salt
/
linux-formula
rozštěpen z ExternalMirrors/linux-formula
Sledovat 1
Oblíbit 0
Rozštěpit 0
Zdrojový kód Vydání 8 Aktivita
Saltstack Official Linux Formula
Nelze vybrat více než 25 témat Téma musí začínat písmenem nebo číslem, může obsahovat pomlčky („-“) a může být dlouhé až 35 znaků.
637 Revize
26 Větve
Strom: b08a9144f7
Větve Značky
${ item.name }
Vytvořit větev ${ searchTerm }
z „b08a9144f7“
${ noResults }
linux-formula/README.rst

README.rst 48KB
Surový Normální zobrazení Historie

Update README.rst
před 7 roky
Initial commit
před 9 roky
Update README.rst
před 7 roky
Initial commit
před 9 roky
Update README.rst
před 7 roky
Initial commit
před 9 roky
Extend linux.user - Add posibility do delete user password - Delete any password, if no other option has been passed - Allow to pass hash\plain password - Allow to unchange password Change-Id: Id2b7234ca5d4417475b2114e74840292fc57d0de
před 7 roky
Initial commit
před 9 roky
Enable setting home dir permissions Fixes: PROD-21350 Change-Id: If5a4473296e4d2cb6a80cb7397ac38a66011f39d
před 6 roky
Initial commit
před 9 roky
Extend linux.user - Add posibility do delete user password - Delete any password, if no other option has been passed - Allow to pass hash\plain password - Allow to unchange password Change-Id: Id2b7234ca5d4417475b2114e74840292fc57d0de
před 7 roky
Initial commit
před 9 roky
Extend linux.user - Add posibility do delete user password - Delete any password, if no other option has been passed - Allow to pass hash\plain password - Allow to unchange password Change-Id: Id2b7234ca5d4417475b2114e74840292fc57d0de
před 7 roky
Initial commit
před 9 roky
Add sudo state, salt-managed aliases,users,groups - apply review comments - add visudo check cmd
před 8 roky
Update README.rst
před 7 roky
Add sudo state, salt-managed aliases,users,groups - apply review comments - add visudo check cmd
před 8 roky
Update README.rst
před 7 roky
Add sudo state, salt-managed aliases,users,groups - apply review comments - add visudo check cmd
před 8 roky
Update README.rst fixed typo in sudo part
před 7 roky
Add sudo state, salt-managed aliases,users,groups - apply review comments - add visudo check cmd
před 8 roky
Added ability to enable SETENV in sudoers Change-Id: Icee295720a5a2425390a1bcd588841897071938e
před 7 roky
Add sudo state, salt-managed aliases,users,groups - apply review comments - add visudo check cmd
před 8 roky
Initial commit
před 9 roky
Add system.autoupdates state (#61) * Add support for autoupdates only Debian-based systems are supported for now (through unattended-upgrades package) * Fix test on system.autoupdates.pkgs
před 8 roky
Initial commit
před 9 roky
Use cron job identifier to be able to update command Change-Id: Id571945585863a08bd2317b57ecc6123a16e1857
před 7 roky
Initial commit
před 9 roky
Use cron job identifier to be able to update command Change-Id: Id571945585863a08bd2317b57ecc6123a16e1857
před 7 roky
Initial commit
před 9 roky
Support for setting security limits
před 9 roky
Enable/disable console autologin
před 9 roky
More options for consoles
před 9 roky
Enable/disable console autologin
před 9 roky
Allow setting policy-rc.d
před 9 roky
Allow setting system locales
před 8 roky
Fix readme of cs_CZ locales
před 8 roky
Allow setting system locales
před 8 roky
Allow configure systemd Change-Id: I54bc92902137899834408732ab852fd96d3f5a53
před 7 roky
Add linux.system.directory state Change-Id: Ida91f545cc705457d1bc567fbee483e14a202a3a
před 7 roky
Added support for managing files by pillar Change-Id: Ibd0a024bcd69089d9835a18f2bb803c952e13967
před 7 roky
linux.system.file - hash only if source is defined and ability to set name by param Change-Id: Ia286ac4377c6b03ce16c9dc1a5c7d3441efe7e12
před 7 roky
Added support for managing files by pillar Change-Id: Ibd0a024bcd69089d9835a18f2bb803c952e13967
před 7 roky
