ExternalMirrors
/
linux-formula
réplica de https://github.com/salt-formulas/salt-formula-linux
Seguir 1
Destacar 0
Fork 1
Código Incidencias 0 Lanzamientos 8 Wiki Actividad
Saltstack Official Linux Formula
No puede seleccionar más de 25 temas Los temas deben comenzar con una letra o número, pueden incluir guiones ('-') y pueden tener hasta 35 caracteres de largo.
318 Commits
26 Ramas
Árbol: caec9b5131
Ramas Etiquetas
${ item.name }
Crear rama ${ searchTerm }
desde 'caec9b5131'
${ noResults }
linux-formula/README.rst

README.rst 32KB
Original Vista normal Histórico

Update README.rst
hace 7 años
Initial commit
hace 9 años
Update README.rst
hace 7 años
Initial commit
hace 9 años
Update README.rst
hace 7 años
Initial commit
hace 9 años
Add sudo state, salt-managed aliases,users,groups - apply review comments - add visudo check cmd
hace 8 años
Initial commit
hace 9 años
Add sudo state, salt-managed aliases,users,groups - apply review comments - add visudo check cmd
hace 8 años
Update README.rst
hace 7 años
Add sudo state, salt-managed aliases,users,groups - apply review comments - add visudo check cmd
hace 8 años
Update README.rst
hace 7 años
Add sudo state, salt-managed aliases,users,groups - apply review comments - add visudo check cmd
hace 8 años
Update README.rst fixed typo in sudo part
hace 7 años
Add sudo state, salt-managed aliases,users,groups - apply review comments - add visudo check cmd
hace 8 años
Added ability to enable SETENV in sudoers Change-Id: Icee295720a5a2425390a1bcd588841897071938e
hace 7 años
Add sudo state, salt-managed aliases,users,groups - apply review comments - add visudo check cmd
hace 8 años
Initial commit
hace 9 años
Add system.autoupdates state (#61) * Add support for autoupdates only Debian-based systems are supported for now (through unattended-upgrades package) * Fix test on system.autoupdates.pkgs
hace 8 años
Initial commit
hace 9 años
Support for setting security limits
hace 9 años
Enable/disable console autologin
hace 9 años
More options for consoles
hace 9 años
Enable/disable console autologin
hace 9 años
Allow setting policy-rc.d
hace 9 años
Allow setting system locales
hace 8 años
Fix readme of cs_CZ locales
hace 8 años
Allow setting system locales
hace 8 años
Make linux.system.kernel functional
hace 9 años
add support for kernel modules Change-Id: I6ba3d72307805341829fe0f6919e326f3698e833
hace 8 años
RIL-267 Adding cpu governor and kernel module opts (#101) * RIL-267 Adding cpu governor and kernel module opts * RIL-267 Adding cpu governor and kernel module opts * RIL-267 Adding cpu governor and kernel module opts
hace 7 años
Make linux.system.kernel functional
hace 9 años
Linux sysctl kernel parameters
hace 9 años
cpu governor
hace 8 años
RIL-267 Adding cpu governor and kernel module opts (#101) * RIL-267 Adding cpu governor and kernel module opts * RIL-267 Adding cpu governor and kernel module opts * RIL-267 Adding cpu governor and kernel module opts
hace 7 años
cpu governor
hace 8 años
Hugepages support Grub hugepages configuration and mount point action. Change-Id: I49b26871c325b95a7d3f264892a9e997b58765bc Epic: PROD-8959
hace 8 años
cpu governor
hace 8 años
SRIOV support Enable SR-IOV support on server. Change-Id: I7dabe340abd398cc0422698112cbdd81804446b7 Epic: PROD-8956
hace 8 años
Implement isolcpu grub configuration Separate cpu for host os from workload. Change-Id: I5b274a6324fe2fa47c09df82c01e3b95dadb5e53 Epic: PROD-8959
hace 8 años
cpu governor
hace 8 años
Initial commit
hace 9 años
Add system.env, system.profile, system.proxy and configure proxy under system.repo
hace 7 años
Add dhclient basic configuration Allows configuring general section as well as configuring each dhcp enabled interface separetly. Does not allow alias or lease configuration.
hace 7 años
Add system.env, system.profile, system.proxy and configure proxy under system.repo
hace 7 años
Add dhclient basic configuration Allows configuring general section as well as configuring each dhcp enabled interface separetly. Does not allow alias or lease configuration.
hace 7 años
Add system.env, system.profile, system.proxy and configure proxy under system.repo
hace 7 años
README fix for purging repos
hace 7 años
Add system.env, system.profile, system.proxy and configure proxy under system.repo
hace 7 años
rc.local added to linux formula
hace 9 años
Add system.env, system.profile, system.proxy and configure proxy under system.repo
hace 7 años
Allow setting system-wide prompt
hace 9 años
Ensure PS1 is enforced for root
hace 9 años
rc.local added to linux formula
hace 9 años
Option to preserve bash history
hace 8 años
Set message of the day
hace 9 años
add service management support Change-Id: Iffb55fee41b8398de12554b58a9d36ae2b81e7ff
hace 7 años
RHEL compatibility of motd and prompt
hace 9 años
Support for haveged
hace 9 años
RHEL compatibility of motd and prompt
hace 9 años
Support for haveged
hace 9 años
Initial commit
hace 9 años
example usage to disable NM
hace 9 años
Initial commit
hace 9 años
example usage to disable NM
hace 9 años
Initial commit
hace 9 años
vlan networking support
hace 9 años
fix fillar syntax
hace 9 años
vlan networking support
hace 9 años
Initial commit
hace 9 años
vlan networking support
hace 9 años
Initial commit
hace 9 años
vlan networking support
hace 9 años
Initial commit
hace 9 años
Add dhclient basic configuration Allows configuring general section as well as configuring each dhcp enabled interface separetly. Does not allow alias or lease configuration.
hace 7 años
Add system.env, system.profile, system.proxy and configure proxy under system.repo
hace 7 años
Initial commit
hace 9 años
Add system.env, system.profile, system.proxy and configure proxy under system.repo
hace 7 años
Initial commit
hace 9 años
Add system.env, system.profile, system.proxy and configure proxy under system.repo
hace 7 años
Initial commit
hace 9 años
Add system.env, system.profile, system.proxy and configure proxy under system.repo
hace 7 años
Initial commit
hace 9 años
Add system.env, system.profile, system.proxy and configure proxy under system.repo
hace 7 años
Initial commit
hace 9 años
Allow enforcing of whole /etc/hosts Parameter purge_hosts will enforce whole /etc/hosts file, removing entries that are not defined in model except defaults for both IPv4 and IPv6 localhost and hostname + fqdn. It's good to use this option if you want to ensure /etc/hosts is always in a clean state however it's not enabled by default for safety. Change-Id: Ieb219b2dd494d5a66ecc52a2ec00dd5157ee2b7a
hace 8 años
Initial commit
hace 9 años
Allow enforcing of whole /etc/hosts Parameter purge_hosts will enforce whole /etc/hosts file, removing entries that are not defined in model except defaults for both IPv4 and IPv6 localhost and hostname + fqdn. It's good to use this option if you want to ensure /etc/hosts is always in a clean state however it's not enabled by default for safety. Change-Id: Ieb219b2dd494d5a66ecc52a2ec00dd5157ee2b7a
hace 8 años
Initial commit
hace 9 años
Allow enforcing of whole /etc/hosts Parameter purge_hosts will enforce whole /etc/hosts file, removing entries that are not defined in model except defaults for both IPv4 and IPv6 localhost and hostname + fqdn. It's good to use this option if you want to ensure /etc/hosts is always in a clean state however it's not enabled by default for safety. Change-Id: Ieb219b2dd494d5a66ecc52a2ec00dd5157ee2b7a
hace 8 años
Initial commit
hace 9 años
Allow enforcing of whole /etc/hosts Parameter purge_hosts will enforce whole /etc/hosts file, removing entries that are not defined in model except defaults for both IPv4 and IPv6 localhost and hostname + fqdn. It's good to use this option if you want to ensure /etc/hosts is always in a clean state however it's not enabled by default for safety. Change-Id: Ieb219b2dd494d5a66ecc52a2ec00dd5157ee2b7a
hace 8 años
Allow setting resolv.conf
hace 9 años
Add system.env, system.profile, system.proxy and configure proxy under system.repo
hace 7 años
Allow setting resolv.conf
hace 9 años
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
hace 8 años
Allow setting resolv.conf
hace 9 años
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
hace 8 años
fix options setting in resolv
hace 8 años
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
hace 8 años
Feature: automatically set txqueuelen for all tap* network interfaces Config: linux: network: tap_custom_txqueuelen: 10000 in case of configuration parameter defined will create file: /etc/udev/rules.d/60-net-txqueue.rules with content: KERNEL==”tap[0-9a-z\-]*", RUN+="/sbin/ip link set %k txqueuelen 10000"
hace 7 años
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
hace 8 años
Linux OVS dpdk vxlan tunnel endpoint ip address Add possiblity to add ip address and mtu on dpdk ovs bridge to be able use VXLAN as tenant segmentation. Change-Id: I1394d30c5d9935218841b17ff7651dac7b4abefa Epic: PROD-8957
hace 8 años
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
hace 8 años
Allow setting resolv.conf
hace 9 años
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
hace 8 años
Linux OVS dpdk vxlan tunnel endpoint ip address Add possiblity to add ip address and mtu on dpdk ovs bridge to be able use VXLAN as tenant segmentation. Change-Id: I1394d30c5d9935218841b17ff7651dac7b4abefa Epic: PROD-8957
hace 8 años
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
hace 8 años
Linux OVS dpdk vxlan tunnel endpoint ip address Add possiblity to add ip address and mtu on dpdk ovs bridge to be able use VXLAN as tenant segmentation. Change-Id: I1394d30c5d9935218841b17ff7651dac7b4abefa Epic: PROD-8957
hace 8 años
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
hace 8 años
Linux OVS dpdk vxlan tunnel endpoint ip address Add possiblity to add ip address and mtu on dpdk ovs bridge to be able use VXLAN as tenant segmentation. Change-Id: I1394d30c5d9935218841b17ff7651dac7b4abefa Epic: PROD-8957
hace 8 años
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
hace 8 años
Initial commit
hace 9 años
Fix mount examples in the README The enabled flag is mandatory.
hace 8 años
Initial commit
hace 9 años
nfs storage mount
hace 7 años
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
hace 8 años
Initial commit
hace 9 años
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
hace 8 años
add swap partition support
hace 9 años
Support for LVM
hace 9 años
Fix mount examples in the README The enabled flag is mandatory.
hace 8 años
Support for LVM
hace 9 años
Refactored multipath support
hace 8 años
Add linux.storage.loopback state This state allows to configure loopback device(s). This isn't meant to be used in production but offers a cheap way to test Cinder with LVM volumes.
hace 8 años
Add support for external config generation
hace 8 años
netconsole remote kernel logger To configure: * set system.netconsole.enabled to true * create system.netconsole.target dict * set a record with IP address and MAC and interface as subdict It works with both static and DHCP interfaces, and applies online. You could use bash-scripting in netconsole.conf. You could override the MAC. See tests/pillar/system.sls for further information. Change-Id: I1cbde47575eb5d32a34cd6d79a063f42dbea7643
hace 7 años
Refactored multipath support
hace 8 años
Initial commit
hace 9 años
Unify Makefile, .gitignore and update readme
hace 8 años
 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378 
  1. ============

