ExternalMirrors
/
salt-formula
mirror of https://github.com/salt-formulas/salt-formula-salt
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 7 Wiki Activity
New version of salt-formula from Saltstack
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
312 Commits
26 Branches
Tree: df75d684a6
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'df75d684a6'
${ noResults }
salt-formula/README.rst

README.rst 17KB
Raw Normal View History

Initial commit
9 years ago
Reactor system, documentation fixes Change-Id: Ic64656c6fc3d4f561226d884b8bfb535dd537e14
7 years ago
Initial commit
9 years ago
Reactor system, documentation fixes Change-Id: Ic64656c6fc3d4f561226d884b8bfb535dd537e14
7 years ago
Initial commit
9 years ago
Reactor system, documentation fixes Change-Id: Ic64656c6fc3d4f561226d884b8bfb535dd537e14
7 years ago
Initial commit
9 years ago
Normalized documentation Change-Id: Idf6a88ca1ac0b6b5fd3976f2e27d8cb24d7a1b3d
7 years ago
Initial commit
9 years ago
Reactor system, documentation fixes Change-Id: Ic64656c6fc3d4f561226d884b8bfb535dd537e14
7 years ago
Initial commit
9 years ago
Provisioning overhaul
9 years ago
Initial commit
9 years ago
Reactor system, documentation fixes Change-Id: Ic64656c6fc3d4f561226d884b8bfb535dd537e14
7 years ago
Initial commit
9 years ago
Provisioning overhaul
9 years ago
Initial commit
9 years ago
SaltStack - Architect integration Change-Id: I96e16a3b203f9b3c9c150db1cb85e966bd14b573
7 years ago
allow-multiple-ext-pillars-and-reclass-options Change-Id: I336b0825712218e2381e1654251765a24581da00
7 years ago
Initial commit
9 years ago
Pillar test data
8 years ago
Salt ACL and API updates
8 years ago
Pillar test data
8 years ago
Initial commit
9 years ago
Reactor system, documentation fixes Change-Id: Ic64656c6fc3d4f561226d884b8bfb535dd537e14
7 years ago
Optional installation source - pip source:engine metadata created - defaults to pkg installation, pip installation alternative added
8 years ago
Reactor system, documentation fixes Change-Id: Ic64656c6fc3d4f561226d884b8bfb535dd537e14
7 years ago
Formula reset to specific refs (example: Gerrit review)
8 years ago
version to be specified for salt formula
7 years ago
Formula reset to specific refs (example: Gerrit review)
8 years ago
version to be specified for salt formula
7 years ago
Formula reset to specific refs (example: Gerrit review)
8 years ago
Reactor system, documentation fixes Change-Id: Ic64656c6fc3d4f561226d884b8bfb535dd537e14
7 years ago
Initial commit
9 years ago
Provisioning overhaul
9 years ago
Initial commit
9 years ago
Provisioning overhaul
9 years ago
Add support for salt master engines Change-Id: Ic9decbeaf57e9aba2f95c3dd616393dc32763fcc
7 years ago
SaltStack - Architect integration Change-Id: I96e16a3b203f9b3c9c150db1cb85e966bd14b573
7 years ago
Add support for salt master engines Change-Id: Ic9decbeaf57e9aba2f95c3dd616393dc32763fcc
7 years ago
Reactor system, documentation fixes Change-Id: Ic64656c6fc3d4f561226d884b8bfb535dd537e14
7 years ago
remote peer sign
8 years ago
Initial commit
9 years ago
Backup and restore of Salt master's state: pki and generated metadata Change-Id: I5c88d22589ec1fa6a9806c1a625b752dd4fc8b54
7 years ago
configure state_output This option can configure default output of state calls. Terse (default option) will make each call to be on single line and make salt output better. Change-Id: Id0987561e34a84fb26a796729d6ab3de3b9ae8e5
7 years ago
set state_output to "changes" Terse output is not enough for debugging. Change-Id: Ida9a4ef0a2ad053fc370d3833d716d9e8d38d814
7 years ago
configure state_output This option can configure default output of state calls. Terse (default option) will make each call to be on single line and make salt output better. Change-Id: Id0987561e34a84fb26a796729d6ab3de3b9ae8e5
7 years ago
Normalized documentation Change-Id: Idf6a88ca1ac0b6b5fd3976f2e27d8cb24d7a1b3d
7 years ago
allow-multiple-ext-pillars-and-reclass-options Change-Id: I336b0825712218e2381e1654251765a24581da00
7 years ago
Orchestrates and reactors Change-Id: I9e48e113656dd9f1ce644e98650276b36e444009
7 years ago
Reactor system, documentation fixes Change-Id: Ic64656c6fc3d4f561226d884b8bfb535dd537e14
7 years ago
