Saltstack Official Linux Formula
您最多选择25个主题 主题必须以字母或数字开头,可以包含连字符 (-),并且长度不得超过35个字符

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730173117321733173417351736173717381739174017411742174317441745174617471748174917501751175217531754175517561757175817591760176117621763176417651766176717681769177017711772177317741775177617771778177917801781178217831784178517861787178817891790179117921793179417951796179717981799180018011802
  1. ============
  2. Linux Fomula
  3. ============
  4. Linux Operating Systems.
  5. * Ubuntu
  6. * CentOS
  7. * RedHat
  8. * Fedora
  9. * Arch
  10. Sample Pillars
  11. ==============
  12. Linux System
  13. ------------
  14. Basic Linux box
  15. .. code-block:: yaml
  16. linux:
  17. system:
  18. enabled: true
  19. name: 'node1'
  20. domain: 'domain.com'
  21. cluster: 'system'
  22. environment: prod
  23. timezone: 'Europe/Prague'
  24. utc: true
  25. Linux with system users, some with password set:
  26. .. WARNING::
  27. If no 'password' variable has been passed - any predifined password
  28. will be removed.
  29. .. code-block:: yaml
  30. linux:
  31. system:
  32. ...
  33. user:
  34. jdoe:
  35. name: 'jdoe'
  36. enabled: true
  37. sudo: true
  38. shell: /bin/bash
  39. full_name: 'Jonh Doe'
  40. home: '/home/jdoe'
  41. email: 'jonh@doe.com'
  42. jsmith:
  43. name: 'jsmith'
  44. enabled: true
  45. full_name: 'With clear password'
  46. home: '/home/jsmith'
  47. hash_password: true
  48. password: "userpassword"
  49. mark:
  50. name: 'mark'
  51. enabled: true
  52. full_name: "unchange password'
  53. home: '/home/mark'
  54. password: false
  55. elizabeth:
  56. name: 'elizabeth'
  57. enabled: true
  58. full_name: 'With hased password'
  59. home: '/home/elizabeth'
  60. password: "$6$nUI7QEz3$dFYjzQqK5cJ6HQ38KqG4gTWA9eJu3aKx6TRVDFh6BVJxJgFWg2akfAA7f1fCxcSUeOJ2arCO6EEI6XXnHXxG10"
  61. Configure sudo for users and groups under ``/etc/sudoers.d/``.
  62. This ways ``linux.system.sudo`` pillar map to actual sudo attributes:
  63. .. code-block:: jinja
  64. # simplified template:
  65. Cmds_Alias {{ alias }}={{ commands }}
  66. {{ user }} {{ hosts }}=({{ runas }}) NOPASSWD: {{ commands }}
  67. %{{ group }} {{ hosts }}=({{ runas }}) NOPASSWD: {{ commands }}
  68. # when rendered:
  69. saltuser1 ALL=(ALL) NOPASSWD: ALL
  70. .. code-block:: yaml
  71. linux:
  72. system:
  73. sudo:
  74. enabled: true
  75. aliases:
  76. host:
  77. LOCAL:
  78. - localhost
  79. PRODUCTION:
  80. - db1
  81. - db2
  82. runas:
  83. DBA:
  84. - postgres
  85. - mysql
  86. SALT:
  87. - root
  88. command:
  89. # Note: This is not 100% safe when ALL keyword is used, user still may modify configs and hide his actions.
  90. # Best practice is to specify full list of commands user is allowed to run.
  91. SUPPORT_RESTRICTED:
  92. - /bin/vi /etc/sudoers*
  93. - /bin/vim /etc/sudoers*
  94. - /bin/nano /etc/sudoers*
  95. - /bin/emacs /etc/sudoers*
  96. - /bin/su - root
  97. - /bin/su -
  98. - /bin/su
  99. - /usr/sbin/visudo
  100. SUPPORT_SHELLS:
  101. - /bin/sh
  102. - /bin/ksh
  103. - /bin/bash
  104. - /bin/rbash
  105. - /bin/dash
  106. - /bin/zsh
  107. - /bin/csh
  108. - /bin/fish
  109. - /bin/tcsh
  110. - /usr/bin/login
  111. - /usr/bin/su
  112. - /usr/su
  113. ALL_SALT_SAFE:
  114. - /usr/bin/salt state*
  115. - /usr/bin/salt service*
  116. - /usr/bin/salt pillar*
  117. - /usr/bin/salt grains*
  118. - /usr/bin/salt saltutil*
  119. - /usr/bin/salt-call state*
  120. - /usr/bin/salt-call service*
  121. - /usr/bin/salt-call pillar*
  122. - /usr/bin/salt-call grains*
  123. - /usr/bin/salt-call saltutil*
  124. SALT_TRUSTED:
  125. - /usr/bin/salt*
  126. users:
  127. # saltuser1 with default values: saltuser1 ALL=(ALL) NOPASSWD: ALL
  128. saltuser1: {}
  129. saltuser2:
  130. hosts:
  131. - LOCAL
  132. # User Alias DBA
  133. DBA:
  134. hosts:
  135. - ALL
  136. commands:
  137. - ALL_SALT_SAFE
  138. groups:
  139. db-ops:
  140. hosts:
  141. - ALL
  142. - '!PRODUCTION'
  143. runas:
  144. - DBA
  145. commands:
  146. - /bin/cat *
  147. - /bin/less *
  148. - /bin/ls *
  149. salt-ops:
  150. hosts:
  151. - 'ALL'
  152. runas:
  153. - SALT
  154. commands:
  155. - SUPPORT_SHELLS
  156. salt-ops-2nd:
  157. name: salt-ops
  158. nopasswd: false
  159. setenv: true # Enable sudo -E option
  160. runas:
  161. - DBA
  162. commands:
  163. - ALL
  164. - '!SUPPORT_SHELLS'
  165. - '!SUPPORT_RESTRICTED'
  166. Linux with package, latest version
  167. .. code-block:: yaml
  168. linux:
  169. system:
  170. ...
  171. package:
  172. package-name:
  173. version: latest
  174. Linux with package from certail repo, version with no upgrades
  175. .. code-block:: yaml
  176. linux:
  177. system:
  178. ...