  2. Linux Fomula

  3. ============

  4. 

  5. Linux Operating Systems.

  6. 

  7. * Ubuntu

  8. * CentOS

  9. * RedHat

  10. * Fedora

  11. * Arch

  12. 

  13. Sample Pillars

  14. ==============

  15. 

  16. 

  17. Linux System

  18. ------------

  19. 

  20. Basic Linux box

  21. 

  22. .. code-block:: yaml

  23. 

  24.     linux:

  25.       system:

  26.         enabled: true

  27.         name: 'node1'

  28.         domain: 'domain.com'

  29.         cluster: 'system'

  30.         environment: prod

  31.         timezone: 'Europe/Prague'

  32.         utc: true

  33. 

  34. Linux with system users, some with password set

  35. 

  36. .. code-block:: yaml

  37. 

  38.     linux:

  39.       system:

  40.         ...

  41.         user:

  42.           jdoe:

  43.             name: 'jdoe'

  44.             enabled: true

  45.             sudo: true

  46.             shell: /bin/bash

  47.             full_name: 'Jonh Doe'

  48.             home: '/home/jdoe'

  49.             email: 'jonh@doe.com'

  50.           jsmith:

  51.             name: 'jsmith'

  52.             enabled: true

  53.             full_name: 'Password'

  54.             home: '/home/jsmith'

  55.             password: userpassword

  56. 

  57. Configure sudo for users and groups under ``/etc/sudoers.d/``.

  58. This ways ``linux.system.sudo`` pillar map to actual sudo attributes:

  59. 

  60. .. code-block:: jinja

  61. 

  62.    # simplified template:

  63.    Cmds_Alias {{ alias }}={{ commands }}

  64.    {{ user }}   {{ hosts }}=({{ runas }}) NOPASSWD: {{ commands }}

  65.    %{{ group }} {{ hosts }}=({{ runas }}) NOPASSWD: {{ commands }}

  66. 

