ExternalMirrors
/
linux-formula
mirror of https://github.com/salt-formulas/salt-formula-linux
Watch 1
Star 0
Fork 1
Code Issues 0 Releases 8 Wiki Activity
Saltstack Official Linux Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
316 Commits
26 Branches
Tree: b1813426dc
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'b1813426dc'
${ noResults }
linux-formula/README.rst

README.rst 31KB
Raw Normal View History

Update README.rst
7 years ago
Initial commit
9 years ago
Update README.rst
7 years ago
Initial commit
9 years ago
Update README.rst
7 years ago
Initial commit
9 years ago
Add sudo state, salt-managed aliases,users,groups - apply review comments - add visudo check cmd
7 years ago
Initial commit
9 years ago
Add sudo state, salt-managed aliases,users,groups - apply review comments - add visudo check cmd
7 years ago
Update README.rst
7 years ago
Add sudo state, salt-managed aliases,users,groups - apply review comments - add visudo check cmd
7 years ago
Update README.rst
7 years ago
Add sudo state, salt-managed aliases,users,groups - apply review comments - add visudo check cmd
7 years ago
Update README.rst fixed typo in sudo part
7 years ago
Add sudo state, salt-managed aliases,users,groups - apply review comments - add visudo check cmd
7 years ago
Added ability to enable SETENV in sudoers Change-Id: Icee295720a5a2425390a1bcd588841897071938e
7 years ago
Add sudo state, salt-managed aliases,users,groups - apply review comments - add visudo check cmd
7 years ago
Initial commit
9 years ago
Add system.autoupdates state (#61) * Add support for autoupdates only Debian-based systems are supported for now (through unattended-upgrades package) * Fix test on system.autoupdates.pkgs
7 years ago
Initial commit
9 years ago
Support for setting security limits
9 years ago
Enable/disable console autologin
9 years ago
More options for consoles
9 years ago
Enable/disable console autologin
9 years ago
Allow setting policy-rc.d
9 years ago
Allow setting system locales
8 years ago
Fix readme of cs_CZ locales
8 years ago
Allow setting system locales
8 years ago
Make linux.system.kernel functional
9 years ago
add support for kernel modules Change-Id: I6ba3d72307805341829fe0f6919e326f3698e833
7 years ago
Make linux.system.kernel functional
9 years ago
Linux sysctl kernel parameters
9 years ago
cpu governor
8 years ago
Hugepages support Grub hugepages configuration and mount point action. Change-Id: I49b26871c325b95a7d3f264892a9e997b58765bc Epic: PROD-8959
7 years ago
cpu governor
8 years ago
SRIOV support Enable SR-IOV support on server. Change-Id: I7dabe340abd398cc0422698112cbdd81804446b7 Epic: PROD-8956
7 years ago
Implement isolcpu grub configuration Separate cpu for host os from workload. Change-Id: I5b274a6324fe2fa47c09df82c01e3b95dadb5e53 Epic: PROD-8959
7 years ago
cpu governor
8 years ago
Initial commit
9 years ago
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 years ago
Add dhclient basic configuration Allows configuring general section as well as configuring each dhcp enabled interface separetly. Does not allow alias or lease configuration.
7 years ago
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 years ago
Add dhclient basic configuration Allows configuring general section as well as configuring each dhcp enabled interface separetly. Does not allow alias or lease configuration.
7 years ago
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 years ago
README fix for purging repos
7 years ago
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 years ago
rc.local added to linux formula
9 years ago
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 years ago
Allow setting system-wide prompt
9 years ago
Ensure PS1 is enforced for root
9 years ago
rc.local added to linux formula
9 years ago
Option to preserve bash history
8 years ago
Set message of the day
9 years ago
add service management support Change-Id: Iffb55fee41b8398de12554b58a9d36ae2b81e7ff
7 years ago
RHEL compatibility of motd and prompt
8 years ago
Support for haveged
8 years ago
RHEL compatibility of motd and prompt
8 years ago
Support for haveged
8 years ago
Initial commit
9 years ago
example usage to disable NM
9 years ago
Initial commit
9 years ago
example usage to disable NM
9 years ago
Initial commit
9 years ago
vlan networking support
9 years ago
fix fillar syntax
9 years ago
vlan networking support
9 years ago
Initial commit
9 years ago
vlan networking support
9 years ago
Initial commit
9 years ago
vlan networking support
9 years ago
Initial commit
9 years ago
Add dhclient basic configuration Allows configuring general section as well as configuring each dhcp enabled interface separetly. Does not allow alias or lease configuration.
7 years ago
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 years ago
Initial commit
9 years ago
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 years ago
Initial commit
9 years ago
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 years ago
Initial commit
9 years ago
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 years ago
Initial commit
9 years ago
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 years ago
Initial commit
9 years ago
Allow enforcing of whole /etc/hosts Parameter purge_hosts will enforce whole /etc/hosts file, removing entries that are not defined in model except defaults for both IPv4 and IPv6 localhost and hostname + fqdn. It's good to use this option if you want to ensure /etc/hosts is always in a clean state however it's not enabled by default for safety. Change-Id: Ieb219b2dd494d5a66ecc52a2ec00dd5157ee2b7a
8 years ago
Initial commit
9 years ago
Allow enforcing of whole /etc/hosts Parameter purge_hosts will enforce whole /etc/hosts file, removing entries that are not defined in model except defaults for both IPv4 and IPv6 localhost and hostname + fqdn. It's good to use this option if you want to ensure /etc/hosts is always in a clean state however it's not enabled by default for safety. Change-Id: Ieb219b2dd494d5a66ecc52a2ec00dd5157ee2b7a
8 years ago
Initial commit
9 years ago
Allow enforcing of whole /etc/hosts Parameter purge_hosts will enforce whole /etc/hosts file, removing entries that are not defined in model except defaults for both IPv4 and IPv6 localhost and hostname + fqdn. It's good to use this option if you want to ensure /etc/hosts is always in a clean state however it's not enabled by default for safety. Change-Id: Ieb219b2dd494d5a66ecc52a2ec00dd5157ee2b7a
8 years ago
Initial commit
9 years ago
Allow enforcing of whole /etc/hosts Parameter purge_hosts will enforce whole /etc/hosts file, removing entries that are not defined in model except defaults for both IPv4 and IPv6 localhost and hostname + fqdn. It's good to use this option if you want to ensure /etc/hosts is always in a clean state however it's not enabled by default for safety. Change-Id: Ieb219b2dd494d5a66ecc52a2ec00dd5157ee2b7a
8 years ago
Allow setting resolv.conf
9 years ago
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 years ago
Allow setting resolv.conf
9 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
Allow setting resolv.conf
9 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
fix options setting in resolv
8 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
Feature: automatically set txqueuelen for all tap* network interfaces Config: linux: network: tap_custom_txqueuelen: 10000 in case of configuration parameter defined will create file: /etc/udev/rules.d/60-net-txqueue.rules with content: KERNEL==”tap[0-9a-z\-]*", RUN+="/sbin/ip link set %k txqueuelen 10000"
7 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
Linux OVS dpdk vxlan tunnel endpoint ip address Add possiblity to add ip address and mtu on dpdk ovs bridge to be able use VXLAN as tenant segmentation. Change-Id: I1394d30c5d9935218841b17ff7651dac7b4abefa Epic: PROD-8957
7 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
Allow setting resolv.conf
9 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
Linux OVS dpdk vxlan tunnel endpoint ip address Add possiblity to add ip address and mtu on dpdk ovs bridge to be able use VXLAN as tenant segmentation. Change-Id: I1394d30c5d9935218841b17ff7651dac7b4abefa Epic: PROD-8957
7 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
Linux OVS dpdk vxlan tunnel endpoint ip address Add possiblity to add ip address and mtu on dpdk ovs bridge to be able use VXLAN as tenant segmentation. Change-Id: I1394d30c5d9935218841b17ff7651dac7b4abefa Epic: PROD-8957
7 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
Linux OVS dpdk vxlan tunnel endpoint ip address Add possiblity to add ip address and mtu on dpdk ovs bridge to be able use VXLAN as tenant segmentation. Change-Id: I1394d30c5d9935218841b17ff7651dac7b4abefa Epic: PROD-8957
7 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
Initial commit
9 years ago
Fix mount examples in the README The enabled flag is mandatory.
8 years ago
Initial commit
9 years ago
nfs storage mount
7 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
Initial commit
9 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
add swap partition support
9 years ago
Support for LVM
9 years ago
Fix mount examples in the README The enabled flag is mandatory.
8 years ago
Support for LVM
9 years ago
Refactored multipath support
8 years ago
Add linux.storage.loopback state This state allows to configure loopback device(s). This isn't meant to be used in production but offers a cheap way to test Cinder with LVM volumes.
8 years ago
Add support for external config generation
8 years ago
netconsole remote kernel logger To configure: * set system.netconsole.enabled to true * create system.netconsole.target dict * set a record with IP address and MAC and interface as subdict It works with both static and DHCP interfaces, and applies online. You could use bash-scripting in netconsole.conf. You could override the MAC. See tests/pillar/system.sls for further information. Change-Id: I1cbde47575eb5d32a34cd6d79a063f42dbea7643
7 years ago
Refactored multipath support
8 years ago
Initial commit
9 years ago
Unify Makefile, .gitignore and update readme
8 years ago
 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363 
  1. ============

