ExternalMirrors
/
linux-formula
mirror of https://github.com/salt-formulas/salt-formula-linux
Watch 1
Star 0
Fork 1
Code Issues 0 Releases 8 Wiki Activity
Saltstack Official Linux Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
58 Commits
26 Branches
Tree: 7277ba9601
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '7277ba9601'
${ noResults }
linux-formula/README.rst

README.rst 11KB
Raw Normal View History

Initial commit
9 years ago
Support for setting security limits
9 years ago
Enable/disable console autologin
9 years ago
Make linux.system.kernel functional
9 years ago
Initial commit
9 years ago
rc.local added to linux formula
9 years ago
Allow setting system-wide prompt
9 years ago
Ensure PS1 is enforced for root
9 years ago
rc.local added to linux formula
9 years ago
Set message of the day
9 years ago
Initial commit
9 years ago
example usage to disable NM
9 years ago
Initial commit
9 years ago
example usage to disable NM
9 years ago
Initial commit
9 years ago
vlan networking support
9 years ago
fix fillar syntax
9 years ago
vlan networking support
9 years ago
Initial commit
9 years ago
vlan networking support
9 years ago
Initial commit
9 years ago
vlan networking support
9 years ago
Initial commit
9 years ago
Allow setting resolv.conf
9 years ago
Initial commit
9 years ago
add swap partition support
9 years ago
Support for LVM
9 years ago
Initial commit
9 years ago
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544 
  1. 

  2. =====

  3. Linux

  4. =====

  5. 

  6. Linux Operating Systems.

  7. 

  8. * Ubuntu

  9. * CentOS

  10. * RedHat

  11. * Fedora

  12. * Arch

  13. 

  14. Sample pillars

  15. ==============

  16. 

  17. Linux system

  18. ------------

  19. 

  20. Basic Linux box

  21. 

  22. .. code-block:: yaml

  23. 

  24.     linux:

  25.       system:

  26.         enabled: true

  27.         name: 'node1'

  28.         domain: 'domain.com'

  29.         cluster: 'system'

  30.         environment: prod

  31.         timezone: 'Europe/Prague'

  32.         utc: true

  33. 

  34. Linux with system users, sowe with password set

  35. 

  36. .. code-block:: yaml

  37. 

  38.     linux:

  39.       system:

  40.         ...

  41.         user:

  42.           jdoe:

  43.             name: 'jdoe'

  44.             enabled: true

  45.             sudo: true

  46.             shell: /bin/bash

  47.             full_name: 'Jonh Doe'

  48.             home: '/home/jdoe'

  49.             email: 'jonh@doe.com'

  50.           jsmith:

  51.             name: 'jsmith'

  52.             enabled: true

  53.             full_name: 'Password'

  54.             home: '/home/jsmith'

  55.             password: userpassword

  56. 

  57. Linux with package, latest version

  58. 

  59. .. code-block:: yaml

  60. 

  61.     linux:

  62.       system:

  63.         ...

  64.         package:

  65.           package-name:

  66.             version: latest

  67. 

  68. Linux with package from certail repo, version with no upgrades

  69. 

  70. .. code-block:: yaml

  71. 

  72.     linux:

  73.       system:

  74.         ...

  75.         package:

  76.           package-name:

  77.             version: 2132.323

  78.             repo: 'custom-repo'

  79.             hold: true

  80. 

  81. Linux with package from certail repo, version with no GPG verification

  82. 

  83. .. code-block:: yaml

  84. 

  85.     linux:

  86.       system:

  87.         ...

  88.         package:

  89.           package-name:

  90.             version: 2132.323

  91.             repo: 'custom-repo'

  92.             verify: false

  93. 

  94. Linux with cron jobs

  95. 

  96. .. code-block:: yaml

  97. 

  98.     linux:

  99.       system:

  100.         ...

  101.         job:

  102.           cmd1:

  103.             command: '/cmd/to/run'

  104.             enabled: true

  105.             user: 'root'

  106.             hour: 2

  107.             minute: 0

  108. 

  109. Linux security limits (limit sensu user memory usage to max 1GB):

  110. 

  111. .. code-block:: yaml

  112. 

  113.     linux:

  114.       system:

  115.         ...