  67.    # when rendered:

  68.    saltuser1 ALL=(ALL) NOPASSWD: ALL

  69. 

  70. .. code-block:: yaml

  71. 

  72.   linux:

  73.     system:

  74.       sudo:

  75.         enabled: true

  76.         aliases:

  77.           host:

  78.             LOCAL:

  79.             - localhost

  80.             PRODUCTION:

  81.             - db1

  82.             - db2

  83.           runas:

  84.             DBA:

  85.             - postgres

  86.             - mysql

  87.             SALT:

  88.             - root

  89.           command:

  90.             # Note: This is not 100% safe when ALL keyword is used, user still may modify configs and hide his actions.

  91.             #       Best practice is to specify full list of commands user is allowed to run.

  92.             SUPPORT_RESTRICTED:

  93.             - /bin/vi /etc/sudoers*

  94.             - /bin/vim /etc/sudoers*

  95.             - /bin/nano /etc/sudoers*

  96.             - /bin/emacs /etc/sudoers*

  97.             - /bin/su - root

  98.             - /bin/su -

  99.             - /bin/su

  100.             - /usr/sbin/visudo

  101.             SUPPORT_SHELLS:

  102.             - /bin/sh

  103.             - /bin/ksh

  104.             - /bin/bash

  105.             - /bin/rbash

  106.             - /bin/dash

  107.             - /bin/zsh

  108.             - /bin/csh

  109.             - /bin/fish

  110.             - /bin/tcsh

  111.             - /usr/bin/login

  112.             - /usr/bin/su

  113.             - /usr/su

  114.             ALL_SALT_SAFE:

  115.             - /usr/bin/salt state*

  116.             - /usr/bin/salt service*

  117.             - /usr/bin/salt pillar*

  118.             - /usr/bin/salt grains*

  119.             - /usr/bin/salt saltutil*

  120.             - /usr/bin/salt-call state*

  121.             - /usr/bin/salt-call service*

  122.             - /usr/bin/salt-call pillar*

  123.             - /usr/bin/salt-call grains*

  124.             - /usr/bin/salt-call saltutil*

  125.             SALT_TRUSTED:

  126.             - /usr/bin/salt*

  127.         users:

  128.           # saltuser1 with default values: saltuser1 ALL=(ALL) NOPASSWD: ALL

  129.           saltuser1: {}

  130.           saltuser2:

  131.             hosts:

  132.             - LOCAL

  133.           # User Alias DBA

  134.           DBA:

  135.             hosts:

  136.             - ALL

  137.             commands:

  138.             - ALL_SALT_SAFE

  139.         groups:

  140.           db-ops:

  141.             hosts:

  142.             - ALL

  143.             - '!PRODUCTION'

  144.             runas:

  145.             - DBA

  146.             commands:

  147.             - /bin/cat *

  148.             - /bin/less *

  149.             - /bin/ls *

  150.           salt-ops:

  151.             hosts:

  152.             - 'ALL'

  153.             runas:

  154.             - SALT

  155.             commands:

  156.             - SUPPORT_SHELLS

  157.           salt-ops-2nd:

  158.             name: salt-ops

  159.             nopasswd: false

  160.             setenv: true # Enable sudo -E option

  161.             runas:

  162.             - DBA

  163.             commands:

  164.             - ALL

  165.             - '!SUPPORT_SHELLS'

  166.             - '!SUPPORT_RESTRICTED'

  167. 

  168. Linux with package, latest version

  169. 

  170. .. code-block:: yaml

  171. 

  172.     linux:

  173.       system:

  174.         ...

  175.         package:

  176.           package-name:

  177.             version: latest

  178. 

  179. Linux with package from certail repo, version with no upgrades

  180. 

  181. .. code-block:: yaml

  182. 

  183.     linux:

  184.       system:

  185.         ...

  186.         package:

  187.           package-name:

  188.             version: 2132.323

  189.             repo: 'custom-repo'

  190.             hold: true

  191. 

  192. Linux with package from certail repo, version with no GPG verification

  193. 

  194. .. code-block:: yaml

  195. 

  196.     linux:

  197.       system:

  198.         ...

  199.         package:

  200.           package-name:

  201.             version: 2132.323

  202.             repo: 'custom-repo'

  203.             verify: false

  204. 

  205. Linux with autoupdates (automatically install security package updates)

  206. 

  207. .. code-block:: yaml

  208. 

  209.     linux:

  210.       system:

  211.         ...

  212.         autoupdates:

  213.           enabled: true

  214.           mail: root@localhost

  215.           mail_only_on_error: true

  216.           remove_unused_dependencies: false

  217.           automatic_reboot: true

  218.           automatic_reboot_time: "02:00"

  219. 

  220. Linux with cron jobs

  221. 

  222. .. code-block:: yaml

  223. 

  224.     linux:

  225.       system:

  226.         ...

  227.         job:

  228.           cmd1:

  229.             command: '/cmd/to/run'

  230.             enabled: true

  231.             user: 'root'

  232.             hour: 2

  233.             minute: 0

  234. 

  235. Linux security limits (limit sensu user memory usage to max 1GB):

  236. 

  237. .. code-block:: yaml

  238. 

  239.     linux:

  240.       system:

  241.         ...

  242.         limit:

  243.           sensu:

  244.             enabled: true

  245.             domain: sensu

  246.             limits:

  247.               - type: hard

  248.                 item: as

  249.                 value: 1000000

  250. 

  251. Enable autologin on tty1 (may work only for Ubuntu 14.04):

  252. 

  253. .. code-block:: yaml

  254. 

  255.     linux:

  256.       system:

  257.         console:

  258.           tty1:

  259.             autologin: root

  260.           # Enable serial console

  261.           ttyS0:

  262.             autologin: root

  263.             rate: 115200

  264.             term: xterm

  265. 

  266. To disable set autologin to `false`.

  267. 

  268. Set ``policy-rc.d`` on Debian-based systems. Action can be any available

  269. command in ``while true`` loop and ``case`` context.

  270. Following will disallow dpkg to stop/start services for cassandra package automatically:

  271. 

  272. .. code-block:: yaml

  273. 

  274.     linux:

  275.       system:

  276.         policyrcd:

  277.           - package: cassandra

  278.             action: exit 101

  279.           - package: '*'

  280.             action: switch

  281. 

  282. Set system locales:

  283. 

  284. .. code-block:: yaml

  285. 

  286.     linux:

  287.       system:

  288.         locale:

  289.           en_US.UTF-8:

  290.             default: true

  291.           "cs_CZ.UTF-8 UTF-8":

  292.             enabled: true

  293. 

  294. Kernel

  295. ~~~~~~

  296. 

  297. Install always up to date LTS kernel and headers from Ubuntu trusty:

  298. 

  299. .. code-block:: yaml

  300. 

