ExternalMirrors
/
salt-formula
miroir de https://github.com/salt-formulas/salt-formula-salt
Suivre 1
Ajouter aux favoris 0
Bifurcation 0
Code Tickets 0 Versions 7 Wiki Activité
New version of salt-formula from Saltstack
Vous ne pouvez pas sélectionner plus de 25 sujets Les noms de sujets doivent commencer par une lettre ou un nombre, peuvent contenir des tirets ('-') et peuvent comporter jusqu'à 35 caractères.
330 Révisions
26 Branches
Aborescence: 7ee2340ea8
Branches Tags
${ item.name }
Créer la branche ${ searchTerm }
de '7ee2340ea8'
${ noResults }
salt-formula/README.rst

README.rst 18KB
Brut Vue normale Historique

Initial commit
il y a 9 ans
Reactor system, documentation fixes Change-Id: Ic64656c6fc3d4f561226d884b8bfb535dd537e14
il y a 7 ans
Initial commit
il y a 9 ans
Reactor system, documentation fixes Change-Id: Ic64656c6fc3d4f561226d884b8bfb535dd537e14
il y a 7 ans
Initial commit
il y a 9 ans
Reactor system, documentation fixes Change-Id: Ic64656c6fc3d4f561226d884b8bfb535dd537e14
il y a 7 ans
Initial commit
il y a 9 ans
Normalized documentation Change-Id: Idf6a88ca1ac0b6b5fd3976f2e27d8cb24d7a1b3d
il y a 7 ans
Initial commit
il y a 9 ans
Reactor system, documentation fixes Change-Id: Ic64656c6fc3d4f561226d884b8bfb535dd537e14
il y a 7 ans
Initial commit
il y a 9 ans
Provisioning overhaul
il y a 9 ans
Initial commit
il y a 9 ans
Reactor system, documentation fixes Change-Id: Ic64656c6fc3d4f561226d884b8bfb535dd537e14
il y a 7 ans
Initial commit
il y a 9 ans
Provisioning overhaul
il y a 9 ans
Initial commit
il y a 9 ans
SaltStack - Architect integration Change-Id: I96e16a3b203f9b3c9c150db1cb85e966bd14b573
il y a 7 ans
allow-multiple-ext-pillars-and-reclass-options Change-Id: I336b0825712218e2381e1654251765a24581da00
il y a 7 ans
Initial commit
il y a 9 ans
Pillar test data
il y a 8 ans
Salt ACL and API updates
il y a 8 ans
Pillar test data
il y a 8 ans
Initial commit
il y a 9 ans
Reactor system, documentation fixes Change-Id: Ic64656c6fc3d4f561226d884b8bfb535dd537e14
il y a 7 ans
Optional installation source - pip source:engine metadata created - defaults to pkg installation, pip installation alternative added
il y a 8 ans
Reactor system, documentation fixes Change-Id: Ic64656c6fc3d4f561226d884b8bfb535dd537e14
il y a 7 ans
Formula reset to specific refs (example: Gerrit review)
il y a 8 ans
version to be specified for salt formula
il y a 7 ans
Formula reset to specific refs (example: Gerrit review)
il y a 8 ans
version to be specified for salt formula
il y a 7 ans
Formula reset to specific refs (example: Gerrit review)
il y a 8 ans
Reactor system, documentation fixes Change-Id: Ic64656c6fc3d4f561226d884b8bfb535dd537e14
il y a 7 ans
Initial commit
il y a 9 ans
Provisioning overhaul
il y a 9 ans
Initial commit
il y a 9 ans
Provisioning overhaul
il y a 9 ans
Add support for salt master engines Change-Id: Ic9decbeaf57e9aba2f95c3dd616393dc32763fcc
il y a 7 ans
SaltStack - Architect integration Change-Id: I96e16a3b203f9b3c9c150db1cb85e966bd14b573
il y a 7 ans
Add support for salt master engines Change-Id: Ic9decbeaf57e9aba2f95c3dd616393dc32763fcc
il y a 7 ans
Reactor system, documentation fixes Change-Id: Ic64656c6fc3d4f561226d884b8bfb535dd537e14
il y a 7 ans
remote peer sign
il y a 8 ans
Initial commit
il y a 9 ans
Backup and restore of Salt master's state: pki and generated metadata Change-Id: I5c88d22589ec1fa6a9806c1a625b752dd4fc8b54
il y a 7 ans
parametrize backup server side dir PROD-18191 Change-Id: I15c2cc66f0c0010408863b46c0dccf84730f31d9
il y a 7 ans
Backup and restore of Salt master's state: pki and generated metadata Change-Id: I5c88d22589ec1fa6a9806c1a625b752dd4fc8b54
il y a 7 ans
configure state_output This option can configure default output of state calls. Terse (default option) will make each call to be on single line and make salt output better. Change-Id: Id0987561e34a84fb26a796729d6ab3de3b9ae8e5
il y a 7 ans
set state_output to "changes" Terse output is not enough for debugging. Change-Id: Ida9a4ef0a2ad053fc370d3833d716d9e8d38d814
il y a 7 ans
configure state_output This option can configure default output of state calls. Terse (default option) will make each call to be on single line and make salt output better. Change-Id: Id0987561e34a84fb26a796729d6ab3de3b9ae8e5
il y a 7 ans
Normalized documentation Change-Id: Idf6a88ca1ac0b6b5fd3976f2e27d8cb24d7a1b3d
il y a 7 ans
allow-multiple-ext-pillars-and-reclass-options Change-Id: I336b0825712218e2381e1654251765a24581da00
il y a 7 ans
Orchestrates and reactors Change-Id: I9e48e113656dd9f1ce644e98650276b36e444009
il y a 7 ans
Reactor system, documentation fixes Change-Id: Ic64656c6fc3d4f561226d884b8bfb535dd537e14
il y a 7 ans
Orchestrates and reactors Change-Id: I9e48e113656dd9f1ce644e98650276b36e444009
