Saltstack Official Linux Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

README.rst 29KB

9 years ago
9 years ago
9 years ago
9 years ago
8 years ago
8 years ago
8 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260
  1. =====
  2. Linux
  3. =====
  4. Linux Operating Systems.
  5. * Ubuntu
  6. * CentOS
  7. * RedHat
  8. * Fedora
  9. * Arch
  10. Sample pillars
  11. ==============
  12. Linux system
  13. ------------
  14. Basic Linux box
  15. .. code-block:: yaml
  16. linux:
  17. system:
  18. enabled: true
  19. name: 'node1'
  20. domain: 'domain.com'
  21. cluster: 'system'
  22. environment: prod
  23. timezone: 'Europe/Prague'
  24. utc: true
  25. Linux with system users, some with password set
  26. .. code-block:: yaml
  27. linux:
  28. system:
  29. ...
  30. user:
  31. jdoe:
  32. name: 'jdoe'
  33. enabled: true
  34. sudo: true
  35. shell: /bin/bash
  36. full_name: 'Jonh Doe'
  37. home: '/home/jdoe'
  38. email: 'jonh@doe.com'
  39. jsmith:
  40. name: 'jsmith'
  41. enabled: true
  42. full_name: 'Password'
  43. home: '/home/jsmith'
  44. password: userpassword
  45. Configure sudo for users and groups under ``/etc/sudoers.d/``.
  46. This ways ``linux.system.sudo`` pillar map to actual sudo attributes:
  47. .. code-block:: jinja
  48. # simplified template:
  49. Cmds_Alias {{ alias }}={{ commands }}
  50. {{ user }} {{ hosts }}=({{ runas }}) NOPASSWD: {{ commands }}
  51. %{{ group }} {{ hosts }}=({{ runas }}) NOPASSWD: {{ commands }}
  52. # when rendered:
  53. saltuser1 ALL=(ALL) NOPASSWD: ALL
  54. .. code-block:: yaml
  55. linux:
  56. system:
  57. sudo:
  58. enabled: true
  59. alias:
  60. host:
  61. LOCAL:
  62. - localhost
  63. PRODUCTION:
  64. - db1
  65. - db2
  66. runas:
  67. DBA:
  68. - postgres
  69. - mysql
  70. SALT:
  71. - root
  72. command:
  73. # Note: This is not 100% safe when ALL keyword is used, user still may modify configs and hide his actions.
  74. # Best practice is to specify full list of commands user is allowed to run.
  75. SUPPORT_RESTRICTED:
  76. - /bin/vi /etc/sudoers*
  77. - /bin/vim /etc/sudoers*
  78. - /bin/nano /etc/sudoers*
  79. - /bin/emacs /etc/sudoers*
  80. - /bin/su - root
  81. - /bin/su -
  82. - /bin/su
  83. - /usr/sbin/visudo
  84. SUPPORT_SHELLS:
  85. - /bin/sh
  86. - /bin/ksh
  87. - /bin/bash
  88. - /bin/rbash
  89. - /bin/dash
  90. - /bin/zsh
  91. - /bin/csh
  92. - /bin/fish
  93. - /bin/tcsh
  94. - /usr/bin/login
  95. - /usr/bin/su
  96. - /usr/su
  97. ALL_SALT_SAFE:
  98. - /usr/bin/salt state*
  99. - /usr/bin/salt service*
  100. - /usr/bin/salt pillar*
  101. - /usr/bin/salt grains*
  102. - /usr/bin/salt saltutil*
  103. - /usr/bin/salt-call state*
  104. - /usr/bin/salt-call service*
  105. - /usr/bin/salt-call pillar*
  106. - /usr/bin/salt-call grains*
  107. - /usr/bin/salt-call saltutil*
  108. SALT_TRUSTED:
  109. - /usr/bin/salt*
  110. users:
  111. # saltuser1 with default values: saltuser1 ALL=(ALL) NOPASSWD: ALL
  112. saltuser1: {}
  113. saltuser2:
  114. hosts:
  115. - LOCAL
  116. # User Alias DBA
  117. DBA:
  118. hosts:
  119. - ALL
  120. commands:
  121. - ALL_SALT_SAFE
  122. groups:
  123. db-ops:
  124. hosts:
  125. - ALL
  126. - '!PRODUCTION'
  127. runas:
  128. - DBA
  129. commands:
  130. - /bin/cat *
  131. - /bin/less *
  132. - /bin/ls *
  133. salt-ops:
  134. hosts:
  135. - 'ALL'
  136. runas:
  137. - SALT
  138. commands:
  139. - SUPPORT_SHELLS
  140. salt-ops-2nd:
  141. name: salt-ops
  142. nopasswd: false
  143. runas:
  144. - DBA
  145. commands:
  146. - ALL
  147. - '!SUPPORT_SHELLS'
  148. - '!SUPPORT_RESTRICTED'
  149. Linux with package, latest version
  150. .. code-block:: yaml
  151. linux:
  152. system:
  153. ...
