Saltstack Official Linux Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

пре 7 година
пре 2 година
пре 7 година
пре 9 година
пре 9 година
пре 7 година
пре 9 година
пре 7 година
пре 9 година
пре 2 година
пре 9 година
пре 9 година
пре 9 година
пре 9 година
пре 2 година
пре 9 година
пре 7 година
пре 7 година
пре 9 година
пре 9 година
пре 9 година
пре 9 година
пре 9 година
пре 9 година
пре 9 година
пре 9 година
пре 8 година
пре 8 година
пре 8 година
rewrite LVM lv_present prevents unwanted LV shrink (#221) * Update file.sls add replace * Update file.sls update replace * Update job.sls Added the opportunity to set a job with a special keyword like '@reboot' or '@hourly'. Quotes must be used, otherwise PyYAML will strip the '@' sign. https://docs.saltstack.com/en/master/ref/states/all/salt.states.cron.html * Update README.rst Added the opportunity to set a job with a special keyword like '@reboot' or '@hourly'. Quotes must be used, otherwise PyYAML will strip the '@' sign. * Update README.rst * fix(deprecation): update to new method (#214) Signed-off-by: Felipe Zipitria <fzipitria@perceptyx.com> * Allow swap to be completely disabled * sort repos so they do not change order every run * allow use of new state syntax for module.run The new syntax has been supported since ~2017. From the docs, in case they change: ! New Style test.random_hash: module.run: - test.random_hash: - size: 42 - hash_type: sha256 ! Legacy Style test.random_hash: module.run: - size: 42 - hash_type: sha256 * Update map.jinja Add support fpr Ubuntu Focal. * Update file.sls added possibility to delete files * Network resolf.conf handling the handling as the Resolv.conf is generated and adapted, adapted. previously the Resolv.conf was created and then through Overwrite "network.system" in the interface.sls again. With two search servers that should actually be included. "search example.com. sudomain.example.com" but it always became that search ['example.com.', 'sudomain.example.com'] The resolv.conf was first created correctly but then overwritten again in the interface.sls. The problem only arises if you don't want to have a "Domain:" in resov.conf * rewrite LVM lv_present Since salt now also supports LV extend and reduce, the option Force must be used with care. The changes include that force is only set if the corresponding LV does not yet exist (check via Grains) in order to overwrite any FS signatures (Wiping fs signature). If the LV already exists (check via Grains), Force is set to False unless this is explicitly set to True in the pillars. * Network resolf.conf handling (#220) (#8) * Update file.sls add replace * Update file.sls update replace * Update job.sls Added the opportunity to set a job with a special keyword like '@reboot' or '@hourly'. Quotes must be used, otherwise PyYAML will strip the '@' sign. https://docs.saltstack.com/en/master/ref/states/all/salt.states.cron.html * Update README.rst Added the opportunity to set a job with a special keyword like '@reboot' or '@hourly'. Quotes must be used, otherwise PyYAML will strip the '@' sign. * Update README.rst * fix(deprecation): update to new method (#214) Signed-off-by: Felipe Zipitria <fzipitria@perceptyx.com> * Allow swap to be completely disabled * sort repos so they do not change order every run * allow use of new state syntax for module.run The new syntax has been supported since ~2017. From the docs, in case they change: ! New Style test.random_hash: module.run: - test.random_hash: - size: 42 - hash_type: sha256 ! Legacy Style test.random_hash: module.run: - size: 42 - hash_type: sha256 * Update map.jinja Add support fpr Ubuntu Focal. * Update file.sls added possibility to delete files * Network resolf.conf handling the handling as the Resolv.conf is generated and adapted, adapted. previously the Resolv.conf was created and then through Overwrite "network.system" in the interface.sls again. With two search servers that should actually be included. "search example.com. sudomain.example.com" but it always became that search ['example.com.', 'sudomain.example.com'] The resolv.conf was first created correctly but then overwritten again in the interface.sls. The problem only arises if you don't want to have a "Domain:" in resov.conf Co-authored-by: Felipe Zipitría <fzipi@fing.edu.uy> Co-authored-by: Kyle Gullion <kgullion@gmail.com> Co-authored-by: Matthew Thode <thode@fsi.io> Co-authored-by: Matthew Thode <mthode@mthode.org> Co-authored-by: Felipe Zipitría <fzipi@fing.edu.uy> Co-authored-by: Kyle Gullion <kgullion@gmail.com> Co-authored-by: Matthew Thode <thode@fsi.io> Co-authored-by: Matthew Thode <mthode@mthode.org> * Network resolf.conf handling (#220) (#9) * Update file.sls add replace * Update file.sls update replace * Update job.sls Added the opportunity to set a job with a special keyword like '@reboot' or '@hourly'. Quotes must be used, otherwise PyYAML will strip the '@' sign. https://docs.saltstack.com/en/master/ref/states/all/salt.states.cron.html * Update README.rst Added the opportunity to set a job with a special keyword like '@reboot' or '@hourly'. Quotes must be used, otherwise PyYAML will strip the '@' sign. * Update README.rst * fix(deprecation): update to new method (#214) Signed-off-by: Felipe Zipitria <fzipitria@perceptyx.com> * Allow swap to be completely disabled * sort repos so they do not change order every run * allow use of new state syntax for module.run The new syntax has been supported since ~2017. From the docs, in case they change: ! New Style test.random_hash: module.run: - test.random_hash: - size: 42 - hash_type: sha256 ! Legacy Style test.random_hash: module.run: - size: 42 - hash_type: sha256 * Update map.jinja Add support fpr Ubuntu Focal. * Update file.sls added possibility to delete files * Network resolf.conf handling the handling as the Resolv.conf is generated and adapted, adapted. previously the Resolv.conf was created and then through Overwrite "network.system" in the interface.sls again. With two search servers that should actually be included. "search example.com. sudomain.example.com" but it always became that search ['example.com.', 'sudomain.example.com'] The resolv.conf was first created correctly but then overwritten again in the interface.sls. The problem only arises if you don't want to have a "Domain:" in resov.conf Co-authored-by: Felipe Zipitría <fzipi@fing.edu.uy> Co-authored-by: Kyle Gullion <kgullion@gmail.com> Co-authored-by: Matthew Thode <thode@fsi.io> Co-authored-by: Matthew Thode <mthode@mthode.org> Co-authored-by: Felipe Zipitría <fzipi@fing.edu.uy> Co-authored-by: Kyle Gullion <kgullion@gmail.com> Co-authored-by: Matthew Thode <thode@fsi.io> Co-authored-by: Matthew Thode <mthode@mthode.org> * Update mount.sls added the possibility to set the dump and pass option dump The dump value to be passed into the fstab, Default is 0 pass_num The pass value to be passed into the fstab, Default is 0 * Update mount.sls correction, wrong line. added the possibility to set the dump and pass option dump The dump value to be passed into the fstab, Default is 0 pass_num The pass value to be passed into the fstab, Default is 0 * Add Bind Mount Option Add Bind Mount Option * Add support for template defaults/context args * Add IPv6 Interface Support Add IPv6 Interface Support First Version * Fix warning in salt v3003 The 'gid_from_name' argument in the user.present state has been replaced with 'usergroup'. Update your SLS file to get rid of this warning. * Update map.jinja add Jammy Support --------- Signed-off-by: Felipe Zipitria <fzipitria@perceptyx.com> Co-authored-by: Felipe Zipitría <fzipi@fing.edu.uy> Co-authored-by: Kyle Gullion <kgullion@gmail.com> Co-authored-by: Matthew Thode <thode@fsi.io> Co-authored-by: Matthew Thode <mthode@mthode.org> Co-authored-by: Bruno Binet <bruno.binet@gmail.com>
пре 1 година
пре 9 година
пре 8 година
пре 8 година
пре 2 година
пре 8 година
пре 8 година
пре 9 година
пре 9 година
пре 2 година
пре 9 година
пре 9 година
пре 7 година
пре 7 година
пре 9 година
пре 9 година
пре 9 година
пре 9 година
пре 9 година
пре 9 година
пре 9 година
пре 9 година
пре 9 година
rewrite LVM lv_present prevents unwanted LV shrink (#221) * Update file.sls add replace * Update file.sls update replace * Update job.sls Added the opportunity to set a job with a special keyword like '@reboot' or '@hourly'. Quotes must be used, otherwise PyYAML will strip the '@' sign. https://docs.saltstack.com/en/master/ref/states/all/salt.states.cron.html * Update README.rst Added the opportunity to set a job with a special keyword like '@reboot' or '@hourly'. Quotes must be used, otherwise PyYAML will strip the '@' sign. * Update README.rst * fix(deprecation): update to new method (#214) Signed-off-by: Felipe Zipitria <fzipitria@perceptyx.com> * Allow swap to be completely disabled * sort repos so they do not change order every run * allow use of new state syntax for module.run The new syntax has been supported since ~2017. From the docs, in case they change: ! New Style test.random_hash: module.run: - test.random_hash: - size: 42 - hash_type: sha256 ! Legacy Style test.random_hash: module.run: - size: 42 - hash_type: sha256 * Update map.jinja Add support fpr Ubuntu Focal. * Update file.sls added possibility to delete files * Network resolf.conf handling the handling as the Resolv.conf is generated and adapted, adapted. previously the Resolv.conf was created and then through Overwrite "network.system" in the interface.sls again. With two search servers that should actually be included. "search example.com. sudomain.example.com" but it always became that search ['example.com.', 'sudomain.example.com'] The resolv.conf was first created correctly but then overwritten again in the interface.sls. The problem only arises if you don't want to have a "Domain:" in resov.conf * rewrite LVM lv_present Since salt now also supports LV extend and reduce, the option Force must be used with care. The changes include that force is only set if the corresponding LV does not yet exist (check via Grains) in order to overwrite any FS signatures (Wiping fs signature). If the LV already exists (check via Grains), Force is set to False unless this is explicitly set to True in the pillars. * Network resolf.conf handling (#220) (#8) * Update file.sls add replace * Update file.sls update replace * Update job.sls Added the opportunity to set a job with a special keyword like '@reboot' or '@hourly'. Quotes must be used, otherwise PyYAML will strip the '@' sign. https://docs.saltstack.com/en/master/ref/states/all/salt.states.cron.html * Update README.rst Added the opportunity to set a job with a special keyword like '@reboot' or '@hourly'. Quotes must be used, otherwise PyYAML will strip the '@' sign. * Update README.rst * fix(deprecation): update to new method (#214) Signed-off-by: Felipe Zipitria <fzipitria@perceptyx.com> * Allow swap to be completely disabled * sort repos so they do not change order every run * allow use of new state syntax for module.run The new syntax has been supported since ~2017. From the docs, in case they change: ! New Style test.random_hash: module.run: - test.random_hash: - size: 42 - hash_type: sha256 ! Legacy Style test.random_hash: module.run: - size: 42 - hash_type: sha256 * Update map.jinja Add support fpr Ubuntu Focal. * Update file.sls added possibility to delete files * Network resolf.conf handling the handling as the Resolv.conf is generated and adapted, adapted. previously the Resolv.conf was created and then through Overwrite "network.system" in the interface.sls again. With two search servers that should actually be included. "search example.com. sudomain.example.com" but it always became that search ['example.com.', 'sudomain.example.com'] The resolv.conf was first created correctly but then overwritten again in the interface.sls. The problem only arises if you don't want to have a "Domain:" in resov.conf Co-authored-by: Felipe Zipitría <fzipi@fing.edu.uy> Co-authored-by: Kyle Gullion <kgullion@gmail.com> Co-authored-by: Matthew Thode <thode@fsi.io> Co-authored-by: Matthew Thode <mthode@mthode.org> Co-authored-by: Felipe Zipitría <fzipi@fing.edu.uy> Co-authored-by: Kyle Gullion <kgullion@gmail.com> Co-authored-by: Matthew Thode <thode@fsi.io> Co-authored-by: Matthew Thode <mthode@mthode.org> * Network resolf.conf handling (#220) (#9) * Update file.sls add replace * Update file.sls update replace * Update job.sls Added the opportunity to set a job with a special keyword like '@reboot' or '@hourly'. Quotes must be used, otherwise PyYAML will strip the '@' sign. https://docs.saltstack.com/en/master/ref/states/all/salt.states.cron.html * Update README.rst Added the opportunity to set a job with a special keyword like '@reboot' or '@hourly'. Quotes must be used, otherwise PyYAML will strip the '@' sign. * Update README.rst * fix(deprecation): update to new method (#214) Signed-off-by: Felipe Zipitria <fzipitria@perceptyx.com> * Allow swap to be completely disabled * sort repos so they do not change order every run * allow use of new state syntax for module.run The new syntax has been supported since ~2017. From the docs, in case they change: ! New Style test.random_hash: module.run: - test.random_hash: - size: 42 - hash_type: sha256 ! Legacy