New version of salt-formula from Saltstack
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

пре 9 година
пре 9 година
пре 9 година
пре 9 година
пре 9 година
пре 9 година
пре 8 година
пре 9 година
пре 9 година
пре 8 година
пре 9 година
пре 9 година
пре 8 година
пре 8 година
пре 8 година
пре 8 година
пре 9 година
пре 9 година
пре 9 година
пре 8 година
пре 9 година
пре 8 година
пре 8 година
пре 9 година
пре 6 година
пре 6 година
пре 6 година
пре 6 година
пре 6 година
пре 6 година
пре 6 година
пре 6 година
пре 8 година
пре 8 година
пре 8 година
пре 8 година
пре 8 година
пре 8 година
пре 9 година
пре 9 година
пре 8 година
пре 9 година
пре 9 година
пре 8 година
пре 9 година
пре 9 година
пре 8 година
пре 9 година
пре 9 година
пре 9 година
пре 9 година
пре 9 година
пре 8 година
12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013
  1. =====
  2. Usage
  3. =====
  4. Salt is a new approach to infrastructure management. Easy enough to get
  5. running in minutes, scalable enough to manage tens of thousands of servers,
  6. and fast enough to communicate with them in seconds.
  7. Salt delivers a dynamic communication bus for infrastructures that can be used
  8. for orchestration, remote execution, configuration management and much more.
  9. Sample Metadata
  10. ===============
  11. Salt Master
  12. -----------
  13. Salt master with base formulas and pillar metadata back end:
  14. .. literalinclude:: tests/pillar/master_single_pillar.sls
  15. :language: yaml
  16. Salt master with reclass ENC metadata back end:
  17. .. literalinclude:: tests/pillar/master_single_reclass.sls
  18. :language: yaml
  19. Salt master with Architect ENC metadata back end:
  20. .. code-block:: yaml
  21. salt:
  22. master:
  23. enabled: true
  24. pillar:
  25. engine: architect
  26. project: project-name
  27. host: architect-api
  28. port: 8181
  29. username: salt
  30. password: password
  31. Salt master with multiple ``ext_pillars``:
  32. .. code-block:: yaml
  33. salt:
  34. master:
  35. enabled: true
  36. pillar:
  37. engine: salt
  38. source:
  39. engine: local
  40. ext_pillars:
  41. 1:
  42. module: cmd_json
  43. params: '"echo {\"arg\": \"val\"}"'
  44. 2:
  45. module: cmd_yaml
  46. params: /usr/local/bin/get_yml.sh
  47. Salt master with API:
  48. .. literalinclude:: tests/pillar/master_api.sls
  49. :language: yaml
  50. Salt master with defined user ACLs:
  51. .. literalinclude:: tests/pillar/master_acl.sls
  52. :language: yaml
  53. Salt master with preset minions:
  54. .. code-block:: yaml
  55. salt:
  56. master:
  57. enabled: true
  58. minions:
  59. - name: 'node1.system.location.domain.com'
  60. Salt master with pip based installation (optional):
  61. .. code-block:: yaml
  62. salt:
  63. master:
  64. enabled: true
  65. ...
  66. source:
  67. engine: pip
  68. version: 2016.3.0rc2
  69. Install formula through system package management:
  70. .. code-block:: yaml
  71. salt:
  72. master:
  73. enabled: true
  74. ...
  75. environment:
  76. prd:
  77. keystone:
  78. source: pkg
  79. name: salt-formula-keystone
  80. nova:
  81. source: pkg
  82. name: salt-formula-keystone
  83. version: 0.1+0~20160818133412.24~1.gbp6e1ebb
  84. postresql:
  85. source: pkg
  86. name: salt-formula-postgresql
  87. version: purged
  88. Formula keystone is installed latest version and the formulas
  89. without version are installed in one call to aptpkg module.
  90. If the version attribute is present sls iterates over formulas
  91. and take action to install specific version or remove it.
  92. The version attribute may have these values
  93. ``[latest|purged|removed|<VERSION>]``.
  94. Clone master branch of keystone formula as local feature branch:
  95. .. code-block:: yaml
  96. salt:
  97. master:
  98. enabled: true
  99. ...