  154. package:
  155. package-name:
  156. version: latest
  157. Linux with package from certail repo, version with no upgrades
  158. .. code-block:: yaml
  159. linux:
  160. system:
  161. ...
  162. package:
  163. package-name:
  164. version: 2132.323
  165. repo: 'custom-repo'
  166. hold: true
  167. Linux with package from certail repo, version with no GPG verification
  168. .. code-block:: yaml
  169. linux:
  170. system:
  171. ...
  172. package:
  173. package-name:
  174. version: 2132.323
  175. repo: 'custom-repo'
  176. verify: false
  177. Linux with autoupdates (automatically install security package updates)
  178. .. code-block:: yaml
  179. linux:
  180. system:
  181. ...
  182. autoupdates:
  183. enabled: true
  184. mail: root@localhost
  185. mail_only_on_error: true
  186. remove_unused_dependencies: false
  187. automatic_reboot: true
  188. automatic_reboot_time: "02:00"
  189. Linux with cron jobs
  190. .. code-block:: yaml
  191. linux:
  192. system:
  193. ...
  194. job:
  195. cmd1:
  196. command: '/cmd/to/run'
  197. enabled: true
  198. user: 'root'
  199. hour: 2
  200. minute: 0
  201. Linux security limits (limit sensu user memory usage to max 1GB):
  202. .. code-block:: yaml
  203. linux:
  204. system:
  205. ...
  206. limit:
  207. sensu:
  208. enabled: true
  209. domain: sensu
  210. limits:
  211. - type: hard
  212. item: as
  213. value: 1000000
  214. Enable autologin on tty1 (may work only for Ubuntu 14.04):
  215. .. code-block:: yaml
  216. linux:
  217. system:
  218. console:
  219. tty1:
  220. autologin: root
  221. # Enable serial console
  222. ttyS0:
  223. autologin: root
  224. rate: 115200
  225. term: xterm
  226. To disable set autologin to `false`.
  227. Set ``policy-rc.d`` on Debian-based systems. Action can be any available
  228. command in ``while true`` loop and ``case`` context.
  229. Following will disallow dpkg to stop/start services for cassandra package automatically:
  230. .. code-block:: yaml
  231. linux:
  232. system:
  233. policyrcd:
  234. - package: cassandra
  235. action: exit 101
  236. - package: '*'
  237. action: switch
  238. Set system locales:
  239. .. code-block:: yaml
  240. linux:
  241. system:
  242. locale:
  243. en_US.UTF-8:
  244. default: true
  245. "cs_CZ.UTF-8 UTF-8":
  246. enabled: true
  247. Kernel
  248. ~~~~~~
  249. Install always up to date LTS kernel and headers from Ubuntu trusty:
  250. .. code-block:: yaml
  251. linux:
  252. system:
  253. kernel:
  254. type: generic
  255. lts: trusty
  256. headers: true
  257. Load kernel modules and add them to `/etc/modules`:
  258. .. code-block:: yaml
  259. linux:
  260. system:
  261. kernel:
  262. modules:
  263. - nf_conntrack
  264. - tp_smapi
  265. - 8021q
  266. Install specific kernel version and ensure all other kernel packages are
  267. not present. Also install extra modules and headers for this kernel:
  268. .. code-block:: yaml
  269. linux:
  270. system:
  271. kernel:
  272. type: generic
  273. extra: true
  274. headers: true
  275. version: 4.2.0-22
  276. Systcl kernel parameters
  277. .. code-block:: yaml
  278. linux:
  279. system:
  280. kernel:
  281. sysctl:
  282. net.ipv4.tcp_keepalive_intvl: 3
  283. net.ipv4.tcp_keepalive_time: 30
  284. net.ipv4.tcp_keepalive_probes: 8
  285. CPU
  286. ~~~
  287. Disable ondemand cpu mode service:
  288. .. code-block:: yaml
  289. linux:
  290. system:
  291. cpu:
  292. governor: performance
  293. Huge Pages
  294. ~~~~~~~~~~~~
  295. Huge Pages give a performance boost to applications that intensively deal
  296. with memory allocation/deallocation by decreasing memory fragmentation.