Orchestrates and reactors Change-Id: I9e48e113656dd9f1ce644e98650276b36e444009
7 years ago
Reactor system, documentation fixes Change-Id: Ic64656c6fc3d4f561226d884b8bfb535dd537e14
7 years ago
Orchestrates and reactors Change-Id: I9e48e113656dd9f1ce644e98650276b36e444009
7 years ago
Minion key create/delete - reactors and orchestration pipelines Change-Id: I07e86cb5d132a83b2460deda08b8a7e65f379d33
7 years ago
Salt orchestrate pipeline stars based on reactor triggers Change-Id: I3f8ada34bf7e6e356bf6805d98eb0fa4bd66d8d3
7 years ago
Orchestrates and reactors Change-Id: I9e48e113656dd9f1ce644e98650276b36e444009
7 years ago
Salt orchestrate pipeline stars based on reactor triggers Change-Id: I3f8ada34bf7e6e356bf6805d98eb0fa4bd66d8d3
7 years ago
Orchestrates and reactors Change-Id: I9e48e113656dd9f1ce644e98650276b36e444009
7 years ago
Salt orchestrate pipeline stars based on reactor triggers Change-Id: I3f8ada34bf7e6e356bf6805d98eb0fa4bd66d8d3
7 years ago
Added support for sync modules and pillar after minion start Change-Id: Ia3b1e93e5f0b3da7097a285122d24c5b1d2b20e2
7 years ago
Minion key create/delete - reactors and orchestration pipelines Change-Id: I07e86cb5d132a83b2460deda08b8a7e65f379d33
7 years ago
Salt orchestrate pipeline stars based on reactor triggers Change-Id: I3f8ada34bf7e6e356bf6805d98eb0fa4bd66d8d3
7 years ago
Minion key create/delete - reactors and orchestration pipelines Change-Id: I07e86cb5d132a83b2460deda08b8a7e65f379d33
7 years ago
Salt orchestrate pipeline stars based on reactor triggers Change-Id: I3f8ada34bf7e6e356bf6805d98eb0fa4bd66d8d3
7 years ago
Minion key create/delete - reactors and orchestration pipelines Change-Id: I07e86cb5d132a83b2460deda08b8a7e65f379d33
7 years ago
Salt orchestrate pipeline stars based on reactor triggers Change-Id: I3f8ada34bf7e6e356bf6805d98eb0fa4bd66d8d3
7 years ago
Salt reactor features refactoring Change-Id: Ifac3f5e03099e8190db0a3af62a7be1f762f87be
7 years ago
Salt orchestrate pipeline stars based on reactor triggers Change-Id: I3f8ada34bf7e6e356bf6805d98eb0fa4bd66d8d3
7 years ago
Minion key create/delete - reactors and orchestration pipelines Change-Id: I07e86cb5d132a83b2460deda08b8a7e65f379d33
7 years ago
Reactor system, documentation fixes Change-Id: Ic64656c6fc3d4f561226d884b8bfb535dd537e14
7 years ago
allow-multiple-ext-pillars-and-reclass-options Change-Id: I336b0825712218e2381e1654251765a24581da00
7 years ago
Add support for jinja2 renderer options. (2018.2) Change-Id: Idf6c18597a222e6c1b60bf940eadb1d6d8a611c7
7 years ago
Normalized documentation Change-Id: Idf6a88ca1ac0b6b5fd3976f2e27d8cb24d7a1b3d
7 years ago
allow-multiple-ext-pillars-and-reclass-options Change-Id: I336b0825712218e2381e1654251765a24581da00
7 years ago
Normalized documentation Change-Id: Idf6a88ca1ac0b6b5fd3976f2e27d8cb24d7a1b3d
7 years ago
Reactor system, documentation fixes Change-Id: Ic64656c6fc3d4f561226d884b8bfb535dd537e14
7 years ago
Normalized documentation Change-Id: Idf6a88ca1ac0b6b5fd3976f2e27d8cb24d7a1b3d
7 years ago
salt-proxy Change-Id: I2aba1213b1dda46aee929b8ea583c41316e3eb0b
7 years ago
proxy_minion fix Change-Id: I73a4a14734651f6483fae169a2290e9c5b377d76
7 years ago
salt-proxy Change-Id: I2aba1213b1dda46aee929b8ea583c41316e3eb0b
7 years ago
Salt-ssh support
8 years ago
Normalized documentation Change-Id: Idf6a88ca1ac0b6b5fd3976f2e27d8cb24d7a1b3d
7 years ago
Salt-ssh support
8 years ago
Provisioning overhaul
9 years ago
Initial commit
9 years ago
Provisioning overhaul
9 years ago
Initial commit
9 years ago
Provisioning overhaul
9 years ago
Initial commit
9 years ago
Provisioning overhaul
9 years ago
Initial commit
9 years ago
Salt-ssh support
8 years ago
Initial commit
9 years ago
Provisioning overhaul
9 years ago
Initial commit
9 years ago
support for putting vm images in custom locations Change-Id: I685de4207f1f7f17264cc4ad2d81c3348ca20074
7 years ago
Initial commit
9 years ago
Provisioning overhaul
9 years ago
Normalized documentation Change-Id: Idf6a88ca1ac0b6b5fd3976f2e27d8cb24d7a1b3d
7 years ago
Initial commit
9 years ago
Provisioning overhaul
9 years ago
Initial commit
9 years ago
Provisioning overhaul
9 years ago
Unify Makefile, .gitignore and update readme
8 years ago
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737 
  1. 

