Saltstack Official Linux Formula
Nevar pievienot vairāk kā 25 tēmas Tēmai ir jāsākas ar burtu vai ciparu, tā var saturēt domu zīmes ('-') un var būt līdz 35 simboliem gara.

pirms 7 gadiem
pirms 9 gadiem
pirms 9 gadiem
pirms 7 gadiem
pirms 9 gadiem
pirms 7 gadiem
pirms 9 gadiem
pirms 9 gadiem
pirms 9 gadiem
pirms 9 gadiem
pirms 9 gadiem
pirms 9 gadiem
pirms 7 gadiem
pirms 7 gadiem
pirms 9 gadiem
pirms 9 gadiem
pirms 9 gadiem
pirms 9 gadiem
pirms 9 gadiem
pirms 8 gadiem
pirms 8 gadiem
pirms 8 gadiem
pirms 8 gadiem
pirms 9 gadiem
pirms 9 gadiem
pirms 9 gadiem
pirms 9 gadiem
pirms 9 gadiem
pirms 9 gadiem
pirms 9 gadiem
pirms 9 gadiem
pirms 9 gadiem
pirms 9 gadiem
pirms 9 gadiem
pirms 9 gadiem
pirms 9 gadiem
pirms 9 gadiem
pirms 9 gadiem
pirms 9 gadiem
pirms 9 gadiem
pirms 9 gadiem
pirms 9 gadiem
pirms 9 gadiem
pirms 9 gadiem
pirms 9 gadiem
pirms 9 gadiem
pirms 9 gadiem
pirms 9 gadiem
pirms 9 gadiem
pirms 9 gadiem
pirms 9 gadiem
pirms 9 gadiem
pirms 9 gadiem
pirms 7 gadiem
pirms 9 gadiem
pirms 9 gadiem
pirms 9 gadiem
pirms 9 gadiem
pirms 9 gadiem
pirms 9 gadiem
12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730173117321733173417351736173717381739174017411742174317441745174617471748174917501751175217531754175517561757175817591760176117621763176417651766176717681769177017711772177317741775177617771778177917801781178217831784178517861787178817891790179117921793179417951796179717981799180018011802180318041805180618071808180918101811181218131814181518161817181818191820182118221823182418251826182718281829183018311832183318341835183618371838183918401841184218431844184518461847184818491850185118521853185418551856185718581859186018611862186318641865186618671868186918701871187218731874187518761877187818791880188118821883188418851886188718881889189018911892189318941895189618971898189919001901190219031904190519061907190819091910191119121913191419151916191719181919192019211922192319241925192619271928192919301931193219331934193519361937193819391940194119421943194419451946194719481949195019511952195319541955195619571958195919601961196219631964196519661967196819691970197119721973197419751976197719781979198019811982198319841985198619871988198919901991199219931994199519961997199819992000200120022003200420052006200720082009201020112012201320142015201620172018201920202021202220232024202520262027202820292030203120322033203420352036203720382039204020412042204320442045204620472048204920502051205220532054205520562057205820592060206120622063206420652066206720682069207020712072207320742075207620772078207920802081208220832084208520862087208820892090209120922093209420952096209720982099210021012102210321042105210621072108210921102111211221132114211521162117211821192120212121222123212421252126212721282129213021312132213321342135213621372138213921402141214221432144214521462147214821492150215121522153215421552156215721582159216021612162216321642165216621672168216921702171217221732174217521762177217821792180218121822183218421852186218721882189219021912192219321942195219621972198219922002201220222032204220522062207220822092210221122122213221422152216221722182219222022212222222322242225222622272228222922302231223222332234223522362237223822392240224122422243224422452246224722482249225022512252225322542255225622572258225922602261226222632264226522662267226822692270227122722273227422752276227722782279228022812282228322842285228622872288228922902291229222932294229522962297229822992300230123022303230423052306230723082309231023112312231323142315231623172318231923202321232223232324232523262327232823292330233123322333233423352336233723382339234023412342234323442345234623472348234923502351235223532354235523562357235823592360236123622363236423652366236723682369237023712372237323742375237623772378237923802381238223832384238523862387238823892390239123922393239423952396239723982399240024012402240324042405240624072408240924102411241224132414241524162417241824192420242124222423242424252426242724282429243024312432243324342435243624372438243924402441244224432444244524462447244824492450245124522453245424552456245724582459246024612462246324642465246624672468246924702471247224732474247524762477247824792480248124822483248424852486248724882489249024912492249324942495249624972498249925002501250225032504250525062507250825092510251125122513
  1. ============
  2. Linux Fomula
  3. ============
  4. Linux Operating Systems:
  5. * Ubuntu
  6. * CentOS
  7. * RedHat
  8. * Fedora
  9. * Arch
  10. Sample Pillars
  11. ==============
  12. Linux System
  13. ------------
  14. Basic Linux box
  15. .. code-block:: yaml
  16. linux:
  17. system:
  18. enabled: true
  19. name: 'node1'
  20. domain: 'domain.com'
  21. cluster: 'system'
  22. environment: prod
  23. timezone: 'Europe/Prague'
  24. utc: true
  25. Linux with system users, some with password set:
  26. .. warning:: If no ``password`` variable is passed,
  27. any predifined password will be removed.
  28. .. code-block:: yaml
  29. linux:
  30. system:
  31. ...
  32. user:
  33. jdoe:
  34. name: 'jdoe'
  35. enabled: true
  36. sudo: true
  37. shell: /bin/bash
  38. full_name: 'Jonh Doe'
  39. home: '/home/jdoe'
  40. home_dir_mode: 755
  41. email: 'jonh@doe.com'
  42. unique: false
  43. jsmith:
  44. name: 'jsmith'
  45. enabled: true
  46. full_name: 'With clear password'
  47. home: '/home/jsmith'
  48. hash_password: true
  49. password: "userpassword"
  50. mark:
  51. name: 'mark'
  52. enabled: true
  53. full_name: "unchange password'
  54. home: '/home/mark'
  55. password: false
  56. elizabeth:
  57. name: 'elizabeth'
  58. enabled: true
  59. full_name: 'With hased password'
  60. home: '/home/elizabeth'
  61. password: "$6$nUI7QEz3$dFYjzQqK5cJ6HQ38KqG4gTWA9eJu3aKx6TRVDFh6BVJxJgFWg2akfAA7f1fCxcSUeOJ2arCO6EEI6XXnHXxG10"
  62. Configure password expiration parameters
  63. ----------------------------------------
  64. The following login.defs parameters can be overridden per-user:
  65. * PASS_MAX_DAYS
  66. * PASS_MIN_DAYS
  67. * PASS_WARN_DAYS
  68. * INACTIVE
  69. .. code-block:: yaml
  70. linux:
  71. system:
  72. ...
  73. user:
  74. jdoe:
  75. name: 'jdoe'
  76. enabled: true
  77. ...
  78. maxdays: <PASS_MAX_DAYS>
  79. mindays: <PASS_MIN_DAYS>
  80. warndays: <PASS_WARN_DAYS>
  81. inactdays: <INACTIVE>
  82. Configure sudo for users and groups under ``/etc/sudoers.d/``.
  83. This ways ``linux.system.sudo`` pillar map to actual sudo attributes:
  84. .. code-block:: jinja
  85. # simplified template:
  86. Cmds_Alias {{ alias }}={{ commands }}
  87. {{ user }} {{ hosts }}=({{ runas }}) NOPASSWD: {{ commands }}
  88. %{{ group }} {{ hosts }}=({{ runas }}) NOPASSWD: {{ commands }}
  89. # when rendered:
  90. saltuser1 ALL=(ALL) NOPASSWD: ALL
  91. .. code-block:: yaml
  92. linux:
  93. system:
  94. sudo:
  95. enabled: true
  96. aliases:
  97. host:
  98. LOCAL:
  99. - localhost
  100. PRODUCTION:
  101. - db1
  102. - db2
  103. runas:
  104. DBA:
  105. - postgres
  106. - mysql
  107. SALT:
  108. - root
  109. command:
  110. # Note: This is not 100% safe when ALL keyword is used, user still may modify configs and hide his actions.
  111. # Best practice is to specify full list of commands user is allowed to run.