  116.         limit:

  117.           sensu:

  118.             enabled: true

  119.             domain: sensu

  120.             limits:

  121.               - type: hard

  122.                 item: as

  123.                 value: 1000000

  124. 

  125. Enable autologin on tty1 (may work only for Ubuntu 14.04):

  126. 

  127. .. code-block:: yaml

  128. 

  129.     linux:

  130.       system:

  131.         console:

  132.           tty1:

  133.             autologin: root

  134. 

  135. To disable set autologin to `false`.

  136. 

  137. Kernel

  138. ~~~~~~

  139. 

  140. Install always up to date LTS kernel and headers from Ubuntu trusty:

  141. 

  142. .. code-block:: yaml

  143. 

  144.     linux:

  145.       system:

  146.         kernel:

  147.           type: generic

  148.           lts: trusty

  149.           headers: true

  150. 

  151. Install specific kernel version and ensure all other kernel packages are

  152. not present. Also install extra modules and headers for this kernel:

  153. 

  154. .. code-block:: yaml

  155. 

  156.     linux:

  157.       system:

  158.         kernel:

  159.           type: generic

  160.           extra: true

  161.           headers: true

  162.           version: 4.2.0-22

  163. 

  164. Repositories

  165. ~~~~~~~~~~~~

  166. 

  167. RedHat based Linux with additional OpenStack repo

  168. 

  169. .. code-block:: yaml

  170. 

  171.     linux:

  172.       system:

  173.         ...

  174.         repo:

  175.           rdo-icehouse:

  176.             enabled: true

  177.             source: 'http://repos.fedorapeople.org/repos/openstack/openstack-icehouse/epel-6/'

  178.             pgpcheck: 0

  179. 

  180. Ensure system repository to use czech Debian mirror (``default: true``)

  181. Also pin it's packages with priority 900.

  182. 

  183. .. code-block:: yaml

  184. 

  185.    linux:

  186.      system:

  187.        repo:

  188.          debian:

  189.            default: true

  190.            source: "deb http://ftp.cz.debian.org/debian/ jessie main contrib non-free"

  191.            # Import signing key from URL if needed

  192.            key_url: "http://dummy.com/public.gpg"

  193.            pin:

  194.              - pin: 'origin "ftp.cz.debian.org"'

  195.                priority: 900

  196.                package: '*'

  197. 

  198. rc.local example

  199. 

  200. .. code-block:: yaml

  201. 

  202.    linux:

  203.      system:

  204.        rc:

  205.          local: |

  206.            #!/bin/sh -e

  207.            #

  208.            # rc.local

  209.            #

  210.            # This script is executed at the end of each multiuser runlevel.

  211.            # Make sure that the script will "exit 0" on success or any other

  212.            # value on error.

  213.            #

  214.            # In order to enable or disable this script just change the execution

  215.            # bits.

  216.            #

  217.            # By default this script does nothing.

  218.            exit 0

  219. 

  220. Prompt

  221. ~~~~~~

  222. 

  223. Setting prompt is implemented by creating ``/etc/profile.d/prompt.sh``. Every

  224. user can have different prompt.

  225. 

  226. .. code-block:: yaml

  227. 

  228.     linux:

  229.       system:

  230.         prompt:

  231.           root: \\n\\[\\033[0;37m\\]\\D{%y/%m/%d %H:%M:%S} $(hostname -f)\\[\\e[0m\\]\\n\\[\\e[1;31m\\][\\u@\\h:\\w]\\[\\e[0m\\]

  232.           default: \\n\\D{%y/%m/%d %H:%M:%S} $(hostname -f)\\n[\\u@\\h:\\w]

  233. 

  234. On Debian systems to set prompt system-wide it's necessary to remove setting

  235. PS1 in ``/etc/bash.bashrc`` and ``~/.bashrc`` (which comes from

  236. ``/etc/skel/.bashrc``). This formula will do this automatically, but will not

  237. touch existing user's ``~/.bashrc`` files except root.

  238. 

  239. Message of the day

  240. ~~~~~~~~~~~~~~~~~~

  241. 

  242. ``pam_motd`` from package ``update-motd`` is used for dynamic messages of the

  243. day. Setting custom motd will cleanup existing ones.