  301.     linux:

  302.       system:

  303.         kernel:

  304.           type: generic

  305.           lts: trusty

  306.           headers: true

  307. 

  308. Load kernel modules and add them to `/etc/modules`:

  309. 

  310. .. code-block:: yaml

  311. 

  312.     linux:

  313.       system:

  314.         kernel:

  315.           modules:

  316.             - nf_conntrack

  317.             - tp_smapi

  318.             - 8021q

  319. 

  320. Configure or blacklist kernel modules with additional options to `/etc/modprobe.d` following example 

  321. will add `/etc/modprobe.d/nf_conntrack.conf` file with line `options nf_conntrack hashsize=262144`:

  322. 

  323. .. code-block:: yaml

  324. 

  325.     linux:

  326.       system:

  327.         kernel:

  328.           module:

  329.             nf_conntrack:

  330.               option:

  331.                 hashsize: 262144

  332. 

  333. 

  334. 

  335. Install specific kernel version and ensure all other kernel packages are

  336. not present. Also install extra modules and headers for this kernel:

  337. 

  338. .. code-block:: yaml

  339. 

  340.     linux:

  341.       system:

  342.         kernel:

  343.           type: generic

  344.           extra: true

  345.           headers: true

  346.           version: 4.2.0-22

  347. 

  348. Systcl kernel parameters

  349. 

  350. .. code-block:: yaml

  351. 

  352.     linux:

  353.       system:

  354.         kernel:

  355.           sysctl:

  356.             net.ipv4.tcp_keepalive_intvl: 3

  357.             net.ipv4.tcp_keepalive_time: 30

  358.             net.ipv4.tcp_keepalive_probes: 8

  359. 

  360. 

  361. CPU

  362. ~~~

  363. 

  364. Enable cpufreq governor for every cpu:

  365. 

  366. .. code-block:: yaml

  367. 

  368.     linux:

  369.       system:

  370.         cpu:

  371.           governor: performance

  372. 

  373. Huge Pages

  374. ~~~~~~~~~~~~

  375. 

  376. Huge Pages give a performance boost to applications that intensively deal

  377. with memory allocation/deallocation by decreasing memory fragmentation.

  378. 

  379. .. code-block:: yaml

  380. 

  381.     linux:

  382.       system:

  383.         kernel:

  384.           hugepages:

  385.             small:

  386.               size: 2M

  387.               count: 107520

  388.               mount_point: /mnt/hugepages_2MB

  389.               mount: false/true # default false

  390.             large:

  391.               default: true # default automatically mounted

  392.               size: 1G

  393.               count: 210

  394.               mount_point: /mnt/hugepages_1GB

  395. 

  396. Note: not recommended to use both pagesizes in concurrently.

  397. 

  398. Intel SR-IOV

  399. ~~~~~~~~~~~~

  400. 

  401. PCI-SIG Single Root I/O Virtualization and Sharing (SR-IOV) specification defines a standardized mechanism to virtualize PCIe devices. The mechanism can virtualize a single PCIe Ethernet controller to appear as multiple PCIe devices.

  402. 

  403. .. code-block:: yaml

  404. 

  405.     linux:

  406.       system:

  407.         kernel:

  408.           sriov: True

  409.           unsafe_interrupts: False # Default is false. for older platforms and AMD we need to add interrupt remapping workaround

  410.         rc:

  411.           local: |

  412.             #!/bin/sh -e

  413.             # Enable 7 VF on eth1

  414.             echo 7 > /sys/class/net/eth1/device/sriov_numvfs; sleep 2; ifup -a

  415.             exit 0

  416. 

  417. Isolate CPU options

  418. ~~~~~~~~~~~~~~~~~~~

  419. 

  420. Remove the specified CPUs, as defined by the cpu_number values, from the general kernel

  421. SMP balancing and scheduler algroithms. The only way to move a process onto or off an

  422. "isolated" CPU is via the CPU affinity syscalls. cpu_number begins at 0, so the

  423. maximum value is 1 less than the number of CPUs on the system.

  424. 

  425. .. code-block:: yaml

  426. 

  427.     linux:

  428.       system:

  429.         kernel:

  430.           isolcpu: 1,2,3,4,5,6,7 # isolate first cpu 0

  431. 

  432. Repositories

  433. ~~~~~~~~~~~~

  434. 

  435. RedHat based Linux with additional OpenStack repo

  436. 

  437. .. code-block:: yaml

  438. 

  439.     linux:

  440.       system:

  441.         ...

  442.         repo:

  443.           rdo-icehouse:

  444.             enabled: true

  445.             source: 'http://repos.fedorapeople.org/repos/openstack/openstack-icehouse/epel-6/'

  446.             pgpcheck: 0

  447. 

  448. Ensure system repository to use czech Debian mirror (``default: true``)

  449. Also pin it's packages with priority 900.

  450. 

  451. .. code-block:: yaml

  452. 

  453.    linux:

  454.      system:

  455.        repo:

  456.          debian:

  457.            default: true

  458.            source: "deb http://ftp.cz.debian.org/debian/ jessie main contrib non-free"

  459.            # Import signing key from URL if needed

  460.            key_url: "http://dummy.com/public.gpg"

  461.            pin:

  462.              - pin: 'origin "ftp.cz.debian.org"'

  463.                priority: 900

  464.                package: '*'

  465. 

  466. 

  467. Package manager proxy setup globally:

  468. 

  469. .. code-block:: yaml

  470. 

  471.     linux:

  472.       system:

  473.         ...

  474.         repo:

  475.           apt-mk:

  476.             source: "deb http://apt-mk.mirantis.com/ stable main salt"

  477.         ...

  478.         proxy:

  479.           pkg:

  480.             enabled: true

  481.             ftp:   ftp://ftp-proxy-for-apt.host.local:2121

  482.           ...

  483.           # NOTE: Global defaults for any other componet that configure proxy on the system.

  484.           #       If your environment has just one simple proxy, set it on linux:system:proxy.

  485.           #

  486.           # fall back system defaults if linux:system:proxy:pkg has no protocol specific entries

  487.           # as for https and http

  488.           ftp:   ftp://proxy.host.local:2121

  489.           http:  http://proxy.host.local:3142

  490.           https: https://proxy.host.local:3143

  491. 

  492. Package manager proxy setup per repository:

  493. 

  494. .. code-block:: yaml

  495. 

  496.     linux:

  497.       system:

  498.         ...

  499.         repo:

  500.           debian:

  501.             source: "deb http://apt-mk.mirantis.com/ stable main salt"

  502.         ...

  503.           apt-mk:

  504.             source: "deb http://apt-mk.mirantis.com/ stable main salt"

  505.             # per repository proxy

  506.             proxy:

  507.               enabled: true

  508.               http:  http://maas-01:8080

  509.               https: http://maas-01:8080

  510.         ...