  112. SUPPORT_RESTRICTED:
  113. - /bin/vi /etc/sudoers*
  114. - /bin/vim /etc/sudoers*
  115. - /bin/nano /etc/sudoers*
  116. - /bin/emacs /etc/sudoers*
  117. - /bin/su - root
  118. - /bin/su -
  119. - /bin/su
  120. - /usr/sbin/visudo
  121. SUPPORT_SHELLS:
  122. - /bin/sh
  123. - /bin/ksh
  124. - /bin/bash
  125. - /bin/rbash
  126. - /bin/dash
  127. - /bin/zsh
  128. - /bin/csh
  129. - /bin/fish
  130. - /bin/tcsh
  131. - /usr/bin/login
  132. - /usr/bin/su
  133. - /usr/su
  134. ALL_SALT_SAFE:
  135. - /usr/bin/salt state*
  136. - /usr/bin/salt service*
  137. - /usr/bin/salt pillar*
  138. - /usr/bin/salt grains*
  139. - /usr/bin/salt saltutil*
  140. - /usr/bin/salt-call state*
  141. - /usr/bin/salt-call service*
  142. - /usr/bin/salt-call pillar*
  143. - /usr/bin/salt-call grains*
  144. - /usr/bin/salt-call saltutil*
  145. SALT_TRUSTED:
  146. - /usr/bin/salt*
  147. users:
  148. # saltuser1 with default values: saltuser1 ALL=(ALL) NOPASSWD: ALL
  149. saltuser1: {}
  150. saltuser2:
  151. hosts:
  152. - LOCAL
  153. # User Alias DBA
  154. DBA:
  155. hosts:
  156. - ALL
  157. commands:
  158. - ALL_SALT_SAFE
  159. groups:
  160. db-ops:
  161. hosts:
  162. - ALL
  163. - '!PRODUCTION'
  164. runas:
  165. - DBA
  166. commands:
  167. - /bin/cat *
  168. - /bin/less *
  169. - /bin/ls *
  170. salt-ops:
  171. hosts:
  172. - 'ALL'
  173. runas:
  174. - SALT
  175. commands:
  176. - SUPPORT_SHELLS
  177. salt-ops-2nd:
  178. name: salt-ops
  179. nopasswd: false
  180. setenv: true # Enable sudo -E option
  181. runas:
  182. - DBA
  183. commands:
  184. - ALL
  185. - '!SUPPORT_SHELLS'
  186. - '!SUPPORT_RESTRICTED'
  187. Linux with package, latest version:
  188. .. code-block:: yaml
  189. linux:
  190. system:
  191. ...
  192. package:
  193. package-name:
  194. version: latest
  195. Linux with package from certail repo, version with no upgrades:
  196. .. code-block:: yaml
  197. linux:
  198. system:
  199. ...
  200. package:
  201. package-name:
  202. version: 2132.323
  203. repo: 'custom-repo'
  204. hold: true
  205. Linux with package from certail repo, version with no GPG
  206. verification:
  207. .. code-block:: yaml
  208. linux:
  209. system:
  210. ...
  211. package:
  212. package-name:
  213. version: 2132.323
  214. repo: 'custom-repo'
  215. verify: false
  216. Linux with autoupdates (automatically install security package
  217. updates):
  218. .. code-block:: yaml
  219. linux:
  220. system:
  221. ...
  222. autoupdates:
  223. enabled: true
  224. mail: root@localhost
  225. mail_only_on_error: true
  226. remove_unused_dependencies: false
  227. automatic_reboot: true
  228. automatic_reboot_time: "02:00"
  229. Managing cron tasks
  230. -------------------
  231. There are two data structures that are related to managing cron itself and
  232. cron tasks:
  233. .. code-block:: yaml
  234. linux:
  235. system:
  236. cron:
  237. and
  238. .. code-block:: yaml
  239. linux:
  240. system:
  241. job:
  242. `linux:system:cron` manages cron packages, services, and '/etc/cron.allow' file.
  243. 'deny' files are managed the only way - we're ensuring they are absent, that's
  244. a requirement from CIS 5.1.8
  245. 'cron' pillar structure is the following:
  246. .. code-block:: yaml
  247. linux:
  248. system:
  249. cron:
  250. enabled: true
  251. pkgs: [ <cron packages> ]
  252. services: [ <cron services> ]
  253. user:
  254. <username>:
  255. enabled: true
  256. To add user to '/etc/cron.allow' use 'enabled' key as shown above.
  257. '/etc/cron.deny' is not managed as CIS 5.1.8 requires it was removed.
  258. A user would be ignored if any of the following is true:
  259. * user is disabled in `linux:system:user:<username>`
  260. * user is disabled in `linux:system:cron:user:<username>`
  261. `linux:system:job` manages individual cron tasks.
  262. By default, it will use name as an identifier, unless identifier key is
  263. explicitly set or False (then it will use Salt's default behavior which is
  264. identifier same as command resulting in not being able to change it):
  265. .. code-block:: yaml
  266. linux:
  267. system:
  268. ...
  269. job:
  270. cmd1:
  271. command: '/cmd/to/run'
  272. identifier: cmd1
  273. enabled: true
  274. user: 'root'
  275. hour: 2
  276. minute: 0
  277. Managing 'at' tasks
  278. -------------------
  279. Pillar for managing `at` tasks is similar to one for `cron` tasks:
  280. .. code-block:: yaml
  281. linux:
  282. system:
  283. at:
  284. enabled: true
  285. pkgs: [ <at packages> ]
  286. services: [ <at services> ]
  287. user:
  288. <username>:
  289. enabled: true
  290. To add a user to '/etc/at.allow' use 'enabled' key as shown above.
  291. '/etc/at.deny' is not managed as CIS 5.1.8 requires it was removed.
  292. A user will be ignored if any of the following is true:
  293. * user is disabled in `linux:system:user:<username>`
  294. * user is disabled in `linux:system:at:user:<username>`
  295. Linux security limits (limit sensu user memory usage to max 1GB):
  296. .. code-block:: yaml
  297. linux:
  298. system:
  299. ...
  300. limit:
  301. sensu:
  302. enabled: true
  303. domain: sensu
  304. limits:
  305. - type: hard
  306. item: as
  307. value: 1000000
  308. Enable autologin on ``tty1`` (may work only for Ubuntu 14.04):
  309. .. code-block:: yaml
  310. linux:
  311. system:
  312. console:
  313. tty1:
  314. autologin: root
  315. # Enable serial console
  316. ttyS0:
  317. autologin: root
  318. rate: 115200
  319. term: xterm
  320. To disable set autologin to ``false``.
  321. Set ``policy-rc.d`` on Debian-based systems. Action can be any available
  322. command in ``while true`` loop and ``case`` context.
  323. Following will disallow dpkg to stop/start services for the Cassandra
  324. package automatically:
  325. .. code-block:: yaml
  326. linux:
  327. system:
  328. policyrcd:
  329. - package: cassandra
  330. action: exit 101
  331. - package: '*'
  332. action: switch
  333. Set system locales:
  334. .. code-block:: yaml
  335. linux:
  336. system:
  337. locale:
  338. en_US.UTF-8:
  339. default: true
  340. "cs_CZ.UTF-8 UTF-8":
  341. enabled: true
  342. Systemd settings:
  343. .. code-block:: yaml
  344. linux:
  345. system:
  346. ...
  347. systemd:
  348. system:
  349. Manager:
  350. DefaultLimitNOFILE: 307200
  351. DefaultLimitNPROC: 307200
  352. user:
  353. Manager:
  354. DefaultLimitCPU: 2
  355. DefaultLimitNPROC: 4
  356. Ensure presence of directory:
  357. .. code-block:: yaml
  358. linux:
  359. system:
  360. directory:
  361. /tmp/test:
  362. user: root
  363. group: root
  364. mode: 700
  365. makedirs: true
  366. Ensure presence of file by specifying its source:
  367. .. code-block:: yaml
  368. linux:
  369. system:
  370. file:
  371. /tmp/test.txt:
  372. source: http://example.com/test.txt
  373. user: root #optional
  374. group: root #optional
  375. mode: 700 #optional
  376. dir_mode: 700 #optional
  377. encoding: utf-8 #optional
  378. hash: <<hash>> or <<URI to hash>> #optional
  379. makedirs: true #optional
  380. linux:
  381. system:
  382. file:
  383. test.txt:
  384. name: /tmp/test.txt
  385. source: http://example.com/test.txt
  386. Ensure presence of file by specifying its contents:
  387. .. code-block:: yaml
  388. linux:
  389. system:
  390. file:
  391. /tmp/test.txt:
  392. contents: |
  393. line1
  394. line2
  395. linux:
  396. system:
  397. file:
  398. /tmp/test.txt:
  399. contents_pillar: linux:network:hostname
  400. linux:
  401. system:
  402. file:
  403. /tmp/test.txt:
  404. contents_grains: motd
  405. Ensure presence of file to be serialized through one of the
  406. serializer modules (see:
  407. https://docs.saltstack.com/en/latest/ref/serializers/all/index.html):
  408. .. code-block:: yaml
  409. linux:
  410. system:
  411. file:
  412. /tmp/test.json:
  413. serialize: json
  414. contents:
  415. foo: 1
  416. bar: 'bar'
  417. Kernel
  418. ~~~~~~
  419. Install always up to date LTS kernel and headers from Ubuntu Trusty:
  420. .. code-block:: yaml
  421. linux:
  422. system:
  423. kernel:
  424. type: generic
  425. lts: trusty
  426. headers: true
  427. Load kernel modules and add them to ``/etc/modules``:
  428. .. code-block:: yaml
  429. linux:
  430. system:
  431. kernel:
  432. modules:
  433. - nf_conntrack
  434. - tp_smapi
  435. - 8021q
  436. Configure or blacklist kernel modules with additional options to
  437. ``/etc/modprobe.d`` following example will add
  438. ``/etc/modprobe.d/nf_conntrack.conf`` file with line
  439. ``options nf_conntrack hashsize=262144``:
  440. 'option' can be a mapping (with 'enabled' and 'value' keys) or a scalar.
