New version of salt-formula from Saltstack
Você não pode selecionar mais de 25 tópicos Os tópicos devem começar com uma letra ou um número, podem incluir traços ('-') e podem ter até 35 caracteres.

9 anos atrás
9 anos atrás
9 anos atrás
9 anos atrás
9 anos atrás
9 anos atrás
9 anos atrás
9 anos atrás
9 anos atrás
9 anos atrás
8 anos atrás
8 anos atrás
9 anos atrás
9 anos atrás
9 anos atrás
9 anos atrás
8 anos atrás
9 anos atrás
6 anos atrás
6 anos atrás
6 anos atrás
6 anos atrás
6 anos atrás
6 anos atrás
6 anos atrás
6 anos atrás
6 anos atrás
6 anos atrás
6 anos atrás
8 anos atrás
8 anos atrás
8 anos atrás
8 anos atrás
8 anos atrás
9 anos atrás
9 anos atrás
9 anos atrás
9 anos atrás
9 anos atrás
9 anos atrás
9 anos atrás
9 anos atrás
9 anos atrás
9 anos atrás
9 anos atrás
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014
  1. =====
  2. Usage
  3. =====
  4. Salt is a new approach to infrastructure management. Easy enough to get
  5. running in minutes, scalable enough to manage tens of thousands of servers,
  6. and fast enough to communicate with them in seconds.
  7. Salt delivers a dynamic communication bus for infrastructures that can be used
  8. for orchestration, remote execution, configuration management and much more.
  9. Sample Metadata
  10. ===============
  11. Salt Master
  12. -----------
  13. Salt master with base formulas and pillar metadata back end:
  14. .. literalinclude:: tests/pillar/master_single_pillar.sls
  15. :language: yaml
  16. Salt master with reclass ENC metadata back end:
  17. .. literalinclude:: tests/pillar/master_single_reclass.sls
  18. :language: yaml
  19. Salt master with Architect ENC metadata back end:
  20. .. code-block:: yaml
  21. salt:
  22. master:
  23. enabled: true
  24. pillar:
  25. engine: architect
  26. project: project-name
  27. host: architect-api
  28. port: 8181
  29. username: salt
  30. password: password
  31. Salt master with multiple ``ext_pillars``:
  32. .. code-block:: yaml
  33. salt:
  34. master:
  35. enabled: true
  36. pillar:
  37. engine: salt
  38. source:
  39. engine: local
  40. ext_pillars:
  41. 1:
  42. module: cmd_json
  43. params: '"echo {\"arg\": \"val\"}"'
  44. 2:
  45. module: cmd_yaml
  46. params: /usr/local/bin/get_yml.sh
  47. Salt master with API:
  48. .. literalinclude:: tests/pillar/master_api.sls
  49. :language: yaml
  50. Salt master with defined user ACLs:
  51. .. literalinclude:: tests/pillar/master_acl.sls
  52. :language: yaml
  53. Salt master with preset minions:
  54. .. code-block:: yaml
  55. salt:
  56. master:
  57. enabled: true
  58. minions:
  59. - name: 'node1.system.location.domain.com'
  60. Salt master with pip based installation (optional):
  61. .. code-block:: yaml
  62. salt:
  63. master:
  64. enabled: true
  65. ...
  66. source:
  67. engine: pip
  68. version: 2016.3.0rc2
  69. Install formula through system package management:
  70. .. code-block:: yaml
  71. salt:
  72. master:
  73. enabled: true
  74. ...
  75. environment:
  76. prd:
  77. keystone:
  78. source: pkg
  79. name: salt-formula-keystone
  80. nova:
  81. source: pkg
  82. name: salt-formula-keystone
  83. version: 0.1+0~20160818133412.24~1.gbp6e1ebb
  84. postresql:
  85. source: pkg
  86. name: salt-formula-postgresql
  87. version: purged
  88. Formula keystone is installed latest version and the formulas
  89. without version are installed in one call to aptpkg module.
  90. If the version attribute is present sls iterates over formulas
  91. and take action to install specific version or remove it.
  92. The version attribute may have these values
  93. ``[latest|purged|removed|<VERSION>]``.
  94. Clone master branch of keystone formula as local feature branch:
  95. .. code-block:: yaml
  96. salt:
  97. master:
  98. enabled: true
  99. ...