  511.         proxy:

  512.           # package manager fallback defaults

  513.           # used if linux:system:repo:apt-mk:proxy has no protocol specific entries

  514.           pkg:

  515.             enabled: true

  516.             ftp:   ftp://proxy.host.local:2121

  517.             #http:  http://proxy.host.local:3142

  518.             #https: https://proxy.host.local:3143

  519.           ...

  520.           # global system fallback system defaults

  521.           ftp:   ftp://proxy.host.local:2121

  522.           http:  http://proxy.host.local:3142

  523.           https: https://proxy.host.local:3143

  524. 

  525. 

  526. Remove all repositories:

  527. 

  528. .. code-block:: yaml

  529. 

  530.     linux:

  531.       system:

  532.         purge_repos: true

  533. 

  534. 

  535. RC

  536. ~~

  537. 

  538. rc.local example

  539. 

  540. .. code-block:: yaml

  541. 

  542.    linux:

  543.      system:

  544.        rc:

  545.          local: |

  546.            #!/bin/sh -e

  547.            #

  548.            # rc.local

  549.            #

  550.            # This script is executed at the end of each multiuser runlevel.

  551.            # Make sure that the script will "exit 0" on success or any other

  552.            # value on error.

  553.            #

  554.            # In order to enable or disable this script just change the execution

  555.            # bits.

  556.            #

  557.            # By default this script does nothing.

  558.            exit 0

  559. 

  560. 

  561. Prompt

  562. ~~~~~~

  563. 

  564. Setting prompt is implemented by creating ``/etc/profile.d/prompt.sh``. Every

  565. user can have different prompt.

  566. 

  567. .. code-block:: yaml

  568. 

  569.     linux:

  570.       system:

  571.         prompt:

  572.           root: \\n\\[\\033[0;37m\\]\\D{%y/%m/%d %H:%M:%S} $(hostname -f)\\[\\e[0m\\]\\n\\[\\e[1;31m\\][\\u@\\h:\\w]\\[\\e[0m\\]

  573.           default: \\n\\D{%y/%m/%d %H:%M:%S} $(hostname -f)\\n[\\u@\\h:\\w]

  574. 

  575. On Debian systems to set prompt system-wide it's necessary to remove setting

  576. PS1 in ``/etc/bash.bashrc`` and ``~/.bashrc`` (which comes from

  577. ``/etc/skel/.bashrc``). This formula will do this automatically, but will not

  578. touch existing user's ``~/.bashrc`` files except root.

  579. 

  580. Bash

  581. ~~~~

  582. 

  583. Fix bash configuration to preserve history across sessions (like ZSH does by

  584. default).

  585. 

  586. .. code-block:: yaml

  587. 

  588.     linux:

  589.       system:

  590.         bash:

  591.           preserve_history: true

  592. 

  593. Message of the day

  594. ~~~~~~~~~~~~~~~~~~

  595. 

  596. ``pam_motd`` from package ``update-motd`` is used for dynamic messages of the

  597. day. Setting custom motd will cleanup existing ones.

  598. 

  599. .. code-block:: yaml

  600. 

  601.     linux:

  602.       system:

  603.         motd:

  604.           - release: |

  605.               #!/bin/sh

  606.               [ -r /etc/lsb-release ] && . /etc/lsb-release

  607. 

  608.               if [ -z "$DISTRIB_DESCRIPTION" ] && [ -x /usr/bin/lsb_release ]; then

  609.               	# Fall back to using the very slow lsb_release utility

  610.               	DISTRIB_DESCRIPTION=$(lsb_release -s -d)

  611.               fi

  612. 

  613.               printf "Welcome to %s (%s %s %s)\n" "$DISTRIB_DESCRIPTION" "$(uname -o)" "$(uname -r)" "$(uname -m)"

  614.           - warning: |

  615.               #!/bin/sh

  616.               printf "This is [company name] network.\n"

  617.               printf "Unauthorized access strictly prohibited.\n"

  618. 

  619. Services

  620. ~~~~~~~~

  621. 

  622. Stop and disable linux service:

  623. 

  624. .. code-block:: yaml

  625. 

  626.     linux:

  627.       system:

  628.         service:

  629.           apt-daily.timer:

  630.             status: dead

  631. 

  632. Possible status is dead (disable service by default), running (enable service by default), enabled, disabled.

  633. 

  634. RHEL / CentOS

  635. ^^^^^^^^^^^^^

  636. 

  637. Unfortunately ``update-motd`` is currently not available for RHEL so there's

  638. no native support for dynamic motd.

  639. You can still set static one, only pillar structure differs:

  640. 

  641. .. code-block:: yaml

  642. 

  643.     linux:

  644.       system:

  645.         motd: |

  646.           This is [company name] network.

  647.           Unauthorized access strictly prohibited.

  648. 

  649. Haveged

  650. ~~~~~~~

  651. 

  652. If you are running headless server and are low on entropy, it may be a good

  653. idea to setup Haveged.

  654. 

  655. .. code-block:: yaml

  656. 

  657.     linux:

  658.       system:

  659.         haveged:

  660.           enabled: true

  661. 

  662. Linux network

  663. -------------

  664. 

  665. Linux with network manager

  666. 

  667. .. code-block:: yaml

  668. 

  669.     linux:

  670.       network:

  671.         enabled: true

  672.         network_manager: true

  673. 

  674. Linux with default static network interfaces, default gateway interface and DNS servers

  675. 

  676. .. code-block:: yaml

  677. 

  678.     linux:

  679.       network:

  680.         enabled: true

  681.         interface:

  682.           eth0:

  683.             enabled: true

  684.             type: eth

  685.             address: 192.168.0.102

  686.             netmask: 255.255.255.0

  687.             gateway: 192.168.0.1

  688.             name_servers:

  689.             - 8.8.8.8

  690.             - 8.8.4.4

  691.             mtu: 1500

  692. 

  693. Linux with bonded interfaces and disabled NetworkManager

  694. 

  695. .. code-block:: yaml

  696. 

  697.     linux:

  698.       network:

  699.         enabled: true

  700.         interface:

  701.           eth0:

  702.             type: eth

  703.             ...

  704.           eth1:

  705.             type: eth

  706.             ...

  707.           bond0:

  708.             enabled: true

  709.             type: bond

  710.             address: 192.168.0.102

  711.             netmask: 255.255.255.0

  712.             mtu: 1500

  713.             use_in:

  714.             - interface: ${linux:interface:eth0}

  715.             - interface: ${linux:interface:eth0}

  716.         network_manager:

  717.           disable: true

  718. 

  719. Linux with vlan interface_params

  720. 

  721. .. code-block:: yaml

  722. 