il y a 7 ans
Reactor system, documentation fixes Change-Id: Ic64656c6fc3d4f561226d884b8bfb535dd537e14
il y a 7 ans
Orchestrates and reactors Change-Id: I9e48e113656dd9f1ce644e98650276b36e444009
il y a 7 ans
Minion key create/delete - reactors and orchestration pipelines Change-Id: I07e86cb5d132a83b2460deda08b8a7e65f379d33
il y a 7 ans
Salt orchestrate pipeline stars based on reactor triggers Change-Id: I3f8ada34bf7e6e356bf6805d98eb0fa4bd66d8d3
il y a 7 ans
Orchestrates and reactors Change-Id: I9e48e113656dd9f1ce644e98650276b36e444009
il y a 7 ans
Salt orchestrate pipeline stars based on reactor triggers Change-Id: I3f8ada34bf7e6e356bf6805d98eb0fa4bd66d8d3
il y a 7 ans
Orchestrates and reactors Change-Id: I9e48e113656dd9f1ce644e98650276b36e444009
il y a 7 ans
Salt orchestrate pipeline stars based on reactor triggers Change-Id: I3f8ada34bf7e6e356bf6805d98eb0fa4bd66d8d3
il y a 7 ans
Added support for sync modules and pillar after minion start Change-Id: Ia3b1e93e5f0b3da7097a285122d24c5b1d2b20e2
il y a 7 ans
Minion key create/delete - reactors and orchestration pipelines Change-Id: I07e86cb5d132a83b2460deda08b8a7e65f379d33
il y a 7 ans
Salt orchestrate pipeline stars based on reactor triggers Change-Id: I3f8ada34bf7e6e356bf6805d98eb0fa4bd66d8d3
il y a 7 ans
Minion key create/delete - reactors and orchestration pipelines Change-Id: I07e86cb5d132a83b2460deda08b8a7e65f379d33
il y a 7 ans
Salt orchestrate pipeline stars based on reactor triggers Change-Id: I3f8ada34bf7e6e356bf6805d98eb0fa4bd66d8d3
il y a 7 ans
Minion key create/delete - reactors and orchestration pipelines Change-Id: I07e86cb5d132a83b2460deda08b8a7e65f379d33
il y a 7 ans
Salt orchestrate pipeline stars based on reactor triggers Change-Id: I3f8ada34bf7e6e356bf6805d98eb0fa4bd66d8d3
il y a 7 ans
Salt reactor features refactoring Change-Id: Ifac3f5e03099e8190db0a3af62a7be1f762f87be
il y a 7 ans
Salt orchestrate pipeline stars based on reactor triggers Change-Id: I3f8ada34bf7e6e356bf6805d98eb0fa4bd66d8d3
il y a 7 ans
Minion key create/delete - reactors and orchestration pipelines Change-Id: I07e86cb5d132a83b2460deda08b8a7e65f379d33
il y a 7 ans
Reactor system, documentation fixes Change-Id: Ic64656c6fc3d4f561226d884b8bfb535dd537e14
il y a 7 ans
[Feature] libvirt xml: pass rng to vm [Fix] Doc Issue: - It is not possible to pass [R]andom [N]umber [G]enerator device to libvirt guest xml in order to control entropy. - Doc has no information on how to provision vms using salt Solution: - Pass rng parameters via kwargs from node: pillar Attach rng xml object to generated xml. - Provide with an example Prod-Related: PROD-19214 Customer-Found Change-Id: Iea111f2d927edf46f06bb7ccfad06d37b752fba9
il y a 6 ans
allow-multiple-ext-pillars-and-reclass-options Change-Id: I336b0825712218e2381e1654251765a24581da00
il y a 7 ans
Add support for jinja2 renderer options. (2018.2) Change-Id: Idf6c18597a222e6c1b60bf940eadb1d6d8a611c7
il y a 7 ans
Normalized documentation Change-Id: Idf6a88ca1ac0b6b5fd3976f2e27d8cb24d7a1b3d
il y a 7 ans
allow-multiple-ext-pillars-and-reclass-options Change-Id: I336b0825712218e2381e1654251765a24581da00
il y a 7 ans
Normalized documentation Change-Id: Idf6a88ca1ac0b6b5fd3976f2e27d8cb24d7a1b3d
il y a 7 ans
Reactor system, documentation fixes Change-Id: Ic64656c6fc3d4f561226d884b8bfb535dd537e14
il y a 7 ans
Normalized documentation Change-Id: Idf6a88ca1ac0b6b5fd3976f2e27d8cb24d7a1b3d
il y a 7 ans
salt-proxy Change-Id: I2aba1213b1dda46aee929b8ea583c41316e3eb0b
il y a 7 ans
proxy_minion fix Change-Id: I73a4a14734651f6483fae169a2290e9c5b377d76
il y a 7 ans
salt-proxy Change-Id: I2aba1213b1dda46aee929b8ea583c41316e3eb0b
il y a 7 ans
Salt-ssh support
il y a 8 ans
Normalized documentation Change-Id: Idf6a88ca1ac0b6b5fd3976f2e27d8cb24d7a1b3d
il y a 7 ans
Salt-ssh support
il y a 8 ans
Provisioning overhaul
il y a 9 ans
Initial commit
il y a 9 ans
Provisioning overhaul
il y a 9 ans
Initial commit
il y a 9 ans
Provisioning overhaul
il y a 9 ans
Initial commit
il y a 9 ans
Provisioning overhaul
il y a 9 ans
Initial commit
il y a 9 ans
Salt-ssh support
il y a 8 ans
Initial commit
il y a 9 ans
Provisioning overhaul
il y a 9 ans
Initial commit
il y a 9 ans
support for putting vm images in custom locations Change-Id: I685de4207f1f7f17264cc4ad2d81c3348ca20074
il y a 7 ans
Initial commit
il y a 9 ans
Provisioning overhaul
il y a 9 ans
Normalized documentation Change-Id: Idf6a88ca1ac0b6b5fd3976f2e27d8cb24d7a1b3d
il y a 7 ans
Initial commit
il y a 9 ans
Provisioning overhaul
il y a 9 ans
Initial commit
il y a 9 ans
Provisioning overhaul
il y a 9 ans
Unify Makefile, .gitignore and update readme
il y a 8 ans
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779 
  1. 

