Saltstack Official Linux Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

README.rst 24KB

9 jaren geleden
9 jaren geleden
9 jaren geleden
9 jaren geleden
8 jaren geleden
8 jaren geleden
8 jaren geleden
9 jaren geleden
9 jaren geleden
9 jaren geleden
9 jaren geleden
9 jaren geleden
9 jaren geleden
9 jaren geleden
9 jaren geleden
9 jaren geleden
9 jaren geleden
9 jaren geleden
9 jaren geleden
9 jaren geleden
9 jaren geleden
9 jaren geleden
9 jaren geleden
9 jaren geleden
9 jaren geleden
9 jaren geleden
1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093
  1. =====
  2. Linux
  3. =====
  4. Linux Operating Systems.
  5. * Ubuntu
  6. * CentOS
  7. * RedHat
  8. * Fedora
  9. * Arch
  10. Sample pillars
  11. ==============
  12. Linux system
  13. ------------
  14. Basic Linux box
  15. .. code-block:: yaml
  16. linux:
  17. system:
  18. enabled: true
  19. name: 'node1'
  20. domain: 'domain.com'
  21. cluster: 'system'
  22. environment: prod
  23. timezone: 'Europe/Prague'
  24. utc: true
  25. Linux with system users, some with password set
  26. .. code-block:: yaml
  27. linux:
  28. system:
  29. ...
  30. user:
  31. jdoe:
  32. name: 'jdoe'
  33. enabled: true
  34. sudo: true
  35. shell: /bin/bash
  36. full_name: 'Jonh Doe'
  37. home: '/home/jdoe'
  38. email: 'jonh@doe.com'
  39. jsmith:
  40. name: 'jsmith'
  41. enabled: true
  42. full_name: 'Password'
  43. home: '/home/jsmith'
  44. password: userpassword
  45. Configure sudo for users and groups under ``/etc/sudoers.d/``.
  46. This ways ``linux.system.sudo`` pillar map to actual sudo attributes:
  47. .. code-block:: jinja
  48. # simplified template:
  49. Cmds_Alias {{ alias }}={{ commands }}
  50. {{ user }} {{ hosts }}=({{ runas }}) NOPASSWD: {{ commands }}
  51. %{{ group }} {{ hosts }}=({{ runas }}) NOPASSWD: {{ commands }}
  52. # when rendered:
  53. saltuser1 ALL=(ALL) NOPASSWD: ALL
  54. .. code-block:: yaml
  55. linux:
  56. system:
  57. sudo:
  58. enabled: true
  59. alias:
  60. host:
  61. LOCAL:
  62. - localhost
  63. PRODUCTION:
  64. - db1
  65. - db2
  66. runas:
  67. DBA:
  68. - postgres
  69. - mysql
  70. SALT:
  71. - root
  72. command:
  73. # Note: This is not 100% safe when ALL keyword is used, user still may modify configs and hide his actions.
  74. # Best practice is to specify full list of commands user is allowed to run.
