salt
/
linux-formula
forkato da ExternalMirrors/linux-formula
Segui 1
Vota 0
Forka 0
Codice Rilasci 8 Attività
Saltstack Official Linux Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
312 Commit
26 Rami (Branch)
Albero (Tree): 8f965ec87a
Rami (Branch) Tag
${ item.name }
Crea branch ${ searchTerm }
da '8f965ec87a'
${ noResults }
linux-formula/README.rst

README.rst 31KB
Originale Normal View Cronologia

Update README.rst
7 anni fa
Initial commit
9 anni fa
Update README.rst
7 anni fa
Initial commit
9 anni fa
Update README.rst
7 anni fa
Initial commit
9 anni fa
Add sudo state, salt-managed aliases,users,groups - apply review comments - add visudo check cmd
8 anni fa
Initial commit
9 anni fa
Add sudo state, salt-managed aliases,users,groups - apply review comments - add visudo check cmd
8 anni fa
Update README.rst
7 anni fa
Add sudo state, salt-managed aliases,users,groups - apply review comments - add visudo check cmd
8 anni fa
Update README.rst
7 anni fa
Add sudo state, salt-managed aliases,users,groups - apply review comments - add visudo check cmd
8 anni fa
Update README.rst fixed typo in sudo part
7 anni fa
Add sudo state, salt-managed aliases,users,groups - apply review comments - add visudo check cmd
8 anni fa
Added ability to enable SETENV in sudoers Change-Id: Icee295720a5a2425390a1bcd588841897071938e
7 anni fa
Add sudo state, salt-managed aliases,users,groups - apply review comments - add visudo check cmd
8 anni fa
Initial commit
9 anni fa
Add system.autoupdates state (#61) * Add support for autoupdates only Debian-based systems are supported for now (through unattended-upgrades package) * Fix test on system.autoupdates.pkgs
8 anni fa
Initial commit
9 anni fa
Support for setting security limits
9 anni fa
Enable/disable console autologin
9 anni fa
More options for consoles
9 anni fa
Enable/disable console autologin
9 anni fa
Allow setting policy-rc.d
9 anni fa
Allow setting system locales
8 anni fa
Fix readme of cs_CZ locales
8 anni fa
Allow setting system locales
8 anni fa
Make linux.system.kernel functional
9 anni fa
add support for kernel modules Change-Id: I6ba3d72307805341829fe0f6919e326f3698e833
8 anni fa
Make linux.system.kernel functional
9 anni fa
Linux sysctl kernel parameters
9 anni fa
cpu governor
8 anni fa
Hugepages support Grub hugepages configuration and mount point action. Change-Id: I49b26871c325b95a7d3f264892a9e997b58765bc Epic: PROD-8959
8 anni fa
cpu governor
8 anni fa
SRIOV support Enable SR-IOV support on server. Change-Id: I7dabe340abd398cc0422698112cbdd81804446b7 Epic: PROD-8956
8 anni fa
Implement isolcpu grub configuration Separate cpu for host os from workload. Change-Id: I5b274a6324fe2fa47c09df82c01e3b95dadb5e53 Epic: PROD-8959
8 anni fa
cpu governor
8 anni fa
Initial commit
9 anni fa
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 anni fa
Add dhclient basic configuration Allows configuring general section as well as configuring each dhcp enabled interface separetly. Does not allow alias or lease configuration.
7 anni fa
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 anni fa
Add dhclient basic configuration Allows configuring general section as well as configuring each dhcp enabled interface separetly. Does not allow alias or lease configuration.
7 anni fa
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 anni fa
README fix for purging repos
7 anni fa
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 anni fa
rc.local added to linux formula
9 anni fa
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 anni fa
Allow setting system-wide prompt
9 anni fa
Ensure PS1 is enforced for root
9 anni fa
rc.local added to linux formula
9 anni fa
Option to preserve bash history
8 anni fa
Set message of the day
9 anni fa
RHEL compatibility of motd and prompt
9 anni fa
Support for haveged
9 anni fa
RHEL compatibility of motd and prompt
9 anni fa
Support for haveged
9 anni fa
Initial commit
9 anni fa
example usage to disable NM
9 anni fa
Initial commit
9 anni fa
example usage to disable NM
9 anni fa
Initial commit
9 anni fa
vlan networking support
9 anni fa
fix fillar syntax
9 anni fa
vlan networking support
9 anni fa
Initial commit
9 anni fa
vlan networking support
9 anni fa
Initial commit
9 anni fa
vlan networking support
9 anni fa
Initial commit
9 anni fa
Add dhclient basic configuration Allows configuring general section as well as configuring each dhcp enabled interface separetly. Does not allow alias or lease configuration.
7 anni fa
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 anni fa
Initial commit
9 anni fa
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 anni fa
Initial commit
9 anni fa
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 anni fa
Initial commit
9 anni fa
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 anni fa
Initial commit
9 anni fa
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 anni fa
Initial commit
9 anni fa
Allow enforcing of whole /etc/hosts Parameter purge_hosts will enforce whole /etc/hosts file, removing entries that are not defined in model except defaults for both IPv4 and IPv6 localhost and hostname + fqdn. It's good to use this option if you want to ensure /etc/hosts is always in a clean state however it's not enabled by default for safety. Change-Id: Ieb219b2dd494d5a66ecc52a2ec00dd5157ee2b7a
8 anni fa
Initial commit
9 anni fa
Allow enforcing of whole /etc/hosts Parameter purge_hosts will enforce whole /etc/hosts file, removing entries that are not defined in model except defaults for both IPv4 and IPv6 localhost and hostname + fqdn. It's good to use this option if you want to ensure /etc/hosts is always in a clean state however it's not enabled by default for safety. Change-Id: Ieb219b2dd494d5a66ecc52a2ec00dd5157ee2b7a
8 anni fa
Initial commit
9 anni fa
Allow enforcing of whole /etc/hosts Parameter purge_hosts will enforce whole /etc/hosts file, removing entries that are not defined in model except defaults for both IPv4 and IPv6 localhost and hostname + fqdn. It's good to use this option if you want to ensure /etc/hosts is always in a clean state however it's not enabled by default for safety. Change-Id: Ieb219b2dd494d5a66ecc52a2ec00dd5157ee2b7a
8 anni fa
Initial commit
9 anni fa
Allow enforcing of whole /etc/hosts Parameter purge_hosts will enforce whole /etc/hosts file, removing entries that are not defined in model except defaults for both IPv4 and IPv6 localhost and hostname + fqdn. It's good to use this option if you want to ensure /etc/hosts is always in a clean state however it's not enabled by default for safety. Change-Id: Ieb219b2dd494d5a66ecc52a2ec00dd5157ee2b7a
8 anni fa
Allow setting resolv.conf
9 anni fa
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 anni fa
Allow setting resolv.conf
9 anni fa
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
8 anni fa
Allow setting resolv.conf
9 anni fa
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
8 anni fa
fix options setting in resolv
8 anni fa
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
8 anni fa
Feature: automatically set txqueuelen for all tap* network interfaces Config: linux: network: tap_custom_txqueuelen: 10000 in case of configuration parameter defined will create file: /etc/udev/rules.d/60-net-txqueue.rules with content: KERNEL==”tap[0-9a-z\-]*", RUN+="/sbin/ip link set %k txqueuelen 10000"
7 anni fa
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
8 anni fa
Linux OVS dpdk vxlan tunnel endpoint ip address Add possiblity to add ip address and mtu on dpdk ovs bridge to be able use VXLAN as tenant segmentation. Change-Id: I1394d30c5d9935218841b17ff7651dac7b4abefa Epic: PROD-8957
8 anni fa
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
8 anni fa
Allow setting resolv.conf
9 anni fa
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
8 anni fa
Linux OVS dpdk vxlan tunnel endpoint ip address Add possiblity to add ip address and mtu on dpdk ovs bridge to be able use VXLAN as tenant segmentation. Change-Id: I1394d30c5d9935218841b17ff7651dac7b4abefa Epic: PROD-8957
8 anni fa
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
8 anni fa
Linux OVS dpdk vxlan tunnel endpoint ip address Add possiblity to add ip address and mtu on dpdk ovs bridge to be able use VXLAN as tenant segmentation. Change-Id: I1394d30c5d9935218841b17ff7651dac7b4abefa Epic: PROD-8957
8 anni fa
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
8 anni fa
Linux OVS dpdk vxlan tunnel endpoint ip address Add possiblity to add ip address and mtu on dpdk ovs bridge to be able use VXLAN as tenant segmentation. Change-Id: I1394d30c5d9935218841b17ff7651dac7b4abefa Epic: PROD-8957
8 anni fa
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
8 anni fa
Initial commit
9 anni fa
Fix mount examples in the README The enabled flag is mandatory.
8 anni fa
Initial commit
9 anni fa
nfs storage mount
7 anni fa
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
8 anni fa
Initial commit
9 anni fa
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
8 anni fa
add swap partition support
9 anni fa
Support for LVM
9 anni fa
Fix mount examples in the README The enabled flag is mandatory.
8 anni fa
Support for LVM
9 anni fa
Refactored multipath support
8 anni fa
Add linux.storage.loopback state This state allows to configure loopback device(s). This isn't meant to be used in production but offers a cheap way to test Cinder with LVM volumes.
8 anni fa
Add support for external config generation
8 anni fa
netconsole remote kernel logger To configure: * set system.netconsole.enabled to true * create system.netconsole.target dict * set a record with IP address and MAC and interface as subdict It works with both static and DHCP interfaces, and applies online. You could use bash-scripting in netconsole.conf. You could override the MAC. See tests/pillar/system.sls for further information. Change-Id: I1cbde47575eb5d32a34cd6d79a063f42dbea7643
7 anni fa
Refactored multipath support
8 anni fa
Initial commit
9 anni fa
Unify Makefile, .gitignore and update readme
8 anni fa
 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348 
  1. ============

