Saltstack Official Linux Formula
選択できるのは25トピックまでです。 トピックは、先頭が英数字で、英数字とダッシュ('-')を使用した35文字以内のものにしてください。

README.rst 43KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730173117321733173417351736173717381739174017411742174317441745174617471748174917501751175217531754175517561757175817591760176117621763176417651766176717681769177017711772177317741775177617771778177917801781178217831784178517861787178817891790
  1. ============
  2. Linux Fomula
  3. ============
  4. Linux Operating Systems.
  5. * Ubuntu
  6. * CentOS
  7. * RedHat
  8. * Fedora
  9. * Arch
  10. Sample Pillars
  11. ==============
  12. Linux System
  13. ------------
  14. Basic Linux box
  15. .. code-block:: yaml
  16. linux:
  17. system:
  18. enabled: true
  19. name: 'node1'
  20. domain: 'domain.com'
  21. cluster: 'system'
  22. environment: prod
  23. timezone: 'Europe/Prague'
  24. utc: true
  25. Linux with system users, some with password set:
  26. .. WARNING::
  27. If no 'password' variable has been passed - any predifined password
  28. will be removed.
  29. .. code-block:: yaml
  30. linux:
  31. system:
  32. ...
  33. user:
  34. jdoe:
  35. name: 'jdoe'
  36. enabled: true
  37. sudo: true
  38. shell: /bin/bash
  39. full_name: 'Jonh Doe'
  40. home: '/home/jdoe'
  41. email: 'jonh@doe.com'
  42. jsmith:
  43. name: 'jsmith'
  44. enabled: true
  45. full_name: 'With clear password'
  46. home: '/home/jsmith'
  47. hash_password: true
  48. password: "userpassword"
  49. mark:
  50. name: 'mark'
  51. enabled: true
  52. full_name: "unchange password'
  53. home: '/home/mark'
  54. password: false
  55. elizabeth:
  56. name: 'elizabeth'
  57. enabled: true
  58. full_name: 'With hased password'
  59. home: '/home/elizabeth'
  60. password: "$6$nUI7QEz3$dFYjzQqK5cJ6HQ38KqG4gTWA9eJu3aKx6TRVDFh6BVJxJgFWg2akfAA7f1fCxcSUeOJ2arCO6EEI6XXnHXxG10"
  61. Configure sudo for users and groups under ``/etc/sudoers.d/``.
  62. This ways ``linux.system.sudo`` pillar map to actual sudo attributes:
  63. .. code-block:: jinja
  64. # simplified template:
  65. Cmds_Alias {{ alias }}={{ commands }}
  66. {{ user }} {{ hosts }}=({{ runas }}) NOPASSWD: {{ commands }}
  67. %{{ group }} {{ hosts }}=({{ runas }}) NOPASSWD: {{ commands }}
  68. # when rendered:
  69. saltuser1 ALL=(ALL) NOPASSWD: ALL
  70. .. code-block:: yaml
  71. linux:
  72. system:
  73. sudo:
  74. enabled: true
  75. aliases:
  76. host:
  77. LOCAL:
  78. - localhost
  79. PRODUCTION:
  80. - db1
  81. - db2
  82. runas:
  83. DBA:
  84. - postgres
  85. - mysql
  86. SALT:
  87. - root
  88. command:
  89. # Note: This is not 100% safe when ALL keyword is used, user still may modify configs and hide his actions.
  90. # Best practice is to specify full list of commands user is allowed to run.
  91. SUPPORT_RESTRICTED:
  92. - /bin/vi /etc/sudoers*
  93. - /bin/vim /etc/sudoers*
  94. - /bin/nano /etc/sudoers*
  95. - /bin/emacs /etc/sudoers*
  96. - /bin/su - root
  97. - /bin/su -
  98. - /bin/su
  99. - /usr/sbin/visudo
  100. SUPPORT_SHELLS:
  101. - /bin/sh
  102. - /bin/ksh
  103. - /bin/bash
  104. - /bin/rbash
  105. - /bin/dash
  106. - /bin/zsh
  107. - /bin/csh
  108. - /bin/fish
  109. - /bin/tcsh
  110. - /usr/bin/login
  111. - /usr/bin/su
  112. - /usr/su
  113. ALL_SALT_SAFE:
  114. - /usr/bin/salt state*
  115. - /usr/bin/salt service*
  116. - /usr/bin/salt pillar*
  117. - /usr/bin/salt grains*
  118. - /usr/bin/salt saltutil*
  119. - /usr/bin/salt-call state*
  120. - /usr/bin/salt-call service*
  121. - /usr/bin/salt-call pillar*
  122. - /usr/bin/salt-call grains*
  123. - /usr/bin/salt-call saltutil*
  124. SALT_TRUSTED:
  125. - /usr/bin/salt*
  126. users:
  127. # saltuser1 with default values: saltuser1 ALL=(ALL) NOPASSWD: ALL
  128. saltuser1: {}
  129. saltuser2:
  130. hosts:
  131. - LOCAL
  132. # User Alias DBA
  133. DBA:
  134. hosts:
  135. - ALL
  136. commands:
  137. - ALL_SALT_SAFE
  138. groups:
  139. db-ops:
  140. hosts:
  141. - ALL
  142. - '!PRODUCTION'
  143. runas:
  144. - DBA
  145. commands:
  146. - /bin/cat *
  147. - /bin/less *
  148. - /bin/ls *
  149. salt-ops:
  150. hosts:
  151. - 'ALL'
  152. runas:
  153. - SALT
  154. commands:
  155. - SUPPORT_SHELLS
  156. salt-ops-2nd:
  157. name: salt-ops
  158. nopasswd: false
  159. setenv: true # Enable sudo -E option
  160. runas:
  161. - DBA
  162. commands:
  163. - ALL
  164. - '!SUPPORT_SHELLS'
  165. - '!SUPPORT_RESTRICTED'
  166. Linux with package, latest version
  167. .. code-block:: yaml
  168. linux:
  169. system:
  170. ...
