680. Repositories

  681. ~~~~~~~~~~~~

  682. 

  683. RedHat based Linux with additional OpenStack repo

  684. 

  685. .. code-block:: yaml

  686. 

  687.     linux:

  688.       system:

  689.         ...

  690.         repo:

  691.           rdo-icehouse:

  692.             enabled: true

  693.             source: 'http://repos.fedorapeople.org/repos/openstack/openstack-icehouse/epel-6/'

  694.             pgpcheck: 0

  695. 

  696. Ensure system repository to use czech Debian mirror (``default: true``)

  697. Also pin it's packages with priority 900.

  698. 

  699. .. code-block:: yaml

  700. 

  701.    linux:

  702.      system:

  703.        repo:

  704.          debian:

  705.            default: true

  706.            source: "deb http://ftp.cz.debian.org/debian/ jessie main contrib non-free"

  707.            # Import signing key from URL if needed

  708.            key_url: "http://dummy.com/public.gpg"

  709.            pin:

  710.              - pin: 'origin "ftp.cz.debian.org"'

  711.                priority: 900

  712.                package: '*'

  713. 

  714. 

  715. Package manager proxy setup globally:

  716. 

  717. .. code-block:: yaml

  718. 

  719.     linux:

  720.       system:

  721.         ...

  722.         repo:

  723.           apt-mk:

  724.             source: "deb http://apt-mk.mirantis.com/ stable main salt"

  725.         ...

  726.         proxy:

  727.           pkg:

  728.             enabled: true

  729.             ftp:   ftp://ftp-proxy-for-apt.host.local:2121

  730.           ...

  731.           # NOTE: Global defaults for any other componet that configure proxy on the system.

  732.           #       If your environment has just one simple proxy, set it on linux:system:proxy.

  733.           #

  734.           # fall back system defaults if linux:system:proxy:pkg has no protocol specific entries

  735.           # as for https and http

  736.           ftp:   ftp://proxy.host.local:2121

  737.           http:  http://proxy.host.local:3142

  738.           https: https://proxy.host.local:3143

  739. 

  740. Package manager proxy setup per repository:

  741. 

  742. .. code-block:: yaml

  743. 

  744.     linux:

  745.       system:

  746.         ...

  747.         repo:

  748.           debian:

  749.             source: "deb http://apt-mk.mirantis.com/ stable main salt"

  750.         ...

  751.           apt-mk:

  752.             source: "deb http://apt-mk.mirantis.com/ stable main salt"

  753.             # per repository proxy

  754.             proxy:

  755.               enabled: true

  756.               http:  http://maas-01:8080

  757.               https: http://maas-01:8080

  758.         ...

  759.         proxy:

  760.           # package manager fallback defaults

  761.           # used if linux:system:repo:apt-mk:proxy has no protocol specific entries

  762.           pkg:

  763.             enabled: true

  764.             ftp:   ftp://proxy.host.local:2121

  765.             #http:  http://proxy.host.local:3142

  766.             #https: https://proxy.host.local:3143

  767.           ...

  768.           # global system fallback system defaults

  769.           ftp:   ftp://proxy.host.local:2121

  770.           http:  http://proxy.host.local:3142

  771.           https: https://proxy.host.local:3143

  772. 

  773. 

  774. Remove all repositories:

  775. 

  776. .. code-block:: yaml

  777. 

  778.     linux:

  779.       system:

  780.         purge_repos: true

  781. 

  782. Setup custom apt config options:

  783. 

  784. .. code-block:: yaml

  785. 

  786.     linux:

  787.       system:

  788.         apt:

  789.           config:

  790.             compression-workaround:

  791.               "Acquire::CompressionTypes::Order": "gz"

  792.             docker-clean:

  793.               "DPkg::Post-Invoke":

  794.                 - "rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true"

  795.               "APT::Update::Post-Invoke":

  796.                 - "rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true"

  797. 

  798. RC

  799. ~~

  800. 

  801. rc.local example

  802. 

  803. .. code-block:: yaml

  804. 

  805.    linux:

  806.      system:

  807.        rc:

  808.          local: |

  809.            #!/bin/sh -e

  810.            #

  811.            # rc.local

  812.            #

  813.            # This script is executed at the end of each multiuser runlevel.

  814.            # Make sure that the script will "exit 0" on success or any other

  815.            # value on error.

  816.            #

  817.            # In order to enable or disable this script just change the execution

  818.            # bits.

  819.            #

  820.            # By default this script does nothing.

  821.            exit 0

  822. 

  823. 

  824. Prompt

  825. ~~~~~~

  826. 

  827. Setting prompt is implemented by creating ``/etc/profile.d/prompt.sh``. Every

  828. user can have different prompt.

  829. 

  830. .. code-block:: yaml

  831. 

  832.     linux:

  833.       system:

  834.         prompt:

  835.           root: \\n\\[\\033[0;37m\\]\\D{%y/%m/%d %H:%M:%S} $(hostname -f)\\[\\e[0m\\]\\n\\[\\e[1;31m\\][\\u@\\h:\\w]\\[\\e[0m\\]

  836.           default: \\n\\D{%y/%m/%d %H:%M:%S} $(hostname -f)\\n[\\u@\\h:\\w]

  837. 