  2. Linux Fomula

  3. ============

  4. 

  5. Linux Operating Systems.

  6. 

  7. * Ubuntu

  8. * CentOS

  9. * RedHat

  10. * Fedora

  11. * Arch

  12. 

  13. Sample Pillars

  14. ==============

  15. 

  16. 

  17. Linux System

  18. ------------

  19. 

  20. Basic Linux box

  21. 

  22. .. code-block:: yaml

  23. 

  24.     linux:

  25.       system:

  26.         enabled: true

  27.         name: 'node1'

  28.         domain: 'domain.com'

  29.         cluster: 'system'

  30.         environment: prod

  31.         timezone: 'Europe/Prague'

  32.         utc: true

  33. 

  34. Linux with system users, some with password set

  35. 

  36. .. code-block:: yaml

  37. 

  38.     linux:

  39.       system:

  40.         ...

  41.         user:

  42.           jdoe:

  43.             name: 'jdoe'

  44.             enabled: true

  45.             sudo: true

  46.             shell: /bin/bash

  47.             full_name: 'Jonh Doe'

  48.             home: '/home/jdoe'

  49.             email: 'jonh@doe.com'

  50.           jsmith:

  51.             name: 'jsmith'

  52.             enabled: true

  53.             full_name: 'Password'

  54.             home: '/home/jsmith'

  55.             password: userpassword

  56. 

  57. Configure sudo for users and groups under ``/etc/sudoers.d/``.

  58. This ways ``linux.system.sudo`` pillar map to actual sudo attributes:

  59. 

  60. .. code-block:: jinja

  61. 

  62.    # simplified template:

  63.    Cmds_Alias {{ alias }}={{ commands }}

  64.    {{ user }}   {{ hosts }}=({{ runas }}) NOPASSWD: {{ commands }}

  65.    %{{ group }} {{ hosts }}=({{ runas }}) NOPASSWD: {{ commands }}

  66. 

  67.    # when rendered:

  68.    saltuser1 ALL=(ALL) NOPASSWD: ALL

  69. 

  70. .. code-block:: yaml

  71. 

  72.   linux:

  73.     system:

  74.       sudo:

  75.         enabled: true

  76.         aliases:

  77.           host:

  78.             LOCAL:

  79.             - localhost

  80.             PRODUCTION:

  81.             - db1

  82.             - db2

  83.           runas:

  84.             DBA:

  85.             - postgres

  86.             - mysql

  87.             SALT:

  88.             - root

  89.           command:

  90.             # Note: This is not 100% safe when ALL keyword is used, user still may modify configs and hide his actions.

  91.             #       Best practice is to specify full list of commands user is allowed to run.