  2. ============

  3. Salt Formula

  4. ============

  5. 

  6. Salt is a new approach to infrastructure management. Easy enough to get

  7. running in minutes, scalable enough to manage tens of thousands of servers,

  8. and fast enough to communicate with them in seconds.

  9. 

  10. Salt delivers a dynamic communication bus for infrastructures that can be used

  11. for orchestration, remote execution, configuration management and much more.

  12. 

  13. 

  14. Sample Metadata

  15. ===============

  16. 

  17. 

  18. Salt Master

  19. -----------

  20. 

  21. Salt master with base formulas and pillar metadata backend

  22. 

  23. .. literalinclude:: tests/pillar/master_single_pillar.sls

  24.    :language: yaml

  25. 

  26. Salt master with reclass ENC metadata backend

  27. 

  28. .. literalinclude:: tests/pillar/master_single_reclass.sls

  29.    :language: yaml

  30. 

  31. Salt master with Architect ENC metadata backend

  32. 

  33. .. code-block:: yaml

  34. 

  35.     salt:

  36.       master:

  37.         enabled: true

  38.         pillar:

  39.           engine: architect

  40.           project: project-name

  41.           host: architect-api

  42.           port: 8181

  43.           username: salt

  44.           password: password

  45. 

  46. Salt master with multiple ext_pillars

  47. 

  48. .. literalinclude:: tests/pillar/master_single_extpillars.sls

  49.    :language: yaml

  50. 

  51. Salt master with API

  52. 

  53. .. literalinclude:: tests/pillar/master_api.sls

  54.    :language: yaml

  55. 

  56. Salt master with defined user ACLs

  57. 