Style test.random_hash: module.run: - size: 42 - hash_type: sha256 * Update map.jinja Add support fpr Ubuntu Focal. * Update file.sls added possibility to delete files * Network resolf.conf handling the handling as the Resolv.conf is generated and adapted, adapted. previously the Resolv.conf was created and then through Overwrite "network.system" in the interface.sls again. With two search servers that should actually be included. "search example.com. sudomain.example.com" but it always became that search ['example.com.', 'sudomain.example.com'] The resolv.conf was first created correctly but then overwritten again in the interface.sls. The problem only arises if you don't want to have a "Domain:" in resov.conf Co-authored-by: Felipe Zipitría <fzipi@fing.edu.uy> Co-authored-by: Kyle Gullion <kgullion@gmail.com> Co-authored-by: Matthew Thode <thode@fsi.io> Co-authored-by: Matthew Thode <mthode@mthode.org> Co-authored-by: Felipe Zipitría <fzipi@fing.edu.uy> Co-authored-by: Kyle Gullion <kgullion@gmail.com> Co-authored-by: Matthew Thode <thode@fsi.io> Co-authored-by: Matthew Thode <mthode@mthode.org> * Update mount.sls added the possibility to set the dump and pass option dump The dump value to be passed into the fstab, Default is 0 pass_num The pass value to be passed into the fstab, Default is 0 * Update mount.sls correction, wrong line. added the possibility to set the dump and pass option dump The dump value to be passed into the fstab, Default is 0 pass_num The pass value to be passed into the fstab, Default is 0 * Add Bind Mount Option Add Bind Mount Option * Add support for template defaults/context args * Add IPv6 Interface Support Add IPv6 Interface Support First Version * Fix warning in salt v3003 The 'gid_from_name' argument in the user.present state has been replaced with 'usergroup'. Update your SLS file to get rid of this warning. * Update map.jinja add Jammy Support --------- Signed-off-by: Felipe Zipitria <fzipitria@perceptyx.com> Co-authored-by: Felipe Zipitría <fzipi@fing.edu.uy> Co-authored-by: Kyle Gullion <kgullion@gmail.com> Co-authored-by: Matthew Thode <thode@fsi.io> Co-authored-by: Matthew Thode <mthode@mthode.org> Co-authored-by: Bruno Binet <bruno.binet@gmail.com>
пре 1 година
пре 9 година
пре 9 година
пре 9 година
пре 9 година
пре 9 година
пре 9 година
пре 9 година
пре 9 година
пре 9 година
пре 9 година
пре 9 година
пре 9 година
пре 9 година
пре 9 година
пре 9 година
пре 9 година
пре 9 година
пре 9 година
пре 9 година
пре 9 година
пре 9 година
пре 9 година
пре 9 година
пре 9 година
пре 9 година
пре 8 година
пре 6 година
пре 9 година
пре 9 година
пре 9 година
пре 9 година
пре 7 година
rewrite LVM lv_present prevents unwanted LV shrink (#221) * Update file.sls add replace * Update file.sls update replace * Update job.sls Added the opportunity to set a job with a special keyword like '@reboot' or '@hourly'. Quotes must be used, otherwise PyYAML will strip the '@' sign. https://docs.saltstack.com/en/master/ref/states/all/salt.states.cron.html * Update README.rst Added the opportunity to set a job with a special keyword like '@reboot' or '@hourly'. Quotes must be used, otherwise PyYAML will strip the '@' sign. * Update README.rst * fix(deprecation): update to new method (#214) Signed-off-by: Felipe Zipitria <fzipitria@perceptyx.com> * Allow swap to be completely disabled * sort repos so they do not change order every run * allow use of new state syntax for module.run The new syntax has been supported since ~2017. From the docs, in case they change: ! New Style test.random_hash: module.run: - test.random_hash: - size: 42 - hash_type: sha256 ! Legacy Style test.random_hash: module.run: - size: 42 - hash_type: sha256 * Update map.jinja Add support fpr Ubuntu Focal. * Update file.sls added possibility to delete files * Network resolf.conf handling the handling as the Resolv.conf is generated and adapted, adapted. previously the Resolv.conf was created and then through Overwrite "network.system" in the interface.sls again. With two search servers that should actually be included. "search example.com. sudomain.example.com" but it always became that search ['example.com.', 'sudomain.example.com'] The resolv.conf was first created correctly but then overwritten again in the interface.sls. The problem only arises if you don't want to have a "Domain:" in resov.conf * rewrite LVM lv_present Since salt now also supports LV extend and reduce, the option Force must be used with care. The changes include that force is only set if the corresponding LV does not yet exist (check via Grains) in order to overwrite any FS signatures (Wiping fs signature). If the LV already exists (check via Grains), Force is set to False unless this is explicitly set to True in the pillars. * Network resolf.conf handling (#220) (#8) * Update file.sls add replace * Update file.sls update replace * Update job.sls Added the opportunity to set a job with a special keyword like '@reboot' or '@hourly'. Quotes must be used, otherwise PyYAML will strip the '@' sign. https://docs.saltstack.com/en/master/ref/states/all/salt.states.cron.html * Update README.rst Added the opportunity to set a job with a special keyword like '@reboot' or '@hourly'. Quotes must be used, otherwise PyYAML will strip the '@' sign. * Update README.rst * fix(deprecation): update to new method (#214) Signed-off-by: Felipe Zipitria <fzipitria@perceptyx.com> * Allow swap to be completely disabled * sort repos so they do not change order every run * allow use of new state syntax for module.run The new syntax has been supported since ~2017. From the docs, in case they change: ! New Style test.random_hash: module.run: - test.random_hash: - size: 42 - hash_type: sha256 ! Legacy Style test.random_hash: module.run: - size: 42 - hash_type: sha256 * Update map.jinja Add support fpr Ubuntu Focal. * Update file.sls added possibility to delete files * Network resolf.conf handling the handling as the Resolv.conf is generated and adapted, adapted. previously the Resolv.conf was created and then through Overwrite "network.system" in the interface.sls again. With two search servers that should actually be included. "search example.com. sudomain.example.com" but it always became that search ['example.com.', 'sudomain.example.com'] The resolv.conf was first created correctly but then overwritten again in the interface.sls. The problem only arises if you don't want to have a "Domain:" in resov.conf Co-authored-by: Felipe Zipitría <fzipi@fing.edu.uy> Co-authored-by: Kyle Gullion <kgullion@gmail.com> Co-authored-by: Matthew Thode <thode@fsi.io> Co-authored-by: Matthew Thode <mthode@mthode.org> Co-authored-by: Felipe Zipitría <fzipi@fing.edu.uy> Co-authored-by: Kyle Gullion <kgullion@gmail.com> Co-authored-by: Matthew Thode <thode@fsi.io> Co-authored-by: Matthew Thode <mthode@mthode.org> * Network resolf.conf handling (#220) (#9) * Update file.sls add replace * Update file.sls update replace * Update job.sls Added the opportunity to set a job with a special keyword like '@reboot' or '@hourly'. Quotes must be used, otherwise PyYAML will strip the '@' sign. https://docs.saltstack.com/en/master/ref/states/all/salt.states.cron.html * Update README.rst Added the opportunity to set a job with a special keyword like '@reboot' or '@hourly'. Quotes must be used, otherwise PyYAML will strip the '@' sign. * Update README.rst * fix(deprecation): update to new method (#214) Signed-off-by: Felipe Zipitria <fzipitria@perceptyx.com> * Allow swap to be completely disabled * sort repos so they do not change order every run * allow use of new state syntax for module.run The new syntax has been supported since ~2017. From the docs, in case they change: ! New Style test.random_hash: module.run: - test.random_hash: - size: 42 - hash_type: sha256 ! Legacy Style test.random_hash: module.run: - size: 42 - hash_type: sha256 * Update map.jinja Add support fpr Ubuntu Focal. * Update file.sls added possibility to delete files * Network resolf.conf handling the handling as the Resolv.conf is generated and adapted, adapted. previously the Resolv.conf was created and then through Overwrite "network.system" in the interface.sls again. With two search servers that should actually be included. "search example.com. sudomain.example.com" but it always became that search ['example.com.', 'sudomain.example.com'] The resolv.conf was first created correctly but then overwritten again in the interface.sls. The problem only arises if you don't want to have a "Domain:" in resov.conf Co-authored-by: Felipe Zipitría <fzipi@fing.edu.uy> Co-authored-by: Kyle Gullion <kgullion@gmail.com> Co-authored-by: Matthew Thode <thode@fsi.io> Co-authored-by: Matthew Thode <mthode@mthode.org> Co-authored-by: Felipe Zipitría <fzipi@fing.edu.uy> Co-authored-by: Kyle Gullion <kgullion@gmail.com> Co-authored-by: Matthew Thode <thode@fsi.io> Co-authored-by: Matthew Thode <mthode@mthode.org> * Update mount.sls added the possibility to set the dump and pass option dump The dump value to be passed into the fstab, Default is 0 pass_num The pass value to be passed into the fstab, Default is 0 * Update mount.sls correction, wrong line. added the possibility to set the dump and pass option dump The dump value to be passed into the fstab, Default is 0 pass_num The pass value to be passed into the fstab, Default is 0 * Add Bind Mount Option Add Bind Mount Option * Add support for template defaults/context args * Add IPv6 Interface Support Add IPv6 Interface Support First Version * Fix warning in salt v3003 The 'gid_from_name' argument in the user.present state has been replaced with 'usergroup'. Update your SLS file to get rid of this warning. * Update map.jinja add Jammy Support --------- Signed-off-by: Felipe Zipitria <fzipitria@perceptyx.com> Co-authored-by: Felipe Zipitría <fzipi@fing.edu.uy> Co-authored-by: Kyle Gullion <kgullion@gmail.com> Co-authored-by: Matthew Thode <thode@fsi.io> Co-authored-by: Matthew Thode <mthode@mthode.org> Co-authored-by: Bruno Binet <bruno.binet@gmail.com>
пре 1 година
пре 9 година
пре 9 година
пре 9 година
пре 9 година
rewrite LVM lv_present prevents unwanted LV shrink (#221) * Update file.sls add replace * Update file.sls update replace * Update job.sls Added the opportunity to set a job with a special keyword like '@reboot' or '@hourly'. Quotes must be used, otherwise PyYAML will strip the '@' sign. https://docs.saltstack.com/en/master/ref/states/all/salt.states.cron.html * Update README.rst Added the opportunity to set a job with a special keyword like '@reboot' or '@hourly'. Quotes must be used, otherwise PyYAML will strip the '@' sign. * Update README.rst * fix(deprecation): update to new method (#214) Signed-off-by: Felipe Zipitria <fzipitria@perceptyx.com> * Allow swap to be completely disabled * sort repos so they do not change order every run * allow use of new state syntax for module.run The new syntax has been supported since ~2017. From the docs, in case they change: ! New Style test.random_hash: module.run: - test.random_hash: - size: 42 - hash_type: sha256 ! Legacy Style test.random_hash: module.run: - size: 42 - hash_type: sha256 * Update map.jinja Add support fpr Ubuntu Focal. * Update file.sls added possibility to delete files * Network resolf.conf handling the handling as the Resolv.conf is generated and adapted, adapted. previously the Resolv.conf was created and then through Overwrite "network.system" in the interface.sls again. With two search servers that should actually be included. "search example.com. sudomain.example.com" but it always became that search ['example.com.', 'sudomain.example.com'] The resolv.conf was first created correctly but then overwritten again in the interface.sls. The problem only arises if you don't want to have a "Domain:" in resov.conf * rewrite LVM lv_present Since salt now also supports LV extend and reduce, the option Force must be used with care. The changes include that force is only set if the corresponding LV does not yet exist (check via Grains) in order to overwrite any FS signatures (Wiping fs signature). If the LV already exists (check via Grains), Force is set to False unless this is explicitly set to True in the pillars. * Network resolf.conf handling (#220) (#8) * Update file.sls add replace * Update file.sls update replace * Update job.sls Added the opportunity to set a job with a special keyword like '@reboot' or '@hourly'. Quotes must be used, otherwise PyYAML will strip the '@' sign. https://docs.saltstack.com/en/master/ref/states/all/salt.states.cron.html * Update README.rst Added the opportunity to set a job with a special keyword like '@reboot' or '@hourly'. Quotes must be used, otherwise PyYAML will strip the '@' sign. * Update README.rst * fix(deprecation): update to new method (#214) Signed-off-by: Felipe Zipitria <fzipitria@perceptyx.com> * Allow swap to be completely disabled * sort repos so they do not change order every run * allow use of new state syntax for module.run The new syntax has been supported since ~2017. From the docs, in case they change: ! New Style test.random_hash: module.run: - test.random_hash: - size: 42 - hash_type: sha256 ! Legacy Style test.random_hash: module.run: - size: 42 - hash_type: sha256 * Update map.jinja Add support fpr Ubuntu Focal. * Update