  92.             SUPPORT_RESTRICTED:

  93.             - /bin/vi /etc/sudoers*

  94.             - /bin/vim /etc/sudoers*

  95.             - /bin/nano /etc/sudoers*

  96.             - /bin/emacs /etc/sudoers*

  97.             - /bin/su - root

  98.             - /bin/su -

  99.             - /bin/su

  100.             - /usr/sbin/visudo

  101.             SUPPORT_SHELLS:

  102.             - /bin/sh

  103.             - /bin/ksh

  104.             - /bin/bash

  105.             - /bin/rbash

  106.             - /bin/dash

  107.             - /bin/zsh

  108.             - /bin/csh

  109.             - /bin/fish

  110.             - /bin/tcsh

  111.             - /usr/bin/login

  112.             - /usr/bin/su

  113.             - /usr/su

  114.             ALL_SALT_SAFE:

  115.             - /usr/bin/salt state*

  116.             - /usr/bin/salt service*

  117.             - /usr/bin/salt pillar*

  118.             - /usr/bin/salt grains*

  119.             - /usr/bin/salt saltutil*

  120.             - /usr/bin/salt-call state*

  121.             - /usr/bin/salt-call service*

  122.             - /usr/bin/salt-call pillar*

  123.             - /usr/bin/salt-call grains*

  124.             - /usr/bin/salt-call saltutil*

  125.             SALT_TRUSTED:

  126.             - /usr/bin/salt*

  127.         users:

  128.           # saltuser1 with default values: saltuser1 ALL=(ALL) NOPASSWD: ALL

  129.           saltuser1: {}

  130.           saltuser2:

  131.             hosts:

  132.             - LOCAL

  133.           # User Alias DBA

  134.           DBA:

  135.             hosts:

  136.             - ALL

  137.             commands:

  138.             - ALL_SALT_SAFE

  139.         groups:

  140.           db-ops:

  141.             hosts:

  142.             - ALL

  143.             - '!PRODUCTION'

  144.             runas:

  145.             - DBA

  146.             commands:

  147.             - /bin/cat *

  148.             - /bin/less *

  149.             - /bin/ls *

  150.           salt-ops:

  151.             hosts:

  152.             - 'ALL'

  153.             runas:

  154.             - SALT

  155.             commands:

  156.             - SUPPORT_SHELLS

  157.           salt-ops-2nd:

  158.             name: salt-ops

  159.             nopasswd: false

  160.             setenv: true # Enable sudo -E option

  161.             runas:

  162.             - DBA

  163.             commands:

  164.             - ALL

  165.             - '!SUPPORT_SHELLS'

  166.             - '!SUPPORT_RESTRICTED'

  167. 

  168. Linux with package, latest version

  169. 

  170. .. code-block:: yaml

  171. 

  172.     linux:

  173.       system:

  174.         ...

  175.         package:

  176.           package-name:

  177.             version: latest

  178. 

  179. Linux with package from certail repo, version with no upgrades

  180. 

  181. .. code-block:: yaml

  182. 

  183.     linux:

  184.       system:

  185.         ...

  186.         package:

  187.           package-name:

  188.             version: 2132.323

  189.             repo: 'custom-repo'

  190.             hold: true

  191. 

  192. Linux with package from certail repo, version with no GPG verification

  193. 

  194. .. code-block:: yaml

  195. 

  196.     linux:

  197.       system:

  198.         ...

  199.         package:

  200.           package-name:

  201.             version: 2132.323

  202.             repo: 'custom-repo'

  203.             verify: false

  204. 

  205. Linux with autoupdates (automatically install security package updates)

  206. 

  207. .. code-block:: yaml

  208. 

  209.     linux:

  210.       system:

  211.         ...

  212.         autoupdates:

  213.           enabled: true

  214.           mail: root@localhost

  215.           mail_only_on_error: true

  216.           remove_unused_dependencies: false

  217.           automatic_reboot: true

  218.           automatic_reboot_time: "02:00"

  219. 

  220. Linux with cron jobs

  221. 

  222. .. code-block:: yaml

  223. 

  224.     linux:

  225.       system:

  226.         ...

  227.         job:

  228.           cmd1:

  229.             command: '/cmd/to/run'

  230.             enabled: true

  231.             user: 'root'

  232.             hour: 2

  233.             minute: 0

  234. 

  235. Linux security limits (limit sensu user memory usage to max 1GB):

  236. 

  237. .. code-block:: yaml

  238. 

  239.     linux:

  240.       system:

  241.         ...

  242.         limit:

  243.           sensu:

  244.             enabled: true

  245.             domain: sensu

  246.             limits:

  247.               - type: hard

  248.                 item: as

  249.                 value: 1000000

  250. 

  251. Enable autologin on tty1 (may work only for Ubuntu 14.04):

  252. 

  253. .. code-block:: yaml

  254. 

  255.     linux:

  256.       system:

  257.         console:

  258.           tty1:

  259.             autologin: root

  260.           # Enable serial console

  261.           ttyS0:

  262.             autologin: root

  263.             rate: 115200

  264.             term: xterm

  265. 

  266. To disable set autologin to `false`.

  267. 

  268. Set ``policy-rc.d`` on Debian-based systems. Action can be any available

  269. command in ``while true`` loop and ``case`` context.

  270. Following will disallow dpkg to stop/start services for cassandra package automatically:

  271. 

  272. .. code-block:: yaml

  273. 

  274.     linux:

  275.       system:

  276.         policyrcd:

  277.           - package: cassandra

  278.             action: exit 101

  279.           - package: '*'

  280.             action: switch

  281. 

  282. Set system locales:

  283. 

  284. .. code-block:: yaml

  285. 

  286.     linux:

  287.       system:

  288.         locale:

  289.           en_US.UTF-8:

  290.             default: true

  291.           "cs_CZ.UTF-8 UTF-8":

  292.             enabled: true

  293. 

  294. Kernel

  295. ~~~~~~

  296. 

  297. Install always up to date LTS kernel and headers from Ubuntu trusty:

  298. 

  299. .. code-block:: yaml

  300. 

  301.     linux:

  302.       system:

  303.         kernel:

  304.           type: generic

  305.           lts: trusty

  306.           headers: true

  307. 

  308. Load kernel modules and add them to `/etc/modules`:

  309. 

  310. .. code-block:: yaml

  311. 

  312.     linux:

  313.       system:

  314.         kernel:

  315.           modules:

  316.             - nf_conntrack

  317.             - tp_smapi

  318.             - 8021q

  319. 

  320. Install specific kernel version and ensure all other kernel packages are

  321. not present. Also install extra modules and headers for this kernel:

  322. 

  323. .. code-block:: yaml

  324. 