  75. SUPPORT_RESTRICTED:
  76. - /bin/vi /etc/sudoers*
  77. - /bin/vim /etc/sudoers*
  78. - /bin/nano /etc/sudoers*
  79. - /bin/emacs /etc/sudoers*
  80. - /bin/su - root
  81. - /bin/su -
  82. - /bin/su
  83. - /usr/sbin/visudo
  84. SUPPORT_SHELLS:
  85. - /bin/sh
  86. - /bin/ksh
  87. - /bin/bash
  88. - /bin/rbash
  89. - /bin/dash
  90. - /bin/zsh
  91. - /bin/csh
  92. - /bin/fish
  93. - /bin/tcsh
  94. - /usr/bin/login
  95. - /usr/bin/su
  96. - /usr/su
  97. ALL_SALT_SAFE:
  98. - /usr/bin/salt state*
  99. - /usr/bin/salt service*
  100. - /usr/bin/salt pillar*
  101. - /usr/bin/salt grains*
  102. - /usr/bin/salt saltutil*
  103. - /usr/bin/salt-call state*
  104. - /usr/bin/salt-call service*
  105. - /usr/bin/salt-call pillar*
  106. - /usr/bin/salt-call grains*
  107. - /usr/bin/salt-call saltutil*
  108. SALT_TRUSTED:
  109. - /usr/bin/salt*
  110. users:
  111. # saltuser1 with default values: saltuser1 ALL=(ALL) NOPASSWD: ALL
  112. saltuser1: {}
  113. saltuser2:
  114. hosts:
  115. - LOCAL
  116. # User Alias DBA
  117. DBA:
  118. hosts:
  119. - ALL
  120. commands:
  121. - ALL_SALT_SAFE
  122. groups:
  123. db-ops:
  124. hosts:
  125. - ALL
  126. - '!PRODUCTION'
  127. runas:
  128. - DBA
  129. commands:
  130. - /bin/cat *
  131. - /bin/less *
  132. - /bin/ls *
  133. salt-ops:
  134. hosts:
  135. - 'ALL'
  136. runas:
  137. - SALT
  138. commands:
  139. - SUPPORT_SHELLS
  140. salt-ops-2nd:
  141. name: salt-ops
  142. nopasswd: false
  143. runas:
  144. - DBA
  145. commands:
  146. - ALL
  147. - '!SUPPORT_SHELLS'
  148. - '!SUPPORT_RESTRICTED'
  149. Linux with package, latest version
  150. .. code-block:: yaml
  151. linux:
  152. system:
  153. ...
  154. package:
  155. package-name:
  156. version: latest
  157. Linux with package from certail repo, version with no upgrades
  158. .. code-block:: yaml
  159. linux:
  160. system:
  161. ...
  162. package:
  163. package-name:
  164. version: 2132.323
  165. repo: 'custom-repo'
  166. hold: true
  167. Linux with package from certail repo, version with no GPG verification
  168. .. code-block:: yaml
  169. linux:
  170. system:
  171. ...
  172. package:
  173. package-name:
  174. version: 2132.323
  175. repo: 'custom-repo'
  176. verify: false
  177. Linux with autoupdates (automatically install security package updates)
  178. .. code-block:: yaml
  179. linux:
  180. system:
  181. ...
  182. autoupdates:
  183. enabled: true
  184. mail: root@localhost
  185. mail_only_on_error: true
  186. remove_unused_dependencies: false
  187. automatic_reboot: true
  188. automatic_reboot_time: "02:00"
  189. Linux with cron jobs
  190. .. code-block:: yaml
  191. linux:
  192. system:
  193. ...
  194. job:
  195. cmd1:
  196. command: '/cmd/to/run'
  197. enabled: true
  198. user: 'root'
  199. hour: 2
  200. minute: 0
  201. Linux security limits (limit sensu user memory usage to max 1GB):
  202. .. code-block:: yaml
  203. linux:
  204. system:
  205. ...
  206. limit:
  207. sensu:
  208. enabled: true
  209. domain: sensu
  210. limits:
  211. - type: hard
  212. item: as
  213. value: 1000000
  214. Enable autologin on tty1 (may work only for Ubuntu 14.04):
  215. .. code-block:: yaml
  216. linux:
  217. system:
  218. console:
  219. tty1:
  220. autologin: root
  221. # Enable serial console
  222. ttyS0:
  223. autologin: root
  224. rate: 115200
  225. term: xterm
  226. To disable set autologin to `false`.
  227. Set ``policy-rc.d`` on Debian-based systems. Action can be any available
  228. command in ``while true`` loop and ``case`` context.