  2. Linux Fomula

  3. ============

  4. 

  5. Linux Operating Systems.

  6. 

  7. * Ubuntu

  8. * CentOS

  9. * RedHat

  10. * Fedora

  11. * Arch

  12. 

  13. Sample Pillars

  14. ==============

  15. 

  16. 

  17. Linux System

  18. ------------

  19. 

  20. Basic Linux box

  21. 

  22. .. code-block:: yaml

  23. 

  24.     linux:

  25.       system:

  26.         enabled: true

  27.         name: 'node1'

  28.         domain: 'domain.com'

  29.         cluster: 'system'

  30.         environment: prod

  31.         timezone: 'Europe/Prague'

  32.         utc: true

  33. 

  34. Linux with system users, some with password set

  35. 

  36. .. code-block:: yaml

  37. 

  38.     linux:

  39.       system:

  40.         ...

  41.         user:

  42.           jdoe:

  43.             name: 'jdoe'

  44.             enabled: true

  45.             sudo: true

  46.             shell: /bin/bash

  47.             full_name: 'Jonh Doe'

  48.             home: '/home/jdoe'

  49.             email: 'jonh@doe.com'

  50.           jsmith:

  51.             name: 'jsmith'

  52.             enabled: true

  53.             full_name: 'Password'

  54.             home: '/home/jsmith'

  55.             password: userpassword

  56. 

  57. Configure sudo for users and groups under ``/etc/sudoers.d/``.

  58. This ways ``linux.system.sudo`` pillar map to actual sudo attributes:

  59. 

  60. .. code-block:: jinja

  61. 

  62.    # simplified template:

  63.    Cmds_Alias {{ alias }}={{ commands }}

  64.    {{ user }}   {{ hosts }}=({{ runas }}) NOPASSWD: {{ commands }}

  65.    %{{ group }} {{ hosts }}=({{ runas }}) NOPASSWD: {{ commands }}

  66. 

  67.    # when rendered:

  68.    saltuser1 ALL=(ALL) NOPASSWD: ALL

  69. 

  70. .. code-block:: yaml

  71. 

  72.   linux:

  73.     system:

  74.       sudo:

  75.         enabled: true

  76.         aliases:

  77.           host:

  78.             LOCAL:

  79.             - localhost

  80.             PRODUCTION:

  81.             - db1

  82.             - db2

  83.           runas:

  84.             DBA:

  85.             - postgres

  86.             - mysql

  87.             SALT:

  88.             - root

  89.           command:

  90.             # Note: This is not 100% safe when ALL keyword is used, user still may modify configs and hide his actions.

  91.             #       Best practice is to specify full list of commands user is allowed to run.