linux.system.file - hash only if source is defined and ability to set name by param Change-Id: Ia286ac4377c6b03ce16c9dc1a5c7d3441efe7e12
před 7 roky
Add support file.serialize in linux:system:file Ensure presence of file to be serialized through one of the serializer modules (see: https://docs.saltstack.com/en/latest/ref/serializers/all/index.html):
před 6 roky
Make linux.system.kernel functional
před 9 roky
add support for kernel modules Change-Id: I6ba3d72307805341829fe0f6919e326f3698e833
před 8 roky
added possibility to use list for sysfs params Change-Id: Id9ffc5cbbbb10fd6136d459ed461151a1800e857 related-bug: PROD-21205
před 6 roky
RIL-267 Adding cpu governor and kernel module opts (#101) * RIL-267 Adding cpu governor and kernel module opts * RIL-267 Adding cpu governor and kernel module opts * RIL-267 Adding cpu governor and kernel module opts
před 7 roky
Make linux.system.kernel functional
před 9 roky
Linux sysctl kernel parameters
před 9 roky
Handle kernel boot options The 'system.kernel.elevator' and 'system.kernel.isolcpu' options have been kept for backward compatibility and should be used in new fashion way with system.kernel.boot_options parameter. Change-Id: I51f7167b8b8946500df2065ee6b02bcf21809bc9
před 7 roky
cpu governor
před 8 roky
RIL-267 Adding cpu governor and kernel module opts (#101) * RIL-267 Adding cpu governor and kernel module opts * RIL-267 Adding cpu governor and kernel module opts * RIL-267 Adding cpu governor and kernel module opts
před 7 roky
cpu governor
před 8 roky
add additional shared libraries (#137) * This merge request gives the ability to add shared libaries without set LD_LIBRARY_PATH variable. 1. Generate file in /etc/ld.so.conf.d/ 2. update /etc/ld.so.cache with ldconfig command example pillars: linux: system: enabled: True ld: libraries: java: - /usr/lib/jvm/jre-openjdk/lib/amd64/server - /opt/java/jre/lib/amd64/server * fix format in README.rst for Shared Libraries * Fix for #137 - change pillar libraries key to library
před 7 roky
cgroups PROD-16845 Change-Id: Iabc6f4584e34c988e67ff42ee8ceb20c469823d6
před 7 roky
add additional shared libraries (#137) * This merge request gives the ability to add shared libaries without set LD_LIBRARY_PATH variable. 1. Generate file in /etc/ld.so.conf.d/ 2. update /etc/ld.so.cache with ldconfig command example pillars: linux: system: enabled: True ld: libraries: java: - /usr/lib/jvm/jre-openjdk/lib/amd64/server - /opt/java/jre/lib/amd64/server * fix format in README.rst for Shared Libraries * Fix for #137 - change pillar libraries key to library
před 7 roky
added possibility to use list for sysfs params Change-Id: Id9ffc5cbbbb10fd6136d459ed461151a1800e857 related-bug: PROD-21205
před 6 roky
add additional shared libraries (#137) * This merge request gives the ability to add shared libaries without set LD_LIBRARY_PATH variable. 1. Generate file in /etc/ld.so.conf.d/ 2. update /etc/ld.so.cache with ldconfig command example pillars: linux: system: enabled: True ld: libraries: java: - /usr/lib/jvm/jre-openjdk/lib/amd64/server - /opt/java/jre/lib/amd64/server * fix format in README.rst for Shared Libraries * Fix for #137 - change pillar libraries key to library
před 7 roky
Add ca_certificates into readme Fixes: #120 Change-Id: Idc3b239418630a6d7cb8d5451726095c70fb6247
před 7 roky
Add support for sysfs Change-Id: I29cfe2cd9dd39b74a1d39313f78dfddc87cb79b8
před 7 roky
added possibility to use list for sysfs params Change-Id: Id9ffc5cbbbb10fd6136d459ed461151a1800e857 related-bug: PROD-21205
před 6 roky
Hugepages support Grub hugepages configuration and mount point action. Change-Id: I49b26871c325b95a7d3f264892a9e997b58765bc Epic: PROD-8959
před 8 roky
Mend hugepages config * make unique mounted device * hugepages realtime setup for default pagesize only Change-Id: Ifa369f62a993c59c7b2c471b273fa795cc794e24 Closes-Bug: PROD-19825
před 6 roky