  179. package:
  180. package-name:
  181. version: 2132.323
  182. repo: 'custom-repo'
  183. hold: true
  184. Linux with package from certail repo, version with no GPG verification
  185. .. code-block:: yaml
  186. linux:
  187. system:
  188. ...
  189. package:
  190. package-name:
  191. version: 2132.323
  192. repo: 'custom-repo'
  193. verify: false
  194. Linux with autoupdates (automatically install security package updates)
  195. .. code-block:: yaml
  196. linux:
  197. system:
  198. ...
  199. autoupdates:
  200. enabled: true
  201. mail: root@localhost
  202. mail_only_on_error: true
  203. remove_unused_dependencies: false
  204. automatic_reboot: true
  205. automatic_reboot_time: "02:00"
  206. Linux with cron jobs
  207. By default it will use name as an identifier, unless identifier key is
  208. explicitly set or False (then it will use Salt's default behavior which is
  209. identifier same as command resulting in not being able to change it)
  210. .. code-block:: yaml
  211. linux:
  212. system:
  213. ...
  214. job:
  215. cmd1:
  216. command: '/cmd/to/run'
  217. identifier: cmd1
  218. enabled: true
  219. user: 'root'
  220. hour: 2
  221. minute: 0
  222. Linux security limits (limit sensu user memory usage to max 1GB):
  223. .. code-block:: yaml
  224. linux:
  225. system:
  226. ...
  227. limit:
  228. sensu:
  229. enabled: true
  230. domain: sensu
  231. limits:
  232. - type: hard
  233. item: as
  234. value: 1000000
  235. Enable autologin on tty1 (may work only for Ubuntu 14.04):
  236. .. code-block:: yaml
  237. linux:
  238. system:
  239. console:
  240. tty1:
  241. autologin: root
  242. # Enable serial console
  243. ttyS0:
  244. autologin: root
  245. rate: 115200
  246. term: xterm
  247. To disable set autologin to `false`.
  248. Set ``policy-rc.d`` on Debian-based systems. Action can be any available
  249. command in ``while true`` loop and ``case`` context.
  250. Following will disallow dpkg to stop/start services for cassandra package automatically:
  251. .. code-block:: yaml
  252. linux:
  253. system:
  254. policyrcd:
  255. - package: cassandra
  256. action: exit 101
  257. - package: '*'
  258. action: switch
  259. Set system locales:
  260. .. code-block:: yaml
  261. linux:
  262. system:
  263. locale:
  264. en_US.UTF-8:
  265. default: true
  266. "cs_CZ.UTF-8 UTF-8":
  267. enabled: true
  268. Systemd settings:
  269. .. code-block:: yaml
  270. linux:
  271. system:
  272. ...
  273. systemd:
  274. system:
  275. Manager:
  276. DefaultLimitNOFILE: 307200
  277. DefaultLimitNPROC: 307200
  278. user:
  279. Manager:
  280. DefaultLimitCPU: 2
  281. DefaultLimitNPROC: 4
  282. Ensure presence of directory:
  283. .. code-block:: yaml
  284. linux:
  285. system:
  286. directory:
  287. /tmp/test:
  288. user: root
  289. group: root
  290. mode: 700
  291. makedirs: true
  292. Ensure presence of file by specifying it's source:
  293. .. code-block:: yaml
  294. linux:
  295. system:
  296. file:
  297. /tmp/test.txt:
  298. source: http://example.com/test.txt
  299. user: root
  300. group: root
  301. mode: 700
  302. dir_mode: 700
  303. encoding: utf-8
  304. hash: <<md5 hash>>
  305. makedirs: true
  306. Ensure presence of file by specifying it's contents:
  307. .. code-block:: yaml
  308. linux:
  309. system:
  310. file:
  311. /tmp/test.txt:
  312. contents: |
  313. line1
  314. line2
  315. user: root
  316. group: root
  317. mode: 700
  318. dir_mode: 700
  319. encoding: utf-8
  320. hash: <<md5 hash>>
  321. makedirs: true
  322. Kernel
  323. ~~~~~~
  324. Install always up to date LTS kernel and headers from Ubuntu trusty:
  325. .. code-block:: yaml
  326. linux:
  327. system:
  328. kernel:
  329. type: generic
  330. lts: trusty
  331. headers: true
  332. Load kernel modules and add them to `/etc/modules`:
  333. .. code-block:: yaml
  334. linux:
  335. system:
  336. kernel:
  337. modules:
  338. - nf_conntrack
  339. - tp_smapi
  340. - 8021q
  341. Configure or blacklist kernel modules with additional options to `/etc/modprobe.d` following example
  342. will add `/etc/modprobe.d/nf_conntrack.conf` file with line `options nf_conntrack hashsize=262144`:
  343. .. code-block:: yaml
  344. linux:
  345. system:
  346. kernel:
  347. module:
  348. nf_conntrack:
  349. option:
  350. hashsize: 262144
  351. Install specific kernel version and ensure all other kernel packages are
  352. not present. Also install extra modules and headers for this kernel:
  353. .. code-block:: yaml
  354. linux:
  355. system:
  356. kernel:
  357. type: generic
  358. extra: true
  359. headers: true
  360. version: 4.2.0-22
  361. Systcl kernel parameters
  362. .. code-block:: yaml
  363. linux:
  364. system:
  365. kernel:
  366. sysctl:
  367. net.ipv4.tcp_keepalive_intvl: 3
  368. net.ipv4.tcp_keepalive_time: 30
  369. net.ipv4.tcp_keepalive_probes: 8
  370. Configure kernel boot options:
  371. .. code-block:: yaml
  372. linux:
  373. system:
  374. kernel:
  375. boot_options:
  376. - elevator=deadline
  377. - spectre_v2=off
  378. - nopti
  379. CPU
  380. ~~~
  381. Enable cpufreq governor for every cpu:
  382. .. code-block:: yaml
  383. linux:
  384. system:
  385. cpu:
  386. governor: performance
  387. CGROUPS
  388. ~~~~~~~
  389. Setup linux cgroups:
  390. .. code-block:: yaml
  391. linux:
  392. system:
  393. cgroup:
  394. enabled: true
  395. group:
  396. ceph_group_1:
  397. controller:
  398. cpu:
  399. shares:
  400. value: 250
  401. cpuacct:
  402. usage:
  403. value: 0
  404. cpuset:
  405. cpus:
  406. value: 1,2,3
  407. memory:
  408. limit_in_bytes:
  409. value: 2G
  410. memsw.limit_in_bytes:
  411. value: 3G
  412. mapping:
  413. subjects:
  414. - '@ceph'
  415. generic_group_1:
  416. controller:
  417. cpu:
  418. shares:
  419. value: 250
  420. cpuacct:
  421. usage:
  422. value: 0
  423. mapping:
  424. subjects:
  425. - '*:firefox'
  426. - 'student:cp'
  427. Shared Libraries
  428. ~~~~~~~~~~~~~~~~
  429. Set additional shared library to Linux system library path
  430. .. code-block:: yaml
  431. linux:
  432. system:
  433. ld:
  434. library:
  435. java:
  436. - /usr/lib/jvm/jre-openjdk/lib/amd64/server
  437. - /opt/java/jre/lib/amd64/server
  438. Certificates
  439. ~~~~~~~~~~~~
  440. Add certificate authority into system trusted CA bundle
  441. .. code-block:: yaml
  442. linux:
  443. system:
  444. ca_certificates:
  445. mycert: |
  446. -----BEGIN CERTIFICATE-----
  447. MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG
  448. A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
  449. cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2
  450. MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV
  451. BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt
  452. YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
  453. ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE
  454. BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is
  455. I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G
  456. CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do
  457. lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc
  458. AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k
  459. -----END CERTIFICATE-----
  460. Sysfs
  461. ~~~~~
  462. Install sysfsutils and set sysfs attributes:
  463. .. code-block:: yaml
  464. linux:
  465. system:
  466. sysfs:
  467. scheduler:
  468. block/sda/queue/scheduler: deadline
  469. power:
  470. mode:
  471. power/state: 0660
  472. owner:
  473. power/state: "root:power"
  474. devices/system/cpu/cpu0/cpufreq/scaling_governor: powersave
  475. Huge Pages
  476. ~~~~~~~~~~~~
  477. Huge Pages give a performance boost to applications that intensively deal
  478. with memory allocation/deallocation by decreasing memory fragmentation.
  479. .. code-block:: yaml
  480. linux:
  481. system:
  482. kernel:
  483. hugepages:
  484. small:
  485. size: 2M
  486. count: 107520
  487. mount_point: /mnt/hugepages_2MB
  488. mount: false/true # default false
  489. large:
  490. default: true # default automatically mounted
  491. size: 1G
  492. count: 210
  493. mount_point: /mnt/hugepages_1GB
  494. Note: not recommended to use both pagesizes in concurrently.
  495. Intel SR-IOV
  496. ~~~~~~~~~~~~
  497. PCI-SIG Single Root I/O Virtualization and Sharing (SR-IOV) specification defines a standardized mechanism to virtualize PCIe devices. The mechanism can virtualize a single PCIe Ethernet controller to appear as multiple PCIe devices.
  498. .. code-block:: yaml
  499. linux:
  500. system:
  501. kernel:
  502. sriov: True
  503. unsafe_interrupts: False # Default is false. for older platforms and AMD we need to add interrupt remapping workaround
  504. rc:
  505. local: |
  506. #!/bin/sh -e
  507. # Enable 7 VF on eth1
  508. echo 7 > /sys/class/net/eth1/device/sriov_numvfs; sleep 2; ifup -a
  509. exit 0
  510. Isolate CPU options
  511. ~~~~~~~~~~~~~~~~~~~
  512. Remove the specified CPUs, as defined by the cpu_number values, from the general kernel
  513. SMP balancing and scheduler algroithms. The only way to move a process onto or off an
  514. "isolated" CPU is via the CPU affinity syscalls. cpu_number begins at 0, so the
  515. maximum value is 1 less than the number of CPUs on the system.
  516. .. code-block:: yaml
  517. linux:
  518. system:
  519. kernel:
  520. isolcpu: 1,2,3,4,5,6,7 # isolate first cpu 0
  521. Repositories
  522. ~~~~~~~~~~~~
  523. RedHat based Linux with additional OpenStack repo
  524. .. code-block:: yaml
  525. linux:
  526. system:
  527. ...
  528. repo:
  529. rdo-icehouse:
  530. enabled: true
  531. source: 'http://repos.fedorapeople.org/repos/openstack/openstack-icehouse/epel-6/'
  532. pgpcheck: 0
  533. Ensure system repository to use czech Debian mirror (``default: true``)
  534. Also pin it's packages with priority 900.
  535. .. code-block:: yaml
  536. linux:
  537. system:
  538. repo:
  539. debian:
  540. default: true
  541. source: "deb http://ftp.cz.debian.org/debian/ jessie main contrib non-free"
  542. # Import signing key from URL if needed
  543. key_url: "http://dummy.com/public.gpg"
  544. pin:
  545. - pin: 'origin "ftp.cz.debian.org"'
  546. priority: 900
  547. package: '*'
  548. Package manager proxy setup globally:
  549. .. code-block:: yaml
  550. linux:
  551. system:
  552. ...
  553. repo:
  554. apt-mk:
  555. source: "deb http://apt-mk.mirantis.com/ stable main salt"
  556. ...
  557. proxy:
  558. pkg:
  559. enabled: true
  560. ftp: ftp://ftp-proxy-for-apt.host.local:2121
  561. ...
  562. # NOTE: Global defaults for any other componet that configure proxy on the system.
  563. # If your environment has just one simple proxy, set it on linux:system:proxy.
  564. #
  565. # fall back system defaults if linux:system:proxy:pkg has no protocol specific entries
  566. # as for https and http
  567. ftp: ftp://proxy.host.local:2121
  568. http: http://proxy.host.local:3142
  569. https: https://proxy.host.local:3143
  570. Package manager proxy setup per repository:
  571. .. code-block:: yaml
  572. linux:
  573. system:
  574. ...