  92.             SUPPORT_RESTRICTED:

  93.             - /bin/vi /etc/sudoers*

  94.             - /bin/vim /etc/sudoers*

  95.             - /bin/nano /etc/sudoers*

  96.             - /bin/emacs /etc/sudoers*

  97.             - /bin/su - root

  98.             - /bin/su -

  99.             - /bin/su

  100.             - /usr/sbin/visudo

  101.             SUPPORT_SHELLS:

  102.             - /bin/sh

  103.             - /bin/ksh

  104.             - /bin/bash

  105.             - /bin/rbash

  106.             - /bin/dash

  107.             - /bin/zsh

  108.             - /bin/csh

  109.             - /bin/fish

  110.             - /bin/tcsh

  111.             - /usr/bin/login

  112.             - /usr/bin/su

  113.             - /usr/su

  114.             ALL_SALT_SAFE:

  115.             - /usr/bin/salt state*

  116.             - /usr/bin/salt service*

  117.             - /usr/bin/salt pillar*

  118.             - /usr/bin/salt grains*

  119.             - /usr/bin/salt saltutil*

  120.             - /usr/bin/salt-call state*

  121.             - /usr/bin/salt-call service*

  122.             - /usr/bin/salt-call pillar*

  123.             - /usr/bin/salt-call grains*

  124.             - /usr/bin/salt-call saltutil*

  125.             SALT_TRUSTED:

  126.             - /usr/bin/salt*

  127.         users:

  128.           # saltuser1 with default values: saltuser1 ALL=(ALL) NOPASSWD: ALL

  129.           saltuser1: {}

  130.           saltuser2:

  131.             hosts:

  132.             - LOCAL

  133.           # User Alias DBA

  134.           DBA:

  135.             hosts:

  136.             - ALL

  137.             commands:

  138.             - ALL_SALT_SAFE

  139.         groups:

  140.           db-ops:

  141.             hosts:

  142.             - ALL

  143.             - '!PRODUCTION'

  144.             runas:

  145.             - DBA

  146.             commands:

  147.             - /bin/cat *

  148.             - /bin/less *

  149.             - /bin/ls *

  150.           salt-ops:

  151.             hosts:

  152.             - 'ALL'

  153.             runas:

  154.             - SALT

  155.             commands:

  156.             - SUPPORT_SHELLS

  157.           salt-ops-2nd:

  158.             name: salt-ops

  159.             nopasswd: false

  160.             setenv: true # Enable sudo -E option

  161.             runas:

  162.             - DBA

  163.             commands:

  164.             - ALL

  165.             - '!SUPPORT_SHELLS'

  166.             - '!SUPPORT_RESTRICTED'

  167. 

  168. Linux with package, latest version

  169. 

  170. .. code-block:: yaml

  171. 

  172.     linux:

  173.       system:

  174.         ...

  175.         package:

  176.           package-name:

  177.             version: latest

  178. 

  179. Linux with package from certail repo, version with no upgrades

  180. 

  181. .. code-block:: yaml

  182. 

  183.     linux:

  184.       system:

  185.         ...

  186.         package:

  187.           package-name:

  188.             version: 2132.323

  189.             repo: 'custom-repo'

  190.             hold: true

  191. 

  192. Linux with package from certail repo, version with no GPG verification

  193. 

  194. .. code-block:: yaml

  195. 

  196.     linux:

  197.       system:

  198.         ...

  199.         package:

  200.           package-name:

  201.             version: 2132.323

  202.             repo: 'custom-repo'

  203.             verify: false

  204. 

  205. Linux with autoupdates (automatically install security package updates)

  206. 

  207. .. code-block:: yaml

  208. 

  209.     linux:

  210.       system:

  211.         ...

  212.         autoupdates:

  213.           enabled: true

  214.           mail: root@localhost

  215.           mail_only_on_error: true

  216.           remove_unused_dependencies: false

  217.           automatic_reboot: true

  218.           automatic_reboot_time: "02:00"

  219. 

  220. Linux with cron jobs

  221. 

  222. .. code-block:: yaml

  223. 

  224.     linux:

  225.       system:

  226.         ...

  227.         job:

  228.           cmd1:

  229.             command: '/cmd/to/run'

  230.             enabled: true

  231.             user: 'root'

  232.             hour: 2

  233.             minute: 0

  234. 

  235. Linux security limits (limit sensu user memory usage to max 1GB):

  236. 

  237. .. code-block:: yaml

  238. 

  239.     linux:

  240.       system:

  241.         ...

  242.         limit:

  243.           sensu:

  244.             enabled: true

  245.             domain: sensu

  246.             limits:

  247.               - type: hard

  248.                 item: as

  249.                 value: 1000000

  250. 

  251. Enable autologin on tty1 (may work only for Ubuntu 14.04):

  252. 

  253. .. code-block:: yaml

  254. 

  255.     linux:

  256.       system:

  257.         console:

  258.           tty1:

  259.             autologin: root

  260.           # Enable serial console

  261.           ttyS0:

  262.             autologin: root

  263.             rate: 115200

  264.             term: xterm

  265. 

  266. To disable set autologin to `false`.

  267. 

  268. Set ``policy-rc.d`` on Debian-based systems. Action can be any available

  269. command in ``while true`` loop and ``case`` context.

  270. Following will disallow dpkg to stop/start services for cassandra package automatically:

  271. 

  272. .. code-block:: yaml

  273. 

  274.     linux:

  275.       system:

  276.         policyrcd:

  277.           - package: cassandra

  278.             action: exit 101

  279.           - package: '*'

  280.             action: switch

  281. 

  282. Set system locales:

  283. 

  284. .. code-block:: yaml

  285. 

  286.     linux:

  287.       system:

  288.         locale:

  289.           en_US.UTF-8:

  290.             default: true

  291.           "cs_CZ.UTF-8 UTF-8":

  292.             enabled: true

  293. 

  294. Kernel

  295. ~~~~~~

  296. 

  297. Install always up to date LTS kernel and headers from Ubuntu trusty:

  298. 

  299. .. code-block:: yaml

  300. 

  301.     linux:

  302.       system:

  303.         kernel:

  304.           type: generic

  305.           lts: trusty

  306.           headers: true

  307. 

  308. Load kernel modules and add them to `/etc/modules`:

  309. 

  310. .. code-block:: yaml

  311. 

  312.     linux:

  313.       system:

  314.         kernel:

  315.           modules:

  316.             - nf_conntrack

  317.             - tp_smapi

  318.             - 8021q

  319. 

  320. Install specific kernel version and ensure all other kernel packages are

  321. not present. Also install extra modules and headers for this kernel:

  322. 

  323. .. code-block:: yaml

  324. 

  325.     linux:

  326.       system:

  327.         kernel:

  328.           type: generic

  329.           extra: true

  330.           headers: true

  331.           version: 4.2.0-22

  332. 

  333. Systcl kernel parameters

  334. 

  335. .. code-block:: yaml

  336. 

  337.     linux:

  338.       system:

  339.         kernel:

  340.           sysctl:

  341.             net.ipv4.tcp_keepalive_intvl: 3

  342.             net.ipv4.tcp_keepalive_time: 30

  343.             net.ipv4.tcp_keepalive_probes: 8

  344. 