  229. Following will disallow dpkg to stop/start services for cassandra package automatically:
  230. .. code-block:: yaml
  231. linux:
  232. system:
  233. policyrcd:
  234. - package: cassandra
  235. action: exit 101
  236. - package: '*'
  237. action: switch
  238. Set system locales:
  239. .. code-block:: yaml
  240. linux:
  241. system:
  242. locale:
  243. en_US.UTF-8:
  244. default: true
  245. "cs_CZ.UTF-8 UTF-8":
  246. enabled: true
  247. Kernel
  248. ~~~~~~
  249. Install always up to date LTS kernel and headers from Ubuntu trusty:
  250. .. code-block:: yaml
  251. linux:
  252. system:
  253. kernel:
  254. type: generic
  255. lts: trusty
  256. headers: true
  257. Load kernel modules and add them to `/etc/modules`:
  258. .. code-block:: yaml
  259. linux:
  260. system:
  261. kernel:
  262. modules:
  263. - nf_conntrack
  264. - tp_smapi
  265. - 8021q
  266. Install specific kernel version and ensure all other kernel packages are
  267. not present. Also install extra modules and headers for this kernel:
  268. .. code-block:: yaml
  269. linux:
  270. system:
  271. kernel:
  272. type: generic
  273. extra: true
  274. headers: true
  275. version: 4.2.0-22
  276. Systcl kernel parameters
  277. .. code-block:: yaml
  278. linux:
  279. system:
  280. kernel:
  281. sysctl:
  282. net.ipv4.tcp_keepalive_intvl: 3
  283. net.ipv4.tcp_keepalive_time: 30
  284. net.ipv4.tcp_keepalive_probes: 8
  285. CPU
  286. ~~~
  287. Disable ondemand cpu mode service:
  288. .. code-block:: yaml
  289. linux:
  290. system:
  291. cpu:
  292. governor: performance
  293. Huge Pages
  294. ~~~~~~~~~~~~
  295. Huge Pages give a performance boost to applications that intensively deal
  296. with memory allocation/deallocation by decreasing memory fragmentation.
  297. .. code-block:: yaml
  298. linux:
  299. system:
  300. kernel:
  301. hugepages:
  302. small:
  303. size: 2M
  304. count: 107520
  305. mount_point: /mnt/hugepages_2MB
  306. mount: false/true # default false
  307. large:
  308. default: true # default automatically mounted
  309. size: 1G
  310. count: 210
  311. mount_point: /mnt/hugepages_1GB
  312. Note: not recommended to use both pagesizes in concurrently.
  313. Intel SR-IOV
  314. ~~~~~~~~~~~~
  315. PCI-SIG Single Root I/O Virtualization and Sharing (SR-IOV) specification defines a standardized mechanism to virtualize PCIe devices. The mechanism can virtualize a single PCIe Ethernet controller to appear as multiple PCIe devices.
  316. .. code-block:: yaml
  317. linux:
  318. system:
  319. kernel:
  320. sriov: True
  321. unsafe_interrupts: False # Default is false. for older platforms and AMD we need to add interrupt remapping workaround
  322. rc:
  323. local: |
  324. #!/bin/sh -e
  325. # Enable 7 VF on eth1
  326. echo 7 > /sys/class/net/eth1/device/sriov_numvfs; sleep 2; ifup -a
  327. exit 0
  328. Isolate CPU options
  329. ~~~~~~~~~~~~~~~~~~~
  330. Remove the specified CPUs, as defined by the cpu_number values, from the general kernel
  331. SMP balancing and scheduler algroithms. The only way to move a process onto or off an
  332. "isolated" CPU is via the CPU affinity syscalls. cpu_number begins at 0, so the
  333. maximum value is 1 less than the number of CPUs on the system.
  334. .. code-block:: yaml
  335. linux:
  336. system:
  337. kernel:
  338. isolcpu: 1,2,3,4,5,6,7 # isolate first cpu 0
  339. Repositories
  340. ~~~~~~~~~~~~
  341. RedHat based Linux with additional OpenStack repo
  342. .. code-block:: yaml
  343. linux:
  344. system:
  345. ...
  346. repo:
  347. rdo-icehouse:
  348. enabled: true
  349. source: 'http://repos.fedorapeople.org/repos/openstack/openstack-icehouse/epel-6/'
  350. pgpcheck: 0
  351. Ensure system repository to use czech Debian mirror (``default: true``)
  352. Also pin it's packages with priority 900.
  353. .. code-block:: yaml
  354. linux:
  355. system:
  356. repo:
  357. debian:
  358. default: true
  359. source: "deb http://ftp.cz.debian.org/debian/ jessie main contrib non-free"
  360. # Import signing key from URL if needed
  361. key_url: "http://dummy.com/public.gpg"
  362. pin:
  363. - pin: 'origin "ftp.cz.debian.org"'
  364. priority: 900
  365. package: '*'
  366. rc.local example
  367. .. code-block:: yaml
  368. linux:
  369. system:
  370. rc:
  371. local: |
  372. #!/bin/sh -e
  373. #
  374. # rc.local
  375. #
  376. # This script is executed at the end of each multiuser runlevel.