  441. Example for 'scalar' option value:
  442. .. code-block:: yaml
  443. linux:
  444. system:
  445. kernel:
  446. module:
  447. nf_conntrack:
  448. option:
  449. hashsize: 262144
  450. Example for 'mapping' option value:
  451. .. code-block:: yaml
  452. linux:
  453. system:
  454. kernel:
  455. module:
  456. nf_conntrack:
  457. option:
  458. hashsize:
  459. enabled: true
  460. value: 262144
  461. NOTE: 'enabled' key is optional and is True by default.
  462. Blacklist a module:
  463. .. code-block:: yaml
  464. linux:
  465. system:
  466. kernel:
  467. module:
  468. nf_conntrack:
  469. blacklist: true
  470. A module can have a number of aliases, wildcards are allowed.
  471. Define an alias for a module:
  472. .. code-block:: yaml
  473. linux:
  474. system:
  475. kernel:
  476. module:
  477. nf_conntrack:
  478. alias:
  479. nfct:
  480. enabled: true
  481. "nf_conn*":
  482. enabled: true
  483. NOTE: 'enabled' key is mandatory as there are no other keys exist.
  484. Execute custom command instead of 'insmod' when inserting a module:
  485. .. code-block:: yaml
  486. linux:
  487. system:
  488. kernel:
  489. module:
  490. nf_conntrack:
  491. install:
  492. enabled: true
  493. command: /bin/true
  494. NOTE: 'enabled' key is optional and is True by default.
  495. Execute custom command instead of 'rmmod' when removing a module:
  496. .. code-block:: yaml
  497. linux:
  498. system:
  499. kernel:
  500. module:
  501. nf_conntrack:
  502. remove:
  503. enabled: true
  504. command: /bin/true
  505. NOTE: 'enabled' key is optional and is True by default.
  506. Define module dependencies:
  507. .. code-block:: yaml
  508. linux:
  509. system:
  510. kernel:
  511. module:
  512. nf_conntrack:
  513. softdep:
  514. pre:
  515. 1:
  516. enabled: true
  517. value: a
  518. 2:
  519. enabled: true
  520. value: b
  521. 3:
  522. enabled: true
  523. value: c
  524. post:
  525. 1:
  526. enabled: true
  527. value: x
  528. 2:
  529. enabled: true
  530. value: y
  531. 3:
  532. enabled: true
  533. value: z
  534. NOTE: 'enabled' key is optional and is True by default.
  535. Install specific kernel version and ensure all other kernel packages are
  536. not present. Also install extra modules and headers for this kernel:
  537. .. code-block:: yaml
  538. linux:
  539. system:
  540. kernel:
  541. type: generic
  542. extra: true
  543. headers: true
  544. version: 4.2.0-22
  545. Systcl kernel parameters:
  546. .. code-block:: yaml
  547. linux:
  548. system:
  549. kernel:
  550. sysctl:
  551. net.ipv4.tcp_keepalive_intvl: 3
  552. net.ipv4.tcp_keepalive_time: 30
  553. net.ipv4.tcp_keepalive_probes: 8
  554. Configure kernel boot options:
  555. .. code-block:: yaml
  556. linux:
  557. system:
  558. kernel:
  559. boot_options:
  560. - elevator=deadline
  561. - spectre_v2=off
  562. - nopti
  563. CPU
  564. ~~~
  565. Enable cpufreq governor for every cpu:
  566. .. code-block:: yaml
  567. linux:
  568. system:
  569. cpu:
  570. governor: performance
  571. CGROUPS
  572. ~~~~~~~
  573. Setup linux cgroups:
  574. .. code-block:: yaml
  575. linux:
  576. system:
  577. cgroup:
  578. enabled: true
  579. group:
  580. ceph_group_1:
  581. controller:
  582. cpu:
  583. shares:
  584. value: 250
  585. cpuacct:
  586. usage:
  587. value: 0
  588. cpuset:
  589. cpus:
  590. value: 1,2,3
  591. memory:
  592. limit_in_bytes:
  593. value: 2G
  594. memsw.limit_in_bytes:
  595. value: 3G
  596. mapping:
  597. subjects:
  598. - '@ceph'
  599. generic_group_1:
  600. controller:
  601. cpu:
  602. shares:
  603. value: 250
  604. cpuacct:
  605. usage:
  606. value: 0
  607. mapping:
  608. subjects:
  609. - '*:firefox'
  610. - 'student:cp'
  611. Shared libraries
  612. ~~~~~~~~~~~~~~~~
  613. Set additional shared library to Linux system library path:
  614. .. code-block:: yaml
  615. linux:
  616. system:
  617. ld:
  618. library:
  619. java:
  620. - /usr/lib/jvm/jre-openjdk/lib/amd64/server
  621. - /opt/java/jre/lib/amd64/server
  622. Certificates
  623. ~~~~~~~~~~~~
  624. Add certificate authority into system trusted CA bundle:
  625. .. code-block:: yaml
  626. linux:
  627. system:
  628. ca_certificates:
  629. mycert: |
  630. -----BEGIN CERTIFICATE-----
  631. MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG
  632. A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
  633. cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2
  634. MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV
  635. BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt
  636. YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
  637. ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE
  638. BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is
  639. I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G
  640. CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do
  641. lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc
  642. AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k
  643. -----END CERTIFICATE-----
  644. Sysfs
  645. ~~~~~
  646. Install sysfsutils and set sysfs attributes:
  647. .. code-block:: yaml
  648. linux:
  649. system:
  650. sysfs:
  651. scheduler:
  652. block/sda/queue/scheduler: deadline
  653. power:
  654. mode:
  655. power/state: 0660
  656. owner:
  657. power/state: "root:power"
  658. devices/system/cpu/cpu0/cpufreq/scaling_governor: powersave
  659. Optional: You can also use list that will ensure order of items.
  660. .. code-block:: yaml
  661. linux:
  662. system:
  663. sysfs:
  664. scheduler:
  665. block/sda/queue/scheduler: deadline
  666. power:
  667. - mode:
  668. power/state: 0660
  669. - owner:
  670. power/state: "root:power"
  671. - devices/system/cpu/cpu0/cpufreq/scaling_governor: powersave
  672. Sysfs definition with disabled automatic write. Attributes are saved
  673. to configuration, but are not applied during the run.
  674. Thay will be applied automatically after the reboot.
  675. .. code-block:: yaml
  676. linux:
  677. system:
  678. sysfs:
  679. enable_apply: false
  680. scheduler:
  681. block/sda/queue/scheduler: deadline
  682. .. note:: The `enable_apply` parameter defaults to `True` if not defined.
  683. Huge Pages
  684. ~~~~~~~~~~~~
  685. Huge Pages give a performance boost to applications that intensively deal
  686. with memory allocation/deallocation by decreasing memory fragmentation:
  687. .. code-block:: yaml
  688. linux:
  689. system:
  690. kernel:
  691. hugepages:
  692. small:
  693. size: 2M
  694. count: 107520
  695. mount_point: /mnt/hugepages_2MB
  696. mount: false/true # default is true (mount immediately) / false (just save in the fstab)
  697. large:
  698. default: true # default automatically mounted
  699. size: 1G
  700. count: 210
  701. mount_point: /mnt/hugepages_1GB
  702. .. note:: Not recommended to use both pagesizes concurrently.
  703. Intel SR-IOV
  704. ~~~~~~~~~~~~
  705. PCI-SIG Single Root I/O Virtualization and Sharing (SR-IOV)
  706. specification defines a standardized mechanism to virtualize
  707. PCIe devices. The mechanism can virtualize a single PCIe
  708. Ethernet controller to appear as multiple PCIe devices:
  709. .. code-block:: yaml
  710. linux:
  711. system:
  712. kernel:
  713. sriov: True
  714. unsafe_interrupts: False # Default is false. for older platforms and AMD we need to add interrupt remapping workaround
  715. rc:
  716. local: |
  717. #!/bin/sh -e
  718. # Enable 7 VF on eth1
  719. echo 7 > /sys/class/net/eth1/device/sriov_numvfs; sleep 2; ifup -a
  720. exit 0
  721. Isolate CPU options
  722. ~~~~~~~~~~~~~~~~~~~
  723. Remove the specified CPUs, as defined by the cpu_number values, from
  724. the general kernel SMP balancing and scheduler algroithms. The only
  725. way to move a process onto or off an *isolated* CPU is via the CPU
  726. affinity syscalls. ``cpu_number begins`` at ``0``, so the
  727. maximum value is ``1`` less than the number of CPUs on the system.:
  728. .. code-block:: yaml
  729. linux:
  730. system:
  731. kernel:
  732. isolcpu: 1,2,3,4,5,6,7 # isolate first cpu 0
  733. Repositories
  734. ~~~~~~~~~~~~
  735. RedHat-based Linux with additional OpenStack repo:
  736. .. code-block:: yaml
  737. linux:
  738. system:
  739. ...