  345. 

  346. CPU

  347. ~~~

  348. 

  349. Disable ondemand cpu mode service:

  350. 

  351. .. code-block:: yaml

  352. 

  353.     linux:

  354.       system:

  355.         cpu:

  356.           governor: performance

  357. 

  358. Huge Pages

  359. ~~~~~~~~~~~~

  360. 

  361. Huge Pages give a performance boost to applications that intensively deal

  362. with memory allocation/deallocation by decreasing memory fragmentation.

  363. 

  364. .. code-block:: yaml

  365. 

  366.     linux:

  367.       system:

  368.         kernel:

  369.           hugepages:

  370.             small:

  371.               size: 2M

  372.               count: 107520

  373.               mount_point: /mnt/hugepages_2MB

  374.               mount: false/true # default false

  375.             large:

  376.               default: true # default automatically mounted

  377.               size: 1G

  378.               count: 210

  379.               mount_point: /mnt/hugepages_1GB

  380. 

  381. Note: not recommended to use both pagesizes in concurrently.

  382. 

  383. Intel SR-IOV

  384. ~~~~~~~~~~~~

  385. 

  386. PCI-SIG Single Root I/O Virtualization and Sharing (SR-IOV) specification defines a standardized mechanism to virtualize PCIe devices. The mechanism can virtualize a single PCIe Ethernet controller to appear as multiple PCIe devices.

  387. 

  388. .. code-block:: yaml

  389. 

  390.     linux:

  391.       system:

  392.         kernel:

  393.           sriov: True

  394.           unsafe_interrupts: False # Default is false. for older platforms and AMD we need to add interrupt remapping workaround

  395.         rc:

  396.           local: |

  397.             #!/bin/sh -e

  398.             # Enable 7 VF on eth1

  399.             echo 7 > /sys/class/net/eth1/device/sriov_numvfs; sleep 2; ifup -a

  400.             exit 0

  401. 

  402. Isolate CPU options

  403. ~~~~~~~~~~~~~~~~~~~

  404. 

  405. Remove the specified CPUs, as defined by the cpu_number values, from the general kernel

  406. SMP balancing and scheduler algroithms. The only way to move a process onto or off an

  407. "isolated" CPU is via the CPU affinity syscalls. cpu_number begins at 0, so the

  408. maximum value is 1 less than the number of CPUs on the system.

  409. 

  410. .. code-block:: yaml

  411. 

  412.     linux:

  413.       system:

  414.         kernel:

  415.           isolcpu: 1,2,3,4,5,6,7 # isolate first cpu 0

  416. 

  417. Repositories

  418. ~~~~~~~~~~~~

  419. 

  420. RedHat based Linux with additional OpenStack repo

  421. 

  422. .. code-block:: yaml

  423. 

  424.     linux:

  425.       system:

  426.         ...

  427.         repo:

  428.           rdo-icehouse:

  429.             enabled: true

  430.             source: 'http://repos.fedorapeople.org/repos/openstack/openstack-icehouse/epel-6/'

  431.             pgpcheck: 0

  432. 

  433. Ensure system repository to use czech Debian mirror (``default: true``)

  434. Also pin it's packages with priority 900.

  435. 

  436. .. code-block:: yaml

  437. 

  438.    linux:

  439.      system:

  440.        repo:

  441.          debian:

  442.            default: true

  443.            source: "deb http://ftp.cz.debian.org/debian/ jessie main contrib non-free"

  444.            # Import signing key from URL if needed

  445.            key_url: "http://dummy.com/public.gpg"

  446.            pin:

  447.              - pin: 'origin "ftp.cz.debian.org"'

  448.                priority: 900

  449.                package: '*'

  450. 

  451. 

  452. Package manager proxy setup globally:

  453. 

  454. .. code-block:: yaml

  455. 

  456.     linux:

  457.       system:

  458.         ...

  459.         repo:

  460.           apt-mk:

  461.             source: "deb http://apt-mk.mirantis.com/ stable main salt"

  462.         ...

  463.         proxy:

  464.           pkg:

  465.             enabled: true

  466.             ftp:   ftp://ftp-proxy-for-apt.host.local:2121

  467.           ...

  468.           # NOTE: Global defaults for any other componet that configure proxy on the system.

  469.           #       If your environment has just one simple proxy, set it on linux:system:proxy.

  470.           #

  471.           # fall back system defaults if linux:system:proxy:pkg has no protocol specific entries

  472.           # as for https and http

  473.           ftp:   ftp://proxy.host.local:2121

  474.           http:  http://proxy.host.local:3142

  475.           https: https://proxy.host.local:3143

  476. 

  477. Package manager proxy setup per repository:

  478. 

  479. .. code-block:: yaml

  480. 

  481.     linux:

  482.       system:

  483.         ...

  484.         repo:

  485.           debian:

  486.             source: "deb http://apt-mk.mirantis.com/ stable main salt"

  487.         ...

  488.           apt-mk:

  489.             source: "deb http://apt-mk.mirantis.com/ stable main salt"

  490.             # per repository proxy

  491.             proxy:

  492.               enabled: true

  493.               http:  http://maas-01:8080

  494.               https: http://maas-01:8080

  495.         ...

  496.         proxy:

  497.           # package manager fallback defaults

  498.           # used if linux:system:repo:apt-mk:proxy has no protocol specific entries

  499.           pkg:

  500.             enabled: true

  501.             ftp:   ftp://proxy.host.local:2121

  502.             #http:  http://proxy.host.local:3142

  503.             #https: https://proxy.host.local:3143

  504.           ...

  505.           # global system fallback system defaults

  506.           ftp:   ftp://proxy.host.local:2121

  507.           http:  http://proxy.host.local:3142

  508.           https: https://proxy.host.local:3143

  509. 

  510. 

  511. Remove all repositories:

  512. 

  513. .. code-block:: yaml

  514. 

  515.     linux:

  516.       system:

  517.         purge_repos: true

  518. 

  519. 

  520. RC

  521. ~~

  522. 

  523. rc.local example

  524. 

  525. .. code-block:: yaml

  526. 

  527.    linux:

  528.      system:

  529.        rc:

  530.          local: |

  531.            #!/bin/sh -e

  532.            #

  533.            # rc.local

  534.            #

  535.            # This script is executed at the end of each multiuser runlevel.

  536.            # Make sure that the script will "exit 0" on success or any other

  537.            # value on error.