  2. ============

  3. Salt Formula

  4. ============

  5. 

  6. Salt is a new approach to infrastructure management. Easy enough to get

  7. running in minutes, scalable enough to manage tens of thousands of servers,

  8. and fast enough to communicate with them in seconds.

  9. 

  10. Salt delivers a dynamic communication bus for infrastructures that can be used

  11. for orchestration, remote execution, configuration management and much more.

  12. 

  13. 

  14. Sample Metadata

  15. ===============

  16. 

  17. 

  18. Salt Master

  19. -----------

  20. 

  21. Salt master with base formulas and pillar metadata backend

  22. 

  23. .. literalinclude:: tests/pillar/master_single_pillar.sls

  24.    :language: yaml

  25. 

  26. Salt master with reclass ENC metadata backend

  27. 

  28. .. literalinclude:: tests/pillar/master_single_reclass.sls

  29.    :language: yaml

  30. 

  31. Salt master with Architect ENC metadata backend

  32. 

  33. .. code-block:: yaml

  34. 

  35.     salt:

  36.       master:

  37.         enabled: true

  38.         pillar:

  39.           engine: architect

  40.           project: project-name

  41.           host: architect-api

  42.           port: 8181

  43.           username: salt

  44.           password: password

  45. 

  46. Salt master with multiple ext_pillars

  47. 

  48. .. literalinclude:: tests/pillar/master_single_extpillars.sls

  49.    :language: yaml

  50. 

  51. Salt master with API

  52. 

  53. .. literalinclude:: tests/pillar/master_api.sls

  54.    :language: yaml

  55. 

  56. Salt master with defined user ACLs

  57. 

  58. .. literalinclude:: tests/pillar/master_acl.sls

  59.    :language: yaml

  60. 

  61. Salt master with preset minions

  62. 

  63. .. code-block:: yaml

  64. 

  65.     salt:

  66.       master:

  67.         enabled: true

  68.         minions:

  69.         - name: 'node1.system.location.domain.com'

  70. 

  71. Salt master with pip based installation (optional)

  72. 

  73. .. code-block:: yaml

  74. 

  75.     salt:

  76.       master:

  77.         enabled: true

  78.         ...

  79.         source:

  80.           engine: pip

  81.           version: 2016.3.0rc2

  82. 

  83. Install formula through system package management

  84. 

  85. .. code-block:: yaml

  86. 

  87.     salt:

  88.       master:

  89.         enabled: true

  90.         ...