  575. repo:
  576. debian:
  577. source: "deb http://apt-mk.mirantis.com/ stable main salt"
  578. ...
  579. apt-mk:
  580. source: "deb http://apt-mk.mirantis.com/ stable main salt"
  581. # per repository proxy
  582. proxy:
  583. enabled: true
  584. http: http://maas-01:8080
  585. https: http://maas-01:8080
  586. ...
  587. proxy:
  588. # package manager fallback defaults
  589. # used if linux:system:repo:apt-mk:proxy has no protocol specific entries
  590. pkg:
  591. enabled: true
  592. ftp: ftp://proxy.host.local:2121
  593. #http: http://proxy.host.local:3142
  594. #https: https://proxy.host.local:3143
  595. ...
  596. # global system fallback system defaults
  597. ftp: ftp://proxy.host.local:2121
  598. http: http://proxy.host.local:3142
  599. https: https://proxy.host.local:3143
  600. Remove all repositories:
  601. .. code-block:: yaml
  602. linux:
  603. system:
  604. purge_repos: true
  605. Setup custom apt config options:
  606. .. code-block:: yaml
  607. linux:
  608. system:
  609. apt:
  610. config:
  611. compression-workaround:
  612. "Acquire::CompressionTypes::Order": "gz"
  613. docker-clean:
  614. "DPkg::Post-Invoke":
  615. - "rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true"
  616. "APT::Update::Post-Invoke":
  617. - "rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true"
  618. RC
  619. ~~
  620. rc.local example
  621. .. code-block:: yaml
  622. linux:
  623. system:
  624. rc:
  625. local: |
  626. #!/bin/sh -e
  627. #
  628. # rc.local
  629. #
  630. # This script is executed at the end of each multiuser runlevel.
  631. # Make sure that the script will "exit 0" on success or any other
  632. # value on error.
  633. #
  634. # In order to enable or disable this script just change the execution
  635. # bits.
  636. #
  637. # By default this script does nothing.
  638. exit 0
  639. Prompt
  640. ~~~~~~
  641. Setting prompt is implemented by creating ``/etc/profile.d/prompt.sh``. Every
  642. user can have different prompt.
  643. .. code-block:: yaml
  644. linux:
  645. system:
  646. prompt:
  647. root: \\n\\[\\033[0;37m\\]\\D{%y/%m/%d %H:%M:%S} $(hostname -f)\\[\\e[0m\\]\\n\\[\\e[1;31m\\][\\u@\\h:\\w]\\[\\e[0m\\]
  648. default: \\n\\D{%y/%m/%d %H:%M:%S} $(hostname -f)\\n[\\u@\\h:\\w]
  649. On Debian systems to set prompt system-wide it's necessary to remove setting
  650. PS1 in ``/etc/bash.bashrc`` and ``~/.bashrc`` (which comes from
  651. ``/etc/skel/.bashrc``). This formula will do this automatically, but will not
  652. touch existing user's ``~/.bashrc`` files except root.
  653. Bash
  654. ~~~~
  655. Fix bash configuration to preserve history across sessions (like ZSH does by
  656. default).
  657. .. code-block:: yaml
  658. linux:
  659. system:
  660. bash:
  661. preserve_history: true
  662. Message of the day
  663. ~~~~~~~~~~~~~~~~~~
  664. ``pam_motd`` from package ``update-motd`` is used for dynamic messages of the
  665. day. Setting custom motd will cleanup existing ones.
  666. .. code-block:: yaml
  667. linux:
  668. system:
  669. motd:
  670. - release: |
  671. #!/bin/sh
  672. [ -r /etc/lsb-release ] && . /etc/lsb-release
  673. if [ -z "$DISTRIB_DESCRIPTION" ] && [ -x /usr/bin/lsb_release ]; then
  674. # Fall back to using the very slow lsb_release utility
  675. DISTRIB_DESCRIPTION=$(lsb_release -s -d)
  676. fi
  677. printf "Welcome to %s (%s %s %s)\n" "$DISTRIB_DESCRIPTION" "$(uname -o)" "$(uname -r)" "$(uname -m)"
  678. - warning: |
  679. #!/bin/sh
  680. printf "This is [company name] network.\n"
  681. printf "Unauthorized access strictly prohibited.\n"
  682. Services
  683. ~~~~~~~~
  684. Stop and disable linux service:
  685. .. code-block:: yaml
  686. linux:
  687. system:
  688. service:
  689. apt-daily.timer:
  690. status: dead
  691. Possible status is dead (disable service by default), running (enable service by default), enabled, disabled.
  692. Linux with atop service:
  693. .. code-block:: yaml
  694. linux:
  695. system:
  696. atop:
  697. enabled: true
  698. interval: 20
  699. logpath: "/var/log/atop"
  700. outfile: "/var/log/atop/daily.log"
  701. RHEL / CentOS
  702. ^^^^^^^^^^^^^
  703. Unfortunately ``update-motd`` is currently not available for RHEL so there's
  704. no native support for dynamic motd.
  705. You can still set static one, only pillar structure differs:
  706. .. code-block:: yaml
  707. linux:
  708. system:
  709. motd: |
  710. This is [company name] network.
  711. Unauthorized access strictly prohibited.
  712. Haveged
  713. ~~~~~~~
  714. If you are running headless server and are low on entropy, it may be a good
  715. idea to setup Haveged.
  716. .. code-block:: yaml
  717. linux:
  718. system:
  719. haveged:
  720. enabled: true
  721. Linux network
  722. -------------
  723. Linux with network manager
  724. .. code-block:: yaml
  725. linux:
  726. network:
  727. enabled: true
  728. network_manager: true
  729. Linux with default static network interfaces, default gateway interface and DNS servers
  730. .. code-block:: yaml
  731. linux:
  732. network:
  733. enabled: true
  734. interface:
  735. eth0:
  736. enabled: true
  737. type: eth
  738. address: 192.168.0.102
  739. netmask: 255.255.255.0
  740. gateway: 192.168.0.1
  741. name_servers:
  742. - 8.8.8.8
  743. - 8.8.4.4
  744. mtu: 1500
  745. Linux with bonded interfaces and disabled NetworkManager
  746. .. code-block:: yaml
  747. linux:
  748. network:
  749. enabled: true
  750. interface:
  751. eth0:
  752. type: eth
  753. ...