  538.            #

  539.            # In order to enable or disable this script just change the execution

  540.            # bits.

  541.            #

  542.            # By default this script does nothing.

  543.            exit 0

  544. 

  545. 

  546. Prompt

  547. ~~~~~~

  548. 

  549. Setting prompt is implemented by creating ``/etc/profile.d/prompt.sh``. Every

  550. user can have different prompt.

  551. 

  552. .. code-block:: yaml

  553. 

  554.     linux:

  555.       system:

  556.         prompt:

  557.           root: \\n\\[\\033[0;37m\\]\\D{%y/%m/%d %H:%M:%S} $(hostname -f)\\[\\e[0m\\]\\n\\[\\e[1;31m\\][\\u@\\h:\\w]\\[\\e[0m\\]

  558.           default: \\n\\D{%y/%m/%d %H:%M:%S} $(hostname -f)\\n[\\u@\\h:\\w]

  559. 

  560. On Debian systems to set prompt system-wide it's necessary to remove setting

  561. PS1 in ``/etc/bash.bashrc`` and ``~/.bashrc`` (which comes from

  562. ``/etc/skel/.bashrc``). This formula will do this automatically, but will not

  563. touch existing user's ``~/.bashrc`` files except root.

  564. 

  565. Bash

  566. ~~~~

  567. 

  568. Fix bash configuration to preserve history across sessions (like ZSH does by

  569. default).

  570. 

  571. .. code-block:: yaml

  572. 

  573.     linux:

  574.       system:

  575.         bash:

  576.           preserve_history: true

  577. 

  578. Message of the day

  579. ~~~~~~~~~~~~~~~~~~

  580. 

  581. ``pam_motd`` from package ``update-motd`` is used for dynamic messages of the

  582. day. Setting custom motd will cleanup existing ones.

  583. 

  584. .. code-block:: yaml

  585. 

  586.     linux:

  587.       system:

  588.         motd:

  589.           - release: |

  590.               #!/bin/sh

  591.               [ -r /etc/lsb-release ] && . /etc/lsb-release

  592. 

  593.               if [ -z "$DISTRIB_DESCRIPTION" ] && [ -x /usr/bin/lsb_release ]; then

  594.               	# Fall back to using the very slow lsb_release utility

  595.               	DISTRIB_DESCRIPTION=$(lsb_release -s -d)

  596.               fi

  597. 

  598.               printf "Welcome to %s (%s %s %s)\n" "$DISTRIB_DESCRIPTION" "$(uname -o)" "$(uname -r)" "$(uname -m)"

  599.           - warning: |

  600.               #!/bin/sh

  601.               printf "This is [company name] network.\n"

  602.               printf "Unauthorized access strictly prohibited.\n"

  603. 

  604. Services

  605. ~~~~~~~~

  606. 

  607. Stop and disable linux service:

  608. 

  609. .. code-block:: yaml

  610. 

  611.     linux:

  612.       system:

  613.         service:

  614.           apt-daily.timer:

  615.             status: dead

  616. 

  617. Possible status is dead (disable service by default), running (enable service by default), enabled, disabled.

  618. 

  619. RHEL / CentOS

  620. ^^^^^^^^^^^^^

  621. 

  622. Unfortunately ``update-motd`` is currently not available for RHEL so there's

  623. no native support for dynamic motd.

  624. You can still set static one, only pillar structure differs:

  625. 

  626. .. code-block:: yaml

  627. 

  628.     linux:

  629.       system:

  630.         motd: |

  631.           This is [company name] network.

  632.           Unauthorized access strictly prohibited.

  633. 

  634. Haveged

  635. ~~~~~~~

  636. 

  637. If you are running headless server and are low on entropy, it may be a good

  638. idea to setup Haveged.

  639. 

  640. .. code-block:: yaml

  641. 

  642.     linux:

  643.       system:

  644.         haveged:

  645.           enabled: true

  646. 

  647. Linux network

  648. -------------

  649. 

  650. Linux with network manager

  651. 

  652. .. code-block:: yaml

  653. 

  654.     linux:

  655.       network:

  656.         enabled: true

  657.         network_manager: true

  658. 

  659. Linux with default static network interfaces, default gateway interface and DNS servers

  660. 

  661. .. code-block:: yaml

  662. 

  663.     linux:

  664.       network:

  665.         enabled: true

  666.         interface:

  667.           eth0:

  668.             enabled: true

  669.             type: eth

  670.             address: 192.168.0.102

  671.             netmask: 255.255.255.0

  672.             gateway: 192.168.0.1

  673.             name_servers:

  674.             - 8.8.8.8

  675.             - 8.8.4.4

  676.             mtu: 1500

  677. 

  678. Linux with bonded interfaces and disabled NetworkManager

  679. 

  680. .. code-block:: yaml

  681. 

  682.     linux:

  683.       network:

  684.         enabled: true

  685.         interface:

  686.           eth0:

  687.             type: eth

  688.             ...

  689.           eth1:

  690.             type: eth

  691.             ...

  692.           bond0:

  693.             enabled: true

  694.             type: bond

  695.             address: 192.168.0.102

  696.             netmask: 255.255.255.0

  697.             mtu: 1500

  698.             use_in:

  699.             - interface: ${linux:interface:eth0}

  700.             - interface: ${linux:interface:eth0}

  701.         network_manager:

  702.           disable: true

  703. 

  704. Linux with vlan interface_params

  705. 

  706. .. code-block:: yaml

  707. 

  708.     linux:

  709.       network:

  710.         enabled: true

  711.         interface:

  712.           vlan69:

  713.             type: vlan

  714.             use_interfaces:

  715.             - interface: ${linux:interface:bond0}

  716. 

  717. Linux with wireless interface parameters

  718. 

  719. .. code-block:: yaml

  720. 

  721.     linux:

  722.       network:

  723.         enabled: true

  724.         gateway: 10.0.0.1

  725.         default_interface: eth0

  726.         interface:

  727.           wlan0:

  728.             type: eth

  729.             wireless:

  730.               essid: example

  731.               key: example_key

  732.               security: wpa

  733.               priority: 1

  734. 

  735. Linux networks with routes defined

  736. 

  737. .. code-block:: yaml

  738. 

  739.     linux:

  740.       network:

  741.         enabled: true

  742.         gateway: 10.0.0.1

  743.         default_interface: eth0

  744.         interface:

  745.           eth0:

  746.             type: eth

  747.             route:

  748.               default:

  749.                 address: 192.168.0.123

  750.                 netmask: 255.255.255.0

  751.                 gateway: 192.168.0.1

  752. 

