ExternalMirrors
/
linux-formula
mirror of https://github.com/salt-formulas/salt-formula-linux
Watch 1
Star 0
Fork 1
Code Issues 0 Releases 8 Wiki Activity
Saltstack Official Linux Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
482 Commits
26 Branches
Tree: f2a380d42a
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'f2a380d42a'
${ noResults }
linux-formula/README.rst

README.rst 39KB
Raw Normal View History

Update README.rst
7 years ago
Initial commit
9 years ago
Update README.rst
7 years ago
Initial commit
9 years ago
Update README.rst
7 years ago
Initial commit
9 years ago
Extend linux.user - Add posibility do delete user password - Delete any password, if no other option has been passed - Allow to pass hash\plain password - Allow to unchange password Change-Id: Id2b7234ca5d4417475b2114e74840292fc57d0de
7 years ago
Initial commit
9 years ago
Extend linux.user - Add posibility do delete user password - Delete any password, if no other option has been passed - Allow to pass hash\plain password - Allow to unchange password Change-Id: Id2b7234ca5d4417475b2114e74840292fc57d0de
7 years ago
Initial commit
9 years ago
Extend linux.user - Add posibility do delete user password - Delete any password, if no other option has been passed - Allow to pass hash\plain password - Allow to unchange password Change-Id: Id2b7234ca5d4417475b2114e74840292fc57d0de
7 years ago
Initial commit
9 years ago
Add sudo state, salt-managed aliases,users,groups - apply review comments - add visudo check cmd
7 years ago
Update README.rst
7 years ago
Add sudo state, salt-managed aliases,users,groups - apply review comments - add visudo check cmd
7 years ago
Update README.rst
7 years ago
Add sudo state, salt-managed aliases,users,groups - apply review comments - add visudo check cmd
7 years ago
Update README.rst fixed typo in sudo part
7 years ago
Add sudo state, salt-managed aliases,users,groups - apply review comments - add visudo check cmd
7 years ago
Added ability to enable SETENV in sudoers Change-Id: Icee295720a5a2425390a1bcd588841897071938e
7 years ago
Add sudo state, salt-managed aliases,users,groups - apply review comments - add visudo check cmd
7 years ago
Initial commit
9 years ago
Add system.autoupdates state (#61) * Add support for autoupdates only Debian-based systems are supported for now (through unattended-upgrades package) * Fix test on system.autoupdates.pkgs
7 years ago
Initial commit
9 years ago
Use cron job identifier to be able to update command Change-Id: Id571945585863a08bd2317b57ecc6123a16e1857
7 years ago
Initial commit
9 years ago
Use cron job identifier to be able to update command Change-Id: Id571945585863a08bd2317b57ecc6123a16e1857
7 years ago
Initial commit
9 years ago
Support for setting security limits
9 years ago
Enable/disable console autologin
9 years ago
More options for consoles
9 years ago
Enable/disable console autologin
9 years ago
Allow setting policy-rc.d
9 years ago
Allow setting system locales
8 years ago
Fix readme of cs_CZ locales
8 years ago
Allow setting system locales
8 years ago
Allow configure systemd Change-Id: I54bc92902137899834408732ab852fd96d3f5a53
7 years ago
Add linux.system.directory state Change-Id: Ida91f545cc705457d1bc567fbee483e14a202a3a
7 years ago
Make linux.system.kernel functional
9 years ago
add support for kernel modules Change-Id: I6ba3d72307805341829fe0f6919e326f3698e833
7 years ago
RIL-267 Adding cpu governor and kernel module opts (#101) * RIL-267 Adding cpu governor and kernel module opts * RIL-267 Adding cpu governor and kernel module opts * RIL-267 Adding cpu governor and kernel module opts
7 years ago
Make linux.system.kernel functional
9 years ago
Linux sysctl kernel parameters
9 years ago
cpu governor
8 years ago
RIL-267 Adding cpu governor and kernel module opts (#101) * RIL-267 Adding cpu governor and kernel module opts * RIL-267 Adding cpu governor and kernel module opts * RIL-267 Adding cpu governor and kernel module opts
7 years ago
cpu governor
8 years ago
Add ca_certificates into readme Fixes: #120 Change-Id: Idc3b239418630a6d7cb8d5451726095c70fb6247
7 years ago
Add support for sysfs Change-Id: I29cfe2cd9dd39b74a1d39313f78dfddc87cb79b8
7 years ago
Hugepages support Grub hugepages configuration and mount point action. Change-Id: I49b26871c325b95a7d3f264892a9e997b58765bc Epic: PROD-8959
7 years ago
cpu governor
8 years ago
SRIOV support Enable SR-IOV support on server. Change-Id: I7dabe340abd398cc0422698112cbdd81804446b7 Epic: PROD-8956
7 years ago
Implement isolcpu grub configuration Separate cpu for host os from workload. Change-Id: I5b274a6324fe2fa47c09df82c01e3b95dadb5e53 Epic: PROD-8959
7 years ago
cpu governor
8 years ago
Initial commit
9 years ago
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 years ago
Add dhclient basic configuration Allows configuring general section as well as configuring each dhcp enabled interface separetly. Does not allow alias or lease configuration.
7 years ago
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 years ago
Add dhclient basic configuration Allows configuring general section as well as configuring each dhcp enabled interface separetly. Does not allow alias or lease configuration.
7 years ago
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 years ago
README fix for purging repos
7 years ago
Add linux.system.apt state Change-Id: I1e190f1f5b34a049335efbecffad3dddf7c41644
7 years ago
README fix for purging repos
7 years ago
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 years ago
rc.local added to linux formula
9 years ago
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 years ago
Allow setting system-wide prompt
9 years ago
Ensure PS1 is enforced for root
9 years ago
rc.local added to linux formula
9 years ago
Option to preserve bash history
8 years ago
Set message of the day
9 years ago
add service management support Change-Id: Iffb55fee41b8398de12554b58a9d36ae2b81e7ff
7 years ago
Add atop Change-Id: I59297736406469e5314236cb40851d9a6f94386e
7 years ago
RHEL compatibility of motd and prompt
8 years ago
Support for haveged
8 years ago
RHEL compatibility of motd and prompt
8 years ago
Support for haveged
8 years ago
Initial commit
9 years ago
example usage to disable NM
9 years ago
Initial commit
9 years ago
example usage to disable NM
9 years ago
Initial commit
9 years ago
vlan networking support
9 years ago
fix fillar syntax
9 years ago
vlan networking support
9 years ago
Initial commit
9 years ago
vlan networking support
9 years ago
Initial commit
9 years ago
vlan networking support
9 years ago
Initial commit
9 years ago
One should be able to change ovs port type if its not virtual. If ovs port is virtual, we use OVSIntPort to create it. Otherwise it should be OVSPort. I've added new key: ovs_port_type to not intersect with current deployments and not hurt anyone. I've updated doc to have an example of ovs peering patch. Customer-Found Change-Id: Ieddb5fcc02d410c3cc14c89737992690cb5f3975
7 years ago
Initial commit
9 years ago
Introduce ipflush_onchange Change-Id: I4dc6d6db82dc4074ed247b7fc0c29bfdc867b0d6
7 years ago
Add concat and remove for interfaces.d Change-Id: Ia97c5a79c5298f24aca6ca9148ce48546f3bcb70
7 years ago
Add dhclient basic configuration Allows configuring general section as well as configuring each dhcp enabled interface separetly. Does not allow alias or lease configuration.
7 years ago
Add linux.network.systemd support
7 years ago
Add dhclient basic configuration Allows configuring general section as well as configuring each dhcp enabled interface separetly. Does not allow alias or lease configuration.
7 years ago
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 years ago
Allow mining for the dns records for local hosts records Change-Id: I8f2a66c6edafc425794d7cedc8b9217df7ee5951
7 years ago
Initial commit
9 years ago
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 years ago
Initial commit
9 years ago
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 years ago
Initial commit
9 years ago
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 years ago
Allow mining for the dns records for local hosts records Change-Id: I8f2a66c6edafc425794d7cedc8b9217df7ee5951
7 years ago
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 years ago
Initial commit
9 years ago
Allow enforcing of whole /etc/hosts Parameter purge_hosts will enforce whole /etc/hosts file, removing entries that are not defined in model except defaults for both IPv4 and IPv6 localhost and hostname + fqdn. It's good to use this option if you want to ensure /etc/hosts is always in a clean state however it's not enabled by default for safety. Change-Id: Ieb219b2dd494d5a66ecc52a2ec00dd5157ee2b7a