  100. environment:
  101. dev:
  102. formula:
  103. keystone:
  104. source: git
  105. address: git@github.com:openstack/salt-formula-keystone.git
  106. revision: master
  107. branch: feature
  108. Salt master with specified formula refs (for example, for Gerrit
  109. review):
  110. .. code-block:: yaml
  111. salt:
  112. master:
  113. enabled: true
  114. ...
  115. environment:
  116. dev:
  117. formula:
  118. keystone:
  119. source: git
  120. address: https://git.openstack.org/openstack/salt-formula-keystone
  121. revision: refs/changes/56/123456/1
  122. Salt master logging configuration:
  123. .. code-block:: yaml
  124. salt:
  125. master:
  126. enabled: true
  127. log:
  128. level: warning
  129. file: '/var/log/salt/master'
  130. level_logfile: warning
  131. Salt minion logging configuration:
  132. .. code-block:: yaml
  133. salt:
  134. minion:
  135. enabled: true
  136. log:
  137. level: info
  138. file: '/var/log/salt/minion'
  139. level_logfile: warning
  140. Salt master with logging handlers:
  141. .. code-block:: yaml
  142. salt:
  143. master:
  144. enabled: true
  145. handler:
  146. handler01:
  147. engine: udp
  148. bind:
  149. host: 127.0.0.1
  150. port: 9999
  151. minion:
  152. handler:
  153. handler01:
  154. engine: udp
  155. bind:
  156. host: 127.0.0.1
  157. port: 9999
  158. handler02:
  159. engine: zmq
  160. bind:
  161. host: 127.0.0.1
  162. port: 9999
  163. Salt engine definition for saltgraph metadata collector:
  164. .. code-block:: yaml
  165. salt:
  166. master:
  167. engine:
  168. graph_metadata:
  169. engine: saltgraph
  170. host: 127.0.0.1
  171. port: 5432
  172. user: salt
  173. password: salt
  174. database: salt
  175. Salt engine definition for Architect service:
  176. .. code-block:: yaml
  177. salt:
  178. master:
  179. engine:
  180. architect:
  181. engine: architect
  182. project: project-name
  183. host: architect-api
  184. port: 8181
  185. username: salt
  186. password: password
  187. Salt engine definition for sending events from docker events:
  188. .. code-block:: yaml
  189. salt:
  190. master:
  191. engine:
  192. docker_events:
  193. docker_url: unix://var/run/docker.sock
  194. Salt master peer setup for remote certificate signing:
  195. .. code-block:: yaml
  196. salt:
  197. master:
  198. peer:
  199. ".*":
  200. - x509.sign_remote_certificate
  201. Salt master backup configuration:
  202. .. code-block:: yaml
  203. salt:
  204. master:
  205. backup: true
  206. initial_data:
  207. engine: backupninja
  208. home_dir: remote-backup-home-dir
  209. source: backup-node-host
  210. host: original-salt-master-id
  211. Configure verbosity of state output (used for :command:`salt`
  212. command):
  213. .. code-block:: yaml
  214. salt:
  215. master:
  216. state_output: changes
  217. Pass pillar render error to minion log:
  218. .. note:: When set to `False` this option is great for debuging.
  219. However it is not recomended for any production environment as it may contain
  220. templating data as passwords, and so on, that minion should not expose.
  221. .. code-block:: yaml
  222. salt:
  223. master:
  224. pillar_safe_render_error: False
  225. Enable Windows repository support:
  226. .. code-block:: yaml
  227. salt:
  228. master:
  229. win_repo:
  230. source: git
  231. address: https://github.com/saltstack/salt-winrepo-ng
  232. revision: master
  233. Configure a gitfs_remotes resource:
  234. .. code-block:: yaml
  235. salt:
  236. master:
  237. gitfs_remotes:
  238. salt_formula:
  239. url: https://github.com/salt-formulas/salt-formula-salt.git
  240. enabled: true
  241. params:
  242. base: master
  243. Read more about gitfs resource options in the official Salt documentation.
  244. Event/Reactor systems
  245. ~~~~~~~~~~~~~~~~~~~~~
  246. Salt to synchronize node pillar and modules after start:
  247. .. code-block:: yaml
  248. salt:
  249. master:
  250. reactor:
  251. salt/minion/*/start:
  252. - salt://salt/reactor/node_start.sls
  253. Trigger basic node install:
  254. .. code-block:: yaml
  255. salt:
  256. master:
  257. reactor:
  258. salt/minion/install:
  259. - salt://salt/reactor/node_install.sls
  260. Sample event to trigger the node installation:
  261. .. code-block:: bash
  262. salt-call event.send 'salt/minion/install'
  263. Run any defined orchestration pipeline:
  264. .. code-block:: yaml
  265. salt:
  266. master:
  267. reactor:
  268. salt/orchestrate/start:
  269. - salt://salt/reactor/orchestrate_start.sls
  270. Event to trigger the orchestration pipeline:
  271. .. code-block:: bash
  272. salt-call event.send 'salt/orchestrate/start' "{'orchestrate': 'salt/orchestrate/infra_install.sls'}"
  273. Synchronise modules and pillars on minion start:
  274. .. code-block:: yaml
  275. salt:
  276. master:
  277. reactor:
  278. 'salt/minion/*/start':
  279. - salt://salt/reactor/minion_start.sls
  280. Add and/or remove the minion key:
  281. .. code-block:: yaml
  282. salt:
  283. master:
  284. reactor:
  285. salt/key/create:
  286. - salt://salt/reactor/key_create.sls
  287. salt/key/remove:
  288. - salt://salt/reactor/key_remove.sls
  289. Event to trigger the key creation:
  290. .. code-block:: bash
  291. salt-call event.send 'salt/key/create' \
  292. > "{'node_id': 'id-of-minion', 'node_host': '172.16.10.100', 'orch_post_create': 'kubernetes.orchestrate.compute_install', 'post_create_pillar': {'node_name': 'id-of-minion'}}"
  293. .. note::
  294. You can add pass additional ``orch_pre_create``, ``orch_post_create``,
  295. ``orch_pre_remove`` or ``orch_post_remove`` parameters to the event
  296. to call extra orchestrate files. This can be useful for example for
  297. registering/unregistering nodes from the monitoring alarms or dashboards.
  298. The key creation event needs to be run from other machine than the one
  299. being registered.
  300. Event to trigger the key removal:
  301. .. code-block:: bash
  302. salt-call event.send 'salt/key/remove'
  303. Control VM provisioning:
  304. .. code-block:: yaml
  305. _param:
  306. private-ipv4: &private-ipv4
  307. - id: private-ipv4
  308. type: ipv4
  309. link: ens2
  310. netmask: 255.255.255.0
  311. routes:
  312. - gateway: 192.168.0.1
  313. netmask: 0.0.0.0
  314. network: 0.0.0.0
  315. virt:
  316. disk:
  317. three_disks:
  318. - system:
  319. size: 4096
  320. image: ubuntu.qcow
  321. - repository_snapshot:
  322. size: 8192
  323. image: snapshot.qcow
  324. - cinder-volume:
  325. size: 2048
  326. nic:
  327. control:
  328. - name: nic01
  329. bridge: br-pxe
  330. model: virtio
  331. - name: nic02
  332. bridge: br-cp
  333. model: virtio
  334. - name: nic03
  335. bridge: br-store-front
  336. model: virtio
  337. - name: nic04
  338. bridge: br-public
  339. model: virtio
  340. - name: nic05
  341. bridge: br-prv
  342. model: virtio
  343. virtualport:
  344. type: openvswitch
  345. salt:
  346. control:
  347. enabled: true
  348. virt_enabled: true
  349. size:
  350. medium_three_disks:
  351. cpu: 2
  352. ram: 4
  353. disk_profile: three_disks
  354. cluster:
  355. mycluster:
  356. domain: neco.virt.domain.com
  357. engine: virt
  358. # Cluster global settings
  359. rng: false
  360. enable_vnc: True
  361. seed: cloud-init
  362. cloud_init:
  363. user_data:
  364. disable_ec2_metadata: true
  365. resize_rootfs: True
  366. timezone: UTC
  367. ssh_deletekeys: True
  368. ssh_genkeytypes: ['rsa', 'dsa', 'ecdsa']
  369. ssh_svcname: ssh
  370. locale: en_US.UTF-8
  371. disable_root: true
  372. apt_preserve_sources_list: false
  373. apt:
  374. sources_list: ""
  375. sources:
  376. ubuntu.list:
  377. source: ${linux:system:repo:ubuntu:source}
  378. mcp_saltstack.list:
  379. source: ${linux:system:repo:mcp_saltstack:source}
  380. node:
  381. ubuntu1:
  382. provider: node01.domain.com
  383. image: ubuntu.qcow
  384. size: medium
  385. img_dest: /var/lib/libvirt/ssdimages
  386. # Node settings override cluster global ones
  387. enable_vnc: False
  388. rng:
  389. backend: /dev/urandom
  390. model: random
  391. rate:
  392. period: '1800'
  393. bytes: '1500'
  394. # Custom per-node loader definition (e.g. for AArch64 UEFI)
  395. loader:
  396. readonly: yes
  397. type: pflash
  398. path: /usr/share/AAVMF/AAVMF_CODE.fd
  399. machine: virt-2.11 # Custom per-node virt machine type
  400. cpu_mode: host-passthrough
  401. cpuset: '1-4'
  402. mac:
  403. nic01: AC:DE:48:AA:AA:AA
  404. nic02: AC:DE:48:AA:AA:BB
  405. # netconfig affects: hostname during boot
  406. # manual interfaces configuration
  407. cloud_init:
  408. network_data:
  409. networks:
  410. - <<: *private-ipv4
  411. ip_address: 192.168.0.161
  412. user_data:
  413. salt_minion:
  414. conf:
  415. master: 10.1.1.1
  416. ubuntu2:
  417. seed: qemu-nbd
  418. cloud_init:
  419. enabled: false
  420. There are two methods to seed an initial Salt minion configuration to
  421. Libvirt VMs: mount a disk and update a filesystem or create a ConfigDrive with
  422. a Cloud-init config. This is controlled by the "seed" parameter on cluster and
  423. node levels. When set to _True_ or "qemu-nbd", the old method of mounting a disk
  424. will be used. When set to "cloud-init", the new method will be used. When set
  425. to _False_, no seeding will happen. The default value is _True_, meaning
  426. the "qemu-nbd" method will be used. This is done for backward compatibility
  427. and may be changed in future.
  428. The recommended method is to use Cloud-init.
  429. It's controlled by the "cloud_init" dictionary on cluster and node levels.
  430. Node level parameters are merged on top of cluster level parameters.
  431. The Salt Minion config is populated automatically based on a VM name and config
  432. settings of the minion who is actually executing a state. To override them,
  433. add the "salt_minion" section into the "user_data" section as shown above.
  434. It is possible to disable Cloud-init by setting "cloud_init.enabled" to _False_.
  435. To enable Redis plugin for the Salt caching subsystem, use the
  436. below pillar structure:
  437. .. code-block:: yaml
  438. salt:
  439. master:
  440. cache:
  441. plugin: redis
  442. host: localhost
  443. port: 6379
  444. db: '0'
  445. password: pass_word
  446. bank_prefix: 'MCP'
  447. bank_keys_prefix: 'MCPKEY'
  448. key_prefix: 'KEY'
  449. separator: '@'
  450. Jinja options
  451. -------------
  452. Use the following options to update default Jinja renderer options.
  453. Salt recognize Jinja options for templates and for the ``sls`` files.
  454. For full list of options, see Jinja documentation:
  455. http://jinja.pocoo.org/docs/api/#high-level-api
  456. .. code-block:: yaml
  457. salt:
  458. renderer:
  459. # for templates
  460. jinja: &jina_env
  461. # Default Jinja environment options
  462. block_start_string: '{%'
  463. block_end_string: '%}'
  464. variable_start_string: '{{'
  465. variable_end_string: '}}'
  466. comment_start_string: '{#'
  467. comment_end_string: '#}'
  468. keep_trailing_newline: False
  469. newline_sequence: '\n'
  470. # Next two are enabled by default in Salt
  471. trim_blocks: True
  472. lstrip_blocks: True
  473. # Next two are not enabled by default in Salt
  474. # but worth to consider to enable in future for salt-formulas
  475. line_statement_prefix: '%'
  476. line_comment_prefix: '##'
  477. # for .sls state files
  478. jinja_sls: *jinja_env
  479. With the ``line_statement/comment* _prefix`` options enabled following
  480. code statements are valid:
  481. .. code-block:: yaml
  482. %- set myvar = 'one'
  483. ## You can mix even with '{%'
  484. {%- set myvar = 'two' %} ## comment
  485. %- set mylist = ['one', 'two', 'three'] ## comment
  486. ## comment
  487. %- for item in mylist: ## comment
  488. {{- item }}
  489. %- endfor
  490. Encrypted pillars
  491. ~~~~~~~~~~~~~~~~~
  492. .. note:: NACL and the below configuration will be available in Salt > 2017.7.