  58. .. literalinclude:: tests/pillar/master_acl.sls

  59.    :language: yaml

  60. 

  61. Salt master with preset minions

  62. 

  63. .. code-block:: yaml

  64. 

  65.     salt:

  66.       master:

  67.         enabled: true

  68.         minions:

  69.         - name: 'node1.system.location.domain.com'

  70. 

  71. Salt master with pip based installation (optional)

  72. 

  73. .. code-block:: yaml

  74. 

  75.     salt:

  76.       master:

  77.         enabled: true

  78.         ...

  79.         source:

  80.           engine: pip

  81.           version: 2016.3.0rc2

  82. 

  83. Install formula through system package management

  84. 

  85. .. code-block:: yaml

  86. 

  87.     salt:

  88.       master:

  89.         enabled: true

  90.         ...

  91.         environment:

  92.           prd:

  93.             keystone:

  94.               source: pkg

  95.               name: salt-formula-keystone

  96.             nova:

  97.               source: pkg

  98.               name: salt-formula-keystone

  99.               version: 0.1+0~20160818133412.24~1.gbp6e1ebb

  100.             postresql:

  101.               source: pkg

  102.               name: salt-formula-postgresql

  103.               version: purged

  104. 

  105. Formula keystone is installed latest version and the formulas without version are installed in one call to aptpkg module.

  106. If the version attribute is present sls iterates over formulas and take action to install specific version or remove it.

  107. The version attribute may have these values ``[latest|purged|removed|<VERSION>]``.

  108. 

  109. Clone master branch of keystone formula as local feature branch

  110. 

  111. .. code-block:: yaml

  112. 

  113.     salt:

  114.       master:

  115.         enabled: true

  116.         ...

  117.         environment:

  118.           dev:

  119.             formula:

  120.               keystone:

  121.                 source: git

  122.                 address: git@github.com:openstack/salt-formula-keystone.git

  123.                 revision: master

  124.                 branch: feature

  125. 

  126. Salt master with specified formula refs (for example for Gerrit review)

  127. 

  128. .. code-block:: yaml

  129. 

  130.     salt:

  131.       master:

  132.         enabled: true

  133.         ...

  134.         environment:

  135.           dev:

  136.             formula:

  137.               keystone:

  138.                 source: git

  139.                 address: https://git.openstack.org/openstack/salt-formula-keystone

  140.                 revision: refs/changes/56/123456/1

  141. 

  142. Salt master with logging handlers

  143. 

  144. .. code-block:: yaml

  145. 

  146.     salt:

  147.       master:

  148.         enabled: true

  149.         handler:

  150.           handler01:

  151.             engine: udp

  152.             bind:

  153.               host: 127.0.0.1

  154.               port: 9999

  155.       minion:

  156.         handler:

  157.           handler01:

  158.             engine: udp

  159.             bind:

  160.               host: 127.0.0.1

  161.               port: 9999

  162.           handler02:

  163.             engine: zmq

  164.             bind:

  165.               host: 127.0.0.1

  166.               port: 9999

  167. 

  168. Salt engine definition for saltgraph metadata collector

  169. 

  170. .. code-block:: yaml

  171. 

  172.     salt:

  173.       master:

  174.         engine:

  175.           graph_metadata:

  176.             engine: saltgraph

  177.             host: 127.0.0.1

  178.             port: 5432

  179.             user: salt

  180.             password: salt

  181.             database: salt

  182. 

  183. Salt engine definition for Architect service

  184. 

  185. .. code-block:: yaml

  186. 

  187.     salt:

  188.       master:

  189.         engine:

  190.           architect:

  191.             engine: architect

  192.             project: project-name

  193.             host: architect-api

  194.             port: 8181

  195.             username: salt

  196.             password: password

  197. 

  198. Salt engine definition for sending events from docker events

  199. 

  200. .. code-block:: yaml

  201. 

  202.     salt:

  203.       master:

  204.         engine:

  205.           docker_events:

  206.             docker_url: unix://var/run/docker.sock

  207. 

  208. Salt master peer setup for remote certificate signing

  209. 

  210. .. code-block:: yaml

  211. 

  212.     salt:

  213.       master:

  214.         peer:

  215.           ".*":

  216.           - x509.sign_remote_certificate

  217. 

  218. 

  219. Salt master backup configuration

  220. 

  221. .. code-block:: yaml

  222. 

  223.     salt:

  224.       master:

  225.         backup: true

  226.         initial_data:

  227.           engine: backupninja

  228.           home_dir: remote-backup-home-dir

  229.           source: backup-node-host

  230.           host: original-salt-master-id

  231. 

  232. Configure verbosity of state output (used for `salt` command)

  233. 