  838. On Debian systems to set prompt system-wide it's necessary to remove setting

  839. PS1 in ``/etc/bash.bashrc`` and ``~/.bashrc`` (which comes from

  840. ``/etc/skel/.bashrc``). This formula will do this automatically, but will not

  841. touch existing user's ``~/.bashrc`` files except root.

  842. 

  843. Bash

  844. ~~~~

  845. 

  846. Fix bash configuration to preserve history across sessions (like ZSH does by

  847. default).

  848. 

  849. .. code-block:: yaml

  850. 

  851.     linux:

  852.       system:

  853.         bash:

  854.           preserve_history: true

  855. 

  856. Login banner message

  857. ~~~~~~~~~~~~~~~~~~~~

  858. 

  859. /etc/issue is a text file which contains a message or system

  860. identification to be printed before the login prompt.  It may contain

  861. various @char and \char sequences, if supported by the getty-type

  862. program employed on the system.

  863. 

  864. Setting logon banner message is easy:

  865. 

  866. .. code-block:: yaml

  867. 

  868.     liunx:

  869.       system:

  870.         banner:

  871.           enabled: true

  872.           contents: |

  873.             UNAUTHORIZED ACCESS TO THIS SYSTEM IS PROHIBITED

  874. 

  875.             You must have explicit, authorized permission to access or configure this

  876.             device. Unauthorized attempts and actions to access or use this system may

  877.             result in civil and/or criminal penalties.

  878.             All activities performed on this system are logged and monitored.

  879. 

  880. Message of the day

  881. ~~~~~~~~~~~~~~~~~~

  882. 

  883. ``pam_motd`` from package ``libpam-modules`` is used for dynamic messages of the

  884. day. Setting custom motd will cleanup existing ones.

  885. 

  886. Setting static motd will replace existing ``/etc/motd`` and remove scripts from

  887. ``/etc/update-motd.d``.

  888. 

  889. Setting static motd:

  890. 

  891. .. code-block:: yaml

  892. 

  893.     linux:

  894.       system:

  895.         motd: |

  896.           UNAUTHORIZED ACCESS TO THIS SYSTEM IS PROHIBITED

  897. 

  898.           You must have explicit, authorized permission to access or configure this

  899.           device. Unauthorized attempts and actions to access or use this system may

  900.           result in civil and/or criminal penalties.

  901.           All activities performed on this system are logged and monitored.

  902. 

  903. Setting dynamic motd:

  904. 

  905. .. code-block:: yaml

  906. 

  907.     linux:

  908.       system:

  909.         motd:

  910.           - release: |

  911.               #!/bin/sh

  912.               [ -r /etc/lsb-release ] && . /etc/lsb-release

  913. 

  914.               if [ -z "$DISTRIB_DESCRIPTION" ] && [ -x /usr/bin/lsb_release ]; then

  915.               	# Fall back to using the very slow lsb_release utility

  916.               	DISTRIB_DESCRIPTION=$(lsb_release -s -d)

  917.               fi

  918. 

  919.               printf "Welcome to %s (%s %s %s)\n" "$DISTRIB_DESCRIPTION" "$(uname -o)" "$(uname -r)" "$(uname -m)"

  920.           - warning: |

  921.               #!/bin/sh

  922.               printf "This is [company name] network.\n"

  923.               printf "Unauthorized access strictly prohibited.\n"

  924. 

  925. Services

  926. ~~~~~~~~

  927. 

  928. Stop and disable linux service:

  929. 

  930. .. code-block:: yaml

  931. 

  932.     linux:

  933.       system:

  934.         service:

  935.           apt-daily.timer:

  936.             status: dead

  937. 

  938. Possible status is dead (disable service by default), running (enable service by default), enabled, disabled.

  939. 

  940. Linux with atop service:

  941. 

  942. .. code-block:: yaml

  943. 

  944.     linux:

  945.       system:

  946.         atop:

  947.           enabled: true

  948.           interval: 20

  949.           logpath: "/var/log/atop"

  950.           outfile: "/var/log/atop/daily.log"

  951. 

  952. Linux with mcelog service:

  953. 

  954. .. code-block:: yaml

  955. 

  956.     linux:

  957.       system:

  958.         mcelog:

  959.           enabled: true

  960.           logging:

  961.             syslog: true

  962.             syslog_error: true

  963. 

  964. RHEL / CentOS

  965. ^^^^^^^^^^^^^

  966. 

  967. Unfortunately ``update-motd`` is currently not available for RHEL so there's

  968. no native support for dynamic motd.

  969. You can still set static one, only pillar structure differs:

  970. 

  971. .. code-block:: yaml

  972. 

  973.     linux:

  974.       system:

  975.         motd: |

  976.           This is [company name] network.

  977.           Unauthorized access strictly prohibited.

  978. 

  979. Haveged

  980. ~~~~~~~

  981. 

  982. If you are running headless server and are low on entropy, it may be a good

  983. idea to setup Haveged.

  984. 

  985. .. code-block:: yaml

  986. 

  987.     linux:

  988.       system:

  989.         haveged:

  990.           enabled: true

  991. 

  992. Linux network

  993. -------------

  994. 

  995. Linux with network manager

  996. 

  997. .. code-block:: yaml

  998. 

  999.     linux:

  1000.       network:

  1001.         enabled: true

  1002.         network_manager: true

  1003. 

  1004. Linux with default static network interfaces, default gateway interface and DNS servers

  1005. 