  171. package:
  172. package-name:
  173. version: latest
  174. Linux with package from certail repo, version with no upgrades
  175. .. code-block:: yaml
  176. linux:
  177. system:
  178. ...
  179. package:
  180. package-name:
  181. version: 2132.323
  182. repo: 'custom-repo'
  183. hold: true
  184. Linux with package from certail repo, version with no GPG verification
  185. .. code-block:: yaml
  186. linux:
  187. system:
  188. ...
  189. package:
  190. package-name:
  191. version: 2132.323
  192. repo: 'custom-repo'
  193. verify: false
  194. Linux with autoupdates (automatically install security package updates)
  195. .. code-block:: yaml
  196. linux:
  197. system:
  198. ...
  199. autoupdates:
  200. enabled: true
  201. mail: root@localhost
  202. mail_only_on_error: true
  203. remove_unused_dependencies: false
  204. automatic_reboot: true
  205. automatic_reboot_time: "02:00"
  206. Linux with cron jobs
  207. By default it will use name as an identifier, unless identifier key is
  208. explicitly set or False (then it will use Salt's default behavior which is
  209. identifier same as command resulting in not being able to change it)
  210. .. code-block:: yaml
  211. linux:
  212. system:
  213. ...
  214. job:
  215. cmd1:
  216. command: '/cmd/to/run'
  217. identifier: cmd1
  218. enabled: true
  219. user: 'root'
  220. hour: 2
  221. minute: 0
  222. Linux security limits (limit sensu user memory usage to max 1GB):
  223. .. code-block:: yaml
  224. linux:
  225. system:
  226. ...
  227. limit:
  228. sensu:
  229. enabled: true
  230. domain: sensu
  231. limits:
  232. - type: hard
  233. item: as
  234. value: 1000000
  235. Enable autologin on tty1 (may work only for Ubuntu 14.04):
  236. .. code-block:: yaml
  237. linux:
  238. system:
  239. console:
  240. tty1:
  241. autologin: root
  242. # Enable serial console
  243. ttyS0:
  244. autologin: root
  245. rate: 115200
  246. term: xterm
  247. To disable set autologin to `false`.
  248. Set ``policy-rc.d`` on Debian-based systems. Action can be any available
  249. command in ``while true`` loop and ``case`` context.
  250. Following will disallow dpkg to stop/start services for cassandra package automatically:
  251. .. code-block:: yaml
  252. linux:
  253. system:
  254. policyrcd:
  255. - package: cassandra
  256. action: exit 101
  257. - package: '*'
  258. action: switch
  259. Set system locales:
  260. .. code-block:: yaml
  261. linux:
  262. system:
  263. locale:
  264. en_US.UTF-8:
  265. default: true
  266. "cs_CZ.UTF-8 UTF-8":
  267. enabled: true
  268. Systemd settings:
  269. .. code-block:: yaml
  270. linux:
  271. system:
  272. ...
  273. systemd:
  274. system:
  275. Manager:
  276. DefaultLimitNOFILE: 307200
  277. DefaultLimitNPROC: 307200
  278. user:
  279. Manager:
  280. DefaultLimitCPU: 2
  281. DefaultLimitNPROC: 4
  282. Ensure presence of directory:
  283. .. code-block:: yaml
  284. linux:
  285. system:
  286. directory:
  287. /tmp/test:
  288. user: root
  289. group: root
  290. mode: 700
  291. makedirs: true
  292. Ensure presence of file by specifying it's source:
  293. .. code-block:: yaml
  294. linux:
  295. system:
  296. file:
  297. /tmp/test.txt:
  298. source: http://example.com/test.txt
  299. user: root
  300. group: root
  301. file_mode: 700
  302. dir_mode: 700
  303. encoding: utf-8
  304. hash: <<md5 hash>>
  305. makedirs: true
  306. Ensure presence of file by specifying it's contents:
  307. .. code-block:: yaml
  308. linux:
  309. system:
  310. file:
  311. /tmp/test.txt:
  312. contents: |
  313. line1
  314. line2
  315. user: root
  316. group: root
  317. file_mode: 700
  318. dir_mode: 700
  319. encoding: utf-8
  320. hash: <<md5 hash>>
  321. makedirs: true
  322. Kernel
  323. ~~~~~~
  324. Install always up to date LTS kernel and headers from Ubuntu trusty:
  325. .. code-block:: yaml
  326. linux:
  327. system:
  328. kernel:
  329. type: generic
  330. lts: trusty
  331. headers: true
  332. Load kernel modules and add them to `/etc/modules`:
  333. .. code-block:: yaml
  334. linux:
  335. system:
  336. kernel:
  337. modules:
  338. - nf_conntrack
  339. - tp_smapi
  340. - 8021q
  341. Configure or blacklist kernel modules with additional options to `/etc/modprobe.d` following example
  342. will add `/etc/modprobe.d/nf_conntrack.conf` file with line `options nf_conntrack hashsize=262144`:
  343. .. code-block:: yaml
  344. linux:
  345. system:
  346. kernel:
  347. module:
  348. nf_conntrack:
  349. option:
  350. hashsize: 262144
  351. Install specific kernel version and ensure all other kernel packages are
  352. not present. Also install extra modules and headers for this kernel:
  353. .. code-block:: yaml
  354. linux:
  355. system:
  356. kernel:
  357. type: generic
  358. extra: true
  359. headers: true
  360. version: 4.2.0-22
  361. Systcl kernel parameters
  362. .. code-block:: yaml
  363. linux:
  364. system:
  365. kernel:
  366. sysctl:
  367. net.ipv4.tcp_keepalive_intvl: 3
  368. net.ipv4.tcp_keepalive_time: 30
  369. net.ipv4.tcp_keepalive_probes: 8
  370. CPU
  371. ~~~
  372. Enable cpufreq governor for every cpu:
  373. .. code-block:: yaml
  374. linux:
  375. system:
  376. cpu:
  377. governor: performance
  378. CGROUPS
  379. ~~~~~~~
  380. Setup linux cgroups:
  381. .. code-block:: yaml
  382. linux:
  383. system:
  384. cgroup:
  385. enabled: true
  386. group:
  387. ceph_group_1:
  388. controller:
  389. cpu:
  390. shares:
  391. value: 250
  392. cpuacct:
  393. usage:
  394. value: 0
  395. cpuset:
  396. cpus:
  397. value: 1,2,3
  398. memory:
  399. limit_in_bytes:
  400. value: 2G
  401. memsw.limit_in_bytes:
  402. value: 3G
  403. mapping:
  404. subjects:
  405. - '@ceph'
  406. generic_group_1:
  407. controller:
  408. cpu:
  409. shares:
  410. value: 250
  411. cpuacct:
  412. usage:
  413. value: 0
  414. mapping:
  415. subjects:
  416. - '*:firefox'
  417. - 'student:cp'
  418. Shared Libraries
  419. ~~~~~~~~~~~~~~~~
  420. Set additional shared library to Linux system library path
  421. .. code-block:: yaml
  422. linux:
  423. system:
  424. ld:
  425. library:
  426. java:
  427. - /usr/lib/jvm/jre-openjdk/lib/amd64/server
  428. - /opt/java/jre/lib/amd64/server
  429. Certificates
  430. ~~~~~~~~~~~~
  431. Add certificate authority into system trusted CA bundle
  432. .. code-block:: yaml
  433. linux:
  434. system:
  435. ca_certificates:
  436. mycert: |
  437. -----BEGIN CERTIFICATE-----
  438. MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG
  439. A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
  440. cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2
  441. MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV
  442. BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt
  443. YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
  444. ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE
  445. BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is
  446. I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G
  447. CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do
  448. lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc
  449. AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k
  450. -----END CERTIFICATE-----
  451. Sysfs
  452. ~~~~~
  453. Install sysfsutils and set sysfs attributes:
  454. .. code-block:: yaml
  455. linux:
  456. system:
  457. sysfs:
  458. scheduler:
  459. block/sda/queue/scheduler: deadline
  460. power:
  461. mode:
  462. power/state: 0660
  463. owner:
  464. power/state: "root:power"
  465. devices/system/cpu/cpu0/cpufreq/scaling_governor: powersave
  466. Huge Pages
  467. ~~~~~~~~~~~~
  468. Huge Pages give a performance boost to applications that intensively deal
  469. with memory allocation/deallocation by decreasing memory fragmentation.
  470. .. code-block:: yaml
  471. linux:
  472. system:
  473. kernel:
  474. hugepages:
  475. small:
  476. size: 2M
  477. count: 107520
  478. mount_point: /mnt/hugepages_2MB
  479. mount: false/true # default false
  480. large:
  481. default: true # default automatically mounted
  482. size: 1G
  483. count: 210
  484. mount_point: /mnt/hugepages_1GB
  485. Note: not recommended to use both pagesizes in concurrently.
  486. Intel SR-IOV
  487. ~~~~~~~~~~~~
  488. PCI-SIG Single Root I/O Virtualization and Sharing (SR-IOV) specification defines a standardized mechanism to virtualize PCIe devices. The mechanism can virtualize a single PCIe Ethernet controller to appear as multiple PCIe devices.
  489. .. code-block:: yaml
  490. linux:
  491. system:
  492. kernel:
  493. sriov: True
  494. unsafe_interrupts: False # Default is false. for older platforms and AMD we need to add interrupt remapping workaround
  495. rc:
  496. local: |
  497. #!/bin/sh -e
  498. # Enable 7 VF on eth1
  499. echo 7 > /sys/class/net/eth1/device/sriov_numvfs; sleep 2; ifup -a
  500. exit 0
  501. Isolate CPU options
  502. ~~~~~~~~~~~~~~~~~~~
  503. Remove the specified CPUs, as defined by the cpu_number values, from the general kernel
  504. SMP balancing and scheduler algroithms. The only way to move a process onto or off an
  505. "isolated" CPU is via the CPU affinity syscalls. cpu_number begins at 0, so the
  506. maximum value is 1 less than the number of CPUs on the system.
  507. .. code-block:: yaml
  508. linux:
  509. system:
  510. kernel:
  511. isolcpu: 1,2,3,4,5,6,7 # isolate first cpu 0
  512. Repositories
  513. ~~~~~~~~~~~~
  514. RedHat based Linux with additional OpenStack repo
  515. .. code-block:: yaml
  516. linux:
  517. system:
  518. ...
  519. repo:
  520. rdo-icehouse:
  521. enabled: true
  522. source: 'http://repos.fedorapeople.org/repos/openstack/openstack-icehouse/epel-6/'
  523. pgpcheck: 0
  524. Ensure system repository to use czech Debian mirror (``default: true``)
  525. Also pin it's packages with priority 900.
  526. .. code-block:: yaml
  527. linux:
  528. system:
  529. repo:
  530. debian:
  531. default: true
  532. source: "deb http://ftp.cz.debian.org/debian/ jessie main contrib non-free"
  533. # Import signing key from URL if needed
  534. key_url: "http://dummy.com/public.gpg"
  535. pin:
  536. - pin: 'origin "ftp.cz.debian.org"'
  537. priority: 900
  538. package: '*'
  539. Package manager proxy setup globally:
  540. .. code-block:: yaml
  541. linux:
  542. system:
  543. ...
  544. repo:
  545. apt-mk:
  546. source: "deb http://apt-mk.mirantis.com/ stable main salt"
  547. ...
  548. proxy:
  549. pkg:
  550. enabled: true
  551. ftp: ftp://ftp-proxy-for-apt.host.local:2121
  552. ...
  553. # NOTE: Global defaults for any other componet that configure proxy on the system.
  554. # If your environment has just one simple proxy, set it on linux:system:proxy.
  555. #
  556. # fall back system defaults if linux:system:proxy:pkg has no protocol specific entries
  557. # as for https and http
  558. ftp: ftp://proxy.host.local:2121
  559. http: http://proxy.host.local:3142
  560. https: https://proxy.host.local:3143
  561. Package manager proxy setup per repository:
  562. .. code-block:: yaml
  563. linux:
  564. system:
  565. ...