file.sls added possibility to delete files * Network resolf.conf handling the handling as the Resolv.conf is generated and adapted, adapted. previously the Resolv.conf was created and then through Overwrite "network.system" in the interface.sls again. With two search servers that should actually be included. "search example.com. sudomain.example.com" but it always became that search ['example.com.', 'sudomain.example.com'] The resolv.conf was first created correctly but then overwritten again in the interface.sls. The problem only arises if you don't want to have a "Domain:" in resov.conf Co-authored-by: Felipe Zipitría <fzipi@fing.edu.uy> Co-authored-by: Kyle Gullion <kgullion@gmail.com> Co-authored-by: Matthew Thode <thode@fsi.io> Co-authored-by: Matthew Thode <mthode@mthode.org> Co-authored-by: Felipe Zipitría <fzipi@fing.edu.uy> Co-authored-by: Kyle Gullion <kgullion@gmail.com> Co-authored-by: Matthew Thode <thode@fsi.io> Co-authored-by: Matthew Thode <mthode@mthode.org> * Network resolf.conf handling (#220) (#9) * Update file.sls add replace * Update file.sls update replace * Update job.sls Added the opportunity to set a job with a special keyword like '@reboot' or '@hourly'. Quotes must be used, otherwise PyYAML will strip the '@' sign. https://docs.saltstack.com/en/master/ref/states/all/salt.states.cron.html * Update README.rst Added the opportunity to set a job with a special keyword like '@reboot' or '@hourly'. Quotes must be used, otherwise PyYAML will strip the '@' sign. * Update README.rst * fix(deprecation): update to new method (#214) Signed-off-by: Felipe Zipitria <fzipitria@perceptyx.com> * Allow swap to be completely disabled * sort repos so they do not change order every run * allow use of new state syntax for module.run The new syntax has been supported since ~2017. From the docs, in case they change: ! New Style test.random_hash: module.run: - test.random_hash: - size: 42 - hash_type: sha256 ! Legacy Style test.random_hash: module.run: - size: 42 - hash_type: sha256 * Update map.jinja Add support fpr Ubuntu Focal. * Update file.sls added possibility to delete files * Network resolf.conf handling the handling as the Resolv.conf is generated and adapted, adapted. previously the Resolv.conf was created and then through Overwrite "network.system" in the interface.sls again. With two search servers that should actually be included. "search example.com. sudomain.example.com" but it always became that search ['example.com.', 'sudomain.example.com'] The resolv.conf was first created correctly but then overwritten again in the interface.sls. The problem only arises if you don't want to have a "Domain:" in resov.conf Co-authored-by: Felipe Zipitría <fzipi@fing.edu.uy> Co-authored-by: Kyle Gullion <kgullion@gmail.com> Co-authored-by: Matthew Thode <thode@fsi.io> Co-authored-by: Matthew Thode <mthode@mthode.org> Co-authored-by: Felipe Zipitría <fzipi@fing.edu.uy> Co-authored-by: Kyle Gullion <kgullion@gmail.com> Co-authored-by: Matthew Thode <thode@fsi.io> Co-authored-by: Matthew Thode <mthode@mthode.org> * Update mount.sls added the possibility to set the dump and pass option dump The dump value to be passed into the fstab, Default is 0 pass_num The pass value to be passed into the fstab, Default is 0 * Update mount.sls correction, wrong line. added the possibility to set the dump and pass option dump The dump value to be passed into the fstab, Default is 0 pass_num The pass value to be passed into the fstab, Default is 0 * Add Bind Mount Option Add Bind Mount Option * Add support for template defaults/context args * Add IPv6 Interface Support Add IPv6 Interface Support First Version * Fix warning in salt v3003 The 'gid_from_name' argument in the user.present state has been replaced with 'usergroup'. Update your SLS file to get rid of this warning. * Update map.jinja add Jammy Support --------- Signed-off-by: Felipe Zipitria <fzipitria@perceptyx.com> Co-authored-by: Felipe Zipitría <fzipi@fing.edu.uy> Co-authored-by: Kyle Gullion <kgullion@gmail.com> Co-authored-by: Matthew Thode <thode@fsi.io> Co-authored-by: Matthew Thode <mthode@mthode.org> Co-authored-by: Bruno Binet <bruno.binet@gmail.com>
пре 1 година
пре 7 година
пре 8 година
пре 8 година
пре 8 година
пре 8 година
пре 8 година
пре 8 година
пре 8 година
пре 9 година
пре 9 година
пре 9 година
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755175617571758175917601761176217631764176517661767176817691770177117721773177417751776177717781779178017811782178317841785178617871788178917901791179217931794179517961797179817991800180118021803180418051806180718081809181018111812181318141815181618171818181918201821182218231824182518261827182818291830183118321833183418351836183718381839184018411842184318441845184618471848184918501851185218531854185518561857185818591860186118621863186418651866186718681869187018711872187318741875187618771878187918801881188218831884188518861887188818891890189118921893189418951896189718981899190019011902190319041905190619071908190919101911191219131914191519161917191819191920192119221923192419251926192719281929193019311932193319341935193619371938193919401941194219431944194519461947194819491950195119521953195419551956195719581959196019611962196319641965196619671968196919701971197219731974197519761977197819791980198119821983198419851986198719881989199019911992199319941995199619971998199920002001200220032004200520062007200820092010201120122013201420152016201720182019202020212022202320242025202620272028202920302031203220332034203520362037203820392040204120422043204420452046204720482049205020512052205320542055205620572058205920602061206220632064206520662067206820692070207120722073207420752076207720782079208020812082208320842085208620872088208920902091209220932094209520962097209820992100210121022103210421052106210721082109211021112112211321142115211621172118211921202121212221232124212521262127212821292130213121322133213421352136213721382139214021412142214321442145214621472148214921502151215221532154215521562157215821592160216121622163216421652166216721682169217021712172217321742175217621772178217921802181218221832184218521862187218821892190219121922193219421952196219721982199220022012202220322042205220622072208220922102211221222132214221522162217221822192220222122222223222422252226222722282229223022312232223322342235223622372238223922402241224222432244224522462247224822492250225122522253225422552256225722582259226022612262226322642265226622672268226922702271227222732274227522762277227822792280228122822283228422852286228722882289229022912292229322942295229622972298229923002301230223032304230523062307230823092310231123122313231423152316231723182319232023212322232323242325232623272328232923302331233223332334233523362337233823392340234123422343234423452346234723482349235023512352235323542355235623572358235923602361236223632364236523662367236823692370237123722373237423752376237723782379238023812382238323842385238623872388238923902391239223932394239523962397239823992400240124022403240424052406240724082409241024112412241324142415241624172418241924202421242224232424242524262427242824292430243124322433243424352436243724382439244024412442244324442445244624472448244924502451245224532454245524562457245824592460246124622463246424652466246724682469247024712472247324742475247624772478247924802481248224832484248524862487248824892490249124922493249424952496249724982499250025012502250325042505250625072508250925102511251225132514251525162517251825192520252125222523252425252526252725282529253025312532253325342535253625372538253925402541254225432544254525462547254825492550255125522553255425552556255725582559256025612562256325642565256625672568256925702571257225732574257525762577257825792580258125822583258425852586258725882589259025912592259325942595259625972598259926002601260226032604260526062607260826092610261126122613261426152616261726182619262026212622262326242625262626272628262926302631263226332634263526362637263826392640264126422643264426452646264726482649265026512652265326542655265626572658265926602661266226632664266526662667266826692670267126722673267426752676267726782679
  1. ============
  2. Linux Formula
  3. ============
  4. Linux Operating Systems:
  5. * Ubuntu
  6. * CentOS
  7. * RedHat
  8. * Fedora
  9. * Arch
  10. Sample Pillars
  11. ==============
  12. Linux System
  13. ------------
  14. Basic Linux box
  15. .. code-block:: yaml
  16. linux:
  17. system:
  18. enabled: true
  19. name: 'node1'
  20. domain: 'domain.com'
  21. cluster: 'system'
  22. environment: prod
  23. timezone: 'Europe/Prague'
  24. utc: true
  25. Linux with system users, some with password set:
  26. .. warning:: If no ``password`` variable is passed,
  27. any predefined password will be removed.
  28. .. code-block:: yaml
  29. linux:
  30. system:
  31. ...
  32. user:
  33. jdoe:
  34. name: 'jdoe'
  35. enabled: true
  36. sudo: true
  37. shell: /bin/bash
  38. full_name: 'Jonh Doe'
  39. home: '/home/jdoe'
  40. home_dir_mode: 755
  41. email: 'jonh@doe.com'
  42. unique: false
  43. jsmith:
  44. name: 'jsmith'
  45. enabled: true
  46. full_name: 'With clear password'
  47. home: '/home/jsmith'
  48. hash_password: true
  49. password: "userpassword"
  50. mark:
  51. name: 'mark'
  52. enabled: true
  53. full_name: "unchange password'
  54. home: '/home/mark'
  55. password: false
  56. elizabeth:
  57. name: 'elizabeth'
  58. enabled: true
  59. full_name: 'With hashed password'
  60. home: '/home/elizabeth'
  61. password: "$6$nUI7QEz3$dFYjzQqK5cJ6HQ38KqG4gTWA9eJu3aKx6TRVDFh6BVJxJgFWg2akfAA7f1fCxcSUeOJ2arCO6EEI6XXnHXxG10"
  62. Configure password expiration parameters
  63. ----------------------------------------
  64. The following login.defs parameters can be overridden per-user:
  65. * PASS_MAX_DAYS
  66. * PASS_MIN_DAYS
  67. * PASS_WARN_DAYS
  68. * INACTIVE
  69. .. code-block:: yaml
  70. linux:
  71. system:
  72. ...
  73. user:
  74. jdoe:
  75. name: 'jdoe'
  76. enabled: true
  77. ...
  78. maxdays: <PASS_MAX_DAYS>
  79. mindays: <PASS_MIN_DAYS>
  80. warndays: <PASS_WARN_DAYS>
  81. inactdays: <INACTIVE>
  82. Configure sudo for users and groups under ``/etc/sudoers.d/``.
  83. This ways ``linux.system.sudo`` pillar map to actual sudo attributes:
  84. .. code-block:: jinja
  85. # simplified template:
  86. Cmds_Alias {{ alias }}={{ commands }}
  87. {{ user }} {{ hosts }}=({{ runas }}) NOPASSWD: {{ commands }}
  88. %{{ group }} {{ hosts }}=({{ runas }}) NOPASSWD: {{ commands }}
  89. # when rendered:
  90. saltuser1 ALL=(ALL) NOPASSWD: ALL
  91. .. code-block:: yaml
  92. linux:
  93. system:
  94. sudo:
  95. enabled: true
  96. aliases:
  97. host:
  98. LOCAL:
  99. - localhost
  100. PRODUCTION:
  101. - db1
  102. - db2
  103. runas:
  104. DBA:
  105. - postgres
  106. - mysql
  107. SALT:
  108. - root
  109. command:
  110. # Note: This is not 100% safe when ALL keyword is used, user still may modify configs and hide his actions.
  111. # Best practice is to specify full list of commands user is allowed to run.
  112. SUPPORT_RESTRICTED:
  113. - /bin/vi /etc/sudoers*
  114. - /bin/vim /etc/sudoers*
  115. - /bin/nano /etc/sudoers*
  116. - /bin/emacs /etc/sudoers*
  117. - /bin/su - root
  118. - /bin/su -
  119. - /bin/su
  120. - /usr/sbin/visudo
  121. SUPPORT_SHELLS:
  122. - /bin/sh
  123. - /bin/ksh
  124. - /bin/bash
  125. - /bin/rbash
  126. - /bin/dash
  127. - /bin/zsh
  128. - /bin/csh
  129. - /bin/fish
  130. - /bin/tcsh
  131. - /usr/bin/login
  132. - /usr/bin/su
  133. - /usr/su
  134. ALL_SALT_SAFE:
  135. - /usr/bin/salt state*
  136. - /usr/bin/salt service*
  137. - /usr/bin/salt pillar*
  138. - /usr/bin/salt grains*
  139. - /usr/bin/salt saltutil*
  140. - /usr/bin/salt-call state*
  141. - /usr/bin/salt-call service*
  142. - /usr/bin/salt-call pillar*
  143. - /usr/bin/salt-call grains*
  144. - /usr/bin/salt-call saltutil*
  145. SALT_TRUSTED:
  146. - /usr/bin/salt*
  147. users:
  148. # saltuser1 with default values: saltuser1 ALL=(ALL) NOPASSWD: ALL
  149. saltuser1: {}
  150. saltuser2:
  151. hosts:
  152. - LOCAL
  153. # User Alias DBA
  154. DBA:
  155. hosts:
  156. - ALL
  157. commands:
  158. - ALL_SALT_SAFE
  159. groups:
  160. db-ops:
  161. hosts:
  162. - ALL
  163. - '!PRODUCTION'
  164. runas:
  165. - DBA
  166. commands:
  167. - /bin/cat *
  168. - /bin/less *
  169. - /bin/ls *
  170. salt-ops:
  171. hosts:
  172. - 'ALL'
  173. runas:
  174. - SALT
  175. commands:
  176. - SUPPORT_SHELLS
  177. salt-ops-2nd:
  178. name: salt-ops
  179. nopasswd: false
  180. setenv: true # Enable sudo -E option
  181. runas:
  182. - DBA
  183. commands:
  184. - ALL
  185. - '!SUPPORT_SHELLS'
  186. - '!SUPPORT_RESTRICTED'
  187. Linux with package, latest version:
  188. .. code-block:: yaml
  189. linux:
  190. system:
  191. ...
  192. package:
  193. package-name:
  194. version: latest
  195. Linux with package from certail repo, version with no upgrades:
  196. .. code-block:: yaml
  197. linux:
  198. system:
  199. ...
  200. package:
  201. package-name:
  202. version: 2132.323
  203. repo: 'custom-repo'
  204. hold: true
  205. Linux with package from certail repo, version with no GPG
  206. verification:
  207. .. code-block:: yaml
  208. linux:
  209. system:
  210. ...