  1006. .. code-block:: yaml

  1007. 

  1008.     linux:

  1009.       network:

  1010.         enabled: true

  1011.         interface:

  1012.           eth0:

  1013.             enabled: true

  1014.             type: eth

  1015.             address: 192.168.0.102

  1016.             netmask: 255.255.255.0

  1017.             gateway: 192.168.0.1

  1018.             name_servers:

  1019.             - 8.8.8.8

  1020.             - 8.8.4.4

  1021.             mtu: 1500

  1022. 

  1023. Linux with bonded interfaces and disabled NetworkManager

  1024. 

  1025. .. code-block:: yaml

  1026. 

  1027.     linux:

  1028.       network:

  1029.         enabled: true

  1030.         interface:

  1031.           eth0:

  1032.             type: eth

  1033.             ...

  1034.           eth1:

  1035.             type: eth

  1036.             ...

  1037.           bond0:

  1038.             enabled: true

  1039.             type: bond

  1040.             address: 192.168.0.102

  1041.             netmask: 255.255.255.0

  1042.             mtu: 1500

  1043.             use_in:

  1044.             - interface: ${linux:interface:eth0}

  1045.             - interface: ${linux:interface:eth0}

  1046.         network_manager:

  1047.           disable: true

  1048. 

  1049. Linux with vlan interface_params

  1050. 

  1051. .. code-block:: yaml

  1052. 

  1053.     linux:

  1054.       network:

  1055.         enabled: true

  1056.         interface:

  1057.           vlan69:

  1058.             type: vlan

  1059.             use_interfaces:

  1060.             - interface: ${linux:interface:bond0}

  1061. 

  1062. Linux with wireless interface parameters

  1063. 

  1064. .. code-block:: yaml

  1065. 

  1066.     linux:

  1067.       network:

  1068.         enabled: true

  1069.         gateway: 10.0.0.1

  1070.         default_interface: eth0

  1071.         interface:

  1072.           wlan0:

  1073.             type: eth

  1074.             wireless:

  1075.               essid: example

  1076.               key: example_key

  1077.               security: wpa

  1078.               priority: 1

  1079. 

  1080. Linux networks with routes defined

  1081. 

  1082. .. code-block:: yaml

  1083. 

  1084.     linux:

  1085.       network:

  1086.         enabled: true

  1087.         gateway: 10.0.0.1

  1088.         default_interface: eth0

  1089.         interface:

  1090.           eth0:

  1091.             type: eth

  1092.             route:

  1093.               default:

  1094.                 address: 192.168.0.123

  1095.                 netmask: 255.255.255.0

  1096.                 gateway: 192.168.0.1

  1097. 

  1098. Native Linux Bridges

  1099. 

  1100. .. code-block:: yaml

  1101. 

  1102.     linux:

  1103.       network:

  1104.         interface:

  1105.           eth1:

  1106.             enabled: true

  1107.             type: eth

  1108.             proto: manual

  1109.             up_cmds:

  1110.             - ip address add 0/0 dev $IFACE

  1111.             - ip link set $IFACE up

  1112.             down_cmds:

  1113.             - ip link set $IFACE down

  1114.           br-ex:

  1115.             enabled: true

  1116.             type: bridge

  1117.             address: ${linux:network:host:public_local:address}

  1118.             netmask: 255.255.255.0

  1119.             use_interfaces:

  1120.             - eth1

  1121. 

  1122. OpenVswitch Bridges

  1123. 

  1124. .. code-block:: yaml

  1125. 

  1126.     linux:

  1127.       network:

  1128.         bridge: openvswitch

  1129.         interface:

  1130.           eth1:

  1131.             enabled: true

  1132.             type: eth

  1133.             proto: manual

  1134.             up_cmds:

  1135.             - ip address add 0/0 dev $IFACE

  1136.             - ip link set $IFACE up

  1137.             down_cmds:

  1138.             - ip link set $IFACE down

  1139.           br-ex:

  1140.             enabled: true

  1141.             type: bridge

  1142.             address: ${linux:network:host:public_local:address}

  1143.             netmask: 255.255.255.0

  1144.             use_interfaces:

  1145.             - eth1

  1146.           br-prv:

  1147.             enabled: true

  1148.             type: ovs_bridge

  1149.             mtu: 65000

  1150.           br-ens7:

  1151.             enabled: true

  1152.             name: br-ens7

  1153.             type: ovs_bridge

  1154.             proto: manual

  1155.             mtu: 9000

  1156.             use_interfaces:

  1157.             - ens7

  1158.           patch-br-ens7-br-prv:

  1159.             enabled: true

  1160.             name: ens7-prv

  1161.             ovs_type: ovs_port

  1162.             type: ovs_port

  1163.             bridge: br-ens7

  1164.             port_type: patch

  1165.             peer: prv-ens7

  1166.             tag: 109 # [] to unset a tag

  1167.             mtu: 65000

  1168.           patch-br-prv-br-ens7:

  1169.             enabled: true

  1170.             name: prv-ens7

  1171.             bridge: br-prv

  1172.             ovs_type: ovs_port

  1173.             type: ovs_port

  1174.             port_type: patch

  1175.             peer: ens7-prv

  1176.             tag: 109

  1177.             mtu: 65000

  1178.           ens7:

  1179.             enabled: true

  1180.             name: ens7

  1181.             proto: manual

  1182.             ovs_port_type: OVSPort

  1183.             type: ovs_port

  1184.             ovs_bridge: br-ens7

  1185.             bridge: br-ens7

  1186. 