  100. environment:
  101. dev:
  102. formula:
  103. keystone:
  104. source: git
  105. address: git@github.com:openstack/salt-formula-keystone.git
  106. revision: master
  107. branch: feature
  108. Salt master with specified formula refs (for example, for Gerrit
  109. review):
  110. .. code-block:: yaml
  111. salt:
  112. master:
  113. enabled: true
  114. ...
  115. environment:
  116. dev:
  117. formula:
  118. keystone:
  119. source: git
  120. address: https://git.openstack.org/openstack/salt-formula-keystone
  121. revision: refs/changes/56/123456/1
  122. Salt master logging configuration:
  123. .. code-block:: yaml
  124. salt:
  125. master:
  126. enabled: true
  127. log:
  128. level: warning
  129. file: '/var/log/salt/master'
  130. level_logfile: warning
  131. Salt minion logging configuration:
  132. .. code-block:: yaml
  133. salt:
  134. minion:
  135. enabled: true
  136. log:
  137. level: info
  138. file: '/var/log/salt/minion'
  139. level_logfile: warning
  140. Salt master with logging handlers:
  141. .. code-block:: yaml
  142. salt:
  143. master:
  144. enabled: true
  145. handler:
  146. handler01:
  147. engine: udp
  148. bind:
  149. host: 127.0.0.1
  150. port: 9999
  151. minion:
  152. handler:
  153. handler01:
  154. engine: udp
  155. bind:
  156. host: 127.0.0.1
  157. port: 9999
  158. handler02:
  159. engine: zmq
  160. bind:
  161. host: 127.0.0.1
  162. port: 9999
  163. Salt engine definition for saltgraph metadata collector:
  164. .. code-block:: yaml
  165. salt:
  166. master:
  167. engine:
  168. graph_metadata:
  169. engine: saltgraph
  170. host: 127.0.0.1
  171. port: 5432
  172. user: salt
  173. password: salt
  174. database: salt
  175. Salt engine definition for Architect service:
  176. .. code-block:: yaml
  177. salt:
  178. master:
  179. engine:
  180. architect:
  181. engine: architect
  182. project: project-name
  183. host: architect-api
  184. port: 8181
  185. username: salt
  186. password: password
  187. Salt engine definition for sending events from docker events:
  188. .. code-block:: yaml
  189. salt:
  190. master:
  191. engine:
  192. docker_events:
  193. docker_url: unix://var/run/docker.sock
  194. Salt master peer setup for remote certificate signing:
  195. .. code-block:: yaml
  196. salt:
  197. master:
  198. peer:
  199. ".*":
  200. - x509.sign_remote_certificate
  201. Salt master backup configuration:
  202. .. code-block:: yaml
  203. salt:
  204. master:
  205. backup: true
  206. initial_data:
  207. engine: backupninja
  208. home_dir: remote-backup-home-dir
  209. source: backup-node-host
  210. host: original-salt-master-id
  211. Configure verbosity of state output (used for :command:`salt`
  212. command):
  213. .. code-block:: yaml
  214. salt:
  215. master:
  216. state_output: changes
  217. Pass pillar render error to minion log:
  218. .. note:: When set to `False` this option is great for debuging.
  219. However it is not recomended for any production environment as it may contain
  220. templating data as passwords, and so on, that minion should not expose.
  221. .. code-block:: yaml
  222. salt:
  223. master:
  224. pillar_safe_render_error: False
  225. Enable Windows repository support:
  226. .. code-block:: yaml
  227. salt:
  228. master:
  229. win_repo:
  230. source: git
  231. address: https://github.com/saltstack/salt-winrepo-ng
  232. revision: master
  233. Configure a gitfs_remotes resource:
  234. .. code-block:: yaml
  235. salt:
  236. master:
  237. gitfs_remotes:
  238. salt_formula:
  239. url: https://github.com/salt-formulas/salt-formula-salt.git
  240. enabled: true
  241. params:
  242. base: master
  243. Read more about gitfs resource options in the official Salt documentation.
  244. Event/Reactor systems
  245. ~~~~~~~~~~~~~~~~~~~~~
  246. Salt to synchronize node pillar and modules after start:
  247. .. code-block:: yaml
  248. salt:
  249. master:
  250. reactor:
  251. salt/minion/*/start:
  252. - salt://salt/reactor/node_start.sls
  253. Trigger basic node install:
  254. .. code-block:: yaml
  255. salt:
  256. master:
  257. reactor:
  258. salt/minion/install:
  259. - salt://salt/reactor/node_install.sls
  260. Sample event to trigger the node installation:
  261. .. code-block:: bash
  262. salt-call event.send 'salt/minion/install'
  263. Run any defined orchestration pipeline:
  264. .. code-block:: yaml
  265. salt:
  266. master:
  267. reactor:
  268. salt/orchestrate/start:
  269. - salt://salt/reactor/orchestrate_start.sls
  270. Event to trigger the orchestration pipeline:
  271. .. code-block:: bash
  272. salt-call event.send 'salt/orchestrate/start' "{'orchestrate': 'salt/orchestrate/infra_install.sls'}"
  273. Synchronise modules and pillars on minion start:
  274. .. code-block:: yaml
  275. salt:
  276. master:
  277. reactor:
  278. 'salt/minion/*/start':
  279. - salt://salt/reactor/minion_start.sls
  280. Add and/or remove the minion key:
  281. .. code-block:: yaml
  282. salt:
  283. master:
  284. reactor:
  285. salt/key/create:
  286. - salt://salt/reactor/key_create.sls
  287. salt/key/remove:
  288. - salt://salt/reactor/key_remove.sls
  289. Event to trigger the key creation:
  290. .. code-block:: bash
  291. salt-call event.send 'salt/key/create' \
  292. > "{'node_id': 'id-of-minion', 'node_host': '172.16.10.100', 'orch_post_create': 'kubernetes.orchestrate.compute_install', 'post_create_pillar': {'node_name': 'id-of-minion'}}"
  293. .. note::
  294. You can add pass additional ``orch_pre_create``, ``orch_post_create``,
  295. ``orch_pre_remove`` or ``orch_post_remove`` parameters to the event
  296. to call extra orchestrate files. This can be useful for example for
  297. registering/unregistering nodes from the monitoring alarms or dashboards.
  298. The key creation event needs to be run from other machine than the one
  299. being registered.
  300. Event to trigger the key removal:
  301. .. code-block:: bash
  302. salt-call event.send 'salt/key/remove'
  303. Control VM provisioning:
  304. .. code-block:: yaml
  305. _param:
  306. private-ipv4: &private-ipv4
  307. - id: private-ipv4
  308. type: ipv4
  309. link: ens2
  310. netmask: 255.255.255.0
  311. routes:
  312. - gateway: 192.168.0.1
  313. netmask: 0.0.0.0
  314. network: 0.0.0.0
  315. virt:
  316. disk:
  317. three_disks:
  318. - system:
  319. size: 4096
  320. image: ubuntu.qcow
  321. - repository_snapshot:
  322. size: 8192
  323. image: snapshot.qcow
  324. - cinder-volume:
  325. size: 2048
  326. nic:
  327. control:
  328. - name: nic01
  329. bridge: br-pxe
  330. model: virtio
  331. - name: nic02
  332. bridge: br-cp
  333. model: virtio
  334. - name: nic03
  335. bridge: br-store-front
  336. model: virtio
  337. - name: nic04
  338. bridge: br-public
  339. model: virtio
  340. - name: nic05
  341. bridge: br-prv
  342. model: virtio
  343. virtualport:
  344. type: openvswitch
  345. salt:
  346. control:
  347. enabled: true
  348. virt_enabled: true
  349. size:
  350. medium_three_disks:
  351. cpu: 2
  352. ram: 4
  353. disk_profile: three_disks
  354. cluster:
  355. mycluster:
  356. domain: neco.virt.domain.com
  357. engine: virt
  358. # Cluster global settings
  359. rng: false
  360. enable_vnc: True
  361. seed: cloud-init
  362. cloud_init:
  363. user_data:
  364. disable_ec2_metadata: true
  365. resize_rootfs: True
  366. timezone: UTC
  367. ssh_deletekeys: True
  368. ssh_genkeytypes: ['rsa', 'dsa', 'ecdsa']
  369. ssh_svcname: ssh
  370. locale: en_US.UTF-8
  371. disable_root: true
  372. apt_preserve_sources_list: false
  373. apt:
  374. sources_list: ""
  375. sources:
  376. ubuntu.list:
  377. source: ${linux:system:repo:ubuntu:source}
  378. mcp_saltstack.list:
  379. source: ${linux:system:repo:mcp_saltstack:source}
  380. node:
  381. ubuntu1:
  382. provider: node01.domain.com
  383. image: ubuntu.qcow
  384. size: medium
  385. img_dest: /var/lib/libvirt/ssdimages
  386. # Node settings override cluster global ones
  387. enable_vnc: False
  388. rng:
  389. backend: /dev/urandom
  390. model: random
  391. rate:
  392. period: '1800'
  393. bytes: '1500'
  394. # Custom per-node loader definition (e.g. for AArch64 UEFI)
  395. loader:
  396. readonly: yes
  397. type: pflash
  398. path: /usr/share/AAVMF/AAVMF_CODE.fd
  399. machine: virt-2.11 # Custom per-node virt machine type
  400. cpu_mode: host-passthrough
  401. cpuset: '1-4'
  402. mac:
  403. nic01: AC:DE:48:AA:AA:AA
  404. nic02: AC:DE:48:AA:AA:BB
  405. # netconfig affects: hostname during boot
  406. # manual interfaces configuration
  407. cloud_init:
  408. network_data:
  409. networks:
  410. - <<: *private-ipv4
  411. ip_address: 192.168.0.161
  412. user_data:
  413. salt_minion:
  414. conf:
  415. master: 10.1.1.1
  416. ubuntu2:
  417. seed: qemu-nbd
  418. cloud_init:
  419. enabled: false
  420. There are two methods to seed an initial Salt minion configuration to
  421. Libvirt VMs: mount a disk and update a filesystem or create a ConfigDrive with
  422. a Cloud-init config. This is controlled by the "seed" parameter on cluster and
  423. node levels. When set to _True_ or "qemu-nbd", the old method of mounting a disk
  424. will be used. When set to "cloud-init", the new method will be used. When set
  425. to _False_, no seeding will happen. The default value is _True_, meaning
  426. the "qemu-nbd" method will be used. This is done for backward compatibility
  427. and may be changed in future.
  428. The recommended method is to use Cloud-init.
  429. It's controlled by the "cloud_init" dictionary on cluster and node levels.
  430. Node level parameters are merged on top of cluster level parameters.
  431. The Salt Minion config is populated automatically based on a VM name and config
  432. settings of the minion who is actually executing a state. To override them,
  433. add the "salt_minion" section into the "user_data" section as shown above.
  434. It is possible to disable Cloud-init by setting "cloud_init.enabled" to _False_.
  435. To enable Redis plugin for the Salt caching subsystem, use the
  436. below pillar structure:
  437. .. code-block:: yaml
  438. salt:
  439. master:
  440. cache:
  441. plugin: redis
  442. host: localhost
  443. port: 6379
  444. db: '0'
  445. password: pass_word
  446. bank_prefix: 'MCP'
  447. bank_keys_prefix: 'MCPKEY'
  448. key_prefix: 'KEY'
  449. separator: '@'
  450. Jinja options
  451. -------------
  452. Use the following options to update default Jinja renderer options.
  453. Salt recognize Jinja options for templates and for the ``sls`` files.
  454. For full list of options, see Jinja documentation:
  455. http://jinja.pocoo.org/docs/api/#high-level-api
  456. .. code-block:: yaml
  457. salt:
  458. renderer:
  459. # for templates
  460. jinja: &jina_env
  461. # Default Jinja environment options
  462. block_start_string: '{%'
  463. block_end_string: '%}'
  464. variable_start_string: '{{'
  465. variable_end_string: '}}'
  466. comment_start_string: '{#'
  467. comment_end_string: '#}'
  468. keep_trailing_newline: False
  469. newline_sequence: '\n'
  470. # Next two are enabled by default in Salt
  471. trim_blocks: True
  472. lstrip_blocks: True
  473. # Next two are not enabled by default in Salt
  474. # but worth to consider to enable in future for salt-formulas
  475. line_statement_prefix: '%'
  476. line_comment_prefix: '##'
  477. # for .sls state files
  478. jinja_sls: *jinja_env
  479. With the ``line_statement/comment* _prefix`` options enabled following
  480. code statements are valid:
  481. .. code-block:: yaml
  482. %- set myvar = 'one'
  483. ## You can mix even with '{%'
  484. {%- set myvar = 'two' %} ## comment
  485. %- set mylist = ['one', 'two', 'three'] ## comment
  486. ## comment
  487. %- for item in mylist: ## comment
  488. {{- item }}
  489. %- endfor
  490. Encrypted pillars
  491. ~~~~~~~~~~~~~~~~~
  492. .. note:: NACL and the below configuration will be available in Salt > 2017.7.