  377. # Make sure that the script will "exit 0" on success or any other
  378. # value on error.
  379. #
  380. # In order to enable or disable this script just change the execution
  381. # bits.
  382. #
  383. # By default this script does nothing.
  384. exit 0
  385. Prompt
  386. ~~~~~~
  387. Setting prompt is implemented by creating ``/etc/profile.d/prompt.sh``. Every
  388. user can have different prompt.
  389. .. code-block:: yaml
  390. linux:
  391. system:
  392. prompt:
  393. root: \\n\\[\\033[0;37m\\]\\D{%y/%m/%d %H:%M:%S} $(hostname -f)\\[\\e[0m\\]\\n\\[\\e[1;31m\\][\\u@\\h:\\w]\\[\\e[0m\\]
  394. default: \\n\\D{%y/%m/%d %H:%M:%S} $(hostname -f)\\n[\\u@\\h:\\w]
  395. On Debian systems to set prompt system-wide it's necessary to remove setting
  396. PS1 in ``/etc/bash.bashrc`` and ``~/.bashrc`` (which comes from
  397. ``/etc/skel/.bashrc``). This formula will do this automatically, but will not
  398. touch existing user's ``~/.bashrc`` files except root.
  399. Bash
  400. ~~~~
  401. Fix bash configuration to preserve history across sessions (like ZSH does by
  402. default).
  403. .. code-block:: yaml
  404. linux:
  405. system:
  406. bash:
  407. preserve_history: true
  408. Message of the day
  409. ~~~~~~~~~~~~~~~~~~
  410. ``pam_motd`` from package ``update-motd`` is used for dynamic messages of the
  411. day. Setting custom motd will cleanup existing ones.
  412. .. code-block:: yaml
  413. linux:
  414. system:
  415. motd:
  416. - release: |
  417. #!/bin/sh
  418. [ -r /etc/lsb-release ] && . /etc/lsb-release
  419. if [ -z "$DISTRIB_DESCRIPTION" ] && [ -x /usr/bin/lsb_release ]; then
  420. # Fall back to using the very slow lsb_release utility
  421. DISTRIB_DESCRIPTION=$(lsb_release -s -d)
  422. fi
  423. printf "Welcome to %s (%s %s %s)\n" "$DISTRIB_DESCRIPTION" "$(uname -o)" "$(uname -r)" "$(uname -m)"
  424. - warning: |
  425. #!/bin/sh
  426. printf "This is [company name] network.\n"
  427. printf "Unauthorized access strictly prohibited.\n"
  428. RHEL / CentOS
  429. ^^^^^^^^^^^^^
  430. Unfortunately ``update-motd`` is currently not available for RHEL so there's
  431. no native support for dynamic motd.
  432. You can still set static one, only pillar structure differs:
  433. .. code-block:: yaml
  434. linux:
  435. system:
  436. motd: |
  437. This is [company name] network.
  438. Unauthorized access strictly prohibited.
  439. Haveged
  440. ~~~~~~~
  441. If you are running headless server and are low on entropy, it may be a good
  442. idea to setup Haveged.
  443. .. code-block:: yaml
  444. linux:
  445. system:
  446. haveged:
  447. enabled: true
  448. Linux network
  449. -------------
  450. Linux with network manager
  451. .. code-block:: yaml
  452. linux:
  453. network:
  454. enabled: true
  455. network_manager: true
  456. Linux with default static network interfaces, default gateway interface and DNS servers
  457. .. code-block:: yaml
  458. linux:
  459. network:
  460. enabled: true
  461. interface:
  462. eth0:
  463. enabled: true
  464. type: eth
  465. address: 192.168.0.102
  466. netmask: 255.255.255.0
  467. gateway: 192.168.0.1
  468. name_servers:
  469. - 8.8.8.8
  470. - 8.8.4.4
  471. mtu: 1500
  472. Linux with bonded interfaces and disabled NetworkManager
  473. .. code-block:: yaml
  474. linux:
  475. network:
  476. enabled: true
  477. interface:
  478. eth0:
  479. type: eth
  480. ...