  91.         environment:

  92.           prd:

  93.             keystone:

  94.               source: pkg

  95.               name: salt-formula-keystone

  96.             nova:

  97.               source: pkg

  98.               name: salt-formula-keystone

  99.               version: 0.1+0~20160818133412.24~1.gbp6e1ebb

  100.             postresql:

  101.               source: pkg

  102.               name: salt-formula-postgresql

  103.               version: purged

  104. 

  105. Formula keystone is installed latest version and the formulas without version are installed in one call to aptpkg module.

  106. If the version attribute is present sls iterates over formulas and take action to install specific version or remove it.

  107. The version attribute may have these values ``[latest|purged|removed|<VERSION>]``.

  108. 

  109. Clone master branch of keystone formula as local feature branch

  110. 

  111. .. code-block:: yaml

  112. 

  113.     salt:

  114.       master:

  115.         enabled: true

  116.         ...

  117.         environment:

  118.           dev:

  119.             formula:

  120.               keystone:

  121.                 source: git

  122.                 address: git@github.com:openstack/salt-formula-keystone.git

  123.                 revision: master

  124.                 branch: feature

  125. 

  126. Salt master with specified formula refs (for example for Gerrit review)

  127. 

  128. .. code-block:: yaml

  129. 

  130.     salt:

  131.       master:

  132.         enabled: true

  133.         ...

  134.         environment:

  135.           dev:

  136.             formula:

  137.               keystone:

  138.                 source: git

  139.                 address: https://git.openstack.org/openstack/salt-formula-keystone

  140.                 revision: refs/changes/56/123456/1

  141. 

  142. Salt master with logging handlers

  143. 

  144. .. code-block:: yaml

  145. 

  146.     salt:

  147.       master:

  148.         enabled: true

  149.         handler:

  150.           handler01:

  151.             engine: udp

  152.             bind:

  153.               host: 127.0.0.1

  154.               port: 9999

  155.       minion:

  156.         handler:

  157.           handler01:

  158.             engine: udp

  159.             bind:

  160.               host: 127.0.0.1

  161.               port: 9999

  162.           handler02:

  163.             engine: zmq

  164.             bind:

  165.               host: 127.0.0.1

  166.               port: 9999

  167. 

  168. Salt engine definition for saltgraph metadata collector

  169. 

  170. .. code-block:: yaml

  171. 

  172.     salt:

  173.       master:

  174.         engine:

  175.           graph_metadata:

  176.             engine: saltgraph

  177.             host: 127.0.0.1

  178.             port: 5432

  179.             user: salt

  180.             password: salt

  181.             database: salt

  182. 

  183. Salt engine definition for Architect service

  184. 

  185. .. code-block:: yaml

  186. 

  187.     salt:

  188.       master:

  189.         engine:

  190.           architect:

  191.             engine: architect

  192.             project: project-name

  193.             host: architect-api

  194.             port: 8181

  195.             username: salt

  196.             password: password

  197. 

  198. Salt engine definition for sending events from docker events

  199. 

  200. .. code-block:: yaml

  201. 

  202.     salt:

  203.       master:

  204.         engine:

  205.           docker_events:

  206.             docker_url: unix://var/run/docker.sock

  207. 

  208. Salt master peer setup for remote certificate signing

  209. 

  210. .. code-block:: yaml

  211. 

  212.     salt:

  213.       master:

  214.         peer:

  215.           ".*":

  216.           - x509.sign_remote_certificate

  217. 

  218. 

  219. Salt master backup configuration

  220. 

  221. .. code-block:: yaml

  222. 

  223.     salt:

  224.       master:

  225.         backup: true

  226.         initial_data:

  227.           engine: backupninja

  228.           source: backup-node-host

  229.           host: original-salt-master-id

  230. 

  231. Configure verbosity of state output (used for `salt` command)

  232. 

  233. .. code-block:: yaml

  234. 

  235.     salt:

  236.       master:

  237.         state_output: changes

  238. 

  239. Pass pillar render error to minion log

  240. 

  241. .. note:: When set to `False` this option is great for debuging.

  242.    However it is not recomended for any production environment as it may contain

  243.    templating data as passwords, etc... ,  that minion should not expose.

  244. 

  245. .. code-block:: yaml

  246. 