  325.     linux:

  326.       system:

  327.         kernel:

  328.           type: generic

  329.           extra: true

  330.           headers: true

  331.           version: 4.2.0-22

  332. 

  333. Systcl kernel parameters

  334. 

  335. .. code-block:: yaml

  336. 

  337.     linux:

  338.       system:

  339.         kernel:

  340.           sysctl:

  341.             net.ipv4.tcp_keepalive_intvl: 3

  342.             net.ipv4.tcp_keepalive_time: 30

  343.             net.ipv4.tcp_keepalive_probes: 8

  344. 

  345. 

  346. CPU

  347. ~~~

  348. 

  349. Disable ondemand cpu mode service:

  350. 

  351. .. code-block:: yaml

  352. 

  353.     linux:

  354.       system:

  355.         cpu:

  356.           governor: performance

  357. 

  358. Huge Pages

  359. ~~~~~~~~~~~~

  360. 

  361. Huge Pages give a performance boost to applications that intensively deal

  362. with memory allocation/deallocation by decreasing memory fragmentation.

  363. 

  364. .. code-block:: yaml

  365. 

  366.     linux:

  367.       system:

  368.         kernel:

  369.           hugepages:

  370.             small:

  371.               size: 2M

  372.               count: 107520

  373.               mount_point: /mnt/hugepages_2MB

  374.               mount: false/true # default false

  375.             large:

  376.               default: true # default automatically mounted

  377.               size: 1G

  378.               count: 210

  379.               mount_point: /mnt/hugepages_1GB

  380. 

  381. Note: not recommended to use both pagesizes in concurrently.

  382. 

  383. Intel SR-IOV

  384. ~~~~~~~~~~~~

  385. 

  386. PCI-SIG Single Root I/O Virtualization and Sharing (SR-IOV) specification defines a standardized mechanism to virtualize PCIe devices. The mechanism can virtualize a single PCIe Ethernet controller to appear as multiple PCIe devices.

  387. 

  388. .. code-block:: yaml

  389. 

  390.     linux:

  391.       system:

  392.         kernel:

  393.           sriov: True

  394.           unsafe_interrupts: False # Default is false. for older platforms and AMD we need to add interrupt remapping workaround

  395.         rc:

  396.           local: |

  397.             #!/bin/sh -e

  398.             # Enable 7 VF on eth1

  399.             echo 7 > /sys/class/net/eth1/device/sriov_numvfs; sleep 2; ifup -a

  400.             exit 0

  401. 

  402. Isolate CPU options

  403. ~~~~~~~~~~~~~~~~~~~

  404. 

  405. Remove the specified CPUs, as defined by the cpu_number values, from the general kernel

  406. SMP balancing and scheduler algroithms. The only way to move a process onto or off an

  407. "isolated" CPU is via the CPU affinity syscalls. cpu_number begins at 0, so the

  408. maximum value is 1 less than the number of CPUs on the system.

  409. 

  410. .. code-block:: yaml

  411. 

  412.     linux:

  413.       system:

  414.         kernel:

  415.           isolcpu: 1,2,3,4,5,6,7 # isolate first cpu 0

  416. 

  417. Repositories

  418. ~~~~~~~~~~~~

  419. 

  420. RedHat based Linux with additional OpenStack repo

  421. 

  422. .. code-block:: yaml

  423. 

  424.     linux:

  425.       system:

  426.         ...

  427.         repo:

  428.           rdo-icehouse:

  429.             enabled: true

  430.             source: 'http://repos.fedorapeople.org/repos/openstack/openstack-icehouse/epel-6/'

  431.             pgpcheck: 0

  432. 

  433. Ensure system repository to use czech Debian mirror (``default: true``)

  434. Also pin it's packages with priority 900.

  435. 

  436. .. code-block:: yaml

  437. 

  438.    linux:

  439.      system:

  440.        repo:

  441.          debian:

  442.            default: true

  443.            source: "deb http://ftp.cz.debian.org/debian/ jessie main contrib non-free"

  444.            # Import signing key from URL if needed

  445.            key_url: "http://dummy.com/public.gpg"

  446.            pin:

  447.              - pin: 'origin "ftp.cz.debian.org"'

  448.                priority: 900

  449.                package: '*'

  450. 

  451. 

  452. Package manager proxy setup globally:

  453. 

  454. .. code-block:: yaml

  455. 

  456.     linux:

  457.       system:

  458.         ...

  459.         repo:

  460.           apt-mk:

  461.             source: "deb http://apt-mk.mirantis.com/ stable main salt"

  462.         ...

  463.         proxy:

  464.           pkg:

  465.             enabled: true

  466.             ftp:   ftp://ftp-proxy-for-apt.host.local:2121

  467.           ...

  468.           # NOTE: Global defaults for any other componet that configure proxy on the system.

  469.           #       If your environment has just one simple proxy, set it on linux:system:proxy.

  470.           #

  471.           # fall back system defaults if linux:system:proxy:pkg has no protocol specific entries

  472.           # as for https and http

  473.           ftp:   ftp://proxy.host.local:2121

  474.           http:  http://proxy.host.local:3142

  475.           https: https://proxy.host.local:3143

  476. 

  477. Package manager proxy setup per repository:

  478. 

  479. .. code-block:: yaml

  480. 

  481.     linux:

  482.       system:

  483.         ...

  484.         repo:

  485.           debian:

  486.             source: "deb http://apt-mk.mirantis.com/ stable main salt"

  487.         ...

  488.           apt-mk:

  489.             source: "deb http://apt-mk.mirantis.com/ stable main salt"

  490.             # per repository proxy

  491.             proxy:

  492.               enabled: true

  493.               http:  http://maas-01:8080

  494.               https: http://maas-01:8080

  495.         ...

  496.         proxy:

  497.           # package manager fallback defaults

  498.           # used if linux:system:repo:apt-mk:proxy has no protocol specific entries

  499.           pkg:

  500.             enabled: true

  501.             ftp:   ftp://proxy.host.local:2121

  502.             #http:  http://proxy.host.local:3142

  503.             #https: https://proxy.host.local:3143

  504.           ...

  505.           # global system fallback system defaults

  506.           ftp:   ftp://proxy.host.local:2121

  507.           http:  http://proxy.host.local:3142

  508.           https: https://proxy.host.local:3143

  509. 

  510. 

  511. Remove all repositories:

  512. 

  513. .. code-block:: yaml

  514. 

  515.     linux:

  516.       system:

  517.         purge_repos: true

  518. 