  1187. Debian manual proto interfaces

  1188. 

  1189. When you are changing interface proto from static in up state to manual, you

  1190. may need to flush ip addresses. For example, if you want to use the interface

  1191. and the ip on the bridge. This can be done by setting the ``ipflush_onchange``

  1192. to true.

  1193. 

  1194. .. code-block:: yaml

  1195. 

  1196.     linux:

  1197.       network:

  1198.         interface:

  1199.           eth1:

  1200.             enabled: true

  1201.             type: eth

  1202.             proto: manual

  1203.             mtu: 9100

  1204.             ipflush_onchange: true

  1205. 

  1206. Debian static proto interfaces

  1207. 

  1208. When you are changing interface proto from dhcp in up state to static, you

  1209. may need to flush ip addresses and restart interface to assign ip address from a managed file.

  1210. For example, if you want to use the interface and the ip on the bridge.

  1211. This can be done by setting the ``ipflush_onchange`` with combination

  1212. ``restart_on_ipflush`` param set to to true.

  1213. 

  1214. .. code-block:: yaml

  1215. 

  1216.     linux:

  1217.       network:

  1218.         interface:

  1219.           eth1:

  1220.             enabled: true

  1221.             type: eth

  1222.             proto: static

  1223.             address: 10.1.0.22

  1224.             netmask: 255.255.255.0

  1225.             ipflush_onchange: true

  1226.             restart_on_ipflush: true

  1227. 

  1228. Concatinating and removing interface files

  1229. 

  1230. Debian based distributions have `/etc/network/interfaces.d/` directory, where

  1231. you can store configuration of network interfaces in separate files. You can

  1232. concatinate the files to the defined destination when needed, this operation

  1233. removes the file from the `/etc/network/interfaces.d/`. If you just need to

  1234. remove iface files, you can use the `remove_iface_files` key.

  1235. 

  1236. .. code-block:: yaml

  1237. 

  1238.     linux:

  1239.       network:

  1240.         concat_iface_files:

  1241.         - src: '/etc/network/interfaces.d/50-cloud-init.cfg'

  1242.           dst: '/etc/network/interfaces'

  1243.         remove_iface_files:

  1244.         - '/etc/network/interfaces.d/90-custom.cfg'

  1245. 

  1246. 

  1247. DHCP client configuration

  1248. 

  1249. None of the keys is mandatory, include only those you really need. For full list

  1250. of available options under send, supersede, prepend, append refer to dhcp-options(5)

  1251. 

  1252. .. code-block:: yaml

  1253. 

  1254.      linux:

  1255.        network:

  1256.          dhclient:

  1257.            enabled: true

  1258.            backoff_cutoff: 15

  1259.            initial_interval: 10

  1260.            reboot: 10

  1261.            retry: 60

  1262.            select_timeout: 0

  1263.            timeout: 120

  1264.            send:

  1265.              - option: host-name

  1266.                declaration: "= gethostname()"

  1267.            supersede:

  1268.              - option: host-name

  1269.                declaration: "spaceship"

  1270.              - option: domain-name

  1271.                declaration: "domain.home"

  1272.              #- option: arp-cache-timeout

  1273.              #  declaration: 20

  1274.            prepend:

  1275.              - option: domain-name-servers

  1276.                declaration:

  1277.                  - 8.8.8.8

  1278.                  - 8.8.4.4

  1279.              - option: domain-search

  1280.                declaration:

  1281.                  - example.com

  1282.                  - eng.example.com

  1283.            #append:

  1284.              #- option: domain-name-servers

  1285.              #  declaration: 127.0.0.1

  1286.            # ip or subnet to reject dhcp offer from

  1287.            reject:

  1288.              - 192.33.137.209

  1289.              - 10.0.2.0/24

  1290.            request:

  1291.              - subnet-mask

  1292.              - broadcast-address

  1293.              - time-offset

  1294.              - routers

  1295.              - domain-name

  1296.              - domain-name-servers

  1297.              - domain-search

  1298.              - host-name

  1299.              - dhcp6.name-servers

  1300.              - dhcp6.domain-search

  1301.              - dhcp6.fqdn

  1302.              - dhcp6.sntp-servers

  1303.              - netbios-name-servers

  1304.              - netbios-scope

  1305.              - interface-mtu

  1306.              - rfc3442-classless-static-routes

  1307.              - ntp-servers

  1308.            require:

  1309.              - subnet-mask

  1310.              - domain-name-servers

  1311.            # if per interface configuration required add below

  1312.            interface:

  1313.              ens2:

  1314.                initial_interval: 11

  1315.                reject:

  1316.                  - 192.33.137.210

  1317.              ens3:

  1318.                initial_interval: 12

  1319.                reject:

  1320.                  - 192.33.137.211

  1321. 

  1322. Linux network systemd settings:

  1323. 

  1324. .. code-block:: yaml

  1325. 

  1326.     linux:

  1327.       network:

  1328.         ...