8 years ago
Allow mining for the dns records for local hosts records Change-Id: I8f2a66c6edafc425794d7cedc8b9217df7ee5951
7 years ago
Allow enforcing of whole /etc/hosts Parameter purge_hosts will enforce whole /etc/hosts file, removing entries that are not defined in model except defaults for both IPv4 and IPv6 localhost and hostname + fqdn. It's good to use this option if you want to ensure /etc/hosts is always in a clean state however it's not enabled by default for safety. Change-Id: Ieb219b2dd494d5a66ecc52a2ec00dd5157ee2b7a
8 years ago
Initial commit
9 years ago
Allow enforcing of whole /etc/hosts Parameter purge_hosts will enforce whole /etc/hosts file, removing entries that are not defined in model except defaults for both IPv4 and IPv6 localhost and hostname + fqdn. It's good to use this option if you want to ensure /etc/hosts is always in a clean state however it's not enabled by default for safety. Change-Id: Ieb219b2dd494d5a66ecc52a2ec00dd5157ee2b7a
8 years ago
Initial commit
9 years ago
Allow enforcing of whole /etc/hosts Parameter purge_hosts will enforce whole /etc/hosts file, removing entries that are not defined in model except defaults for both IPv4 and IPv6 localhost and hostname + fqdn. It's good to use this option if you want to ensure /etc/hosts is always in a clean state however it's not enabled by default for safety. Change-Id: Ieb219b2dd494d5a66ecc52a2ec00dd5157ee2b7a
8 years ago
Initial commit
9 years ago
Allow mining for the dns records for local hosts records Change-Id: I8f2a66c6edafc425794d7cedc8b9217df7ee5951
7 years ago
Allow enforcing of whole /etc/hosts Parameter purge_hosts will enforce whole /etc/hosts file, removing entries that are not defined in model except defaults for both IPv4 and IPv6 localhost and hostname + fqdn. It's good to use this option if you want to ensure /etc/hosts is always in a clean state however it's not enabled by default for safety. Change-Id: Ieb219b2dd494d5a66ecc52a2ec00dd5157ee2b7a
8 years ago
Allow setting resolv.conf
9 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
Allow setting resolv.conf
9 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
fix options setting in resolv
8 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
Allow mining for the dns records for local hosts records Change-Id: I8f2a66c6edafc425794d7cedc8b9217df7ee5951
7 years ago
Feature: automatically set txqueuelen for all tap* network interfaces Config: linux: network: tap_custom_txqueuelen: 10000 in case of configuration parameter defined will create file: /etc/udev/rules.d/60-net-txqueue.rules with content: KERNEL==”tap[0-9a-z\-]*", RUN+="/sbin/ip link set %k txqueuelen 10000"
7 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
[DPDK] Enable VT-d in kernel via grub in case vfio-pci PMD driver This is required in order to use vfio-pci driver. More info: http://docs.openvswitch.org/en/latest/intro/install/dpdk/ Change-Id: I1c936ffd4a903b9c6d67cdde6c612019a85f9b9e
7 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
[DPDK] Enable VT-d in kernel via grub in case vfio-pci PMD driver This is required in order to use vfio-pci driver. More info: http://docs.openvswitch.org/en/latest/intro/install/dpdk/ Change-Id: I1c936ffd4a903b9c6d67cdde6c612019a85f9b9e
7 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
[DPDK] Add ability to set pmd_rxq_affinity for dpdk interfaces This enables a more fine tuned dpdk for better performance. More details on pmd-rxq-affinity config: http://docs.openvswitch.org/en/latest/howto/dpdk/ Change-Id: I630c6af94ff733619fb175f522fc515984862ff6
7 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
Linux OVS dpdk vxlan tunnel endpoint ip address Add possiblity to add ip address and mtu on dpdk ovs bridge to be able use VXLAN as tenant segmentation. Change-Id: I1394d30c5d9935218841b17ff7651dac7b4abefa Epic: PROD-8957
7 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
Allow setting resolv.conf
9 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
[DPDK] Enable VT-d in kernel via grub in case vfio-pci PMD driver This is required in order to use vfio-pci driver. More info: http://docs.openvswitch.org/en/latest/intro/install/dpdk/ Change-Id: I1c936ffd4a903b9c6d67cdde6c612019a85f9b9e
7 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
[DPDK] Enable VT-d in kernel via grub in case vfio-pci PMD driver This is required in order to use vfio-pci driver. More info: http://docs.openvswitch.org/en/latest/intro/install/dpdk/ Change-Id: I1c936ffd4a903b9c6d67cdde6c612019a85f9b9e
7 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
[DPDK] Add ability to set pmd_rxq_affinity for dpdk interfaces This enables a more fine tuned dpdk for better performance. More details on pmd-rxq-affinity config: http://docs.openvswitch.org/en/latest/howto/dpdk/ Change-Id: I630c6af94ff733619fb175f522fc515984862ff6
7 years ago
Linux OVS dpdk vxlan tunnel endpoint ip address Add possiblity to add ip address and mtu on dpdk ovs bridge to be able use VXLAN as tenant segmentation. Change-Id: I1394d30c5d9935218841b17ff7651dac7b4abefa Epic: PROD-8957
7 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
[DPDK] Enable VT-d in kernel via grub in case vfio-pci PMD driver This is required in order to use vfio-pci driver. More info: http://docs.openvswitch.org/en/latest/intro/install/dpdk/ Change-Id: I1c936ffd4a903b9c6d67cdde6c612019a85f9b9e
7 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
[DPDK] Add ability to set pmd_rxq_affinity for dpdk interfaces This enables a more fine tuned dpdk for better performance. More details on pmd-rxq-affinity config: http://docs.openvswitch.org/en/latest/howto/dpdk/ Change-Id: I630c6af94ff733619fb175f522fc515984862ff6
7 years ago
Linux OVS dpdk vxlan tunnel endpoint ip address Add possiblity to add ip address and mtu on dpdk ovs bridge to be able use VXLAN as tenant segmentation. Change-Id: I1394d30c5d9935218841b17ff7651dac7b4abefa Epic: PROD-8957
7 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
Linux OVS dpdk vxlan tunnel endpoint ip address Add possiblity to add ip address and mtu on dpdk ovs bridge to be able use VXLAN as tenant segmentation. Change-Id: I1394d30c5d9935218841b17ff7651dac7b4abefa Epic: PROD-8957
7 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
Initial commit
9 years ago
Fix mount examples in the README The enabled flag is mandatory.
8 years ago
Initial commit
9 years ago
nfs storage mount
7 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
Initial commit
9 years ago
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
7 years ago
add swap partition support
9 years ago
Support for LVM
9 years ago
Fix mount examples in the README The enabled flag is mandatory.
8 years ago
Support for LVM
9 years ago
Disk partitioning Ability to create partitions on empty disks. Change-Id: I0a71da9d62d8f7df3fa03e3f34d49bad6988ba6d
7 years ago
add startsector for partitions
7 years ago
Disk partitioning Ability to create partitions on empty disks. Change-Id: I0a71da9d62d8f7df3fa03e3f34d49bad6988ba6d
7 years ago
add startsector for partitions
7 years ago
Disk partitioning Ability to create partitions on empty disks. Change-Id: I0a71da9d62d8f7df3fa03e3f34d49bad6988ba6d
7 years ago
Extend by mkfs for XFS filesystem Change-Id: I3a6a8fc227cb9abd785b342584038e34d57a4175
7 years ago
Disk partitioning Ability to create partitions on empty disks. Change-Id: I0a71da9d62d8f7df3fa03e3f34d49bad6988ba6d
7 years ago
Refactored multipath support
8 years ago
Add linux.storage.loopback state This state allows to configure loopback device(s). This isn't meant to be used in production but offers a cheap way to test Cinder with LVM volumes.
8 years ago
Add support for external config generation
8 years ago
netconsole remote kernel logger To configure: * set system.netconsole.enabled to true * create system.netconsole.target dict * set a record with IP address and MAC and interface as subdict It works with both static and DHCP interfaces, and applies online. You could use bash-scripting in netconsole.conf. You could override the MAC. See tests/pillar/system.sls for further information. Change-Id: I1cbde47575eb5d32a34cd6d79a063f42dbea7643
7 years ago
Refactored multipath support
8 years ago
Initial commit
9 years ago
Unify Makefile, .gitignore and update readme
8 years ago
 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624162516261627162816291630163116321633163416351636163716381639164016411642164316441645164616471648 
  1. ============

  2. Linux Fomula

  3. ============

  4. 

