Saltstack Official Linux Formula
Du kan inte välja fler än 25 ämnen Ämnen måste starta med en bokstav eller siffra, kan innehålla bindestreck ('-') och vara max 35 tecken långa.

README.rst 13KB

9 år sedan
9 år sedan
9 år sedan
9 år sedan
9 år sedan
9 år sedan
9 år sedan
9 år sedan
9 år sedan
9 år sedan
9 år sedan
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616
  1. =====
  2. Linux
  3. =====
  4. Linux Operating Systems.
  5. * Ubuntu
  6. * CentOS
  7. * RedHat
  8. * Fedora
  9. * Arch
  10. Sample pillars
  11. ==============
  12. Linux system
  13. ------------
  14. Basic Linux box
  15. .. code-block:: yaml
  16. linux:
  17. system:
  18. enabled: true
  19. name: 'node1'
  20. domain: 'domain.com'
  21. cluster: 'system'
  22. environment: prod
  23. timezone: 'Europe/Prague'
  24. utc: true
  25. Linux with system users, sowe with password set
  26. .. code-block:: yaml
  27. linux:
  28. system:
  29. ...
  30. user:
  31. jdoe:
  32. name: 'jdoe'
  33. enabled: true
  34. sudo: true
  35. shell: /bin/bash
  36. full_name: 'Jonh Doe'
  37. home: '/home/jdoe'
  38. email: 'jonh@doe.com'
  39. jsmith:
  40. name: 'jsmith'
  41. enabled: true
  42. full_name: 'Password'
  43. home: '/home/jsmith'
  44. password: userpassword
  45. Linux with package, latest version
  46. .. code-block:: yaml
  47. linux:
  48. system:
  49. ...
  50. package:
  51. package-name:
  52. version: latest
  53. Linux with package from certail repo, version with no upgrades
  54. .. code-block:: yaml
  55. linux:
  56. system:
  57. ...
  58. package:
  59. package-name:
  60. version: 2132.323
  61. repo: 'custom-repo'
  62. hold: true
  63. Linux with package from certail repo, version with no GPG verification
  64. .. code-block:: yaml
  65. linux:
  66. system:
  67. ...
  68. package:
  69. package-name:
  70. version: 2132.323
  71. repo: 'custom-repo'
  72. verify: false
  73. Linux with cron jobs
  74. .. code-block:: yaml
  75. linux:
  76. system:
  77. ...
  78. job:
  79. cmd1:
  80. command: '/cmd/to/run'
  81. enabled: true
  82. user: 'root'
  83. hour: 2
  84. minute: 0
  85. Linux security limits (limit sensu user memory usage to max 1GB):
  86. .. code-block:: yaml
  87. linux:
  88. system:
  89. ...
  90. limit:
  91. sensu:
  92. enabled: true
  93. domain: sensu
  94. limits:
  95. - type: hard
  96. item: as
  97. value: 1000000
  98. Enable autologin on tty1 (may work only for Ubuntu 14.04):
  99. .. code-block:: yaml
  100. linux:
  101. system:
  102. console:
  103. tty1:
  104. autologin: root
  105. # Enable serial console
  106. ttyS0:
  107. autologin: root
  108. rate: 115200
  109. term: xterm
  110. To disable set autologin to `false`.
  111. Set ``policy-rc.d`` on Debian-based systems. Action can be any available
  112. command in ``while true`` loop and ``case`` context.
  113. Following will disallow dpkg to stop/start services for cassandra package automatically:
  114. .. code-block:: yaml
  115. linux:
  116. system:
  117. policyrcd:
  118. - package: cassandra
  119. action: exit 101
  120. - package: '*'
  121. action: switch
  122. Kernel
  123. ~~~~~~
  124. Install always up to date LTS kernel and headers from Ubuntu trusty:
  125. .. code-block:: yaml
  126. linux:
  127. system:
  128. kernel:
  129. type: generic
  130. lts: trusty
  131. headers: true
  132. Install specific kernel version and ensure all other kernel packages are
  133. not present. Also install extra modules and headers for this kernel:
  134. .. code-block:: yaml
  135. linux:
  136. system:
  137. kernel:
  138. type: generic
  139. extra: true
  140. headers: true
  141. version: 4.2.0-22
  142. Systcl kernel parameters
  143. .. code-block:: yaml
  144. linux:
  145. system:
  146. kernel:
  147. sysctl:
  148. net.ipv4.tcp_keepalive_intvl: 3
  149. net.ipv4.tcp_keepalive_time: 30
  150. net.ipv4.tcp_keepalive_probes: 8
  151. Repositories
  152. ~~~~~~~~~~~~
  153. RedHat based Linux with additional OpenStack repo
  154. .. code-block:: yaml
  155. linux:
  156. system:
  157. ...