  1329.         systemd:

  1330.           link:

  1331.             10-iface-dmz:

  1332.               Match:

  1333.                 MACAddress: c8:5b:67:fa:1a:af

  1334.                 OriginalName: eth0

  1335.               Link:

  1336.                 Name: dmz0

  1337.           netdev:

  1338.             20-bridge-dmz:

  1339.               match:

  1340.                 name: dmz0

  1341.               network:

  1342.                 mescription: bridge

  1343.                 bridge: br-dmz0

  1344.           network:

  1345.           # works with lowercase, keys are by default capitalized

  1346.             40-dhcp:

  1347.               match:

  1348.                 name: '*'

  1349.               network:

  1350.                 DHCP: yes

  1351. 

  1352. 

  1353. Configure global environment variables

  1354. 

  1355. Use ``/etc/environment`` for static system wide variable assignment after

  1356. boot. Variable expansion is frequently not supported.

  1357. 

  1358. .. code-block:: yaml

  1359. 

  1360.     linux:

  1361.       system:

  1362.         env:

  1363.           BOB_VARIABLE: Alice

  1364.           ...

  1365.           BOB_PATH:

  1366.             - /srv/alice/bin

  1367.             - /srv/bob/bin

  1368.           ...

  1369.           ftp_proxy:   none

  1370.           http_proxy:  http://global-http-proxy.host.local:8080

  1371.           https_proxy: ${linux:system:proxy:https}

  1372.           no_proxy:

  1373.             - 192.168.0.80

  1374.             - 192.168.1.80

  1375.             - .domain.com

  1376.             - .local

  1377.         ...

  1378.         # NOTE: global defaults proxy configuration.

  1379.         proxy:

  1380.           ftp:   ftp://proxy.host.local:2121

  1381.           http:  http://proxy.host.local:3142

  1382.           https: https://proxy.host.local:3143

  1383.           noproxy:

  1384.             - .domain.com

  1385.             - .local

  1386. 

  1387. Configure profile.d scripts

  1388. 

  1389. The profile.d scripts are being sourced during .sh execution and support

  1390. variable expansion in opposite to /etc/environment global settings in

  1391. ``/etc/environment``.

  1392. 

  1393. .. code-block:: yaml

  1394. 

  1395.     linux:

  1396.       system:

  1397.         profile:

  1398.           locales: |

  1399.             export LANG=C

  1400.             export LC_ALL=C

  1401.           ...

  1402.           vi_flavors.sh: |

  1403.             export PAGER=view

  1404.             export EDITOR=vim

  1405.             alias vi=vim

  1406.           shell_locales.sh: |

  1407.             export LANG=en_US

  1408.             export LC_ALL=en_US.UTF-8

  1409.           shell_proxies.sh: |

  1410.             export FTP_PROXY=ftp://127.0.3.3:2121

  1411.             export NO_PROXY='.local'

  1412. 

  1413. Linux with hosts

  1414. 

  1415. Parameter purge_hosts will enforce whole /etc/hosts file, removing entries

  1416. that are not defined in model except defaults for both IPv4 and IPv6 localhost

  1417. and hostname + fqdn.

  1418. 

  1419. It's good to use this option if you want to ensure /etc/hosts is always in a

  1420. clean state however it's not enabled by default for safety.

  1421. 

  1422. .. code-block:: yaml

  1423. 

  1424.     linux:

  1425.       network:

  1426.         purge_hosts: true

  1427.         host:

  1428.           # No need to define this one if purge_hosts is true

  1429.           hostname:

  1430.             address: 127.0.1.1

  1431.             names:

  1432.             - ${linux:network:fqdn}

  1433.             - ${linux:network:hostname}

  1434.           node1:

  1435.             address: 192.168.10.200

  1436.             names:

  1437.             - node2.domain.com

  1438.             - service2.domain.com

  1439.           node2:

  1440.             address: 192.168.10.201

  1441.             names:

  1442.             - node2.domain.com

  1443.             - service2.domain.com

  1444. 

  1445. Linux with hosts collected from mine

  1446. 

  1447. In this case all dns records defined within infrastrucuture will be passed to

  1448. local hosts records or any DNS server. Only hosts with `grain` parameter to

  1449. true will be propagated to the mine.

  1450. 

  1451. .. code-block:: yaml

  1452. 

  1453.     linux:

  1454.       network:

  1455.         purge_hosts: true

  1456.         mine_dns_records: true

  1457.         host:

  1458.           node1:

  1459.             address: 192.168.10.200

  1460.             grain: true

  1461.             names:

  1462.             - node2.domain.com

  1463.             - service2.domain.com

  1464. 

  1465. Setup resolv.conf, nameservers, domain and search domains

  1466. 

  1467. .. code-block:: yaml

  1468. 

  1469.     linux:

  1470.       network:

  1471.         resolv:

  1472.           dns:

  1473.           - 8.8.4.4

  1474.           - 8.8.8.8

  1475.           domain: my.example.com

  1476.           search:

  1477.           - my.example.com

  1478.           - example.com

  1479.           options:

  1480.           - ndots: 5

  1481.           - timeout: 2

  1482.           - attempts: 2

  1483. 

  1484. setting custom TX queue length for tap interfaces

  1485. 

  1486. .. code-block:: yaml

  1487. 

  1488.     linux:

  1489.       network:

  1490.         tap_custom_txqueuelen: 10000

  1491. 

  1492. DPDK OVS interfaces

  1493. 

  1494. **DPDK OVS NIC**

  1495. 