  493. External resources:
  494. - Tutorial to configure the Salt and Reclass ``ext_pillar`` and NACL:
  495. http://apealive.net/post/2017-09-salt-nacl-ext-pillar/
  496. - SaltStack documentation:
  497. https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.nacl.html
  498. Configure salt NACL module:
  499. .. code-block:: bash
  500. pip install --upgrade libnacl===1.5.2
  501. salt-call --local nacl.keygen /etc/salt/pki/master/nacl
  502. local:
  503. saved sk_file:/etc/salt/pki/master/nacl pk_file: /etc/salt/pki/master/nacl.pub
  504. .. code-block:: yaml
  505. salt:
  506. master:
  507. pillar:
  508. reclass: *reclass
  509. nacl:
  510. index: 99
  511. nacl:
  512. box_type: sealedbox
  513. sk_file: /etc/salt/pki/master/nacl
  514. pk_file: /etc/salt/pki/master/nacl.pub
  515. #sk: None
  516. #pk: None
  517. NACL encrypt secrets:
  518. .. code-block:: bash
  519. salt-call --local nacl.enc 'my_secret_value' pk_file=/etc/salt/pki/master/nacl.pub
  520. hXTkJpC1hcKMS7yZVGESutWrkvzusXfETXkacSklIxYjfWDlMJmR37MlmthdIgjXpg4f2AlBKb8tc9Woma7q
  521. # or
  522. salt-run nacl.enc 'myotherpass'
  523. ADDFD0Rav6p6+63sojl7Htfrncp5rrDVyeE4BSPO7ipq8fZuLDIVAzQLf4PCbDqi+Fau5KD3/J/E+Pw=
  524. NACL encrypted values on pillar:
  525. Use Boxed syntax `NACL[CryptedValue=]` to encode value on pillar:
  526. .. code-block:: yaml
  527. my_pillar:
  528. my_nacl:
  529. key0: unencrypted_value
  530. key1: NACL[hXTkJpC1hcKMS7yZVGESutWrkvzusXfETXkacSklIxYjfWDlMJmR37MlmthdIgjXpg4f2AlBKb8tc9Woma7q]
  531. NACL large files:
  532. .. code-block:: bash
  533. salt-call nacl.enc_file /tmp/cert.crt out=/srv/salt/env/dev/cert.nacl
  534. # or more advanced
  535. cert=$(cat /tmp/cert.crt)
  536. salt-call --out=newline_values_only nacl.enc_pub data="$cert" > /srv/salt/env/dev/cert.nacl
  537. NACL within template/native pillars:
  538. .. code-block:: yaml
  539. pillarexample:
  540. user: root
  541. password1: {{salt.nacl.dec('DRB7Q6/X5gGSRCTpZyxS6hlbWj0llUA+uaVyvou3vJ4=')|json}}
  542. cert_key: {{salt.nacl.dec_file('/srv/salt/env/dev/certs/example.com/cert.nacl')|json}}
  543. cert_key2: {{salt.nacl.dec_file('salt:///certs/example.com/cert2.nacl')|json}}
  544. Salt Syndic
  545. -----------
  546. The master of masters:
  547. .. code-block:: yaml
  548. salt:
  549. master:
  550. enabled: true
  551. order_masters: True
  552. Lower syndicated master:
  553. .. code-block:: yaml
  554. salt:
  555. syndic:
  556. enabled: true
  557. master:
  558. host: master-of-master-host
  559. timeout: 5
  560. Syndicated master with multiple master of masters:
  561. .. code-block:: yaml
  562. salt:
  563. syndic:
  564. enabled: true
  565. masters:
  566. - host: master-of-master-host1
  567. - host: master-of-master-host2
  568. timeout: 5
  569. Dynamic DNS configuration
  570. -------------------------
  571. Salt master can register minions in DNS server using DDNS (dynamic DNS)
  572. update mechanism via salt.runners.ddns module. DNS server with dynamic
  573. updates allowed is required. Authorization via {tsig-key} is available.