  753. Native Linux Bridges

  754. 

  755. .. code-block:: yaml

  756. 

  757.     linux:

  758.       network:

  759.         interface:

  760.           eth1:

  761.             enabled: true

  762.             type: eth

  763.             proto: manual

  764.             up_cmds:

  765.             - ip address add 0/0 dev $IFACE

  766.             - ip link set $IFACE up

  767.             down_cmds:

  768.             - ip link set $IFACE down

  769.           br-ex:

  770.             enabled: true

  771.             type: bridge

  772.             address: ${linux:network:host:public_local:address}

  773.             netmask: 255.255.255.0

  774.             use_interfaces:

  775.             - eth1

  776. 

  777. OpenVswitch Bridges

  778. 

  779. .. code-block:: yaml

  780. 

  781.     linux:

  782.       network:

  783.         bridge: openvswitch

  784.         interface:

  785.           eth1:

  786.             enabled: true

  787.             type: eth

  788.             proto: manual

  789.             up_cmds:

  790.             - ip address add 0/0 dev $IFACE

  791.             - ip link set $IFACE up

  792.             down_cmds:

  793.             - ip link set $IFACE down

  794.           br-ex:

  795.             enabled: true

  796.             type: bridge

  797.             address: ${linux:network:host:public_local:address}

  798.             netmask: 255.255.255.0

  799.             use_interfaces:

  800.             - eth1

  801. 

  802. DHCP client configuration

  803. 

  804. None of the keys is mandatory, include only those you really need. For full list

  805. of available options under send, supersede, prepend, append refer to dhcp-options(5)

  806. 

  807. .. code-block:: yaml

  808. 

  809.      linux:

  810.        network:

  811.          dhclient:

  812.            enabled: true

  813.            backoff_cutoff: 15

  814.            initial_interval: 10

  815.            reboot: 10

  816.            retry: 60

  817.            select_timeout: 0

  818.            timeout: 120

  819.            send:

  820.              - option: host-name

  821.                declaration: "= gethostname()"

  822.            supersede:

  823.              - option: host-name

  824.                declaration: "spaceship"

  825.              - option: domain-name

  826.                declaration: "domain.home"

  827.              #- option: arp-cache-timeout

  828.              #  declaration: 20

  829.            prepend:

  830.              - option: domain-name-servers

  831.                declaration:

  832.                  - 8.8.8.8

  833.                  - 8.8.4.4

  834.              - option: domain-search

  835.                declaration:

  836.                  - example.com

  837.                  - eng.example.com

  838.            #append:

  839.              #- option: domain-name-servers

  840.              #  declaration: 127.0.0.1

  841.            # ip or subnet to reject dhcp offer from

  842.            reject:

  843.              - 192.33.137.209

  844.              - 10.0.2.0/24

  845.            request:

  846.              - subnet-mask

  847.              - broadcast-address

  848.              - time-offset

  849.              - routers

  850.              - domain-name

  851.              - domain-name-servers

  852.              - domain-search

  853.              - host-name

  854.              - dhcp6.name-servers

  855.              - dhcp6.domain-search

  856.              - dhcp6.fqdn

  857.              - dhcp6.sntp-servers

  858.              - netbios-name-servers

  859.              - netbios-scope

  860.              - interface-mtu

  861.              - rfc3442-classless-static-routes

  862.              - ntp-servers

  863.            require:

  864.              - subnet-mask

  865.              - domain-name-servers

  866.            # if per interface configuration required add below

  867.            interface:

  868.              ens2:

  869.                initial_interval: 11

  870.                reject:

  871.                  - 192.33.137.210

  872.              ens3:

  873.                initial_interval: 12

  874.                reject:

  875.                  - 192.33.137.211

  876. 

  877. 

  878. Configure global environment variables

  879. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  880. 

  881. Linux /etc/environment:

  882. ``/etc/environment`` is for static system wide variable assignment after boot. Variable expansion is frequently not supported.

  883. 

  884. .. code-block:: yaml

  885. 

  886.     linux:

  887.       system:

  888.         env:

  889.           BOB_VARIABLE: Alice

  890.           ...

  891.           BOB_PATH:

  892.             - /srv/alice/bin

  893.             - /srv/bob/bin

  894.           ...

  895.           ftp_proxy:   none

  896.           http_proxy:  http://global-http-proxy.host.local:8080

  897.           https_proxy: ${linux:system:proxy:https}

  898.           no_proxy:

  899.             - 192.168.0.80

  900.             - 192.168.1.80

  901.             - .domain.com

  902.             - .local

  903.         ...

  904.         # NOTE: global defaults proxy configuration.

  905.         proxy:

  906.           ftp:   ftp://proxy.host.local:2121

  907.           http:  http://proxy.host.local:3142

  908.           https: https://proxy.host.local:3143

  909.           noproxy:

  910.             - .domain.com

  911.             - .local

  912. 

  913. Configure profile.d scripts

  914. ~~~~~~~~~~~~~~~~~~~~~~~~~~~

  915. 

  916. Linux /etc/profile.d:

  917. The profile.d scripts are being sourced during .sh execution and support variable expansion in opposite to /etc/environment

  918. global settings in ``/etc/environment``.

  919. 

  920. .. code-block:: yaml

  921. 

  922.     linux:

  923.       system:

  924.         profile:

  925.           locales: |

  926.             export LANG=C

  927.             export LC_ALL=C

  928.           ...

  929.           vi_flavors.sh: |

  930.             export PAGER=view

  931.             export EDITOR=vim

  932.             alias vi=vim

  933.           shell_locales.sh: |

  934.             export LANG=en_US

  935.             export LC_ALL=en_US.UTF-8

  936.           shell_proxies.sh: |

  937.             export FTP_PROXY=ftp://127.0.3.3:2121

  938.             export NO_PROXY='.local'

  939. 

  940. Linux with hosts

  941. ~~~~~~~~~~~~~~~~

  942. 

  943. Parameter purge_hosts will enforce whole /etc/hosts file, removing entries

  944. that are not defined in model except defaults for both IPv4 and IPv6 localhost

  945. and hostname + fqdn.

  946. It's good to use this option if you want to ensure /etc/hosts is always in a

  947. clean state however it's not enabled by default for safety.

  948. 

  949. .. code-block:: yaml

  950. 

  951.     linux:

  952.       network:

  953.         ...