  566. repo:
  567. debian:
  568. source: "deb http://apt-mk.mirantis.com/ stable main salt"
  569. ...
  570. apt-mk:
  571. source: "deb http://apt-mk.mirantis.com/ stable main salt"
  572. # per repository proxy
  573. proxy:
  574. enabled: true
  575. http: http://maas-01:8080
  576. https: http://maas-01:8080
  577. ...
  578. proxy:
  579. # package manager fallback defaults
  580. # used if linux:system:repo:apt-mk:proxy has no protocol specific entries
  581. pkg:
  582. enabled: true
  583. ftp: ftp://proxy.host.local:2121
  584. #http: http://proxy.host.local:3142
  585. #https: https://proxy.host.local:3143
  586. ...
  587. # global system fallback system defaults
  588. ftp: ftp://proxy.host.local:2121
  589. http: http://proxy.host.local:3142
  590. https: https://proxy.host.local:3143
  591. Remove all repositories:
  592. .. code-block:: yaml
  593. linux:
  594. system:
  595. purge_repos: true
  596. Setup custom apt config options:
  597. .. code-block:: yaml
  598. linux:
  599. system:
  600. apt:
  601. config:
  602. compression-workaround:
  603. "Acquire::CompressionTypes::Order": "gz"
  604. docker-clean:
  605. "DPkg::Post-Invoke":
  606. - "rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true"
  607. "APT::Update::Post-Invoke":
  608. - "rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true"
  609. RC
  610. ~~
  611. rc.local example
  612. .. code-block:: yaml
  613. linux:
  614. system:
  615. rc:
  616. local: |
  617. #!/bin/sh -e
  618. #
  619. # rc.local
  620. #
  621. # This script is executed at the end of each multiuser runlevel.
  622. # Make sure that the script will "exit 0" on success or any other
  623. # value on error.
  624. #
  625. # In order to enable or disable this script just change the execution
  626. # bits.
  627. #
  628. # By default this script does nothing.
  629. exit 0
  630. Prompt
  631. ~~~~~~
  632. Setting prompt is implemented by creating ``/etc/profile.d/prompt.sh``. Every
  633. user can have different prompt.
  634. .. code-block:: yaml
  635. linux:
  636. system:
  637. prompt:
  638. root: \\n\\[\\033[0;37m\\]\\D{%y/%m/%d %H:%M:%S} $(hostname -f)\\[\\e[0m\\]\\n\\[\\e[1;31m\\][\\u@\\h:\\w]\\[\\e[0m\\]
  639. default: \\n\\D{%y/%m/%d %H:%M:%S} $(hostname -f)\\n[\\u@\\h:\\w]
  640. On Debian systems to set prompt system-wide it's necessary to remove setting
  641. PS1 in ``/etc/bash.bashrc`` and ``~/.bashrc`` (which comes from
  642. ``/etc/skel/.bashrc``). This formula will do this automatically, but will not
  643. touch existing user's ``~/.bashrc`` files except root.
  644. Bash
  645. ~~~~
  646. Fix bash configuration to preserve history across sessions (like ZSH does by
  647. default).
  648. .. code-block:: yaml
  649. linux:
  650. system:
  651. bash:
  652. preserve_history: true
  653. Message of the day
  654. ~~~~~~~~~~~~~~~~~~
  655. ``pam_motd`` from package ``update-motd`` is used for dynamic messages of the
  656. day. Setting custom motd will cleanup existing ones.
  657. .. code-block:: yaml
  658. linux:
  659. system:
  660. motd:
  661. - release: |
  662. #!/bin/sh
  663. [ -r /etc/lsb-release ] && . /etc/lsb-release
  664. if [ -z "$DISTRIB_DESCRIPTION" ] && [ -x /usr/bin/lsb_release ]; then
  665. # Fall back to using the very slow lsb_release utility
  666. DISTRIB_DESCRIPTION=$(lsb_release -s -d)
  667. fi
  668. printf "Welcome to %s (%s %s %s)\n" "$DISTRIB_DESCRIPTION" "$(uname -o)" "$(uname -r)" "$(uname -m)"
  669. - warning: |
  670. #!/bin/sh
  671. printf "This is [company name] network.\n"
  672. printf "Unauthorized access strictly prohibited.\n"
  673. Services
  674. ~~~~~~~~
  675. Stop and disable linux service:
  676. .. code-block:: yaml
  677. linux:
  678. system:
  679. service:
  680. apt-daily.timer:
  681. status: dead
  682. Possible status is dead (disable service by default), running (enable service by default), enabled, disabled.
  683. Linux with atop service:
  684. .. code-block:: yaml
  685. linux:
  686. system:
  687. atop:
  688. enabled: true
  689. interval: 20
  690. logpath: "/var/log/atop"
  691. outfile: "/var/log/atop/daily.log"
  692. RHEL / CentOS
  693. ^^^^^^^^^^^^^
  694. Unfortunately ``update-motd`` is currently not available for RHEL so there's
  695. no native support for dynamic motd.
  696. You can still set static one, only pillar structure differs:
  697. .. code-block:: yaml
  698. linux:
  699. system:
  700. motd: |
  701. This is [company name] network.
  702. Unauthorized access strictly prohibited.
  703. Haveged
  704. ~~~~~~~
  705. If you are running headless server and are low on entropy, it may be a good
  706. idea to setup Haveged.
  707. .. code-block:: yaml
  708. linux:
  709. system:
  710. haveged:
  711. enabled: true
  712. Linux network
  713. -------------
  714. Linux with network manager
  715. .. code-block:: yaml
  716. linux:
  717. network:
  718. enabled: true
  719. network_manager: true
  720. Linux with default static network interfaces, default gateway interface and DNS servers
  721. .. code-block:: yaml
  722. linux:
  723. network:
  724. enabled: true
  725. interface:
  726. eth0:
  727. enabled: true
  728. type: eth
  729. address: 192.168.0.102
  730. netmask: 255.255.255.0
  731. gateway: 192.168.0.1
  732. name_servers:
  733. - 8.8.8.8
  734. - 8.8.4.4
  735. mtu: 1500
  736. Linux with bonded interfaces and disabled NetworkManager
  737. .. code-block:: yaml
  738. linux:
  739. network:
  740. enabled: true
  741. interface:
  742. eth0:
  743. type: eth
  744. ...