  247.     salt:

  248.       master:

  249.         pillar_safe_render_error: False

  250. 

  251. 

  252. Event/Reactor Systems

  253. ~~~~~~~~~~~~~~~~~~~~~

  254. 

  255. Salt synchronise node pillar and modules after start

  256. 

  257. .. code-block:: yaml

  258. 

  259.     salt:

  260.       master:

  261.         reactor:

  262.           salt/minion/*/start:

  263.           - salt://salt/reactor/node_start.sls

  264. 

  265. Trigger basic node install

  266. 

  267. .. code-block:: yaml

  268. 

  269.     salt:

  270.       master:

  271.         reactor:

  272.           salt/minion/install:

  273.           - salt://salt/reactor/node_install.sls

  274. 

  275. Sample event to trigger the node installation

  276. 

  277. .. code-block:: bash

  278. 

  279.     salt-call event.send 'salt/minion/install'

  280. 

  281. Run any defined orchestration pipeline

  282. 

  283. .. code-block:: yaml

  284. 

  285.     salt:

  286.       master:

  287.         reactor:

  288.           salt/orchestrate/start:

  289.           - salt://salt/reactor/orchestrate_start.sls

  290. 

  291. Event to trigger the orchestration pipeline

  292. 

  293. .. code-block:: bash

  294. 

  295.     salt-call event.send 'salt/orchestrate/start' "{'orchestrate': 'salt/orchestrate/infra_install.sls'}"

  296. 

  297. Synchronise modules and pillars on minion start.

  298. 

  299. .. code-block:: yaml

  300. 

  301.     salt:

  302.       master:

  303.         reactor:

  304.           'salt/minion/*/start':

  305.           - salt://salt/reactor/minion_start.sls

  306. 

  307. Add and/or remove the minion key

  308. 

  309. .. code-block:: yaml

  310. 

  311.     salt:

  312.       master:

  313.         reactor:

  314.           salt/key/create:

  315.           - salt://salt/reactor/key_create.sls

  316.           salt/key/remove:

  317.           - salt://salt/reactor/key_remove.sls

  318. 

  319. Event to trigger the key creation

  320. 

  321. .. code-block:: bash

  322. 

  323.     salt-call event.send 'salt/key/create' \

  324.     > "{'node_id': 'id-of-minion', 'node_host': '172.16.10.100', 'orch_post_create': 'kubernetes.orchestrate.compute_install', 'post_create_pillar': {'node_name': 'id-of-minion'}}"

  325. 

  326. .. note::

  327. 

  328.     You can add pass additional `orch_pre_create`, `orch_post_create`,

  329.     `orch_pre_remove` or `orch_post_remove` parameters to the event to call

  330.     extra orchestrate files. This can be useful for example for

  331.     registering/unregistering nodes from the monitoring alarms or dashboards.

  332. 

  333.     The key creation event needs to be run from other machine than the one

  334.     being registered.

  335. 

  336. Event to trigger the key removal

  337. 

  338. .. code-block:: bash

  339. 

  340.     salt-call event.send 'salt/key/remove'

  341. 

  342. 

  343. Jinja options

  344. -------------

  345. 

  346. Use following options to update default jinja renderer options. Salt recognize Jinja options for templates and for sls files.

  347. 

  348. For full list of options check jinja documentation: http://jinja.pocoo.org/docs/api/#high-level-api.

  349. 

  350. .. code-block:: yaml

  351. 

  352. 

  353.   salt:

  354.     renderer:

  355.       # for templates

  356.       jinja: &jina_env

  357.         # Default Jinja environment options

  358.         block_start_string: '{%'

  359.         block_end_string: '%}'

  360.         variable_start_string: '{{'

  361.         variable_end_string: '}}'

  362.         comment_start_string: '{#'

  363.         comment_end_string: '#}'

  364.         keep_trailing_newline: False

  365.         newline_sequence: '\n'

  366. 

  367.         # Next two are enabled by default in Salt

  368.         trim_blocks: True

  369.         lstrip_blocks: True

  370. 

  371.         # Next two are not enabled by default in Salt

  372.         # but worth to consider to enable in future for salt-formulas

  373.         line_statement_prefix: '%'

  374.         line_comment_prefix: '##'

  375. 

  376.       # for .sls state files

  377.       jinja_sls: *jinja_env

  378. 