  158. repo:
  159. rdo-icehouse:
  160. enabled: true
  161. source: 'http://repos.fedorapeople.org/repos/openstack/openstack-icehouse/epel-6/'
  162. pgpcheck: 0
  163. Ensure system repository to use czech Debian mirror (``default: true``)
  164. Also pin it's packages with priority 900.
  165. .. code-block:: yaml
  166. linux:
  167. system:
  168. repo:
  169. debian:
  170. default: true
  171. source: "deb http://ftp.cz.debian.org/debian/ jessie main contrib non-free"
  172. # Import signing key from URL if needed
  173. key_url: "http://dummy.com/public.gpg"
  174. pin:
  175. - pin: 'origin "ftp.cz.debian.org"'
  176. priority: 900
  177. package: '*'
  178. rc.local example
  179. .. code-block:: yaml
  180. linux:
  181. system:
  182. rc:
  183. local: |
  184. #!/bin/sh -e
  185. #
  186. # rc.local
  187. #
  188. # This script is executed at the end of each multiuser runlevel.
  189. # Make sure that the script will "exit 0" on success or any other
  190. # value on error.
  191. #
  192. # In order to enable or disable this script just change the execution
  193. # bits.
  194. #
  195. # By default this script does nothing.
  196. exit 0
  197. Prompt
  198. ~~~~~~
  199. Setting prompt is implemented by creating ``/etc/profile.d/prompt.sh``. Every
  200. user can have different prompt.
  201. .. code-block:: yaml
  202. linux:
  203. system:
  204. prompt:
  205. root: \\n\\[\\033[0;37m\\]\\D{%y/%m/%d %H:%M:%S} $(hostname -f)\\[\\e[0m\\]\\n\\[\\e[1;31m\\][\\u@\\h:\\w]\\[\\e[0m\\]
  206. default: \\n\\D{%y/%m/%d %H:%M:%S} $(hostname -f)\\n[\\u@\\h:\\w]
  207. On Debian systems to set prompt system-wide it's necessary to remove setting
  208. PS1 in ``/etc/bash.bashrc`` and ``~/.bashrc`` (which comes from
  209. ``/etc/skel/.bashrc``). This formula will do this automatically, but will not
  210. touch existing user's ``~/.bashrc`` files except root.
  211. Bash
  212. ~~~~
  213. Fix bash configuration to preserve history across sessions (like ZSH does by
  214. default).
  215. .. code-block:: yaml
  216. linux:
  217. system:
  218. bash:
  219. preserve_history: true
  220. Message of the day
  221. ~~~~~~~~~~~~~~~~~~
  222. ``pam_motd`` from package ``update-motd`` is used for dynamic messages of the
  223. day. Setting custom motd will cleanup existing ones.
  224. .. code-block:: yaml
  225. linux:
  226. system:
  227. motd:
  228. - release: |
  229. #!/bin/sh
  230. [ -r /etc/lsb-release ] && . /etc/lsb-release
  231. if [ -z "$DISTRIB_DESCRIPTION" ] && [ -x /usr/bin/lsb_release ]; then
  232. # Fall back to using the very slow lsb_release utility
  233. DISTRIB_DESCRIPTION=$(lsb_release -s -d)
  234. fi
  235. printf "Welcome to %s (%s %s %s)\n" "$DISTRIB_DESCRIPTION" "$(uname -o)" "$(uname -r)" "$(uname -m)"
  236. - warning: |
  237. #!/bin/sh
  238. printf "This is [company name] network.\n"
  239. printf "Unauthorized access strictly prohibited.\n"
  240. RHEL / CentOS
  241. ^^^^^^^^^^^^^
  242. Unfortunately ``update-motd`` is currently not available for RHEL so there's
  243. no native support for dynamic motd.
  244. You can still set static one, only pillar structure differs:
  245. .. code-block:: yaml
  246. linux:
  247. system:
  248. motd: |
  249. This is [company name] network.
  250. Unauthorized access strictly prohibited.
  251. Haveged
  252. ~~~~~~~
  253. If you are running headless server and are low on entropy, it may be a good
  254. idea to setup Haveged.
  255. .. code-block:: yaml
  256. linux:
  257. system:
  258. haveged:
  259. enabled: true
  260. Linux network
  261. -------------
  262. Linux with network manager
  263. .. code-block:: yaml
  264. linux:
  265. network:
  266. enabled: true
  267. network_manager: true
  268. Linux with default static network interfaces, default gateway interface and DNS servers
  269. .. code-block:: yaml
  270. linux:
  271. network:
  272. enabled: true
  273. interface:
  274. eth0:
  275. enabled: true
  276. type: eth
  277. address: 192.168.0.102
  278. netmask: 255.255.255.0
  279. gateway: 192.168.0.1
  280. name_servers:
  281. - 8.8.8.8
  282. - 8.8.4.4
  283. mtu: 1500
  284. Linux with bonded interfaces and disabled NetworkManager
  285. .. code-block:: yaml
  286. linux:
  287. network:
  288. enabled: true
  289. interface:
  290. eth0:
  291. type: eth
  292. ...
  293. eth1:
  294. type: eth
  295. ...