  574. Recommended is DNS server configured via salt-formula-bind.
  575. Mechanism uses event-reactor system.
  576. Master pillar:
  577. .. code-block:: yaml
  578. salt:
  579. master:
  580. ddns:
  581. enabled: True
  582. keys:
  583. key: <tsig-key>
  584. name: <tsig-key-name>
  585. reactor:
  586. dns/node/register:
  587. - salt://salt/reactor/ddns_node_register.sls
  588. dns/static/records:
  589. - salt://salt/reactor/ddns_static_records.sls
  590. Minion pillar:
  591. .. code-block:: yaml
  592. salt:
  593. minion:
  594. ddns:
  595. server: <dns-server-ip>
  596. keyname: <tsig-key-name>
  597. ttl: 300
  598. dns_static:
  599. zone.example.com:
  600. - name: appname
  601. type: CNAME
  602. value: appserver01
  603. Manual calling:
  604. .. code-block:: bash
  605. # Minion register
  606. salt '*' state.apply salt.minion.dns_register
  607. # Static DNS records
  608. salt '*' state.apply salt.minion.dns_static
  609. Salt Minion
  610. -----------
  611. Minion ID by default triggers dependency on Linux formula, as it uses fqdn
  612. configured from `linux.system.name` and `linux.system.domain` pillar.
  613. To override, provide exact minion ID you require. The same can be set for
  614. master ID rendered at ``master.conf``.
  615. .. code-block:: yaml
  616. salt:
  617. minion:
  618. id: minion1.production
  619. master:
  620. id: master.production
  621. Simplest Salt minion setup with central configuration node:
  622. .. literalinclude:: tests/pillar/minion_master.sls
  623. :language: yaml
  624. Multi-master Salt minion setup:
  625. .. literalinclude:: tests/pillar/minion_multi_master.sls
  626. :language: yaml
  627. Salt minion with salt mine options:
  628. .. literalinclude:: tests/pillar/minion_mine.sls
  629. :language: yaml
  630. Salt minion with graphing dependencies:
  631. .. literalinclude:: tests/pillar/minion_graph.sls
  632. :language: yaml
  633. Salt minion behind HTTP proxy:
  634. .. code-block:: yaml
  635. salt:
  636. minion:
  637. proxy:
  638. host: 127.0.0.1
  639. port: 3128
  640. Salt minion to specify non-default HTTP backend. The default
  641. tornado backend does not respect HTTP proxy settings set as
  642. environment variables. This is useful for cases where you need
  643. to set no_proxy lists.
  644. .. code-block:: yaml
  645. salt:
  646. minion:
  647. backend: urllib2
  648. Salt minion with PKI certificate authority (CA):
  649. .. literalinclude:: tests/pillar/minion_pki_ca.sls
  650. :language: yaml
  651. Salt minion using PKI certificate
  652. .. literalinclude:: tests/pillar/minion_pki_cert.sls
  653. :language: yaml
  654. Salt minion trust CA certificates issued by salt CA on a
  655. specific host (ie: salt-master node):
  656. .. code-block:: yaml
  657. salt:
  658. minion:
  659. trusted_ca_minions:
  660. - cfg01
  661. Salt Minion Proxy
  662. ~~~~~~~~~~~~~~~~~
  663. Salt proxy pillar:
  664. .. code-block:: yaml
  665. salt:
  666. minion:
  667. proxy_minion:
  668. master: localhost
  669. device:
  670. vsrx01.mydomain.local:
  671. enabled: true
  672. engine: napalm
  673. csr1000v.mydomain.local:
  674. enabled: true
  675. engine: napalm
  676. .. note:: This is pillar of the the real salt-minion
  677. Proxy pillar for IOS device:
  678. .. code-block:: yaml
  679. proxy:
  680. proxytype: napalm
  681. driver: ios
  682. host: csr1000v.mydomain.local
  683. username: root
  684. passwd: r00tme
  685. .. note:: This is pillar of the node thats not able to run
  686. salt-minion itself.