  244. 

  245. .. code-block:: yaml

  246. 

  247.     linux:

  248.       system:

  249.         motd:

  250.           - release: |

  251.               #!/bin/sh

  252.               [ -r /etc/lsb-release ] && . /etc/lsb-release

  253. 

  254.               if [ -z "$DISTRIB_DESCRIPTION" ] && [ -x /usr/bin/lsb_release ]; then

  255.               	# Fall back to using the very slow lsb_release utility

  256.               	DISTRIB_DESCRIPTION=$(lsb_release -s -d)

  257.               fi

  258. 

  259.               printf "Welcome to %s (%s %s %s)\n" "$DISTRIB_DESCRIPTION" "$(uname -o)" "$(uname -r)" "$(uname -m)"

  260.           - warning: |

  261.               #!/bin/sh

  262.               printf "This is [company name] network.\n"

  263.               printf "Unauthorized access strictly prohibited.\n"

  264. 

  265. Linux network

  266. -------------

  267. 

  268. Linux with network manager

  269. 

  270. .. code-block:: yaml

  271. 

  272.     linux:

  273.       network:

  274.         enabled: true

  275.         network_manager: true

  276. 

  277. Linux with default static network interfaces, default gateway interface and DNS servers

  278. 

  279. .. code-block:: yaml

  280. 

  281.     linux:

  282.       network:

  283.         enabled: true

  284.         interface:

  285.           eth0:

  286.             enabled: true

  287.             type: eth

  288.             address: 192.168.0.102

  289.             netmask: 255.255.255.0

  290.             gateway: 192.168.0.1

  291.             name_servers:

  292.             - 8.8.8.8

  293.             - 8.8.4.4

  294.             mtu: 1500

  295. 

  296. Linux with bonded interfaces and disabled NetworkManager

  297. 

  298. .. code-block:: yaml

  299. 

  300.     linux:

  301.       network:

  302.         enabled: true

  303.         interface:

  304.           eth0:

  305.             type: eth

  306.             ...

  307.           eth1:

  308.             type: eth

  309.             ...

  310.           bond0:

  311.             enabled: true

  312.             type: bond

  313.             address: 192.168.0.102

  314.             netmask: 255.255.255.0

  315.             mtu: 1500

  316.             use_in:

  317.             - interface: ${linux:interface:eth0}

  318.             - interface: ${linux:interface:eth0}

  319.         network_manager:

  320.           disable: true

  321. 

  322. Linux with vlan interface_params

  323. 

  324. .. code-block:: yaml

  325. 

  326.     linux:

  327.       network:

  328.         enabled: true

  329.         interface:

  330.           vlan69:

  331.             type: vlan

  332.             use_interfaces:

  333.             - interface: ${linux:interface:bond0}

  334. 

  335. Linux with wireless interface parameters

  336. 

  337. .. code-block:: yaml

  338. 

  339.     linux:

  340.       network:

  341.         enabled: true

  342.         gateway: 10.0.0.1

  343.         default_interface: eth0

  344.         interface:

  345.           wlan0:

  346.             type: eth

  347.             wireless:

  348.               essid: example

  349.               key: example_key

  350.               security: wpa

  351.               priority: 1

  352. 

  353. Linux networks with routes defined

  354. 

  355. .. code-block:: yaml

  356. 

  357.     linux:

  358.       network:

  359.         enabled: true

  360.         gateway: 10.0.0.1

  361.         default_interface: eth0

  362.         interface:

  363.           eth0:

  364.             type: eth

  365.             route:

  366.               default:

  367.                 address: 192.168.0.123

  368.                 netmask: 255.255.255.0

  369.                 gateway: 192.168.0.1

  370. 

  371. Native Linux Bridges

  372. 

  373. .. code-block:: yaml

  374. 

  375.     linux:

  376.       network:

  377.         interface:

  378.           eth1:

  379.             enabled: true

  380.             type: eth

  381.             proto: manual

  382.             up_cmds:

  383.             - ip address add 0/0 dev $IFACE

  384.             - ip link set $IFACE up

  385.             down_cmds:

  386.             - ip link set $IFACE down

  387.           br-ex:

  388.             enabled: true

  389.             type: bridge

  390.             address: ${linux:network:host:public_local:address}

  391.             netmask: 255.255.255.0

  392.             use_interfaces:

  393.             - eth1

  394. 

