ExternalMirrors
/
linux-formula
mirror of https://github.com/salt-formulas/salt-formula-linux
Watch 1
Star 0
Fork 1
Code Issues 0 Releases 8 Wiki Activity
Saltstack Official Linux Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
621 Commits
26 Branches
Tree: 697ce4bf04
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '697ce4bf04'
${ noResults }
linux-formula/README.rst

README.rst 47KB
Raw Normal View History

Update README.rst
7 years ago
Initial commit
9 years ago
Update README.rst
7 years ago
Initial commit
9 years ago
Update README.rst
7 years ago
Initial commit
9 years ago
Extend linux.user - Add posibility do delete user password - Delete any password, if no other option has been passed - Allow to pass hash\plain password - Allow to unchange password Change-Id: Id2b7234ca5d4417475b2114e74840292fc57d0de
7 years ago
Initial commit
9 years ago
Extend linux.user - Add posibility do delete user password - Delete any password, if no other option has been passed - Allow to pass hash\plain password - Allow to unchange password Change-Id: Id2b7234ca5d4417475b2114e74840292fc57d0de
7 years ago
Initial commit
9 years ago
Extend linux.user - Add posibility do delete user password - Delete any password, if no other option has been passed - Allow to pass hash\plain password - Allow to unchange password Change-Id: Id2b7234ca5d4417475b2114e74840292fc57d0de
7 years ago
Initial commit
9 years ago
Add sudo state, salt-managed aliases,users,groups - apply review comments - add visudo check cmd
7 years ago
Update README.rst
7 years ago
Add sudo state, salt-managed aliases,users,groups - apply review comments - add visudo check cmd
7 years ago
Update README.rst
7 years ago
Add sudo state, salt-managed aliases,users,groups - apply review comments - add visudo check cmd
7 years ago
Update README.rst fixed typo in sudo part
7 years ago
Add sudo state, salt-managed aliases,users,groups - apply review comments - add visudo check cmd
7 years ago
Added ability to enable SETENV in sudoers Change-Id: Icee295720a5a2425390a1bcd588841897071938e
7 years ago
Add sudo state, salt-managed aliases,users,groups - apply review comments - add visudo check cmd
7 years ago
Initial commit
9 years ago
Add system.autoupdates state (#61) * Add support for autoupdates only Debian-based systems are supported for now (through unattended-upgrades package) * Fix test on system.autoupdates.pkgs
7 years ago
Initial commit
9 years ago
Use cron job identifier to be able to update command Change-Id: Id571945585863a08bd2317b57ecc6123a16e1857
7 years ago
Initial commit
9 years ago
Use cron job identifier to be able to update command Change-Id: Id571945585863a08bd2317b57ecc6123a16e1857
7 years ago
Initial commit
9 years ago
Support for setting security limits
9 years ago
Enable/disable console autologin
9 years ago
More options for consoles
9 years ago
Enable/disable console autologin
9 years ago
Allow setting policy-rc.d
9 years ago
Allow setting system locales
8 years ago
Fix readme of cs_CZ locales
8 years ago
Allow setting system locales
8 years ago
Allow configure systemd Change-Id: I54bc92902137899834408732ab852fd96d3f5a53
7 years ago
Add linux.system.directory state Change-Id: Ida91f545cc705457d1bc567fbee483e14a202a3a
7 years ago
Added support for managing files by pillar Change-Id: Ibd0a024bcd69089d9835a18f2bb803c952e13967
7 years ago
linux.system.file - hash only if source is defined and ability to set name by param Change-Id: Ia286ac4377c6b03ce16c9dc1a5c7d3441efe7e12
6 years ago
Added support for managing files by pillar Change-Id: Ibd0a024bcd69089d9835a18f2bb803c952e13967
7 years ago
linux.system.file - hash only if source is defined and ability to set name by param Change-Id: Ia286ac4377c6b03ce16c9dc1a5c7d3441efe7e12
6 years ago
Add support file.serialize in linux:system:file Ensure presence of file to be serialized through one of the serializer modules (see: https://docs.saltstack.com/en/latest/ref/serializers/all/index.html):
6 years ago
Make linux.system.kernel functional
9 years ago
add support for kernel modules Change-Id: I6ba3d72307805341829fe0f6919e326f3698e833
7 years ago
RIL-267 Adding cpu governor and kernel module opts (#101) * RIL-267 Adding cpu governor and kernel module opts * RIL-267 Adding cpu governor and kernel module opts * RIL-267 Adding cpu governor and kernel module opts
7 years ago
Make linux.system.kernel functional
9 years ago
Linux sysctl kernel parameters
9 years ago
Handle kernel boot options The 'system.kernel.elevator' and 'system.kernel.isolcpu' options have been kept for backward compatibility and should be used in new fashion way with system.kernel.boot_options parameter. Change-Id: I51f7167b8b8946500df2065ee6b02bcf21809bc9
7 years ago
cpu governor
8 years ago
RIL-267 Adding cpu governor and kernel module opts (#101) * RIL-267 Adding cpu governor and kernel module opts * RIL-267 Adding cpu governor and kernel module opts * RIL-267 Adding cpu governor and kernel module opts
7 years ago
cpu governor
8 years ago
add additional shared libraries (#137) * This merge request gives the ability to add shared libaries without set LD_LIBRARY_PATH variable. 1. Generate file in /etc/ld.so.conf.d/ 2. update /etc/ld.so.cache with ldconfig command example pillars: linux: system: enabled: True ld: libraries: java: - /usr/lib/jvm/jre-openjdk/lib/amd64/server - /opt/java/jre/lib/amd64/server * fix format in README.rst for Shared Libraries * Fix for #137 - change pillar libraries key to library
7 years ago
cgroups PROD-16845 Change-Id: Iabc6f4584e34c988e67ff42ee8ceb20c469823d6
7 years ago
add additional shared libraries (#137) * This merge request gives the ability to add shared libaries without set LD_LIBRARY_PATH variable. 1. Generate file in /etc/ld.so.conf.d/ 2. update /etc/ld.so.cache with ldconfig command example pillars: linux: system: enabled: True ld: libraries: java: - /usr/lib/jvm/jre-openjdk/lib/amd64/server - /opt/java/jre/lib/amd64/server * fix format in README.rst for Shared Libraries * Fix for #137 - change pillar libraries key to library
7 years ago
Add ca_certificates into readme Fixes: #120 Change-Id: Idc3b239418630a6d7cb8d5451726095c70fb6247
7 years ago
Add support for sysfs Change-Id: I29cfe2cd9dd39b74a1d39313f78dfddc87cb79b8
7 years ago
Hugepages support Grub hugepages configuration and mount point action. Change-Id: I49b26871c325b95a7d3f264892a9e997b58765bc Epic: PROD-8959
7 years ago
Mend hugepages config * make unique mounted device * hugepages realtime setup for default pagesize only Change-Id: Ifa369f62a993c59c7b2c471b273fa795cc794e24 Closes-Bug: PROD-19825
6 years ago
Hugepages support Grub hugepages configuration and mount point action. Change-Id: I49b26871c325b95a7d3f264892a9e997b58765bc Epic: PROD-8959
7 years ago
cpu governor
8 years ago
SRIOV support Enable SR-IOV support on server. Change-Id: I7dabe340abd398cc0422698112cbdd81804446b7 Epic: PROD-8956
7 years ago
Implement isolcpu grub configuration Separate cpu for host os from workload. Change-Id: I5b274a6324fe2fa47c09df82c01e3b95dadb5e53 Epic: PROD-8959
7 years ago
cpu governor
8 years ago
Initial commit
9 years ago
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 years ago
Add dhclient basic configuration Allows configuring general section as well as configuring each dhcp enabled interface separetly. Does not allow alias or lease configuration.
7 years ago
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 years ago
Add dhclient basic configuration Allows configuring general section as well as configuring each dhcp enabled interface separetly. Does not allow alias or lease configuration.
7 years ago
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 years ago
README fix for purging repos
7 years ago
Add linux.system.apt state Change-Id: I1e190f1f5b34a049335efbecffad3dddf7c41644
7 years ago
README fix for purging repos
7 years ago
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 years ago
rc.local added to linux formula
9 years ago
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 years ago
Allow setting system-wide prompt
9 years ago
Ensure PS1 is enforced for root
9 years ago
rc.local added to linux formula
9 years ago
Option to preserve bash history
8 years ago
Configure interactive logon message This is also covers the following CIS items * CIS 1.7.1.5 Ensure permissions on /etc/issue are configured (Scored) Change-Id: If8c237ff4db7e9ab7ee244278d28f632e73ecb56 Related-Prod: PROD-19166
6 years ago
Set message of the day
9 years ago
Update motd.sls This patch unifies /etc/motd managing approach for both RedHat and Ubuntu systems. Providing a string value via linux:system:motd pillar will configure static /etc/motd and remove dynamic scripts from /etc/update-motd.d (if present). update-motd can safely be removed because Ubuntu supports dynamic motd by pam_motd means since 2009. Related-Prod: PROD-17287 Change-Id: Ic9b7e18abb12cfe8704717b14dc1237e40715319
6 years ago
Set message of the day
9 years ago
Update motd.sls This patch unifies /etc/motd managing approach for both RedHat and Ubuntu systems. Providing a string value via linux:system:motd pillar will configure static /etc/motd and remove dynamic scripts from /etc/update-motd.d (if present). update-motd can safely be removed because Ubuntu supports dynamic motd by pam_motd means since 2009. Related-Prod: PROD-17287 Change-Id: Ic9b7e18abb12cfe8704717b14dc1237e40715319
6 years ago
Set message of the day
9 years ago
add service management support Change-Id: Iffb55fee41b8398de12554b58a9d36ae2b81e7ff
7 years ago
Add atop Change-Id: I59297736406469e5314236cb40851d9a6f94386e
7 years ago
Add support of mcelog service Change-Id: I32c83d63e7f359704ab6cc77dec07a1617880fbb Prod-Related: PROD-20137
6 years ago
RHEL compatibility of motd and prompt
8 years ago
Support for haveged
8 years ago
RHEL compatibility of motd and prompt
8 years ago
Support for haveged
8 years ago
Initial commit
9 years ago
example usage to disable NM
9 years ago
Initial commit
9 years ago
example usage to disable NM
9 years ago
Initial commit
9 years ago
vlan networking support
9 years ago
fix fillar syntax
9 years ago
vlan networking support
9 years ago
Initial commit
9 years ago
vlan networking support
9 years ago
Initial commit
9 years ago
vlan networking support
9 years ago
Initial commit
9 years ago
One should be able to change ovs port type if its not virtual. If ovs port is virtual, we use OVSIntPort to create it. Otherwise it should be OVSPort. I've added new key: ovs_port_type to not intersect with current deployments and not hurt anyone. I've updated doc to have an example of ovs peering patch. Customer-Found Change-Id: Ieddb5fcc02d410c3cc14c89737992690cb5f3975
7 years ago
Add ability to configure VLAN tag on patch port Change-Id: I41f6e9c4feed93d03ac0479f9bd3626e48ad8063 Co-Authored-By: Michael Polenchuk <mpolenchuk@mirantis.com> Closes-Bug: PROD-20729
6 years ago
One should be able to change ovs port type if its not virtual. If ovs port is virtual, we use OVSIntPort to create it. Otherwise it should be OVSPort. I've added new key: ovs_port_type to not intersect with current deployments and not hurt anyone. I've updated doc to have an example of ovs peering patch. Customer-Found Change-Id: Ieddb5fcc02d410c3cc14c89737992690cb5f3975
7 years ago
Add ability to configure VLAN tag on patch port Change-Id: I41f6e9c4feed93d03ac0479f9bd3626e48ad8063 Co-Authored-By: Michael Polenchuk <mpolenchuk@mirantis.com> Closes-Bug: PROD-20729
6 years ago
One should be able to change ovs port type if its not virtual. If ovs port is virtual, we use OVSIntPort to create it. Otherwise it should be OVSPort. I've added new key: ovs_port_type to not intersect with current deployments and not hurt anyone. I've updated doc to have an example of ovs peering patch. Customer-Found Change-Id: Ieddb5fcc02d410c3cc14c89737992690cb5f3975
7 years ago
Initial commit
9 years ago
Introduce ipflush_onchange Change-Id: I4dc6d6db82dc4074ed247b7fc0c29bfdc867b0d6
7 years ago
ifdown ifup fix PROD-16903 Change-Id: I660f745fc7518836f262b08fb92d39bbbe7a24e8
7 years ago
Introduce ipflush_onchange Change-Id: I4dc6d6db82dc4074ed247b7fc0c29bfdc867b0d6
7 years ago