  723.     linux:

  724.       network:

  725.         enabled: true

  726.         interface:

  727.           vlan69:

  728.             type: vlan

  729.             use_interfaces:

  730.             - interface: ${linux:interface:bond0}

  731. 

  732. Linux with wireless interface parameters

  733. 

  734. .. code-block:: yaml

  735. 

  736.     linux:

  737.       network:

  738.         enabled: true

  739.         gateway: 10.0.0.1

  740.         default_interface: eth0

  741.         interface:

  742.           wlan0:

  743.             type: eth

  744.             wireless:

  745.               essid: example

  746.               key: example_key

  747.               security: wpa

  748.               priority: 1

  749. 

  750. Linux networks with routes defined

  751. 

  752. .. code-block:: yaml

  753. 

  754.     linux:

  755.       network:

  756.         enabled: true

  757.         gateway: 10.0.0.1

  758.         default_interface: eth0

  759.         interface:

  760.           eth0:

  761.             type: eth

  762.             route:

  763.               default:

  764.                 address: 192.168.0.123

  765.                 netmask: 255.255.255.0

  766.                 gateway: 192.168.0.1

  767. 

  768. Native Linux Bridges

  769. 

  770. .. code-block:: yaml

  771. 

  772.     linux:

  773.       network:

  774.         interface:

  775.           eth1:

  776.             enabled: true

  777.             type: eth

  778.             proto: manual

  779.             up_cmds:

  780.             - ip address add 0/0 dev $IFACE

  781.             - ip link set $IFACE up

  782.             down_cmds:

  783.             - ip link set $IFACE down

  784.           br-ex:

  785.             enabled: true

  786.             type: bridge

  787.             address: ${linux:network:host:public_local:address}

  788.             netmask: 255.255.255.0

  789.             use_interfaces:

  790.             - eth1

  791. 

  792. OpenVswitch Bridges

  793. 

  794. .. code-block:: yaml

  795. 

  796.     linux:

  797.       network:

  798.         bridge: openvswitch

  799.         interface:

  800.           eth1:

  801.             enabled: true

  802.             type: eth

  803.             proto: manual

  804.             up_cmds:

  805.             - ip address add 0/0 dev $IFACE

  806.             - ip link set $IFACE up

  807.             down_cmds:

  808.             - ip link set $IFACE down

  809.           br-ex:

  810.             enabled: true

  811.             type: bridge

  812.             address: ${linux:network:host:public_local:address}

  813.             netmask: 255.255.255.0

  814.             use_interfaces:

  815.             - eth1

  816. 

  817. DHCP client configuration

  818. 

  819. None of the keys is mandatory, include only those you really need. For full list

  820. of available options under send, supersede, prepend, append refer to dhcp-options(5)

  821. 

  822. .. code-block:: yaml

  823. 

  824.      linux:

  825.        network:

  826.          dhclient:

  827.            enabled: true

  828.            backoff_cutoff: 15

  829.            initial_interval: 10

  830.            reboot: 10

  831.            retry: 60

  832.            select_timeout: 0

  833.            timeout: 120

  834.            send:

  835.              - option: host-name

  836.                declaration: "= gethostname()"

  837.            supersede:

  838.              - option: host-name

  839.                declaration: "spaceship"

  840.              - option: domain-name

  841.                declaration: "domain.home"

  842.              #- option: arp-cache-timeout

  843.              #  declaration: 20

  844.            prepend:

  845.              - option: domain-name-servers

  846.                declaration:

  847.                  - 8.8.8.8

  848.                  - 8.8.4.4

  849.              - option: domain-search

  850.                declaration:

  851.                  - example.com

  852.                  - eng.example.com

  853.            #append:

  854.              #- option: domain-name-servers

  855.              #  declaration: 127.0.0.1

  856.            # ip or subnet to reject dhcp offer from

  857.            reject:

  858.              - 192.33.137.209

  859.              - 10.0.2.0/24

  860.            request:

  861.              - subnet-mask

  862.              - broadcast-address

  863.              - time-offset

  864.              - routers

  865.              - domain-name

  866.              - domain-name-servers

  867.              - domain-search

  868.              - host-name

  869.              - dhcp6.name-servers

  870.              - dhcp6.domain-search

  871.              - dhcp6.fqdn

  872.              - dhcp6.sntp-servers

  873.              - netbios-name-servers

  874.              - netbios-scope

  875.              - interface-mtu

  876.              - rfc3442-classless-static-routes

  877.              - ntp-servers

  878.            require:

  879.              - subnet-mask

  880.              - domain-name-servers

  881.            # if per interface configuration required add below

  882.            interface:

  883.              ens2:

  884.                initial_interval: 11

  885.                reject:

  886.                  - 192.33.137.210

  887.              ens3:

  888.                initial_interval: 12

  889.                reject:

  890.                  - 192.33.137.211

  891. 

  892. 

  893. Configure global environment variables

  894. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  895. 

  896. Linux /etc/environment:

  897. ``/etc/environment`` is for static system wide variable assignment after boot. Variable expansion is frequently not supported.

  898. 

  899. .. code-block:: yaml

  900. 

  901.     linux:

  902.       system:

  903.         env:

  904.           BOB_VARIABLE: Alice

  905.           ...

  906.           BOB_PATH:

  907.             - /srv/alice/bin

  908.             - /srv/bob/bin

  909.           ...

  910.           ftp_proxy:   none

  911.           http_proxy:  http://global-http-proxy.host.local:8080

  912.           https_proxy: ${linux:system:proxy:https}

  913.           no_proxy:

  914.             - 192.168.0.80

  915.             - 192.168.1.80

  916.             - .domain.com

  917.             - .local

  918.         ...

  919.         # NOTE: global defaults proxy configuration.

  920.         proxy:

  921.           ftp:   ftp://proxy.host.local:2121

  922.           http:  http://proxy.host.local:3142

  923.           https: https://proxy.host.local:3143

  924.           noproxy:

  925.             - .domain.com

  926.             - .local

  927. 

  928. Configure profile.d scripts

  929. ~~~~~~~~~~~~~~~~~~~~~~~~~~~

  930. 

  931. Linux /etc/profile.d:

  932. The profile.d scripts are being sourced during .sh execution and support variable expansion in opposite to /etc/environment

  933. global settings in ``/etc/environment``.

  934. 

  935. .. code-block:: yaml

  936. 

  937.     linux:

  938.       system:

  939.         profile:

  940.           locales: |

  941.             export LANG=C

  942.             export LC_ALL=C

  943.           ...

  944.           vi_flavors.sh: |

  945.             export PAGER=view

  946.             export EDITOR=vim

  947.             alias vi=vim

  948.           shell_locales.sh: |

  949.             export LANG=en_US

  950.             export LC_ALL=en_US.UTF-8

  951.           shell_proxies.sh: |

  952.             export FTP_PROXY=ftp://127.0.3.3:2121

  953.             export NO_PROXY='.local'

  954. 