  211. package:
  212. package-name:
  213. version: 2132.323
  214. repo: 'custom-repo'
  215. verify: false
  216. Linux with autoupdates (automatically install security package
  217. updates):
  218. .. code-block:: yaml
  219. linux:
  220. system:
  221. ...
  222. autoupdates:
  223. enabled: true
  224. mail: root@localhost
  225. mail_only_on_error: true
  226. remove_unused_dependencies: false
  227. automatic_reboot: true
  228. automatic_reboot_time: "02:00"
  229. Managing cron tasks
  230. -------------------
  231. There are two data structures that are related to managing cron itself and
  232. cron tasks:
  233. .. code-block:: yaml
  234. linux:
  235. system:
  236. cron:
  237. and
  238. .. code-block:: yaml
  239. linux:
  240. system:
  241. job:
  242. `linux:system:cron` manages cron packages, services, and '/etc/cron.allow' file.
  243. 'deny' files are managed the only way - we're ensuring they are absent, that's
  244. a requirement from CIS 5.1.8
  245. 'cron' pillar structure is the following:
  246. .. code-block:: yaml
  247. linux:
  248. system:
  249. cron:
  250. enabled: true
  251. pkgs: [ <cron packages> ]
  252. services: [ <cron services> ]
  253. user:
  254. <username>:
  255. enabled: true
  256. To add user to '/etc/cron.allow' use 'enabled' key as shown above.
  257. '/etc/cron.deny' is not managed as CIS 5.1.8 requires it was removed.
  258. A user would be ignored if any of the following is true:
  259. * user is disabled in `linux:system:user:<username>`
  260. * user is disabled in `linux:system:cron:user:<username>`
  261. `linux:system:job` manages individual cron tasks.
  262. By default, it will use name as an identifier, unless identifier key is
  263. explicitly set or False (then it will use Salt's default behavior which is
  264. identifier same as command resulting in not being able to change it):
  265. .. code-block:: yaml
  266. linux:
  267. system:
  268. ...
  269. job:
  270. cmd1:
  271. command: '/cmd/to/run'
  272. identifier: cmd1
  273. enabled: true
  274. user: 'root'
  275. hour: 2
  276. minute: 0
  277. Added the opportunity to set a job with a special keyword like '@reboot' or '@hourly'. Quotes must be used, otherwise PyYAML will strip the '@' sign.
  278. .. code-block:: yaml
  279. linux:
  280. system:
  281. ...
  282. job:
  283. cmd1:
  284. command: '/cmd/to/run'
  285. identifier: cmd1
  286. enabled: true
  287. user: 'root'
  288. special: '@reboot'
  289. Managing 'at' tasks
  290. -------------------
  291. Pillar for managing `at` tasks is similar to one for `cron` tasks:
  292. .. code-block:: yaml
  293. linux:
  294. system:
  295. at:
  296. enabled: true
  297. pkgs: [ <at packages> ]
  298. services: [ <at services> ]
  299. user:
  300. <username>:
  301. enabled: true
  302. To add a user to '/etc/at.allow' use 'enabled' key as shown above.
  303. '/etc/at.deny' is not managed as CIS 5.1.8 requires it was removed.
  304. A user will be ignored if any of the following is true:
  305. * user is disabled in `linux:system:user:<username>`
  306. * user is disabled in `linux:system:at:user:<username>`
  307. Linux security limits (limit sensu user memory usage to max 1GB):
  308. .. code-block:: yaml
  309. linux:
  310. system:
  311. ...
  312. limit:
  313. sensu:
  314. enabled: true
  315. domain: sensu
  316. limits:
  317. - type: hard
  318. item: as
  319. value: 1000000
  320. Enable autologin on ``tty1`` (may work only for Ubuntu 14.04):
  321. .. code-block:: yaml
  322. linux:
  323. system:
  324. console:
  325. tty1:
  326. autologin: root
  327. # Enable serial console
  328. ttyS0:
  329. autologin: root
  330. rate: 115200
  331. term: xterm
  332. To disable set autologin to ``false``.
  333. Set ``policy-rc.d`` on Debian-based systems. Action can be any available
  334. command in ``while true`` loop and ``case`` context.
  335. Following will disallow dpkg to stop/start services for the Cassandra
  336. package automatically:
  337. .. code-block:: yaml
  338. linux:
  339. system:
  340. policyrcd:
  341. - package: cassandra
  342. action: exit 101
  343. - package: '*'
  344. action: switch
  345. Set system locales:
  346. .. code-block:: yaml
  347. linux:
  348. system:
  349. locale:
  350. en_US.UTF-8:
  351. default: true
  352. "cs_CZ.UTF-8 UTF-8":
  353. enabled: true
  354. Systemd settings:
  355. .. code-block:: yaml
  356. linux:
  357. system:
  358. ...
  359. systemd:
  360. system:
  361. Manager:
  362. DefaultLimitNOFILE: 307200
  363. DefaultLimitNPROC: 307200
  364. user:
  365. Manager:
  366. DefaultLimitCPU: 2
  367. DefaultLimitNPROC: 4
  368. Systemd journal settings:
  369. .. code-block:: yaml
  370. linux:
  371. system:
  372. ...
  373. systemd:
  374. journal:
  375. SystemMaxUse: "50M"
  376. RuntimeMaxFiles: "100"
  377. Ensure presence of directory:
  378. .. code-block:: yaml
  379. linux:
  380. system:
  381. directory:
  382. /tmp/test:
  383. user: root
  384. group: root
  385. mode: 700
  386. makedirs: true
  387. Ensure presence of file by specifying its source:
  388. .. code-block:: yaml
  389. linux:
  390. system:
  391. file:
  392. /tmp/test.txt:
  393. source: http://example.com/test.txt
  394. user: root #optional
  395. group: root #optional
  396. mode: 700 #optional
  397. dir_mode: 700 #optional
  398. encoding: utf-8 #optional
  399. hash: <<hash>> or <<URI to hash>> #optional
  400. makedirs: true #optional
  401. linux:
  402. system:
  403. file:
  404. test.txt:
  405. name: /tmp/test.txt
  406. source: http://example.com/test.txt
  407. linux:
  408. system:
  409. file:
  410. test2:
  411. name: /tmp/test2.txt
  412. source: http://example.com/test2.jinja
  413. template: jinja
  414. Ensure presence of file by specifying its contents:
  415. .. code-block:: yaml
  416. linux:
  417. system:
  418. file:
  419. /tmp/test.txt:
  420. contents: |
  421. line1
  422. line2
  423. linux:
  424. system:
  425. file:
  426. /tmp/test.txt:
  427. contents_pillar: linux:network:hostname
  428. linux:
  429. system:
  430. file:
  431. /tmp/test.txt:
  432. contents_grains: motd
  433. Ensure presence of file to be serialized through one of the
  434. serializer modules (see:
  435. https://docs.saltstack.com/en/latest/ref/serializers/all/index.html):
  436. .. code-block:: yaml
  437. linux:
  438. system:
  439. file:
  440. /tmp/test.json:
  441. serialize: json
  442. contents:
  443. foo: 1
  444. bar: 'bar'
  445. Kernel
  446. ~~~~~~
  447. Install always up to date LTS kernel and headers from Ubuntu Trusty:
  448. .. code-block:: yaml
  449. linux:
  450. system:
  451. kernel:
  452. type: generic
  453. lts: trusty
  454. headers: true
  455. Load kernel modules and add them to ``/etc/modules``:
  456. .. code-block:: yaml
  457. linux:
  458. system:
  459. kernel:
  460. modules:
  461. - nf_conntrack
  462. - tp_smapi
  463. - 8021q
  464. Configure or blacklist kernel modules with additional options to
  465. ``/etc/modprobe.d`` following example will add
  466. ``/etc/modprobe.d/nf_conntrack.conf`` file with line
  467. ``options nf_conntrack hashsize=262144``:
  468. 'option' can be a mapping (with 'enabled' and 'value' keys) or a scalar.
  469. Example for 'scalar' option value:
  470. .. code-block:: yaml
  471. linux:
  472. system:
  473. kernel:
  474. module:
  475. nf_conntrack:
  476. option:
  477. hashsize: 262144
  478. Example for 'mapping' option value:
  479. .. code-block:: yaml
  480. linux:
  481. system:
  482. kernel:
  483. module:
  484. nf_conntrack:
  485. option:
  486. hashsize:
  487. enabled: true
  488. value: 262144
  489. NOTE: 'enabled' key is optional and is True by default.
  490. Blacklist a module:
  491. .. code-block:: yaml
  492. linux:
  493. system:
  494. kernel:
  495. module:
  496. nf_conntrack:
  497. blacklist: true
  498. A module can have a number of aliases, wildcards are allowed.
  499. Define an alias for a module:
  500. .. code-block:: yaml
  501. linux:
  502. system:
  503. kernel:
  504. module:
  505. nf_conntrack:
  506. alias:
  507. nfct:
  508. enabled: true
  509. "nf_conn*":
  510. enabled: true
  511. NOTE: 'enabled' key is mandatory as there are no other keys exist.
  512. Execute custom command instead of 'insmod' when inserting a module:
  513. .. code-block:: yaml
  514. linux:
  515. system:
  516. kernel:
  517. module:
  518. nf_conntrack:
  519. install:
  520. enabled: true
  521. command: /bin/true
  522. NOTE: 'enabled' key is optional and is True by default.
  523. Execute custom command instead of 'rmmod' when removing a module:
  524. .. code-block:: yaml
  525. linux:
  526. system:
  527. kernel:
  528. module:
  529. nf_conntrack:
  530. remove:
  531. enabled: true
  532. command: /bin/true
  533. NOTE: 'enabled' key is optional and is True by default.
  534. Define module dependencies:
  535. .. code-block:: yaml
  536. linux:
  537. system:
  538. kernel:
  539. module:
  540. nf_conntrack:
  541. softdep:
  542. pre:
  543. 1:
  544. enabled: true
  545. value: a
  546. 2:
  547. enabled: true
  548. value: b
  549. 3:
  550. enabled: true
  551. value: c
  552. post:
  553. 1:
  554. enabled: true
  555. value: x
  556. 2:
  557. enabled: true
  558. value: y
  559. 3:
  560. enabled: true
  561. value: z
  562. NOTE: 'enabled' key is optional and is True by default.
  563. Install specific kernel version and ensure all other kernel packages are
  564. not present. Also install extra modules and headers for this kernel:
  565. .. code-block:: yaml
  566. linux:
  567. system:
  568. kernel:
  569. type: generic
  570. extra: true
  571. headers: true
  572. version: 4.2.0-22
  573. Systcl kernel parameters:
  574. .. code-block:: yaml
  575. linux:
  576. system:
  577. kernel:
  578. sysctl:
  579. net.ipv4.tcp_keepalive_intvl: 3
  580. net.ipv4.tcp_keepalive_time: 30
  581. net.ipv4.tcp_keepalive_probes: 8
  582. Configure kernel boot options:
  583. .. code-block:: yaml
  584. linux:
  585. system:
  586. kernel:
  587. boot_options:
  588. - elevator=deadline
  589. - spectre_v2=off
  590. - nopti
  591. Alternative way to set kernel boot options:
  592. .. code-block:: yaml
  593. linux:
  594. system:
  595. kernel:
  596. transparent_hugepage: always
  597. elevator: deadline
  598. isolcpu: 1,2,3,4
  599. CPU
  600. ~~~
  601. Enable cpufreq governor for every cpu:
  602. .. code-block:: yaml
  603. linux:
  604. system:
  605. cpu:
  606. governor: performance
  607. SELinux
  608. ~~~~~~~
  609. Set SELinux mode on System:
  610. .. code-block:: yaml
  611. linux:
  612. system:
  613. selinux: permissive
  614. CGROUPS
  615. ~~~~~~~
  616. Setup linux cgroups:
  617. .. code-block:: yaml
  618. linux:
  619. system:
  620. cgroup:
  621. enabled: true
  622. group:
  623. ceph_group_1:
  624. controller:
  625. cpu:
  626. shares:
  627. value: 250
  628. cpuacct:
  629. usage:
  630. value: 0
  631. cpuset:
  632. cpus:
  633. value: 1,2,3
  634. memory:
  635. limit_in_bytes:
  636. value: 2G
  637. memsw.limit_in_bytes:
  638. value: 3G
  639. mapping:
  640. subjects:
  641. - '@ceph'
  642. generic_group_1:
  643. controller:
  644. cpu:
  645. shares:
  646. value: 250
  647. cpuacct:
  648. usage:
  649. value: 0
  650. mapping:
  651. subjects:
  652. - '*:firefox'
  653. - 'student:cp'
  654. Shared libraries
  655. ~~~~~~~~~~~~~~~~
  656. Set additional shared library to Linux system library path:
  657. .. code-block:: yaml
  658. linux:
  659. system:
  660. ld:
  661. library:
  662. java:
  663. - /usr/lib/jvm/jre-openjdk/lib/amd64/server
  664. - /opt/java/jre/lib/amd64/server
  665. Certificates
  666. ~~~~~~~~~~~~
  667. Add certificate authority into system trusted CA bundle:
  668. .. code-block:: yaml
  669. linux:
  670. system:
  671. ca_certificates:
  672. mycert: |
  673. -----BEGIN CERTIFICATE-----
  674. MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG
  675. A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
  676. cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2
  677. MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV
  678. BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt
  679. YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
  680. ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE
  681. BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is
  682. I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G
  683. CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do
  684. lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc
  685. AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k
  686. -----END CERTIFICATE-----
  687. Sysfs
  688. ~~~~~
  689. Install sysfsutils and set sysfs attributes:
  690. .. code-block:: yaml
  691. linux:
  692. system:
  693. sysfs:
  694. scheduler:
  695. block/sda/queue/scheduler: deadline
  696. power:
  697. mode:
  698. power/state: 0660
  699. owner:
  700. power/state: "root:power"
  701. devices/system/cpu/cpu0/cpufreq/scaling_governor: powersave
  702. Optional: You can also use list that will ensure order of items.
  703. .. code-block:: yaml
  704. linux:
  705. system:
  706. sysfs:
  707. scheduler:
  708. block/sda/queue/scheduler: deadline
  709. power:
  710. - mode:
  711. power/state: 0660
  712. - owner:
  713. power/state: "root:power"
  714. - devices/system/cpu/cpu0/cpufreq/scaling_governor: powersave
  715. Sysfs definition with disabled automatic write. Attributes are saved
  716. to configuration, but are not applied during the run.