Add concat and remove for interfaces.d Change-Id: Ia97c5a79c5298f24aca6ca9148ce48546f3bcb70
7 years ago
Add dhclient basic configuration Allows configuring general section as well as configuring each dhcp enabled interface separetly. Does not allow alias or lease configuration.
7 years ago
Add linux.network.systemd support
7 years ago
Add dhclient basic configuration Allows configuring general section as well as configuring each dhcp enabled interface separetly. Does not allow alias or lease configuration.
7 years ago
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 years ago
Allow mining for the dns records for local hosts records Change-Id: I8f2a66c6edafc425794d7cedc8b9217df7ee5951
7 years ago
Initial commit
9 years ago
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 years ago
Initial commit
9 years ago
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 years ago
Initial commit
9 years ago
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 years ago
Allow mining for the dns records for local hosts records Change-Id: I8f2a66c6edafc425794d7cedc8b9217df7ee5951
7 years ago
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 years ago
Initial commit
9 years ago
Allow enforcing of whole /etc/hosts Parameter purge_hosts will enforce whole /etc/hosts file, removing entries that are not defined in model except defaults for both IPv4 and IPv6 localhost and hostname + fqdn. It's good to use this option if you want to ensure /etc/hosts is always in a clean state however it's not enabled by default for safety. Change-Id: Ieb219b2dd494d5a66ecc52a2ec00dd5157ee2b7a
8 years ago
Allow mining for the dns records for local hosts records Change-Id: I8f2a66c6edafc425794d7cedc8b9217df7ee5951
7 years ago
Allow enforcing of whole /etc/hosts Parameter purge_hosts will enforce whole /etc/hosts file, removing entries that are not defined in model except defaults for both IPv4 and IPv6 localhost and hostname + fqdn. It's good to use this option if you want to ensure /etc/hosts is always in a clean state however it's not enabled by default for safety. Change-Id: Ieb219b2dd494d5a66ecc52a2ec00dd5157ee2b7a
8 years ago
Initial commit
9 years ago
Allow enforcing of whole /etc/hosts Parameter purge_hosts will enforce whole /etc/hosts file, removing entries that are not defined in model except defaults for both IPv4 and IPv6 localhost and hostname + fqdn. It's good to use this option if you want to ensure /etc/hosts is always in a clean state however it's not enabled by default for safety. Change-Id: Ieb219b2dd494d5a66ecc52a2ec00dd5157ee2b7a
8 years ago
Initial commit
9 years ago
Allow enforcing of whole /etc/hosts Parameter purge_hosts will enforce whole /etc/hosts file, removing entries that are not defined in model except defaults for both IPv4 and IPv6 localhost and hostname + fqdn. It's good to use this option if you want to ensure /etc/hosts is always in a clean state however it's not enabled by default for safety. Change-Id: Ieb219b2dd494d5a66ecc52a2ec00dd5157ee2b7a
8 years ago
Initial commit
9 years ago
Allow mining for the dns records for local hosts records Change-Id: I8f2a66c6edafc425794d7cedc8b9217df7ee5951
7 years ago
Allow enforcing of whole /etc/hosts Parameter purge_hosts will enforce whole /etc/hosts file, removing entries that are not defined in model except defaults for both IPv4 and IPv6 localhost and hostname + fqdn. It's good to use this option if you want to ensure /etc/hosts is always in a clean state however it's not enabled by default for safety. Change-Id: Ieb219b2dd494d5a66ecc52a2ec00dd5157ee2b7a
8 years ago
Allow setting resolv.conf
9 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
Allow setting resolv.conf
9 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
fix options setting in resolv
8 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
Allow mining for the dns records for local hosts records Change-Id: I8f2a66c6edafc425794d7cedc8b9217df7ee5951
7 years ago
Feature: automatically set txqueuelen for all tap* network interfaces Config: linux: network: tap_custom_txqueuelen: 10000 in case of configuration parameter defined will create file: /etc/udev/rules.d/60-net-txqueue.rules with content: KERNEL==”tap[0-9a-z\-]*", RUN+="/sbin/ip link set %k txqueuelen 10000"
7 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
[DPDK] Enable VT-d in kernel via grub in case vfio-pci PMD driver This is required in order to use vfio-pci driver. More info: http://docs.openvswitch.org/en/latest/intro/install/dpdk/ Change-Id: I1c936ffd4a903b9c6d67cdde6c612019a85f9b9e
7 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
[DPDK] Enable VT-d in kernel via grub in case vfio-pci PMD driver This is required in order to use vfio-pci driver. More info: http://docs.openvswitch.org/en/latest/intro/install/dpdk/ Change-Id: I1c936ffd4a903b9c6d67cdde6c612019a85f9b9e
7 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
[DPDK] Add ability to set pmd_rxq_affinity for dpdk interfaces This enables a more fine tuned dpdk for better performance. More details on pmd-rxq-affinity config: http://docs.openvswitch.org/en/latest/howto/dpdk/ Change-Id: I630c6af94ff733619fb175f522fc515984862ff6
7 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
Linux OVS dpdk vxlan tunnel endpoint ip address Add possiblity to add ip address and mtu on dpdk ovs bridge to be able use VXLAN as tenant segmentation. Change-Id: I1394d30c5d9935218841b17ff7651dac7b4abefa Epic: PROD-8957
7 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
Allow setting resolv.conf
9 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
[DPDK] Enable VT-d in kernel via grub in case vfio-pci PMD driver This is required in order to use vfio-pci driver. More info: http://docs.openvswitch.org/en/latest/intro/install/dpdk/ Change-Id: I1c936ffd4a903b9c6d67cdde6c612019a85f9b9e
7 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
[DPDK] Enable VT-d in kernel via grub in case vfio-pci PMD driver This is required in order to use vfio-pci driver. More info: http://docs.openvswitch.org/en/latest/intro/install/dpdk/ Change-Id: I1c936ffd4a903b9c6d67cdde6c612019a85f9b9e
7 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
[DPDK] Add ability to set pmd_rxq_affinity for dpdk interfaces This enables a more fine tuned dpdk for better performance. More details on pmd-rxq-affinity config: http://docs.openvswitch.org/en/latest/howto/dpdk/ Change-Id: I630c6af94ff733619fb175f522fc515984862ff6
7 years ago
Linux OVS dpdk vxlan tunnel endpoint ip address Add possiblity to add ip address and mtu on dpdk ovs bridge to be able use VXLAN as tenant segmentation. Change-Id: I1394d30c5d9935218841b17ff7651dac7b4abefa Epic: PROD-8957
7 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
[DPDK] Enable VT-d in kernel via grub in case vfio-pci PMD driver This is required in order to use vfio-pci driver. More info: http://docs.openvswitch.org/en/latest/intro/install/dpdk/ Change-Id: I1c936ffd4a903b9c6d67cdde6c612019a85f9b9e
7 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
[DPDK] Add ability to set pmd_rxq_affinity for dpdk interfaces This enables a more fine tuned dpdk for better performance. More details on pmd-rxq-affinity config: http://docs.openvswitch.org/en/latest/howto/dpdk/ Change-Id: I630c6af94ff733619fb175f522fc515984862ff6
7 years ago
Linux OVS dpdk vxlan tunnel endpoint ip address Add possiblity to add ip address and mtu on dpdk ovs bridge to be able use VXLAN as tenant segmentation. Change-Id: I1394d30c5d9935218841b17ff7651dac7b4abefa Epic: PROD-8957
7 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
Adding lacp support for ovs dpdk bond Change-Id: Icd1745d401ec275687a007e6683175a13569f2b4
6 years ago
Linux OVS dpdk vxlan tunnel endpoint ip address Add possiblity to add ip address and mtu on dpdk ovs bridge to be able use VXLAN as tenant segmentation. Change-Id: I1394d30c5d9935218841b17ff7651dac7b4abefa Epic: PROD-8957
7 years ago
[dpdk] Support ovs bridge tagging Bring in "tag" option for dpdk/ovs bridges to support vlan-tagged vxlan mode. Change-Id: I7f1f88233694f2c8b968a6cf55584f32879ec042
7 years ago
Linux OVS dpdk vxlan tunnel endpoint ip address Add possiblity to add ip address and mtu on dpdk ovs bridge to be able use VXLAN as tenant segmentation. Change-Id: I1394d30c5d9935218841b17ff7651dac7b4abefa Epic: PROD-8957
7 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
Add ability to add linux network interface into OVS dpdk bridge Change-Id: I1c78c9ccbc14cefff8226db50258b56a713abfd5 Related-Prod: PROD-18111
6 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
Initial commit
9 years ago
Fix mount examples in the README The enabled flag is mandatory.
8 years ago
Initial commit
9 years ago
nfs storage mount
7 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
Initial commit
9 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
add swap partition support
9 years ago
Support for LVM
9 years ago
Fix mount examples in the README The enabled flag is mandatory.
8 years ago
Support for LVM
9 years ago
Disk partitioning Ability to create partitions on empty disks. Change-Id: I0a71da9d62d8f7df3fa03e3f34d49bad6988ba6d
7 years ago
add startsector for partitions
7 years ago
Disk partitioning Ability to create partitions on empty disks. Change-Id: I0a71da9d62d8f7df3fa03e3f34d49bad6988ba6d
7 years ago
add startsector for partitions
7 years ago
Disk partitioning Ability to create partitions on empty disks. Change-Id: I0a71da9d62d8f7df3fa03e3f34d49bad6988ba6d
7 years ago
Extend by mkfs for XFS filesystem Change-Id: I3a6a8fc227cb9abd785b342584038e34d57a4175
7 years ago
Disk partitioning Ability to create partitions on empty disks. Change-Id: I0a71da9d62d8f7df3fa03e3f34d49bad6988ba6d
7 years ago
Refactored multipath support
8 years ago
Presenting pam_ldap auth for linux feature This patch implements pam ldap integration for linux host. Related Prod: PROD-16022 Customer-Found Change-Id: I2a05cfb4821d176724f03c61253700ef1f4d0bd8
7 years ago
* Splitting pam modules: - ldap - mkhomedir * Fixing dependency for mkhomedir refresh * Adding an ability to disable and enable moules Prod-Related: EME-220 Change-Id: I94feab03cef82c515c9c430b9828653e87100425
6 years ago
Presenting pam_ldap auth for linux feature This patch implements pam ldap integration for linux host. Related Prod: PROD-16022 Customer-Found Change-Id: I2a05cfb4821d176724f03c61253700ef1f4d0bd8
7 years ago
Refactored multipath support
8 years ago
Add linux.storage.loopback state This state allows to configure loopback device(s). This isn't meant to be used in production but offers a cheap way to test Cinder with LVM volumes.
8 years ago
Add support for external config generation
8 years ago
netconsole remote kernel logger To configure: * set system.netconsole.enabled to true * create system.netconsole.target dict * set a record with IP address and MAC and interface as subdict It works with both static and DHCP interfaces, and applies online. You could use bash-scripting in netconsole.conf. You could override the MAC. See tests/pillar/system.sls for further information. Change-Id: I1cbde47575eb5d32a34cd6d79a063f42dbea7643
7 years ago
Refactored multipath support
8 years ago
Initial commit
9 years ago
Unify Makefile, .gitignore and update readme
8 years ago
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755175617571758175917601761176217631764176517661767176817691770177117721773177417751776177717781779178017811782178317841785178617871788178917901791179217931794179517961797179817991800180118021803180418051806180718081809181018111812181318141815181618171818181918201821182218231824182518261827182818291830183118321833183418351836183718381839184018411842184318441845184618471848184918501851185218531854185518561857185818591860186118621863186418651866186718681869187018711872187318741875187618771878187918801881188218831884188518861887188818891890189118921893189418951896189718981899190019011902190319041905190619071908190919101911191219131914191519161917191819191920192119221923192419251926192719281929193019311932193319341935193619371938193919401941194219431944194519461947194819491950195119521953195419551956195719581959196019611962 
  1. ============