  687. Proxy pillar for JunOS device:
  688. .. code-block:: yaml
  689. proxy:
  690. proxytype: napalm
  691. driver: junos
  692. host: vsrx01.mydomain.local
  693. username: root
  694. passwd: r00tme
  695. optional_args:
  696. config_format: set
  697. .. note:: This pillar applies to the node that can not run
  698. salt-minion itself.
  699. Salt SSH
  700. ~~~~~~~~
  701. Salt SSH with sudoer using key:
  702. .. literalinclude:: tests/pillar/master_ssh_minion_key.sls
  703. :language: yaml
  704. Salt SSH with sudoer using password:
  705. .. literalinclude:: tests/pillar/master_ssh_minion_password.sls
  706. :language: yaml
  707. Salt SSH with root using password:
  708. .. literalinclude:: tests/pillar/master_ssh_minion_root.sls
  709. :language: yaml
  710. Salt control (cloud/kvm/docker)
  711. -------------------------------
  712. Salt cloud with local OpenStack provider:
  713. .. literalinclude:: tests/pillar/control_cloud_openstack.sls
  714. :language: yaml
  715. Salt cloud with Digital Ocean provider:
  716. .. literalinclude:: tests/pillar/control_cloud_digitalocean.sls
  717. :language: yaml
  718. Salt virt with KVM cluster:
  719. .. literalinclude:: tests/pillar/control_virt.sls
  720. :language: yaml
  721. Salt virt with custom destination for image file:
  722. .. literalinclude:: tests/pillar/control_virt_custom.sls
  723. :language: yaml
  724. Usage
  725. =====
  726. Working with salt-cloud:
  727. .. code-block:: bash
  728. salt-cloud -m /path/to/map --assume-yes
  729. Debug LIBCLOUD for salt-cloud connection:
  730. .. code-block:: bash
  731. export LIBCLOUD_DEBUG=/dev/stderr; salt-cloud --list-sizes provider_name --log-level all
  732. Read more
  733. =========
  734. * http://salt.readthedocs.org/en/latest/
  735. * https://github.com/DanielBryan/salt-state-graph
  736. * http://karlgrz.com/testing-salt-states-rapidly-with-docker/
  737. * https://mywushublog.com/2013/03/configuration-management-with-salt-stack/
  738. * http://russell.ballestrini.net/replace-the-nagios-scheduler-and-nrpe-with-salt-stack/
  739. * https://github.com/saltstack-formulas/salt-formula
  740. * http://docs.saltstack.com/en/latest/topics/tutorials/multimaster.html
  741. salt-cloud
  742. ----------
  743. * http://www.blog.sandro-mathys.ch/2013/07/setting-user-password-when-launching.html
  744. * http://cloudinit.readthedocs.org/en/latest/topics/examples.html
  745. * http://salt-cloud.readthedocs.org/en/latest/topics/install/index.html
  746. * http://docs.saltstack.com/topics/cloud/digitalocean.html
  747. * http://salt-cloud.readthedocs.org/en/latest/topics/rackspace.html
  748. * http://salt-cloud.readthedocs.org/en/latest/topics/map.html
  749. * http://docs.saltstack.com/en/latest/topics/tutorials/multimaster.html
  750. Documentation and Bugs
  751. ======================
  752. * http://salt-formulas.readthedocs.io/
  753. Learn how to install and update salt-formulas
  754. * https://github.com/salt-formulas/salt-formula-salt/issues
  755. In the unfortunate event that bugs are discovered, report the issue to the
  756. appropriate issue tracker. Use the Github issue tracker for a specific salt
  757. formula
  758. * https://launchpad.net/salt-formulas
  759. For feature requests, bug reports, or blueprints affecting the entire
  760. ecosystem, use the Launchpad salt-formulas project
  761. * https://launchpad.net/~salt-formulas-users
  762. Join the salt-formulas-users team and subscribe to mailing list if required
  763. * https://github.com/salt-formulas/salt-formula-salt
  764. Develop the salt-formulas projects in the master branch and then submit pull
  765. requests against a specific formula
  766. * #salt-formulas @ irc.freenode.net
  767. Use this IRC channel in case of any questions or feedback which is always
  768. welcome