  754. eth1:
  755. type: eth
  756. ...
  757. bond0:
  758. enabled: true
  759. type: bond
  760. address: 192.168.0.102
  761. netmask: 255.255.255.0
  762. mtu: 1500
  763. use_in:
  764. - interface: ${linux:interface:eth0}
  765. - interface: ${linux:interface:eth0}
  766. network_manager:
  767. disable: true
  768. Linux with vlan interface_params
  769. .. code-block:: yaml
  770. linux:
  771. network:
  772. enabled: true
  773. interface:
  774. vlan69:
  775. type: vlan
  776. use_interfaces:
  777. - interface: ${linux:interface:bond0}
  778. Linux with wireless interface parameters
  779. .. code-block:: yaml
  780. linux:
  781. network:
  782. enabled: true
  783. gateway: 10.0.0.1
  784. default_interface: eth0
  785. interface:
  786. wlan0:
  787. type: eth
  788. wireless:
  789. essid: example
  790. key: example_key
  791. security: wpa
  792. priority: 1
  793. Linux networks with routes defined
  794. .. code-block:: yaml
  795. linux:
  796. network:
  797. enabled: true
  798. gateway: 10.0.0.1
  799. default_interface: eth0
  800. interface:
  801. eth0:
  802. type: eth
  803. route:
  804. default:
  805. address: 192.168.0.123
  806. netmask: 255.255.255.0
  807. gateway: 192.168.0.1
  808. Native Linux Bridges
  809. .. code-block:: yaml
  810. linux:
  811. network:
  812. interface:
  813. eth1:
  814. enabled: true
  815. type: eth
  816. proto: manual
  817. up_cmds:
  818. - ip address add 0/0 dev $IFACE
  819. - ip link set $IFACE up
  820. down_cmds:
  821. - ip link set $IFACE down
  822. br-ex:
  823. enabled: true
  824. type: bridge
  825. address: ${linux:network:host:public_local:address}
  826. netmask: 255.255.255.0
  827. use_interfaces:
  828. - eth1
  829. OpenVswitch Bridges
  830. .. code-block:: yaml
  831. linux:
  832. network:
  833. bridge: openvswitch
  834. interface:
  835. eth1:
  836. enabled: true
  837. type: eth
  838. proto: manual
  839. up_cmds:
  840. - ip address add 0/0 dev $IFACE
  841. - ip link set $IFACE up
  842. down_cmds:
  843. - ip link set $IFACE down
  844. br-ex:
  845. enabled: true
  846. type: bridge
  847. address: ${linux:network:host:public_local:address}
  848. netmask: 255.255.255.0
  849. use_interfaces:
  850. - eth1
  851. br-prv:
  852. enabled: true
  853. type: ovs_bridge
  854. mtu: 65000
  855. br-ens7:
  856. enabled: true
  857. name: br-ens7
  858. type: ovs_bridge
  859. proto: manual
  860. mtu: 9000
  861. use_interfaces:
  862. - ens7
  863. patch-br-ens7-br-prv:
  864. enabled: true
  865. name: ens7-prv
  866. ovs_type: ovs_port
  867. type: ovs_port
  868. bridge: br-ens7
  869. port_type: patch
  870. peer: prv-ens7
  871. mtu: 65000
  872. patch-br-prv-br-ens7:
  873. enabled: true
  874. name: prv-ens7
  875. bridge: br-prv
  876. ovs_type: ovs_port
  877. type: ovs_port
  878. port_type: patch
  879. peer: ens7-prv
  880. mtu: 65000
  881. ens7:
  882. enabled: true
  883. name: ens7
  884. proto: manual
  885. ovs_port_type: OVSPort
  886. type: ovs_port
  887. ovs_bridge: br-ens7
  888. bridge: br-ens7
  889. Debian manual proto interfaces
  890. When you are changing interface proto from static in up state to manual, you
  891. may need to flush ip addresses. For example, if you want to use the interface
  892. and the ip on the bridge. This can be done by setting the ``ipflush_onchange``
  893. to true.
  894. .. code-block:: yaml
  895. linux:
  896. network:
  897. interface:
  898. eth1:
  899. enabled: true
  900. type: eth
  901. proto: manual
  902. mtu: 9100
  903. ipflush_onchange: true
  904. Debian static proto interfaces
  905. When you are changing interface proto from dhcp in up state to static, you
  906. may need to flush ip addresses and restart interface to assign ip address from a managed file.
  907. For example, if you want to use the interface and the ip on the bridge.
  908. This can be done by setting the ``ipflush_onchange`` with combination
  909. ``restart_on_ipflush`` param set to to true.
  910. .. code-block:: yaml
  911. linux:
  912. network:
  913. interface:
  914. eth1:
  915. enabled: true
  916. type: eth
  917. proto: static
  918. address: 10.1.0.22
  919. netmask: 255.255.255.0
  920. ipflush_onchange: true
  921. restart_on_ipflush: true
  922. Concatinating and removing interface files
  923. Debian based distributions have `/etc/network/interfaces.d/` directory, where
  924. you can store configuration of network interfaces in separate files. You can
  925. concatinate the files to the defined destination when needed, this operation
  926. removes the file from the `/etc/network/interfaces.d/`. If you just need to
  927. remove iface files, you can use the `remove_iface_files` key.