  5. Linux Operating Systems.

  6. 

  7. * Ubuntu

  8. * CentOS

  9. * RedHat

  10. * Fedora

  11. * Arch

  12. 

  13. Sample Pillars

  14. ==============

  15. 

  16. 

  17. Linux System

  18. ------------

  19. 

  20. Basic Linux box

  21. 

  22. .. code-block:: yaml

  23. 

  24.     linux:

  25.       system:

  26.         enabled: true

  27.         name: 'node1'

  28.         domain: 'domain.com'

  29.         cluster: 'system'

  30.         environment: prod

  31.         timezone: 'Europe/Prague'

  32.         utc: true

  33. 

  34. Linux with system users, some with password set:

  35. .. WARNING::

  36. If no 'password' variable has been passed - any predifined password

  37. will be removed.

  38. 

  39. .. code-block:: yaml

  40. 

  41.     linux:

  42.       system:

  43.         ...

  44.         user:

  45.           jdoe:

  46.             name: 'jdoe'

  47.             enabled: true

  48.             sudo: true

  49.             shell: /bin/bash

  50.             full_name: 'Jonh Doe'

  51.             home: '/home/jdoe'

  52.             email: 'jonh@doe.com'

  53.           jsmith:

  54.             name: 'jsmith'

  55.             enabled: true

  56.             full_name: 'With clear password'

  57.             home: '/home/jsmith'

  58.             hash_password: true

  59.             password: "userpassword"

  60.           mark:

  61.             name: 'mark'

  62.             enabled: true

  63.             full_name: "unchange password'

  64.             home: '/home/mark'

  65.             password: false

  66.           elizabeth:

  67.             name: 'elizabeth'

  68.             enabled: true

  69.             full_name: 'With hased password'

  70.             home: '/home/elizabeth'

  71.             password: "$6$nUI7QEz3$dFYjzQqK5cJ6HQ38KqG4gTWA9eJu3aKx6TRVDFh6BVJxJgFWg2akfAA7f1fCxcSUeOJ2arCO6EEI6XXnHXxG10"

  72. 

  73. Configure sudo for users and groups under ``/etc/sudoers.d/``.

  74. This ways ``linux.system.sudo`` pillar map to actual sudo attributes:

  75. 

  76. .. code-block:: jinja

  77. 

  78.    # simplified template:

  79.    Cmds_Alias {{ alias }}={{ commands }}

  80.    {{ user }}   {{ hosts }}=({{ runas }}) NOPASSWD: {{ commands }}

  81.    %{{ group }} {{ hosts }}=({{ runas }}) NOPASSWD: {{ commands }}

  82. 

  83.    # when rendered:

  84.    saltuser1 ALL=(ALL) NOPASSWD: ALL

  85. 

  86. .. code-block:: yaml

  87. 

  88.   linux:

  89.     system:

  90.       sudo:

  91.         enabled: true

  92.         aliases:

  93.           host:

  94.             LOCAL:

  95.             - localhost

  96.             PRODUCTION:

  97.             - db1

  98.             - db2

  99.           runas:

  100.             DBA:

  101.             - postgres

  102.             - mysql

  103.             SALT:

  104.             - root

  105.           command:

  106.             # Note: This is not 100% safe when ALL keyword is used, user still may modify configs and hide his actions.

  107.             #       Best practice is to specify full list of commands user is allowed to run.

  108.             SUPPORT_RESTRICTED:

  109.             - /bin/vi /etc/sudoers*

  110.             - /bin/vim /etc/sudoers*

  111.             - /bin/nano /etc/sudoers*

  112.             - /bin/emacs /etc/sudoers*

  113.             - /bin/su - root

  114.             - /bin/su -

  115.             - /bin/su

  116.             - /usr/sbin/visudo

  117.             SUPPORT_SHELLS:

  118.             - /bin/sh

  119.             - /bin/ksh

  120.             - /bin/bash

  121.             - /bin/rbash

  122.             - /bin/dash

  123.             - /bin/zsh

  124.             - /bin/csh

  125.             - /bin/fish

  126.             - /bin/tcsh

  127.             - /usr/bin/login

  128.             - /usr/bin/su

  129.             - /usr/su

  130.             ALL_SALT_SAFE:

  131.             - /usr/bin/salt state*

  132.             - /usr/bin/salt service*

  133.             - /usr/bin/salt pillar*

  134.             - /usr/bin/salt grains*

  135.             - /usr/bin/salt saltutil*

  136.             - /usr/bin/salt-call state*

  137.             - /usr/bin/salt-call service*

  138.             - /usr/bin/salt-call pillar*

  139.             - /usr/bin/salt-call grains*

  140.             - /usr/bin/salt-call saltutil*

  141.             SALT_TRUSTED:

  142.             - /usr/bin/salt*

  143.         users:

  144.           # saltuser1 with default values: saltuser1 ALL=(ALL) NOPASSWD: ALL

  145.           saltuser1: {}

  146.           saltuser2:

  147.             hosts:

  148.             - LOCAL

  149.           # User Alias DBA

  150.           DBA:

  151.             hosts:

  152.             - ALL

  153.             commands:

  154.             - ALL_SALT_SAFE

  155.         groups:

  156.           db-ops:

  157.             hosts:

  158.             - ALL

  159.             - '!PRODUCTION'

  160.             runas:

  161.             - DBA

  162.             commands:

  163.             - /bin/cat *

  164.             - /bin/less *

  165.             - /bin/ls *

  166.           salt-ops:

  167.             hosts:

  168.             - 'ALL'

  169.             runas:

  170.             - SALT

  171.             commands:

  172.             - SUPPORT_SHELLS

  173.           salt-ops-2nd:

  174.             name: salt-ops

  175.             nopasswd: false

  176.             setenv: true # Enable sudo -E option

  177.             runas:

  178.             - DBA

  179.             commands:

  180.             - ALL

  181.             - '!SUPPORT_SHELLS'

  182.             - '!SUPPORT_RESTRICTED'

  183. 

  184. Linux with package, latest version

  185. 

  186. .. code-block:: yaml

  187. 

  188.     linux:

  189.       system:

  190.         ...

  191.         package:

  192.           package-name:

  193.             version: latest

  194. 

  195. Linux with package from certail repo, version with no upgrades

  196. 

  197. .. code-block:: yaml

  198. 

  199.     linux:

  200.       system:

  201.         ...

  202.         package:

  203.           package-name:

  204.             version: 2132.323

  205.             repo: 'custom-repo'

  206.             hold: true

  207. 

  208. Linux with package from certail repo, version with no GPG verification

  209. 

  210. .. code-block:: yaml

  211. 

  212.     linux:

  213.       system:

  214.         ...

  215.         package:

  216.           package-name:

  217.             version: 2132.323

  218.             repo: 'custom-repo'

  219.             verify: false

  220. 

  221. Linux with autoupdates (automatically install security package updates)

  222. 

  223. .. code-block:: yaml

  224. 

  225.     linux:

  226.       system:

  227.         ...

  228.         autoupdates:

  229.           enabled: true

  230.           mail: root@localhost

  231.           mail_only_on_error: true

  232.           remove_unused_dependencies: false

  233.           automatic_reboot: true

  234.           automatic_reboot_time: "02:00"

  235. 

  236. Linux with cron jobs

  237. By default it will use name as an identifier, unless identifier key is

  238. explicitly set or False (then it will use Salt's default behavior which is

  239. identifier same as command resulting in not being able to change it)

  240. 

  241. .. code-block:: yaml

  242. 

  243.     linux:

  244.       system:

  245.         ...

  246.         job:

  247.           cmd1:

  248.             command: '/cmd/to/run'

  249.             identifier: cmd1

  250.             enabled: true

  251.             user: 'root'

  252.             hour: 2

  253.             minute: 0

  254. 

  255. Linux security limits (limit sensu user memory usage to max 1GB):

  256. 

  257. .. code-block:: yaml

  258. 

  259.     linux:

  260.       system:

  261.         ...

  262.         limit:

  263.           sensu:

  264.             enabled: true

  265.             domain: sensu

  266.             limits:

  267.               - type: hard

  268.                 item: as

  269.                 value: 1000000

  270. 

  271. Enable autologin on tty1 (may work only for Ubuntu 14.04):

  272. 

  273. .. code-block:: yaml

  274. 

  275.     linux:

  276.       system:

  277.         console:

  278.           tty1:

  279.             autologin: root

  280.           # Enable serial console

  281.           ttyS0:

  282.             autologin: root

  283.             rate: 115200

  284.             term: xterm

  285. 