  296. bond0:
  297. enabled: true
  298. type: bond
  299. address: 192.168.0.102
  300. netmask: 255.255.255.0
  301. mtu: 1500
  302. use_in:
  303. - interface: ${linux:interface:eth0}
  304. - interface: ${linux:interface:eth0}
  305. network_manager:
  306. disable: true
  307. Linux with vlan interface_params
  308. .. code-block:: yaml
  309. linux:
  310. network:
  311. enabled: true
  312. interface:
  313. vlan69:
  314. type: vlan
  315. use_interfaces:
  316. - interface: ${linux:interface:bond0}
  317. Linux with wireless interface parameters
  318. .. code-block:: yaml
  319. linux:
  320. network:
  321. enabled: true
  322. gateway: 10.0.0.1
  323. default_interface: eth0
  324. interface:
  325. wlan0:
  326. type: eth
  327. wireless:
  328. essid: example
  329. key: example_key
  330. security: wpa
  331. priority: 1
  332. Linux networks with routes defined
  333. .. code-block:: yaml
  334. linux:
  335. network:
  336. enabled: true
  337. gateway: 10.0.0.1
  338. default_interface: eth0
  339. interface:
  340. eth0:
  341. type: eth
  342. route:
  343. default:
  344. address: 192.168.0.123
  345. netmask: 255.255.255.0
  346. gateway: 192.168.0.1
  347. Native Linux Bridges
  348. .. code-block:: yaml
  349. linux:
  350. network:
  351. interface:
  352. eth1:
  353. enabled: true
  354. type: eth
  355. proto: manual
  356. up_cmds:
  357. - ip address add 0/0 dev $IFACE
  358. - ip link set $IFACE up
  359. down_cmds:
  360. - ip link set $IFACE down
  361. br-ex:
  362. enabled: true
  363. type: bridge
  364. address: ${linux:network:host:public_local:address}
  365. netmask: 255.255.255.0
  366. use_interfaces:
  367. - eth1
  368. OpenVswitch Bridges
  369. .. code-block:: yaml
  370. linux:
  371. network:
  372. bridge: openvswitch
  373. interface:
  374. eth1:
  375. enabled: true
  376. type: eth
  377. proto: manual
  378. up_cmds:
  379. - ip address add 0/0 dev $IFACE
  380. - ip link set $IFACE up
  381. down_cmds:
  382. - ip link set $IFACE down
  383. br-ex:
  384. enabled: true
  385. type: bridge
  386. address: ${linux:network:host:public_local:address}
  387. netmask: 255.255.255.0
  388. use_interfaces:
  389. - eth1
  390. Linux with proxy
  391. .. code-block:: yaml
  392. linux:
  393. network:
  394. ...
  395. proxy:
  396. host: proxy.domain.com
  397. port: 3128
  398. Linux with hosts
  399. .. code-block:: yaml
  400. linux:
  401. network:
  402. ...
  403. host:
  404. node1:
  405. address: 192.168.10.200
  406. names:
  407. - node2.domain.com
  408. - service2.domain.com
  409. node2:
  410. address: 192.168.10.201
  411. names:
  412. - node2.domain.com
  413. - service2.domain.com
  414. Setup resolv.conf, nameservers, domain and search domains
  415. .. code-block:: yaml
  416. linux:
  417. network:
  418. resolv:
  419. dns:
  420. - 8.8.4.4
  421. - 8.8.8.8
  422. domain: my.example.com
  423. search:
  424. - my.example.com
  425. - example.com
  426. Linux storage pillars
  427. ---------------------
  428. Linux with mounted Samba
  429. .. code-block:: yaml
  430. linux:
  431. storage:
  432. enabled: true
  433. mount:
  434. samba1:
  435. - path: /media/myuser/public/
  436. - device: //192.168.0.1/storage
  437. - file_system: cifs
  438. - options: guest,uid=myuser,iocharset=utf8,file_mode=0777,dir_mode=0777,noperm
  439. Linux with file swap
  440. .. code-block:: yaml
  441. linux:
  442. storage:
  443. enabled: true
  444. swap:
  445. file:
  446. enabled: true
  447. engine: file
  448. device: /swapfile
  449. size: 1024
  450. Linux with partition swap
  451. .. code-block:: yaml
  452. linux:
  453. storage:
  454. enabled: true
  455. swap:
  456. partition:
  457. enabled: true
  458. engine: partition
  459. device: /dev/vg0/swap
  460. LVM group `vg1` with one device and `data` volume mounted into `/mnt/data`
  461. .. code-block:: yaml
  462. parameters:
  463. linux:
  464. storage:
  465. mount:
  466. data:
  467. device: /dev/vg1/data
  468. file_system: ext4
  469. path: /mnt/data
  470. lvm:
  471. vg1:
  472. enabled: true
  473. devices:
  474. - /dev/sdb
  475. volume:
  476. data:
  477. size: 40G
  478. mount: ${linux:storage:mount:data}
  479. Usage
  480. =====
  481. Set mtu of network interface eth0 to 1400
  482. .. code-block:: bash
  483. ip link set dev eth0 mtu 1400
  484. Read more
  485. =========
  486. * https://www.archlinux.org/
  487. * http://askubuntu.com/questions/175172/how-do-i-configure-proxies-in-ubuntu-server-or-minimal-cli-ubuntu