  928. .. code-block:: yaml
  929. linux:
  930. network:
  931. concat_iface_files:
  932. - src: '/etc/network/interfaces.d/50-cloud-init.cfg'
  933. dst: '/etc/network/interfaces'
  934. remove_iface_files:
  935. - '/etc/network/interfaces.d/90-custom.cfg'
  936. DHCP client configuration
  937. None of the keys is mandatory, include only those you really need. For full list
  938. of available options under send, supersede, prepend, append refer to dhcp-options(5)
  939. .. code-block:: yaml
  940. linux:
  941. network:
  942. dhclient:
  943. enabled: true
  944. backoff_cutoff: 15
  945. initial_interval: 10
  946. reboot: 10
  947. retry: 60
  948. select_timeout: 0
  949. timeout: 120
  950. send:
  951. - option: host-name
  952. declaration: "= gethostname()"
  953. supersede:
  954. - option: host-name
  955. declaration: "spaceship"
  956. - option: domain-name
  957. declaration: "domain.home"
  958. #- option: arp-cache-timeout
  959. # declaration: 20
  960. prepend:
  961. - option: domain-name-servers
  962. declaration:
  963. - 8.8.8.8
  964. - 8.8.4.4
  965. - option: domain-search
  966. declaration:
  967. - example.com
  968. - eng.example.com
  969. #append:
  970. #- option: domain-name-servers
  971. # declaration: 127.0.0.1
  972. # ip or subnet to reject dhcp offer from
  973. reject:
  974. - 192.33.137.209
  975. - 10.0.2.0/24
  976. request:
  977. - subnet-mask
  978. - broadcast-address
  979. - time-offset
  980. - routers
  981. - domain-name
  982. - domain-name-servers
  983. - domain-search
  984. - host-name
  985. - dhcp6.name-servers
  986. - dhcp6.domain-search
  987. - dhcp6.fqdn
  988. - dhcp6.sntp-servers
  989. - netbios-name-servers
  990. - netbios-scope
  991. - interface-mtu
  992. - rfc3442-classless-static-routes
  993. - ntp-servers
  994. require:
  995. - subnet-mask
  996. - domain-name-servers
  997. # if per interface configuration required add below
  998. interface:
  999. ens2:
  1000. initial_interval: 11
  1001. reject:
  1002. - 192.33.137.210
  1003. ens3:
  1004. initial_interval: 12
  1005. reject:
  1006. - 192.33.137.211
  1007. Linux network systemd settings:
  1008. .. code-block:: yaml
  1009. linux:
  1010. network:
  1011. ...
  1012. systemd:
  1013. link:
  1014. 10-iface-dmz:
  1015. Match:
  1016. MACAddress: c8:5b:67:fa:1a:af
  1017. OriginalName: eth0
  1018. Link:
  1019. Name: dmz0
  1020. netdev:
  1021. 20-bridge-dmz:
  1022. match:
  1023. name: dmz0
  1024. network:
  1025. mescription: bridge
  1026. bridge: br-dmz0
  1027. network:
  1028. # works with lowercase, keys are by default capitalized
  1029. 40-dhcp:
  1030. match:
  1031. name: '*'
  1032. network:
  1033. DHCP: yes
  1034. Configure global environment variables
  1035. Use ``/etc/environment`` for static system wide variable assignment after
  1036. boot. Variable expansion is frequently not supported.
  1037. .. code-block:: yaml
  1038. linux:
  1039. system:
  1040. env:
  1041. BOB_VARIABLE: Alice
  1042. ...
  1043. BOB_PATH:
  1044. - /srv/alice/bin
  1045. - /srv/bob/bin
  1046. ...
  1047. ftp_proxy: none
  1048. http_proxy: http://global-http-proxy.host.local:8080
  1049. https_proxy: ${linux:system:proxy:https}
  1050. no_proxy:
  1051. - 192.168.0.80
  1052. - 192.168.1.80
  1053. - .domain.com
  1054. - .local
  1055. ...
  1056. # NOTE: global defaults proxy configuration.
  1057. proxy:
  1058. ftp: ftp://proxy.host.local:2121
  1059. http: http://proxy.host.local:3142
  1060. https: https://proxy.host.local:3143
  1061. noproxy:
  1062. - .domain.com
  1063. - .local
  1064. Configure profile.d scripts
  1065. The profile.d scripts are being sourced during .sh execution and support
  1066. variable expansion in opposite to /etc/environment global settings in
  1067. ``/etc/environment``.
  1068. .. code-block:: yaml
  1069. linux:
  1070. system:
  1071. profile:
  1072. locales: |
  1073. export LANG=C
  1074. export LC_ALL=C
  1075. ...
  1076. vi_flavors.sh: |
  1077. export PAGER=view
  1078. export EDITOR=vim
  1079. alias vi=vim
  1080. shell_locales.sh: |
  1081. export LANG=en_US
  1082. export LC_ALL=en_US.UTF-8
  1083. shell_proxies.sh: |
  1084. export FTP_PROXY=ftp://127.0.3.3:2121
  1085. export NO_PROXY='.local'
  1086. Linux with hosts
  1087. Parameter purge_hosts will enforce whole /etc/hosts file, removing entries
  1088. that are not defined in model except defaults for both IPv4 and IPv6 localhost
  1089. and hostname + fqdn.
  1090. It's good to use this option if you want to ensure /etc/hosts is always in a
  1091. clean state however it's not enabled by default for safety.
  1092. .. code-block:: yaml
  1093. linux:
  1094. network:
  1095. purge_hosts: true
  1096. host:
  1097. # No need to define this one if purge_hosts is true
  1098. hostname:
  1099. address: 127.0.1.1
  1100. names:
  1101. - ${linux:network:fqdn}
  1102. - ${linux:network:hostname}
  1103. node1:
  1104. address: 192.168.10.200
  1105. names:
  1106. - node2.domain.com
  1107. - service2.domain.com
  1108. node2:
  1109. address: 192.168.10.201
  1110. names:
  1111. - node2.domain.com
  1112. - service2.domain.com
  1113. Linux with hosts collected from mine
  1114. In this case all dns records defined within infrastrucuture will be passed to
  1115. local hosts records or any DNS server. Only hosts with `grain` parameter to
  1116. true will be propagated to the mine.