  493. External resources:
  494. - Tutorial to configure the Salt and Reclass ``ext_pillar`` and NACL:
  495. http://apealive.net/post/2017-09-salt-nacl-ext-pillar/
  496. - SaltStack documentation:
  497. https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.nacl.html
  498. Configure salt NACL module:
  499. .. code-block:: bash
  500. pip install --upgrade libnacl===1.5.2
  501. salt-call --local nacl.keygen /etc/salt/pki/master/nacl
  502. local:
  503. saved sk_file:/etc/salt/pki/master/nacl pk_file: /etc/salt/pki/master/nacl.pub
  504. .. code-block:: yaml
  505. salt:
  506. master:
  507. pillar:
  508. reclass: *reclass
  509. nacl:
  510. index: 99
  511. nacl:
  512. box_type: sealedbox
  513. sk_file: /etc/salt/pki/master/nacl
  514. pk_file: /etc/salt/pki/master/nacl.pub
  515. #sk: None
  516. #pk: None
  517. NACL encrypt secrets:
  518. .. code-block:: bash
  519. salt-call --local nacl.enc 'my_secret_value' pk_file=/etc/salt/pki/master/nacl.pub
  520. hXTkJpC1hcKMS7yZVGESutWrkvzusXfETXkacSklIxYjfWDlMJmR37MlmthdIgjXpg4f2AlBKb8tc9Woma7q
  521. # or
  522. salt-run nacl.enc 'myotherpass'
  523. ADDFD0Rav6p6+63sojl7Htfrncp5rrDVyeE4BSPO7ipq8fZuLDIVAzQLf4PCbDqi+Fau5KD3/J/E+Pw=
  524. NACL encrypted values on pillar:
  525. Use Boxed syntax `NACL[CryptedValue=]` to encode value on pillar:
  526. .. code-block:: yaml
  527. my_pillar:
  528. my_nacl:
  529. key0: unencrypted_value
  530. key1: NACL[hXTkJpC1hcKMS7yZVGESutWrkvzusXfETXkacSklIxYjfWDlMJmR37MlmthdIgjXpg4f2AlBKb8tc9Woma7q]
  531. NACL large files:
  532. .. code-block:: bash
  533. salt-call nacl.enc_file /tmp/cert.crt out=/srv/salt/env/dev/cert.nacl
  534. # or more advanced
  535. cert=$(cat /tmp/cert.crt)
  536. salt-call --out=newline_values_only nacl.enc_pub data="$cert" > /srv/salt/env/dev/cert.nacl
  537. NACL within template/native pillars:
  538. .. code-block:: yaml
  539. pillarexample:
  540. user: root
  541. password1: {{salt.nacl.dec('DRB7Q6/X5gGSRCTpZyxS6hlbWj0llUA+uaVyvou3vJ4=')|json}}
  542. cert_key: {{salt.nacl.dec_file('/srv/salt/env/dev/certs/example.com/cert.nacl')|json}}
  543. cert_key2: {{salt.nacl.dec_file('salt:///certs/example.com/cert2.nacl')|json}}
  544. Salt Syndic
  545. -----------
  546. The master of masters:
  547. .. code-block:: yaml
  548. salt:
  549. master:
  550. enabled: true
  551. order_masters: True
  552. Lower syndicated master:
  553. .. code-block:: yaml
  554. salt:
  555. syndic:
  556. enabled: true
  557. master:
  558. host: master-of-master-host
  559. timeout: 5
  560. Syndicated master with multiple master of masters:
  561. .. code-block:: yaml
  562. salt:
  563. syndic:
  564. enabled: true
  565. masters:
  566. - host: master-of-master-host1
  567. - host: master-of-master-host2
  568. timeout: 5
  569. Dynamic DNS configuration
  570. -------------------------
  571. Salt master can register minions in DNS server using DDNS (dynamic DNS)
  572. update mechanism via salt.runners.ddns module. DNS server with dynamic
  573. updates allowed is required. Authorization via {tsig-key} is available.