  395. OpenVswitch Bridges

  396. 

  397. .. code-block:: yaml

  398. 

  399.     linux:

  400.       network:

  401.         bridge: openvswitch

  402.         interface:

  403.           eth1:

  404.             enabled: true

  405.             type: eth

  406.             proto: manual

  407.             up_cmds:

  408.             - ip address add 0/0 dev $IFACE

  409.             - ip link set $IFACE up

  410.             down_cmds:

  411.             - ip link set $IFACE down

  412.           br-ex:

  413.             enabled: true

  414.             type: bridge

  415.             address: ${linux:network:host:public_local:address}

  416.             netmask: 255.255.255.0

  417.             use_interfaces:

  418.             - eth1

  419. 

  420. Linux with proxy

  421. 

  422. .. code-block:: yaml

  423. 

  424.     linux:

  425.       network:

  426.         ...

  427.         proxy:

  428.           host: proxy.domain.com

  429.           port: 3128

  430. 

  431. Linux with hosts

  432. 

  433. .. code-block:: yaml

  434. 

  435.     linux:

  436.       network:

  437.         ...

  438.         host:

  439.           node1:

  440.             address: 192.168.10.200

  441.             names:

  442.             - node2.domain.com

  443.             - service2.domain.com

  444.           node2:

  445.             address: 192.168.10.201

  446.             names:

  447.             - node2.domain.com

  448.             - service2.domain.com

  449. 

  450. Setup resolv.conf, nameservers, domain and search domains

  451. 

  452. .. code-block:: yaml

  453. 

  454.     linux:

  455.       network:

  456.         resolv:

  457.           dns:

  458.             - 8.8.4.4

  459.             - 8.8.8.8

  460.           domain: my.example.com

  461.           search:

  462.             - my.example.com

  463.             - example.com

  464. 

  465. Linux storage pillars

  466. ---------------------

  467. 

  468. Linux with mounted Samba

  469. 

  470. .. code-block:: yaml

  471. 

  472.     linux:

  473.       storage:

  474.         enabled: true

  475.         mount:

  476.           samba1:

  477.           - path: /media/myuser/public/

  478.           - device: //192.168.0.1/storage

  479.           - file_system: cifs

  480.           - options: guest,uid=myuser,iocharset=utf8,file_mode=0777,dir_mode=0777,noperm

  481. 

  482. Linux with file swap

  483. 

  484. .. code-block:: yaml

  485. 

  486.     linux:

  487.       storage:

  488.         enabled: true

  489.         swap:

  490.           file:

  491.             enabled: true

  492.             engine: file

  493.             device: /swapfile

  494.             size: 1024

  495. 

  496. Linux with partition swap

  497. 

  498. .. code-block:: yaml

  499. 

  500.     linux:

  501.       storage:

  502.         enabled: true

  503.         swap:

  504.           partition:

  505.             enabled: true

  506.             engine: partition

  507.             device: /dev/vg0/swap

  508. 

  509. LVM group `vg1` with one device and `data` volume mounted into `/mnt/data`

  510. 

  511. .. code-block:: yaml

  512. 

  513.     parameters:

  514.       linux:

  515.         storage:

  516.           mount:

  517.             data:

  518.               device: /dev/vg1/data

  519.               file_system: ext4

  520.               path: /mnt/data

  521.           lvm:

  522.             vg1:

  523.               enabled: true

  524.               devices:

  525.                 - /dev/sdb

  526.               volume:

  527.                 data:

  528.                   size: 40G

  529.                   mount: ${linux:storage:mount:data}

  530. 

  531. Usage

  532. =====

  533. 

  534. Set mtu of network interface eth0 to 1400

  535. 

  536. .. code-block:: bash

  537. 

  538.     ip link set dev eth0 mtu 1400

  539. 

  540. Read more

  541. =========

  542. 

  543. * https://www.archlinux.org/

  544. * http://askubuntu.com/questions/175172/how-do-i-configure-proxies-in-ubuntu-server-or-minimal-cli-ubuntu