  1117. .. code-block:: yaml
  1118. linux:
  1119. network:
  1120. purge_hosts: true
  1121. mine_dns_records: true
  1122. host:
  1123. node1:
  1124. address: 192.168.10.200
  1125. grain: true
  1126. names:
  1127. - node2.domain.com
  1128. - service2.domain.com
  1129. Setup resolv.conf, nameservers, domain and search domains
  1130. .. code-block:: yaml
  1131. linux:
  1132. network:
  1133. resolv:
  1134. dns:
  1135. - 8.8.4.4
  1136. - 8.8.8.8
  1137. domain: my.example.com
  1138. search:
  1139. - my.example.com
  1140. - example.com
  1141. options:
  1142. - ndots: 5
  1143. - timeout: 2
  1144. - attempts: 2
  1145. setting custom TX queue length for tap interfaces
  1146. .. code-block:: yaml
  1147. linux:
  1148. network:
  1149. tap_custom_txqueuelen: 10000
  1150. DPDK OVS interfaces
  1151. **DPDK OVS NIC**
  1152. .. code-block:: yaml
  1153. linux:
  1154. network:
  1155. bridge: openvswitch
  1156. dpdk:
  1157. enabled: true
  1158. driver: uio/vfio
  1159. openvswitch:
  1160. pmd_cpu_mask: "0x6"
  1161. dpdk_socket_mem: "1024,1024"
  1162. dpdk_lcore_mask: "0x400"
  1163. memory_channels: 2
  1164. interface:
  1165. dpkd0:
  1166. name: ${_param:dpdk_nic}
  1167. pci: 0000:06:00.0
  1168. driver: igb_uio/vfio-pci
  1169. enabled: true
  1170. type: dpdk_ovs_port
  1171. n_rxq: 2
  1172. pmd_rxq_affinity: "0:1,1:2"
  1173. bridge: br-prv
  1174. mtu: 9000
  1175. br-prv:
  1176. enabled: true
  1177. type: dpdk_ovs_bridge
  1178. **DPDK OVS Bond**
  1179. .. code-block:: yaml
  1180. linux:
  1181. network:
  1182. bridge: openvswitch
  1183. dpdk:
  1184. enabled: true
  1185. driver: uio/vfio
  1186. openvswitch:
  1187. pmd_cpu_mask: "0x6"
  1188. dpdk_socket_mem: "1024,1024"
  1189. dpdk_lcore_mask: "0x400"
  1190. memory_channels: 2
  1191. interface:
  1192. dpdk_second_nic:
  1193. name: ${_param:primary_second_nic}
  1194. pci: 0000:06:00.0
  1195. driver: igb_uio/vfio-pci
  1196. bond: dpdkbond0
  1197. enabled: true
  1198. type: dpdk_ovs_port
  1199. n_rxq: 2
  1200. pmd_rxq_affinity: "0:1,1:2"
  1201. mtu: 9000
  1202. dpdk_first_nic:
  1203. name: ${_param:primary_first_nic}
  1204. pci: 0000:05:00.0
  1205. driver: igb_uio/vfio-pci
  1206. bond: dpdkbond0
  1207. enabled: true
  1208. type: dpdk_ovs_port
  1209. n_rxq: 2
  1210. pmd_rxq_affinity: "0:1,1:2"
  1211. mtu: 9000
  1212. dpdkbond0:
  1213. enabled: true
  1214. bridge: br-prv
  1215. type: dpdk_ovs_bond
  1216. mode: active-backup
  1217. br-prv:
  1218. enabled: true
  1219. type: dpdk_ovs_bridge
  1220. **DPDK OVS bridge for VXLAN**
  1221. If VXLAN is used as tenant segmentation then ip address must be set on br-prv
  1222. .. code-block:: yaml
  1223. linux:
  1224. network:
  1225. ...
  1226. interface:
  1227. br-prv:
  1228. enabled: true
  1229. type: dpdk_ovs_bridge
  1230. address: 192.168.50.0
  1231. netmask: 255.255.255.0
  1232. tag: 101
  1233. mtu: 9000
  1234. Linux storage
  1235. -------------
  1236. Linux with mounted Samba
  1237. .. code-block:: yaml
  1238. linux:
  1239. storage:
  1240. enabled: true
  1241. mount:
  1242. samba1:
  1243. - enabled: true
  1244. - path: /media/myuser/public/
  1245. - device: //192.168.0.1/storage
  1246. - file_system: cifs
  1247. - options: guest,uid=myuser,iocharset=utf8,file_mode=0777,dir_mode=0777,noperm
  1248. NFS mount
  1249. .. code-block:: yaml
  1250. linux:
  1251. storage:
  1252. enabled: true
  1253. mount:
  1254. nfs_glance:
  1255. enabled: true
  1256. path: /var/lib/glance/images
  1257. device: 172.16.10.110:/var/nfs/glance
  1258. file_system: nfs
  1259. opts: rw,sync
  1260. File swap configuration
  1261. .. code-block:: yaml
  1262. linux:
  1263. storage:
  1264. enabled: true
  1265. swap:
  1266. file:
  1267. enabled: true
  1268. engine: file
  1269. device: /swapfile
  1270. size: 1024
  1271. Partition swap configuration
  1272. .. code-block:: yaml
  1273. linux:
  1274. storage:
  1275. enabled: true
  1276. swap:
  1277. partition:
  1278. enabled: true
  1279. engine: partition
  1280. device: /dev/vg0/swap
  1281. LVM group `vg1` with one device and `data` volume mounted into `/mnt/data`
  1282. .. code-block:: yaml
  1283. parameters:
  1284. linux:
  1285. storage:
  1286. mount:
  1287. data:
  1288. enabled: true
  1289. device: /dev/vg1/data
  1290. file_system: ext4
  1291. path: /mnt/data
  1292. lvm:
  1293. vg1:
  1294. enabled: true
  1295. devices:
  1296. - /dev/sdb
  1297. volume:
  1298. data:
  1299. size: 40G
  1300. mount: ${linux:storage:mount:data}
  1301. Create partitions on disk. Specify size in MB. It expects empty
  1302. disk without any existing partitions. (set startsector=1, if you want to start partitions from 2048)
  1303. .. code-block:: yaml
  1304. linux:
  1305. storage:
  1306. disk:
  1307. first_drive:
  1308. startsector: 1
  1309. name: /dev/loop1
  1310. type: gpt
  1311. partitions:
  1312. - size: 200 #size in MB
  1313. type: fat32
  1314. - size: 300 #size in MB
  1315. mkfs: True
  1316. type: xfs
  1317. /dev/vda1:
  1318. partitions:
  1319. - size: 5
  1320. type: ext2
  1321. - size: 10
  1322. type: ext4