  481. eth1:
  482. type: eth
  483. ...
  484. bond0:
  485. enabled: true
  486. type: bond
  487. address: 192.168.0.102
  488. netmask: 255.255.255.0
  489. mtu: 1500
  490. use_in:
  491. - interface: ${linux:interface:eth0}
  492. - interface: ${linux:interface:eth0}
  493. network_manager:
  494. disable: true
  495. Linux with vlan interface_params
  496. .. code-block:: yaml
  497. linux:
  498. network:
  499. enabled: true
  500. interface:
  501. vlan69:
  502. type: vlan
  503. use_interfaces:
  504. - interface: ${linux:interface:bond0}
  505. Linux with wireless interface parameters
  506. .. code-block:: yaml
  507. linux:
  508. network:
  509. enabled: true
  510. gateway: 10.0.0.1
  511. default_interface: eth0
  512. interface:
  513. wlan0:
  514. type: eth
  515. wireless:
  516. essid: example
  517. key: example_key
  518. security: wpa
  519. priority: 1
  520. Linux networks with routes defined
  521. .. code-block:: yaml
  522. linux:
  523. network:
  524. enabled: true
  525. gateway: 10.0.0.1
  526. default_interface: eth0
  527. interface:
  528. eth0:
  529. type: eth
  530. route:
  531. default:
  532. address: 192.168.0.123
  533. netmask: 255.255.255.0
  534. gateway: 192.168.0.1
  535. Native Linux Bridges
  536. .. code-block:: yaml
  537. linux:
  538. network:
  539. interface:
  540. eth1:
  541. enabled: true
  542. type: eth
  543. proto: manual
  544. up_cmds:
  545. - ip address add 0/0 dev $IFACE
  546. - ip link set $IFACE up
  547. down_cmds:
  548. - ip link set $IFACE down
  549. br-ex:
  550. enabled: true
  551. type: bridge
  552. address: ${linux:network:host:public_local:address}
  553. netmask: 255.255.255.0
  554. use_interfaces:
  555. - eth1
  556. OpenVswitch Bridges
  557. .. code-block:: yaml
  558. linux:
  559. network:
  560. bridge: openvswitch
  561. interface:
  562. eth1:
  563. enabled: true
  564. type: eth
  565. proto: manual
  566. up_cmds:
  567. - ip address add 0/0 dev $IFACE
  568. - ip link set $IFACE up
  569. down_cmds:
  570. - ip link set $IFACE down
  571. br-ex:
  572. enabled: true
  573. type: bridge
  574. address: ${linux:network:host:public_local:address}
  575. netmask: 255.255.255.0
  576. use_interfaces:
  577. - eth1
  578. Linux with proxy
  579. .. code-block:: yaml
  580. linux:
  581. network:
  582. ...
  583. proxy:
  584. host: proxy.domain.com
  585. port: 3128
  586. Linux with hosts
  587. Parameter purge_hosts will enforce whole /etc/hosts file, removing entries
  588. that are not defined in model except defaults for both IPv4 and IPv6 localhost
  589. and hostname + fqdn.
  590. It's good to use this option if you want to ensure /etc/hosts is always in a
  591. clean state however it's not enabled by default for safety.
  592. .. code-block:: yaml
  593. linux:
  594. network:
  595. ...