  379. 

  380. 

  381. With the line_statement/comment* _prefix options enabled following code statements are valid:

  382. 

  383. .. code-block:: yaml

  384.    %- set myvar = 'one'

  385. 

  386.    ## You can mix even with '{%'

  387.    {%- set myvar = 'two' %} ## comment

  388.    %- set mylist = ['one', 'two', 'three'] ## comment

  389. 

  390.    ## comment

  391.    %- for item in mylist:  ## comment

  392.    {{- item }}

  393.    %- endfor

  394. 

  395. 

  396. Encrypted pillars

  397. ~~~~~~~~~~~~~~~~~

  398. 

  399. Note: NACL + below configuration will be available in Salt > 2017.7.

  400. 

  401. External resources:

  402. 

  403. - Tutorial to configure salt + reclass ext_pillar and nacl: http://apealive.net/post/2017-09-salt-nacl-ext-pillar/

  404. - Saltstack documentation: https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.nacl.html

  405. 

  406. Configure salt NACL module:

  407. 

  408. .. code-block:: shell

  409. 

  410.   pip install --upgrade libnacl===1.5.2

  411.   salt-call --local nacl.keygen /etc/salt/pki/master/nacl

  412. 

  413.     local:

  414.         saved sk_file:/etc/salt/pki/master/nacl  pk_file: /etc/salt/pki/master/nacl.pub

  415. 

  416. 

  417. .. code-block:: yaml

  418. 

  419.     salt:

  420.       master:

  421.         pillar:

  422.           reclass: *reclass

  423.           nacl:

  424.             index: 99

  425.         nacl:

  426.           box_type: sealedbox

  427.           sk_file: /etc/salt/pki/master/nacl

  428.           pk_file: /etc/salt/pki/master/nacl.pub

  429.           #sk: None

  430.           #pk: None

  431. 

  432. NACL encrypt secrets:

  433. 

  434.   salt-call --local nacl.enc 'my_secret_value' pk_file=/etc/salt/pki/master/nacl.pub

  435.     hXTkJpC1hcKMS7yZVGESutWrkvzusXfETXkacSklIxYjfWDlMJmR37MlmthdIgjXpg4f2AlBKb8tc9Woma7q

  436.   # or

  437.   salt-run nacl.enc 'myotherpass'

  438.     ADDFD0Rav6p6+63sojl7Htfrncp5rrDVyeE4BSPO7ipq8fZuLDIVAzQLf4PCbDqi+Fau5KD3/J/E+Pw=

  439. 

  440. 

  441. NACL encrypted values on pillar:

  442. 

  443. Use Boxed syntax `NACL[CryptedValue=]` to encode value on pillar:

  444. 

  445. .. code-block:: yaml

  446. 

  447.   my_pillar:

  448.     my_nacl:

  449.         key0: unencrypted_value

  450.         key1: NACL[hXTkJpC1hcKMS7yZVGESutWrkvzusXfETXkacSklIxYjfWDlMJmR37MlmthdIgjXpg4f2AlBKb8tc9Woma7q]

  451. 

  452. NACL large files:

  453. 

  454. .. code-block:: shell

  455.   salt-call nacl.enc_file /tmp/cert.crt out=/srv/salt/env/dev/cert.nacl

  456.   # or more advanced

  457.   cert=$(cat /tmp/cert.crt)

  458.   salt-call --out=newline_values_only nacl.enc_pub data="$cert" > /srv/salt/env/dev/cert.nacl

  459. 

  460. 

  461. NACL within template/native pillars:

  462. 

  463.   pillarexample:

  464.       user: root

  465.       password1: {{salt.nacl.dec('DRB7Q6/X5gGSRCTpZyxS6hlbWj0llUA+uaVyvou3vJ4=')|json}}

  466.       cert_key: {{salt.nacl.dec_file('/srv/salt/env/dev/certs/example.com/cert.nacl')|json}}

  467.       cert_key2: {{salt.nacl.dec_file('salt:///certs/example.com/cert2.nacl')|json}}

  468. 

  469. 

  470. Salt Syndic

  471. -----------

  472. 

  473. The master of masters

  474. 

  475. .. code-block:: yaml

  476. 