  717. They will be applied automatically after the reboot.
  718. .. code-block:: yaml
  719. linux:
  720. system:
  721. sysfs:
  722. enable_apply: false
  723. scheduler:
  724. block/sda/queue/scheduler: deadline
  725. .. note:: The `enable_apply` parameter defaults to `True` if not defined.
  726. Huge Pages
  727. ~~~~~~~~~~~~
  728. Huge Pages give a performance boost to applications that intensively deal
  729. with memory allocation/deallocation by decreasing memory fragmentation:
  730. .. code-block:: yaml
  731. linux:
  732. system:
  733. kernel:
  734. hugepages:
  735. small:
  736. size: 2M
  737. count: 107520
  738. mount_point: /mnt/hugepages_2MB
  739. mount: false/true # default is true (mount immediately) / false (just save in the fstab)
  740. large:
  741. default: true # default automatically mounted
  742. size: 1G
  743. count: 210
  744. mount_point: /mnt/hugepages_1GB
  745. .. note:: Not recommended to use both pagesizes concurrently.
  746. Intel SR-IOV
  747. ~~~~~~~~~~~~
  748. PCI-SIG Single Root I/O Virtualization and Sharing (SR-IOV)
  749. specification defines a standardized mechanism to virtualize
  750. PCIe devices. The mechanism can virtualize a single PCIe
  751. Ethernet controller to appear as multiple PCIe devices:
  752. .. code-block:: yaml
  753. linux:
  754. system:
  755. kernel:
  756. sriov: True
  757. unsafe_interrupts: False # Default is false. for older platforms and AMD we need to add interrupt remapping workaround
  758. rc:
  759. local: |
  760. #!/bin/sh -e
  761. # Enable 7 VF on eth1
  762. echo 7 > /sys/class/net/eth1/device/sriov_numvfs; sleep 2; ifup -a
  763. exit 0
  764. Isolate CPU options
  765. ~~~~~~~~~~~~~~~~~~~
  766. Remove the specified CPUs, as defined by the cpu_number values, from
  767. the general kernel SMP balancing and scheduler algroithms. The only
  768. way to move a process onto or off an *isolated* CPU is via the CPU
  769. affinity syscalls. ``cpu_number begins`` at ``0``, so the
  770. maximum value is ``1`` less than the number of CPUs on the system.:
  771. .. code-block:: yaml
  772. linux:
  773. system:
  774. kernel:
  775. isolcpu: 1,2,3,4,5,6,7 # isolate first cpu 0
  776. Repositories
  777. ~~~~~~~~~~~~
  778. RedHat-based Linux with additional OpenStack repo:
  779. .. code-block:: yaml
  780. linux:
  781. system:
  782. ...
  783. repo:
  784. rdo-icehouse:
  785. enabled: true
  786. source: 'http://repos.fedorapeople.org/repos/openstack/openstack-icehouse/epel-6/'
  787. gpgcheck: 0
  788. Ensure system repository to use czech Debian mirror (``default: true``)
  789. Also pin it's packages with priority ``900``:
  790. .. code-block:: yaml
  791. linux:
  792. system:
  793. repo:
  794. debian:
  795. default: true
  796. source: "deb http://ftp.cz.debian.org/debian/ jessie main contrib non-free"
  797. # Import signing key from URL if needed
  798. key_url: "http://dummy.com/public.gpg"
  799. pin:
  800. - pin: 'origin "ftp.cz.debian.org"'
  801. priority: 900
  802. package: '*'
  803. If you need to add multiple pin rules for one repo, please use new,ordered definition format
  804. ('pinning' definition will be in priotity to use):
  805. .. code-block:: yaml
  806. linux:
  807. system:
  808. repo:
  809. mcp_saltstack:
  810. source: "deb [arch=amd64] http://repo.saltstack.com/apt/ubuntu/16.04/amd64/2017.7/ xenial main"
  811. architectures: amd64
  812. clean_file: true
  813. pinning:
  814. 10:
  815. enabled: true
  816. pin: 'release o=SaltStack'
  817. priority: 50
  818. package: 'libsodium18'
  819. 20:
  820. enabled: true
  821. pin: 'release o=SaltStack'
  822. priority: 1100
  823. package: '*'
  824. .. note:: For old Ubuntu releases (<xenial)
  825. extra packages for apt transport, like ``apt-transport-https``
  826. may be required to be installed manually.
  827. (Chicken-eggs issue: we need to install packages to
  828. reach repo from where they should be installed)
  829. Otherwise, you still can try 'fortune' and install prereq.packages before
  830. any repo configuration, using list of requires in map.jinja.
  831. Disabling any prerequisite packages installation:
  832. You can simply drop any package pre-installation (before system.linux.repo
  833. will be processed) via cluster lvl:
  834. .. code-block:: yaml
  835. linux:
  836. system:
  837. pkgs: ~
  838. Package manager proxy global setup:
  839. .. code-block:: yaml
  840. linux:
  841. system:
  842. ...
  843. repo:
  844. apt-mk:
  845. source: "deb http://apt-mk.mirantis.com/ stable main salt"
  846. ...
  847. proxy:
  848. pkg:
  849. enabled: true
  850. ftp: ftp://ftp-proxy-for-apt.host.local:2121
  851. ...
  852. # NOTE: Global defaults for any other componet that configure proxy on the system.
  853. # If your environment has just one simple proxy, set it on linux:system:proxy.
  854. #
  855. # fall back system defaults if linux:system:proxy:pkg has no protocol specific entries
  856. # as for https and http
  857. ftp: ftp://proxy.host.local:2121
  858. http: http://proxy.host.local:3142
  859. https: https://proxy.host.local:3143
  860. Package manager proxy setup per repository:
  861. .. code-block:: yaml
  862. linux:
  863. system:
  864. ...
  865. repo:
  866. debian:
  867. source: "deb http://apt-mk.mirantis.com/ stable main salt"
  868. ...
  869. apt-mk:
  870. source: "deb http://apt-mk.mirantis.com/ stable main salt"
  871. # per repository proxy
  872. proxy:
  873. enabled: true
  874. http: http://maas-01:8080
  875. https: http://maas-01:8080
  876. ...
  877. proxy:
  878. # package manager fallback defaults
  879. # used if linux:system:repo:apt-mk:proxy has no protocol specific entries
  880. pkg:
  881. enabled: true
  882. ftp: ftp://proxy.host.local:2121
  883. #http: http://proxy.host.local:3142
  884. #https: https://proxy.host.local:3143
  885. ...
  886. # global system fallback system defaults
  887. ftp: ftp://proxy.host.local:2121
  888. http: http://proxy.host.local:3142
  889. https: https://proxy.host.local:3143
  890. Remove all repositories:
  891. .. code-block:: yaml
  892. linux:
  893. system:
  894. purge_repos: true
  895. Refresh repositories metada, after configuration:
  896. .. code-block:: yaml
  897. linux:
  898. system:
  899. refresh_repos_meta: true
  900. Setup custom apt config options:
  901. .. code-block:: yaml
  902. linux:
  903. system:
  904. apt:
  905. config:
  906. compression-workaround:
  907. "Acquire::CompressionTypes::Order": "gz"
  908. docker-clean:
  909. "DPkg::Post-Invoke":
  910. - "rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true"
  911. "APT::Update::Post-Invoke":
  912. - "rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true"
  913. RC
  914. ~~
  915. rc.local example
  916. .. code-block:: yaml
  917. linux:
  918. system:
  919. rc:
  920. local: |
  921. #!/bin/sh -e
  922. #
  923. # rc.local
  924. #
  925. # This script is executed at the end of each multiuser runlevel.
  926. # Make sure that the script will "exit 0" on success or any other
  927. # value on error.
  928. #
  929. # In order to enable or disable this script just change the execution
  930. # bits.
  931. #
  932. # By default this script does nothing.
  933. exit 0
  934. Prompt
  935. ~~~~~~
  936. Setting prompt is implemented by creating ``/etc/profile.d/prompt.sh``.
  937. Every user can have different prompt:
  938. .. code-block:: yaml
  939. linux:
  940. system:
  941. prompt:
  942. root: \\n\\[\\033[0;37m\\]\\D{%y/%m/%d %H:%M:%S} $(hostname -f)\\[\\e[0m\\]\\n\\[\\e[1;31m\\][\\u@\\h:\\w]\\[\\e[0m\\]
  943. default: \\n\\D{%y/%m/%d %H:%M:%S} $(hostname -f)\\n[\\u@\\h:\\w]
  944. On Debian systems, to set prompt system-wide, it's necessary to
  945. remove setting PS1 in ``/etc/bash.bashrc`` and ``~/.bashrc``,
  946. which comes from ``/etc/skel/.bashrc``. This formula will do
  947. this automatically, but will not touch existing user's
  948. ``~/.bashrc`` files except root.
  949. Bash
  950. ~~~~
  951. Fix bash configuration to preserve history across sessions
  952. like ZSH does by default:
  953. .. code-block:: yaml
  954. linux:
  955. system:
  956. bash:
  957. preserve_history: true
  958. Login banner message
  959. ~~~~~~~~~~~~~~~~~~~~
  960. ``/etc/issue`` is a text file which contains a message or system
  961. identification to be printed before the login prompt. It may contain
  962. various @char and \char sequences, if supported by the getty-type
  963. program employed on the system.
  964. Setting logon banner message is easy:
  965. .. code-block:: yaml
  966. liunx:
  967. system:
  968. banner:
  969. enabled: true
  970. contents: |
  971. UNAUTHORIZED ACCESS TO THIS SYSTEM IS PROHIBITED
  972. You must have explicit, authorized permission to access or configure this
  973. device. Unauthorized attempts and actions to access or use this system may
  974. result in civil and/or criminal penalties.
  975. All activities performed on this system are logged and monitored.
  976. Message of the day
  977. ~~~~~~~~~~~~~~~~~~
  978. ``pam_motd`` from package ``libpam-modules`` is used for dynamic
  979. messages of the day. Setting custom ``motd`` will clean up existing ones.
  980. Setting static ``motd`` will replace existing ``/etc/motd`` and remove
  981. scripts from ``/etc/update-motd.d``.
  982. Setting static ``motd``:
  983. .. code-block:: yaml
  984. linux:
  985. system:
  986. motd: |
  987. UNAUTHORIZED ACCESS TO THIS SYSTEM IS PROHIBITED
  988. You must have explicit, authorized permission to access or configure this
  989. device. Unauthorized attempts and actions to access or use this system may
  990. result in civil and/or criminal penalties.
  991. All activities performed on this system are logged and monitored.
  992. Setting dynamic ``motd``:
  993. .. code-block:: yaml
  994. linux:
  995. system:
  996. motd:
  997. - release: |
  998. #!/bin/sh
  999. [ -r /etc/lsb-release ] && . /etc/lsb-release
  1000. if [ -z "$DISTRIB_DESCRIPTION" ] && [ -x /usr/bin/lsb_release ]; then
  1001. # Fall back to using the very slow lsb_release utility
  1002. DISTRIB_DESCRIPTION=$(lsb_release -s -d)
  1003. fi
  1004. printf "Welcome to %s (%s %s %s)\n" "$DISTRIB_DESCRIPTION" "$(uname -o)" "$(uname -r)" "$(uname -m)"
  1005. - warning: |
  1006. #!/bin/sh
  1007. printf "This is [company name] network.\n"
  1008. printf "Unauthorized access strictly prohibited.\n"
  1009. Services
  1010. ~~~~~~~~
  1011. Stop and disable the ``linux`` service:
  1012. .. code-block:: yaml
  1013. linux:
  1014. system:
  1015. service:
  1016. apt-daily.timer:
  1017. status: dead
  1018. Possible statuses are ``dead`` (disable service by default), ``running``
  1019. (enable service by default), ``enabled``, ``disabled``:
  1020. Linux with the ``atop`` service:
  1021. .. code-block:: yaml
  1022. linux:
  1023. system:
  1024. atop:
  1025. enabled: true
  1026. interval: 20
  1027. logpath: "/var/log/atop"
  1028. outfile: "/var/log/atop/daily.log"
  1029. Linux with the ``mcelog`` service:
  1030. .. code-block:: yaml
  1031. linux:
  1032. system:
  1033. mcelog:
  1034. enabled: true
  1035. logging:
  1036. syslog: true
  1037. syslog_error: true
  1038. RHEL / CentOS
  1039. ^^^^^^^^^^^^^
  1040. Currently, ``update-motd`` is not available
  1041. for RHEL. So there is no native support for dynamic ``motd``.