Hugepages support Grub hugepages configuration and mount point action. Change-Id: I49b26871c325b95a7d3f264892a9e997b58765bc Epic: PROD-8959
před 8 roky
cpu governor
před 8 roky
SRIOV support Enable SR-IOV support on server. Change-Id: I7dabe340abd398cc0422698112cbdd81804446b7 Epic: PROD-8956
před 8 roky
Implement isolcpu grub configuration Separate cpu for host os from workload. Change-Id: I5b274a6324fe2fa47c09df82c01e3b95dadb5e53 Epic: PROD-8959
před 8 roky
cpu governor
před 8 roky
Initial commit
před 9 roky
Fix|change system.repo update logic - Add possibility to remove prereq. packages installation BEFORE * Crucial logic violation - if we don't have any repo\ have them configured in wrong way - stage will always fail. * install prereq. packages after all - sounds stupid, but correct. * By default - it will still try to install prereq. We don't want to broke OLD logic.See readme, how-to overide such behaviour. - don't update cache per-repo - it's simply useless and may fail due p1. Run update only once - after all repos configured\reconfigured - Add new option at system:refresh_repos_meta - for case, when update should not be run in any case. By default - true. - remove 99proxies-salt-{{ name }} along with disabled repo - fix duplicate 'clean_file' option Closes-Bug: PROD-15992 (PROD:15992) Change-Id: I4b312f82f65be80e7726f62482978f68c25746a3
před 6 roky
Add system.env, system.profile, system.proxy and configure proxy under system.repo
před 7 roky
Add dhclient basic configuration Allows configuring general section as well as configuring each dhcp enabled interface separetly. Does not allow alias or lease configuration.
před 7 roky
Add system.env, system.profile, system.proxy and configure proxy under system.repo
před 7 roky
Add dhclient basic configuration Allows configuring general section as well as configuring each dhcp enabled interface separetly. Does not allow alias or lease configuration.
před 7 roky
Add system.env, system.profile, system.proxy and configure proxy under system.repo
před 7 roky
README fix for purging repos
před 7 roky
Fix|change system.repo update logic - Add possibility to remove prereq. packages installation BEFORE * Crucial logic violation - if we don't have any repo\ have them configured in wrong way - stage will always fail. * install prereq. packages after all - sounds stupid, but correct. * By default - it will still try to install prereq. We don't want to broke OLD logic.See readme, how-to overide such behaviour. - don't update cache per-repo - it's simply useless and may fail due p1. Run update only once - after all repos configured\reconfigured - Add new option at system:refresh_repos_meta - for case, when update should not be run in any case. By default - true. - remove 99proxies-salt-{{ name }} along with disabled repo - fix duplicate 'clean_file' option Closes-Bug: PROD-15992 (PROD:15992) Change-Id: I4b312f82f65be80e7726f62482978f68c25746a3
před 6 roky
Add linux.system.apt state Change-Id: I1e190f1f5b34a049335efbecffad3dddf7c41644
před 7 roky
README fix for purging repos
před 7 roky
Add system.env, system.profile, system.proxy and configure proxy under system.repo
před 7 roky
rc.local added to linux formula
před 9 roky
Add system.env, system.profile, system.proxy and configure proxy under system.repo
před 7 roky
Allow setting system-wide prompt
před 9 roky
Ensure PS1 is enforced for root
před 9 roky
rc.local added to linux formula
před 9 roky
Option to preserve bash history
před 8 roky
Configure interactive logon message This is also covers the following CIS items * CIS 1.7.1.5 Ensure permissions on /etc/issue are configured (Scored) Change-Id: If8c237ff4db7e9ab7ee244278d28f632e73ecb56 Related-Prod: PROD-19166
před 6 roky
Set message of the day
před 9 roky