  234. .. code-block:: yaml

  235. 

  236.     salt:

  237.       master:

  238.         state_output: changes

  239. 

  240. Pass pillar render error to minion log

  241. 

  242. .. note:: When set to `False` this option is great for debuging.

  243.    However it is not recomended for any production environment as it may contain

  244.    templating data as passwords, etc... ,  that minion should not expose.

  245. 

  246. .. code-block:: yaml

  247. 

  248.     salt:

  249.       master:

  250.         pillar_safe_render_error: False

  251. 

  252. 

  253. Event/Reactor Systems

  254. ~~~~~~~~~~~~~~~~~~~~~

  255. 

  256. Salt synchronise node pillar and modules after start

  257. 

  258. .. code-block:: yaml

  259. 

  260.     salt:

  261.       master:

  262.         reactor:

  263.           salt/minion/*/start:

  264.           - salt://salt/reactor/node_start.sls

  265. 

  266. Trigger basic node install

  267. 

  268. .. code-block:: yaml

  269. 

  270.     salt:

  271.       master:

  272.         reactor:

  273.           salt/minion/install:

  274.           - salt://salt/reactor/node_install.sls

  275. 

  276. Sample event to trigger the node installation

  277. 

  278. .. code-block:: bash

  279. 

  280.     salt-call event.send 'salt/minion/install'

  281. 

  282. Run any defined orchestration pipeline

  283. 

  284. .. code-block:: yaml

  285. 

  286.     salt:

  287.       master:

  288.         reactor:

  289.           salt/orchestrate/start:

  290.           - salt://salt/reactor/orchestrate_start.sls

  291. 

  292. Event to trigger the orchestration pipeline

  293. 

  294. .. code-block:: bash

  295. 

  296.     salt-call event.send 'salt/orchestrate/start' "{'orchestrate': 'salt/orchestrate/infra_install.sls'}"

  297. 

  298. Synchronise modules and pillars on minion start.

  299. 

  300. .. code-block:: yaml

  301. 

  302.     salt:

  303.       master:

  304.         reactor:

  305.           'salt/minion/*/start':

  306.           - salt://salt/reactor/minion_start.sls

  307. 

  308. Add and/or remove the minion key

  309. 

  310. .. code-block:: yaml

  311. 

  312.     salt:

  313.       master:

  314.         reactor:

  315.           salt/key/create:

  316.           - salt://salt/reactor/key_create.sls

  317.           salt/key/remove:

  318.           - salt://salt/reactor/key_remove.sls

  319. 

  320. Event to trigger the key creation

  321. 

  322. .. code-block:: bash

  323. 

  324.     salt-call event.send 'salt/key/create' \

  325.     > "{'node_id': 'id-of-minion', 'node_host': '172.16.10.100', 'orch_post_create': 'kubernetes.orchestrate.compute_install', 'post_create_pillar': {'node_name': 'id-of-minion'}}"

  326. 

  327. .. note::

  328. 

  329.     You can add pass additional `orch_pre_create`, `orch_post_create`,

  330.     `orch_pre_remove` or `orch_post_remove` parameters to the event to call

  331.     extra orchestrate files. This can be useful for example for

  332.     registering/unregistering nodes from the monitoring alarms or dashboards.

  333. 

  334.     The key creation event needs to be run from other machine than the one

  335.     being registered.

  336. 

  337. Event to trigger the key removal

  338. 

  339. .. code-block:: bash

  340. 

  341.     salt-call event.send 'salt/key/remove'

  342. 

  343. Control VM provisioning

  344. 

  345. .. code-block:: yaml

  346. 

  347.     virt:

  348.       disk:

  349.         three_disks:

  350.           - system:

  351.               size: 4096

  352.               image: ubuntu.qcow

  353.           - repository_snapshot:

  354.               size: 8192

  355.               image: snapshot.qcow

  356.           - cinder-volume:

  357.               size: 2048

  358. 

  359.     salt:

  360.       control:

  361.         enabled: true

  362.         virt_enabled: true

  363.         size:

  364.           medium_three_disks:

  365.             cpu: 2

  366.             ram: 4

  367.             disk_profile: three_disks

  368.         cluster:

  369.           mycluster:

  370.             domain: neco.virt.domain.com

  371.             engine: virt

  372.             node:

  373.               ubuntu1:

  374.                 provider: node01.domain.com

  375.                 image: ubuntu.qcow

  376.                 size: medium

  377.                 img_dest: /var/lib/libvirt/ssdimages

  378.                 rng:

  379.                   backend: /dev/urandom

  380.                   model: random

  381.                   rate:

  382.                     period: '1800'

  383.                     bytes: '1500'

  384. 