  745. eth1:
  746. type: eth
  747. ...
  748. bond0:
  749. enabled: true
  750. type: bond
  751. address: 192.168.0.102
  752. netmask: 255.255.255.0
  753. mtu: 1500
  754. use_in:
  755. - interface: ${linux:interface:eth0}
  756. - interface: ${linux:interface:eth0}
  757. network_manager:
  758. disable: true
  759. Linux with vlan interface_params
  760. .. code-block:: yaml
  761. linux:
  762. network:
  763. enabled: true
  764. interface:
  765. vlan69:
  766. type: vlan
  767. use_interfaces:
  768. - interface: ${linux:interface:bond0}
  769. Linux with wireless interface parameters
  770. .. code-block:: yaml
  771. linux:
  772. network:
  773. enabled: true
  774. gateway: 10.0.0.1
  775. default_interface: eth0
  776. interface:
  777. wlan0:
  778. type: eth
  779. wireless:
  780. essid: example
  781. key: example_key
  782. security: wpa
  783. priority: 1
  784. Linux networks with routes defined
  785. .. code-block:: yaml
  786. linux:
  787. network:
  788. enabled: true
  789. gateway: 10.0.0.1
  790. default_interface: eth0
  791. interface:
  792. eth0:
  793. type: eth
  794. route:
  795. default:
  796. address: 192.168.0.123
  797. netmask: 255.255.255.0
  798. gateway: 192.168.0.1
  799. Native Linux Bridges
  800. .. code-block:: yaml
  801. linux:
  802. network:
  803. interface:
  804. eth1:
  805. enabled: true
  806. type: eth
  807. proto: manual
  808. up_cmds:
  809. - ip address add 0/0 dev $IFACE
  810. - ip link set $IFACE up
  811. down_cmds:
  812. - ip link set $IFACE down
  813. br-ex:
  814. enabled: true
  815. type: bridge
  816. address: ${linux:network:host:public_local:address}
  817. netmask: 255.255.255.0
  818. use_interfaces:
  819. - eth1
  820. OpenVswitch Bridges
  821. .. code-block:: yaml
  822. linux:
  823. network:
  824. bridge: openvswitch
  825. interface:
  826. eth1:
  827. enabled: true
  828. type: eth
  829. proto: manual
  830. up_cmds:
  831. - ip address add 0/0 dev $IFACE
  832. - ip link set $IFACE up
  833. down_cmds:
  834. - ip link set $IFACE down
  835. br-ex:
  836. enabled: true
  837. type: bridge
  838. address: ${linux:network:host:public_local:address}
  839. netmask: 255.255.255.0
  840. use_interfaces:
  841. - eth1
  842. br-prv:
  843. enabled: true
  844. type: ovs_bridge
  845. mtu: 65000
  846. br-ens7:
  847. enabled: true
  848. name: br-ens7
  849. type: ovs_bridge
  850. proto: manual
  851. mtu: 9000
  852. use_interfaces:
  853. - ens7
  854. patch-br-ens7-br-prv:
  855. enabled: true
  856. name: ens7-prv
  857. ovs_type: ovs_port
  858. type: ovs_port
  859. bridge: br-ens7
  860. port_type: patch
  861. peer: prv-ens7
  862. mtu: 65000
  863. patch-br-prv-br-ens7:
  864. enabled: true
  865. name: prv-ens7
  866. bridge: br-prv
  867. ovs_type: ovs_port
  868. type: ovs_port
  869. port_type: patch
  870. peer: ens7-prv
  871. mtu: 65000
  872. ens7:
  873. enabled: true
  874. name: ens7
  875. proto: manual
  876. ovs_port_type: OVSPort
  877. type: ovs_port
  878. ovs_bridge: br-ens7
  879. bridge: br-ens7
  880. Debian manual proto interfaces
  881. When you are changing interface proto from static in up state to manual, you
  882. may need to flush ip addresses. For example, if you want to use the interface
  883. and the ip on the bridge. This can be done by setting the ``ipflush_onchange``
  884. to true.
  885. .. code-block:: yaml
  886. linux:
  887. network:
  888. interface:
  889. eth1:
  890. enabled: true
  891. type: eth
  892. proto: manual
  893. mtu: 9100
  894. ipflush_onchange: true
  895. Debian static proto interfaces
  896. When you are changing interface proto from dhcp in up state to static, you
  897. may need to flush ip addresses and restart interface to assign ip address from a managed file.
  898. For example, if you want to use the interface and the ip on the bridge.
  899. This can be done by setting the ``ipflush_onchange`` with combination
  900. ``restart_on_ipflush`` param set to to true.
  901. .. code-block:: yaml
  902. linux:
  903. network:
  904. interface:
  905. eth1:
  906. enabled: true
  907. type: eth
  908. proto: static
  909. address: 10.1.0.22
  910. netmask: 255.255.255.0
  911. ipflush_onchange: true
  912. restart_on_ipflush: true
  913. Concatinating and removing interface files
  914. Debian based distributions have `/etc/network/interfaces.d/` directory, where
  915. you can store configuration of network interfaces in separate files. You can
  916. concatinate the files to the defined destination when needed, this operation
  917. removes the file from the `/etc/network/interfaces.d/`. If you just need to
  918. remove iface files, you can use the `remove_iface_files` key.