  297. .. code-block:: yaml
  298. linux:
  299. system:
  300. kernel:
  301. hugepages:
  302. small:
  303. size: 2M
  304. count: 107520
  305. mount_point: /mnt/hugepages_2MB
  306. mount: false/true # default false
  307. large:
  308. default: true # default automatically mounted
  309. size: 1G
  310. count: 210
  311. mount_point: /mnt/hugepages_1GB
  312. Note: not recommended to use both pagesizes in concurrently.
  313. Intel SR-IOV
  314. ~~~~~~~~~~~~
  315. PCI-SIG Single Root I/O Virtualization and Sharing (SR-IOV) specification defines a standardized mechanism to virtualize PCIe devices. The mechanism can virtualize a single PCIe Ethernet controller to appear as multiple PCIe devices.
  316. .. code-block:: yaml
  317. linux:
  318. system:
  319. kernel:
  320. sriov: True
  321. unsafe_interrupts: False # Default is false. for older platforms and AMD we need to add interrupt remapping workaround
  322. rc:
  323. local: |
  324. #!/bin/sh -e
  325. # Enable 7 VF on eth1
  326. echo 7 > /sys/class/net/eth1/device/sriov_numvfs; sleep 2; ifup -a
  327. exit 0
  328. Isolate CPU options
  329. ~~~~~~~~~~~~~~~~~~~
  330. Remove the specified CPUs, as defined by the cpu_number values, from the general kernel
  331. SMP balancing and scheduler algroithms. The only way to move a process onto or off an
  332. "isolated" CPU is via the CPU affinity syscalls. cpu_number begins at 0, so the
  333. maximum value is 1 less than the number of CPUs on the system.
  334. .. code-block:: yaml
  335. linux:
  336. system:
  337. kernel:
  338. isolcpu: 1,2,3,4,5,6,7 # isolate first cpu 0
  339. Repositories
  340. ~~~~~~~~~~~~
  341. RedHat based Linux with additional OpenStack repo
  342. .. code-block:: yaml
  343. linux:
  344. system:
  345. ...
  346. repo:
  347. rdo-icehouse:
  348. enabled: true
  349. source: 'http://repos.fedorapeople.org/repos/openstack/openstack-icehouse/epel-6/'
  350. pgpcheck: 0
  351. Ensure system repository to use czech Debian mirror (``default: true``)
  352. Also pin it's packages with priority 900.
  353. .. code-block:: yaml
  354. linux:
  355. system:
  356. repo:
  357. debian:
  358. default: true
  359. source: "deb http://ftp.cz.debian.org/debian/ jessie main contrib non-free"
  360. # Import signing key from URL if needed
  361. key_url: "http://dummy.com/public.gpg"
  362. pin:
  363. - pin: 'origin "ftp.cz.debian.org"'
  364. priority: 900
  365. package: '*'
  366. Package manager proxy setup globally:
  367. .. code-block:: yaml
  368. linux:
  369. system:
  370. ...
  371. repo:
  372. apt-mk:
  373. source: "deb http://apt-mk.mirantis.com/ stable main salt"
  374. ...
  375. proxy:
  376. pkg:
  377. enabled: true
  378. ftp: ftp://ftp-proxy-for-apt.host.local:2121
  379. ...
  380. # NOTE: Global defaults for any other componet that configure proxy on the system.
  381. # If your environment has just one simple proxy, set it on linux:system:proxy.