  1323. Multipath with Fujitsu Eternus DXL
  1324. .. code-block:: yaml
  1325. parameters:
  1326. linux:
  1327. storage:
  1328. multipath:
  1329. enabled: true
  1330. blacklist_devices:
  1331. - /dev/sda
  1332. - /dev/sdb
  1333. backends:
  1334. - fujitsu_eternus_dxl
  1335. Multipath with Hitachi VSP 1000
  1336. .. code-block:: yaml
  1337. parameters:
  1338. linux:
  1339. storage:
  1340. multipath:
  1341. enabled: true
  1342. blacklist_devices:
  1343. - /dev/sda
  1344. - /dev/sdb
  1345. backends:
  1346. - hitachi_vsp1000
  1347. Multipath with IBM Storwize
  1348. .. code-block:: yaml
  1349. parameters:
  1350. linux:
  1351. storage:
  1352. multipath:
  1353. enabled: true
  1354. blacklist_devices:
  1355. - /dev/sda
  1356. - /dev/sdb
  1357. backends:
  1358. - ibm_storwize
  1359. Multipath with multiple backends
  1360. .. code-block:: yaml
  1361. parameters:
  1362. linux:
  1363. storage:
  1364. multipath:
  1365. enabled: true
  1366. blacklist_devices:
  1367. - /dev/sda
  1368. - /dev/sdb
  1369. - /dev/sdc
  1370. - /dev/sdd
  1371. backends:
  1372. - ibm_storwize
  1373. - fujitsu_eternus_dxl
  1374. - hitachi_vsp1000
  1375. PAM LDAP integration
  1376. .. code-block:: yaml
  1377. parameters:
  1378. linux:
  1379. system:
  1380. auth:
  1381. enabled: true
  1382. ldap:
  1383. enabled: true
  1384. binddn: cn=bind,ou=service_users,dc=example,dc=com
  1385. bindpw: secret
  1386. uri: ldap://127.0.0.1
  1387. base: ou=users,dc=example,dc=com
  1388. ldap_version: 3
  1389. pagesize: 65536
  1390. referrals: off
  1391. filter:
  1392. passwd: (&(&(objectClass=person)(uidNumber=*))(unixHomeDirectory=*))
  1393. shadow: (&(&(objectClass=person)(uidNumber=*))(unixHomeDirectory=*))
  1394. group: (&(objectClass=group)(gidNumber=*))
  1395. Disabled multipath (the default setup)
  1396. .. code-block:: yaml
  1397. parameters:
  1398. linux:
  1399. storage:
  1400. multipath:
  1401. enabled: false
  1402. Linux with local loopback device
  1403. .. code-block:: yaml
  1404. linux:
  1405. storage:
  1406. loopback:
  1407. disk1:
  1408. file: /srv/disk1
  1409. size: 50G
  1410. External config generation
  1411. --------------------------
  1412. You are able to use config support metadata between formulas and only generate
  1413. config files for external use, eg. docker, etc.
  1414. .. code-block:: yaml
  1415. parameters:
  1416. linux:
  1417. system:
  1418. config:
  1419. pillar:
  1420. jenkins:
  1421. master:
  1422. home: /srv/volumes/jenkins
  1423. approved_scripts:
  1424. - method java.net.URL openConnection
  1425. credentials:
  1426. - type: username_password
  1427. scope: global
  1428. id: test
  1429. desc: Testing credentials
  1430. username: test
  1431. password: test
  1432. Netconsole Remote Kernel Logging
  1433. --------------------------------
  1434. Netconsole logger could be configured for configfs-enabled kernels
  1435. (`CONFIG_NETCONSOLE_DYNAMIC` should be enabled). Configuration applies both in
  1436. runtime (if network is already configured), and on-boot after interface
  1437. initialization. Notes:
  1438. * receiver could be located only in same L3 domain
  1439. (or you need to configure gateway MAC manually)
  1440. * receiver's MAC is detected only on configuration time
  1441. * using broadcast MAC is not recommended
  1442. .. code-block:: yaml
  1443. parameters:
  1444. linux:
  1445. system:
  1446. netconsole:
  1447. enabled: true
  1448. port: 514 (optional)
  1449. loglevel: debug (optional)
  1450. target:
  1451. 192.168.0.1:
  1452. interface: bond0
  1453. mac: "ff:ff:ff:ff:ff:ff" (optional)
  1454. Usage
  1455. =====
  1456. Set mtu of network interface eth0 to 1400
  1457. .. code-block:: bash
  1458. ip link set dev eth0 mtu 1400
  1459. Read more
  1460. =========
  1461. * https://www.archlinux.org/
  1462. * http://askubuntu.com/questions/175172/how-do-i-configure-proxies-in-ubuntu-server-or-minimal-cli-ubuntu
  1463. Documentation and Bugs
  1464. ======================
  1465. To learn how to install and update salt-formulas, consult the documentation
  1466. available online at:
  1467. http://salt-formulas.readthedocs.io/
  1468. In the unfortunate event that bugs are discovered, they should be reported to
  1469. the appropriate issue tracker. Use Github issue tracker for specific salt
  1470. formula:
  1471. https://github.com/salt-formulas/salt-formula-linux/issues
  1472. For feature requests, bug reports or blueprints affecting entire ecosystem,
  1473. use Launchpad salt-formulas project:
  1474. https://launchpad.net/salt-formulas
  1475. You can also join salt-formulas-users team and subscribe to mailing list:
  1476. https://launchpad.net/~salt-formulas-users
  1477. Developers wishing to work on the salt-formulas projects should always base
  1478. their work on master branch and submit pull request against specific formula.
  1479. https://github.com/salt-formulas/salt-formula-linux
  1480. Any questions or feedback is always welcome so feel free to join our IRC
  1481. channel:
  1482. #salt-formulas @ irc.freenode.net