  919. .. code-block:: yaml
  920. linux:
  921. network:
  922. concat_iface_files:
  923. - src: '/etc/network/interfaces.d/50-cloud-init.cfg'
  924. dst: '/etc/network/interfaces'
  925. remove_iface_files:
  926. - '/etc/network/interfaces.d/90-custom.cfg'
  927. DHCP client configuration
  928. None of the keys is mandatory, include only those you really need. For full list
  929. of available options under send, supersede, prepend, append refer to dhcp-options(5)
  930. .. code-block:: yaml
  931. linux:
  932. network:
  933. dhclient:
  934. enabled: true
  935. backoff_cutoff: 15
  936. initial_interval: 10
  937. reboot: 10
  938. retry: 60
  939. select_timeout: 0
  940. timeout: 120
  941. send:
  942. - option: host-name
  943. declaration: "= gethostname()"
  944. supersede:
  945. - option: host-name
  946. declaration: "spaceship"
  947. - option: domain-name
  948. declaration: "domain.home"
  949. #- option: arp-cache-timeout
  950. # declaration: 20
  951. prepend:
  952. - option: domain-name-servers
  953. declaration:
  954. - 8.8.8.8
  955. - 8.8.4.4
  956. - option: domain-search
  957. declaration:
  958. - example.com
  959. - eng.example.com
  960. #append:
  961. #- option: domain-name-servers
  962. # declaration: 127.0.0.1
  963. # ip or subnet to reject dhcp offer from
  964. reject:
  965. - 192.33.137.209
  966. - 10.0.2.0/24
  967. request:
  968. - subnet-mask
  969. - broadcast-address
  970. - time-offset
  971. - routers
  972. - domain-name
  973. - domain-name-servers
  974. - domain-search
  975. - host-name
  976. - dhcp6.name-servers
  977. - dhcp6.domain-search
  978. - dhcp6.fqdn
  979. - dhcp6.sntp-servers
  980. - netbios-name-servers
  981. - netbios-scope
  982. - interface-mtu
  983. - rfc3442-classless-static-routes
  984. - ntp-servers
  985. require:
  986. - subnet-mask
  987. - domain-name-servers
  988. # if per interface configuration required add below
  989. interface:
  990. ens2:
  991. initial_interval: 11
  992. reject:
  993. - 192.33.137.210
  994. ens3:
  995. initial_interval: 12
  996. reject:
  997. - 192.33.137.211
  998. Linux network systemd settings:
  999. .. code-block:: yaml
  1000. linux:
  1001. network:
  1002. ...
  1003. systemd:
  1004. link:
  1005. 10-iface-dmz:
  1006. Match:
  1007. MACAddress: c8:5b:67:fa:1a:af
  1008. OriginalName: eth0
  1009. Link:
  1010. Name: dmz0
  1011. netdev:
  1012. 20-bridge-dmz:
  1013. match:
  1014. name: dmz0
  1015. network:
  1016. mescription: bridge
  1017. bridge: br-dmz0
  1018. network:
  1019. # works with lowercase, keys are by default capitalized
  1020. 40-dhcp:
  1021. match:
  1022. name: '*'
  1023. network:
  1024. DHCP: yes
  1025. Configure global environment variables
  1026. Use ``/etc/environment`` for static system wide variable assignment after
  1027. boot. Variable expansion is frequently not supported.
  1028. .. code-block:: yaml
  1029. linux:
  1030. system:
  1031. env:
  1032. BOB_VARIABLE: Alice
  1033. ...
  1034. BOB_PATH:
  1035. - /srv/alice/bin
  1036. - /srv/bob/bin
  1037. ...
  1038. ftp_proxy: none
  1039. http_proxy: http://global-http-proxy.host.local:8080
  1040. https_proxy: ${linux:system:proxy:https}
  1041. no_proxy:
  1042. - 192.168.0.80
  1043. - 192.168.1.80
  1044. - .domain.com
  1045. - .local
  1046. ...
  1047. # NOTE: global defaults proxy configuration.
  1048. proxy:
  1049. ftp: ftp://proxy.host.local:2121
  1050. http: http://proxy.host.local:3142
  1051. https: https://proxy.host.local:3143
  1052. noproxy:
  1053. - .domain.com
  1054. - .local
  1055. Configure profile.d scripts
  1056. The profile.d scripts are being sourced during .sh execution and support
  1057. variable expansion in opposite to /etc/environment global settings in
  1058. ``/etc/environment``.
  1059. .. code-block:: yaml
  1060. linux:
  1061. system:
  1062. profile:
  1063. locales: |
  1064. export LANG=C
  1065. export LC_ALL=C
  1066. ...
  1067. vi_flavors.sh: |
  1068. export PAGER=view
  1069. export EDITOR=vim
  1070. alias vi=vim
  1071. shell_locales.sh: |
  1072. export LANG=en_US
  1073. export LC_ALL=en_US.UTF-8
  1074. shell_proxies.sh: |
  1075. export FTP_PROXY=ftp://127.0.3.3:2121
  1076. export NO_PROXY='.local'
  1077. Linux with hosts
  1078. Parameter purge_hosts will enforce whole /etc/hosts file, removing entries
  1079. that are not defined in model except defaults for both IPv4 and IPv6 localhost
  1080. and hostname + fqdn.
  1081. It's good to use this option if you want to ensure /etc/hosts is always in a
  1082. clean state however it's not enabled by default for safety.
  1083. .. code-block:: yaml
  1084. linux:
  1085. network:
  1086. purge_hosts: true
  1087. host:
  1088. # No need to define this one if purge_hosts is true
  1089. hostname:
  1090. address: 127.0.1.1
  1091. names:
  1092. - ${linux:network:fqdn}
  1093. - ${linux:network:hostname}
  1094. node1:
  1095. address: 192.168.10.200
  1096. names:
  1097. - node2.domain.com
  1098. - service2.domain.com
  1099. node2:
  1100. address: 192.168.10.201
  1101. names:
  1102. - node2.domain.com
  1103. - service2.domain.com
  1104. Linux with hosts collected from mine
  1105. In this case all dns records defined within infrastrucuture will be passed to
  1106. local hosts records or any DNS server. Only hosts with `grain` parameter to
  1107. true will be propagated to the mine.