  740. repo:
  741. rdo-icehouse:
  742. enabled: true
  743. source: 'http://repos.fedorapeople.org/repos/openstack/openstack-icehouse/epel-6/'
  744. pgpcheck: 0
  745. Ensure system repository to use czech Debian mirror (``default: true``)
  746. Also pin it's packages with priority ``900``:
  747. .. code-block:: yaml
  748. linux:
  749. system:
  750. repo:
  751. debian:
  752. default: true
  753. source: "deb http://ftp.cz.debian.org/debian/ jessie main contrib non-free"
  754. # Import signing key from URL if needed
  755. key_url: "http://dummy.com/public.gpg"
  756. pin:
  757. - pin: 'origin "ftp.cz.debian.org"'
  758. priority: 900
  759. package: '*'
  760. If you need to add multiple pin rules for one repo, please use new,ordered definition format
  761. ('pinning' definition will be in priotity to use):
  762. .. code-block:: yaml
  763. linux:
  764. system:
  765. repo:
  766. mcp_saltstack:
  767. source: "deb [arch=amd64] http://repo.saltstack.com/apt/ubuntu/16.04/amd64/2017.7/ xenial main"
  768. architectures: amd64
  769. clean_file: true
  770. pinning:
  771. 10:
  772. enabled: true
  773. pin: 'release o=SaltStack'
  774. priority: 50
  775. package: 'libsodium18'
  776. 20:
  777. enabled: true
  778. pin: 'release o=SaltStack'
  779. priority: 1100
  780. package: '*'
  781. .. note:: For old Ubuntu releases (<xenial)
  782. extra packages for apt transport, like ``apt-transport-https``
  783. may be required to be installed manually.
  784. (Chicken-eggs issue: we need to install packages to
  785. reach repo from where they should be installed)
  786. Otherwise, you still can try 'fortune' and install prereq.packages before
  787. any repo configuration, using list of requires in map.jinja.
  788. Disabling any prerequisite packages installation:
  789. You can simply drop any package pre-installation (before system.linux.repo
  790. will be processed) via cluster lvl:
  791. .. code-block:: yaml
  792. linux:
  793. system:
  794. pkgs: ~
  795. Package manager proxy global setup:
  796. .. code-block:: yaml
  797. linux:
  798. system:
  799. ...
  800. repo:
  801. apt-mk:
  802. source: "deb http://apt-mk.mirantis.com/ stable main salt"
  803. ...
  804. proxy:
  805. pkg:
  806. enabled: true
  807. ftp: ftp://ftp-proxy-for-apt.host.local:2121
  808. ...
  809. # NOTE: Global defaults for any other componet that configure proxy on the system.
  810. # If your environment has just one simple proxy, set it on linux:system:proxy.
  811. #
  812. # fall back system defaults if linux:system:proxy:pkg has no protocol specific entries
  813. # as for https and http
  814. ftp: ftp://proxy.host.local:2121
  815. http: http://proxy.host.local:3142
  816. https: https://proxy.host.local:3143
  817. Package manager proxy setup per repository:
  818. .. code-block:: yaml
  819. linux:
  820. system:
  821. ...
  822. repo:
  823. debian:
  824. source: "deb http://apt-mk.mirantis.com/ stable main salt"
  825. ...
  826. apt-mk:
  827. source: "deb http://apt-mk.mirantis.com/ stable main salt"
  828. # per repository proxy
  829. proxy:
  830. enabled: true
  831. http: http://maas-01:8080
  832. https: http://maas-01:8080
  833. ...
  834. proxy:
  835. # package manager fallback defaults
  836. # used if linux:system:repo:apt-mk:proxy has no protocol specific entries
  837. pkg:
  838. enabled: true
  839. ftp: ftp://proxy.host.local:2121
  840. #http: http://proxy.host.local:3142
  841. #https: https://proxy.host.local:3143
  842. ...
  843. # global system fallback system defaults
  844. ftp: ftp://proxy.host.local:2121
  845. http: http://proxy.host.local:3142
  846. https: https://proxy.host.local:3143
  847. Remove all repositories:
  848. .. code-block:: yaml
  849. linux:
  850. system:
  851. purge_repos: true
  852. Refresh repositories metada, after configuration:
  853. .. code-block:: yaml
  854. linux:
  855. system:
  856. refresh_repos_meta: true
  857. Setup custom apt config options:
  858. .. code-block:: yaml
  859. linux:
  860. system:
  861. apt:
  862. config:
  863. compression-workaround:
  864. "Acquire::CompressionTypes::Order": "gz"
  865. docker-clean:
  866. "DPkg::Post-Invoke":
  867. - "rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true"
  868. "APT::Update::Post-Invoke":
  869. - "rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true"
  870. RC
  871. ~~
  872. rc.local example
  873. .. code-block:: yaml
  874. linux:
  875. system:
  876. rc:
  877. local: |
  878. #!/bin/sh -e
  879. #
  880. # rc.local
  881. #
  882. # This script is executed at the end of each multiuser runlevel.
  883. # Make sure that the script will "exit 0" on success or any other
  884. # value on error.
  885. #
  886. # In order to enable or disable this script just change the execution
  887. # bits.
  888. #
  889. # By default this script does nothing.
  890. exit 0
  891. Prompt
  892. ~~~~~~
  893. Setting prompt is implemented by creating ``/etc/profile.d/prompt.sh``.
  894. Every user can have different prompt:
  895. .. code-block:: yaml
  896. linux:
  897. system:
  898. prompt:
  899. root: \\n\\[\\033[0;37m\\]\\D{%y/%m/%d %H:%M:%S} $(hostname -f)\\[\\e[0m\\]\\n\\[\\e[1;31m\\][\\u@\\h:\\w]\\[\\e[0m\\]
  900. default: \\n\\D{%y/%m/%d %H:%M:%S} $(hostname -f)\\n[\\u@\\h:\\w]
  901. On Debian systems, to set prompt system-wide, it's necessary to
  902. remove setting PS1 in ``/etc/bash.bashrc`` and ``~/.bashrc``,
  903. which comes from ``/etc/skel/.bashrc``. This formula will do
  904. this automatically, but will not touch existing user's
  905. ``~/.bashrc`` files except root.
  906. Bash
  907. ~~~~
  908. Fix bash configuration to preserve history across sessions
  909. like ZSH does by default:
  910. .. code-block:: yaml
  911. linux:
  912. system:
  913. bash:
  914. preserve_history: true
  915. Login banner message
  916. ~~~~~~~~~~~~~~~~~~~~
  917. ``/etc/issue`` is a text file which contains a message or system
  918. identification to be printed before the login prompt. It may contain
  919. various @char and \char sequences, if supported by the getty-type
  920. program employed on the system.
  921. Setting logon banner message is easy:
  922. .. code-block:: yaml
  923. liunx:
  924. system:
  925. banner:
  926. enabled: true
  927. contents: |
  928. UNAUTHORIZED ACCESS TO THIS SYSTEM IS PROHIBITED
  929. You must have explicit, authorized permission to access or configure this
  930. device. Unauthorized attempts and actions to access or use this system may
  931. result in civil and/or criminal penalties.
  932. All activities performed on this system are logged and monitored.
  933. Message of the day
  934. ~~~~~~~~~~~~~~~~~~
  935. ``pam_motd`` from package ``libpam-modules`` is used for dynamic
  936. messages of the day. Setting custom ``motd`` will clean up existing ones.
  937. Setting static ``motd`` will replace existing ``/etc/motd`` and remove
  938. scripts from ``/etc/update-motd.d``.
  939. Setting static ``motd``:
  940. .. code-block:: yaml
  941. linux:
  942. system:
  943. motd: |
  944. UNAUTHORIZED ACCESS TO THIS SYSTEM IS PROHIBITED
  945. You must have explicit, authorized permission to access or configure this
  946. device. Unauthorized attempts and actions to access or use this system may
  947. result in civil and/or criminal penalties.
  948. All activities performed on this system are logged and monitored.
  949. Setting dynamic ``motd``:
  950. .. code-block:: yaml
  951. linux:
  952. system:
  953. motd:
  954. - release: |
  955. #!/bin/sh
  956. [ -r /etc/lsb-release ] && . /etc/lsb-release
  957. if [ -z "$DISTRIB_DESCRIPTION" ] && [ -x /usr/bin/lsb_release ]; then
  958. # Fall back to using the very slow lsb_release utility
  959. DISTRIB_DESCRIPTION=$(lsb_release -s -d)
  960. fi
  961. printf "Welcome to %s (%s %s %s)\n" "$DISTRIB_DESCRIPTION" "$(uname -o)" "$(uname -r)" "$(uname -m)"
  962. - warning: |
  963. #!/bin/sh
  964. printf "This is [company name] network.\n"
  965. printf "Unauthorized access strictly prohibited.\n"
  966. Services
  967. ~~~~~~~~
  968. Stop and disable the ``linux`` service:
  969. .. code-block:: yaml
  970. linux:
  971. system:
  972. service:
  973. apt-daily.timer:
  974. status: dead
  975. Possible statuses are ``dead`` (disable service by default), ``running``
  976. (enable service by default), ``enabled``, ``disabled``:
  977. Linux with the ``atop`` service:
  978. .. code-block:: yaml
  979. linux:
  980. system:
  981. atop:
  982. enabled: true
  983. interval: 20
  984. logpath: "/var/log/atop"
  985. outfile: "/var/log/atop/daily.log"
  986. Linux with the ``mcelog`` service:
  987. .. code-block:: yaml
  988. linux:
  989. system:
  990. mcelog:
  991. enabled: true
  992. logging:
  993. syslog: true
  994. syslog_error: true
  995. RHEL / CentOS
  996. ^^^^^^^^^^^^^
  997. Currently, ``update-motd`` is not available
  998. for RHEL. So there is no native support for dynamic ``motd``.