  2. Linux Fomula

  3. ============

  4. 

  5. Linux Operating Systems.

  6. 

  7. * Ubuntu

  8. * CentOS

  9. * RedHat

  10. * Fedora

  11. * Arch

  12. 

  13. Sample Pillars

  14. ==============

  15. 

  16. 

  17. Linux System

  18. ------------

  19. 

  20. Basic Linux box

  21. 

  22. .. code-block:: yaml

  23. 

  24.     linux:

  25.       system:

  26.         enabled: true

  27.         name: 'node1'

  28.         domain: 'domain.com'

  29.         cluster: 'system'

  30.         environment: prod

  31.         timezone: 'Europe/Prague'

  32.         utc: true

  33. 

  34. Linux with system users, some with password set:

  35. .. WARNING::

  36. If no 'password' variable has been passed - any predifined password

  37. will be removed.

  38. 

  39. .. code-block:: yaml

  40. 

  41.     linux:

  42.       system:

  43.         ...

  44.         user:

  45.           jdoe:

  46.             name: 'jdoe'

  47.             enabled: true

  48.             sudo: true

  49.             shell: /bin/bash

  50.             full_name: 'Jonh Doe'

  51.             home: '/home/jdoe'

  52.             email: 'jonh@doe.com'

  53.           jsmith:

  54.             name: 'jsmith'

  55.             enabled: true

  56.             full_name: 'With clear password'

  57.             home: '/home/jsmith'

  58.             hash_password: true

  59.             password: "userpassword"

  60.           mark:

  61.             name: 'mark'

  62.             enabled: true

  63.             full_name: "unchange password'

  64.             home: '/home/mark'

  65.             password: false

  66.           elizabeth:

  67.             name: 'elizabeth'

  68.             enabled: true

  69.             full_name: 'With hased password'

  70.             home: '/home/elizabeth'

  71.             password: "$6$nUI7QEz3$dFYjzQqK5cJ6HQ38KqG4gTWA9eJu3aKx6TRVDFh6BVJxJgFWg2akfAA7f1fCxcSUeOJ2arCO6EEI6XXnHXxG10"

  72. 

  73. Configure sudo for users and groups under ``/etc/sudoers.d/``.

  74. This ways ``linux.system.sudo`` pillar map to actual sudo attributes:

  75. 

  76. .. code-block:: jinja

  77. 

  78.    # simplified template:

  79.    Cmds_Alias {{ alias }}={{ commands }}

  80.    {{ user }}   {{ hosts }}=({{ runas }}) NOPASSWD: {{ commands }}

  81.    %{{ group }} {{ hosts }}=({{ runas }}) NOPASSWD: {{ commands }}

  82. 

  83.    # when rendered:

  84.    saltuser1 ALL=(ALL) NOPASSWD: ALL

  85. 

  86. .. code-block:: yaml

  87. 

  88.   linux:

  89.     system:

  90.       sudo:

  91.         enabled: true

  92.         aliases:

  93.           host:

  94.             LOCAL:

  95.             - localhost

  96.             PRODUCTION:

  97.             - db1

  98.             - db2

  99.           runas:

  100.             DBA:

  101.             - postgres

  102.             - mysql

  103.             SALT:

  104.             - root

  105.           command:

  106.             # Note: This is not 100% safe when ALL keyword is used, user still may modify configs and hide his actions.

  107.             #       Best practice is to specify full list of commands user is allowed to run.

  108.             SUPPORT_RESTRICTED:

  109.             - /bin/vi /etc/sudoers*

  110.             - /bin/vim /etc/sudoers*

  111.             - /bin/nano /etc/sudoers*

  112.             - /bin/emacs /etc/sudoers*

  113.             - /bin/su - root

  114.             - /bin/su -

  115.             - /bin/su

  116.             - /usr/sbin/visudo

  117.             SUPPORT_SHELLS:

  118.             - /bin/sh

  119.             - /bin/ksh

  120.             - /bin/bash

  121.             - /bin/rbash

  122.             - /bin/dash

  123.             - /bin/zsh

  124.             - /bin/csh

  125.             - /bin/fish

  126.             - /bin/tcsh

  127.             - /usr/bin/login

  128.             - /usr/bin/su

  129.             - /usr/su

  130.             ALL_SALT_SAFE:

  131.             - /usr/bin/salt state*

  132.             - /usr/bin/salt service*

  133.             - /usr/bin/salt pillar*

  134.             - /usr/bin/salt grains*

  135.             - /usr/bin/salt saltutil*

  136.             - /usr/bin/salt-call state*

  137.             - /usr/bin/salt-call service*

  138.             - /usr/bin/salt-call pillar*

  139.             - /usr/bin/salt-call grains*

  140.             - /usr/bin/salt-call saltutil*

  141.             SALT_TRUSTED:

  142.             - /usr/bin/salt*

  143.         users:

  144.           # saltuser1 with default values: saltuser1 ALL=(ALL) NOPASSWD: ALL

  145.           saltuser1: {}

  146.           saltuser2:

  147.             hosts:

  148.             - LOCAL

  149.           # User Alias DBA

  150.           DBA:

  151.             hosts:

  152.             - ALL

  153.             commands:

  154.             - ALL_SALT_SAFE

  155.         groups:

  156.           db-ops:

  157.             hosts:

  158.             - ALL

  159.             - '!PRODUCTION'

  160.             runas:

  161.             - DBA

  162.             commands:

  163.             - /bin/cat *

  164.             - /bin/less *

  165.             - /bin/ls *

  166.           salt-ops:

  167.             hosts:

  168.             - 'ALL'

  169.             runas:

  170.             - SALT

  171.             commands:

  172.             - SUPPORT_SHELLS

  173.           salt-ops-2nd:

  174.             name: salt-ops

  175.             nopasswd: false

  176.             setenv: true # Enable sudo -E option

  177.             runas:

  178.             - DBA

  179.             commands:

  180.             - ALL

  181.             - '!SUPPORT_SHELLS'

  182.             - '!SUPPORT_RESTRICTED'

  183. 

  184. Linux with package, latest version

  185. 

  186. .. code-block:: yaml

  187. 

  188.     linux:

  189.       system:

  190.         ...

  191.         package:

  192.           package-name:

  193.             version: latest

  194. 

  195. Linux with package from certail repo, version with no upgrades

  196. 

  197. .. code-block:: yaml

  198. 

  199.     linux:

  200.       system:

  201.         ...

  202.         package:

  203.           package-name:

  204.             version: 2132.323

  205.             repo: 'custom-repo'

  206.             hold: true

  207. 

  208. Linux with package from certail repo, version with no GPG verification

  209. 

  210. .. code-block:: yaml

  211. 

  212.     linux:

  213.       system:

  214.         ...

  215.         package:

  216.           package-name:

  217.             version: 2132.323

  218.             repo: 'custom-repo'

  219.             verify: false

  220. 

  221. Linux with autoupdates (automatically install security package updates)

  222. 

  223. .. code-block:: yaml

  224. 

  225.     linux:

  226.       system:

  227.         ...

  228.         autoupdates:

  229.           enabled: true

  230.           mail: root@localhost

  231.           mail_only_on_error: true

  232.           remove_unused_dependencies: false

  233.           automatic_reboot: true

  234.           automatic_reboot_time: "02:00"

  235. 

  236. Linux with cron jobs

  237. By default it will use name as an identifier, unless identifier key is

  238. explicitly set or False (then it will use Salt's default behavior which is

  239. identifier same as command resulting in not being able to change it)

  240. 

  241. .. code-block:: yaml

  242. 