  1496. .. code-block:: yaml

  1497. 

  1498.     linux:

  1499.       network:

  1500.         bridge: openvswitch

  1501.         dpdk:

  1502.           enabled: true

  1503.           driver: uio/vfio

  1504.         openvswitch:

  1505.           pmd_cpu_mask: "0x6"

  1506.           dpdk_socket_mem: "1024,1024"

  1507.           dpdk_lcore_mask: "0x400"

  1508.           memory_channels: 2

  1509.         interface:

  1510.           dpkd0:

  1511.             name: ${_param:dpdk_nic}

  1512.             pci: 0000:06:00.0

  1513.             driver: igb_uio/vfio-pci

  1514.             enabled: true

  1515.             type: dpdk_ovs_port

  1516.             n_rxq: 2

  1517.             pmd_rxq_affinity: "0:1,1:2"

  1518.             bridge: br-prv

  1519.             mtu: 9000

  1520.           br-prv:

  1521.             enabled: true

  1522.             type: dpdk_ovs_bridge

  1523. 

  1524. **DPDK OVS Bond**

  1525. 

  1526. .. code-block:: yaml

  1527. 

  1528.     linux:

  1529.       network:

  1530.         bridge: openvswitch

  1531.         dpdk:

  1532.           enabled: true

  1533.           driver: uio/vfio

  1534.         openvswitch:

  1535.           pmd_cpu_mask: "0x6"

  1536.           dpdk_socket_mem: "1024,1024"

  1537.           dpdk_lcore_mask: "0x400"

  1538.           memory_channels: 2

  1539.         interface:

  1540.           dpdk_second_nic:

  1541.             name: ${_param:primary_second_nic}

  1542.             pci: 0000:06:00.0

  1543.             driver: igb_uio/vfio-pci

  1544.             bond: dpdkbond0

  1545.             enabled: true

  1546.             type: dpdk_ovs_port

  1547.             n_rxq: 2

  1548.             pmd_rxq_affinity: "0:1,1:2"

  1549.             mtu: 9000

  1550.           dpdk_first_nic:

  1551.             name: ${_param:primary_first_nic}

  1552.             pci: 0000:05:00.0

  1553.             driver: igb_uio/vfio-pci

  1554.             bond: dpdkbond0

  1555.             enabled: true

  1556.             type: dpdk_ovs_port

  1557.             n_rxq: 2

  1558.             pmd_rxq_affinity: "0:1,1:2"

  1559.             mtu: 9000

  1560.           dpdkbond0:

  1561.             enabled: true

  1562.             bridge: br-prv

  1563.             type: dpdk_ovs_bond

  1564.             mode: active-backup

  1565.           br-prv:

  1566.             enabled: true

  1567.             type: dpdk_ovs_bridge

  1568. 

  1569. **DPDK OVS LACP Bond with vlan tag**

  1570. 

  1571. .. code-block:: yaml

  1572. 

  1573.     linux:

  1574.       network:

  1575.         bridge: openvswitch

  1576.         dpdk:

  1577.           enabled: true

  1578.           driver: uio

  1579.         openvswitch:

  1580.           pmd_cpu_mask: "0x6"

  1581.           dpdk_socket_mem: "1024,1024"

  1582.           dpdk_lcore_mask: "0x400"

  1583.           memory_channels: "2"

  1584.         interface:

  1585.           eth3:

  1586.             enabled: true

  1587.             type: eth

  1588.             proto: manual

  1589.             name: ${_param:tenant_first_nic}

  1590.           eth4:

  1591.             enabled: true

  1592.             type: eth

  1593.             proto: manual

  1594.             name: ${_param:tenant_second_nic}

  1595.           dpdk0:

  1596.             name: ${_param:tenant_first_nic}

  1597.             pci: "0000:81:00.0"

  1598.             driver: igb_uio

  1599.             bond: bond1

  1600.             enabled: true

  1601.             type: dpdk_ovs_port

  1602.             n_rxq: 2

  1603.           dpdk1:

  1604.             name: ${_param:tenant_second_nic}

  1605.             pci: "0000:81:00.1"

  1606.             driver: igb_uio

  1607.             bond: bond1

  1608.             enabled: true

  1609.             type: dpdk_ovs_port

  1610.             n_rxq: 2

  1611.           bond1:

  1612.             enabled: true

  1613.             bridge: br-prv

  1614.             type: dpdk_ovs_bond

  1615.             mode: balance-slb

  1616.           br-prv:

  1617.             enabled: true

  1618.             type: dpdk_ovs_bridge

  1619.             tag: ${_param:tenant_vlan}

  1620.             address: ${_param:tenant_address}

  1621.             netmask: ${_param:tenant_network_netmask}

  1622. 

  1623. **DPDK OVS bridge for VXLAN**

  1624. 

  1625. If VXLAN is used as tenant segmentation then ip address must be set on br-prv

  1626. 

  1627. .. code-block:: yaml

  1628. 

  1629.     linux:

  1630.       network:

  1631.         ...

  1632.         interface:

  1633.           br-prv:

  1634.             enabled: true

  1635.             type: dpdk_ovs_bridge

  1636.             address: 192.168.50.0

  1637.             netmask: 255.255.255.0

  1638.             tag: 101

  1639.             mtu: 9000

  1640. 

  1641. 

  1642. 