  1042. You can still set a static one, with a different pillar structure:
  1043. .. code-block:: yaml
  1044. linux:
  1045. system:
  1046. motd: |
  1047. This is [company name] network.
  1048. Unauthorized access strictly prohibited.
  1049. Haveged
  1050. ~~~~~~~
  1051. If you are running headless server and are low on entropy,
  1052. you may set up Haveged:
  1053. .. code-block:: yaml
  1054. linux:
  1055. system:
  1056. haveged:
  1057. enabled: true
  1058. Linux network
  1059. -------------
  1060. Linux with network manager:
  1061. .. code-block:: yaml
  1062. linux:
  1063. network:
  1064. enabled: true
  1065. network_manager: true
  1066. Execute linux.network.interface state without ifupdown activity:
  1067. .. code-block:: bash
  1068. salt-call linux.network.interface pillar='{"linux":{"network":{"noifupdown":True}}}'
  1069. Linux with default static network interfaces, default gateway
  1070. interface and DNS servers:
  1071. .. code-block:: yaml
  1072. linux:
  1073. network:
  1074. enabled: true
  1075. interface:
  1076. eth0:
  1077. enabled: true
  1078. type: eth
  1079. address: 192.168.0.102
  1080. netmask: 255.255.255.0
  1081. gateway: 192.168.0.1
  1082. name_servers:
  1083. - 8.8.8.8
  1084. - 8.8.4.4
  1085. mtu: 1500
  1086. Linux with IPv4 and IPv6 static network interfaces, default gateway
  1087. .. code-block:: yaml
  1088. linux:
  1089. network:
  1090. enabled: true
  1091. interface:
  1092. eth0:
  1093. enabled: true
  1094. type: eth
  1095. address: 192.168.0.102
  1096. netmask: 255.255.255.0
  1097. gateway: 192.168.0.1
  1098. enable_ipv6: true
  1099. ipv6proto: static
  1100. ipv6ipaddr: 1234:abcd::ffff:192.168.0.102
  1101. ipv6gateway: 1234:abcd::ffff:192.168.0.1
  1102. ipv6netmask: 64
  1103. Linux with bonded interfaces and disabled ``NetworkManager``:
  1104. .. code-block:: yaml
  1105. linux:
  1106. network:
  1107. enabled: true
  1108. interface:
  1109. eth0:
  1110. type: eth
  1111. ...
  1112. eth1:
  1113. type: eth
  1114. ...
  1115. bond0:
  1116. enabled: true
  1117. type: bond
  1118. address: 192.168.0.102
  1119. netmask: 255.255.255.0
  1120. mtu: 1500
  1121. use_in:
  1122. - interface: ${linux:interface:eth0}
  1123. - interface: ${linux:interface:eth0}
  1124. network_manager:
  1125. disable: true
  1126. Linux with VLAN ``interface_params``:
  1127. .. code-block:: yaml
  1128. linux:
  1129. network:
  1130. enabled: true
  1131. interface:
  1132. vlan69:
  1133. type: vlan
  1134. use_interfaces:
  1135. - interface: ${linux:interface:bond0}
  1136. Linux with wireless interface parameters:
  1137. .. code-block:: yaml
  1138. linux:
  1139. network:
  1140. enabled: true
  1141. gateway: 10.0.0.1
  1142. default_interface: eth0
  1143. interface:
  1144. wlan0:
  1145. type: eth
  1146. wireless:
  1147. essid: example
  1148. key: example_key
  1149. security: wpa
  1150. priority: 1
  1151. Linux networks with routes defined:
  1152. .. code-block:: yaml
  1153. linux:
  1154. network:
  1155. enabled: true
  1156. gateway: 10.0.0.1
  1157. default_interface: eth0
  1158. interface:
  1159. eth0:
  1160. type: eth
  1161. route:
  1162. default:
  1163. address: 192.168.0.123
  1164. netmask: 255.255.255.0
  1165. gateway: 192.168.0.1
  1166. Native Linux Bridges:
  1167. .. code-block:: yaml
  1168. linux:
  1169. network:
  1170. interface:
  1171. eth1:
  1172. enabled: true
  1173. type: eth
  1174. proto: manual
  1175. up_cmds:
  1176. - ip address add 0/0 dev $IFACE
  1177. - ip link set $IFACE up
  1178. down_cmds:
  1179. - ip link set $IFACE down
  1180. br-ex:
  1181. enabled: true
  1182. type: bridge
  1183. address: ${linux:network:host:public_local:address}
  1184. netmask: 255.255.255.0
  1185. use_interfaces:
  1186. - eth1
  1187. Open vSwitch Bridges:
  1188. .. code-block:: yaml
  1189. linux:
  1190. network:
  1191. bridge: openvswitch
  1192. interface:
  1193. eth1:
  1194. enabled: true
  1195. type: eth
  1196. proto: manual
  1197. up_cmds:
  1198. - ip address add 0/0 dev $IFACE
  1199. - ip link set $IFACE up
  1200. down_cmds:
  1201. - ip link set $IFACE down
  1202. br-ex:
  1203. enabled: true
  1204. type: bridge
  1205. address: ${linux:network:host:public_local:address}
  1206. netmask: 255.255.255.0
  1207. use_interfaces:
  1208. - eth1
  1209. br-prv:
  1210. enabled: true
  1211. type: ovs_bridge
  1212. mtu: 65000
  1213. br-ens7:
  1214. enabled: true
  1215. name: br-ens7
  1216. type: ovs_bridge
  1217. ovs_ports: ens7
  1218. proto: manual
  1219. mtu: 9000
  1220. use_interfaces:
  1221. - ens7
  1222. patch-br-ens7-br-prv:
  1223. enabled: true
  1224. name: ens7-prv
  1225. ovs_type: ovs_port
  1226. type: ovs_port
  1227. bridge: br-ens7
  1228. port_type: patch
  1229. peer: prv-ens7
  1230. tag: 109 # [] to unset a tag
  1231. mtu: 65000
  1232. patch-br-prv-br-ens7:
  1233. enabled: true
  1234. name: prv-ens7
  1235. bridge: br-prv
  1236. ovs_type: ovs_port
  1237. type: ovs_port
  1238. port_type: patch
  1239. peer: ens7-prv
  1240. tag: 109
  1241. mtu: 65000
  1242. ens7:
  1243. enabled: true
  1244. name: ens7
  1245. proto: manual
  1246. ovs_port_type: OVSPort
  1247. type: ovs_port
  1248. ovs_bridge: br-ens7
  1249. bridge: br-ens7
  1250. Debian manual proto interfaces
  1251. When you are changing interface proto from static in up state
  1252. to manual, you may need to flush ip addresses. For example,
  1253. if you want to use the interface and the ip on the bridge.
  1254. This can be done by setting the ``ipflush_onchange`` to true.
  1255. .. code-block:: yaml
  1256. linux:
  1257. network:
  1258. interface:
  1259. eth1:
  1260. enabled: true
  1261. type: eth
  1262. proto: manual
  1263. mtu: 9100
  1264. ipflush_onchange: true
  1265. Debian static proto interfaces
  1266. When you are changing interface proto from dhcp in up state to
  1267. static, you may need to flush ip addresses and restart interface
  1268. to assign ip address from a managed file. For example, if you wantto
  1269. use the interface and the ip on the bridge. This can be done by
  1270. setting the ``ipflush_onchange`` with combination ``restart_on_ipflush``
  1271. param set to true.
  1272. .. code-block:: yaml
  1273. linux:
  1274. network:
  1275. interface:
  1276. eth1:
  1277. enabled: true
  1278. type: eth
  1279. proto: static
  1280. address: 10.1.0.22
  1281. netmask: 255.255.255.0
  1282. ipflush_onchange: true
  1283. restart_on_ipflush: true
  1284. Concatinating and removing interface files
  1285. Debian based distributions have ``/etc/network/interfaces.d/``
  1286. directory, where you can store configuration of network
  1287. interfaces in separate files. You can concatinate the files
  1288. to the defined destination when needed, this operation removes
  1289. the file from the ``/etc/network/interfaces.d/``. If you just need
  1290. to remove iface files, you can use the ``remove_iface_files`` key.
  1291. .. code-block:: yaml
  1292. linux:
  1293. network:
  1294. concat_iface_files:
  1295. - src: '/etc/network/interfaces.d/50-cloud-init.cfg'
  1296. dst: '/etc/network/interfaces'
  1297. remove_iface_files:
  1298. - '/etc/network/interfaces.d/90-custom.cfg'
  1299. Configure DHCP client
  1300. None of the keys is mandatory, include only those you really need.
  1301. For full list of available options under send, supersede, prepend,
  1302. append refer to dhcp-options(5).
  1303. .. code-block:: yaml
  1304. linux:
  1305. network:
  1306. dhclient:
  1307. enabled: true
  1308. backoff_cutoff: 15
  1309. initial_interval: 10
  1310. reboot: 10
  1311. retry: 60
  1312. select_timeout: 0
  1313. timeout: 120
  1314. send:
  1315. - option: host-name
  1316. declaration: "= gethostname()"
  1317. supersede:
  1318. - option: host-name
  1319. declaration: "spaceship"
  1320. - option: domain-name
  1321. declaration: "domain.home"
  1322. #- option: arp-cache-timeout
  1323. # declaration: 20
  1324. prepend:
  1325. - option: domain-name-servers
  1326. declaration:
  1327. - 8.8.8.8
  1328. - 8.8.4.4
  1329. - option: domain-search
  1330. declaration:
  1331. - example.com
  1332. - eng.example.com
  1333. #append:
  1334. #- option: domain-name-servers
  1335. # declaration: 127.0.0.1
  1336. # ip or subnet to reject dhcp offer from
  1337. reject:
  1338. - 192.33.137.209
  1339. - 10.0.2.0/24
  1340. request:
  1341. - subnet-mask
  1342. - broadcast-address
  1343. - time-offset
  1344. - routers
  1345. - domain-name
  1346. - domain-name-servers
  1347. - domain-search
  1348. - host-name
  1349. - dhcp6.name-servers
  1350. - dhcp6.domain-search
  1351. - dhcp6.fqdn
  1352. - dhcp6.sntp-servers
  1353. - netbios-name-servers
  1354. - netbios-scope
  1355. - interface-mtu
  1356. - rfc3442-classless-static-routes
  1357. - ntp-servers
  1358. require:
  1359. - subnet-mask
  1360. - domain-name-servers
  1361. # if per interface configuration required add below
  1362. interface:
  1363. ens2:
  1364. initial_interval: 11
  1365. reject:
  1366. - 192.33.137.210
  1367. ens3:
  1368. initial_interval: 12
  1369. reject:
  1370. - 192.33.137.211
  1371. Linux network systemd settings:
  1372. .. code-block:: yaml
  1373. linux:
  1374. network:
  1375. ...
  1376. systemd:
  1377. link:
  1378. 10-iface-dmz:
  1379. Match:
  1380. MACAddress: c8:5b:67:fa:1a:af
  1381. OriginalName: eth0
  1382. Link:
  1383. Name: dmz0
  1384. netdev:
  1385. 20-bridge-dmz:
  1386. match:
  1387. name: dmz0
  1388. network:
  1389. mescription: bridge
  1390. bridge: br-dmz0
  1391. network:
  1392. # works with lowercase, keys are by default capitalized
  1393. 40-dhcp:
  1394. match:
  1395. name: '*'
  1396. network:
  1397. DHCP: yes
  1398. Configure global environment variables
  1399. Use ``/etc/environment`` for static system wide variable assignment
  1400. after boot. Variable expansion is frequently not supported.
  1401. .. code-block:: yaml
  1402. linux:
  1403. system:
  1404. env:
  1405. BOB_VARIABLE: Alice
  1406. ...
  1407. BOB_PATH:
  1408. - /srv/alice/bin
  1409. - /srv/bob/bin
  1410. ...
  1411. ftp_proxy: none
  1412. http_proxy: http://global-http-proxy.host.local:8080
  1413. https_proxy: ${linux:system:proxy:https}
  1414. no_proxy:
  1415. - 192.168.0.80
  1416. - 192.168.1.80
  1417. - .domain.com
  1418. - .local
  1419. ...
  1420. # NOTE: global defaults proxy configuration.
  1421. proxy:
  1422. ftp: ftp://proxy.host.local:2121
  1423. http: http://proxy.host.local:3142
  1424. https: https://proxy.host.local:3143
  1425. noproxy:
  1426. - .domain.com
  1427. - .local
  1428. Configure the ``profile.d`` scripts
  1429. The ``profile.d`` scripts are being sourced during ``.sh`` execution
  1430. and support variable expansion in opposite to /etc/environment global
  1431. settings in ``/etc/environment``.