  954.         purge_hosts: true

  955.         host:

  956.           # No need to define this one if purge_hosts is true

  957.           hostname:

  958.             address: 127.0.1.1

  959.             names:

  960.             - ${linux:network:fqdn}

  961.             - ${linux:network:hostname}

  962.           node1:

  963.             address: 192.168.10.200

  964.             names:

  965.             - node2.domain.com

  966.             - service2.domain.com

  967.           node2:

  968.             address: 192.168.10.201

  969.             names:

  970.             - node2.domain.com

  971.             - service2.domain.com

  972. 

  973. 

  974. Setup resolv.conf, nameservers, domain and search domains

  975. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  976. 

  977. .. code-block:: yaml

  978. 

  979.     linux:

  980.       network:

  981.         resolv:

  982.           dns:

  983.           - 8.8.4.4

  984.           - 8.8.8.8

  985.           domain: my.example.com

  986.           search:

  987.           - my.example.com

  988.           - example.com

  989.           options:

  990.           - ndots: 5

  991.           - timeout: 2

  992.           - attempts: 2

  993. 

  994. **setting custom TX queue length for tap interfaces**

  995. 

  996. .. code-block:: yaml

  997. 

  998.     linux:

  999.       network:

  1000.         tap_custom_txqueuelen: 10000

  1001. 

  1002. DPDK OVS interfaces

  1003. --------------------

  1004. 

  1005. **DPDK OVS NIC**

  1006. 

  1007. .. code-block:: yaml

  1008. 

  1009.     linux:

  1010.       network:

  1011.         bridge: openvswitch

  1012.         dpdk:

  1013.           enabled: true

  1014.           driver: uio/vfio-pci

  1015.         openvswitch:

  1016.           pmd_cpu_mask: "0x6"

  1017.           dpdk_socket_mem: "1024,1024"

  1018.           dpdk_lcore_mask: "0x400"

  1019.           memory_channels: 2

  1020.         interface:

  1021.           dpkd0:

  1022.             name: ${_param:dpdk_nic}

  1023.             pci: 0000:06:00.0

  1024.             driver: igb_uio/vfio

  1025.             enabled: true

  1026.             type: dpdk_ovs_port

  1027.             n_rxq: 2

  1028.             bridge: br-prv

  1029.             mtu: 9000

  1030.           br-prv:

  1031.             enabled: true

  1032.             type: dpdk_ovs_bridge

  1033. 

  1034. **DPDK OVS Bond**

  1035. 

  1036. .. code-block:: yaml

  1037. 

  1038.     linux:

  1039.       network:

  1040.         bridge: openvswitch

  1041.         dpdk:

  1042.           enabled: true

  1043.           driver: uio/vfio-pci

  1044.         openvswitch:

  1045.           pmd_cpu_mask: "0x6"

  1046.           dpdk_socket_mem: "1024,1024"

  1047.           dpdk_lcore_mask: "0x400"

  1048.           memory_channels: 2

  1049.         interface:

  1050.           dpdk_second_nic:

  1051.             name: ${_param:primary_second_nic}

  1052.             pci: 0000:06:00.0

  1053.             driver: igb_uio/vfio

  1054.             bond: dpdkbond0

  1055.             enabled: true

  1056.             type: dpdk_ovs_port

  1057.             n_rxq: 2

  1058.             mtu: 9000

  1059.           dpdk_first_nic:

  1060.             name: ${_param:primary_first_nic}

  1061.             pci: 0000:05:00.0

  1062.             driver: igb_uio/vfio

  1063.             bond: dpdkbond0

  1064.             enabled: true

  1065.             type: dpdk_ovs_port

  1066.             n_rxq: 2

  1067.             mtu: 9000

  1068.           dpdkbond0:

  1069.             enabled: true

  1070.             bridge: br-prv

  1071.             type: dpdk_ovs_bond

  1072.             mode: active-backup

  1073.           br-prv:

  1074.             enabled: true

  1075.             type: dpdk_ovs_bridge

  1076. 

  1077. **DPDK OVS bridge for VXLAN**

  1078. 

  1079. If VXLAN is used as tenant segmentation then ip address must be set on br-prv

  1080. 

  1081. .. code-block:: yaml

  1082. 

  1083.     linux:

  1084.       network:

  1085.         ...

  1086.         interface:

  1087.           br-prv:

  1088.             enabled: true

  1089.             type: dpdk_ovs_bridge

  1090.             address: 192.168.50.0

  1091.             netmask: 255.255.255.0

  1092.             mtu: 9000

  1093. 

  1094. Linux storage

  1095. -------------

  1096. 

  1097. Linux with mounted Samba

  1098. 

  1099. .. code-block:: yaml

  1100. 

  1101.     linux:

  1102.       storage:

  1103.         enabled: true

  1104.         mount:

  1105.           samba1:

  1106.           - enabled: true

  1107.           - path: /media/myuser/public/

  1108.           - device: //192.168.0.1/storage

  1109.           - file_system: cifs

  1110.           - options: guest,uid=myuser,iocharset=utf8,file_mode=0777,dir_mode=0777,noperm

  1111. 

  1112. NFS mount

  1113. 

  1114. .. code-block:: yaml

  1115. 

  1116.   linux:

  1117.     storage:

  1118.       enabled: true

  1119.       mount:

  1120.         nfs_glance:

  1121.           enabled: true

  1122.           path: /var/lib/glance/images

  1123.           device: 172.16.10.110:/var/nfs/glance

  1124.           file_system: nfs

  1125.           opts: rw,sync

  1126. 

  1127. 

  1128. File swap configuration

  1129. 

  1130. .. code-block:: yaml

  1131. 

  1132.     linux:

  1133.       storage:

  1134.         enabled: true

  1135.         swap:

  1136.           file:

  1137.             enabled: true

  1138.             engine: file

  1139.             device: /swapfile

  1140.             size: 1024

  1141. 

  1142. Partition swap configuration

  1143. 

  1144. .. code-block:: yaml

  1145. 

  1146.     linux:

  1147.       storage:

  1148.         enabled: true

  1149.         swap:

  1150.           partition:

  1151.             enabled: true

  1152.             engine: partition

  1153.             device: /dev/vg0/swap

  1154. 

  1155. LVM group `vg1` with one device and `data` volume mounted into `/mnt/data`

  1156. 

  1157. .. code-block:: yaml

  1158. 