  1643. **DPDK OVS bridge with Linux network interface**

  1644. 

  1645. .. code-block:: yaml

  1646. 

  1647.     linux:

  1648.       network:

  1649.         ...

  1650.         interface:

  1651.           eth0:

  1652.             type: eth

  1653.             ovs_bridge: br-prv

  1654.             ...

  1655.           br-prv:

  1656.             enabled: true

  1657.             type: dpdk_ovs_bridge

  1658.             ...

  1659. 

  1660. Linux storage

  1661. -------------

  1662. 

  1663. Linux with mounted Samba

  1664. 

  1665. .. code-block:: yaml

  1666. 

  1667.     linux:

  1668.       storage:

  1669.         enabled: true

  1670.         mount:

  1671.           samba1:

  1672.           - enabled: true

  1673.           - path: /media/myuser/public/

  1674.           - device: //192.168.0.1/storage

  1675.           - file_system: cifs

  1676.           - options: guest,uid=myuser,iocharset=utf8,file_mode=0777,dir_mode=0777,noperm

  1677. 

  1678. NFS mount

  1679. 

  1680. .. code-block:: yaml

  1681. 

  1682.   linux:

  1683.     storage:

  1684.       enabled: true

  1685.       mount:

  1686.         nfs_glance:

  1687.           enabled: true

  1688.           path: /var/lib/glance/images

  1689.           device: 172.16.10.110:/var/nfs/glance

  1690.           file_system: nfs

  1691.           opts: rw,sync

  1692. 

  1693. 

  1694. File swap configuration

  1695. 

  1696. .. code-block:: yaml

  1697. 

  1698.     linux:

  1699.       storage:

  1700.         enabled: true

  1701.         swap:

  1702.           file:

  1703.             enabled: true

  1704.             engine: file

  1705.             device: /swapfile

  1706.             size: 1024

  1707. 

  1708. Partition swap configuration

  1709. 

  1710. .. code-block:: yaml

  1711. 

  1712.     linux:

  1713.       storage:

  1714.         enabled: true

  1715.         swap:

  1716.           partition:

  1717.             enabled: true

  1718.             engine: partition

  1719.             device: /dev/vg0/swap

  1720. 

  1721. LVM group `vg1` with one device and `data` volume mounted into `/mnt/data`

  1722. 

  1723. .. code-block:: yaml

  1724. 

  1725.     parameters:

  1726.       linux:

  1727.         storage:

  1728.           mount:

  1729.             data:

  1730.               enabled: true

  1731.               device: /dev/vg1/data

  1732.               file_system: ext4

  1733.               path: /mnt/data

  1734.           lvm:

  1735.             vg1:

  1736.               enabled: true

  1737.               devices:

  1738.                 - /dev/sdb

  1739.               volume:

  1740.                 data:

  1741.                   size: 40G

  1742.                   mount: ${linux:storage:mount:data}

  1743. 

  1744. Create partitions on disk. Specify size in MB. It expects empty

  1745. disk without any existing partitions. (set startsector=1, if you want to start partitions from 2048)

  1746. 

  1747. .. code-block:: yaml

  1748. 

  1749.       linux:

  1750.         storage:

  1751.           disk:

  1752.             first_drive:

  1753.               startsector: 1

  1754.               name: /dev/loop1

  1755.               type: gpt

  1756.               partitions:

  1757.                 - size: 200 #size in MB

  1758.                   type: fat32

  1759.                 - size: 300 #size in MB

  1760.                   mkfs: True

  1761.                   type: xfs

  1762.             /dev/vda1:

  1763.               partitions:

  1764.                 - size: 5

  1765.                   type: ext2

  1766.                 - size: 10

  1767.                   type: ext4

  1768. 

  1769. Multipath with Fujitsu Eternus DXL

  1770. 

  1771. .. code-block:: yaml

  1772. 

  1773.     parameters:

  1774.       linux:

  1775.         storage:

  1776.           multipath:

  1777.             enabled: true

  1778.             blacklist_devices:

  1779.             - /dev/sda

  1780.             - /dev/sdb

  1781.             backends:

  1782.             - fujitsu_eternus_dxl

  1783. 

  1784. Multipath with Hitachi VSP 1000

  1785. 

  1786. .. code-block:: yaml

  1787. 

  1788.     parameters:

  1789.       linux:

  1790.         storage:

  1791.           multipath:

  1792.             enabled: true

  1793.             blacklist_devices:

  1794.             - /dev/sda

  1795.             - /dev/sdb

  1796.             backends:

  1797.             - hitachi_vsp1000

  1798. 

  1799. Multipath with IBM Storwize

  1800. 

  1801. .. code-block:: yaml

  1802. 

  1803.     parameters:

  1804.       linux:

  1805.         storage:

  1806.           multipath:

  1807.             enabled: true

  1808.             blacklist_devices:

  1809.             - /dev/sda

  1810.             - /dev/sdb

  1811.             backends:

  1812.             - ibm_storwize

  1813. 

  1814. Multipath with multiple backends

  1815. 

  1816. .. code-block:: yaml

  1817. 

  1818.     parameters:

  1819.       linux:

  1820.         storage:

  1821.           multipath:

  1822.             enabled: true

  1823.             blacklist_devices:

  1824.             - /dev/sda

  1825.             - /dev/sdb

  1826.             - /dev/sdc

  1827.             - /dev/sdd

  1828.             backends:

  1829.             - ibm_storwize

  1830.             - fujitsu_eternus_dxl

  1831.             - hitachi_vsp1000

  1832. 