  382. #
  383. # fall back system defaults if linux:system:proxy:pkg has no protocol specific entries
  384. # as for https and http
  385. ftp: ftp://proxy.host.local:2121
  386. http: http://proxy.host.local:3142
  387. https: https://proxy.host.local:3143
  388. Package manager proxy setup per repository:
  389. .. code-block:: yaml
  390. linux:
  391. system:
  392. ...
  393. repo:
  394. debian:
  395. source: "deb http://apt-mk.mirantis.com/ stable main salt"
  396. ...
  397. apt-mk:
  398. source: "deb http://apt-mk.mirantis.com/ stable main salt"
  399. # per repository proxy
  400. proxy:
  401. enabled: true
  402. http: http://maas-01:8080
  403. https: http://maas-01:8080
  404. ...
  405. proxy:
  406. # package manager fallback defaults
  407. # used if linux:system:repo:apt-mk:proxy has no protocol specific entries
  408. pkg:
  409. enabled: true
  410. ftp: ftp://proxy.host.local:2121
  411. #http: http://proxy.host.local:3142
  412. #https: https://proxy.host.local:3143
  413. ...
  414. # global system fallback system defaults
  415. ftp: ftp://proxy.host.local:2121
  416. http: http://proxy.host.local:3142
  417. https: https://proxy.host.local:3143
  418. RC
  419. ~~
  420. rc.local example
  421. .. code-block:: yaml
  422. linux:
  423. system:
  424. rc:
  425. local: |
  426. #!/bin/sh -e
  427. #
  428. # rc.local
  429. #
  430. # This script is executed at the end of each multiuser runlevel.
  431. # Make sure that the script will "exit 0" on success or any other
  432. # value on error.
  433. #
  434. # In order to enable or disable this script just change the execution
  435. # bits.
  436. #
  437. # By default this script does nothing.
  438. exit 0
  439. Prompt
  440. ~~~~~~
  441. Setting prompt is implemented by creating ``/etc/profile.d/prompt.sh``. Every
  442. user can have different prompt.
  443. .. code-block:: yaml
  444. linux:
  445. system:
  446. prompt:
  447. root: \\n\\[\\033[0;37m\\]\\D{%y/%m/%d %H:%M:%S} $(hostname -f)\\[\\e[0m\\]\\n\\[\\e[1;31m\\][\\u@\\h:\\w]\\[\\e[0m\\]
  448. default: \\n\\D{%y/%m/%d %H:%M:%S} $(hostname -f)\\n[\\u@\\h:\\w]
  449. On Debian systems to set prompt system-wide it's necessary to remove setting
  450. PS1 in ``/etc/bash.bashrc`` and ``~/.bashrc`` (which comes from
  451. ``/etc/skel/.bashrc``). This formula will do this automatically, but will not
  452. touch existing user's ``~/.bashrc`` files except root.
  453. Bash
  454. ~~~~
  455. Fix bash configuration to preserve history across sessions (like ZSH does by
  456. default).
  457. .. code-block:: yaml
  458. linux:
  459. system:
  460. bash:
  461. preserve_history: true
  462. Message of the day
  463. ~~~~~~~~~~~~~~~~~~
  464. ``pam_motd`` from package ``update-motd`` is used for dynamic messages of the
  465. day. Setting custom motd will cleanup existing ones.
  466. .. code-block:: yaml
  467. linux:
  468. system:
  469. motd:
  470. - release: |
  471. #!/bin/sh
  472. [ -r /etc/lsb-release ] && . /etc/lsb-release
  473. if [ -z "$DISTRIB_DESCRIPTION" ] && [ -x /usr/bin/lsb_release ]; then
  474. # Fall back to using the very slow lsb_release utility
  475. DISTRIB_DESCRIPTION=$(lsb_release -s -d)
  476. fi
  477. printf "Welcome to %s (%s %s %s)\n" "$DISTRIB_DESCRIPTION" "$(uname -o)" "$(uname -r)" "$(uname -m)"
  478. - warning: |
  479. #!/bin/sh
  480. printf "This is [company name] network.\n"
  481. printf "Unauthorized access strictly prohibited.\n"
  482. RHEL / CentOS
  483. ^^^^^^^^^^^^^
  484. Unfortunately ``update-motd`` is currently not available for RHEL so there's
  485. no native support for dynamic motd.