  286. To disable set autologin to `false`.

  287. 

  288. Set ``policy-rc.d`` on Debian-based systems. Action can be any available

  289. command in ``while true`` loop and ``case`` context.

  290. Following will disallow dpkg to stop/start services for cassandra package automatically:

  291. 

  292. .. code-block:: yaml

  293. 

  294.     linux:

  295.       system:

  296.         policyrcd:

  297.           - package: cassandra

  298.             action: exit 101

  299.           - package: '*'

  300.             action: switch

  301. 

  302. Set system locales:

  303. 

  304. .. code-block:: yaml

  305. 

  306.     linux:

  307.       system:

  308.         locale:

  309.           en_US.UTF-8:

  310.             default: true

  311.           "cs_CZ.UTF-8 UTF-8":

  312.             enabled: true

  313. 

  314. Systemd settings:

  315. 

  316. .. code-block:: yaml

  317. 

  318.     linux:

  319.       system:

  320.         ...

  321.         systemd:

  322.           system:

  323.             Manager:

  324.               DefaultLimitNOFILE: 307200

  325.               DefaultLimitNPROC: 307200

  326.           user:

  327.             Manager:

  328.               DefaultLimitCPU: 2

  329.               DefaultLimitNPROC: 4

  330. 

  331. Ensure presence of directory:

  332. 

  333. .. code-block:: yaml

  334. 

  335.     linux:

  336.       system:

  337.         directory:

  338.           /tmp/test:

  339.             user: root

  340.             group: root

  341.             mode: 700

  342.             makedirs: true

  343. 

  344. Kernel

  345. ~~~~~~

  346. 

  347. Install always up to date LTS kernel and headers from Ubuntu trusty:

  348. 

  349. .. code-block:: yaml

  350. 

  351.     linux:

  352.       system:

  353.         kernel:

  354.           type: generic

  355.           lts: trusty

  356.           headers: true

  357. 

  358. Load kernel modules and add them to `/etc/modules`:

  359. 

  360. .. code-block:: yaml

  361. 

  362.     linux:

  363.       system:

  364.         kernel:

  365.           modules:

  366.             - nf_conntrack

  367.             - tp_smapi

  368.             - 8021q

  369. 

  370. Configure or blacklist kernel modules with additional options to `/etc/modprobe.d` following example 

  371. will add `/etc/modprobe.d/nf_conntrack.conf` file with line `options nf_conntrack hashsize=262144`:

  372. 

  373. .. code-block:: yaml

  374. 

  375.     linux:

  376.       system:

  377.         kernel:

  378.           module:

  379.             nf_conntrack:

  380.               option:

  381.                 hashsize: 262144

  382. 

  383. 

  384. 

  385. Install specific kernel version and ensure all other kernel packages are

  386. not present. Also install extra modules and headers for this kernel:

  387. 

  388. .. code-block:: yaml

  389. 

  390.     linux:

  391.       system:

  392.         kernel:

  393.           type: generic

  394.           extra: true

  395.           headers: true

  396.           version: 4.2.0-22

  397. 

  398. Systcl kernel parameters

  399. 

  400. .. code-block:: yaml

  401. 

  402.     linux:

  403.       system:

  404.         kernel:

  405.           sysctl:

  406.             net.ipv4.tcp_keepalive_intvl: 3

  407.             net.ipv4.tcp_keepalive_time: 30

  408.             net.ipv4.tcp_keepalive_probes: 8

  409. 

  410. 

  411. CPU

  412. ~~~

  413. 

  414. Enable cpufreq governor for every cpu:

  415. 

  416. .. code-block:: yaml

  417. 

  418.     linux:

  419.       system:

  420.         cpu:

  421.           governor: performance

  422. 

  423. Certificates

  424. ~~~~~~~~~~~~

  425. 

  426. Add certificate authority into system trusted CA bundle

  427. 

  428. .. code-block:: yaml

  429. 

  430.     linux:

  431.       system:

  432.         ca_certificates:

  433.           mycert: |

  434.             -----BEGIN CERTIFICATE-----

  435.             MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG

  436.             A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz

  437.             cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2

  438.             MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV

  439.             BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt

  440.             YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN

  441.             ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE

  442.             BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is

  443.             I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G

  444.             CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do

  445.             lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc

  446.             AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k

  447.             -----END CERTIFICATE-----

  448. 

  449. Sysfs

  450. ~~~~~

  451. 

  452. Install sysfsutils and set sysfs attributes:

  453. 

  454. .. code-block:: yaml

  455. 

  456.     linux:

  457.       system:

  458.         sysfs:

  459.           scheduler:

  460.             block/sda/queue/scheduler: deadline

  461.           power:

  462.             mode:

  463.               power/state: 0660

  464.             owner:

  465.               power/state: "root:power"

  466.             devices/system/cpu/cpu0/cpufreq/scaling_governor: powersave

  467. 

  468. Huge Pages

  469. ~~~~~~~~~~~~

  470. 

  471. Huge Pages give a performance boost to applications that intensively deal

  472. with memory allocation/deallocation by decreasing memory fragmentation.

  473. 

  474. .. code-block:: yaml

  475. 

  476.     linux:

  477.       system:

  478.         kernel:

  479.           hugepages:

  480.             small:

  481.               size: 2M

  482.               count: 107520

  483.               mount_point: /mnt/hugepages_2MB

  484.               mount: false/true # default false

  485.             large:

  486.               default: true # default automatically mounted

  487.               size: 1G

  488.               count: 210

  489.               mount_point: /mnt/hugepages_1GB

  490. 

  491. Note: not recommended to use both pagesizes in concurrently.

  492. 

  493. Intel SR-IOV

  494. ~~~~~~~~~~~~

  495. 

  496. PCI-SIG Single Root I/O Virtualization and Sharing (SR-IOV) specification defines a standardized mechanism to virtualize PCIe devices. The mechanism can virtualize a single PCIe Ethernet controller to appear as multiple PCIe devices.

  497. 

  498. .. code-block:: yaml

  499. 

  500.     linux:

  501.       system:

  502.         kernel:

  503.           sriov: True

  504.           unsafe_interrupts: False # Default is false. for older platforms and AMD we need to add interrupt remapping workaround

  505.         rc:

  506.           local: |

  507.             #!/bin/sh -e

  508.             # Enable 7 VF on eth1

  509.             echo 7 > /sys/class/net/eth1/device/sriov_numvfs; sleep 2; ifup -a

  510.             exit 0

  511. 

  512. Isolate CPU options

  513. ~~~~~~~~~~~~~~~~~~~

  514. 

  515. Remove the specified CPUs, as defined by the cpu_number values, from the general kernel

  516. SMP balancing and scheduler algroithms. The only way to move a process onto or off an

  517. "isolated" CPU is via the CPU affinity syscalls. cpu_number begins at 0, so the

  518. maximum value is 1 less than the number of CPUs on the system.

  519. 

  520. .. code-block:: yaml

  521. 

  522.     linux:

  523.       system:

  524.         kernel:

  525.           isolcpu: 1,2,3,4,5,6,7 # isolate first cpu 0

  526. 

  527. Repositories

  528. ~~~~~~~~~~~~

  529. 

  530. RedHat based Linux with additional OpenStack repo

  531. 

  532. .. code-block:: yaml

  533. 

  534.     linux:

  535.       system:

  536.         ...

  537.         repo:

  538.           rdo-icehouse:

  539.             enabled: true

  540.             source: 'http://repos.fedorapeople.org/repos/openstack/openstack-icehouse/epel-6/'

  541.             pgpcheck: 0

  542. 

  543. Ensure system repository to use czech Debian mirror (``default: true``)

  544. Also pin it's packages with priority 900.

  545. 

  546. .. code-block:: yaml

  547. 

  548.    linux:

  549.      system:

  550.        repo:

  551.          debian:

  552.            default: true

  553.            source: "deb http://ftp.cz.debian.org/debian/ jessie main contrib non-free"

  554.            # Import signing key from URL if needed

  555.            key_url: "http://dummy.com/public.gpg"

  556.            pin:

  557.              - pin: 'origin "ftp.cz.debian.org"'

  558.                priority: 900

  559.                package: '*'

  560. 

  561. 

  562. Package manager proxy setup globally:

  563. 

  564. .. code-block:: yaml

  565. 

  566.     linux:

  567.       system:

  568.         ...

  569.         repo:

  570.           apt-mk:

  571.             source: "deb http://apt-mk.mirantis.com/ stable main salt"

  572.         ...