Update motd.sls This patch unifies /etc/motd managing approach for both RedHat and Ubuntu systems. Providing a string value via linux:system:motd pillar will configure static /etc/motd and remove dynamic scripts from /etc/update-motd.d (if present). update-motd can safely be removed because Ubuntu supports dynamic motd by pam_motd means since 2009. Related-Prod: PROD-17287 Change-Id: Ic9b7e18abb12cfe8704717b14dc1237e40715319
před 6 roky
Set message of the day
před 9 roky
Update motd.sls This patch unifies /etc/motd managing approach for both RedHat and Ubuntu systems. Providing a string value via linux:system:motd pillar will configure static /etc/motd and remove dynamic scripts from /etc/update-motd.d (if present). update-motd can safely be removed because Ubuntu supports dynamic motd by pam_motd means since 2009. Related-Prod: PROD-17287 Change-Id: Ic9b7e18abb12cfe8704717b14dc1237e40715319
před 6 roky
Set message of the day
před 9 roky
add service management support Change-Id: Iffb55fee41b8398de12554b58a9d36ae2b81e7ff
před 7 roky
Add atop Change-Id: I59297736406469e5314236cb40851d9a6f94386e
před 7 roky
Add support of mcelog service Change-Id: I32c83d63e7f359704ab6cc77dec07a1617880fbb Prod-Related: PROD-20137
před 6 roky
RHEL compatibility of motd and prompt
před 9 roky
Support for haveged
před 9 roky
RHEL compatibility of motd and prompt
před 9 roky
Support for haveged
před 9 roky
Initial commit
před 9 roky
example usage to disable NM
před 9 roky
Initial commit
před 9 roky
example usage to disable NM
před 9 roky
Initial commit
před 9 roky
vlan networking support
před 9 roky
fix fillar syntax
před 9 roky
vlan networking support
před 9 roky
Initial commit
před 9 roky
vlan networking support
před 9 roky
Initial commit
před 9 roky
vlan networking support
před 9 roky
Initial commit
před 9 roky
One should be able to change ovs port type if its not virtual. If ovs port is virtual, we use OVSIntPort to create it. Otherwise it should be OVSPort. I've added new key: ovs_port_type to not intersect with current deployments and not hurt anyone. I've updated doc to have an example of ovs peering patch. Customer-Found Change-Id: Ieddb5fcc02d410c3cc14c89737992690cb5f3975
před 7 roky
Add ability to configure VLAN tag on patch port Change-Id: I41f6e9c4feed93d03ac0479f9bd3626e48ad8063 Co-Authored-By: Michael Polenchuk <mpolenchuk@mirantis.com> Closes-Bug: PROD-20729
před 6 roky
One should be able to change ovs port type if its not virtual. If ovs port is virtual, we use OVSIntPort to create it. Otherwise it should be OVSPort. I've added new key: ovs_port_type to not intersect with current deployments and not hurt anyone. I've updated doc to have an example of ovs peering patch. Customer-Found Change-Id: Ieddb5fcc02d410c3cc14c89737992690cb5f3975
před 7 roky
Add ability to configure VLAN tag on patch port Change-Id: I41f6e9c4feed93d03ac0479f9bd3626e48ad8063 Co-Authored-By: Michael Polenchuk <mpolenchuk@mirantis.com> Closes-Bug: PROD-20729
před 6 roky
One should be able to change ovs port type if its not virtual. If ovs port is virtual, we use OVSIntPort to create it. Otherwise it should be OVSPort. I've added new key: ovs_port_type to not intersect with current deployments and not hurt anyone. I've updated doc to have an example of ovs peering patch. Customer-Found Change-Id: Ieddb5fcc02d410c3cc14c89737992690cb5f3975
před 7 roky
Initial commit
před 9 roky
Introduce ipflush_onchange Change-Id: I4dc6d6db82dc4074ed247b7fc0c29bfdc867b0d6
před 7 roky
ifdown ifup fix PROD-16903 Change-Id: I660f745fc7518836f262b08fb92d39bbbe7a24e8
před 7 roky
Introduce ipflush_onchange Change-Id: I4dc6d6db82dc4074ed247b7fc0c29bfdc867b0d6
před 7 roky
Add concat and remove for interfaces.d Change-Id: Ia97c5a79c5298f24aca6ca9148ce48546f3bcb70
před 7 roky
Add dhclient basic configuration Allows configuring general section as well as configuring each dhcp enabled interface separetly. Does not allow alias or lease configuration.