  519. 

  520. RC

  521. ~~

  522. 

  523. rc.local example

  524. 

  525. .. code-block:: yaml

  526. 

  527.    linux:

  528.      system:

  529.        rc:

  530.          local: |

  531.            #!/bin/sh -e

  532.            #

  533.            # rc.local

  534.            #

  535.            # This script is executed at the end of each multiuser runlevel.

  536.            # Make sure that the script will "exit 0" on success or any other

  537.            # value on error.

  538.            #

  539.            # In order to enable or disable this script just change the execution

  540.            # bits.

  541.            #

  542.            # By default this script does nothing.

  543.            exit 0

  544. 

  545. 

  546. Prompt

  547. ~~~~~~

  548. 

  549. Setting prompt is implemented by creating ``/etc/profile.d/prompt.sh``. Every

  550. user can have different prompt.

  551. 

  552. .. code-block:: yaml

  553. 

  554.     linux:

  555.       system:

  556.         prompt:

  557.           root: \\n\\[\\033[0;37m\\]\\D{%y/%m/%d %H:%M:%S} $(hostname -f)\\[\\e[0m\\]\\n\\[\\e[1;31m\\][\\u@\\h:\\w]\\[\\e[0m\\]

  558.           default: \\n\\D{%y/%m/%d %H:%M:%S} $(hostname -f)\\n[\\u@\\h:\\w]

  559. 

  560. On Debian systems to set prompt system-wide it's necessary to remove setting

  561. PS1 in ``/etc/bash.bashrc`` and ``~/.bashrc`` (which comes from

  562. ``/etc/skel/.bashrc``). This formula will do this automatically, but will not

  563. touch existing user's ``~/.bashrc`` files except root.

  564. 

  565. Bash

  566. ~~~~

  567. 

  568. Fix bash configuration to preserve history across sessions (like ZSH does by

  569. default).

  570. 

  571. .. code-block:: yaml

  572. 

  573.     linux:

  574.       system:

  575.         bash:

  576.           preserve_history: true

  577. 

  578. Message of the day

  579. ~~~~~~~~~~~~~~~~~~

  580. 

  581. ``pam_motd`` from package ``update-motd`` is used for dynamic messages of the

  582. day. Setting custom motd will cleanup existing ones.

  583. 

  584. .. code-block:: yaml

  585. 

  586.     linux:

  587.       system:

  588.         motd:

  589.           - release: |

  590.               #!/bin/sh

  591.               [ -r /etc/lsb-release ] && . /etc/lsb-release

  592. 

  593.               if [ -z "$DISTRIB_DESCRIPTION" ] && [ -x /usr/bin/lsb_release ]; then

  594.               	# Fall back to using the very slow lsb_release utility

  595.               	DISTRIB_DESCRIPTION=$(lsb_release -s -d)

  596.               fi

  597. 

  598.               printf "Welcome to %s (%s %s %s)\n" "$DISTRIB_DESCRIPTION" "$(uname -o)" "$(uname -r)" "$(uname -m)"

  599.           - warning: |

  600.               #!/bin/sh

  601.               printf "This is [company name] network.\n"

  602.               printf "Unauthorized access strictly prohibited.\n"

  603. 

  604. RHEL / CentOS

  605. ^^^^^^^^^^^^^

  606. 

  607. Unfortunately ``update-motd`` is currently not available for RHEL so there's

  608. no native support for dynamic motd.

  609. You can still set static one, only pillar structure differs:

  610. 

  611. .. code-block:: yaml

  612. 

  613.     linux:

  614.       system:

  615.         motd: |

  616.           This is [company name] network.

  617.           Unauthorized access strictly prohibited.

  618. 

  619. Haveged

  620. ~~~~~~~

  621. 

  622. If you are running headless server and are low on entropy, it may be a good

  623. idea to setup Haveged.

  624. 

  625. .. code-block:: yaml

  626. 

  627.     linux:

  628.       system:

  629.         haveged:

  630.           enabled: true

  631. 

  632. Linux network

  633. -------------

  634. 

  635. Linux with network manager

  636. 

  637. .. code-block:: yaml

  638. 

  639.     linux:

  640.       network:

  641.         enabled: true

  642.         network_manager: true

  643. 

  644. Linux with default static network interfaces, default gateway interface and DNS servers

  645. 

  646. .. code-block:: yaml

  647. 

  648.     linux:

  649.       network:

  650.         enabled: true

  651.         interface:

  652.           eth0:

  653.             enabled: true

  654.             type: eth

  655.             address: 192.168.0.102

  656.             netmask: 255.255.255.0

  657.             gateway: 192.168.0.1

  658.             name_servers:

  659.             - 8.8.8.8

  660.             - 8.8.4.4

  661.             mtu: 1500

  662. 

  663. Linux with bonded interfaces and disabled NetworkManager

  664. 

  665. .. code-block:: yaml

  666. 

  667.     linux:

  668.       network:

  669.         enabled: true

  670.         interface:

  671.           eth0:

  672.             type: eth

  673.             ...

  674.           eth1:

  675.             type: eth

  676.             ...

  677.           bond0:

  678.             enabled: true

  679.             type: bond

  680.             address: 192.168.0.102

  681.             netmask: 255.255.255.0

  682.             mtu: 1500

  683.             use_in:

  684.             - interface: ${linux:interface:eth0}

  685.             - interface: ${linux:interface:eth0}

  686.         network_manager:

  687.           disable: true

  688. 

  689. Linux with vlan interface_params

  690. 

  691. .. code-block:: yaml

  692. 

  693.     linux:

  694.       network:

  695.         enabled: true

  696.         interface:

  697.           vlan69:

  698.             type: vlan

  699.             use_interfaces:

  700.             - interface: ${linux:interface:bond0}

  701. 

  702. Linux with wireless interface parameters

  703. 

  704. .. code-block:: yaml

  705. 

  706.     linux:

  707.       network:

  708.         enabled: true

  709.         gateway: 10.0.0.1

  710.         default_interface: eth0

  711.         interface:

  712.           wlan0:

  713.             type: eth

  714.             wireless:

  715.               essid: example

  716.               key: example_key

  717.               security: wpa

  718.               priority: 1

  719. 

  720. Linux networks with routes defined

  721. 

  722. .. code-block:: yaml

  723. 