  955. Linux with hosts

  956. ~~~~~~~~~~~~~~~~

  957. 

  958. Parameter purge_hosts will enforce whole /etc/hosts file, removing entries

  959. that are not defined in model except defaults for both IPv4 and IPv6 localhost

  960. and hostname + fqdn.

  961. It's good to use this option if you want to ensure /etc/hosts is always in a

  962. clean state however it's not enabled by default for safety.

  963. 

  964. .. code-block:: yaml

  965. 

  966.     linux:

  967.       network:

  968.         ...

  969.         purge_hosts: true

  970.         host:

  971.           # No need to define this one if purge_hosts is true

  972.           hostname:

  973.             address: 127.0.1.1

  974.             names:

  975.             - ${linux:network:fqdn}

  976.             - ${linux:network:hostname}

  977.           node1:

  978.             address: 192.168.10.200

  979.             names:

  980.             - node2.domain.com

  981.             - service2.domain.com

  982.           node2:

  983.             address: 192.168.10.201

  984.             names:

  985.             - node2.domain.com

  986.             - service2.domain.com

  987. 

  988. 

  989. Setup resolv.conf, nameservers, domain and search domains

  990. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  991. 

  992. .. code-block:: yaml

  993. 

  994.     linux:

  995.       network:

  996.         resolv:

  997.           dns:

  998.           - 8.8.4.4

  999.           - 8.8.8.8

  1000.           domain: my.example.com

  1001.           search:

  1002.           - my.example.com

  1003.           - example.com

  1004.           options:

  1005.           - ndots: 5

  1006.           - timeout: 2

  1007.           - attempts: 2

  1008. 

  1009. **setting custom TX queue length for tap interfaces**

  1010. 

  1011. .. code-block:: yaml

  1012. 

  1013.     linux:

  1014.       network:

  1015.         tap_custom_txqueuelen: 10000

  1016. 

  1017. DPDK OVS interfaces

  1018. --------------------

  1019. 

  1020. **DPDK OVS NIC**

  1021. 

  1022. .. code-block:: yaml

  1023. 

  1024.     linux:

  1025.       network:

  1026.         bridge: openvswitch

  1027.         dpdk:

  1028.           enabled: true

  1029.           driver: uio/vfio-pci

  1030.         openvswitch:

  1031.           pmd_cpu_mask: "0x6"

  1032.           dpdk_socket_mem: "1024,1024"

  1033.           dpdk_lcore_mask: "0x400"

  1034.           memory_channels: 2

  1035.         interface:

  1036.           dpkd0:

  1037.             name: ${_param:dpdk_nic}

  1038.             pci: 0000:06:00.0

  1039.             driver: igb_uio/vfio

  1040.             enabled: true

  1041.             type: dpdk_ovs_port

  1042.             n_rxq: 2

  1043.             bridge: br-prv

  1044.             mtu: 9000

  1045.           br-prv:

  1046.             enabled: true

  1047.             type: dpdk_ovs_bridge

  1048. 

  1049. **DPDK OVS Bond**

  1050. 

  1051. .. code-block:: yaml

  1052. 

  1053.     linux:

  1054.       network:

  1055.         bridge: openvswitch

  1056.         dpdk:

  1057.           enabled: true

  1058.           driver: uio/vfio-pci

  1059.         openvswitch:

  1060.           pmd_cpu_mask: "0x6"

  1061.           dpdk_socket_mem: "1024,1024"

  1062.           dpdk_lcore_mask: "0x400"

  1063.           memory_channels: 2

  1064.         interface:

  1065.           dpdk_second_nic:

  1066.             name: ${_param:primary_second_nic}

  1067.             pci: 0000:06:00.0

  1068.             driver: igb_uio/vfio

  1069.             bond: dpdkbond0

  1070.             enabled: true

  1071.             type: dpdk_ovs_port

  1072.             n_rxq: 2

  1073.             mtu: 9000

  1074.           dpdk_first_nic:

  1075.             name: ${_param:primary_first_nic}

  1076.             pci: 0000:05:00.0

  1077.             driver: igb_uio/vfio

  1078.             bond: dpdkbond0

  1079.             enabled: true

  1080.             type: dpdk_ovs_port

  1081.             n_rxq: 2

  1082.             mtu: 9000

  1083.           dpdkbond0:

  1084.             enabled: true

  1085.             bridge: br-prv

  1086.             type: dpdk_ovs_bond

  1087.             mode: active-backup

  1088.           br-prv:

  1089.             enabled: true

  1090.             type: dpdk_ovs_bridge

  1091. 

  1092. **DPDK OVS bridge for VXLAN**

  1093. 

  1094. If VXLAN is used as tenant segmentation then ip address must be set on br-prv

  1095. 

  1096. .. code-block:: yaml

  1097. 

  1098.     linux:

  1099.       network:

  1100.         ...

  1101.         interface:

  1102.           br-prv:

  1103.             enabled: true

  1104.             type: dpdk_ovs_bridge

  1105.             address: 192.168.50.0

  1106.             netmask: 255.255.255.0

  1107.             mtu: 9000

  1108. 

  1109. Linux storage

  1110. -------------

  1111. 

  1112. Linux with mounted Samba

  1113. 

  1114. .. code-block:: yaml

  1115. 

  1116.     linux:

  1117.       storage:

  1118.         enabled: true

  1119.         mount:

  1120.           samba1:

  1121.           - enabled: true

  1122.           - path: /media/myuser/public/

  1123.           - device: //192.168.0.1/storage

  1124.           - file_system: cifs

  1125.           - options: guest,uid=myuser,iocharset=utf8,file_mode=0777,dir_mode=0777,noperm

  1126. 

  1127. NFS mount

  1128. 

  1129. .. code-block:: yaml

  1130. 

  1131.   linux:

  1132.     storage:

  1133.       enabled: true

  1134.       mount:

  1135.         nfs_glance:

  1136.           enabled: true

  1137.           path: /var/lib/glance/images

  1138.           device: 172.16.10.110:/var/nfs/glance

  1139.           file_system: nfs

  1140.           opts: rw,sync

  1141. 

  1142. 

  1143. File swap configuration

  1144. 

  1145. .. code-block:: yaml

  1146. 

  1147.     linux:

  1148.       storage:

  1149.         enabled: true

  1150.         swap:

  1151.           file:

  1152.             enabled: true

  1153.             engine: file

  1154.             device: /swapfile

  1155.             size: 1024

  1156. 

  1157. Partition swap configuration

  1158. 

  1159. .. code-block:: yaml

  1160. 