  243.     linux:

  244.       system:

  245.         ...

  246.         job:

  247.           cmd1:

  248.             command: '/cmd/to/run'

  249.             identifier: cmd1

  250.             enabled: true

  251.             user: 'root'

  252.             hour: 2

  253.             minute: 0

  254. 

  255. Linux security limits (limit sensu user memory usage to max 1GB):

  256. 

  257. .. code-block:: yaml

  258. 

  259.     linux:

  260.       system:

  261.         ...

  262.         limit:

  263.           sensu:

  264.             enabled: true

  265.             domain: sensu

  266.             limits:

  267.               - type: hard

  268.                 item: as

  269.                 value: 1000000

  270. 

  271. Enable autologin on tty1 (may work only for Ubuntu 14.04):

  272. 

  273. .. code-block:: yaml

  274. 

  275.     linux:

  276.       system:

  277.         console:

  278.           tty1:

  279.             autologin: root

  280.           # Enable serial console

  281.           ttyS0:

  282.             autologin: root

  283.             rate: 115200

  284.             term: xterm

  285. 

  286. To disable set autologin to `false`.

  287. 

  288. Set ``policy-rc.d`` on Debian-based systems. Action can be any available

  289. command in ``while true`` loop and ``case`` context.

  290. Following will disallow dpkg to stop/start services for cassandra package automatically:

  291. 

  292. .. code-block:: yaml

  293. 

  294.     linux:

  295.       system:

  296.         policyrcd:

  297.           - package: cassandra

  298.             action: exit 101

  299.           - package: '*'

  300.             action: switch

  301. 

  302. Set system locales:

  303. 

  304. .. code-block:: yaml

  305. 

  306.     linux:

  307.       system:

  308.         locale:

  309.           en_US.UTF-8:

  310.             default: true

  311.           "cs_CZ.UTF-8 UTF-8":

  312.             enabled: true

  313. 

  314. Systemd settings:

  315. 

  316. .. code-block:: yaml

  317. 

  318.     linux:

  319.       system:

  320.         ...

  321.         systemd:

  322.           system:

  323.             Manager:

  324.               DefaultLimitNOFILE: 307200

  325.               DefaultLimitNPROC: 307200

  326.           user:

  327.             Manager:

  328.               DefaultLimitCPU: 2

  329.               DefaultLimitNPROC: 4

  330. 

  331. Ensure presence of directory:

  332. 

  333. .. code-block:: yaml

  334. 

  335.     linux:

  336.       system:

  337.         directory:

  338.           /tmp/test:

  339.             user: root

  340.             group: root

  341.             mode: 700

  342.             makedirs: true

  343. 

  344. Ensure presence of file by specifying it's source:

  345. 

  346. .. code-block:: yaml

  347. 

  348.     linux:

  349.       system:

  350.         file:

  351.           /tmp/test.txt:

  352.             source: http://example.com/test.txt

  353.             user: root #optional

  354.             group: root #optional

  355.             mode: 700 #optional

  356.             dir_mode: 700 #optional

  357.             encoding: utf-8 #optional

  358.             hash: <<hash>> or <<URI to hash>> #optional

  359.             makedirs: true #optional

  360. 

  361.     linux:

  362.       system:

  363.         file:

  364.           test.txt:

  365.             name: /tmp/test.txt

  366.             source: http://example.com/test.txt

  367. 

  368. Ensure presence of file by specifying it's contents:

  369. 

  370. .. code-block:: yaml

  371. 

  372.     linux:

  373.       system:

  374.         file:

  375.           /tmp/test.txt:

  376.             contents: |

  377.               line1

  378.               line2

  379. 

  380.     linux:

  381.       system:

  382.         file:

  383.           /tmp/test.txt:

  384.             contents_pillar: linux:network:hostname

  385. 

  386.     linux:

  387.       system:

  388.         file:

  389.           /tmp/test.txt:

  390.             contents_grains: motd

  391. 

  392. Ensure presence of file to be serialized through one of the serializer modules

  393. (see: https://docs.saltstack.com/en/latest/ref/serializers/all/index.html):

  394. 

  395. .. code-block:: yaml

  396. 

  397.     linux:

  398.       system:

  399.         file:

  400.           /tmp/test.json:

  401.             serialize: json

  402.             contents:

  403.               foo: 1

  404.               bar: 'bar'

  405. 

  406. Kernel

  407. ~~~~~~

  408. 

  409. Install always up to date LTS kernel and headers from Ubuntu trusty:

  410. 

  411. .. code-block:: yaml

  412. 

  413.     linux:

  414.       system:

  415.         kernel:

  416.           type: generic

  417.           lts: trusty

  418.           headers: true

  419. 

  420. Load kernel modules and add them to `/etc/modules`:

  421. 

  422. .. code-block:: yaml

  423. 

  424.     linux:

  425.       system:

  426.         kernel:

  427.           modules:

  428.             - nf_conntrack

  429.             - tp_smapi

  430.             - 8021q

  431. 

  432. Configure or blacklist kernel modules with additional options to `/etc/modprobe.d` following example 

  433. will add `/etc/modprobe.d/nf_conntrack.conf` file with line `options nf_conntrack hashsize=262144`:

  434. 

  435. .. code-block:: yaml

  436. 

  437.     linux:

  438.       system:

  439.         kernel:

  440.           module:

  441.             nf_conntrack:

  442.               option:

  443.                 hashsize: 262144

  444. 

  445. 

  446. 

  447. Install specific kernel version and ensure all other kernel packages are

  448. not present. Also install extra modules and headers for this kernel:

  449. 

  450. .. code-block:: yaml

  451. 

  452.     linux:

  453.       system:

  454.         kernel:

  455.           type: generic

  456.           extra: true

  457.           headers: true

  458.           version: 4.2.0-22

  459. 

  460. Systcl kernel parameters

  461. 

  462. .. code-block:: yaml

  463. 

  464.     linux:

  465.       system:

  466.         kernel:

  467.           sysctl:

  468.             net.ipv4.tcp_keepalive_intvl: 3

  469.             net.ipv4.tcp_keepalive_time: 30

  470.             net.ipv4.tcp_keepalive_probes: 8

  471. 

  472. Configure kernel boot options:

  473. 

  474. .. code-block:: yaml

  475. 

  476.     linux:

  477.       system:

  478.         kernel:

  479.           boot_options:

  480.             - elevator=deadline

  481.             - spectre_v2=off

  482.             - nopti

  483. 

  484. 

  485. CPU

  486. ~~~

  487. 

  488. Enable cpufreq governor for every cpu:

  489. 

  490. .. code-block:: yaml

  491. 

  492.     linux:

  493.       system:

  494.         cpu:

  495.           governor: performance

  496. 

  497. 

  498. CGROUPS

  499. ~~~~~~~

  500. 

  501. Setup linux cgroups:

  502. 

  503. .. code-block:: yaml

  504. 

  505.     linux:

  506.       system:

  507.         cgroup:

  508.           enabled: true

  509.           group:

  510.             ceph_group_1:

  511.               controller:

  512.                 cpu:

  513.                   shares:

  514.                     value: 250

  515.                 cpuacct:

  516.                   usage:

  517.                     value: 0

  518.                 cpuset:

  519.                   cpus:

  520.                     value: 1,2,3

  521.                 memory:

  522.                   limit_in_bytes:

  523.                     value: 2G

  524.                   memsw.limit_in_bytes:

  525.                     value: 3G

  526.               mapping:

  527.                 subjects:

  528.                 - '@ceph'

  529.             generic_group_1:

  530.               controller:

  531.                 cpu:

  532.                   shares:

  533.                     value: 250

  534.                 cpuacct:

  535.                   usage:

  536.                     value: 0

  537.               mapping:

  538.                 subjects:

  539.                 - '*:firefox'

  540.                 - 'student:cp'

  541. 

  542. 

  543. Shared Libraries

  544. ~~~~~~~~~~~~~~~~

  545. 

  546. Set additional shared library to Linux system library path

  547. 

  548. .. code-block:: yaml

  549. 

  550.     linux:

  551.       system:

  552.         ld:

  553.           library:

  554.             java:

  555.               - /usr/lib/jvm/jre-openjdk/lib/amd64/server

  556.               - /opt/java/jre/lib/amd64/server

  557.     

  558. 

  559. Certificates

  560. ~~~~~~~~~~~~

  561. 

  562. Add certificate authority into system trusted CA bundle

  563. 

  564. .. code-block:: yaml

  565. 

  566.     linux:

  567.       system:

  568.         ca_certificates:

  569.           mycert: |

  570.             -----BEGIN CERTIFICATE-----

  571.             MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG

  572.             A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz

  573.             cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2

  574.             MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV

  575.             BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt

  576.             YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN

  577.             ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE

  578.             BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is

  579.             I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G

  580.             CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do

  581.             lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc

  582.             AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k

  583.             -----END CERTIFICATE-----

  584. 

  585. Sysfs

  586. ~~~~~

  587. 

  588. Install sysfsutils and set sysfs attributes:

  589. 

  590. .. code-block:: yaml

  591. 

  592.     linux:

  593.       system:

  594.         sysfs:

  595.           scheduler:

  596.             block/sda/queue/scheduler: deadline

  597.           power:

  598.             mode:

  599.               power/state: 0660

  600.             owner:

  601.               power/state: "root:power"

  602.             devices/system/cpu/cpu0/cpufreq/scaling_governor: powersave

  603. 

  604. Huge Pages

  605. ~~~~~~~~~~~~

  606. 

  607. Huge Pages give a performance boost to applications that intensively deal

  608. with memory allocation/deallocation by decreasing memory fragmentation.

  609. 

  610. .. code-block:: yaml

  611. 

  612.     linux:

  613.       system:

  614.         kernel:

  615.           hugepages:

  616.             small:

  617.               size: 2M

  618.               count: 107520

  619.               mount_point: /mnt/hugepages_2MB

  620.               mount: false/true # default is true (mount immediately) / false (just save in the fstab)

  621.             large:

  622.               default: true # default automatically mounted

  623.               size: 1G

  624.               count: 210

  625.               mount_point: /mnt/hugepages_1GB

  626. 

  627. Note: not recommended to use both pagesizes in concurrently.

  628. 

  629. Intel SR-IOV

  630. ~~~~~~~~~~~~

  631. 

  632. PCI-SIG Single Root I/O Virtualization and Sharing (SR-IOV) specification defines a standardized mechanism to virtualize PCIe devices. The mechanism can virtualize a single PCIe Ethernet controller to appear as multiple PCIe devices.

  633. 

  634. .. code-block:: yaml

  635. 