  999. You can still set a static one, with a different pillar structure:
  1000. .. code-block:: yaml
  1001. linux:
  1002. system:
  1003. motd: |
  1004. This is [company name] network.
  1005. Unauthorized access strictly prohibited.
  1006. Haveged
  1007. ~~~~~~~
  1008. If you are running headless server and are low on entropy,
  1009. you may set up Haveged:
  1010. .. code-block:: yaml
  1011. linux:
  1012. system:
  1013. haveged:
  1014. enabled: true
  1015. Linux network
  1016. -------------
  1017. Linux with network manager:
  1018. .. code-block:: yaml
  1019. linux:
  1020. network:
  1021. enabled: true
  1022. network_manager: true
  1023. Linux with default static network interfaces, default gateway
  1024. interface and DNS servers:
  1025. .. code-block:: yaml
  1026. linux:
  1027. network:
  1028. enabled: true
  1029. interface:
  1030. eth0:
  1031. enabled: true
  1032. type: eth
  1033. address: 192.168.0.102
  1034. netmask: 255.255.255.0
  1035. gateway: 192.168.0.1
  1036. name_servers:
  1037. - 8.8.8.8
  1038. - 8.8.4.4
  1039. mtu: 1500
  1040. Linux with bonded interfaces and disabled ``NetworkManager``:
  1041. .. code-block:: yaml
  1042. linux:
  1043. network:
  1044. enabled: true
  1045. interface:
  1046. eth0:
  1047. type: eth
  1048. ...
  1049. eth1:
  1050. type: eth
  1051. ...
  1052. bond0:
  1053. enabled: true
  1054. type: bond
  1055. address: 192.168.0.102
  1056. netmask: 255.255.255.0
  1057. mtu: 1500
  1058. use_in:
  1059. - interface: ${linux:interface:eth0}
  1060. - interface: ${linux:interface:eth0}
  1061. network_manager:
  1062. disable: true
  1063. Linux with VLAN ``interface_params``:
  1064. .. code-block:: yaml
  1065. linux:
  1066. network:
  1067. enabled: true
  1068. interface:
  1069. vlan69:
  1070. type: vlan
  1071. use_interfaces:
  1072. - interface: ${linux:interface:bond0}
  1073. Linux with wireless interface parameters:
  1074. .. code-block:: yaml
  1075. linux:
  1076. network:
  1077. enabled: true
  1078. gateway: 10.0.0.1
  1079. default_interface: eth0
  1080. interface:
  1081. wlan0:
  1082. type: eth
  1083. wireless:
  1084. essid: example
  1085. key: example_key
  1086. security: wpa
  1087. priority: 1
  1088. Linux networks with routes defined:
  1089. .. code-block:: yaml
  1090. linux:
  1091. network:
  1092. enabled: true
  1093. gateway: 10.0.0.1
  1094. default_interface: eth0
  1095. interface:
  1096. eth0:
  1097. type: eth
  1098. route:
  1099. default:
  1100. address: 192.168.0.123
  1101. netmask: 255.255.255.0
  1102. gateway: 192.168.0.1
  1103. Native Linux Bridges:
  1104. .. code-block:: yaml
  1105. linux:
  1106. network:
  1107. interface:
  1108. eth1:
  1109. enabled: true
  1110. type: eth
  1111. proto: manual
  1112. up_cmds:
  1113. - ip address add 0/0 dev $IFACE
  1114. - ip link set $IFACE up
  1115. down_cmds:
  1116. - ip link set $IFACE down
  1117. br-ex:
  1118. enabled: true
  1119. type: bridge
  1120. address: ${linux:network:host:public_local:address}
  1121. netmask: 255.255.255.0
  1122. use_interfaces:
  1123. - eth1
  1124. Open vSwitch Bridges:
  1125. .. code-block:: yaml
  1126. linux:
  1127. network:
  1128. bridge: openvswitch
  1129. interface:
  1130. eth1:
  1131. enabled: true
  1132. type: eth
  1133. proto: manual
  1134. up_cmds:
  1135. - ip address add 0/0 dev $IFACE
  1136. - ip link set $IFACE up
  1137. down_cmds:
  1138. - ip link set $IFACE down
  1139. br-ex:
  1140. enabled: true
  1141. type: bridge
  1142. address: ${linux:network:host:public_local:address}
  1143. netmask: 255.255.255.0
  1144. use_interfaces:
  1145. - eth1
  1146. br-prv:
  1147. enabled: true
  1148. type: ovs_bridge
  1149. mtu: 65000
  1150. br-ens7:
  1151. enabled: true
  1152. name: br-ens7
  1153. type: ovs_bridge
  1154. proto: manual
  1155. mtu: 9000
  1156. use_interfaces:
  1157. - ens7
  1158. patch-br-ens7-br-prv:
  1159. enabled: true
  1160. name: ens7-prv
  1161. ovs_type: ovs_port
  1162. type: ovs_port
  1163. bridge: br-ens7
  1164. port_type: patch
  1165. peer: prv-ens7
  1166. tag: 109 # [] to unset a tag
  1167. mtu: 65000
  1168. patch-br-prv-br-ens7:
  1169. enabled: true
  1170. name: prv-ens7
  1171. bridge: br-prv
  1172. ovs_type: ovs_port
  1173. type: ovs_port
  1174. port_type: patch
  1175. peer: ens7-prv
  1176. tag: 109
  1177. mtu: 65000
  1178. ens7:
  1179. enabled: true
  1180. name: ens7
  1181. proto: manual
  1182. ovs_port_type: OVSPort
  1183. type: ovs_port
  1184. ovs_bridge: br-ens7
  1185. bridge: br-ens7
  1186. Debian manual proto interfaces
  1187. When you are changing interface proto from static in up state
  1188. to manual, you may need to flush ip addresses. For example,
  1189. if you want to use the interface and the ip on the bridge.
  1190. This can be done by setting the ``ipflush_onchange`` to true.
  1191. .. code-block:: yaml
  1192. linux:
  1193. network:
  1194. interface:
  1195. eth1:
  1196. enabled: true
  1197. type: eth
  1198. proto: manual
  1199. mtu: 9100
  1200. ipflush_onchange: true
  1201. Debian static proto interfaces
  1202. When you are changing interface proto from dhcp in up state to
  1203. static, you may need to flush ip addresses and restart interface
  1204. to assign ip address from a managed file. For example, if you wantto
  1205. use the interface and the ip on the bridge. This can be done by
  1206. setting the ``ipflush_onchange`` with combination ``restart_on_ipflush``
  1207. param set to true.
  1208. .. code-block:: yaml
  1209. linux:
  1210. network:
  1211. interface:
  1212. eth1:
  1213. enabled: true
  1214. type: eth
  1215. proto: static
  1216. address: 10.1.0.22
  1217. netmask: 255.255.255.0
  1218. ipflush_onchange: true
  1219. restart_on_ipflush: true
  1220. Concatinating and removing interface files
  1221. Debian based distributions have ``/etc/network/interfaces.d/``
  1222. directory, where you can store configuration of network
  1223. interfaces in separate files. You can concatinate the files
  1224. to the defined destination when needed, this operation removes
  1225. the file from the ``/etc/network/interfaces.d/``. If you just need
  1226. to remove iface files, you can use the ``remove_iface_files`` key.
  1227. .. code-block:: yaml
  1228. linux:
  1229. network:
  1230. concat_iface_files:
  1231. - src: '/etc/network/interfaces.d/50-cloud-init.cfg'
  1232. dst: '/etc/network/interfaces'
  1233. remove_iface_files:
  1234. - '/etc/network/interfaces.d/90-custom.cfg'
  1235. Configure DHCP client
  1236. None of the keys is mandatory, include only those you really need.
  1237. For full list of available options under send, supersede, prepend,
  1238. append refer to dhcp-options(5).
  1239. .. code-block:: yaml
  1240. linux:
  1241. network:
  1242. dhclient:
  1243. enabled: true
  1244. backoff_cutoff: 15
  1245. initial_interval: 10
  1246. reboot: 10
  1247. retry: 60
  1248. select_timeout: 0
  1249. timeout: 120
  1250. send:
  1251. - option: host-name
  1252. declaration: "= gethostname()"
  1253. supersede:
  1254. - option: host-name
  1255. declaration: "spaceship"
  1256. - option: domain-name
  1257. declaration: "domain.home"
  1258. #- option: arp-cache-timeout
  1259. # declaration: 20
  1260. prepend:
  1261. - option: domain-name-servers
  1262. declaration:
  1263. - 8.8.8.8
  1264. - 8.8.4.4
  1265. - option: domain-search
  1266. declaration:
  1267. - example.com
  1268. - eng.example.com
  1269. #append:
  1270. #- option: domain-name-servers
  1271. # declaration: 127.0.0.1
  1272. # ip or subnet to reject dhcp offer from
  1273. reject:
  1274. - 192.33.137.209
  1275. - 10.0.2.0/24
  1276. request:
  1277. - subnet-mask
  1278. - broadcast-address
  1279. - time-offset
  1280. - routers
  1281. - domain-name
  1282. - domain-name-servers
  1283. - domain-search
  1284. - host-name
  1285. - dhcp6.name-servers
  1286. - dhcp6.domain-search
  1287. - dhcp6.fqdn
  1288. - dhcp6.sntp-servers
  1289. - netbios-name-servers
  1290. - netbios-scope
  1291. - interface-mtu
  1292. - rfc3442-classless-static-routes
  1293. - ntp-servers
  1294. require:
  1295. - subnet-mask
  1296. - domain-name-servers
  1297. # if per interface configuration required add below
  1298. interface:
  1299. ens2:
  1300. initial_interval: 11
  1301. reject:
  1302. - 192.33.137.210
  1303. ens3:
  1304. initial_interval: 12
  1305. reject:
  1306. - 192.33.137.211
  1307. Linux network systemd settings:
  1308. .. code-block:: yaml
  1309. linux:
  1310. network:
  1311. ...