  1161.     linux:

  1162.       storage:

  1163.         enabled: true

  1164.         swap:

  1165.           partition:

  1166.             enabled: true

  1167.             engine: partition

  1168.             device: /dev/vg0/swap

  1169. 

  1170. LVM group `vg1` with one device and `data` volume mounted into `/mnt/data`

  1171. 

  1172. .. code-block:: yaml

  1173. 

  1174.     parameters:

  1175.       linux:

  1176.         storage:

  1177.           mount:

  1178.             data:

  1179.               enabled: true

  1180.               device: /dev/vg1/data

  1181.               file_system: ext4

  1182.               path: /mnt/data

  1183.           lvm:

  1184.             vg1:

  1185.               enabled: true

  1186.               devices:

  1187.                 - /dev/sdb

  1188.               volume:

  1189.                 data:

  1190.                   size: 40G

  1191.                   mount: ${linux:storage:mount:data}

  1192. 

  1193. 

  1194. Multipath with Fujitsu Eternus DXL

  1195. 

  1196. .. code-block:: yaml

  1197. 

  1198.     parameters:

  1199.       linux:

  1200.         storage:

  1201.           multipath:

  1202.             enabled: true

  1203.             blacklist_devices:

  1204.             - /dev/sda

  1205.             - /dev/sdb

  1206.             backends:

  1207.             - fujitsu_eternus_dxl

  1208. 

  1209. Multipath with Hitachi VSP 1000

  1210. 

  1211. .. code-block:: yaml

  1212. 

  1213.     parameters:

  1214.       linux:

  1215.         storage:

  1216.           multipath:

  1217.             enabled: true

  1218.             blacklist_devices:

  1219.             - /dev/sda

  1220.             - /dev/sdb

  1221.             backends:

  1222.             - hitachi_vsp1000

  1223. 

  1224. Multipath with IBM Storwize

  1225. 

  1226. .. code-block:: yaml

  1227. 

  1228.     parameters:

  1229.       linux:

  1230.         storage:

  1231.           multipath:

  1232.             enabled: true

  1233.             blacklist_devices:

  1234.             - /dev/sda

  1235.             - /dev/sdb

  1236.             backends:

  1237.             - ibm_storwize

  1238. 

  1239. Multipath with multiple backends

  1240. 

  1241. .. code-block:: yaml

  1242. 

  1243.     parameters:

  1244.       linux:

  1245.         storage:

  1246.           multipath:

  1247.             enabled: true

  1248.             blacklist_devices:

  1249.             - /dev/sda

  1250.             - /dev/sdb

  1251.             - /dev/sdc

  1252.             - /dev/sdd

  1253.             backends:

  1254.             - ibm_storwize

  1255.             - fujitsu_eternus_dxl

  1256.             - hitachi_vsp1000

  1257. 

  1258. Disabled multipath (the default setup)

  1259. 

  1260. .. code-block:: yaml

  1261. 

  1262.     parameters:

  1263.       linux:

  1264.         storage:

  1265.           multipath:

  1266.             enabled: false

  1267. 

  1268. Linux with local loopback device

  1269. 

  1270. .. code-block:: yaml

  1271. 

  1272.     linux:

  1273.       storage:

  1274.         loopback:

  1275.           disk1:

  1276.             file: /srv/disk1

  1277.             size: 50G

  1278. 

  1279. External config generation

  1280. --------------------------

  1281. 

  1282. You are able to use config support metadata between formulas and only generate

  1283. config files for external use, eg. docker, etc.

  1284. 

  1285. .. code-block:: yaml

  1286. 

  1287.     parameters:

  1288.       linux:

  1289.         system:

  1290.           config:

  1291.             pillar:

  1292.               jenkins:

  1293.                 master:

  1294.                   home: /srv/volumes/jenkins

  1295.                   approved_scripts:

  1296.                     - method java.net.URL openConnection

  1297.                   credentials:

  1298.                     - type: username_password

  1299.                       scope: global

  1300.                       id: test

  1301.                       desc: Testing credentials

  1302.                       username: test

  1303.                       password: test

  1304. 

  1305. Netconsole Remote Kernel Logging

  1306. --------------------------------

  1307. 

  1308. Netconsole logger could be configured for configfs-enabled kernels

  1309. (`CONFIG_NETCONSOLE_DYNAMIC` should be enabled). Configuration applies both in

  1310. runtime (if network is already configured), and on-boot after interface

  1311. initialization. Notes:

  1312. 

  1313.  * receiver could be located only in same L3 domain

  1314.    (or you need to configure gateway MAC manually)

  1315.  * receiver's MAC is detected only on configuration time

  1316.  * using broadcast MAC is not recommended

  1317. 

  1318. .. code-block:: yaml

  1319. 

  1320.     parameters:

  1321.       linux:

  1322.         system:

  1323.           netconsole:

  1324.             enabled: true

  1325.             port: 514 (optional)

  1326.             loglevel: debug (optional)

  1327.             target:

  1328.               192.168.0.1:

  1329.                 interface: bond0

  1330.                 mac: "ff:ff:ff:ff:ff:ff" (optional)

  1331. 

  1332. Usage

  1333. =====

  1334. 

  1335. Set mtu of network interface eth0 to 1400

  1336. 

  1337. .. code-block:: bash

  1338. 

  1339.     ip link set dev eth0 mtu 1400

  1340. 

  1341. Read more

  1342. =========

  1343. 

  1344. * https://www.archlinux.org/

  1345. * http://askubuntu.com/questions/175172/how-do-i-configure-proxies-in-ubuntu-server-or-minimal-cli-ubuntu

  1346. 

  1347. Documentation and Bugs

  1348. ======================

  1349. 

  1350. To learn how to install and update salt-formulas, consult the documentation

  1351. available online at:

  1352. 

  1353.     http://salt-formulas.readthedocs.io/

  1354. 

  1355. In the unfortunate event that bugs are discovered, they should be reported to

  1356. the appropriate issue tracker. Use Github issue tracker for specific salt

  1357. formula:

  1358. 

  1359.     https://github.com/salt-formulas/salt-formula-linux/issues

  1360. 

  1361. For feature requests, bug reports or blueprints affecting entire ecosystem,

  1362. use Launchpad salt-formulas project:

  1363. 

  1364.     https://launchpad.net/salt-formulas

  1365. 

  1366. You can also join salt-formulas-users team and subscribe to mailing list:

  1367. 

  1368.     https://launchpad.net/~salt-formulas-users

  1369. 

  1370. Developers wishing to work on the salt-formulas projects should always base

  1371. their work on master branch and submit pull request against specific formula.

  1372. 

  1373.     https://github.com/salt-formulas/salt-formula-linux

  1374. 

  1375. Any questions or feedback is always welcome so feel free to join our IRC

  1376. channel:

  1377. 

  1378.     #salt-formulas @ irc.freenode.net