  573.         proxy:

  574.           pkg:

  575.             enabled: true

  576.             ftp:   ftp://ftp-proxy-for-apt.host.local:2121

  577.           ...

  578.           # NOTE: Global defaults for any other componet that configure proxy on the system.

  579.           #       If your environment has just one simple proxy, set it on linux:system:proxy.

  580.           #

  581.           # fall back system defaults if linux:system:proxy:pkg has no protocol specific entries

  582.           # as for https and http

  583.           ftp:   ftp://proxy.host.local:2121

  584.           http:  http://proxy.host.local:3142

  585.           https: https://proxy.host.local:3143

  586. 

  587. Package manager proxy setup per repository:

  588. 

  589. .. code-block:: yaml

  590. 

  591.     linux:

  592.       system:

  593.         ...

  594.         repo:

  595.           debian:

  596.             source: "deb http://apt-mk.mirantis.com/ stable main salt"

  597.         ...

  598.           apt-mk:

  599.             source: "deb http://apt-mk.mirantis.com/ stable main salt"

  600.             # per repository proxy

  601.             proxy:

  602.               enabled: true

  603.               http:  http://maas-01:8080

  604.               https: http://maas-01:8080

  605.         ...

  606.         proxy:

  607.           # package manager fallback defaults

  608.           # used if linux:system:repo:apt-mk:proxy has no protocol specific entries

  609.           pkg:

  610.             enabled: true

  611.             ftp:   ftp://proxy.host.local:2121

  612.             #http:  http://proxy.host.local:3142

  613.             #https: https://proxy.host.local:3143

  614.           ...

  615.           # global system fallback system defaults

  616.           ftp:   ftp://proxy.host.local:2121

  617.           http:  http://proxy.host.local:3142

  618.           https: https://proxy.host.local:3143

  619. 

  620. 

  621. Remove all repositories:

  622. 

  623. .. code-block:: yaml

  624. 

  625.     linux:

  626.       system:

  627.         purge_repos: true

  628. 

  629. Setup custom apt config options:

  630. 

  631. .. code-block:: yaml

  632. 

  633.     linux:

  634.       system:

  635.         apt:

  636.           config:

  637.             compression-workaround:

  638.               "Acquire::CompressionTypes::Order": "gz"

  639.             docker-clean:

  640.               "DPkg::Post-Invoke":

  641.                 - "rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true"

  642.               "APT::Update::Post-Invoke":

  643.                 - "rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true"

  644. 

  645. RC

  646. ~~

  647. 

  648. rc.local example

  649. 

  650. .. code-block:: yaml

  651. 

  652.    linux:

  653.      system:

  654.        rc:

  655.          local: |

  656.            #!/bin/sh -e

  657.            #

  658.            # rc.local

  659.            #

  660.            # This script is executed at the end of each multiuser runlevel.

  661.            # Make sure that the script will "exit 0" on success or any other

  662.            # value on error.

  663.            #

  664.            # In order to enable or disable this script just change the execution

  665.            # bits.

  666.            #

  667.            # By default this script does nothing.

  668.            exit 0

  669. 

  670. 

  671. Prompt

  672. ~~~~~~

  673. 

  674. Setting prompt is implemented by creating ``/etc/profile.d/prompt.sh``. Every

  675. user can have different prompt.

  676. 

  677. .. code-block:: yaml

  678. 

  679.     linux:

  680.       system:

  681.         prompt:

  682.           root: \\n\\[\\033[0;37m\\]\\D{%y/%m/%d %H:%M:%S} $(hostname -f)\\[\\e[0m\\]\\n\\[\\e[1;31m\\][\\u@\\h:\\w]\\[\\e[0m\\]

  683.           default: \\n\\D{%y/%m/%d %H:%M:%S} $(hostname -f)\\n[\\u@\\h:\\w]

  684. 

  685. On Debian systems to set prompt system-wide it's necessary to remove setting

  686. PS1 in ``/etc/bash.bashrc`` and ``~/.bashrc`` (which comes from

  687. ``/etc/skel/.bashrc``). This formula will do this automatically, but will not

  688. touch existing user's ``~/.bashrc`` files except root.

  689. 

  690. Bash

  691. ~~~~

  692. 

  693. Fix bash configuration to preserve history across sessions (like ZSH does by

  694. default).

  695. 

  696. .. code-block:: yaml

  697. 

  698.     linux:

  699.       system:

  700.         bash:

  701.           preserve_history: true

  702. 

  703. Message of the day

  704. ~~~~~~~~~~~~~~~~~~

  705. 

  706. ``pam_motd`` from package ``update-motd`` is used for dynamic messages of the

  707. day. Setting custom motd will cleanup existing ones.

  708. 

  709. .. code-block:: yaml

  710. 

  711.     linux:

  712.       system:

  713.         motd:

  714.           - release: |

  715.               #!/bin/sh

  716.               [ -r /etc/lsb-release ] && . /etc/lsb-release

  717. 

  718.               if [ -z "$DISTRIB_DESCRIPTION" ] && [ -x /usr/bin/lsb_release ]; then

  719.               	# Fall back to using the very slow lsb_release utility

  720.               	DISTRIB_DESCRIPTION=$(lsb_release -s -d)

  721.               fi

  722. 

  723.               printf "Welcome to %s (%s %s %s)\n" "$DISTRIB_DESCRIPTION" "$(uname -o)" "$(uname -r)" "$(uname -m)"

  724.           - warning: |

  725.               #!/bin/sh

  726.               printf "This is [company name] network.\n"

  727.               printf "Unauthorized access strictly prohibited.\n"

  728. 

  729. Services

  730. ~~~~~~~~

  731. 

  732. Stop and disable linux service:

  733. 

  734. .. code-block:: yaml

  735. 

  736.     linux:

  737.       system:

  738.         service:

  739.           apt-daily.timer:

  740.             status: dead

  741. 

  742. Possible status is dead (disable service by default), running (enable service by default), enabled, disabled.

  743. 

  744. Linux with atop service:

  745. 

  746. .. code-block:: yaml

  747. 

  748.     linux:

  749.       system:

  750.         atop:

  751.           enabled: true

  752.           interval: 20

  753.           logpath: "/var/log/atop"

  754.           outfile: "/var/log/atop/daily.log"

  755. 

  756. RHEL / CentOS

  757. ^^^^^^^^^^^^^

  758. 

  759. Unfortunately ``update-motd`` is currently not available for RHEL so there's

  760. no native support for dynamic motd.

  761. You can still set static one, only pillar structure differs:

  762. 

  763. .. code-block:: yaml

  764. 

  765.     linux:

  766.       system:

  767.         motd: |

  768.           This is [company name] network.

  769.           Unauthorized access strictly prohibited.

  770. 

  771. Haveged

  772. ~~~~~~~

  773. 

  774. If you are running headless server and are low on entropy, it may be a good

  775. idea to setup Haveged.

  776. 

  777. .. code-block:: yaml

  778. 

  779.     linux:

  780.       system:

  781.         haveged:

  782.           enabled: true

  783. 

  784. Linux network

  785. -------------

  786. 

  787. Linux with network manager

  788. 

  789. .. code-block:: yaml

  790. 

  791.     linux:

  792.       network:

  793.         enabled: true

  794.         network_manager: true

  795. 

  796. Linux with default static network interfaces, default gateway interface and DNS servers

  797. 

  798. .. code-block:: yaml

  799. 

  800.     linux:

  801.       network:

  802.         enabled: true

  803.         interface:

  804.           eth0:

  805.             enabled: true

  806.             type: eth

  807.             address: 192.168.0.102

  808.             netmask: 255.255.255.0

  809.             gateway: 192.168.0.1

  810.             name_servers:

  811.             - 8.8.8.8

  812.             - 8.8.4.4

  813.             mtu: 1500

  814. 

  815. Linux with bonded interfaces and disabled NetworkManager

  816. 

  817. .. code-block:: yaml

  818. 

  819.     linux:

  820.       network:

  821.         enabled: true

  822.         interface:

  823.           eth0:

  824.             type: eth

  825.             ...

  826.           eth1:

  827.             type: eth

  828.             ...

  829.           bond0:

  830.             enabled: true

  831.             type: bond

  832.             address: 192.168.0.102

  833.             netmask: 255.255.255.0

  834.             mtu: 1500

  835.             use_in:

  836.             - interface: ${linux:interface:eth0}

  837.             - interface: ${linux:interface:eth0}

  838.         network_manager:

  839.           disable: true

  840. 

  841. Linux with vlan interface_params

  842. 