  477.     salt:

  478.       master:

  479.         enabled: true

  480.         order_masters: True

  481. 

  482. Lower syndicated master

  483. 

  484. .. code-block:: yaml

  485. 

  486.     salt:

  487.       syndic:

  488.         enabled: true

  489.         master:

  490.           host: master-of-master-host

  491.         timeout: 5

  492. 

  493. Syndicated master with multiple master of masters

  494. 

  495. .. code-block:: yaml

  496. 

  497.     salt:

  498.       syndic:

  499.         enabled: true

  500.         masters:

  501.         - host: master-of-master-host1

  502.         - host: master-of-master-host2

  503.         timeout: 5

  504. 

  505. 

  506. Salt Minion

  507. -----------

  508. 

  509. Simplest Salt minion setup with central configuration node

  510. 

  511. .. code-block:: yaml

  512. 

  513. .. literalinclude:: tests/pillar/minion_master.sls

  514.    :language: yaml

  515. 

  516. Multi-master Salt minion setup

  517. 

  518. .. literalinclude:: tests/pillar/minion_multi_master.sls

  519.    :language: yaml

  520. 

  521. Salt minion with salt mine options

  522. 

  523. .. literalinclude:: tests/pillar/minion_mine.sls

  524.    :language: yaml

  525. 

  526. Salt minion with graphing dependencies

  527. 

  528. .. literalinclude:: tests/pillar/minion_graph.sls

  529.    :language: yaml

  530. 

  531. Salt minion behind HTTP proxy

  532. 

  533. .. code-block:: yaml

  534. 

  535.     salt:

  536.       minion:

  537.         proxy:

  538.           host: 127.0.0.1

  539.           port: 3128

  540. 

  541. Salt minion to specify non-default HTTP backend. The default tornado backend

  542. does not respect HTTP proxy settings set as environment variables. This is

  543. useful for cases where you need to set no_proxy lists.

  544. 

  545. .. code-block:: yaml

  546. 

  547.     salt:

  548.       minion:

  549.         backend: urllib2

  550. 

  551. 

  552. Salt minion with PKI certificate authority (CA)

  553. 

  554. .. literalinclude:: tests/pillar/minion_pki_ca.sls

  555.    :language: yaml

  556. 

  557. Salt minion using PKI certificate

  558. 

  559. .. literalinclude:: tests/pillar/minion_pki_cert.sls

  560.    :language: yaml

  561. 

  562. Salt minion trust CA certificates issued by salt CA on a specific host (ie: salt-master node)

  563. 

  564. .. code-block:: yaml

  565. 

  566.   salt:

  567.     minion:

  568.       trusted_ca_minions:

  569.         - cfg01

  570. 

  571. 

  572. Salt Minion Proxy

  573. ~~~~~~~~~~~~~~~~~

  574. 

  575. Salt proxy pillar

  576. 

  577. .. code-block:: yaml

  578. 

  579.     salt:

  580.       minion:

  581.         proxy_minion:

  582.           master: localhost

  583.           device:

  584.             vsrx01.mydomain.local:

  585.               enabled: true

  586.               engine: napalm

  587.             csr1000v.mydomain.local:

  588.               enabled: true

  589.               engine: napalm

  590. 

  591. .. note:: This is pillar of the the real salt-minion

  592. 

  593. 

  594. Proxy pillar for IOS device

  595. 

  596. .. code-block:: yaml

  597. 

  598.     proxy:

  599.       proxytype: napalm

  600.       driver: ios

  601.       host: csr1000v.mydomain.local

  602.       username: root

  603.       passwd: r00tme

  604. 

  605. .. note:: This is pillar of the node thats not able to run salt-minion itself

  606. 

  607. 

  608. Proxy pillar for JunOS device

  609. 

  610. .. code-block:: yaml

  611. 

  612.     proxy:

  613.       proxytype: napalm

  614.       driver: junos

  615.       host: vsrx01.mydomain.local

  616.       username: root

  617.       passwd: r00tme

  618.       optional_args:

  619.         config_format: set

  620. 

  621. .. note:: This is pillar of the node thats not able to run salt-minion itself

  622. 

  623. 

  624. Salt SSH

  625. ~~~~~~~~

  626. 

  627. Salt SSH with sudoer using key

  628. 