  636.     linux:

  637.       system:

  638.         kernel:

  639.           sriov: True

  640.           unsafe_interrupts: False # Default is false. for older platforms and AMD we need to add interrupt remapping workaround

  641.         rc:

  642.           local: |

  643.             #!/bin/sh -e

  644.             # Enable 7 VF on eth1

  645.             echo 7 > /sys/class/net/eth1/device/sriov_numvfs; sleep 2; ifup -a

  646.             exit 0

  647. 

  648. Isolate CPU options

  649. ~~~~~~~~~~~~~~~~~~~

  650. 

  651. Remove the specified CPUs, as defined by the cpu_number values, from the general kernel

  652. SMP balancing and scheduler algroithms. The only way to move a process onto or off an

  653. "isolated" CPU is via the CPU affinity syscalls. cpu_number begins at 0, so the

  654. maximum value is 1 less than the number of CPUs on the system.

  655. 

  656. .. code-block:: yaml

  657. 

  658.     linux:

  659.       system:

  660.         kernel:

  661.           isolcpu: 1,2,3,4,5,6,7 # isolate first cpu 0

  662. 

  663. Repositories

  664. ~~~~~~~~~~~~

  665. 

  666. RedHat based Linux with additional OpenStack repo

  667. 

  668. .. code-block:: yaml

  669. 

  670.     linux:

  671.       system:

  672.         ...

  673.         repo:

  674.           rdo-icehouse:

  675.             enabled: true

  676.             source: 'http://repos.fedorapeople.org/repos/openstack/openstack-icehouse/epel-6/'

  677.             pgpcheck: 0

  678. 

  679. Ensure system repository to use czech Debian mirror (``default: true``)

  680. Also pin it's packages with priority 900.

  681. 

  682. .. code-block:: yaml

  683. 

  684.    linux:

  685.      system:

  686.        repo:

  687.          debian:

  688.            default: true

  689.            source: "deb http://ftp.cz.debian.org/debian/ jessie main contrib non-free"

  690.            # Import signing key from URL if needed

  691.            key_url: "http://dummy.com/public.gpg"

  692.            pin:

  693.              - pin: 'origin "ftp.cz.debian.org"'

  694.                priority: 900

  695.                package: '*'

  696. 

  697. 

  698. Package manager proxy setup globally:

  699. 

  700. .. code-block:: yaml

  701. 

  702.     linux:

  703.       system:

  704.         ...

  705.         repo:

  706.           apt-mk:

  707.             source: "deb http://apt-mk.mirantis.com/ stable main salt"

  708.         ...

  709.         proxy:

  710.           pkg:

  711.             enabled: true

  712.             ftp:   ftp://ftp-proxy-for-apt.host.local:2121

  713.           ...

  714.           # NOTE: Global defaults for any other componet that configure proxy on the system.

  715.           #       If your environment has just one simple proxy, set it on linux:system:proxy.

  716.           #

  717.           # fall back system defaults if linux:system:proxy:pkg has no protocol specific entries

  718.           # as for https and http

  719.           ftp:   ftp://proxy.host.local:2121

  720.           http:  http://proxy.host.local:3142

  721.           https: https://proxy.host.local:3143

  722. 

  723. Package manager proxy setup per repository:

  724. 

  725. .. code-block:: yaml

  726. 

  727.     linux:

  728.       system:

  729.         ...

  730.         repo:

  731.           debian:

  732.             source: "deb http://apt-mk.mirantis.com/ stable main salt"

  733.         ...

  734.           apt-mk:

  735.             source: "deb http://apt-mk.mirantis.com/ stable main salt"

  736.             # per repository proxy

  737.             proxy:

  738.               enabled: true

  739.               http:  http://maas-01:8080

  740.               https: http://maas-01:8080

  741.         ...

  742.         proxy:

  743.           # package manager fallback defaults

  744.           # used if linux:system:repo:apt-mk:proxy has no protocol specific entries

  745.           pkg:

  746.             enabled: true

  747.             ftp:   ftp://proxy.host.local:2121

  748.             #http:  http://proxy.host.local:3142

  749.             #https: https://proxy.host.local:3143

  750.           ...

  751.           # global system fallback system defaults

  752.           ftp:   ftp://proxy.host.local:2121

  753.           http:  http://proxy.host.local:3142

  754.           https: https://proxy.host.local:3143

  755. 

  756. 

  757. Remove all repositories:

  758. 

  759. .. code-block:: yaml

  760. 

  761.     linux:

  762.       system:

  763.         purge_repos: true

  764. 

  765. Setup custom apt config options:

  766. 

  767. .. code-block:: yaml

  768. 

  769.     linux:

  770.       system:

  771.         apt:

  772.           config:

  773.             compression-workaround:

  774.               "Acquire::CompressionTypes::Order": "gz"

  775.             docker-clean:

  776.               "DPkg::Post-Invoke":

  777.                 - "rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true"

  778.               "APT::Update::Post-Invoke":

  779.                 - "rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true"

  780. 

  781. RC

  782. ~~

  783. 

  784. rc.local example

  785. 

  786. .. code-block:: yaml

  787. 

  788.    linux:

  789.      system:

  790.        rc:

  791.          local: |

  792.            #!/bin/sh -e

  793.            #

  794.            # rc.local

  795.            #

  796.            # This script is executed at the end of each multiuser runlevel.

  797.            # Make sure that the script will "exit 0" on success or any other

  798.            # value on error.

  799.            #

  800.            # In order to enable or disable this script just change the execution

  801.            # bits.

  802.            #

  803.            # By default this script does nothing.

  804.            exit 0

  805. 

  806. 

  807. Prompt

  808. ~~~~~~

  809. 

  810. Setting prompt is implemented by creating ``/etc/profile.d/prompt.sh``. Every

  811. user can have different prompt.

  812. 

  813. .. code-block:: yaml

  814. 

  815.     linux:

  816.       system:

  817.         prompt:

  818.           root: \\n\\[\\033[0;37m\\]\\D{%y/%m/%d %H:%M:%S} $(hostname -f)\\[\\e[0m\\]\\n\\[\\e[1;31m\\][\\u@\\h:\\w]\\[\\e[0m\\]

  819.           default: \\n\\D{%y/%m/%d %H:%M:%S} $(hostname -f)\\n[\\u@\\h:\\w]

  820. 

  821. On Debian systems to set prompt system-wide it's necessary to remove setting

  822. PS1 in ``/etc/bash.bashrc`` and ``~/.bashrc`` (which comes from

  823. ``/etc/skel/.bashrc``). This formula will do this automatically, but will not

  824. touch existing user's ``~/.bashrc`` files except root.

  825. 

  826. Bash

  827. ~~~~

  828. 

  829. Fix bash configuration to preserve history across sessions (like ZSH does by

  830. default).

  831. 

  832. .. code-block:: yaml

  833. 

  834.     linux:

  835.       system:

  836.         bash:

  837.           preserve_history: true

  838. 

  839. Login banner message

  840. ~~~~~~~~~~~~~~~~~~~~

  841. 

  842. /etc/issue is a text file which contains a message or system

  843. identification to be printed before the login prompt.  It may contain

  844. various @char and \char sequences, if supported by the getty-type

  845. program employed on the system.

  846. 

  847. Setting logon banner message is easy:

  848. 

  849. .. code-block:: yaml

  850. 

  851.     liunx:

  852.       system:

  853.         banner:

  854.           enabled: true

  855.           contents: |

  856.             UNAUTHORIZED ACCESS TO THIS SYSTEM IS PROHIBITED

  857. 

  858.             You must have explicit, authorized permission to access or configure this

  859.             device. Unauthorized attempts and actions to access or use this system may

  860.             result in civil and/or criminal penalties.

  861.             All activities performed on this system are logged and monitored.

  862. 

  863. Message of the day

  864. ~~~~~~~~~~~~~~~~~~

  865. 

  866. ``pam_motd`` from package ``libpam-modules`` is used for dynamic messages of the

  867. day. Setting custom motd will cleanup existing ones.

  868. 

  869. Setting static motd will replace existing ``/etc/motd`` and remove scripts from

  870. ``/etc/update-motd.d``.

  871. 

  872. Setting static motd:

  873. 

  874. .. code-block:: yaml

  875. 

  876.     linux:

  877.       system:

  878.         motd: |

  879.           UNAUTHORIZED ACCESS TO THIS SYSTEM IS PROHIBITED

  880. 

  881.           You must have explicit, authorized permission to access or configure this

  882.           device. Unauthorized attempts and actions to access or use this system may

  883.           result in civil and/or criminal penalties.

  884.           All activities performed on this system are logged and monitored.

  885. 

  886. Setting dynamic motd:

  887. 

  888. .. code-block:: yaml

  889. 

  890.     linux:

  891.       system:

  892.         motd:

  893.           - release: |

  894.               #!/bin/sh

  895.               [ -r /etc/lsb-release ] && . /etc/lsb-release

  896. 

  897.               if [ -z "$DISTRIB_DESCRIPTION" ] && [ -x /usr/bin/lsb_release ]; then

  898.               	# Fall back to using the very slow lsb_release utility

  899.               	DISTRIB_DESCRIPTION=$(lsb_release -s -d)

  900.               fi

  901. 

  902.               printf "Welcome to %s (%s %s %s)\n" "$DISTRIB_DESCRIPTION" "$(uname -o)" "$(uname -r)" "$(uname -m)"

  903.           - warning: |

  904.               #!/bin/sh

  905.               printf "This is [company name] network.\n"

  906.               printf "Unauthorized access strictly prohibited.\n"

  907. 

  908. Services

  909. ~~~~~~~~

  910. 

  911. Stop and disable linux service:

  912. 

  913. .. code-block:: yaml

  914. 

  915.     linux:

  916.       system:

  917.         service:

  918.           apt-daily.timer:

  919.             status: dead

  920. 

  921. Possible status is dead (disable service by default), running (enable service by default), enabled, disabled.

  922. 

  923. Linux with atop service:

  924. 

  925. .. code-block:: yaml

  926. 

  927.     linux:

  928.       system:

  929.         atop:

  930.           enabled: true

  931.           interval: 20

  932.           logpath: "/var/log/atop"

  933.           outfile: "/var/log/atop/daily.log"

  934. 

  935. Linux with mcelog service:

  936. 

  937. .. code-block:: yaml

  938. 

  939.     linux:

  940.       system:

  941.         mcelog:

  942.           enabled: true

  943.           logging:

  944.             syslog: true

  945.             syslog_error: true

  946. 

  947. RHEL / CentOS

  948. ^^^^^^^^^^^^^

  949. 

  950. Unfortunately ``update-motd`` is currently not available for RHEL so there's

  951. no native support for dynamic motd.

  952. You can still set static one, only pillar structure differs:

  953. 

  954. .. code-block:: yaml

  955. 