  843. .. code-block:: yaml

  844. 

  845.     linux:

  846.       network:

  847.         enabled: true

  848.         interface:

  849.           vlan69:

  850.             type: vlan

  851.             use_interfaces:

  852.             - interface: ${linux:interface:bond0}

  853. 

  854. Linux with wireless interface parameters

  855. 

  856. .. code-block:: yaml

  857. 

  858.     linux:

  859.       network:

  860.         enabled: true

  861.         gateway: 10.0.0.1

  862.         default_interface: eth0

  863.         interface:

  864.           wlan0:

  865.             type: eth

  866.             wireless:

  867.               essid: example

  868.               key: example_key

  869.               security: wpa

  870.               priority: 1

  871. 

  872. Linux networks with routes defined

  873. 

  874. .. code-block:: yaml

  875. 

  876.     linux:

  877.       network:

  878.         enabled: true

  879.         gateway: 10.0.0.1

  880.         default_interface: eth0

  881.         interface:

  882.           eth0:

  883.             type: eth

  884.             route:

  885.               default:

  886.                 address: 192.168.0.123

  887.                 netmask: 255.255.255.0

  888.                 gateway: 192.168.0.1

  889. 

  890. Native Linux Bridges

  891. 

  892. .. code-block:: yaml

  893. 

  894.     linux:

  895.       network:

  896.         interface:

  897.           eth1:

  898.             enabled: true

  899.             type: eth

  900.             proto: manual

  901.             up_cmds:

  902.             - ip address add 0/0 dev $IFACE

  903.             - ip link set $IFACE up

  904.             down_cmds:

  905.             - ip link set $IFACE down

  906.           br-ex:

  907.             enabled: true

  908.             type: bridge

  909.             address: ${linux:network:host:public_local:address}

  910.             netmask: 255.255.255.0

  911.             use_interfaces:

  912.             - eth1

  913. 

  914. OpenVswitch Bridges

  915. 

  916. .. code-block:: yaml

  917. 

  918.     linux:

  919.       network:

  920.         bridge: openvswitch

  921.         interface:

  922.           eth1:

  923.             enabled: true

  924.             type: eth

  925.             proto: manual

  926.             up_cmds:

  927.             - ip address add 0/0 dev $IFACE

  928.             - ip link set $IFACE up

  929.             down_cmds:

  930.             - ip link set $IFACE down

  931.           br-ex:

  932.             enabled: true

  933.             type: bridge

  934.             address: ${linux:network:host:public_local:address}

  935.             netmask: 255.255.255.0

  936.             use_interfaces:

  937.             - eth1

  938.           br-prv:

  939.             enabled: true

  940.             type: ovs_bridge

  941.             mtu: 65000

  942.           br-ens7:

  943.             enabled: true

  944.             name: br-ens7

  945.             type: ovs_bridge

  946.             proto: manual

  947.             mtu: 9000

  948.             use_interfaces:

  949.             - ens7

  950.           patch-br-ens7-br-prv:

  951.             enabled: true

  952.             name: ens7-prv

  953.             ovs_type: ovs_port

  954.             type: ovs_port

  955.             bridge: br-ens7

  956.             port_type: patch

  957.             peer: prv-ens7

  958.             mtu: 65000

  959.           patch-br-prv-br-ens7:

  960.             enabled: true

  961.             name: prv-ens7

  962.             bridge: br-prv

  963.             ovs_type: ovs_port

  964.             type: ovs_port

  965.             port_type: patch

  966.             peer: ens7-prv

  967.             mtu: 65000

  968.           ens7:

  969.             enabled: true

  970.             name: ens7

  971.             proto: manual

  972.             ovs_port_type: OVSPort

  973.             type: ovs_port

  974.             ovs_bridge: br-ens7

  975.             bridge: br-ens7

  976. 

  977. Debian manual proto interfaces

  978. 

  979. When you are changing interface proto from static in up state to manual, you

  980. may need to flush ip addresses. For example, if you want to use the interface

  981. and the ip on the bridge. This can be done by setting the ``ipflush_onchange``

  982. to true.

  983. 

  984. .. code-block:: yaml

  985. 

  986.     linux:

  987.       network:

  988.         interface:

  989.           eth1:

  990.             enabled: true

  991.             type: eth

  992.             proto: manual

  993.             mtu: 9100

  994.             ipflush_onchange: true

  995. 

  996. 

  997. Concatinating and removing interface files

  998. 

  999. Debian based distributions have `/etc/network/interfaces.d/` directory, where

  1000. you can store configuration of network interfaces in separate files. You can

  1001. concatinate the files to the defined destination when needed, this operation

  1002. removes the file from the `/etc/network/interfaces.d/`. If you just need to

  1003. remove iface files, you can use the `remove_iface_files` key.

  1004. 

  1005. .. code-block:: yaml

  1006. 

  1007.     linux:

  1008.       network:

  1009.         concat_iface_files:

  1010.         - src: '/etc/network/interfaces.d/50-cloud-init.cfg'

  1011.           dst: '/etc/network/interfaces'

  1012.         remove_iface_files:

  1013.         - '/etc/network/interfaces.d/90-custom.cfg'

  1014. 

  1015. 

  1016. DHCP client configuration

  1017. 

  1018. None of the keys is mandatory, include only those you really need. For full list

  1019. of available options under send, supersede, prepend, append refer to dhcp-options(5)

  1020. 

  1021. .. code-block:: yaml

  1022. 

  1023.      linux:

  1024.        network:

  1025.          dhclient:

  1026.            enabled: true

  1027.            backoff_cutoff: 15

  1028.            initial_interval: 10

  1029.            reboot: 10

  1030.            retry: 60

  1031.            select_timeout: 0

  1032.            timeout: 120

  1033.            send:

  1034.              - option: host-name

  1035.                declaration: "= gethostname()"

  1036.            supersede:

  1037.              - option: host-name

  1038.                declaration: "spaceship"

  1039.              - option: domain-name

  1040.                declaration: "domain.home"

  1041.              #- option: arp-cache-timeout

  1042.              #  declaration: 20

  1043.            prepend:

  1044.              - option: domain-name-servers

  1045.                declaration:

  1046.                  - 8.8.8.8

  1047.                  - 8.8.4.4

  1048.              - option: domain-search

  1049.                declaration:

  1050.                  - example.com

  1051.                  - eng.example.com

  1052.            #append:

  1053.              #- option: domain-name-servers

  1054.              #  declaration: 127.0.0.1

  1055.            # ip or subnet to reject dhcp offer from

  1056.            reject:

  1057.              - 192.33.137.209

  1058.              - 10.0.2.0/24

  1059.            request:

  1060.              - subnet-mask

  1061.              - broadcast-address

  1062.              - time-offset

  1063.              - routers

  1064.              - domain-name

  1065.              - domain-name-servers

  1066.              - domain-search

  1067.              - host-name

  1068.              - dhcp6.name-servers

  1069.              - dhcp6.domain-search

  1070.              - dhcp6.fqdn

  1071.              - dhcp6.sntp-servers

  1072.              - netbios-name-servers

  1073.              - netbios-scope

  1074.              - interface-mtu

  1075.              - rfc3442-classless-static-routes

  1076.              - ntp-servers

  1077.            require:

  1078.              - subnet-mask

  1079.              - domain-name-servers

  1080.            # if per interface configuration required add below

  1081.            interface:

  1082.              ens2:

  1083.                initial_interval: 11

  1084.                reject:

  1085.                  - 192.33.137.210

  1086.              ens3:

  1087.                initial_interval: 12

  1088.                reject:

  1089.                  - 192.33.137.211

  1090. 

  1091. Linux network systemd settings:

  1092. 

  1093. .. code-block:: yaml

  1094. 

  1095.     linux:

  1096.       network:

  1097.         ...

  1098.         systemd:

  1099.           link:

  1100.             10-iface-dmz:

  1101.               Match:

  1102.                 MACAddress: c8:5b:67:fa:1a:af

  1103.                 OriginalName: eth0

  1104.               Link:

  1105.                 Name: dmz0

  1106.           netdev:

  1107.             20-bridge-dmz:

  1108.               match:

  1109.                 name: dmz0

  1110.               network:

  1111.                 mescription: bridge

  1112.                 bridge: br-dmz0

  1113.           network:

  1114.           # works with lowercase, keys are by default capitalized

  1115.             40-dhcp:

  1116.               match:

  1117.                 name: '*'

  1118.               network:

  1119.                 DHCP: yes

  1120. 

  1121. 