  1312. systemd:
  1313. link:
  1314. 10-iface-dmz:
  1315. Match:
  1316. MACAddress: c8:5b:67:fa:1a:af
  1317. OriginalName: eth0
  1318. Link:
  1319. Name: dmz0
  1320. netdev:
  1321. 20-bridge-dmz:
  1322. match:
  1323. name: dmz0
  1324. network:
  1325. mescription: bridge
  1326. bridge: br-dmz0
  1327. network:
  1328. # works with lowercase, keys are by default capitalized
  1329. 40-dhcp:
  1330. match:
  1331. name: '*'
  1332. network:
  1333. DHCP: yes
  1334. Configure global environment variables
  1335. Use ``/etc/environment`` for static system wide variable assignment
  1336. after boot. Variable expansion is frequently not supported.
  1337. .. code-block:: yaml
  1338. linux:
  1339. system:
  1340. env:
  1341. BOB_VARIABLE: Alice
  1342. ...
  1343. BOB_PATH:
  1344. - /srv/alice/bin
  1345. - /srv/bob/bin
  1346. ...
  1347. ftp_proxy: none
  1348. http_proxy: http://global-http-proxy.host.local:8080
  1349. https_proxy: ${linux:system:proxy:https}
  1350. no_proxy:
  1351. - 192.168.0.80
  1352. - 192.168.1.80
  1353. - .domain.com
  1354. - .local
  1355. ...
  1356. # NOTE: global defaults proxy configuration.
  1357. proxy:
  1358. ftp: ftp://proxy.host.local:2121
  1359. http: http://proxy.host.local:3142
  1360. https: https://proxy.host.local:3143
  1361. noproxy:
  1362. - .domain.com
  1363. - .local
  1364. Configure the ``profile.d`` scripts
  1365. The ``profile.d`` scripts are being sourced during ``.sh`` execution
  1366. and support variable expansion in opposite to /etc/environment global
  1367. settings in ``/etc/environment``.
  1368. .. code-block:: yaml
  1369. linux:
  1370. system:
  1371. profile:
  1372. locales: |
  1373. export LANG=C
  1374. export LC_ALL=C
  1375. ...
  1376. vi_flavors.sh: |
  1377. export PAGER=view
  1378. export EDITOR=vim
  1379. alias vi=vim
  1380. shell_locales.sh: |
  1381. export LANG=en_US
  1382. export LC_ALL=en_US.UTF-8
  1383. shell_proxies.sh: |
  1384. export FTP_PROXY=ftp://127.0.3.3:2121
  1385. export NO_PROXY='.local'
  1386. Configure login.defs parameters
  1387. -------------------------------
  1388. .. code-block:: yaml
  1389. linux:
  1390. system:
  1391. login_defs:
  1392. <opt_name>:
  1393. enabled: true
  1394. value: <opt_value>
  1395. <opt_name> is a configurational option defined in 'man login.defs'.
  1396. <opt_name> is case sensitive, should be UPPERCASE only!
  1397. Linux with hosts
  1398. Parameter ``purge_hosts`` will enforce whole ``/etc/hosts file``,
  1399. removing entries that are not defined in model except defaults
  1400. for both IPv4 and IPv6 localhost and hostname as well as FQDN.
  1401. We recommend using this option to verify that ``/etc/hosts``
  1402. is always in a clean state. However it is not enabled by default
  1403. for security reasons.
  1404. .. code-block:: yaml
  1405. linux:
  1406. network:
  1407. purge_hosts: true
  1408. host:
  1409. # No need to define this one if purge_hosts is true
  1410. hostname:
  1411. address: 127.0.1.1
  1412. names:
  1413. - ${linux:network:fqdn}
  1414. - ${linux:network:hostname}
  1415. node1:
  1416. address: 192.168.10.200
  1417. names:
  1418. - node2.domain.com
  1419. - service2.domain.com
  1420. node2:
  1421. address: 192.168.10.201
  1422. names:
  1423. - node2.domain.com
  1424. - service2.domain.com
  1425. Linux with hosts collected from mine
  1426. All DNS records defined within infrastrucuture
  1427. are passed to the local hosts records or any DNS server. Only
  1428. hosts with the ``grain`` parameter set to ``true`` will be propagated
  1429. to the mine.
  1430. .. code-block:: yaml
  1431. linux:
  1432. network:
  1433. purge_hosts: true
  1434. mine_dns_records: true
  1435. host:
  1436. node1:
  1437. address: 192.168.10.200
  1438. grain: true
  1439. names:
  1440. - node2.domain.com
  1441. - service2.domain.com
  1442. Set up ``resolv.conf``, nameservers, domain and search domains:
  1443. .. code-block:: yaml
  1444. linux:
  1445. network:
  1446. resolv:
  1447. dns:
  1448. - 8.8.4.4
  1449. - 8.8.8.8
  1450. domain: my.example.com
  1451. search:
  1452. - my.example.com
  1453. - example.com
  1454. options:
  1455. - ndots: 5
  1456. - timeout: 2
  1457. - attempts: 2
  1458. Set up custom TX queue length for tap interfaces:
  1459. .. code-block:: yaml
  1460. linux:
  1461. network:
  1462. tap_custom_txqueuelen: 10000
  1463. DPDK OVS interfaces
  1464. **DPDK OVS NIC**
  1465. .. code-block:: yaml
  1466. linux:
  1467. network:
  1468. bridge: openvswitch
  1469. dpdk:
  1470. enabled: true
  1471. driver: uio/vfio
  1472. openvswitch:
  1473. pmd_cpu_mask: "0x6"
  1474. dpdk_socket_mem: "1024,1024"
  1475. dpdk_lcore_mask: "0x400"
  1476. memory_channels: 2
  1477. interface:
  1478. dpkd0:
  1479. name: ${_param:dpdk_nic}
  1480. pci: 0000:06:00.0
  1481. driver: igb_uio/vfio-pci
  1482. enabled: true
  1483. type: dpdk_ovs_port
  1484. n_rxq: 2
  1485. pmd_rxq_affinity: "0:1,1:2"
  1486. bridge: br-prv
  1487. mtu: 9000
  1488. br-prv:
  1489. enabled: true
  1490. type: dpdk_ovs_bridge
  1491. **DPDK OVS Bond**
  1492. .. code-block:: yaml
  1493. linux:
  1494. network:
  1495. bridge: openvswitch
  1496. dpdk:
  1497. enabled: true
  1498. driver: uio/vfio
  1499. openvswitch:
  1500. pmd_cpu_mask: "0x6"
  1501. dpdk_socket_mem: "1024,1024"
  1502. dpdk_lcore_mask: "0x400"
  1503. memory_channels: 2
  1504. interface:
  1505. dpdk_second_nic:
  1506. name: ${_param:primary_second_nic}
  1507. pci: 0000:06:00.0
  1508. driver: igb_uio/vfio-pci
  1509. bond: dpdkbond0
  1510. enabled: true
  1511. type: dpdk_ovs_port
  1512. n_rxq: 2
  1513. pmd_rxq_affinity: "0:1,1:2"
  1514. mtu: 9000
  1515. dpdk_first_nic:
  1516. name: ${_param:primary_first_nic}
  1517. pci: 0000:05:00.0
  1518. driver: igb_uio/vfio-pci
  1519. bond: dpdkbond0
  1520. enabled: true
  1521. type: dpdk_ovs_port
  1522. n_rxq: 2
  1523. pmd_rxq_affinity: "0:1,1:2"
  1524. mtu: 9000
  1525. dpdkbond0:
  1526. enabled: true
  1527. bridge: br-prv
  1528. type: dpdk_ovs_bond
  1529. mode: active-backup
  1530. br-prv:
  1531. enabled: true
  1532. type: dpdk_ovs_bridge
  1533. **DPDK OVS LACP Bond with vlan tag**
  1534. .. code-block:: yaml
  1535. linux:
  1536. network:
  1537. bridge: openvswitch
  1538. dpdk:
  1539. enabled: true
  1540. driver: uio
  1541. openvswitch:
  1542. pmd_cpu_mask: "0x6"
  1543. dpdk_socket_mem: "1024,1024"
  1544. dpdk_lcore_mask: "0x400"
  1545. memory_channels: "2"
  1546. interface:
  1547. eth3:
  1548. enabled: true
  1549. type: eth
  1550. proto: manual
  1551. name: ${_param:tenant_first_nic}
  1552. eth4:
  1553. enabled: true
  1554. type: eth
  1555. proto: manual
  1556. name: ${_param:tenant_second_nic}
  1557. dpdk0:
  1558. name: ${_param:tenant_first_nic}
  1559. pci: "0000:81:00.0"
  1560. driver: igb_uio
  1561. bond: bond1
  1562. enabled: true
  1563. type: dpdk_ovs_port
  1564. n_rxq: 2
  1565. dpdk1:
  1566. name: ${_param:tenant_second_nic}
  1567. pci: "0000:81:00.1"
  1568. driver: igb_uio
  1569. bond: bond1
  1570. enabled: true
  1571. type: dpdk_ovs_port
  1572. n_rxq: 2
  1573. bond1:
  1574. enabled: true
  1575. bridge: br-prv
  1576. type: dpdk_ovs_bond
  1577. mode: balance-slb
  1578. br-prv:
  1579. enabled: true
  1580. type: dpdk_ovs_bridge
  1581. tag: ${_param:tenant_vlan}
  1582. address: ${_param:tenant_address}
  1583. netmask: ${_param:tenant_network_netmask}
  1584. **DPDK OVS bridge for VXLAN**
  1585. If VXLAN is used as tenant segmentation, IP address must
  1586. be set on ``br-prv``.