  596. purge_hosts: true
  597. host:
  598. # No need to define this one if purge_hosts is true
  599. hostname:
  600. address: 127.0.1.1
  601. names:
  602. - ${linux:network:fqdn}
  603. - ${linux:network:hostname}
  604. node1:
  605. address: 192.168.10.200
  606. names:
  607. - node2.domain.com
  608. - service2.domain.com
  609. node2:
  610. address: 192.168.10.201
  611. names:
  612. - node2.domain.com
  613. - service2.domain.com
  614. Setup resolv.conf, nameservers, domain and search domains
  615. .. code-block:: yaml
  616. linux:
  617. network:
  618. resolv:
  619. dns:
  620. - 8.8.4.4
  621. - 8.8.8.8
  622. domain: my.example.com
  623. search:
  624. - my.example.com
  625. - example.com
  626. options:
  627. - ndots: 5
  628. - timeout: 2
  629. - attempts: 2
  630. DPDK OVS interfaces
  631. --------------------
  632. **DPDK OVS NIC**
  633. .. code-block:: yaml
  634. linux:
  635. network:
  636. bridge: openvswitch
  637. dpdk:
  638. enabled: true
  639. driver: uio/vfio-pci
  640. openvswitch:
  641. pmd_cpu_mask: "0x6"
  642. dpdk_socket_mem: "1024,1024"
  643. dpdk_lcore_mask: "0x400"
  644. memory_channels: 2
  645. interface:
  646. dpkd0:
  647. name: ${_param:dpdk_nic}
  648. pci: 0000:06:00.0
  649. driver: igb_uio/vfio
  650. enabled: true
  651. type: dpdk_ovs_port
  652. n_rxq: 2
  653. bridge: br-prv
  654. mtu: 9000
  655. br-prv:
  656. enabled: true
  657. type: dpdk_ovs_bridge
  658. **DPDK OVS Bond**
  659. .. code-block:: yaml
  660. linux:
  661. network:
  662. bridge: openvswitch
  663. dpdk:
  664. enabled: true
  665. driver: uio/vfio-pci
  666. openvswitch:
  667. pmd_cpu_mask: "0x6"
  668. dpdk_socket_mem: "1024,1024"
  669. dpdk_lcore_mask: "0x400"
  670. memory_channels: 2
  671. interface:
  672. dpdk_second_nic:
  673. name: ${_param:primary_second_nic}
  674. pci: 0000:06:00.0
  675. driver: igb_uio/vfio
  676. bond: dpdkbond0
  677. enabled: true
  678. type: dpdk_ovs_port
  679. n_rxq: 2
  680. mtu: 9000
  681. dpdk_first_nic:
  682. name: ${_param:primary_first_nic}
  683. pci: 0000:05:00.0
  684. driver: igb_uio/vfio
  685. bond: dpdkbond0
  686. enabled: true
  687. type: dpdk_ovs_port
  688. n_rxq: 2
  689. mtu: 9000
  690. dpdkbond0:
  691. enabled: true
  692. bridge: br-prv
  693. type: dpdk_ovs_bond
  694. mode: active-backup
  695. br-prv:
  696. enabled: true
  697. type: dpdk_ovs_bridge
  698. **DPDK OVS bridge for VXLAN**
  699. If VXLAN is used as tenant segmentation then ip address must be set on br-prv
  700. .. code-block:: yaml
  701. linux:
  702. network:
  703. ...
  704. interface:
  705. br-prv:
  706. enabled: true
  707. type: dpdk_ovs_bridge
  708. address: 192.168.50.0
  709. netmask: 255.255.255.0
  710. mtu: 9000
  711. Linux storage
  712. -------------
  713. Linux with mounted Samba
  714. .. code-block:: yaml
  715. linux:
  716. storage:
  717. enabled: true
  718. mount:
  719. samba1:
  720. - enabled: true
  721. - path: /media/myuser/public/
  722. - device: //192.168.0.1/storage
  723. - file_system: cifs
  724. - options: guest,uid=myuser,iocharset=utf8,file_mode=0777,dir_mode=0777,noperm
  725. File swap configuration
  726. .. code-block:: yaml
  727. linux:
  728. storage:
  729. enabled: true
  730. swap:
  731. file:
  732. enabled: true
  733. engine: file
  734. device: /swapfile
  735. size: 1024
  736. Partition swap configuration
  737. .. code-block:: yaml
  738. linux:
  739. storage:
  740. enabled: true
  741. swap:
  742. partition:
  743. enabled: true
  744. engine: partition
  745. device: /dev/vg0/swap
  746. LVM group `vg1` with one device and `data` volume mounted into `/mnt/data`
  747. .. code-block:: yaml
  748. parameters:
  749. linux:
  750. storage:
  751. mount:
  752. data:
  753. enabled: true
  754. device: /dev/vg1/data
  755. file_system: ext4
  756. path: /mnt/data
  757. lvm:
  758. vg1:
  759. enabled: true
  760. devices:
  761. - /dev/sdb
  762. volume:
  763. data:
  764. size: 40G
  765. mount: ${linux:storage:mount:data}
  766. Multipath with Fujitsu Eternus DXL
  767. .. code-block:: yaml
  768. parameters:
  769. linux:
  770. storage:
  771. multipath:
  772. enabled: true
  773. blacklist_devices:
  774. - /dev/sda
  775. - /dev/sdb
  776. backends:
  777. - fujitsu_eternus_dxl
  778. Multipath with Hitachi VSP 1000
  779. .. code-block:: yaml
  780. parameters:
  781. linux:
  782. storage:
  783. multipath:
  784. enabled: true
  785. blacklist_devices:
  786. - /dev/sda
  787. - /dev/sdb
  788. backends:
  789. - hitachi_vsp1000
  790. Multipath with IBM Storwize
  791. .. code-block:: yaml
  792. parameters:
  793. linux:
  794. storage:
  795. multipath:
  796. enabled: true
  797. blacklist_devices:
  798. - /dev/sda
  799. - /dev/sdb
  800. backends:
  801. - ibm_storwize
  802. Multipath with multiple backends
  803. .. code-block:: yaml
  804. parameters:
  805. linux:
  806. storage:
  807. multipath:
  808. enabled: true
  809. blacklist_devices:
  810. - /dev/sda
  811. - /dev/sdb
  812. - /dev/sdc
  813. - /dev/sdd
  814. backends:
  815. - ibm_storwize
  816. - fujitsu_eternus_dxl
  817. - hitachi_vsp1000
  818. Disabled multipath (the default setup)
  819. .. code-block:: yaml
  820. parameters:
  821. linux:
  822. storage:
  823. multipath:
  824. enabled: false
  825. Linux with local loopback device
  826. .. code-block:: yaml
  827. linux:
  828. storage:
  829. loopback:
  830. disk1:
  831. file: /srv/disk1
  832. size: 50G
  833. External config generation
  834. --------------------------
  835. You are able to use config support metadata between formulas and only generate
  836. config files for external use, eg. docker, etc.
  837. .. code-block:: yaml
  838. parameters:
  839. linux:
  840. system:
  841. config:
  842. pillar:
  843. jenkins:
  844. master:
  845. home: /srv/volumes/jenkins
  846. approved_scripts:
  847. - method java.net.URL openConnection
  848. credentials:
  849. - type: username_password
  850. scope: global
  851. id: test
  852. desc: Testing credentials
  853. username: test
  854. password: test
  855. Usage
  856. =====
  857. Set mtu of network interface eth0 to 1400
  858. .. code-block:: bash
  859. ip link set dev eth0 mtu 1400
  860. Read more
  861. =========
  862. * https://www.archlinux.org/
  863. * http://askubuntu.com/questions/175172/how-do-i-configure-proxies-in-ubuntu-server-or-minimal-cli-ubuntu
  864. Documentation and Bugs
  865. ======================
  866. To learn how to install and update salt-formulas, consult the documentation
  867. available online at:
  868. http://salt-formulas.readthedocs.io/
  869. In the unfortunate event that bugs are discovered, they should be reported to
  870. the appropriate issue tracker. Use Github issue tracker for specific salt
  871. formula:
  872. https://github.com/salt-formulas/salt-formula-linux/issues
  873. For feature requests, bug reports or blueprints affecting entire ecosystem,
  874. use Launchpad salt-formulas project:
  875. https://launchpad.net/salt-formulas
  876. You can also join salt-formulas-users team and subscribe to mailing list:
  877. https://launchpad.net/~salt-formulas-users
  878. Developers wishing to work on the salt-formulas projects should always base
  879. their work on master branch and submit pull request against specific formula.
  880. https://github.com/salt-formulas/salt-formula-linux
  881. Any questions or feedback is always welcome so feel free to join our IRC
  882. channel:
  883. #salt-formulas @ irc.freenode.net