  1122. Configure global environment variables

  1123. 

  1124. Use ``/etc/environment`` for static system wide variable assignment after

  1125. boot. Variable expansion is frequently not supported.

  1126. 

  1127. .. code-block:: yaml

  1128. 

  1129.     linux:

  1130.       system:

  1131.         env:

  1132.           BOB_VARIABLE: Alice

  1133.           ...

  1134.           BOB_PATH:

  1135.             - /srv/alice/bin

  1136.             - /srv/bob/bin

  1137.           ...

  1138.           ftp_proxy:   none

  1139.           http_proxy:  http://global-http-proxy.host.local:8080

  1140.           https_proxy: ${linux:system:proxy:https}

  1141.           no_proxy:

  1142.             - 192.168.0.80

  1143.             - 192.168.1.80

  1144.             - .domain.com

  1145.             - .local

  1146.         ...

  1147.         # NOTE: global defaults proxy configuration.

  1148.         proxy:

  1149.           ftp:   ftp://proxy.host.local:2121

  1150.           http:  http://proxy.host.local:3142

  1151.           https: https://proxy.host.local:3143

  1152.           noproxy:

  1153.             - .domain.com

  1154.             - .local

  1155. 

  1156. Configure profile.d scripts

  1157. 

  1158. The profile.d scripts are being sourced during .sh execution and support

  1159. variable expansion in opposite to /etc/environment global settings in

  1160. ``/etc/environment``.

  1161. 

  1162. .. code-block:: yaml

  1163. 

  1164.     linux:

  1165.       system:

  1166.         profile:

  1167.           locales: |

  1168.             export LANG=C

  1169.             export LC_ALL=C

  1170.           ...

  1171.           vi_flavors.sh: |

  1172.             export PAGER=view

  1173.             export EDITOR=vim

  1174.             alias vi=vim

  1175.           shell_locales.sh: |

  1176.             export LANG=en_US

  1177.             export LC_ALL=en_US.UTF-8

  1178.           shell_proxies.sh: |

  1179.             export FTP_PROXY=ftp://127.0.3.3:2121

  1180.             export NO_PROXY='.local'

  1181. 

  1182. Linux with hosts

  1183. 

  1184. Parameter purge_hosts will enforce whole /etc/hosts file, removing entries

  1185. that are not defined in model except defaults for both IPv4 and IPv6 localhost

  1186. and hostname + fqdn.

  1187. 

  1188. It's good to use this option if you want to ensure /etc/hosts is always in a

  1189. clean state however it's not enabled by default for safety.

  1190. 

  1191. .. code-block:: yaml

  1192. 

  1193.     linux:

  1194.       network:

  1195.         purge_hosts: true

  1196.         host:

  1197.           # No need to define this one if purge_hosts is true

  1198.           hostname:

  1199.             address: 127.0.1.1

  1200.             names:

  1201.             - ${linux:network:fqdn}

  1202.             - ${linux:network:hostname}

  1203.           node1:

  1204.             address: 192.168.10.200

  1205.             names:

  1206.             - node2.domain.com

  1207.             - service2.domain.com

  1208.           node2:

  1209.             address: 192.168.10.201

  1210.             names:

  1211.             - node2.domain.com

  1212.             - service2.domain.com

  1213. 

  1214. Linux with hosts collected from mine

  1215. 

  1216. In this case all dns records defined within infrastrucuture will be passed to

  1217. local hosts records or any DNS server. Only hosts with `grain` parameter to

  1218. true will be propagated to the mine.

  1219. 

  1220. .. code-block:: yaml

  1221. 

  1222.     linux:

  1223.       network:

  1224.         purge_hosts: true

  1225.         mine_dns_records: true

  1226.         host:

  1227.           node1:

  1228.             address: 192.168.10.200

  1229.             grain: true

  1230.             names:

  1231.             - node2.domain.com

  1232.             - service2.domain.com

  1233. 

  1234. Setup resolv.conf, nameservers, domain and search domains

  1235. 

  1236. .. code-block:: yaml

  1237. 

  1238.     linux:

  1239.       network:

  1240.         resolv:

  1241.           dns:

  1242.           - 8.8.4.4

  1243.           - 8.8.8.8

  1244.           domain: my.example.com

  1245.           search:

  1246.           - my.example.com

  1247.           - example.com

  1248.           options:

  1249.           - ndots: 5

  1250.           - timeout: 2

  1251.           - attempts: 2

  1252. 

  1253. setting custom TX queue length for tap interfaces

  1254. 

  1255. .. code-block:: yaml

  1256. 

  1257.     linux:

  1258.       network:

  1259.         tap_custom_txqueuelen: 10000

  1260. 

  1261. DPDK OVS interfaces

  1262. 

  1263. **DPDK OVS NIC**

  1264. 

  1265. .. code-block:: yaml

  1266. 

  1267.     linux:

  1268.       network:

  1269.         bridge: openvswitch

  1270.         dpdk:

  1271.           enabled: true

  1272.           driver: uio/vfio

  1273.         openvswitch:

  1274.           pmd_cpu_mask: "0x6"

  1275.           dpdk_socket_mem: "1024,1024"

  1276.           dpdk_lcore_mask: "0x400"

  1277.           memory_channels: 2

  1278.         interface:

  1279.           dpkd0:

  1280.             name: ${_param:dpdk_nic}

  1281.             pci: 0000:06:00.0

  1282.             driver: igb_uio/vfio-pci

  1283.             enabled: true

  1284.             type: dpdk_ovs_port

  1285.             n_rxq: 2

  1286.             pmd_rxq_affinity: "0:1,1:2"

  1287.             bridge: br-prv

  1288.             mtu: 9000

  1289.           br-prv:

  1290.             enabled: true

  1291.             type: dpdk_ovs_bridge

  1292. 

  1293. **DPDK OVS Bond**

  1294. 

  1295. .. code-block:: yaml

  1296. 

  1297.     linux:

  1298.       network:

  1299.         bridge: openvswitch

  1300.         dpdk:

  1301.           enabled: true

  1302.           driver: uio/vfio

  1303.         openvswitch:

  1304.           pmd_cpu_mask: "0x6"

  1305.           dpdk_socket_mem: "1024,1024"

  1306.           dpdk_lcore_mask: "0x400"

  1307.           memory_channels: 2

  1308.         interface:

  1309.           dpdk_second_nic:

  1310.             name: ${_param:primary_second_nic}

  1311.             pci: 0000:06:00.0

  1312.             driver: igb_uio/vfio-pci

  1313.             bond: dpdkbond0

  1314.             enabled: true

  1315.             type: dpdk_ovs_port

  1316.             n_rxq: 2

  1317.             pmd_rxq_affinity: "0:1,1:2"

  1318.             mtu: 9000

  1319.           dpdk_first_nic:

  1320.             name: ${_param:primary_first_nic}

  1321.             pci: 0000:05:00.0

  1322.             driver: igb_uio/vfio-pci

  1323.             bond: dpdkbond0

  1324.             enabled: true

  1325.             type: dpdk_ovs_port

  1326.             n_rxq: 2

  1327.             pmd_rxq_affinity: "0:1,1:2"

  1328.             mtu: 9000

  1329.           dpdkbond0:

  1330.             enabled: true

  1331.             bridge: br-prv

  1332.             type: dpdk_ovs_bond

  1333.             mode: active-backup

  1334.           br-prv:

  1335.             enabled: true

  1336.             type: dpdk_ovs_bridge

  1337. 

  1338. **DPDK OVS bridge for VXLAN**

  1339. 

  1340. If VXLAN is used as tenant segmentation then ip address must be set on br-prv

  1341. 

  1342. .. code-block:: yaml

  1343. 

  1344.     linux:

  1345.       network:

  1346.         ...

  1347.         interface:

  1348.           br-prv:

  1349.             enabled: true

  1350.             type: dpdk_ovs_bridge

  1351.             address: 192.168.50.0

  1352.             netmask: 255.255.255.0

  1353.             mtu: 9000

  1354. 

  1355. Linux storage

  1356. -------------

  1357. 

  1358. Linux with mounted Samba

  1359. 

  1360. .. code-block:: yaml

  1361. 

  1362.     linux:

  1363.       storage:

  1364.         enabled: true

  1365.         mount:

  1366.           samba1:

  1367.           - enabled: true

  1368.           - path: /media/myuser/public/

  1369.           - device: //192.168.0.1/storage

  1370.           - file_system: cifs

  1371.           - options: guest,uid=myuser,iocharset=utf8,file_mode=0777,dir_mode=0777,noperm

  1372. 