  1108. .. code-block:: yaml
  1109. linux:
  1110. network:
  1111. purge_hosts: true
  1112. mine_dns_records: true
  1113. host:
  1114. node1:
  1115. address: 192.168.10.200
  1116. grain: true
  1117. names:
  1118. - node2.domain.com
  1119. - service2.domain.com
  1120. Setup resolv.conf, nameservers, domain and search domains
  1121. .. code-block:: yaml
  1122. linux:
  1123. network:
  1124. resolv:
  1125. dns:
  1126. - 8.8.4.4
  1127. - 8.8.8.8
  1128. domain: my.example.com
  1129. search:
  1130. - my.example.com
  1131. - example.com
  1132. options:
  1133. - ndots: 5
  1134. - timeout: 2
  1135. - attempts: 2
  1136. setting custom TX queue length for tap interfaces
  1137. .. code-block:: yaml
  1138. linux:
  1139. network:
  1140. tap_custom_txqueuelen: 10000
  1141. DPDK OVS interfaces
  1142. **DPDK OVS NIC**
  1143. .. code-block:: yaml
  1144. linux:
  1145. network:
  1146. bridge: openvswitch
  1147. dpdk:
  1148. enabled: true
  1149. driver: uio/vfio
  1150. openvswitch:
  1151. pmd_cpu_mask: "0x6"
  1152. dpdk_socket_mem: "1024,1024"
  1153. dpdk_lcore_mask: "0x400"
  1154. memory_channels: 2
  1155. interface:
  1156. dpkd0:
  1157. name: ${_param:dpdk_nic}
  1158. pci: 0000:06:00.0
  1159. driver: igb_uio/vfio-pci
  1160. enabled: true
  1161. type: dpdk_ovs_port
  1162. n_rxq: 2
  1163. pmd_rxq_affinity: "0:1,1:2"
  1164. bridge: br-prv
  1165. mtu: 9000
  1166. br-prv:
  1167. enabled: true
  1168. type: dpdk_ovs_bridge
  1169. **DPDK OVS Bond**
  1170. .. code-block:: yaml
  1171. linux:
  1172. network:
  1173. bridge: openvswitch
  1174. dpdk:
  1175. enabled: true
  1176. driver: uio/vfio
  1177. openvswitch:
  1178. pmd_cpu_mask: "0x6"
  1179. dpdk_socket_mem: "1024,1024"
  1180. dpdk_lcore_mask: "0x400"
  1181. memory_channels: 2
  1182. interface:
  1183. dpdk_second_nic:
  1184. name: ${_param:primary_second_nic}
  1185. pci: 0000:06:00.0
  1186. driver: igb_uio/vfio-pci
  1187. bond: dpdkbond0
  1188. enabled: true
  1189. type: dpdk_ovs_port
  1190. n_rxq: 2
  1191. pmd_rxq_affinity: "0:1,1:2"
  1192. mtu: 9000
  1193. dpdk_first_nic:
  1194. name: ${_param:primary_first_nic}
  1195. pci: 0000:05:00.0
  1196. driver: igb_uio/vfio-pci
  1197. bond: dpdkbond0
  1198. enabled: true
  1199. type: dpdk_ovs_port
  1200. n_rxq: 2
  1201. pmd_rxq_affinity: "0:1,1:2"
  1202. mtu: 9000
  1203. dpdkbond0:
  1204. enabled: true
  1205. bridge: br-prv
  1206. type: dpdk_ovs_bond
  1207. mode: active-backup
  1208. br-prv:
  1209. enabled: true
  1210. type: dpdk_ovs_bridge
  1211. **DPDK OVS bridge for VXLAN**
  1212. If VXLAN is used as tenant segmentation then ip address must be set on br-prv
  1213. .. code-block:: yaml
  1214. linux:
  1215. network:
  1216. ...
  1217. interface:
  1218. br-prv:
  1219. enabled: true
  1220. type: dpdk_ovs_bridge
  1221. address: 192.168.50.0
  1222. netmask: 255.255.255.0
  1223. tag: 101
  1224. mtu: 9000
  1225. Linux storage
  1226. -------------
  1227. Linux with mounted Samba
  1228. .. code-block:: yaml
  1229. linux:
  1230. storage:
  1231. enabled: true
  1232. mount:
  1233. samba1:
  1234. - enabled: true
  1235. - path: /media/myuser/public/
  1236. - device: //192.168.0.1/storage
  1237. - file_system: cifs
  1238. - options: guest,uid=myuser,iocharset=utf8,file_mode=0777,dir_mode=0777,noperm
  1239. NFS mount
  1240. .. code-block:: yaml
  1241. linux:
  1242. storage:
  1243. enabled: true
  1244. mount:
  1245. nfs_glance:
  1246. enabled: true
  1247. path: /var/lib/glance/images
  1248. device: 172.16.10.110:/var/nfs/glance
  1249. file_system: nfs
  1250. opts: rw,sync
  1251. File swap configuration
  1252. .. code-block:: yaml
  1253. linux:
  1254. storage:
  1255. enabled: true
  1256. swap:
  1257. file:
  1258. enabled: true
  1259. engine: file
  1260. device: /swapfile
  1261. size: 1024
  1262. Partition swap configuration
  1263. .. code-block:: yaml
  1264. linux:
  1265. storage:
  1266. enabled: true
  1267. swap:
  1268. partition:
  1269. enabled: true
  1270. engine: partition
  1271. device: /dev/vg0/swap
  1272. LVM group `vg1` with one device and `data` volume mounted into `/mnt/data`
  1273. .. code-block:: yaml
  1274. parameters:
  1275. linux:
  1276. storage:
  1277. mount:
  1278. data:
  1279. enabled: true
  1280. device: /dev/vg1/data
  1281. file_system: ext4
  1282. path: /mnt/data
  1283. lvm:
  1284. vg1:
  1285. enabled: true
  1286. devices:
  1287. - /dev/sdb
  1288. volume:
  1289. data:
  1290. size: 40G
  1291. mount: ${linux:storage:mount:data}
  1292. Create partitions on disk. Specify size in MB. It expects empty
  1293. disk without any existing partitions. (set startsector=1, if you want to start partitions from 2048)
  1294. .. code-block:: yaml
  1295. linux:
  1296. storage:
  1297. disk:
  1298. first_drive:
  1299. startsector: 1
  1300. name: /dev/loop1
  1301. type: gpt
  1302. partitions:
  1303. - size: 200 #size in MB
  1304. type: fat32
  1305. - size: 300 #size in MB
  1306. mkfs: True
  1307. type: xfs
  1308. /dev/vda1:
  1309. partitions:
  1310. - size: 5
  1311. type: ext2
  1312. - size: 10
  1313. type: ext4