  1587. .. code-block:: yaml
  1588. linux:
  1589. network:
  1590. ...
  1591. interface:
  1592. br-prv:
  1593. enabled: true
  1594. type: dpdk_ovs_bridge
  1595. address: 192.168.50.0
  1596. netmask: 255.255.255.0
  1597. tag: 101
  1598. mtu: 9000
  1599. **DPDK OVS bridge with Linux network interface**
  1600. .. code-block:: yaml
  1601. linux:
  1602. network:
  1603. ...
  1604. interface:
  1605. eth0:
  1606. type: eth
  1607. ovs_bridge: br-prv
  1608. ...
  1609. br-prv:
  1610. enabled: true
  1611. type: dpdk_ovs_bridge
  1612. ...
  1613. Linux storage
  1614. -------------
  1615. Linux with mounted Samba:
  1616. .. code-block:: yaml
  1617. linux:
  1618. storage:
  1619. enabled: true
  1620. mount:
  1621. samba1:
  1622. - enabled: true
  1623. - path: /media/myuser/public/
  1624. - device: //192.168.0.1/storage
  1625. - file_system: cifs
  1626. - options: guest,uid=myuser,iocharset=utf8,file_mode=0777,dir_mode=0777,noperm
  1627. NFS mount:
  1628. .. code-block:: yaml
  1629. linux:
  1630. storage:
  1631. enabled: true
  1632. mount:
  1633. nfs_glance:
  1634. enabled: true
  1635. path: /var/lib/glance/images
  1636. device: 172.16.10.110:/var/nfs/glance
  1637. file_system: nfs
  1638. opts: rw,sync
  1639. File swap configuration:
  1640. .. code-block:: yaml
  1641. linux:
  1642. storage:
  1643. enabled: true
  1644. swap:
  1645. file:
  1646. enabled: true
  1647. engine: file
  1648. device: /swapfile
  1649. size: 1024
  1650. Partition swap configuration:
  1651. .. code-block:: yaml
  1652. linux:
  1653. storage:
  1654. enabled: true
  1655. swap:
  1656. partition:
  1657. enabled: true
  1658. engine: partition
  1659. device: /dev/vg0/swap
  1660. LVM group ``vg1`` with one device and ``data`` volume mounted
  1661. into ``/mnt/data``.
  1662. .. code-block:: yaml
  1663. parameters:
  1664. linux:
  1665. storage:
  1666. mount:
  1667. data:
  1668. enabled: true
  1669. device: /dev/vg1/data
  1670. file_system: ext4
  1671. path: /mnt/data
  1672. lvm:
  1673. vg1:
  1674. enabled: true
  1675. devices:
  1676. - /dev/sdb
  1677. volume:
  1678. data:
  1679. size: 40G
  1680. mount: ${linux:storage:mount:data}
  1681. Create partitions on disk. Specify size in MB. It expects empty
  1682. disk without any existing partitions.
  1683. Set ``startsector=1`` if you want to start partitions from ``2048``.
  1684. .. code-block:: yaml
  1685. linux:
  1686. storage:
  1687. disk:
  1688. first_drive:
  1689. startsector: 1
  1690. name: /dev/loop1
  1691. type: gpt
  1692. partitions:
  1693. - size: 200 #size in MB
  1694. type: fat32
  1695. - size: 300 #size in MB
  1696. mkfs: True
  1697. type: xfs
  1698. /dev/vda1:
  1699. partitions:
  1700. - size: 5
  1701. type: ext2
  1702. - size: 10
  1703. type: ext4
  1704. Multipath with Fujitsu Eternus DXL:
  1705. .. code-block:: yaml
  1706. parameters:
  1707. linux:
  1708. storage:
  1709. multipath:
  1710. enabled: true
  1711. blacklist_devices:
  1712. - /dev/sda
  1713. - /dev/sdb
  1714. backends:
  1715. - fujitsu_eternus_dxl
  1716. Multipath with Hitachi VSP 1000:
  1717. .. code-block:: yaml
  1718. parameters:
  1719. linux:
  1720. storage:
  1721. multipath:
  1722. enabled: true
  1723. blacklist_devices:
  1724. - /dev/sda
  1725. - /dev/sdb
  1726. backends:
  1727. - hitachi_vsp1000
  1728. Multipath with IBM Storwize:
  1729. .. code-block:: yaml
  1730. parameters:
  1731. linux:
  1732. storage:
  1733. multipath:
  1734. enabled: true
  1735. blacklist_devices:
  1736. - /dev/sda
  1737. - /dev/sdb
  1738. backends:
  1739. - ibm_storwize
  1740. Multipath with multiple backends:
  1741. .. code-block:: yaml
  1742. parameters:
  1743. linux:
  1744. storage:
  1745. multipath:
  1746. enabled: true
  1747. blacklist_devices:
  1748. - /dev/sda
  1749. - /dev/sdb
  1750. - /dev/sdc
  1751. - /dev/sdd
  1752. backends:
  1753. - ibm_storwize
  1754. - fujitsu_eternus_dxl
  1755. - hitachi_vsp1000
  1756. PAM LDAP integration:
  1757. .. code-block:: yaml
  1758. parameters:
  1759. linux:
  1760. system:
  1761. auth:
  1762. enabled: true
  1763. mkhomedir:
  1764. enabled: true
  1765. umask: 0027
  1766. ldap:
  1767. enabled: true
  1768. binddn: cn=bind,ou=service_users,dc=example,dc=com
  1769. bindpw: secret
  1770. uri: ldap://127.0.0.1
  1771. base: ou=users,dc=example,dc=com
  1772. ldap_version: 3
  1773. pagesize: 65536
  1774. referrals: off
  1775. filter:
  1776. passwd: (&(&(objectClass=person)(uidNumber=*))(unixHomeDirectory=*))
  1777. shadow: (&(&(objectClass=person)(uidNumber=*))(unixHomeDirectory=*))
  1778. group: (&(objectClass=group)(gidNumber=*))
  1779. Disabled multipath (the default setup):
  1780. .. code-block:: yaml
  1781. parameters:
  1782. linux:
  1783. storage:
  1784. multipath:
  1785. enabled: false
  1786. Linux with local loopback device:
  1787. .. code-block:: yaml
  1788. linux:
  1789. storage:
  1790. loopback:
  1791. disk1:
  1792. file: /srv/disk1
  1793. size: 50G
  1794. External config generation
  1795. --------------------------
  1796. You are able to use config support metadata between formulas
  1797. and only generate configuration files for external use, for example, Docker, and so on.
  1798. .. code-block:: yaml
  1799. parameters:
  1800. linux:
  1801. system:
  1802. config:
  1803. pillar:
  1804. jenkins:
  1805. master:
  1806. home: /srv/volumes/jenkins
  1807. approved_scripts:
  1808. - method java.net.URL openConnection
  1809. credentials:
  1810. - type: username_password
  1811. scope: global
  1812. id: test
  1813. desc: Testing credentials
  1814. username: test
  1815. password: test
  1816. Netconsole Remote Kernel Logging
  1817. --------------------------------
  1818. Netconsole logger can be configured for the configfs-enabled kernels
  1819. (``CONFIG_NETCONSOLE_DYNAMIC`` must be enabled). The configuration
  1820. applies both in runtime (if network is already configured),
  1821. and on-boot after an interface initialization.
  1822. .. note::
  1823. * Receiver can be located only on the same L3 domain
  1824. (or you need to configure gateway MAC manually).
  1825. * The Receiver MAC is detected only on configuration time.
  1826. * Using broadcast MAC is not recommended.