  1833. PAM LDAP integration

  1834. 

  1835. .. code-block:: yaml

  1836. 

  1837.     parameters:

  1838.       linux:

  1839.         system:

  1840.           auth:

  1841.             enabled: true

  1842.             mkhomedir:

  1843.               enabled: true

  1844.               umask: 0027

  1845.             ldap:

  1846.               enabled: true

  1847.               binddn: cn=bind,ou=service_users,dc=example,dc=com

  1848.               bindpw: secret

  1849.               uri: ldap://127.0.0.1

  1850.               base: ou=users,dc=example,dc=com

  1851.               ldap_version: 3

  1852.               pagesize: 65536

  1853.               referrals: off

  1854.               filter:

  1855.                 passwd: (&(&(objectClass=person)(uidNumber=*))(unixHomeDirectory=*))

  1856.                 shadow: (&(&(objectClass=person)(uidNumber=*))(unixHomeDirectory=*))

  1857.                 group:  (&(objectClass=group)(gidNumber=*))

  1858. 

  1859. Disabled multipath (the default setup)

  1860. 

  1861. .. code-block:: yaml

  1862. 

  1863.     parameters:

  1864.       linux:

  1865.         storage:

  1866.           multipath:

  1867.             enabled: false

  1868. 

  1869. Linux with local loopback device

  1870. 

  1871. .. code-block:: yaml

  1872. 

  1873.     linux:

  1874.       storage:

  1875.         loopback:

  1876.           disk1:

  1877.             file: /srv/disk1

  1878.             size: 50G

  1879. 

  1880. External config generation

  1881. --------------------------

  1882. 

  1883. You are able to use config support metadata between formulas and only generate

  1884. config files for external use, eg. docker, etc.

  1885. 

  1886. .. code-block:: yaml

  1887. 

  1888.     parameters:

  1889.       linux:

  1890.         system:

  1891.           config:

  1892.             pillar:

  1893.               jenkins:

  1894.                 master:

  1895.                   home: /srv/volumes/jenkins

  1896.                   approved_scripts:

  1897.                     - method java.net.URL openConnection

  1898.                   credentials:

  1899.                     - type: username_password

  1900.                       scope: global

  1901.                       id: test

  1902.                       desc: Testing credentials

  1903.                       username: test

  1904.                       password: test

  1905. 

  1906. Netconsole Remote Kernel Logging

  1907. --------------------------------

  1908. 

  1909. Netconsole logger could be configured for configfs-enabled kernels

  1910. (`CONFIG_NETCONSOLE_DYNAMIC` should be enabled). Configuration applies both in

  1911. runtime (if network is already configured), and on-boot after interface

  1912. initialization. Notes:

  1913. 

  1914.  * receiver could be located only in same L3 domain

  1915.    (or you need to configure gateway MAC manually)

  1916.  * receiver's MAC is detected only on configuration time

  1917.  * using broadcast MAC is not recommended

  1918. 

  1919. .. code-block:: yaml

  1920. 

  1921.     parameters:

  1922.       linux:

  1923.         system:

  1924.           netconsole:

  1925.             enabled: true

  1926.             port: 514 (optional)

  1927.             loglevel: debug (optional)

  1928.             target:

  1929.               192.168.0.1:

  1930.                 interface: bond0

  1931.                 mac: "ff:ff:ff:ff:ff:ff" (optional)

  1932. 

  1933. Usage

  1934. =====

  1935. 

  1936. Set mtu of network interface eth0 to 1400

  1937. 

  1938. .. code-block:: bash

  1939. 

  1940.     ip link set dev eth0 mtu 1400

  1941. 

  1942. Read more

  1943. =========

  1944. 

  1945. * https://www.archlinux.org/

  1946. * http://askubuntu.com/questions/175172/how-do-i-configure-proxies-in-ubuntu-server-or-minimal-cli-ubuntu

  1947. 

  1948. Documentation and Bugs

  1949. ======================

  1950. 

  1951. To learn how to install and update salt-formulas, consult the documentation

  1952. available online at:

  1953. 

  1954.     http://salt-formulas.readthedocs.io/

  1955. 

  1956. In the unfortunate event that bugs are discovered, they should be reported to

  1957. the appropriate issue tracker. Use Github issue tracker for specific salt

  1958. formula:

  1959. 

  1960.     https://github.com/salt-formulas/salt-formula-linux/issues

  1961. 

  1962. For feature requests, bug reports or blueprints affecting entire ecosystem,

  1963. use Launchpad salt-formulas project:

  1964. 

  1965.     https://launchpad.net/salt-formulas

  1966. 

  1967. You can also join salt-formulas-users team and subscribe to mailing list:

  1968. 

  1969.     https://launchpad.net/~salt-formulas-users

  1970. 

  1971. Developers wishing to work on the salt-formulas projects should always base

  1972. their work on master branch and submit pull request against specific formula.

  1973. 

  1974.     https://github.com/salt-formulas/salt-formula-linux

  1975. 

  1976. Any questions or feedback is always welcome so feel free to join our IRC

  1977. channel:

  1978. 

  1979.     #salt-formulas @ irc.freenode.net