  486. You can still set static one, only pillar structure differs:
  487. .. code-block:: yaml
  488. linux:
  489. system:
  490. motd: |
  491. This is [company name] network.
  492. Unauthorized access strictly prohibited.
  493. Haveged
  494. ~~~~~~~
  495. If you are running headless server and are low on entropy, it may be a good
  496. idea to setup Haveged.
  497. .. code-block:: yaml
  498. linux:
  499. system:
  500. haveged:
  501. enabled: true
  502. Linux network
  503. -------------
  504. Linux with network manager
  505. .. code-block:: yaml
  506. linux:
  507. network:
  508. enabled: true
  509. network_manager: true
  510. Linux with default static network interfaces, default gateway interface and DNS servers
  511. .. code-block:: yaml
  512. linux:
  513. network:
  514. enabled: true
  515. interface:
  516. eth0:
  517. enabled: true
  518. type: eth
  519. address: 192.168.0.102
  520. netmask: 255.255.255.0
  521. gateway: 192.168.0.1
  522. name_servers:
  523. - 8.8.8.8
  524. - 8.8.4.4
  525. mtu: 1500
  526. Linux with bonded interfaces and disabled NetworkManager
  527. .. code-block:: yaml
  528. linux:
  529. network:
  530. enabled: true
  531. interface:
  532. eth0:
  533. type: eth
  534. ...
  535. eth1:
  536. type: eth
  537. ...
  538. bond0:
  539. enabled: true
  540. type: bond
  541. address: 192.168.0.102
  542. netmask: 255.255.255.0
  543. mtu: 1500
  544. use_in:
  545. - interface: ${linux:interface:eth0}
  546. - interface: ${linux:interface:eth0}
  547. network_manager:
  548. disable: true
  549. Linux with vlan interface_params
  550. .. code-block:: yaml
  551. linux:
  552. network:
  553. enabled: true
  554. interface:
  555. vlan69:
  556. type: vlan
  557. use_interfaces:
  558. - interface: ${linux:interface:bond0}
  559. Linux with wireless interface parameters
  560. .. code-block:: yaml
  561. linux:
  562. network:
  563. enabled: true
  564. gateway: 10.0.0.1
  565. default_interface: eth0
  566. interface:
  567. wlan0:
  568. type: eth
  569. wireless:
  570. essid: example
  571. key: example_key
  572. security: wpa
  573. priority: 1
  574. Linux networks with routes defined
  575. .. code-block:: yaml
  576. linux:
  577. network:
  578. enabled: true
  579. gateway: 10.0.0.1
  580. default_interface: eth0
  581. interface:
  582. eth0:
  583. type: eth
  584. route:
  585. default:
  586. address: 192.168.0.123
  587. netmask: 255.255.255.0
  588. gateway: 192.168.0.1
  589. Native Linux Bridges
  590. .. code-block:: yaml
  591. linux:
  592. network:
  593. interface:
  594. eth1:
  595. enabled: true
  596. type: eth
  597. proto: manual
  598. up_cmds:
  599. - ip address add 0/0 dev $IFACE
  600. - ip link set $IFACE up
  601. down_cmds:
  602. - ip link set $IFACE down
  603. br-ex:
  604. enabled: true
  605. type: bridge
  606. address: ${linux:network:host:public_local:address}
  607. netmask: 255.255.255.0
  608. use_interfaces:
  609. - eth1
  610. OpenVswitch Bridges
  611. .. code-block:: yaml
  612. linux:
  613. network:
  614. bridge: openvswitch
  615. interface:
  616. eth1:
  617. enabled: true
  618. type: eth
  619. proto: manual
  620. up_cmds:
  621. - ip address add 0/0 dev $IFACE
  622. - ip link set $IFACE up
  623. down_cmds:
  624. - ip link set $IFACE down
  625. br-ex:
  626. enabled: true
  627. type: bridge
  628. address: ${linux:network:host:public_local:address}
  629. netmask: 255.255.255.0
  630. use_interfaces:
  631. - eth1
  632. Configure global environment variables
  633. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  634. Linux /etc/environment:
  635. ``/etc/environment`` is for static system wide variable assignment after boot. Variable expansion is frequently not supported.