  1373. NFS mount

  1374. 

  1375. .. code-block:: yaml

  1376. 

  1377.   linux:

  1378.     storage:

  1379.       enabled: true

  1380.       mount:

  1381.         nfs_glance:

  1382.           enabled: true

  1383.           path: /var/lib/glance/images

  1384.           device: 172.16.10.110:/var/nfs/glance

  1385.           file_system: nfs

  1386.           opts: rw,sync

  1387. 

  1388. 

  1389. File swap configuration

  1390. 

  1391. .. code-block:: yaml

  1392. 

  1393.     linux:

  1394.       storage:

  1395.         enabled: true

  1396.         swap:

  1397.           file:

  1398.             enabled: true

  1399.             engine: file

  1400.             device: /swapfile

  1401.             size: 1024

  1402. 

  1403. Partition swap configuration

  1404. 

  1405. .. code-block:: yaml

  1406. 

  1407.     linux:

  1408.       storage:

  1409.         enabled: true

  1410.         swap:

  1411.           partition:

  1412.             enabled: true

  1413.             engine: partition

  1414.             device: /dev/vg0/swap

  1415. 

  1416. LVM group `vg1` with one device and `data` volume mounted into `/mnt/data`

  1417. 

  1418. .. code-block:: yaml

  1419. 

  1420.     parameters:

  1421.       linux:

  1422.         storage:

  1423.           mount:

  1424.             data:

  1425.               enabled: true

  1426.               device: /dev/vg1/data

  1427.               file_system: ext4

  1428.               path: /mnt/data

  1429.           lvm:

  1430.             vg1:

  1431.               enabled: true

  1432.               devices:

  1433.                 - /dev/sdb

  1434.               volume:

  1435.                 data:

  1436.                   size: 40G

  1437.                   mount: ${linux:storage:mount:data}

  1438. 

  1439. Create partitions on disk. Specify size in MB. It expects empty

  1440. disk without any existing partitions. (set startsector=1, if you want to start partitions from 2048)

  1441. 

  1442. .. code-block:: yaml

  1443. 

  1444.       linux:

  1445.         storage:

  1446.           disk:

  1447.             first_drive:

  1448.               startsector: 1

  1449.               name: /dev/loop1

  1450.               type: gpt

  1451.               partitions:

  1452.                 - size: 200 #size in MB

  1453.                   type: fat32

  1454.                 - size: 300 #size in MB

  1455.                   mkfs: True

  1456.                   type: xfs

  1457.             /dev/vda1:

  1458.               partitions:

  1459.                 - size: 5

  1460.                   type: ext2

  1461.                 - size: 10

  1462.                   type: ext4

  1463. 

  1464. Multipath with Fujitsu Eternus DXL

  1465. 

  1466. .. code-block:: yaml

  1467. 

  1468.     parameters:

  1469.       linux:

  1470.         storage:

  1471.           multipath:

  1472.             enabled: true

  1473.             blacklist_devices:

  1474.             - /dev/sda

  1475.             - /dev/sdb

  1476.             backends:

  1477.             - fujitsu_eternus_dxl

  1478. 

  1479. Multipath with Hitachi VSP 1000

  1480. 

  1481. .. code-block:: yaml

  1482. 

  1483.     parameters:

  1484.       linux:

  1485.         storage:

  1486.           multipath:

  1487.             enabled: true

  1488.             blacklist_devices:

  1489.             - /dev/sda

  1490.             - /dev/sdb

  1491.             backends:

  1492.             - hitachi_vsp1000

  1493. 

  1494. Multipath with IBM Storwize

  1495. 

  1496. .. code-block:: yaml

  1497. 

  1498.     parameters:

  1499.       linux:

  1500.         storage:

  1501.           multipath:

  1502.             enabled: true

  1503.             blacklist_devices:

  1504.             - /dev/sda

  1505.             - /dev/sdb

  1506.             backends:

  1507.             - ibm_storwize

  1508. 

  1509. Multipath with multiple backends

  1510. 

  1511. .. code-block:: yaml

  1512. 

  1513.     parameters:

  1514.       linux:

  1515.         storage:

  1516.           multipath:

  1517.             enabled: true

  1518.             blacklist_devices:

  1519.             - /dev/sda

  1520.             - /dev/sdb

  1521.             - /dev/sdc

  1522.             - /dev/sdd

  1523.             backends:

  1524.             - ibm_storwize

  1525.             - fujitsu_eternus_dxl

  1526.             - hitachi_vsp1000

  1527. 

  1528. Disabled multipath (the default setup)

  1529. 

  1530. .. code-block:: yaml

  1531. 

  1532.     parameters:

  1533.       linux:

  1534.         storage:

  1535.           multipath:

  1536.             enabled: false

  1537. 

  1538. Linux with local loopback device

  1539. 

  1540. .. code-block:: yaml

  1541. 

  1542.     linux:

  1543.       storage:

  1544.         loopback:

  1545.           disk1:

  1546.             file: /srv/disk1

  1547.             size: 50G

  1548. 

  1549. External config generation

  1550. --------------------------

  1551. 

  1552. You are able to use config support metadata between formulas and only generate

  1553. config files for external use, eg. docker, etc.

  1554. 

  1555. .. code-block:: yaml

  1556. 

  1557.     parameters:

  1558.       linux:

  1559.         system:

  1560.           config:

  1561.             pillar:

  1562.               jenkins:

  1563.                 master:

  1564.                   home: /srv/volumes/jenkins

  1565.                   approved_scripts:

  1566.                     - method java.net.URL openConnection

  1567.                   credentials:

  1568.                     - type: username_password

  1569.                       scope: global

  1570.                       id: test

  1571.                       desc: Testing credentials

  1572.                       username: test

  1573.                       password: test

  1574. 

  1575. Netconsole Remote Kernel Logging

  1576. --------------------------------

  1577. 

  1578. Netconsole logger could be configured for configfs-enabled kernels

  1579. (`CONFIG_NETCONSOLE_DYNAMIC` should be enabled). Configuration applies both in

  1580. runtime (if network is already configured), and on-boot after interface

  1581. initialization. Notes:

  1582. 

  1583.  * receiver could be located only in same L3 domain

  1584.    (or you need to configure gateway MAC manually)

  1585.  * receiver's MAC is detected only on configuration time

  1586.  * using broadcast MAC is not recommended

  1587. 

  1588. .. code-block:: yaml

  1589. 

  1590.     parameters:

  1591.       linux:

  1592.         system:

  1593.           netconsole:

  1594.             enabled: true

  1595.             port: 514 (optional)

  1596.             loglevel: debug (optional)

  1597.             target:

  1598.               192.168.0.1:

  1599.                 interface: bond0

  1600.                 mac: "ff:ff:ff:ff:ff:ff" (optional)

  1601. 

  1602. Usage

  1603. =====

  1604. 

  1605. Set mtu of network interface eth0 to 1400

  1606. 

  1607. .. code-block:: bash

  1608. 

  1609.     ip link set dev eth0 mtu 1400

  1610. 

  1611. Read more

  1612. =========

  1613. 

  1614. * https://www.archlinux.org/

  1615. * http://askubuntu.com/questions/175172/how-do-i-configure-proxies-in-ubuntu-server-or-minimal-cli-ubuntu

  1616. 

  1617. Documentation and Bugs

  1618. ======================

  1619. 

  1620. To learn how to install and update salt-formulas, consult the documentation

  1621. available online at:

  1622. 

  1623.     http://salt-formulas.readthedocs.io/

  1624. 

  1625. In the unfortunate event that bugs are discovered, they should be reported to

  1626. the appropriate issue tracker. Use Github issue tracker for specific salt

  1627. formula:

  1628. 

  1629.     https://github.com/salt-formulas/salt-formula-linux/issues

  1630. 

  1631. For feature requests, bug reports or blueprints affecting entire ecosystem,

  1632. use Launchpad salt-formulas project:

  1633. 

  1634.     https://launchpad.net/salt-formulas

  1635. 

  1636. You can also join salt-formulas-users team and subscribe to mailing list:

  1637. 

  1638.     https://launchpad.net/~salt-formulas-users

  1639. 

  1640. Developers wishing to work on the salt-formulas projects should always base

  1641. their work on master branch and submit pull request against specific formula.

  1642. 

  1643.     https://github.com/salt-formulas/salt-formula-linux

  1644. 

  1645. Any questions or feedback is always welcome so feel free to join our IRC

  1646. channel:

  1647. 

  1648.     #salt-formulas @ irc.freenode.net