před 7 roky
Add linux.network.systemd support
před 7 roky
Add dhclient basic configuration Allows configuring general section as well as configuring each dhcp enabled interface separetly. Does not allow alias or lease configuration.
před 7 roky
Add system.env, system.profile, system.proxy and configure proxy under system.repo
před 7 roky
Allow mining for the dns records for local hosts records Change-Id: I8f2a66c6edafc425794d7cedc8b9217df7ee5951
před 7 roky
Initial commit
před 9 roky
Add system.env, system.profile, system.proxy and configure proxy under system.repo
před 7 roky
Initial commit
před 9 roky
Add system.env, system.profile, system.proxy and configure proxy under system.repo
před 7 roky
Initial commit
před 9 roky
Add system.env, system.profile, system.proxy and configure proxy under system.repo
před 7 roky
Allow mining for the dns records for local hosts records Change-Id: I8f2a66c6edafc425794d7cedc8b9217df7ee5951
před 7 roky
Add system.env, system.profile, system.proxy and configure proxy under system.repo
před 7 roky
Initial commit
před 9 roky
Allow enforcing of whole /etc/hosts Parameter purge_hosts will enforce whole /etc/hosts file, removing entries that are not defined in model except defaults for both IPv4 and IPv6 localhost and hostname + fqdn. It's good to use this option if you want to ensure /etc/hosts is always in a clean state however it's not enabled by default for safety. Change-Id: Ieb219b2dd494d5a66ecc52a2ec00dd5157ee2b7a
před 8 roky
Allow mining for the dns records for local hosts records Change-Id: I8f2a66c6edafc425794d7cedc8b9217df7ee5951
před 7 roky
Allow enforcing of whole /etc/hosts Parameter purge_hosts will enforce whole /etc/hosts file, removing entries that are not defined in model except defaults for both IPv4 and IPv6 localhost and hostname + fqdn. It's good to use this option if you want to ensure /etc/hosts is always in a clean state however it's not enabled by default for safety. Change-Id: Ieb219b2dd494d5a66ecc52a2ec00dd5157ee2b7a
před 8 roky
Initial commit
před 9 roky
Allow enforcing of whole /etc/hosts Parameter purge_hosts will enforce whole /etc/hosts file, removing entries that are not defined in model except defaults for both IPv4 and IPv6 localhost and hostname + fqdn. It's good to use this option if you want to ensure /etc/hosts is always in a clean state however it's not enabled by default for safety. Change-Id: Ieb219b2dd494d5a66ecc52a2ec00dd5157ee2b7a
před 8 roky
Initial commit
před 9 roky
Allow enforcing of whole /etc/hosts Parameter purge_hosts will enforce whole /etc/hosts file, removing entries that are not defined in model except defaults for both IPv4 and IPv6 localhost and hostname + fqdn. It's good to use this option if you want to ensure /etc/hosts is always in a clean state however it's not enabled by default for safety. Change-Id: Ieb219b2dd494d5a66ecc52a2ec00dd5157ee2b7a
před 8 roky
Initial commit
před 9 roky
Allow mining for the dns records for local hosts records Change-Id: I8f2a66c6edafc425794d7cedc8b9217df7ee5951
před 7 roky
Allow enforcing of whole /etc/hosts Parameter purge_hosts will enforce whole /etc/hosts file, removing entries that are not defined in model except defaults for both IPv4 and IPv6 localhost and hostname + fqdn. It's good to use this option if you want to ensure /etc/hosts is always in a clean state however it's not enabled by default for safety. Change-Id: Ieb219b2dd494d5a66ecc52a2ec00dd5157ee2b7a
před 8 roky
Allow setting resolv.conf
před 9 roky
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