  956.     linux:

  957.       system:

  958.         motd: |

  959.           This is [company name] network.

  960.           Unauthorized access strictly prohibited.

  961. 

  962. Haveged

  963. ~~~~~~~

  964. 

  965. If you are running headless server and are low on entropy, it may be a good

  966. idea to setup Haveged.

  967. 

  968. .. code-block:: yaml

  969. 

  970.     linux:

  971.       system:

  972.         haveged:

  973.           enabled: true

  974. 

  975. Linux network

  976. -------------

  977. 

  978. Linux with network manager

  979. 

  980. .. code-block:: yaml

  981. 

  982.     linux:

  983.       network:

  984.         enabled: true

  985.         network_manager: true

  986. 

  987. Linux with default static network interfaces, default gateway interface and DNS servers

  988. 

  989. .. code-block:: yaml

  990. 

  991.     linux:

  992.       network:

  993.         enabled: true

  994.         interface:

  995.           eth0:

  996.             enabled: true

  997.             type: eth

  998.             address: 192.168.0.102

  999.             netmask: 255.255.255.0

  1000.             gateway: 192.168.0.1

  1001.             name_servers:

  1002.             - 8.8.8.8

  1003.             - 8.8.4.4

  1004.             mtu: 1500

  1005. 

  1006. Linux with bonded interfaces and disabled NetworkManager

  1007. 

  1008. .. code-block:: yaml

  1009. 

  1010.     linux:

  1011.       network:

  1012.         enabled: true

  1013.         interface:

  1014.           eth0:

  1015.             type: eth

  1016.             ...

  1017.           eth1:

  1018.             type: eth

  1019.             ...

  1020.           bond0:

  1021.             enabled: true

  1022.             type: bond

  1023.             address: 192.168.0.102

  1024.             netmask: 255.255.255.0

  1025.             mtu: 1500

  1026.             use_in:

  1027.             - interface: ${linux:interface:eth0}

  1028.             - interface: ${linux:interface:eth0}

  1029.         network_manager:

  1030.           disable: true

  1031. 

  1032. Linux with vlan interface_params

  1033. 

  1034. .. code-block:: yaml

  1035. 

  1036.     linux:

  1037.       network:

  1038.         enabled: true

  1039.         interface:

  1040.           vlan69:

  1041.             type: vlan

  1042.             use_interfaces:

  1043.             - interface: ${linux:interface:bond0}

  1044. 

  1045. Linux with wireless interface parameters

  1046. 

  1047. .. code-block:: yaml

  1048. 

  1049.     linux:

  1050.       network:

  1051.         enabled: true

  1052.         gateway: 10.0.0.1

  1053.         default_interface: eth0

  1054.         interface:

  1055.           wlan0:

  1056.             type: eth

  1057.             wireless:

  1058.               essid: example

  1059.               key: example_key

  1060.               security: wpa

  1061.               priority: 1

  1062. 

  1063. Linux networks with routes defined

  1064. 

  1065. .. code-block:: yaml

  1066. 

  1067.     linux:

  1068.       network:

  1069.         enabled: true

  1070.         gateway: 10.0.0.1

  1071.         default_interface: eth0

  1072.         interface:

  1073.           eth0:

  1074.             type: eth

  1075.             route:

  1076.               default:

  1077.                 address: 192.168.0.123

  1078.                 netmask: 255.255.255.0

  1079.                 gateway: 192.168.0.1

  1080. 

  1081. Native Linux Bridges

  1082. 

  1083. .. code-block:: yaml

  1084. 

  1085.     linux:

  1086.       network:

  1087.         interface:

  1088.           eth1:

  1089.             enabled: true

  1090.             type: eth

  1091.             proto: manual

  1092.             up_cmds:

  1093.             - ip address add 0/0 dev $IFACE

  1094.             - ip link set $IFACE up

  1095.             down_cmds:

  1096.             - ip link set $IFACE down

  1097.           br-ex:

  1098.             enabled: true

  1099.             type: bridge

  1100.             address: ${linux:network:host:public_local:address}

  1101.             netmask: 255.255.255.0

  1102.             use_interfaces:

  1103.             - eth1

  1104. 

  1105. OpenVswitch Bridges

  1106. 

  1107. .. code-block:: yaml

  1108. 

  1109.     linux:

  1110.       network:

  1111.         bridge: openvswitch

  1112.         interface:

  1113.           eth1:

  1114.             enabled: true

  1115.             type: eth

  1116.             proto: manual

  1117.             up_cmds:

  1118.             - ip address add 0/0 dev $IFACE

  1119.             - ip link set $IFACE up

  1120.             down_cmds:

  1121.             - ip link set $IFACE down

  1122.           br-ex:

  1123.             enabled: true

  1124.             type: bridge

  1125.             address: ${linux:network:host:public_local:address}

  1126.             netmask: 255.255.255.0

  1127.             use_interfaces:

  1128.             - eth1

  1129.           br-prv:

  1130.             enabled: true

  1131.             type: ovs_bridge

  1132.             mtu: 65000

  1133.           br-ens7:

  1134.             enabled: true

  1135.             name: br-ens7

  1136.             type: ovs_bridge

  1137.             proto: manual

  1138.             mtu: 9000

  1139.             use_interfaces:

  1140.             - ens7

  1141.           patch-br-ens7-br-prv:

  1142.             enabled: true

  1143.             name: ens7-prv

  1144.             ovs_type: ovs_port

  1145.             type: ovs_port

  1146.             bridge: br-ens7

  1147.             port_type: patch

  1148.             peer: prv-ens7

  1149.             tag: 109 # [] to unset a tag

  1150.             mtu: 65000

  1151.           patch-br-prv-br-ens7:

  1152.             enabled: true

  1153.             name: prv-ens7

  1154.             bridge: br-prv

  1155.             ovs_type: ovs_port

  1156.             type: ovs_port

  1157.             port_type: patch

  1158.             peer: ens7-prv

  1159.             tag: 109

  1160.             mtu: 65000

  1161.           ens7:

  1162.             enabled: true

  1163.             name: ens7

  1164.             proto: manual

  1165.             ovs_port_type: OVSPort

  1166.             type: ovs_port

  1167.             ovs_bridge: br-ens7

  1168.             bridge: br-ens7

  1169. 

  1170. Debian manual proto interfaces

  1171. 

  1172. When you are changing interface proto from static in up state to manual, you

  1173. may need to flush ip addresses. For example, if you want to use the interface

  1174. and the ip on the bridge. This can be done by setting the ``ipflush_onchange``

  1175. to true.

  1176. 

  1177. .. code-block:: yaml

  1178. 

  1179.     linux:

  1180.       network:

  1181.         interface:

  1182.           eth1:

  1183.             enabled: true

  1184.             type: eth

  1185.             proto: manual

  1186.             mtu: 9100

  1187.             ipflush_onchange: true

  1188. 

  1189. Debian static proto interfaces

  1190. 

  1191. When you are changing interface proto from dhcp in up state to static, you

  1192. may need to flush ip addresses and restart interface to assign ip address from a managed file.

  1193. For example, if you want to use the interface and the ip on the bridge.

  1194. This can be done by setting the ``ipflush_onchange`` with combination

  1195. ``restart_on_ipflush`` param set to to true.

  1196. 

  1197. .. code-block:: yaml

  1198. 

  1199.     linux:

  1200.       network:

  1201.         interface:

  1202.           eth1:

  1203.             enabled: true

  1204.             type: eth

  1205.             proto: static

  1206.             address: 10.1.0.22

  1207.             netmask: 255.255.255.0

  1208.             ipflush_onchange: true

  1209.             restart_on_ipflush: true

  1210. 

  1211. Concatinating and removing interface files

  1212. 

  1213. Debian based distributions have `/etc/network/interfaces.d/` directory, where

  1214. you can store configuration of network interfaces in separate files. You can

  1215. concatinate the files to the defined destination when needed, this operation

  1216. removes the file from the `/etc/network/interfaces.d/`. If you just need to

  1217. remove iface files, you can use the `remove_iface_files` key.

  1218. 

  1219. .. code-block:: yaml

  1220. 

  1221.     linux:

  1222.       network:

  1223.         concat_iface_files:

  1224.         - src: '/etc/network/interfaces.d/50-cloud-init.cfg'

  1225.           dst: '/etc/network/interfaces'

  1226.         remove_iface_files:

  1227.         - '/etc/network/interfaces.d/90-custom.cfg'

  1228. 

  1229. 

  1230. DHCP client configuration

  1231. 

  1232. None of the keys is mandatory, include only those you really need. For full list

  1233. of available options under send, supersede, prepend, append refer to dhcp-options(5)

  1234. 

  1235. .. code-block:: yaml

  1236. 

  1237.      linux:

  1238.        network:

  1239.          dhclient:

  1240.            enabled: true

  1241.            backoff_cutoff: 15

  1242.            initial_interval: 10

  1243.            reboot: 10

  1244.            retry: 60

  1245.            select_timeout: 0

  1246.            timeout: 120

  1247.            send:

  1248.              - option: host-name

  1249.                declaration: "= gethostname()"

  1250.            supersede:

  1251.              - option: host-name

  1252.                declaration: "spaceship"

  1253.              - option: domain-name

  1254.                declaration: "domain.home"

  1255.              #- option: arp-cache-timeout

  1256.              #  declaration: 20

  1257.            prepend:

  1258.              - option: domain-name-servers

  1259.                declaration:

  1260.                  - 8.8.8.8

  1261.                  - 8.8.4.4

  1262.              - option: domain-search

  1263.                declaration:

  1264.                  - example.com

  1265.                  - eng.example.com

  1266.            #append:

  1267.              #- option: domain-name-servers

  1268.              #  declaration: 127.0.0.1

  1269.            # ip or subnet to reject dhcp offer from

  1270.            reject:

  1271.              - 192.33.137.209

  1272.              - 10.0.2.0/24

  1273.            request:

  1274.              - subnet-mask

  1275.              - broadcast-address

  1276.              - time-offset

  1277.              - routers

  1278.              - domain-name

  1279.              - domain-name-servers

  1280.              - domain-search

  1281.              - host-name

  1282.              - dhcp6.name-servers

  1283.              - dhcp6.domain-search

  1284.              - dhcp6.fqdn

  1285.              - dhcp6.sntp-servers

  1286.              - netbios-name-servers

  1287.              - netbios-scope

  1288.              - interface-mtu

  1289.              - rfc3442-classless-static-routes

  1290.              - ntp-servers

  1291.            require:

  1292.              - subnet-mask

  1293.              - domain-name-servers

  1294.            # if per interface configuration required add below

  1295.            interface:

  1296.              ens2:

  1297.                initial_interval: 11

  1298.                reject:

  1299.                  - 192.33.137.210

  1300.              ens3:

  1301.                initial_interval: 12

  1302.                reject:

  1303.                  - 192.33.137.211

  1304. 