  574. Recommended is DNS server configured via salt-formula-bind.
  575. Mechanism uses event-reactor system.
  576. Master pillar:
  577. .. code-block:: yaml
  578. salt:
  579. master:
  580. ddns:
  581. enabled: True
  582. keys:
  583. key: <tsig-key>
  584. name: <tsig-key-name>
  585. reactor:
  586. dns/node/register:
  587. - salt://salt/reactor/ddns_node_register.sls
  588. dns/static/records:
  589. - salt://salt/reactor/ddns_static_records.sls
  590. Minion pillar:
  591. .. code-block:: yaml
  592. salt:
  593. minion:
  594. ddns:
  595. server: <dns-server-ip>
  596. keyname: <tsig-key-name>
  597. ttl: 300
  598. dns_static:
  599. zone.example.com:
  600. - name: appname
  601. type: CNAME
  602. value: appserver01
  603. Manual calling:
  604. .. code-block:: bash
  605. # Minion register
  606. salt '*' state.apply salt.minion.dns_register
  607. #
  608. # Static DNS records
  609. salt '*' state.apply salt.minion.dns_static
  610. Salt Minion
  611. -----------
  612. Minion ID by default triggers dependency on Linux formula, as it uses fqdn
  613. configured from `linux.system.name` and `linux.system.domain` pillar.
  614. To override, provide exact minion ID you require. The same can be set for
  615. master ID rendered at ``master.conf``.
  616. .. code-block:: yaml
  617. salt:
  618. minion:
  619. id: minion1.production
  620. master:
  621. id: master.production
  622. Simplest Salt minion setup with central configuration node:
  623. .. literalinclude:: tests/pillar/minion_master.sls
  624. :language: yaml
  625. Multi-master Salt minion setup:
  626. .. literalinclude:: tests/pillar/minion_multi_master.sls
  627. :language: yaml
  628. Salt minion with salt mine options:
  629. .. literalinclude:: tests/pillar/minion_mine.sls
  630. :language: yaml
  631. Salt minion with graphing dependencies:
  632. .. literalinclude:: tests/pillar/minion_graph.sls
  633. :language: yaml
  634. Salt minion behind HTTP proxy:
  635. .. code-block:: yaml
  636. salt:
  637. minion:
  638. proxy:
  639. host: 127.0.0.1
  640. port: 3128
  641. Salt minion to specify non-default HTTP backend. The default
  642. tornado backend does not respect HTTP proxy settings set as
  643. environment variables. This is useful for cases where you need
  644. to set no_proxy lists.
  645. .. code-block:: yaml
  646. salt:
  647. minion:
  648. backend: urllib2
  649. Salt minion with PKI certificate authority (CA):
  650. .. literalinclude:: tests/pillar/minion_pki_ca.sls
  651. :language: yaml
  652. Salt minion using PKI certificate
  653. .. literalinclude:: tests/pillar/minion_pki_cert.sls
  654. :language: yaml
  655. Salt minion trust CA certificates issued by salt CA on a
  656. specific host (ie: salt-master node):
  657. .. code-block:: yaml
  658. salt:
  659. minion:
  660. trusted_ca_minions:
  661. - cfg01
  662. Salt Minion Proxy
  663. ~~~~~~~~~~~~~~~~~
  664. Salt proxy pillar:
  665. .. code-block:: yaml
  666. salt:
  667. minion:
  668. proxy_minion:
  669. master: localhost
  670. device:
  671. vsrx01.mydomain.local:
  672. enabled: true
  673. engine: napalm
  674. csr1000v.mydomain.local:
  675. enabled: true
  676. engine: napalm
  677. .. note:: This is pillar of the the real salt-minion
  678. Proxy pillar for IOS device:
  679. .. code-block:: yaml
  680. proxy:
  681. proxytype: napalm
  682. driver: ios
  683. host: csr1000v.mydomain.local
  684. username: root
  685. passwd: r00tme
  686. .. note:: This is pillar of the node thats not able to run
  687. salt-minion itself.