  724.     linux:

  725.       network:

  726.         enabled: true

  727.         gateway: 10.0.0.1

  728.         default_interface: eth0

  729.         interface:

  730.           eth0:

  731.             type: eth

  732.             route:

  733.               default:

  734.                 address: 192.168.0.123

  735.                 netmask: 255.255.255.0

  736.                 gateway: 192.168.0.1

  737. 

  738. Native Linux Bridges

  739. 

  740. .. code-block:: yaml

  741. 

  742.     linux:

  743.       network:

  744.         interface:

  745.           eth1:

  746.             enabled: true

  747.             type: eth

  748.             proto: manual

  749.             up_cmds:

  750.             - ip address add 0/0 dev $IFACE

  751.             - ip link set $IFACE up

  752.             down_cmds:

  753.             - ip link set $IFACE down

  754.           br-ex:

  755.             enabled: true

  756.             type: bridge

  757.             address: ${linux:network:host:public_local:address}

  758.             netmask: 255.255.255.0

  759.             use_interfaces:

  760.             - eth1

  761. 

  762. OpenVswitch Bridges

  763. 

  764. .. code-block:: yaml

  765. 

  766.     linux:

  767.       network:

  768.         bridge: openvswitch

  769.         interface:

  770.           eth1:

  771.             enabled: true

  772.             type: eth

  773.             proto: manual

  774.             up_cmds:

  775.             - ip address add 0/0 dev $IFACE

  776.             - ip link set $IFACE up

  777.             down_cmds:

  778.             - ip link set $IFACE down

  779.           br-ex:

  780.             enabled: true

  781.             type: bridge

  782.             address: ${linux:network:host:public_local:address}

  783.             netmask: 255.255.255.0

  784.             use_interfaces:

  785.             - eth1

  786. 

  787. DHCP client configuration

  788. 

  789. None of the keys is mandatory, include only those you really need. For full list

  790. of available options under send, supersede, prepend, append refer to dhcp-options(5)

  791. 

  792. .. code-block:: yaml

  793. 

  794.      linux:

  795.        network:

  796.          dhclient:

  797.            enabled: true

  798.            backoff_cutoff: 15

  799.            initial_interval: 10

  800.            reboot: 10

  801.            retry: 60

  802.            select_timeout: 0

  803.            timeout: 120

  804.            send:

  805.              - option: host-name

  806.                declaration: "= gethostname()"

  807.            supersede:

  808.              - option: host-name

  809.                declaration: "spaceship"

  810.              - option: domain-name

  811.                declaration: "domain.home"

  812.              #- option: arp-cache-timeout

  813.              #  declaration: 20

  814.            prepend:

  815.              - option: domain-name-servers

  816.                declaration:

  817.                  - 8.8.8.8

  818.                  - 8.8.4.4

  819.              - option: domain-search

  820.                declaration:

  821.                  - example.com

  822.                  - eng.example.com

  823.            #append:

  824.              #- option: domain-name-servers

  825.              #  declaration: 127.0.0.1

  826.            # ip or subnet to reject dhcp offer from

  827.            reject:

  828.              - 192.33.137.209

  829.              - 10.0.2.0/24

  830.            request:

  831.              - subnet-mask

  832.              - broadcast-address

  833.              - time-offset

  834.              - routers

  835.              - domain-name

  836.              - domain-name-servers

  837.              - domain-search

  838.              - host-name

  839.              - dhcp6.name-servers

  840.              - dhcp6.domain-search

  841.              - dhcp6.fqdn

  842.              - dhcp6.sntp-servers

  843.              - netbios-name-servers

  844.              - netbios-scope

  845.              - interface-mtu

  846.              - rfc3442-classless-static-routes

  847.              - ntp-servers

  848.            require:

  849.              - subnet-mask

  850.              - domain-name-servers

  851.            # if per interface configuration required add below

  852.            interface:

  853.              ens2:

  854.                initial_interval: 11

  855.                reject:

  856.                  - 192.33.137.210

  857.              ens3:

  858.                initial_interval: 12

  859.                reject:

  860.                  - 192.33.137.211

  861. 

  862. 

  863. Configure global environment variables

  864. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  865. 

  866. Linux /etc/environment:

  867. ``/etc/environment`` is for static system wide variable assignment after boot. Variable expansion is frequently not supported.

  868. 

  869. .. code-block:: yaml

  870. 

  871.     linux:

  872.       system:

  873.         env:

  874.           BOB_VARIABLE: Alice

  875.           ...

  876.           BOB_PATH:

  877.             - /srv/alice/bin

  878.             - /srv/bob/bin

  879.           ...

  880.           ftp_proxy:   none

  881.           http_proxy:  http://global-http-proxy.host.local:8080

  882.           https_proxy: ${linux:system:proxy:https}

  883.           no_proxy:

  884.             - 192.168.0.80

  885.             - 192.168.1.80

  886.             - .domain.com

  887.             - .local

  888.         ...

  889.         # NOTE: global defaults proxy configuration.

  890.         proxy:

  891.           ftp:   ftp://proxy.host.local:2121

  892.           http:  http://proxy.host.local:3142

  893.           https: https://proxy.host.local:3143

  894.           noproxy:

  895.             - .domain.com

  896.             - .local

  897. 

  898. Configure profile.d scripts

  899. ~~~~~~~~~~~~~~~~~~~~~~~~~~~

  900. 

  901. Linux /etc/profile.d:

  902. The profile.d scripts are being sourced during .sh execution and support variable expansion in opposite to /etc/environment

  903. global settings in ``/etc/environment``.

  904. 

  905. .. code-block:: yaml

  906. 

  907.     linux:

  908.       system:

  909.         profile:

  910.           locales: |

  911.             export LANG=C

  912.             export LC_ALL=C

  913.           ...

  914.           vi_flavors.sh: |

  915.             export PAGER=view

  916.             export EDITOR=vim

  917.             alias vi=vim

  918.           shell_locales.sh: |

  919.             export LANG=en_US

  920.             export LC_ALL=en_US.UTF-8

  921.           shell_proxies.sh: |

  922.             export FTP_PROXY=ftp://127.0.3.3:2121

  923.             export NO_PROXY='.local'

  924. 

  925. Linux with hosts

  926. ~~~~~~~~~~~~~~~~

  927. 

  928. Parameter purge_hosts will enforce whole /etc/hosts file, removing entries

  929. that are not defined in model except defaults for both IPv4 and IPv6 localhost

  930. and hostname + fqdn.

  931. It's good to use this option if you want to ensure /etc/hosts is always in a

  932. clean state however it's not enabled by default for safety.

  933. 