  1305. Linux network systemd settings:

  1306. 

  1307. .. code-block:: yaml

  1308. 

  1309.     linux:

  1310.       network:

  1311.         ...

  1312.         systemd:

  1313.           link:

  1314.             10-iface-dmz:

  1315.               Match:

  1316.                 MACAddress: c8:5b:67:fa:1a:af

  1317.                 OriginalName: eth0

  1318.               Link:

  1319.                 Name: dmz0

  1320.           netdev:

  1321.             20-bridge-dmz:

  1322.               match:

  1323.                 name: dmz0

  1324.               network:

  1325.                 mescription: bridge

  1326.                 bridge: br-dmz0

  1327.           network:

  1328.           # works with lowercase, keys are by default capitalized

  1329.             40-dhcp:

  1330.               match:

  1331.                 name: '*'

  1332.               network:

  1333.                 DHCP: yes

  1334. 

  1335. 

  1336. Configure global environment variables

  1337. 

  1338. Use ``/etc/environment`` for static system wide variable assignment after

  1339. boot. Variable expansion is frequently not supported.

  1340. 

  1341. .. code-block:: yaml

  1342. 

  1343.     linux:

  1344.       system:

  1345.         env:

  1346.           BOB_VARIABLE: Alice

  1347.           ...

  1348.           BOB_PATH:

  1349.             - /srv/alice/bin

  1350.             - /srv/bob/bin

  1351.           ...

  1352.           ftp_proxy:   none

  1353.           http_proxy:  http://global-http-proxy.host.local:8080

  1354.           https_proxy: ${linux:system:proxy:https}

  1355.           no_proxy:

  1356.             - 192.168.0.80

  1357.             - 192.168.1.80

  1358.             - .domain.com

  1359.             - .local

  1360.         ...

  1361.         # NOTE: global defaults proxy configuration.

  1362.         proxy:

  1363.           ftp:   ftp://proxy.host.local:2121

  1364.           http:  http://proxy.host.local:3142

  1365.           https: https://proxy.host.local:3143

  1366.           noproxy:

  1367.             - .domain.com

  1368.             - .local

  1369. 

  1370. Configure profile.d scripts

  1371. 

  1372. The profile.d scripts are being sourced during .sh execution and support

  1373. variable expansion in opposite to /etc/environment global settings in

  1374. ``/etc/environment``.

  1375. 

  1376. .. code-block:: yaml

  1377. 

  1378.     linux:

  1379.       system:

  1380.         profile:

  1381.           locales: |

  1382.             export LANG=C

  1383.             export LC_ALL=C

  1384.           ...

  1385.           vi_flavors.sh: |

  1386.             export PAGER=view

  1387.             export EDITOR=vim

  1388.             alias vi=vim

  1389.           shell_locales.sh: |

  1390.             export LANG=en_US

  1391.             export LC_ALL=en_US.UTF-8

  1392.           shell_proxies.sh: |

  1393.             export FTP_PROXY=ftp://127.0.3.3:2121

  1394.             export NO_PROXY='.local'

  1395. 

  1396. Linux with hosts

  1397. 

  1398. Parameter purge_hosts will enforce whole /etc/hosts file, removing entries

  1399. that are not defined in model except defaults for both IPv4 and IPv6 localhost

  1400. and hostname + fqdn.

  1401. 

  1402. It's good to use this option if you want to ensure /etc/hosts is always in a

  1403. clean state however it's not enabled by default for safety.

  1404. 

  1405. .. code-block:: yaml

  1406. 

  1407.     linux:

  1408.       network:

  1409.         purge_hosts: true

  1410.         host:

  1411.           # No need to define this one if purge_hosts is true

  1412.           hostname:

  1413.             address: 127.0.1.1

  1414.             names:

  1415.             - ${linux:network:fqdn}

  1416.             - ${linux:network:hostname}

  1417.           node1:

  1418.             address: 192.168.10.200

  1419.             names:

  1420.             - node2.domain.com

  1421.             - service2.domain.com

  1422.           node2:

  1423.             address: 192.168.10.201

  1424.             names:

  1425.             - node2.domain.com

  1426.             - service2.domain.com

  1427. 

  1428. Linux with hosts collected from mine

  1429. 

  1430. In this case all dns records defined within infrastrucuture will be passed to

  1431. local hosts records or any DNS server. Only hosts with `grain` parameter to

  1432. true will be propagated to the mine.

  1433. 

  1434. .. code-block:: yaml

  1435. 

  1436.     linux:

  1437.       network:

  1438.         purge_hosts: true

  1439.         mine_dns_records: true

  1440.         host:

  1441.           node1:

  1442.             address: 192.168.10.200

  1443.             grain: true

  1444.             names:

  1445.             - node2.domain.com

  1446.             - service2.domain.com

  1447. 

  1448. Setup resolv.conf, nameservers, domain and search domains

  1449. 

  1450. .. code-block:: yaml

  1451. 

  1452.     linux:

  1453.       network:

  1454.         resolv:

  1455.           dns:

  1456.           - 8.8.4.4

  1457.           - 8.8.8.8

  1458.           domain: my.example.com

  1459.           search:

  1460.           - my.example.com

  1461.           - example.com

  1462.           options:

  1463.           - ndots: 5

  1464.           - timeout: 2

  1465.           - attempts: 2

  1466. 

  1467. setting custom TX queue length for tap interfaces

  1468. 

  1469. .. code-block:: yaml

  1470. 

  1471.     linux:

  1472.       network:

  1473.         tap_custom_txqueuelen: 10000

  1474. 

  1475. DPDK OVS interfaces

  1476. 

  1477. **DPDK OVS NIC**

  1478. 

  1479. .. code-block:: yaml

  1480. 

  1481.     linux:

  1482.       network:

  1483.         bridge: openvswitch

  1484.         dpdk:

  1485.           enabled: true

  1486.           driver: uio/vfio

  1487.         openvswitch:

  1488.           pmd_cpu_mask: "0x6"

  1489.           dpdk_socket_mem: "1024,1024"

  1490.           dpdk_lcore_mask: "0x400"

  1491.           memory_channels: 2

  1492.         interface:

  1493.           dpkd0:

  1494.             name: ${_param:dpdk_nic}

  1495.             pci: 0000:06:00.0

  1496.             driver: igb_uio/vfio-pci

  1497.             enabled: true

  1498.             type: dpdk_ovs_port

  1499.             n_rxq: 2

  1500.             pmd_rxq_affinity: "0:1,1:2"

  1501.             bridge: br-prv

  1502.             mtu: 9000

  1503.           br-prv:

  1504.             enabled: true

  1505.             type: dpdk_ovs_bridge

  1506. 

  1507. **DPDK OVS Bond**

  1508. 

  1509. .. code-block:: yaml

  1510. 

  1511.     linux:

  1512.       network:

  1513.         bridge: openvswitch

  1514.         dpdk:

  1515.           enabled: true

  1516.           driver: uio/vfio

  1517.         openvswitch:

  1518.           pmd_cpu_mask: "0x6"

  1519.           dpdk_socket_mem: "1024,1024"

  1520.           dpdk_lcore_mask: "0x400"

  1521.           memory_channels: 2

  1522.         interface:

  1523.           dpdk_second_nic:

  1524.             name: ${_param:primary_second_nic}

  1525.             pci: 0000:06:00.0

  1526.             driver: igb_uio/vfio-pci

  1527.             bond: dpdkbond0

  1528.             enabled: true

  1529.             type: dpdk_ovs_port

  1530.             n_rxq: 2

  1531.             pmd_rxq_affinity: "0:1,1:2"

  1532.             mtu: 9000

  1533.           dpdk_first_nic:

  1534.             name: ${_param:primary_first_nic}

  1535.             pci: 0000:05:00.0

  1536.             driver: igb_uio/vfio-pci

  1537.             bond: dpdkbond0

  1538.             enabled: true

  1539.             type: dpdk_ovs_port

  1540.             n_rxq: 2

  1541.             pmd_rxq_affinity: "0:1,1:2"

  1542.             mtu: 9000

  1543.           dpdkbond0:

  1544.             enabled: true

  1545.             bridge: br-prv

  1546.             type: dpdk_ovs_bond

  1547.             mode: active-backup

  1548.           br-prv:

  1549.             enabled: true

  1550.             type: dpdk_ovs_bridge

  1551. 

  1552. **DPDK OVS LACP Bond with vlan tag**

  1553. 

  1554. .. code-block:: yaml

  1555. 

  1556.     linux:

  1557.       network:

  1558.         bridge: openvswitch

  1559.         dpdk:

  1560.           enabled: true

  1561.           driver: uio

  1562.         openvswitch:

  1563.           pmd_cpu_mask: "0x6"

  1564.           dpdk_socket_mem: "1024,1024"

  1565.           dpdk_lcore_mask: "0x400"

  1566.           memory_channels: "2"

  1567.         interface:

  1568.           eth3:

  1569.             enabled: true

  1570.             type: eth

  1571.             proto: manual

  1572.             name: ${_param:tenant_first_nic}

  1573.           eth4:

  1574.             enabled: true

  1575.             type: eth

  1576.             proto: manual

  1577.             name: ${_param:tenant_second_nic}

  1578.           dpdk0:

  1579.             name: ${_param:tenant_first_nic}

  1580.             pci: "0000:81:00.0"

  1581.             driver: igb_uio

  1582.             bond: bond1

  1583.             enabled: true

  1584.             type: dpdk_ovs_port

  1585.             n_rxq: 2

  1586.           dpdk1:

  1587.             name: ${_param:tenant_second_nic}

  1588.             pci: "0000:81:00.1"

  1589.             driver: igb_uio

  1590.             bond: bond1

  1591.             enabled: true

  1592.             type: dpdk_ovs_port

  1593.             n_rxq: 2

  1594.           bond1:

  1595.             enabled: true

  1596.             bridge: br-prv

  1597.             type: dpdk_ovs_bond

  1598.             mode: balance-slb

  1599.           br-prv:

  1600.             enabled: true

  1601.             type: dpdk_ovs_bridge

  1602.             tag: ${_param:tenant_vlan}

  1603.             address: ${_param:tenant_address}

  1604.             netmask: ${_param:tenant_network_netmask}

  1605. 

  1606. **DPDK OVS bridge for VXLAN**

  1607. 

  1608. If VXLAN is used as tenant segmentation then ip address must be set on br-prv

  1609. 

  1610. .. code-block:: yaml

  1611. 

  1612.     linux:

  1613.       network:

  1614.         ...