před 8 roky
Allow setting resolv.conf
před 9 roky
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
před 8 roky
fix options setting in resolv
před 8 roky
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
před 8 roky
Allow mining for the dns records for local hosts records Change-Id: I8f2a66c6edafc425794d7cedc8b9217df7ee5951
před 7 roky
Feature: automatically set txqueuelen for all tap* network interfaces Config: linux: network: tap_custom_txqueuelen: 10000 in case of configuration parameter defined will create file: /etc/udev/rules.d/60-net-txqueue.rules with content: KERNEL==”tap[0-9a-z\-]*", RUN+="/sbin/ip link set %k txqueuelen 10000"
před 7 roky
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
před 8 roky
[DPDK] Enable VT-d in kernel via grub in case vfio-pci PMD driver This is required in order to use vfio-pci driver. More info: http://docs.openvswitch.org/en/latest/intro/install/dpdk/ Change-Id: I1c936ffd4a903b9c6d67cdde6c612019a85f9b9e
před 7 roky
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
před 8 roky
[DPDK] Enable VT-d in kernel via grub in case vfio-pci PMD driver This is required in order to use vfio-pci driver. More info: http://docs.openvswitch.org/en/latest/intro/install/dpdk/ Change-Id: I1c936ffd4a903b9c6d67cdde6c612019a85f9b9e
před 7 roky
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
před 8 roky
[DPDK] Add ability to set pmd_rxq_affinity for dpdk interfaces This enables a more fine tuned dpdk for better performance. More details on pmd-rxq-affinity config: http://docs.openvswitch.org/en/latest/howto/dpdk/ Change-Id: I630c6af94ff733619fb175f522fc515984862ff6
před 7 roky
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
před 8 roky
Linux OVS dpdk vxlan tunnel endpoint ip address Add possiblity to add ip address and mtu on dpdk ovs bridge to be able use VXLAN as tenant segmentation. Change-Id: I1394d30c5d9935218841b17ff7651dac7b4abefa Epic: PROD-8957
před 8 roky
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
před 8 roky
Allow setting resolv.conf
před 9 roky
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
před 8 roky
[DPDK] Enable VT-d in kernel via grub in case vfio-pci PMD driver This is required in order to use vfio-pci driver. More info: http://docs.openvswitch.org/en/latest/intro/install/dpdk/ Change-Id: I1c936ffd4a903b9c6d67cdde6c612019a85f9b9e
před 7 roky
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
před 8 roky
[DPDK] Enable VT-d in kernel via grub in case vfio-pci PMD driver This is required in order to use vfio-pci driver. More info: http://docs.openvswitch.org/en/latest/intro/install/dpdk/ Change-Id: I1c936ffd4a903b9c6d67cdde6c612019a85f9b9e
před 7 roky
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
před 8 roky
[DPDK] Add ability to set pmd_rxq_affinity for dpdk interfaces This enables a more fine tuned dpdk for better performance. More details on pmd-rxq-affinity config: http://docs.openvswitch.org/en/latest/howto/dpdk/ Change-Id: I630c6af94ff733619fb175f522fc515984862ff6
před 7 roky
Linux OVS dpdk vxlan tunnel endpoint ip address Add possiblity to add ip address and mtu on dpdk ovs bridge to be able use VXLAN as tenant segmentation. Change-Id: I1394d30c5d9935218841b17ff7651dac7b4abefa Epic: PROD-8957
před 8 roky
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
před 8 roky
[DPDK] Enable VT-d in kernel via grub in case vfio-pci PMD driver This is required in order to use vfio-pci driver. More info: http://docs.openvswitch.org/en/latest/intro/install/dpdk/ Change-Id: I1c936ffd4a903b9c6d67cdde6c612019a85f9b9e