  934. .. code-block:: yaml

  935. 

  936.     linux:

  937.       network:

  938.         ...

  939.         purge_hosts: true

  940.         host:

  941.           # No need to define this one if purge_hosts is true

  942.           hostname:

  943.             address: 127.0.1.1

  944.             names:

  945.             - ${linux:network:fqdn}

  946.             - ${linux:network:hostname}

  947.           node1:

  948.             address: 192.168.10.200

  949.             names:

  950.             - node2.domain.com

  951.             - service2.domain.com

  952.           node2:

  953.             address: 192.168.10.201

  954.             names:

  955.             - node2.domain.com

  956.             - service2.domain.com

  957. 

  958. 

  959. Setup resolv.conf, nameservers, domain and search domains

  960. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  961. 

  962. .. code-block:: yaml

  963. 

  964.     linux:

  965.       network:

  966.         resolv:

  967.           dns:

  968.           - 8.8.4.4

  969.           - 8.8.8.8

  970.           domain: my.example.com

  971.           search:

  972.           - my.example.com

  973.           - example.com

  974.           options:

  975.           - ndots: 5

  976.           - timeout: 2

  977.           - attempts: 2

  978. 

  979. **setting custom TX queue length for tap interfaces**

  980. 

  981. .. code-block:: yaml

  982. 

  983.     linux:

  984.       network:

  985.         tap_custom_txqueuelen: 10000

  986. 

  987. DPDK OVS interfaces

  988. --------------------

  989. 

  990. **DPDK OVS NIC**

  991. 

  992. .. code-block:: yaml

  993. 

  994.     linux:

  995.       network:

  996.         bridge: openvswitch

  997.         dpdk:

  998.           enabled: true

  999.           driver: uio/vfio-pci

  1000.         openvswitch:

  1001.           pmd_cpu_mask: "0x6"

  1002.           dpdk_socket_mem: "1024,1024"

  1003.           dpdk_lcore_mask: "0x400"

  1004.           memory_channels: 2

  1005.         interface:

  1006.           dpkd0:

  1007.             name: ${_param:dpdk_nic}

  1008.             pci: 0000:06:00.0

  1009.             driver: igb_uio/vfio

  1010.             enabled: true

  1011.             type: dpdk_ovs_port

  1012.             n_rxq: 2

  1013.             bridge: br-prv

  1014.             mtu: 9000

  1015.           br-prv:

  1016.             enabled: true

  1017.             type: dpdk_ovs_bridge

  1018. 

  1019. **DPDK OVS Bond**

  1020. 

  1021. .. code-block:: yaml

  1022. 

  1023.     linux:

  1024.       network:

  1025.         bridge: openvswitch

  1026.         dpdk:

  1027.           enabled: true

  1028.           driver: uio/vfio-pci

  1029.         openvswitch:

  1030.           pmd_cpu_mask: "0x6"

  1031.           dpdk_socket_mem: "1024,1024"

  1032.           dpdk_lcore_mask: "0x400"

  1033.           memory_channels: 2

  1034.         interface:

  1035.           dpdk_second_nic:

  1036.             name: ${_param:primary_second_nic}

  1037.             pci: 0000:06:00.0

  1038.             driver: igb_uio/vfio

  1039.             bond: dpdkbond0

  1040.             enabled: true

  1041.             type: dpdk_ovs_port

  1042.             n_rxq: 2

  1043.             mtu: 9000

  1044.           dpdk_first_nic:

  1045.             name: ${_param:primary_first_nic}

  1046.             pci: 0000:05:00.0

  1047.             driver: igb_uio/vfio

  1048.             bond: dpdkbond0

  1049.             enabled: true

  1050.             type: dpdk_ovs_port

  1051.             n_rxq: 2

  1052.             mtu: 9000

  1053.           dpdkbond0:

  1054.             enabled: true

  1055.             bridge: br-prv

  1056.             type: dpdk_ovs_bond

  1057.             mode: active-backup

  1058.           br-prv:

  1059.             enabled: true

  1060.             type: dpdk_ovs_bridge

  1061. 

  1062. **DPDK OVS bridge for VXLAN**

  1063. 

  1064. If VXLAN is used as tenant segmentation then ip address must be set on br-prv

  1065. 

  1066. .. code-block:: yaml

  1067. 

  1068.     linux:

  1069.       network:

  1070.         ...

  1071.         interface:

  1072.           br-prv:

  1073.             enabled: true

  1074.             type: dpdk_ovs_bridge

  1075.             address: 192.168.50.0

  1076.             netmask: 255.255.255.0

  1077.             mtu: 9000

  1078. 

  1079. Linux storage

  1080. -------------

  1081. 

  1082. Linux with mounted Samba

  1083. 

  1084. .. code-block:: yaml

  1085. 

  1086.     linux:

  1087.       storage:

  1088.         enabled: true

  1089.         mount:

  1090.           samba1:

  1091.           - enabled: true

  1092.           - path: /media/myuser/public/

  1093.           - device: //192.168.0.1/storage

  1094.           - file_system: cifs

  1095.           - options: guest,uid=myuser,iocharset=utf8,file_mode=0777,dir_mode=0777,noperm

  1096. 

  1097. NFS mount

  1098. 

  1099. .. code-block:: yaml

  1100. 

  1101.   linux:

  1102.     storage:

  1103.       enabled: true

  1104.       mount:

  1105.         nfs_glance:

  1106.           enabled: true

  1107.           path: /var/lib/glance/images

  1108.           device: 172.16.10.110:/var/nfs/glance

  1109.           file_system: nfs

  1110.           opts: rw,sync

  1111. 

  1112. 

  1113. File swap configuration

  1114. 

  1115. .. code-block:: yaml

  1116. 

  1117.     linux:

  1118.       storage:

  1119.         enabled: true

  1120.         swap:

  1121.           file:

  1122.             enabled: true

  1123.             engine: file

  1124.             device: /swapfile

  1125.             size: 1024

  1126. 

  1127. Partition swap configuration

  1128. 

  1129. .. code-block:: yaml

  1130. 

  1131.     linux:

  1132.       storage:

  1133.         enabled: true

  1134.         swap:

  1135.           partition:

  1136.             enabled: true

  1137.             engine: partition

  1138.             device: /dev/vg0/swap

  1139. 

  1140. LVM group `vg1` with one device and `data` volume mounted into `/mnt/data`

  1141. 

  1142. .. code-block:: yaml

  1143. 