  1615.         interface:

  1616.           br-prv:

  1617.             enabled: true

  1618.             type: dpdk_ovs_bridge

  1619.             address: 192.168.50.0

  1620.             netmask: 255.255.255.0

  1621.             tag: 101

  1622.             mtu: 9000

  1623. 

  1624. 

  1625. 

  1626. **DPDK OVS bridge with Linux network interface**

  1627. 

  1628. .. code-block:: yaml

  1629. 

  1630.     linux:

  1631.       network:

  1632.         ...

  1633.         interface:

  1634.           eth0:

  1635.             type: eth

  1636.             ovs_bridge: br-prv

  1637.             ...

  1638.           br-prv:

  1639.             enabled: true

  1640.             type: dpdk_ovs_bridge

  1641.             ...

  1642. 

  1643. Linux storage

  1644. -------------

  1645. 

  1646. Linux with mounted Samba

  1647. 

  1648. .. code-block:: yaml

  1649. 

  1650.     linux:

  1651.       storage:

  1652.         enabled: true

  1653.         mount:

  1654.           samba1:

  1655.           - enabled: true

  1656.           - path: /media/myuser/public/

  1657.           - device: //192.168.0.1/storage

  1658.           - file_system: cifs

  1659.           - options: guest,uid=myuser,iocharset=utf8,file_mode=0777,dir_mode=0777,noperm

  1660. 

  1661. NFS mount

  1662. 

  1663. .. code-block:: yaml

  1664. 

  1665.   linux:

  1666.     storage:

  1667.       enabled: true

  1668.       mount:

  1669.         nfs_glance:

  1670.           enabled: true

  1671.           path: /var/lib/glance/images

  1672.           device: 172.16.10.110:/var/nfs/glance

  1673.           file_system: nfs

  1674.           opts: rw,sync

  1675. 

  1676. 

  1677. File swap configuration

  1678. 

  1679. .. code-block:: yaml

  1680. 

  1681.     linux:

  1682.       storage:

  1683.         enabled: true

  1684.         swap:

  1685.           file:

  1686.             enabled: true

  1687.             engine: file

  1688.             device: /swapfile

  1689.             size: 1024

  1690. 

  1691. Partition swap configuration

  1692. 

  1693. .. code-block:: yaml

  1694. 

  1695.     linux:

  1696.       storage:

  1697.         enabled: true

  1698.         swap:

  1699.           partition:

  1700.             enabled: true

  1701.             engine: partition

  1702.             device: /dev/vg0/swap

  1703. 

  1704. LVM group `vg1` with one device and `data` volume mounted into `/mnt/data`

  1705. 

  1706. .. code-block:: yaml

  1707. 

  1708.     parameters:

  1709.       linux:

  1710.         storage:

  1711.           mount:

  1712.             data:

  1713.               enabled: true

  1714.               device: /dev/vg1/data

  1715.               file_system: ext4

  1716.               path: /mnt/data

  1717.           lvm:

  1718.             vg1:

  1719.               enabled: true

  1720.               devices:

  1721.                 - /dev/sdb

  1722.               volume:

  1723.                 data:

  1724.                   size: 40G

  1725.                   mount: ${linux:storage:mount:data}

  1726. 

  1727. Create partitions on disk. Specify size in MB. It expects empty

  1728. disk without any existing partitions. (set startsector=1, if you want to start partitions from 2048)

  1729. 

  1730. .. code-block:: yaml

  1731. 

  1732.       linux:

  1733.         storage:

  1734.           disk:

  1735.             first_drive:

  1736.               startsector: 1

  1737.               name: /dev/loop1

  1738.               type: gpt

  1739.               partitions:

  1740.                 - size: 200 #size in MB

  1741.                   type: fat32

  1742.                 - size: 300 #size in MB

  1743.                   mkfs: True

  1744.                   type: xfs

  1745.             /dev/vda1:

  1746.               partitions:

  1747.                 - size: 5

  1748.                   type: ext2

  1749.                 - size: 10

  1750.                   type: ext4

  1751. 

  1752. Multipath with Fujitsu Eternus DXL

  1753. 

  1754. .. code-block:: yaml

  1755. 

  1756.     parameters:

  1757.       linux:

  1758.         storage:

  1759.           multipath:

  1760.             enabled: true

  1761.             blacklist_devices:

  1762.             - /dev/sda

  1763.             - /dev/sdb

  1764.             backends:

  1765.             - fujitsu_eternus_dxl

  1766. 

  1767. Multipath with Hitachi VSP 1000

  1768. 

  1769. .. code-block:: yaml

  1770. 

  1771.     parameters:

  1772.       linux:

  1773.         storage:

  1774.           multipath:

  1775.             enabled: true

  1776.             blacklist_devices:

  1777.             - /dev/sda

  1778.             - /dev/sdb

  1779.             backends:

  1780.             - hitachi_vsp1000

  1781. 

  1782. Multipath with IBM Storwize

  1783. 

  1784. .. code-block:: yaml

  1785. 

  1786.     parameters:

  1787.       linux:

  1788.         storage:

  1789.           multipath:

  1790.             enabled: true

  1791.             blacklist_devices:

  1792.             - /dev/sda

  1793.             - /dev/sdb

  1794.             backends:

  1795.             - ibm_storwize

  1796. 

  1797. Multipath with multiple backends

  1798. 

  1799. .. code-block:: yaml

  1800. 

  1801.     parameters:

  1802.       linux:

  1803.         storage:

  1804.           multipath:

  1805.             enabled: true

  1806.             blacklist_devices:

  1807.             - /dev/sda

  1808.             - /dev/sdb

  1809.             - /dev/sdc

  1810.             - /dev/sdd

  1811.             backends:

  1812.             - ibm_storwize

  1813.             - fujitsu_eternus_dxl

  1814.             - hitachi_vsp1000

  1815. 

  1816. PAM LDAP integration

  1817. 

  1818. .. code-block:: yaml

  1819. 

  1820.     parameters:

  1821.       linux:

  1822.         system:

  1823.           auth:

  1824.             enabled: true

  1825.             mkhomedir:

  1826.               enabled: true

  1827.               umask: 0027

  1828.             ldap:

  1829.               enabled: true

  1830.               binddn: cn=bind,ou=service_users,dc=example,dc=com

  1831.               bindpw: secret

  1832.               uri: ldap://127.0.0.1

  1833.               base: ou=users,dc=example,dc=com

  1834.               ldap_version: 3

  1835.               pagesize: 65536

  1836.               referrals: off

  1837.               filter:

  1838.                 passwd: (&(&(objectClass=person)(uidNumber=*))(unixHomeDirectory=*))

  1839.                 shadow: (&(&(objectClass=person)(uidNumber=*))(unixHomeDirectory=*))

  1840.                 group:  (&(objectClass=group)(gidNumber=*))

  1841. 

  1842. Disabled multipath (the default setup)

  1843. 

  1844. .. code-block:: yaml

  1845. 

  1846.     parameters:

  1847.       linux:

  1848.         storage:

  1849.           multipath:

  1850.             enabled: false

  1851. 

  1852. Linux with local loopback device

  1853. 

  1854. .. code-block:: yaml

  1855. 

  1856.     linux:

  1857.       storage:

  1858.         loopback:

  1859.           disk1:

  1860.             file: /srv/disk1

  1861.             size: 50G

  1862. 

  1863. External config generation

  1864. --------------------------

  1865. 

  1866. You are able to use config support metadata between formulas and only generate

  1867. config files for external use, eg. docker, etc.

  1868. 

  1869. .. code-block:: yaml

  1870. 

  1871.     parameters:

  1872.       linux:

  1873.         system:

  1874.           config:

  1875.             pillar:

  1876.               jenkins:

  1877.                 master:

  1878.                   home: /srv/volumes/jenkins

  1879.                   approved_scripts:

  1880.                     - method java.net.URL openConnection

  1881.                   credentials:

  1882.                     - type: username_password

  1883.                       scope: global

  1884.                       id: test

  1885.                       desc: Testing credentials

  1886.                       username: test

  1887.                       password: test

  1888. 

  1889. Netconsole Remote Kernel Logging

  1890. --------------------------------

  1891. 

  1892. Netconsole logger could be configured for configfs-enabled kernels

  1893. (`CONFIG_NETCONSOLE_DYNAMIC` should be enabled). Configuration applies both in

  1894. runtime (if network is already configured), and on-boot after interface

  1895. initialization. Notes:

  1896. 

  1897.  * receiver could be located only in same L3 domain

  1898.    (or you need to configure gateway MAC manually)

  1899.  * receiver's MAC is detected only on configuration time

  1900.  * using broadcast MAC is not recommended

  1901. 

  1902. .. code-block:: yaml

  1903. 

  1904.     parameters:

  1905.       linux:

  1906.         system:

  1907.           netconsole:

  1908.             enabled: true

  1909.             port: 514 (optional)

  1910.             loglevel: debug (optional)

  1911.             target:

  1912.               192.168.0.1:

  1913.                 interface: bond0

  1914.                 mac: "ff:ff:ff:ff:ff:ff" (optional)

  1915. 

  1916. Usage

  1917. =====

  1918. 

  1919. Set mtu of network interface eth0 to 1400

  1920. 

  1921. .. code-block:: bash

  1922. 

  1923.     ip link set dev eth0 mtu 1400

  1924. 

  1925. Read more

  1926. =========

  1927. 

  1928. * https://www.archlinux.org/

  1929. * http://askubuntu.com/questions/175172/how-do-i-configure-proxies-in-ubuntu-server-or-minimal-cli-ubuntu

  1930. 

  1931. Documentation and Bugs

  1932. ======================

  1933. 

  1934. To learn how to install and update salt-formulas, consult the documentation

  1935. available online at:

  1936. 

  1937.     http://salt-formulas.readthedocs.io/

  1938. 

  1939. In the unfortunate event that bugs are discovered, they should be reported to

  1940. the appropriate issue tracker. Use Github issue tracker for specific salt

  1941. formula:

  1942. 

  1943.     https://github.com/salt-formulas/salt-formula-linux/issues

  1944. 

  1945. For feature requests, bug reports or blueprints affecting entire ecosystem,

  1946. use Launchpad salt-formulas project:

  1947. 

  1948.     https://launchpad.net/salt-formulas

  1949. 

  1950. You can also join salt-formulas-users team and subscribe to mailing list:

  1951. 

  1952.     https://launchpad.net/~salt-formulas-users

  1953. 

  1954. Developers wishing to work on the salt-formulas projects should always base

  1955. their work on master branch and submit pull request against specific formula.

  1956. 

  1957.     https://github.com/salt-formulas/salt-formula-linux

  1958. 

  1959. Any questions or feedback is always welcome so feel free to join our IRC

  1960. channel:

  1961. 

  1962.     #salt-formulas @ irc.freenode.net