  1159.     parameters:

  1160.       linux:

  1161.         storage:

  1162.           mount:

  1163.             data:

  1164.               enabled: true

  1165.               device: /dev/vg1/data

  1166.               file_system: ext4

  1167.               path: /mnt/data

  1168.           lvm:

  1169.             vg1:

  1170.               enabled: true

  1171.               devices:

  1172.                 - /dev/sdb

  1173.               volume:

  1174.                 data:

  1175.                   size: 40G

  1176.                   mount: ${linux:storage:mount:data}

  1177. 

  1178. 

  1179. Multipath with Fujitsu Eternus DXL

  1180. 

  1181. .. code-block:: yaml

  1182. 

  1183.     parameters:

  1184.       linux:

  1185.         storage:

  1186.           multipath:

  1187.             enabled: true

  1188.             blacklist_devices:

  1189.             - /dev/sda

  1190.             - /dev/sdb

  1191.             backends:

  1192.             - fujitsu_eternus_dxl

  1193. 

  1194. Multipath with Hitachi VSP 1000

  1195. 

  1196. .. code-block:: yaml

  1197. 

  1198.     parameters:

  1199.       linux:

  1200.         storage:

  1201.           multipath:

  1202.             enabled: true

  1203.             blacklist_devices:

  1204.             - /dev/sda

  1205.             - /dev/sdb

  1206.             backends:

  1207.             - hitachi_vsp1000

  1208. 

  1209. Multipath with IBM Storwize

  1210. 

  1211. .. code-block:: yaml

  1212. 

  1213.     parameters:

  1214.       linux:

  1215.         storage:

  1216.           multipath:

  1217.             enabled: true

  1218.             blacklist_devices:

  1219.             - /dev/sda

  1220.             - /dev/sdb

  1221.             backends:

  1222.             - ibm_storwize

  1223. 

  1224. Multipath with multiple backends

  1225. 

  1226. .. code-block:: yaml

  1227. 

  1228.     parameters:

  1229.       linux:

  1230.         storage:

  1231.           multipath:

  1232.             enabled: true

  1233.             blacklist_devices:

  1234.             - /dev/sda

  1235.             - /dev/sdb

  1236.             - /dev/sdc

  1237.             - /dev/sdd

  1238.             backends:

  1239.             - ibm_storwize

  1240.             - fujitsu_eternus_dxl

  1241.             - hitachi_vsp1000

  1242. 

  1243. Disabled multipath (the default setup)

  1244. 

  1245. .. code-block:: yaml

  1246. 

  1247.     parameters:

  1248.       linux:

  1249.         storage:

  1250.           multipath:

  1251.             enabled: false

  1252. 

  1253. Linux with local loopback device

  1254. 

  1255. .. code-block:: yaml

  1256. 

  1257.     linux:

  1258.       storage:

  1259.         loopback:

  1260.           disk1:

  1261.             file: /srv/disk1

  1262.             size: 50G

  1263. 

  1264. External config generation

  1265. --------------------------

  1266. 

  1267. You are able to use config support metadata between formulas and only generate

  1268. config files for external use, eg. docker, etc.

  1269. 

  1270. .. code-block:: yaml

  1271. 

  1272.     parameters:

  1273.       linux:

  1274.         system:

  1275.           config:

  1276.             pillar:

  1277.               jenkins:

  1278.                 master:

  1279.                   home: /srv/volumes/jenkins

  1280.                   approved_scripts:

  1281.                     - method java.net.URL openConnection

  1282.                   credentials:

  1283.                     - type: username_password

  1284.                       scope: global

  1285.                       id: test

  1286.                       desc: Testing credentials

  1287.                       username: test

  1288.                       password: test

  1289. 

  1290. Netconsole Remote Kernel Logging

  1291. --------------------------------

  1292. 

  1293. Netconsole logger could be configured for configfs-enabled kernels

  1294. (`CONFIG_NETCONSOLE_DYNAMIC` should be enabled). Configuration applies both in

  1295. runtime (if network is already configured), and on-boot after interface

  1296. initialization. Notes:

  1297. 

  1298.  * receiver could be located only in same L3 domain

  1299.    (or you need to configure gateway MAC manually)

  1300.  * receiver's MAC is detected only on configuration time

  1301.  * using broadcast MAC is not recommended

  1302. 

  1303. .. code-block:: yaml

  1304. 

  1305.     parameters:

  1306.       linux:

  1307.         system:

  1308.           netconsole:

  1309.             enabled: true

  1310.             port: 514 (optional)

  1311.             loglevel: debug (optional)

  1312.             target:

  1313.               192.168.0.1:

  1314.                 interface: bond0

  1315.                 mac: "ff:ff:ff:ff:ff:ff" (optional)

  1316. 

  1317. Usage

  1318. =====

  1319. 

  1320. Set mtu of network interface eth0 to 1400

  1321. 

  1322. .. code-block:: bash

  1323. 

  1324.     ip link set dev eth0 mtu 1400

  1325. 

  1326. Read more

  1327. =========

  1328. 

  1329. * https://www.archlinux.org/

  1330. * http://askubuntu.com/questions/175172/how-do-i-configure-proxies-in-ubuntu-server-or-minimal-cli-ubuntu

  1331. 

  1332. Documentation and Bugs

  1333. ======================

  1334. 

  1335. To learn how to install and update salt-formulas, consult the documentation

  1336. available online at:

  1337. 

  1338.     http://salt-formulas.readthedocs.io/

  1339. 

  1340. In the unfortunate event that bugs are discovered, they should be reported to

  1341. the appropriate issue tracker. Use Github issue tracker for specific salt

  1342. formula:

  1343. 

  1344.     https://github.com/salt-formulas/salt-formula-linux/issues

  1345. 

  1346. For feature requests, bug reports or blueprints affecting entire ecosystem,

  1347. use Launchpad salt-formulas project:

  1348. 

  1349.     https://launchpad.net/salt-formulas

  1350. 

  1351. You can also join salt-formulas-users team and subscribe to mailing list:

  1352. 

  1353.     https://launchpad.net/~salt-formulas-users

  1354. 

  1355. Developers wishing to work on the salt-formulas projects should always base

  1356. their work on master branch and submit pull request against specific formula.

  1357. 

  1358.     https://github.com/salt-formulas/salt-formula-linux

  1359. 

  1360. Any questions or feedback is always welcome so feel free to join our IRC

  1361. channel:

  1362. 

  1363.     #salt-formulas @ irc.freenode.net