  1144.     parameters:

  1145.       linux:

  1146.         storage:

  1147.           mount:

  1148.             data:

  1149.               enabled: true

  1150.               device: /dev/vg1/data

  1151.               file_system: ext4

  1152.               path: /mnt/data

  1153.           lvm:

  1154.             vg1:

  1155.               enabled: true

  1156.               devices:

  1157.                 - /dev/sdb

  1158.               volume:

  1159.                 data:

  1160.                   size: 40G

  1161.                   mount: ${linux:storage:mount:data}

  1162. 

  1163. 

  1164. Multipath with Fujitsu Eternus DXL

  1165. 

  1166. .. code-block:: yaml

  1167. 

  1168.     parameters:

  1169.       linux:

  1170.         storage:

  1171.           multipath:

  1172.             enabled: true

  1173.             blacklist_devices:

  1174.             - /dev/sda

  1175.             - /dev/sdb

  1176.             backends:

  1177.             - fujitsu_eternus_dxl

  1178. 

  1179. Multipath with Hitachi VSP 1000

  1180. 

  1181. .. code-block:: yaml

  1182. 

  1183.     parameters:

  1184.       linux:

  1185.         storage:

  1186.           multipath:

  1187.             enabled: true

  1188.             blacklist_devices:

  1189.             - /dev/sda

  1190.             - /dev/sdb

  1191.             backends:

  1192.             - hitachi_vsp1000

  1193. 

  1194. Multipath with IBM Storwize

  1195. 

  1196. .. code-block:: yaml

  1197. 

  1198.     parameters:

  1199.       linux:

  1200.         storage:

  1201.           multipath:

  1202.             enabled: true

  1203.             blacklist_devices:

  1204.             - /dev/sda

  1205.             - /dev/sdb

  1206.             backends:

  1207.             - ibm_storwize

  1208. 

  1209. Multipath with multiple backends

  1210. 

  1211. .. code-block:: yaml

  1212. 

  1213.     parameters:

  1214.       linux:

  1215.         storage:

  1216.           multipath:

  1217.             enabled: true

  1218.             blacklist_devices:

  1219.             - /dev/sda

  1220.             - /dev/sdb

  1221.             - /dev/sdc

  1222.             - /dev/sdd

  1223.             backends:

  1224.             - ibm_storwize

  1225.             - fujitsu_eternus_dxl

  1226.             - hitachi_vsp1000

  1227. 

  1228. Disabled multipath (the default setup)

  1229. 

  1230. .. code-block:: yaml

  1231. 

  1232.     parameters:

  1233.       linux:

  1234.         storage:

  1235.           multipath:

  1236.             enabled: false

  1237. 

  1238. Linux with local loopback device

  1239. 

  1240. .. code-block:: yaml

  1241. 

  1242.     linux:

  1243.       storage:

  1244.         loopback:

  1245.           disk1:

  1246.             file: /srv/disk1

  1247.             size: 50G

  1248. 

  1249. External config generation

  1250. --------------------------

  1251. 

  1252. You are able to use config support metadata between formulas and only generate

  1253. config files for external use, eg. docker, etc.

  1254. 

  1255. .. code-block:: yaml

  1256. 

  1257.     parameters:

  1258.       linux:

  1259.         system:

  1260.           config:

  1261.             pillar:

  1262.               jenkins:

  1263.                 master:

  1264.                   home: /srv/volumes/jenkins

  1265.                   approved_scripts:

  1266.                     - method java.net.URL openConnection

  1267.                   credentials:

  1268.                     - type: username_password

  1269.                       scope: global

  1270.                       id: test

  1271.                       desc: Testing credentials

  1272.                       username: test

  1273.                       password: test

  1274. 

  1275. Netconsole Remote Kernel Logging

  1276. --------------------------------

  1277. 

  1278. Netconsole logger could be configured for configfs-enabled kernels

  1279. (`CONFIG_NETCONSOLE_DYNAMIC` should be enabled). Configuration applies both in

  1280. runtime (if network is already configured), and on-boot after interface

  1281. initialization. Notes:

  1282. 

  1283.  * receiver could be located only in same L3 domain

  1284.    (or you need to configure gateway MAC manually)

  1285.  * receiver's MAC is detected only on configuration time

  1286.  * using broadcast MAC is not recommended

  1287. 

  1288. .. code-block:: yaml

  1289. 

  1290.     parameters:

  1291.       linux:

  1292.         system:

  1293.           netconsole:

  1294.             enabled: true

  1295.             port: 514 (optional)

  1296.             loglevel: debug (optional)

  1297.             target:

  1298.               192.168.0.1:

  1299.                 interface: bond0

  1300.                 mac: "ff:ff:ff:ff:ff:ff" (optional)

  1301. 

  1302. Usage

  1303. =====

  1304. 

  1305. Set mtu of network interface eth0 to 1400

  1306. 

  1307. .. code-block:: bash

  1308. 

  1309.     ip link set dev eth0 mtu 1400

  1310. 

  1311. Read more

  1312. =========

  1313. 

  1314. * https://www.archlinux.org/

  1315. * http://askubuntu.com/questions/175172/how-do-i-configure-proxies-in-ubuntu-server-or-minimal-cli-ubuntu

  1316. 

  1317. Documentation and Bugs

  1318. ======================

  1319. 

  1320. To learn how to install and update salt-formulas, consult the documentation

  1321. available online at:

  1322. 

  1323.     http://salt-formulas.readthedocs.io/

  1324. 

  1325. In the unfortunate event that bugs are discovered, they should be reported to

  1326. the appropriate issue tracker. Use Github issue tracker for specific salt

  1327. formula:

  1328. 

  1329.     https://github.com/salt-formulas/salt-formula-linux/issues

  1330. 

  1331. For feature requests, bug reports or blueprints affecting entire ecosystem,

  1332. use Launchpad salt-formulas project:

  1333. 

  1334.     https://launchpad.net/salt-formulas

  1335. 

  1336. You can also join salt-formulas-users team and subscribe to mailing list:

  1337. 

  1338.     https://launchpad.net/~salt-formulas-users

  1339. 

  1340. Developers wishing to work on the salt-formulas projects should always base

  1341. their work on master branch and submit pull request against specific formula.

  1342. 

  1343.     https://github.com/salt-formulas/salt-formula-linux

  1344. 

  1345. Any questions or feedback is always welcome so feel free to join our IRC

  1346. channel:

  1347. 

  1348.     #salt-formulas @ irc.freenode.net