  636. .. code-block:: yaml
  637. linux:
  638. system:
  639. env:
  640. BOB_VARIABLE: Alice
  641. ...
  642. BOB_PATH:
  643. - /srv/alice/bin
  644. - /srv/bob/bin
  645. ...
  646. ftp_proxy: none
  647. http_proxy: http://global-http-proxy.host.local:8080
  648. https_proxy: ${linux:system:proxy:https}
  649. no_proxy:
  650. - 192.168.0.80
  651. - 192.168.1.80
  652. - .domain.com
  653. - .local
  654. ...
  655. # NOTE: global defaults proxy configuration.
  656. proxy:
  657. ftp: ftp://proxy.host.local:2121
  658. http: http://proxy.host.local:3142
  659. https: https://proxy.host.local:3143
  660. noproxy:
  661. - .domain.com
  662. - .local
  663. Configure profile.d scripts
  664. ~~~~~~~~~~~~~~~~~~~~~~~~~~~
  665. Linux /etc/profile.d:
  666. The profile.d scripts are being sourced during .sh execution and support variable expansion in opposite to /etc/environment
  667. global settings in ``/etc/environment``.
  668. .. code-block:: yaml
  669. linux:
  670. system:
  671. profile:
  672. locales: |
  673. export LANG=C
  674. export LC_ALL=C
  675. ...
  676. vi_flavors.sh: |
  677. export PAGER=view
  678. export EDITOR=vim
  679. alias vi=vim
  680. shell_locales.sh: |
  681. export LANG=en_US
  682. export LC_ALL=en_US.UTF-8
  683. shell_proxies.sh: |
  684. export FTP_PROXY=ftp://127.0.3.3:2121
  685. export NO_PROXY='.local'
  686. Linux with hosts
  687. ~~~~~~~~~~~~~~~~
  688. Parameter purge_hosts will enforce whole /etc/hosts file, removing entries
  689. that are not defined in model except defaults for both IPv4 and IPv6 localhost
  690. and hostname + fqdn.
  691. It's good to use this option if you want to ensure /etc/hosts is always in a
  692. clean state however it's not enabled by default for safety.
  693. .. code-block:: yaml
  694. linux:
  695. network:
  696. ...
  697. purge_hosts: true
  698. host:
  699. # No need to define this one if purge_hosts is true
  700. hostname:
  701. address: 127.0.1.1
  702. names:
  703. - ${linux:network:fqdn}
  704. - ${linux:network:hostname}
  705. node1:
  706. address: 192.168.10.200
  707. names:
  708. - node2.domain.com
  709. - service2.domain.com
  710. node2:
  711. address: 192.168.10.201
  712. names:
  713. - node2.domain.com
  714. - service2.domain.com
  715. Setup resolv.conf, nameservers, domain and search domains
  716. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  717. .. code-block:: yaml
  718. linux:
  719. network:
  720. resolv:
  721. dns:
  722. - 8.8.4.4
  723. - 8.8.8.8
  724. domain: my.example.com
  725. search:
  726. - my.example.com
  727. - example.com
  728. options:
  729. - ndots: 5
  730. - timeout: 2
  731. - attempts: 2
  732. **setting custom TX queue length for tap interfaces**
  733. .. code-block:: yaml
  734. linux:
  735. network:
  736. tap_custom_txqueuelen: 10000
  737. DPDK OVS interfaces
  738. --------------------
  739. **DPDK OVS NIC**
  740. .. code-block:: yaml
  741. linux:
  742. network:
  743. bridge: openvswitch
  744. dpdk:
  745. enabled: true
  746. driver: uio/vfio-pci
  747. openvswitch:
  748. pmd_cpu_mask: "0x6"
  749. dpdk_socket_mem: "1024,1024"
  750. dpdk_lcore_mask: "0x400"
  751. memory_channels: 2
  752. interface:
  753. dpkd0:
  754. name: ${_param:dpdk_nic}
  755. pci: 0000:06:00.0
  756. driver: igb_uio/vfio
  757. enabled: true
  758. type: dpdk_ovs_port
  759. n_rxq: 2
  760. bridge: br-prv
  761. mtu: 9000
  762. br-prv:
  763. enabled: true
  764. type: dpdk_ovs_bridge
  765. **DPDK OVS Bond**
  766. .. code-block:: yaml
  767. linux:
  768. network:
  769. bridge: openvswitch
  770. dpdk:
  771. enabled: true
  772. driver: uio/vfio-pci
  773. openvswitch:
  774. pmd_cpu_mask: "0x6"
  775. dpdk_socket_mem: "1024,1024"
  776. dpdk_lcore_mask: "0x400"
  777. memory_channels: 2
  778. interface:
  779. dpdk_second_nic:
  780. name: ${_param:primary_second_nic}
  781. pci: 0000:06:00.0
  782. driver: igb_uio/vfio
  783. bond: dpdkbond0
  784. enabled: true
  785. type: dpdk_ovs_port
  786. n_rxq: 2
  787. mtu: 9000
  788. dpdk_first_nic:
  789. name: ${_param:primary_first_nic}
  790. pci: 0000:05:00.0
  791. driver: igb_uio/vfio
  792. bond: dpdkbond0
  793. enabled: true
  794. type: dpdk_ovs_port
  795. n_rxq: 2
  796. mtu: 9000
  797. dpdkbond0:
  798. enabled: true
  799. bridge: br-prv
  800. type: dpdk_ovs_bond
  801. mode: active-backup
  802. br-prv:
  803. enabled: true
  804. type: dpdk_ovs_bridge
  805. **DPDK OVS bridge for VXLAN**
  806. If VXLAN is used as tenant segmentation then ip address must be set on br-prv
  807. .. code-block:: yaml
  808. linux:
  809. network:
  810. ...
  811. interface:
  812. br-prv:
  813. enabled: true
  814. type: dpdk_ovs_bridge
  815. address: 192.168.50.0
  816. netmask: 255.255.255.0
  817. mtu: 9000
  818. Linux storage
  819. -------------
  820. Linux with mounted Samba
  821. .. code-block:: yaml
  822. linux:
  823. storage:
  824. enabled: true
  825. mount:
  826. samba1:
  827. - enabled: true
  828. - path: /media/myuser/public/
  829. - device: //192.168.0.1/storage
  830. - file_system: cifs
  831. - options: guest,uid=myuser,iocharset=utf8,file_mode=0777,dir_mode=0777,noperm
  832. NFS mount
  833. .. code-block:: yaml
  834. linux:
  835. storage:
  836. enabled: true
  837. mount:
  838. nfs_glance:
  839. enabled: true
  840. path: /var/lib/glance/images
  841. device: 172.16.10.110:/var/nfs/glance
  842. file_system: nfs
  843. opts: rw,sync
  844. File swap configuration
  845. .. code-block:: yaml
  846. linux:
  847. storage:
  848. enabled: true
  849. swap:
  850. file:
  851. enabled: true
  852. engine: file
  853. device: /swapfile
  854. size: 1024
  855. Partition swap configuration
  856. .. code-block:: yaml
  857. linux:
  858. storage:
  859. enabled: true
  860. swap:
  861. partition:
  862. enabled: true
  863. engine: partition
  864. device: /dev/vg0/swap
  865. LVM group `vg1` with one device and `data` volume mounted into `/mnt/data`
  866. .. code-block:: yaml
  867. parameters:
  868. linux:
  869. storage:
  870. mount:
  871. data:
  872. enabled: true
  873. device: /dev/vg1/data
  874. file_system: ext4
  875. path: /mnt/data
  876. lvm:
  877. vg1:
  878. enabled: true
  879. devices:
  880. - /dev/sdb
  881. volume:
  882. data:
  883. size: 40G
  884. mount: ${linux:storage:mount:data}
  885. Multipath with Fujitsu Eternus DXL
  886. .. code-block:: yaml
  887. parameters:
  888. linux:
  889. storage:
  890. multipath:
  891. enabled: true
  892. blacklist_devices:
  893. - /dev/sda
  894. - /dev/sdb
  895. backends:
  896. - fujitsu_eternus_dxl
  897. Multipath with Hitachi VSP 1000
  898. .. code-block:: yaml
  899. parameters:
  900. linux:
  901. storage:
  902. multipath:
  903. enabled: true
  904. blacklist_devices:
  905. - /dev/sda
  906. - /dev/sdb
  907. backends:
  908. - hitachi_vsp1000
  909. Multipath with IBM Storwize
  910. .. code-block:: yaml
  911. parameters:
  912. linux:
  913. storage:
  914. multipath:
  915. enabled: true
  916. blacklist_devices:
  917. - /dev/sda
  918. - /dev/sdb
  919. backends:
  920. - ibm_storwize
  921. Multipath with multiple backends