  385. Jinja options

  386. -------------

  387. 

  388. Use following options to update default jinja renderer options. Salt recognize Jinja options for templates and for sls files.

  389. 

  390. For full list of options check jinja documentation: http://jinja.pocoo.org/docs/api/#high-level-api.

  391. 

  392. .. code-block:: yaml

  393. 

  394. 

  395.   salt:

  396.     renderer:

  397.       # for templates

  398.       jinja: &jina_env

  399.         # Default Jinja environment options

  400.         block_start_string: '{%'

  401.         block_end_string: '%}'

  402.         variable_start_string: '{{'

  403.         variable_end_string: '}}'

  404.         comment_start_string: '{#'

  405.         comment_end_string: '#}'

  406.         keep_trailing_newline: False

  407.         newline_sequence: '\n'

  408. 

  409.         # Next two are enabled by default in Salt

  410.         trim_blocks: True

  411.         lstrip_blocks: True

  412. 

  413.         # Next two are not enabled by default in Salt

  414.         # but worth to consider to enable in future for salt-formulas

  415.         line_statement_prefix: '%'

  416.         line_comment_prefix: '##'

  417. 

  418.       # for .sls state files

  419.       jinja_sls: *jinja_env

  420. 

  421. 

  422. 

  423. With the line_statement/comment* _prefix options enabled following code statements are valid:

  424. 

  425. .. code-block:: yaml

  426.    %- set myvar = 'one'

  427. 

  428.    ## You can mix even with '{%'

  429.    {%- set myvar = 'two' %} ## comment

  430.    %- set mylist = ['one', 'two', 'three'] ## comment

  431. 

  432.    ## comment

  433.    %- for item in mylist:  ## comment

  434.    {{- item }}

  435.    %- endfor

  436. 

  437. 

  438. Encrypted pillars

  439. ~~~~~~~~~~~~~~~~~

  440. 

  441. Note: NACL + below configuration will be available in Salt > 2017.7.

  442. 

  443. External resources:

  444. 

  445. - Tutorial to configure salt + reclass ext_pillar and nacl: http://apealive.net/post/2017-09-salt-nacl-ext-pillar/

  446. - Saltstack documentation: https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.nacl.html

  447. 

  448. Configure salt NACL module:

  449. 

  450. .. code-block:: shell

  451. 

  452.   pip install --upgrade libnacl===1.5.2

  453.   salt-call --local nacl.keygen /etc/salt/pki/master/nacl

  454. 

  455.     local:

  456.         saved sk_file:/etc/salt/pki/master/nacl  pk_file: /etc/salt/pki/master/nacl.pub

  457. 

  458. 

  459. .. code-block:: yaml

  460. 

  461.     salt:

  462.       master:

  463.         pillar:

  464.           reclass: *reclass

  465.           nacl:

  466.             index: 99

  467.         nacl:

  468.           box_type: sealedbox

  469.           sk_file: /etc/salt/pki/master/nacl

  470.           pk_file: /etc/salt/pki/master/nacl.pub

  471.           #sk: None

  472.           #pk: None

  473. 

  474. NACL encrypt secrets:

  475. 

  476.   salt-call --local nacl.enc 'my_secret_value' pk_file=/etc/salt/pki/master/nacl.pub

  477.     hXTkJpC1hcKMS7yZVGESutWrkvzusXfETXkacSklIxYjfWDlMJmR37MlmthdIgjXpg4f2AlBKb8tc9Woma7q

  478.   # or

  479.   salt-run nacl.enc 'myotherpass'

  480.     ADDFD0Rav6p6+63sojl7Htfrncp5rrDVyeE4BSPO7ipq8fZuLDIVAzQLf4PCbDqi+Fau5KD3/J/E+Pw=

  481. 

  482. 

  483. NACL encrypted values on pillar:

  484. 

  485. Use Boxed syntax `NACL[CryptedValue=]` to encode value on pillar:

  486. 

  487. .. code-block:: yaml

  488. 

  489.   my_pillar:

  490.     my_nacl:

  491.         key0: unencrypted_value

  492.         key1: NACL[hXTkJpC1hcKMS7yZVGESutWrkvzusXfETXkacSklIxYjfWDlMJmR37MlmthdIgjXpg4f2AlBKb8tc9Woma7q]

  493. 

  494. NACL large files:

  495. 

  496. .. code-block:: shell

  497.   salt-call nacl.enc_file /tmp/cert.crt out=/srv/salt/env/dev/cert.nacl

  498.   # or more advanced

  499.   cert=$(cat /tmp/cert.crt)

  500.   salt-call --out=newline_values_only nacl.enc_pub data="$cert" > /srv/salt/env/dev/cert.nacl

  501. 