  629. .. literalinclude:: tests/pillar/master_ssh_minion_key.sls

  630.    :language: yaml

  631. 

  632. Salt SSH with sudoer using password

  633. 

  634. .. literalinclude:: tests/pillar/master_ssh_minion_password.sls

  635.    :language: yaml

  636. 

  637. Salt SSH with root using password

  638. 

  639. .. literalinclude:: tests/pillar/master_ssh_minion_root.sls

  640.    :language: yaml

  641. 

  642. Salt control (cloud/kvm/docker)

  643. -------------------------------

  644. 

  645. Salt cloud with local OpenStack provider

  646. 

  647. .. literalinclude:: tests/pillar/control_cloud_openstack.sls

  648.    :language: yaml

  649. 

  650. Salt cloud with Digital Ocean provider

  651. 

  652. .. literalinclude:: tests/pillar/control_cloud_digitalocean.sls

  653.    :language: yaml

  654. 

  655. Salt virt with KVM cluster

  656. 

  657. .. literalinclude:: tests/pillar/control_virt.sls

  658.    :language: yaml

  659. 

  660. salt virt with custom destination for image file

  661. 

  662. .. literalinclude:: tests/pillar/control_virt_custom.sls

  663.    :language: yaml

  664. 

  665. 

  666. Usage

  667. =====

  668. 

  669. Working with salt-cloud

  670. 

  671. .. code-block:: bash

  672. 

  673.     salt-cloud -m /path/to/map --assume-yes

  674. 

  675. Debug LIBCLOUD for salt-cloud connection

  676. 

  677. .. code-block:: bash

  678. 

  679.     export LIBCLOUD_DEBUG=/dev/stderr; salt-cloud --list-sizes provider_name --log-level all

  680. 

  681. 

  682. References

  683. ==========

  684. 

  685. * http://salt.readthedocs.org/en/latest/

  686. * https://github.com/DanielBryan/salt-state-graph

  687. * http://karlgrz.com/testing-salt-states-rapidly-with-docker/

  688. * https://mywushublog.com/2013/03/configuration-management-with-salt-stack/

  689. * http://russell.ballestrini.net/replace-the-nagios-scheduler-and-nrpe-with-salt-stack/

  690. * https://github.com/saltstack-formulas/salt-formula

  691. * http://docs.saltstack.com/en/latest/topics/tutorials/multimaster.html

  692. 

  693. 

  694. salt-cloud

  695. ----------

  696. 

  697. * http://www.blog.sandro-mathys.ch/2013/07/setting-user-password-when-launching.html

  698. * http://cloudinit.readthedocs.org/en/latest/topics/examples.html

  699. * http://salt-cloud.readthedocs.org/en/latest/topics/install/index.html

  700. * http://docs.saltstack.com/topics/cloud/digitalocean.html

  701. * http://salt-cloud.readthedocs.org/en/latest/topics/rackspace.html

  702. * http://salt-cloud.readthedocs.org/en/latest/topics/map.html

  703. * http://docs.saltstack.com/en/latest/topics/tutorials/multimaster.html

  704. 

  705. 

  706. Documentation and Bugs

  707. ======================

  708. 

  709. To learn how to install and update salt-formulas, consult the documentation

  710. available online at:

  711. 

  712.     http://salt-formulas.readthedocs.io/

  713. 

  714. In the unfortunate event that bugs are discovered, they should be reported to

  715. the appropriate issue tracker. Use Github issue tracker for specific salt

  716. formula:

  717. 

  718.     https://github.com/salt-formulas/salt-formula-salt/issues

  719. 

  720. For feature requests, bug reports or blueprints affecting entire ecosystem,

  721. use Launchpad salt-formulas project:

  722. 

  723.     https://launchpad.net/salt-formulas

  724. 

  725. You can also join salt-formulas-users team and subscribe to mailing list:

  726. 

  727.     https://launchpad.net/~salt-formulas-users

  728. 

  729. Developers wishing to work on the salt-formulas projects should always base

  730. their work on master branch and submit pull request against specific formula.

  731. 

  732.     https://github.com/salt-formulas/salt-formula-salt

  733. 

  734. Any questions or feedback is always welcome so feel free to join our IRC

  735. channel:

  736. 

  737.     #salt-formulas @ irc.freenode.net