  922. .. code-block:: yaml
  923. parameters:
  924. linux:
  925. storage:
  926. multipath:
  927. enabled: true
  928. blacklist_devices:
  929. - /dev/sda
  930. - /dev/sdb
  931. - /dev/sdc
  932. - /dev/sdd
  933. backends:
  934. - ibm_storwize
  935. - fujitsu_eternus_dxl
  936. - hitachi_vsp1000
  937. Disabled multipath (the default setup)
  938. .. code-block:: yaml
  939. parameters:
  940. linux:
  941. storage:
  942. multipath:
  943. enabled: false
  944. Linux with local loopback device
  945. .. code-block:: yaml
  946. linux:
  947. storage:
  948. loopback:
  949. disk1:
  950. file: /srv/disk1
  951. size: 50G
  952. External config generation
  953. --------------------------
  954. You are able to use config support metadata between formulas and only generate
  955. config files for external use, eg. docker, etc.
  956. .. code-block:: yaml
  957. parameters:
  958. linux:
  959. system:
  960. config:
  961. pillar:
  962. jenkins:
  963. master:
  964. home: /srv/volumes/jenkins
  965. approved_scripts:
  966. - method java.net.URL openConnection
  967. credentials:
  968. - type: username_password
  969. scope: global
  970. id: test
  971. desc: Testing credentials
  972. username: test
  973. password: test
  974. Netconsole Remote Kernel Logging
  975. --------------------------------
  976. Netconsole logger could be configured for configfs-enabled kernels
  977. (`CONFIG_NETCONSOLE_DYNAMIC` should be enabled). Configuration applies both in
  978. runtime (if network is already configured), and on-boot after interface
  979. initialization. Notes:
  980. * receiver could be located only in same L3 domain
  981. (or you need to configure gateway MAC manually)
  982. * receiver's MAC is detected only on configuration time
  983. * using broadcast MAC is not recommended
  984. .. code-block:: yaml
  985. parameters:
  986. linux:
  987. system:
  988. netconsole:
  989. enabled: true
  990. port: 514 (optional)
  991. loglevel: debug (optional)
  992. target:
  993. 192.168.0.1:
  994. interface: bond0
  995. mac: "ff:ff:ff:ff:ff:ff" (optional)
  996. Usage
  997. =====
  998. Set mtu of network interface eth0 to 1400
  999. .. code-block:: bash
  1000. ip link set dev eth0 mtu 1400
  1001. Read more
  1002. =========
  1003. * https://www.archlinux.org/
  1004. * http://askubuntu.com/questions/175172/how-do-i-configure-proxies-in-ubuntu-server-or-minimal-cli-ubuntu
  1005. Documentation and Bugs
  1006. ======================
  1007. To learn how to install and update salt-formulas, consult the documentation
  1008. available online at:
  1009. http://salt-formulas.readthedocs.io/
  1010. In the unfortunate event that bugs are discovered, they should be reported to
  1011. the appropriate issue tracker. Use Github issue tracker for specific salt
  1012. formula:
  1013. https://github.com/salt-formulas/salt-formula-linux/issues
  1014. For feature requests, bug reports or blueprints affecting entire ecosystem,
  1015. use Launchpad salt-formulas project:
  1016. https://launchpad.net/salt-formulas
  1017. You can also join salt-formulas-users team and subscribe to mailing list:
  1018. https://launchpad.net/~salt-formulas-users
  1019. Developers wishing to work on the salt-formulas projects should always base
  1020. their work on master branch and submit pull request against specific formula.
  1021. https://github.com/salt-formulas/salt-formula-linux
  1022. Any questions or feedback is always welcome so feel free to join our IRC
  1023. channel:
  1024. #salt-formulas @ irc.freenode.net