  1827. .. code-block:: yaml
  1828. parameters:
  1829. linux:
  1830. system:
  1831. netconsole:
  1832. enabled: true
  1833. port: 514 (optional)
  1834. loglevel: debug (optional)
  1835. target:
  1836. 192.168.0.1:
  1837. interface: bond0
  1838. mac: "ff:ff:ff:ff:ff:ff" (optional)
  1839. Check network params on the environment
  1840. ---------------------------------------
  1841. Grab nics and nics states
  1842. .. code-block:: bash
  1843. salt osd001\* net_checks.get_nics
  1844. **Example of system output:**
  1845. .. code-block:: bash
  1846. osd001.domain.com:
  1847. |_
  1848. - bond0
  1849. - None
  1850. - 1e:c8:64:42:23:b9
  1851. - 0
  1852. - 1500
  1853. |_
  1854. - bond1
  1855. - None
  1856. - 3c:fd:fe:27:3b:00
  1857. - 1
  1858. - 9100
  1859. |_
  1860. - fourty1
  1861. - None
  1862. - 3c:fd:fe:27:3b:00
  1863. - 1
  1864. - 9100
  1865. |_
  1866. - fourty2
  1867. - None
  1868. - 3c:fd:fe:27:3b:02
  1869. - 1
  1870. - 9100
  1871. Grab 10G nics PCI addresses for hugepages setup
  1872. .. code-block:: bash
  1873. salt cmp001\* net_checks.get_ten_pci
  1874. **Example of system output:**
  1875. .. code-block:: bash
  1876. cmp001.domain.com:
  1877. |_
  1878. - ten1
  1879. - 0000:19:00.0
  1880. |_
  1881. - ten2
  1882. - 0000:19:00.1
  1883. |_
  1884. - ten3
  1885. - 0000:19:00.2
  1886. |_
  1887. - ten4
  1888. - 0000:19:00.3
  1889. Grab ip address for an interface
  1890. .. code-block:: bash
  1891. salt cmp001\* net_checks.get_ip iface=one4
  1892. **Example of system output:**
  1893. .. code-block:: bash
  1894. cmp001.domain.com:
  1895. 10.200.177.101
  1896. Grab ip addresses map
  1897. .. code-block:: bash
  1898. salt-call net_checks.nodes_addresses
  1899. **Example of system output:**
  1900. .. code-block:: bash
  1901. local:
  1902. |_
  1903. - cid01.domain.com
  1904. |_
  1905. |_
  1906. - pxe
  1907. - 10.200.177.91
  1908. |_
  1909. - control
  1910. - 10.200.178.91
  1911. |_
  1912. - cmn02.domain.com
  1913. |_
  1914. |_
  1915. - storage_access
  1916. - 10.200.181.67
  1917. |_
  1918. - pxe
  1919. - 10.200.177.67
  1920. |_
  1921. - control
  1922. - 10.200.178.67
  1923. |_
  1924. - cmp010.domain.com
  1925. |_
  1926. |_
  1927. - pxe
  1928. - 10.200.177.110
  1929. |_
  1930. - storage_access
  1931. - 10.200.181.110
  1932. |_
  1933. - control
  1934. - 10.200.178.110
  1935. |_
  1936. - vxlan
  1937. - 10.200.179.110
  1938. Verify full mesh connectivity
  1939. .. code-block:: bash
  1940. salt-call net_checks.ping_check
  1941. **Example of positive system output:**
  1942. .. code-block:: bash
  1943. ['PASSED']
  1944. [INFO ] ['PASSED']
  1945. local:
  1946. True
  1947. **Example of system output in case of failure:**
  1948. .. code-block:: bash
  1949. FAILED
  1950. [ERROR ] FAILED
  1951. ['control: 10.0.1.92 -> 10.0.1.224: Failed']
  1952. ['control: 10.0.1.93 -> 10.0.1.224: Failed']
  1953. ['control: 10.0.1.51 -> 10.0.1.224: Failed']
  1954. ['control: 10.0.1.102 -> 10.0.1.224: Failed']
  1955. ['control: 10.0.1.13 -> 10.0.1.224: Failed']
  1956. ['control: 10.0.1.81 -> 10.0.1.224: Failed']
  1957. local:
  1958. False
  1959. For this feature to work, please mark addresses with some role.
  1960. Otherwise 'default' role is assumed and mesh would consist of all
  1961. addresses on the environment.
  1962. Mesh mark is needed only for interfaces which are enabled and have
  1963. ip address assigned.
  1964. Checking dhcp pxe network meaningless, as it is used for salt
  1965. master vs minion communications, therefore treated as checked.
  1966. .. code-block:: yaml
  1967. parameters:
  1968. linux:
  1969. network:
  1970. interface:
  1971. ens3:
  1972. enabled: true
  1973. type: eth
  1974. proto: static
  1975. address: ${_param:deploy_address}
  1976. netmask: ${_param:deploy_network_netmask}
  1977. gateway: ${_param:deploy_network_gateway}
  1978. mesh: pxe
  1979. Check pillars for ip address duplicates
  1980. .. code-block:: bash
  1981. salt-call net_checks.verify_addresses
  1982. **Example of positive system output:**
  1983. .. code-block:: bash
  1984. ['PASSED']
  1985. [INFO ] ['PASSED']
  1986. local:
  1987. True
  1988. **Example of system output in case of failure:**
  1989. .. code-block:: bash
  1990. FAILED. Duplicates found
  1991. [ERROR ] FAILED. Duplicates found
  1992. ['gtw01.domain.com', 'gtw02.domain.com', '10.0.1.224']
  1993. [ERROR ] ['gtw01.domain.com', 'gtw02.domain.com', '10.0.1.224']
  1994. local:
  1995. False
  1996. Generate csv report for the env
  1997. .. code-block:: bash
  1998. salt -C 'kvm* or cmp* or osd*' net_checks.get_nics_csv \
  1999. | grep '^\ ' | sed 's/\ *//g' | grep -Ev ^server \
  2000. | sed '1 i\server,nic_name,ip_addr,mac_addr,link,mtu,chassis_id,chassis_name,port_mac,port_descr'
  2001. **Example of system output:**
  2002. .. code-block:: bash
  2003. server,nic_name,ip_addr,mac_addr,link,mtu,chassis_id,chassis_name,port_mac,port_descr
  2004. cmp010.domain.com,bond0,None,b4:96:91:10:5b:3a,1,1500,,,,
  2005. cmp010.domain.com,bond0.21,10.200.178.110,b4:96:91:10:5b:3a,1,1500,,,,
  2006. cmp010.domain.com,bond0.22,10.200.179.110,b4:96:91:10:5b:3a,1,1500,,,,
  2007. cmp010.domain.com,bond1,None,3c:fd:fe:34:ad:22,0,1500,,,,
  2008. cmp010.domain.com,bond1.24,10.200.181.110,3c:fd:fe:34:ad:22,0,1500,,,,
  2009. cmp010.domain.com,fourty5,None,3c:fd:fe:34:ad:20,0,9000,,,,
  2010. cmp010.domain.com,fourty6,None,3c:fd:fe:34:ad:22,0,9000,,,,
  2011. cmp010.domain.com,one1,None,b4:96:91:10:5b:38,0,1500,,,,
  2012. cmp010.domain.com,one2,None,b4:96:91:10:5b:39,1,1500,f0:4b:3a:8f:75:40,exnfvaa18-20,548,ge-0/0/22
  2013. cmp010.domain.com,one3,None,b4:96:91:10:5b:3a,1,1500,f0:4b:3a:8f:75:40,exnfvaa18-20,547,ge-0/0/21
  2014. cmp010.domain.com,one4,10.200.177.110,b4:96:91:10:5b:3b,1,1500,f0:4b:3a:8f:75:40,exnfvaa18-20,546,ge-0/0/20
  2015. cmp011.domain.com,bond0,None,b4:96:91:13:6c:aa,1,1500,,,,
  2016. cmp011.domain.com,bond0.21,10.200.178.111,b4:96:91:13:6c:aa,1,1500,,,,
  2017. cmp011.domain.com,bond0.22,10.200.179.111,b4:96:91:13:6c:aa,1,1500,,,,
  2018. ...
  2019. Usage
  2020. =====
  2021. Set MTU of the eth0 network interface to 1400:
  2022. .. code-block:: bash
  2023. ip link set dev eth0 mtu 1400
  2024. Read more
  2025. =========
  2026. * https://www.archlinux.org/
  2027. * http://askubuntu.com/questions/175172/how-do-i-configure-proxies-in-ubuntu-server-or-minimal-cli-ubuntu
  2028. Documentation and Bugs
  2029. ======================
  2030. * http://salt-formulas.readthedocs.io/
  2031. Learn how to install and update salt-formulas.
  2032. * https://github.com/salt-formulas/salt-formula-linux/issues
  2033. In the unfortunate event that bugs are discovered, report the issue to the
  2034. appropriate issue tracker. Use the Github issue tracker for a specific salt
  2035. formula.
  2036. * https://launchpad.net/salt-formulas
  2037. For feature requests, bug reports, or blueprints affecting the entire
  2038. ecosystem, use the Launchpad salt-formulas project.
  2039. * https://launchpad.net/~salt-formulas-users
  2040. Join the salt-formulas-users team and subscribe to mailing list if required.
  2041. * https://github.com/salt-formulas/salt-formula-linux
  2042. Develop the salt-formulas projects in the master branch and then submit pull
  2043. requests against a specific formula.
  2044. * #salt-formulas @ irc.freenode.net
  2045. Use this IRC channel in case of any questions or feedback which is always
  2046. welcome.