  688. Proxy pillar for JunOS device:
  689. .. code-block:: yaml
  690. proxy:
  691. proxytype: napalm
  692. driver: junos
  693. host: vsrx01.mydomain.local
  694. username: root
  695. passwd: r00tme
  696. optional_args:
  697. config_format: set
  698. .. note:: This pillar applies to the node that can not run
  699. salt-minion itself.
  700. Salt SSH
  701. ~~~~~~~~
  702. Salt SSH with sudoer using key:
  703. .. literalinclude:: tests/pillar/master_ssh_minion_key.sls
  704. :language: yaml
  705. Salt SSH with sudoer using password:
  706. .. literalinclude:: tests/pillar/master_ssh_minion_password.sls
  707. :language: yaml
  708. Salt SSH with root using password:
  709. .. literalinclude:: tests/pillar/master_ssh_minion_root.sls
  710. :language: yaml
  711. Salt control (cloud/kvm/docker)
  712. -------------------------------
  713. Salt cloud with local OpenStack provider:
  714. .. literalinclude:: tests/pillar/control_cloud_openstack.sls
  715. :language: yaml
  716. Salt cloud with Digital Ocean provider:
  717. .. literalinclude:: tests/pillar/control_cloud_digitalocean.sls
  718. :language: yaml
  719. Salt virt with KVM cluster:
  720. .. literalinclude:: tests/pillar/control_virt.sls
  721. :language: yaml
  722. Salt virt with custom destination for image file:
  723. .. literalinclude:: tests/pillar/control_virt_custom.sls
  724. :language: yaml
  725. Usage
  726. =====
  727. Working with salt-cloud:
  728. .. code-block:: bash
  729. salt-cloud -m /path/to/map --assume-yes
  730. Debug LIBCLOUD for salt-cloud connection:
  731. .. code-block:: bash
  732. export LIBCLOUD_DEBUG=/dev/stderr; salt-cloud --list-sizes provider_name --log-level all
  733. Read more
  734. =========
  735. * http://salt.readthedocs.org/en/latest/
  736. * https://github.com/DanielBryan/salt-state-graph
  737. * http://karlgrz.com/testing-salt-states-rapidly-with-docker/
  738. * https://mywushublog.com/2013/03/configuration-management-with-salt-stack/
  739. * http://russell.ballestrini.net/replace-the-nagios-scheduler-and-nrpe-with-salt-stack/
  740. * https://github.com/saltstack-formulas/salt-formula
  741. * http://docs.saltstack.com/en/latest/topics/tutorials/multimaster.html
  742. salt-cloud
  743. ----------
  744. * http://www.blog.sandro-mathys.ch/2013/07/setting-user-password-when-launching.html
  745. * http://cloudinit.readthedocs.org/en/latest/topics/examples.html
  746. * http://salt-cloud.readthedocs.org/en/latest/topics/install/index.html
  747. * http://docs.saltstack.com/topics/cloud/digitalocean.html
  748. * http://salt-cloud.readthedocs.org/en/latest/topics/rackspace.html
  749. * http://salt-cloud.readthedocs.org/en/latest/topics/map.html
  750. * http://docs.saltstack.com/en/latest/topics/tutorials/multimaster.html
  751. Documentation and Bugs
  752. ======================
  753. * http://salt-formulas.readthedocs.io/
  754. Learn how to install and update salt-formulas
  755. * https://github.com/salt-formulas/salt-formula-salt/issues
  756. In the unfortunate event that bugs are discovered, report the issue to the
  757. appropriate issue tracker. Use the Github issue tracker for a specific salt
  758. formula
  759. * https://launchpad.net/salt-formulas
  760. For feature requests, bug reports, or blueprints affecting the entire
  761. ecosystem, use the Launchpad salt-formulas project
  762. * https://launchpad.net/~salt-formulas-users
  763. Join the salt-formulas-users team and subscribe to mailing list if required
  764. * https://github.com/salt-formulas/salt-formula-salt
  765. Develop the salt-formulas projects in the master branch and then submit pull
  766. requests against a specific formula
  767. * #salt-formulas @ irc.freenode.net
  768. Use this IRC channel in case of any questions or feedback which is always
  769. welcome