  1432. .. code-block:: yaml
  1433. linux:
  1434. system:
  1435. profile:
  1436. locales: |
  1437. export LANG=C
  1438. export LC_ALL=C
  1439. ...
  1440. vi_flavors.sh: |
  1441. export PAGER=view
  1442. export EDITOR=vim
  1443. alias vi=vim
  1444. shell_locales.sh: |
  1445. export LANG=en_US
  1446. export LC_ALL=en_US.UTF-8
  1447. shell_proxies.sh: |
  1448. export FTP_PROXY=ftp://127.0.3.3:2121
  1449. export NO_PROXY='.local'
  1450. Configure login.defs parameters
  1451. -------------------------------
  1452. .. code-block:: yaml
  1453. linux:
  1454. system:
  1455. login_defs:
  1456. <opt_name>:
  1457. enabled: true
  1458. value: <opt_value>
  1459. <opt_name> is a configurational option defined in 'man login.defs'.
  1460. <opt_name> is case sensitive, should be UPPERCASE only!
  1461. Linux with hosts
  1462. Parameter ``purge_hosts`` will enforce whole ``/etc/hosts file``,
  1463. removing entries that are not defined in model except defaults
  1464. for both IPv4 and IPv6 localhost and hostname as well as FQDN.
  1465. We recommend using this option to verify that ``/etc/hosts``
  1466. is always in a clean state. However it is not enabled by default
  1467. for security reasons.
  1468. .. code-block:: yaml
  1469. linux:
  1470. network:
  1471. purge_hosts: true
  1472. host:
  1473. # No need to define this one if purge_hosts is true
  1474. hostname:
  1475. address: 127.0.1.1
  1476. names:
  1477. - ${linux:network:fqdn}
  1478. - ${linux:network:hostname}
  1479. node1:
  1480. address: 192.168.10.200
  1481. names:
  1482. - node2.domain.com
  1483. - service2.domain.com
  1484. node2:
  1485. address: 192.168.10.201
  1486. names:
  1487. - node2.domain.com
  1488. - service2.domain.com
  1489. Linux with hosts collected from mine
  1490. All DNS records defined within infrastrucuture
  1491. are passed to the local hosts records or any DNS server. Only
  1492. hosts with the ``grain`` parameter set to ``true`` will be propagated
  1493. to the mine.
  1494. .. code-block:: yaml
  1495. linux:
  1496. network:
  1497. purge_hosts: true
  1498. mine_dns_records: true
  1499. host:
  1500. node1:
  1501. address: 192.168.10.200
  1502. grain: true
  1503. names:
  1504. - node2.domain.com
  1505. - service2.domain.com
  1506. Set up ``resolv.conf``, nameservers, domain and search domains:
  1507. .. code-block:: yaml
  1508. linux:
  1509. network:
  1510. resolv:
  1511. dns:
  1512. - 8.8.4.4
  1513. - 8.8.8.8
  1514. domain: my.example.com
  1515. search:
  1516. - my.example.com
  1517. - example.com
  1518. options:
  1519. - ndots: 5
  1520. - timeout: 2
  1521. - attempts: 2
  1522. Set up custom TX queue length for tap interfaces:
  1523. .. code-block:: yaml
  1524. linux:
  1525. network:
  1526. tap_custom_txqueuelen: 10000
  1527. Open vSwitch native bond:
  1528. .. code-block:: yaml
  1529. bond1:
  1530. enabled: true
  1531. type: ovs_bond
  1532. mode: balance-slb
  1533. bridge: br-ex
  1534. slaves: eno3 eno4
  1535. DPDK OVS interfaces
  1536. **DPDK OVS NIC**
  1537. .. code-block:: yaml
  1538. linux:
  1539. network:
  1540. bridge: openvswitch
  1541. dpdk:
  1542. enabled: true
  1543. driver: uio/vfio
  1544. openvswitch:
  1545. pmd_cpu_mask: "0x6"
  1546. dpdk_socket_mem: "1024,1024"
  1547. dpdk_lcore_mask: "0x400"
  1548. memory_channels: 2
  1549. interface:
  1550. dpkd0:
  1551. name: ${_param:dpdk_nic}
  1552. pci: 0000:06:00.0
  1553. driver: igb_uio/vfio-pci
  1554. enabled: true
  1555. type: dpdk_ovs_port
  1556. n_rxq: 2
  1557. pmd_rxq_affinity: "0:1,1:2"
  1558. bridge: br-prv
  1559. mtu: 9000
  1560. br-prv:
  1561. enabled: true
  1562. type: dpdk_ovs_bridge
  1563. **DPDK OVS Bond**
  1564. .. code-block:: yaml
  1565. linux:
  1566. network:
  1567. bridge: openvswitch
  1568. dpdk:
  1569. enabled: true
  1570. driver: uio/vfio
  1571. openvswitch:
  1572. pmd_cpu_mask: "0x6"
  1573. dpdk_socket_mem: "1024,1024"
  1574. dpdk_lcore_mask: "0x400"
  1575. memory_channels: 2
  1576. interface:
  1577. dpdk_second_nic:
  1578. name: ${_param:primary_second_nic}
  1579. pci: 0000:06:00.0
  1580. driver: igb_uio/vfio-pci
  1581. bond: dpdkbond0
  1582. enabled: true
  1583. type: dpdk_ovs_port
  1584. n_rxq: 2
  1585. pmd_rxq_affinity: "0:1,1:2"
  1586. mtu: 9000
  1587. dpdk_first_nic:
  1588. name: ${_param:primary_first_nic}
  1589. pci: 0000:05:00.0
  1590. driver: igb_uio/vfio-pci
  1591. bond: dpdkbond0
  1592. enabled: true
  1593. type: dpdk_ovs_port
  1594. n_rxq: 2
  1595. pmd_rxq_affinity: "0:1,1:2"
  1596. mtu: 9000
  1597. dpdkbond0:
  1598. enabled: true
  1599. bridge: br-prv
  1600. type: dpdk_ovs_bond
  1601. mode: active-backup
  1602. br-prv:
  1603. enabled: true
  1604. type: dpdk_ovs_bridge
  1605. **DPDK OVS LACP Bond with vlan tag**
  1606. .. code-block:: yaml
  1607. linux:
  1608. network:
  1609. bridge: openvswitch
  1610. dpdk:
  1611. enabled: true
  1612. driver: uio
  1613. openvswitch:
  1614. pmd_cpu_mask: "0x6"
  1615. dpdk_socket_mem: "1024,1024"
  1616. dpdk_lcore_mask: "0x400"
  1617. memory_channels: "2"
  1618. interface:
  1619. eth3:
  1620. enabled: true
  1621. type: eth
  1622. proto: manual
  1623. name: ${_param:tenant_first_nic}
  1624. eth4:
  1625. enabled: true
  1626. type: eth
  1627. proto: manual
  1628. name: ${_param:tenant_second_nic}
  1629. dpdk0:
  1630. name: ${_param:tenant_first_nic}
  1631. pci: "0000:81:00.0"
  1632. driver: igb_uio
  1633. bond: bond1
  1634. enabled: true
  1635. type: dpdk_ovs_port
  1636. n_rxq: 2
  1637. dpdk1:
  1638. name: ${_param:tenant_second_nic}
  1639. pci: "0000:81:00.1"
  1640. driver: igb_uio
  1641. bond: bond1
  1642. enabled: true
  1643. type: dpdk_ovs_port
  1644. n_rxq: 2
  1645. bond1:
  1646. enabled: true
  1647. bridge: br-prv
  1648. type: dpdk_ovs_bond
  1649. mode: balance-slb
  1650. br-prv:
  1651. enabled: true
  1652. type: dpdk_ovs_bridge
  1653. tag: ${_param:tenant_vlan}
  1654. address: ${_param:tenant_address}
  1655. netmask: ${_param:tenant_network_netmask}
  1656. **DPDK OVS bridge for VXLAN**
  1657. If VXLAN is used as tenant segmentation, IP address must
  1658. be set on ``br-prv``.
  1659. .. code-block:: yaml
  1660. linux:
  1661. network:
  1662. ...
  1663. interface:
  1664. br-prv:
  1665. enabled: true
  1666. type: dpdk_ovs_bridge
  1667. address: 192.168.50.0
  1668. netmask: 255.255.255.0
  1669. tag: 101
  1670. mtu: 9000
  1671. **DPDK OVS bridge with Linux network interface**
  1672. .. code-block:: yaml
  1673. linux:
  1674. network:
  1675. ...
  1676. interface:
  1677. eth0:
  1678. type: eth
  1679. ovs_bridge: br-prv
  1680. ...
  1681. br-prv:
  1682. enabled: true
  1683. type: dpdk_ovs_bridge
  1684. ...
  1685. Linux storage
  1686. -------------
  1687. Linux with mounted Samba:
  1688. .. code-block:: yaml
  1689. linux:
  1690. storage:
  1691. enabled: true
  1692. mount:
  1693. samba1:
  1694. - enabled: true
  1695. - path: /media/myuser/public/
  1696. - device: //192.168.0.1/storage
  1697. - file_system: cifs
  1698. - options: guest,uid=myuser,iocharset=utf8,file_mode=0777,dir_mode=0777,noperm
  1699. NFS mount:
  1700. .. code-block:: yaml
  1701. linux:
  1702. storage:
  1703. enabled: true
  1704. mount:
  1705. nfs_glance:
  1706. enabled: true
  1707. path: /var/lib/glance/images
  1708. device: 172.16.10.110:/var/nfs/glance
  1709. file_system: nfs
  1710. opts: rw,sync
  1711. Bind mount:
  1712. .. code-block:: yaml
  1713. linux:
  1714. storage:
  1715. enabled: true
  1716. mount:
  1717. mount_bind:
  1718. enabled: true
  1719. path: /mnt/bind/name
  1720. device: /mnt/source/bind
  1721. file_system: none
  1722. opts: bind,defaults
  1723. dump: 0
  1724. pass_num: 1
  1725. File swap configuration:
  1726. .. code-block:: yaml
  1727. linux:
  1728. storage:
  1729. enabled: true
  1730. swap:
  1731. file:
  1732. enabled: true
  1733. engine: file
  1734. device: /swapfile
  1735. size: 1024
  1736. Partition swap configuration:
  1737. .. code-block:: yaml
  1738. linux:
  1739. storage:
  1740. enabled: true
  1741. swap:
  1742. partition:
  1743. enabled: true
  1744. engine: partition
  1745. device: /dev/vg0/swap
  1746. LVM group ``vg1`` with one device and ``data`` volume mounted
  1747. into ``/mnt/data``.
  1748. .. code-block:: yaml
  1749. parameters:
  1750. linux:
  1751. storage:
  1752. mount:
  1753. data:
  1754. enabled: true
  1755. device: /dev/vg1/data
  1756. file_system: ext4
  1757. path: /mnt/data
  1758. lvm:
  1759. vg1:
  1760. enabled: true
  1761. devices:
  1762. - /dev/sdb
  1763. volume:
  1764. data:
  1765. size: 40G
  1766. mount: ${linux:storage:mount:data}
  1767. Salt now also supports expanding and shrinking a LV:
  1768. To reduce the size of an LV the option force must be set to true.
  1769. ! Caution this can destroy the file system if it is not shrunk before !
  1770. only some file systems can be shrunk.
  1771. .. code-block:: yaml
  1772. parameters:
  1773. linux:
  1774. lvm:
  1775. vg1:
  1776. enabled: true
  1777. devices:
  1778. - /dev/sdb
  1779. volume:
  1780. data: # to expand
  1781. size: 50G
  1782. mount: ${linux:storage:mount:data}
  1783. data: # to reduce
  1784. size: 30G
  1785. force: true
  1786. mount: ${linux:storage:mount:data}
  1787. Create partitions on disk. Specify size in MB. It expects empty
  1788. disk without any existing partitions.