  502. 

  503. NACL within template/native pillars:

  504. 

  505.   pillarexample:

  506.       user: root

  507.       password1: {{salt.nacl.dec('DRB7Q6/X5gGSRCTpZyxS6hlbWj0llUA+uaVyvou3vJ4=')|json}}

  508.       cert_key: {{salt.nacl.dec_file('/srv/salt/env/dev/certs/example.com/cert.nacl')|json}}

  509.       cert_key2: {{salt.nacl.dec_file('salt:///certs/example.com/cert2.nacl')|json}}

  510. 

  511. 

  512. Salt Syndic

  513. -----------

  514. 

  515. The master of masters

  516. 

  517. .. code-block:: yaml

  518. 

  519.     salt:

  520.       master:

  521.         enabled: true

  522.         order_masters: True

  523. 

  524. Lower syndicated master

  525. 

  526. .. code-block:: yaml

  527. 

  528.     salt:

  529.       syndic:

  530.         enabled: true

  531.         master:

  532.           host: master-of-master-host

  533.         timeout: 5

  534. 

  535. Syndicated master with multiple master of masters

  536. 

  537. .. code-block:: yaml

  538. 

  539.     salt:

  540.       syndic:

  541.         enabled: true

  542.         masters:

  543.         - host: master-of-master-host1

  544.         - host: master-of-master-host2

  545.         timeout: 5

  546. 

  547. 

  548. Salt Minion

  549. -----------

  550. 

  551. Simplest Salt minion setup with central configuration node

  552. 

  553. .. code-block:: yaml

  554. 

  555. .. literalinclude:: tests/pillar/minion_master.sls

  556.    :language: yaml

  557. 

  558. Multi-master Salt minion setup

  559. 

  560. .. literalinclude:: tests/pillar/minion_multi_master.sls

  561.    :language: yaml

  562. 

  563. Salt minion with salt mine options

  564. 

  565. .. literalinclude:: tests/pillar/minion_mine.sls

  566.    :language: yaml

  567. 

  568. Salt minion with graphing dependencies

  569. 

  570. .. literalinclude:: tests/pillar/minion_graph.sls

  571.    :language: yaml

  572. 

  573. Salt minion behind HTTP proxy

  574. 

  575. .. code-block:: yaml

  576. 

  577.     salt:

  578.       minion:

  579.         proxy:

  580.           host: 127.0.0.1

  581.           port: 3128

  582. 

  583. Salt minion to specify non-default HTTP backend. The default tornado backend

  584. does not respect HTTP proxy settings set as environment variables. This is

  585. useful for cases where you need to set no_proxy lists.

  586. 

  587. .. code-block:: yaml

  588. 

  589.     salt:

  590.       minion:

  591.         backend: urllib2

  592. 

  593. 

  594. Salt minion with PKI certificate authority (CA)

  595. 

  596. .. literalinclude:: tests/pillar/minion_pki_ca.sls

  597.    :language: yaml

  598. 

  599. Salt minion using PKI certificate

  600. 

  601. .. literalinclude:: tests/pillar/minion_pki_cert.sls

  602.    :language: yaml

  603. 

  604. Salt minion trust CA certificates issued by salt CA on a specific host (ie: salt-master node)

  605. 

  606. .. code-block:: yaml

  607. 

  608.   salt:

  609.     minion:

  610.       trusted_ca_minions:

  611.         - cfg01

  612. 

  613. 

  614. Salt Minion Proxy

  615. ~~~~~~~~~~~~~~~~~

  616. 

  617. Salt proxy pillar

  618. 

  619. .. code-block:: yaml

  620. 

  621.     salt:

  622.       minion:

  623.         proxy_minion:

  624.           master: localhost

  625.           device:

  626.             vsrx01.mydomain.local:

  627.               enabled: true

  628.               engine: napalm

  629.             csr1000v.mydomain.local:

  630.               enabled: true

  631.               engine: napalm

  632. 

  633. .. note:: This is pillar of the the real salt-minion

  634. 

  635. 

  636. Proxy pillar for IOS device

  637. 

  638. .. code-block:: yaml

  639. 

  640.     proxy:

  641.       proxytype: napalm

  642.       driver: ios

  643.       host: csr1000v.mydomain.local

  644.       username: root

  645.       passwd: r00tme

  646. 

  647. .. note:: This is pillar of the node thats not able to run salt-minion itself

  648. 

  649. 

  650. Proxy pillar for JunOS device

  651. 

  652. .. code-block:: yaml

  653. 