  1314. Multipath with Fujitsu Eternus DXL
  1315. .. code-block:: yaml
  1316. parameters:
  1317. linux:
  1318. storage:
  1319. multipath:
  1320. enabled: true
  1321. blacklist_devices:
  1322. - /dev/sda
  1323. - /dev/sdb
  1324. backends:
  1325. - fujitsu_eternus_dxl
  1326. Multipath with Hitachi VSP 1000
  1327. .. code-block:: yaml
  1328. parameters:
  1329. linux:
  1330. storage:
  1331. multipath:
  1332. enabled: true
  1333. blacklist_devices:
  1334. - /dev/sda
  1335. - /dev/sdb
  1336. backends:
  1337. - hitachi_vsp1000
  1338. Multipath with IBM Storwize
  1339. .. code-block:: yaml
  1340. parameters:
  1341. linux:
  1342. storage:
  1343. multipath:
  1344. enabled: true
  1345. blacklist_devices:
  1346. - /dev/sda
  1347. - /dev/sdb
  1348. backends:
  1349. - ibm_storwize
  1350. Multipath with multiple backends
  1351. .. code-block:: yaml
  1352. parameters:
  1353. linux:
  1354. storage:
  1355. multipath:
  1356. enabled: true
  1357. blacklist_devices:
  1358. - /dev/sda
  1359. - /dev/sdb
  1360. - /dev/sdc
  1361. - /dev/sdd
  1362. backends:
  1363. - ibm_storwize
  1364. - fujitsu_eternus_dxl
  1365. - hitachi_vsp1000
  1366. PAM LDAP integration
  1367. .. code-block:: yaml
  1368. parameters:
  1369. linux:
  1370. system:
  1371. auth:
  1372. enabled: true
  1373. ldap:
  1374. enabled: true
  1375. binddn: cn=bind,ou=service_users,dc=example,dc=com
  1376. bindpw: secret
  1377. uri: ldap://127.0.0.1
  1378. base: ou=users,dc=example,dc=com
  1379. ldap_version: 3
  1380. pagesize: 65536
  1381. referrals: off
  1382. filter:
  1383. passwd: (&(&(objectClass=person)(uidNumber=*))(unixHomeDirectory=*))
  1384. shadow: (&(&(objectClass=person)(uidNumber=*))(unixHomeDirectory=*))
  1385. group: (&(objectClass=group)(gidNumber=*))
  1386. Disabled multipath (the default setup)
  1387. .. code-block:: yaml
  1388. parameters:
  1389. linux:
  1390. storage:
  1391. multipath:
  1392. enabled: false
  1393. Linux with local loopback device
  1394. .. code-block:: yaml
  1395. linux:
  1396. storage:
  1397. loopback:
  1398. disk1:
  1399. file: /srv/disk1
  1400. size: 50G
  1401. External config generation
  1402. --------------------------
  1403. You are able to use config support metadata between formulas and only generate
  1404. config files for external use, eg. docker, etc.
  1405. .. code-block:: yaml
  1406. parameters:
  1407. linux:
  1408. system:
  1409. config:
  1410. pillar:
  1411. jenkins:
  1412. master:
  1413. home: /srv/volumes/jenkins
  1414. approved_scripts:
  1415. - method java.net.URL openConnection
  1416. credentials:
  1417. - type: username_password
  1418. scope: global
  1419. id: test
  1420. desc: Testing credentials
  1421. username: test
  1422. password: test
  1423. Netconsole Remote Kernel Logging
  1424. --------------------------------
  1425. Netconsole logger could be configured for configfs-enabled kernels
  1426. (`CONFIG_NETCONSOLE_DYNAMIC` should be enabled). Configuration applies both in
  1427. runtime (if network is already configured), and on-boot after interface
  1428. initialization. Notes:
  1429. * receiver could be located only in same L3 domain
  1430. (or you need to configure gateway MAC manually)
  1431. * receiver's MAC is detected only on configuration time
  1432. * using broadcast MAC is not recommended
  1433. .. code-block:: yaml
  1434. parameters:
  1435. linux:
  1436. system:
  1437. netconsole:
  1438. enabled: true
  1439. port: 514 (optional)
  1440. loglevel: debug (optional)
  1441. target:
  1442. 192.168.0.1:
  1443. interface: bond0
  1444. mac: "ff:ff:ff:ff:ff:ff" (optional)
  1445. Usage
  1446. =====
  1447. Set mtu of network interface eth0 to 1400
  1448. .. code-block:: bash
  1449. ip link set dev eth0 mtu 1400
  1450. Read more
  1451. =========
  1452. * https://www.archlinux.org/
  1453. * http://askubuntu.com/questions/175172/how-do-i-configure-proxies-in-ubuntu-server-or-minimal-cli-ubuntu
  1454. Documentation and Bugs
  1455. ======================
  1456. To learn how to install and update salt-formulas, consult the documentation
  1457. available online at:
  1458. http://salt-formulas.readthedocs.io/
  1459. In the unfortunate event that bugs are discovered, they should be reported to
  1460. the appropriate issue tracker. Use Github issue tracker for specific salt
  1461. formula:
  1462. https://github.com/salt-formulas/salt-formula-linux/issues
  1463. For feature requests, bug reports or blueprints affecting entire ecosystem,
  1464. use Launchpad salt-formulas project:
  1465. https://launchpad.net/salt-formulas
  1466. You can also join salt-formulas-users team and subscribe to mailing list:
  1467. https://launchpad.net/~salt-formulas-users
  1468. Developers wishing to work on the salt-formulas projects should always base
  1469. their work on master branch and submit pull request against specific formula.
  1470. https://github.com/salt-formulas/salt-formula-linux
  1471. Any questions or feedback is always welcome so feel free to join our IRC
  1472. channel:
  1473. #salt-formulas @ irc.freenode.net