  1789. Set ``startsector=1`` if you want to start partitions from ``2048``.
  1790. .. code-block:: yaml
  1791. linux:
  1792. storage:
  1793. disk:
  1794. first_drive:
  1795. startsector: 1
  1796. name: /dev/loop1
  1797. type: gpt
  1798. partitions:
  1799. - size: 200 #size in MB
  1800. type: fat32
  1801. - size: 300 #size in MB
  1802. mkfs: True
  1803. type: xfs
  1804. /dev/vda1:
  1805. partitions:
  1806. - size: 5
  1807. type: ext2
  1808. - size: 10
  1809. type: ext4
  1810. Multipath with Fujitsu Eternus DXL:
  1811. .. code-block:: yaml
  1812. parameters:
  1813. linux:
  1814. storage:
  1815. multipath:
  1816. enabled: true
  1817. blacklist_devices:
  1818. - /dev/sda
  1819. - /dev/sdb
  1820. backends:
  1821. - fujitsu_eternus_dxl
  1822. Multipath with Hitachi VSP 1000:
  1823. .. code-block:: yaml
  1824. parameters:
  1825. linux:
  1826. storage:
  1827. multipath:
  1828. enabled: true
  1829. blacklist_devices:
  1830. - /dev/sda
  1831. - /dev/sdb
  1832. backends:
  1833. - hitachi_vsp1000
  1834. Multipath with IBM Storwize:
  1835. .. code-block:: yaml
  1836. parameters:
  1837. linux:
  1838. storage:
  1839. multipath:
  1840. enabled: true
  1841. blacklist_devices:
  1842. - /dev/sda
  1843. - /dev/sdb
  1844. backends:
  1845. - ibm_storwize
  1846. Multipath with multiple backends:
  1847. .. code-block:: yaml
  1848. parameters:
  1849. linux:
  1850. storage:
  1851. multipath:
  1852. enabled: true
  1853. blacklist_devices:
  1854. - /dev/sda
  1855. - /dev/sdb
  1856. - /dev/sdc
  1857. - /dev/sdd
  1858. backends:
  1859. - ibm_storwize
  1860. - fujitsu_eternus_dxl
  1861. - hitachi_vsp1000
  1862. PAM LDAP integration:
  1863. .. code-block:: yaml
  1864. parameters:
  1865. linux:
  1866. system:
  1867. auth:
  1868. enabled: true
  1869. mkhomedir:
  1870. enabled: true
  1871. umask: 0027
  1872. ldap:
  1873. enabled: true
  1874. binddn: cn=bind,ou=service_users,dc=example,dc=com
  1875. bindpw: secret
  1876. uri: ldap://127.0.0.1
  1877. base: ou=users,dc=example,dc=com
  1878. ldap_version: 3
  1879. pagesize: 65536
  1880. referrals: off
  1881. filter:
  1882. passwd: (&(&(objectClass=person)(uidNumber=*))(unixHomeDirectory=*))
  1883. shadow: (&(&(objectClass=person)(uidNumber=*))(unixHomeDirectory=*))
  1884. group: (&(objectClass=group)(gidNumber=*))
  1885. PAM duo 2FA integration
  1886. .. code-block:: yaml
  1887. parameters:
  1888. linux:
  1889. system:
  1890. auth:
  1891. enabled: true
  1892. duo:
  1893. enabled: true
  1894. duo_host: localhost
  1895. duo_ikey: DUO-INTEGRATION-KEY
  1896. duo_skey: DUO-SECRET-KEY
  1897. duo package version may be specified (optional)
  1898. .. code-block:: yaml
  1899. linux:
  1900. system:
  1901. package:
  1902. duo-unix:
  1903. version: 1.10.1-0
  1904. Disabled multipath (the default setup):
  1905. .. code-block:: yaml
  1906. parameters:
  1907. linux:
  1908. storage:
  1909. multipath:
  1910. enabled: false
  1911. Linux with local loopback device:
  1912. .. code-block:: yaml
  1913. linux:
  1914. storage:
  1915. loopback:
  1916. disk1:
  1917. file: /srv/disk1
  1918. size: 50G
  1919. External config generation
  1920. --------------------------
  1921. You are able to use config support metadata between formulas
  1922. and only generate configuration files for external use, for example, Docker, and so on.
  1923. .. code-block:: yaml
  1924. parameters:
  1925. linux:
  1926. system:
  1927. config:
  1928. pillar:
  1929. jenkins:
  1930. master:
  1931. home: /srv/volumes/jenkins
  1932. approved_scripts:
  1933. - method java.net.URL openConnection
  1934. credentials:
  1935. - type: username_password
  1936. scope: global
  1937. id: test
  1938. desc: Testing credentials
  1939. username: test
  1940. password: test
  1941. Netconsole Remote Kernel Logging
  1942. --------------------------------
  1943. Netconsole logger can be configured for the configfs-enabled kernels
  1944. (``CONFIG_NETCONSOLE_DYNAMIC`` must be enabled). The configuration
  1945. applies both in runtime (if network is already configured),
  1946. and on-boot after an interface initialization.
  1947. .. note::
  1948. * Receiver can be located only on the same L3 domain
  1949. (or you need to configure gateway MAC manually).
  1950. * The Receiver MAC is detected only on configuration time.
  1951. * Using broadcast MAC is not recommended.
  1952. .. code-block:: yaml
  1953. parameters:
  1954. linux:
  1955. system:
  1956. netconsole:
  1957. enabled: true
  1958. port: 514 (optional)
  1959. loglevel: debug (optional)
  1960. target:
  1961. 192.168.0.1:
  1962. interface: bond0
  1963. mac: "ff:ff:ff:ff:ff:ff" (optional)
  1964. Check network params on the environment
  1965. ---------------------------------------
  1966. Grab nics and nics states
  1967. .. code-block:: bash
  1968. salt osd001\* net_checks.get_nics
  1969. **Example of system output:**
  1970. .. code-block:: bash
  1971. osd001.domain.com:
  1972. |_
  1973. - bond0
  1974. - None
  1975. - 1e:c8:64:42:23:b9
  1976. - 0
  1977. - 1500
  1978. |_
  1979. - bond1
  1980. - None
  1981. - 3c:fd:fe:27:3b:00
  1982. - 1
  1983. - 9100
  1984. |_
  1985. - fourty1
  1986. - None
  1987. - 3c:fd:fe:27:3b:00
  1988. - 1
  1989. - 9100
  1990. |_
  1991. - fourty2
  1992. - None
  1993. - 3c:fd:fe:27:3b:02
  1994. - 1
  1995. - 9100
  1996. Grab 10G nics PCI addresses for hugepages setup
  1997. .. code-block:: bash
  1998. salt cmp001\* net_checks.get_ten_pci
  1999. **Example of system output:**
  2000. .. code-block:: bash
  2001. cmp001.domain.com:
  2002. |_
  2003. - ten1
  2004. - 0000:19:00.0
  2005. |_
  2006. - ten2
  2007. - 0000:19:00.1
  2008. |_
  2009. - ten3
  2010. - 0000:19:00.2
  2011. |_
  2012. - ten4
  2013. - 0000:19:00.3
  2014. Grab ip address for an interface
  2015. .. code-block:: bash
  2016. salt cmp001\* net_checks.get_ip iface=one4
  2017. **Example of system output:**
  2018. .. code-block:: bash
  2019. cmp001.domain.com:
  2020. 10.200.177.101
  2021. Grab ip addresses map
  2022. .. code-block:: bash
  2023. salt-call net_checks.nodes_addresses
  2024. **Example of system output:**
  2025. .. code-block:: bash
  2026. local:
  2027. |_
  2028. - cid01.domain.com
  2029. |_
  2030. |_
  2031. - pxe
  2032. - 10.200.177.91
  2033. |_
  2034. - control
  2035. - 10.200.178.91
  2036. |_
  2037. - cmn02.domain.com
  2038. |_
  2039. |_
  2040. - storage_access
  2041. - 10.200.181.67
  2042. |_
  2043. - pxe
  2044. - 10.200.177.67
  2045. |_
  2046. - control
  2047. - 10.200.178.67
  2048. |_
  2049. - cmp010.domain.com
  2050. |_
  2051. |_
  2052. - pxe
  2053. - 10.200.177.110
  2054. |_
  2055. - storage_access
  2056. - 10.200.181.110
  2057. |_
  2058. - control
  2059. - 10.200.178.110
  2060. |_
  2061. - vxlan
  2062. - 10.200.179.110
  2063. Verify full mesh connectivity
  2064. .. code-block:: bash
  2065. salt-call net_checks.ping_check
  2066. **Example of positive system output:**
  2067. .. code-block:: bash
  2068. ['PASSED']
  2069. [INFO ] ['PASSED']
  2070. local:
  2071. True
  2072. **Example of system output in case of failure:**
  2073. .. code-block:: bash
  2074. FAILED
  2075. [ERROR ] FAILED
  2076. ['control: 10.0.1.92 -> 10.0.1.224: Failed']
  2077. ['control: 10.0.1.93 -> 10.0.1.224: Failed']
  2078. ['control: 10.0.1.51 -> 10.0.1.224: Failed']
  2079. ['control: 10.0.1.102 -> 10.0.1.224: Failed']
  2080. ['control: 10.0.1.13 -> 10.0.1.224: Failed']
  2081. ['control: 10.0.1.81 -> 10.0.1.224: Failed']
  2082. local:
  2083. False
  2084. For this feature to work, please mark addresses with some role.
  2085. Otherwise 'default' role is assumed and mesh would consist of all
  2086. addresses on the environment.
  2087. Mesh mark is needed only for interfaces which are enabled and have
  2088. ip address assigned.
  2089. Checking dhcp pxe network meaningless, as it is used for salt
  2090. master vs minion communications, therefore treated as checked.
  2091. .. code-block:: yaml
  2092. parameters:
  2093. linux:
  2094. network:
  2095. interface:
  2096. ens3:
  2097. enabled: true
  2098. type: eth
  2099. proto: static
  2100. address: ${_param:deploy_address}
  2101. netmask: ${_param:deploy_network_netmask}
  2102. gateway: ${_param:deploy_network_gateway}
  2103. mesh: pxe
  2104. Check pillars for ip address duplicates
  2105. .. code-block:: bash
  2106. salt-call net_checks.verify_addresses
  2107. **Example of positive system output:**
  2108. .. code-block:: bash
  2109. ['PASSED']
  2110. [INFO ] ['PASSED']
  2111. local:
  2112. True
  2113. **Example of system output in case of failure:**
  2114. .. code-block:: bash
  2115. FAILED. Duplicates found
  2116. [ERROR ] FAILED. Duplicates found
  2117. ['gtw01.domain.com', 'gtw02.domain.com', '10.0.1.224']
  2118. [ERROR ] ['gtw01.domain.com', 'gtw02.domain.com', '10.0.1.224']
  2119. local:
  2120. False
  2121. Generate csv report for the env
  2122. .. code-block:: bash
  2123. salt -C 'kvm* or cmp* or osd*' net_checks.get_nics_csv \
  2124. | grep '^\ ' | sed 's/\ *//g' | grep -Ev ^server \
  2125. | sed '1 i\server,nic_name,ip_addr,mac_addr,link,mtu,chassis_id,chassis_name,port_mac,port_descr'
  2126. **Example of system output:**
  2127. .. code-block:: bash
  2128. server,nic_name,ip_addr,mac_addr,link,mtu,chassis_id,chassis_name,port_mac,port_descr
  2129. cmp010.domain.com,bond0,None,b4:96:91:10:5b:3a,1,1500,,,,
  2130. cmp010.domain.com,bond0.21,10.200.178.110,b4:96:91:10:5b:3a,1,1500,,,,
  2131. cmp010.domain.com,bond0.22,10.200.179.110,b4:96:91:10:5b:3a,1,1500,,,,
  2132. cmp010.domain.com,bond1,None,3c:fd:fe:34:ad:22,0,1500,,,,
  2133. cmp010.domain.com,bond1.24,10.200.181.110,3c:fd:fe:34:ad:22,0,1500,,,,
  2134. cmp010.domain.com,fourty5,None,3c:fd:fe:34:ad:20,0,9000,,,,
  2135. cmp010.domain.com,fourty6,None,3c:fd:fe:34:ad:22,0,9000,,,,
  2136. cmp010.domain.com,one1,None,b4:96:91:10:5b:38,0,1500,,,,
  2137. cmp010.domain.com,one2,None,b4:96:91:10:5b:39,1,1500,f0:4b:3a:8f:75:40,exnfvaa18-20,548,ge-0/0/22
  2138. cmp010.domain.com,one3,None,b4:96:91:10:5b:3a,1,1500,f0:4b:3a:8f:75:40,exnfvaa18-20,547,ge-0/0/21
  2139. cmp010.domain.com,one4,10.200.177.110,b4:96:91:10:5b:3b,1,1500,f0:4b:3a:8f:75:40,exnfvaa18-20,546,ge-0/0/20
  2140. cmp011.domain.com,bond0,None,b4:96:91:13:6c:aa,1,1500,,,,
  2141. cmp011.domain.com,bond0.21,10.200.178.111,b4:96:91:13:6c:aa,1,1500,,,,
  2142. cmp011.domain.com,bond0.22,10.200.179.111,b4:96:91:13:6c:aa,1,1500,,,,
  2143. ...
  2144. Usage
  2145. =====
  2146. Set MTU of the eth0 network interface to 1400:
  2147. .. code-block:: bash
  2148. ip link set dev eth0 mtu 1400
  2149. Read more
  2150. =========
  2151. * https://www.archlinux.org/
  2152. * http://askubuntu.com/questions/175172/how-do-i-configure-proxies-in-ubuntu-server-or-minimal-cli-ubuntu
  2153. Documentation and Bugs
  2154. ======================
  2155. * http://salt-formulas.readthedocs.io/
  2156. Learn how to install and update salt-formulas.
  2157. * https://github.com/salt-formulas/salt-formula-linux/issues
  2158. In the unfortunate event that bugs are discovered, report the issue to the
  2159. appropriate issue tracker. Use the Github issue tracker for a specific salt
  2160. formula.
  2161. * https://launchpad.net/salt-formulas
  2162. For feature requests, bug reports, or blueprints affecting the entire
  2163. ecosystem, use the Launchpad salt-formulas project.
  2164. * https://launchpad.net/~salt-formulas-users
  2165. Join the salt-formulas-users team and subscribe to mailing list if required.
  2166. * https://github.com/salt-formulas/salt-formula-linux
  2167. Develop the salt-formulas projects in the master branch and then submit pull
  2168. requests against a specific formula.
  2169. * #salt-formulas @ irc.freenode.net
  2170. Use this IRC channel in case of any questions or feedback which is always
  2171. welcome.