  654.     proxy:

  655.       proxytype: napalm

  656.       driver: junos

  657.       host: vsrx01.mydomain.local

  658.       username: root

  659.       passwd: r00tme

  660.       optional_args:

  661.         config_format: set

  662. 

  663. .. note:: This is pillar of the node thats not able to run salt-minion itself

  664. 

  665. 

  666. Salt SSH

  667. ~~~~~~~~

  668. 

  669. Salt SSH with sudoer using key

  670. 

  671. .. literalinclude:: tests/pillar/master_ssh_minion_key.sls

  672.    :language: yaml

  673. 

  674. Salt SSH with sudoer using password

  675. 

  676. .. literalinclude:: tests/pillar/master_ssh_minion_password.sls

  677.    :language: yaml

  678. 

  679. Salt SSH with root using password

  680. 

  681. .. literalinclude:: tests/pillar/master_ssh_minion_root.sls

  682.    :language: yaml

  683. 

  684. Salt control (cloud/kvm/docker)

  685. -------------------------------

  686. 

  687. Salt cloud with local OpenStack provider

  688. 

  689. .. literalinclude:: tests/pillar/control_cloud_openstack.sls

  690.    :language: yaml

  691. 

  692. Salt cloud with Digital Ocean provider

  693. 

  694. .. literalinclude:: tests/pillar/control_cloud_digitalocean.sls

  695.    :language: yaml

  696. 

  697. Salt virt with KVM cluster

  698. 

  699. .. literalinclude:: tests/pillar/control_virt.sls

  700.    :language: yaml

  701. 

  702. salt virt with custom destination for image file

  703. 

  704. .. literalinclude:: tests/pillar/control_virt_custom.sls

  705.    :language: yaml

  706. 

  707. 

  708. Usage

  709. =====

  710. 

  711. Working with salt-cloud

  712. 

  713. .. code-block:: bash

  714. 

  715.     salt-cloud -m /path/to/map --assume-yes

  716. 

  717. Debug LIBCLOUD for salt-cloud connection

  718. 

  719. .. code-block:: bash

  720. 

  721.     export LIBCLOUD_DEBUG=/dev/stderr; salt-cloud --list-sizes provider_name --log-level all

  722. 

  723. 

  724. References

  725. ==========

  726. 

  727. * http://salt.readthedocs.org/en/latest/

  728. * https://github.com/DanielBryan/salt-state-graph

  729. * http://karlgrz.com/testing-salt-states-rapidly-with-docker/

  730. * https://mywushublog.com/2013/03/configuration-management-with-salt-stack/

  731. * http://russell.ballestrini.net/replace-the-nagios-scheduler-and-nrpe-with-salt-stack/

  732. * https://github.com/saltstack-formulas/salt-formula

  733. * http://docs.saltstack.com/en/latest/topics/tutorials/multimaster.html

  734. 

  735. 

  736. salt-cloud

  737. ----------

  738. 

  739. * http://www.blog.sandro-mathys.ch/2013/07/setting-user-password-when-launching.html

  740. * http://cloudinit.readthedocs.org/en/latest/topics/examples.html

  741. * http://salt-cloud.readthedocs.org/en/latest/topics/install/index.html

  742. * http://docs.saltstack.com/topics/cloud/digitalocean.html

  743. * http://salt-cloud.readthedocs.org/en/latest/topics/rackspace.html

  744. * http://salt-cloud.readthedocs.org/en/latest/topics/map.html

  745. * http://docs.saltstack.com/en/latest/topics/tutorials/multimaster.html

  746. 

  747. 

  748. Documentation and Bugs

  749. ======================

  750. 

  751. To learn how to install and update salt-formulas, consult the documentation

  752. available online at:

  753. 

  754.     http://salt-formulas.readthedocs.io/

  755. 

  756. In the unfortunate event that bugs are discovered, they should be reported to

  757. the appropriate issue tracker. Use Github issue tracker for specific salt

  758. formula:

  759. 

  760.     https://github.com/salt-formulas/salt-formula-salt/issues

  761. 

  762. For feature requests, bug reports or blueprints affecting entire ecosystem,

  763. use Launchpad salt-formulas project:

  764. 

  765.     https://launchpad.net/salt-formulas

  766. 

  767. You can also join salt-formulas-users team and subscribe to mailing list:

  768. 

  769.     https://launchpad.net/~salt-formulas-users

  770. 

  771. Developers wishing to work on the salt-formulas projects should always base

  772. their work on master branch and submit pull request against specific formula.

  773. 

  774.     https://github.com/salt-formulas/salt-formula-salt

  775. 

  776. Any questions or feedback is always welcome so feel free to join our IRC

  777. channel:

  778. 

  779.     #salt-formulas @ irc.freenode.net