před 7 roky
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
před 8 roky
[DPDK] Add ability to set pmd_rxq_affinity for dpdk interfaces This enables a more fine tuned dpdk for better performance. More details on pmd-rxq-affinity config: http://docs.openvswitch.org/en/latest/howto/dpdk/ Change-Id: I630c6af94ff733619fb175f522fc515984862ff6
před 7 roky
Linux OVS dpdk vxlan tunnel endpoint ip address Add possiblity to add ip address and mtu on dpdk ovs bridge to be able use VXLAN as tenant segmentation. Change-Id: I1394d30c5d9935218841b17ff7651dac7b4abefa Epic: PROD-8957
před 8 roky
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
před 8 roky
Adding lacp support for ovs dpdk bond Change-Id: Icd1745d401ec275687a007e6683175a13569f2b4
před 6 roky
Linux OVS dpdk vxlan tunnel endpoint ip address Add possiblity to add ip address and mtu on dpdk ovs bridge to be able use VXLAN as tenant segmentation. Change-Id: I1394d30c5d9935218841b17ff7651dac7b4abefa Epic: PROD-8957
před 8 roky
[dpdk] Support ovs bridge tagging Bring in "tag" option for dpdk/ovs bridges to support vlan-tagged vxlan mode. Change-Id: I7f1f88233694f2c8b968a6cf55584f32879ec042
před 7 roky
Linux OVS dpdk vxlan tunnel endpoint ip address Add possiblity to add ip address and mtu on dpdk ovs bridge to be able use VXLAN as tenant segmentation. Change-Id: I1394d30c5d9935218841b17ff7651dac7b4abefa Epic: PROD-8957
před 8 roky
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
před 8 roky
Add ability to add linux network interface into OVS dpdk bridge Change-Id: I1c78c9ccbc14cefff8226db50258b56a713abfd5 Related-Prod: PROD-18111
před 7 roky
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
před 8 roky
Initial commit
před 9 roky
Fix mount examples in the README The enabled flag is mandatory.
před 8 roky
Initial commit
před 9 roky
nfs storage mount
před 7 roky
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
před 8 roky
Initial commit
před 9 roky
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
před 8 roky
add swap partition support
před 9 roky
Support for LVM
před 9 roky
Fix mount examples in the README The enabled flag is mandatory.
před 8 roky
Support for LVM
před 9 roky
Disk partitioning Ability to create partitions on empty disks. Change-Id: I0a71da9d62d8f7df3fa03e3f34d49bad6988ba6d
před 7 roky
add startsector for partitions
před 7 roky
Disk partitioning Ability to create partitions on empty disks. Change-Id: I0a71da9d62d8f7df3fa03e3f34d49bad6988ba6d
před 7 roky
add startsector for partitions
před 7 roky
Disk partitioning Ability to create partitions on empty disks. Change-Id: I0a71da9d62d8f7df3fa03e3f34d49bad6988ba6d
před 7 roky
Extend by mkfs for XFS filesystem Change-Id: I3a6a8fc227cb9abd785b342584038e34d57a4175
před 7 roky
Disk partitioning Ability to create partitions on empty disks. Change-Id: I0a71da9d62d8f7df3fa03e3f34d49bad6988ba6d
před 7 roky
Refactored multipath support
před 8 roky
Presenting pam_ldap auth for linux feature This patch implements pam ldap integration for linux host. Related Prod: PROD-16022 Customer-Found Change-Id: I2a05cfb4821d176724f03c61253700ef1f4d0bd8
před 7 roky
* Splitting pam modules: - ldap - mkhomedir * Fixing dependency for mkhomedir refresh * Adding an ability to disable and enable moules Prod-Related: EME-220 Change-Id: I94feab03cef82c515c9c430b9828653e87100425
před 6 roky
Presenting pam_ldap auth for linux feature This patch implements pam ldap integration for linux host. Related Prod: PROD-16022 Customer-Found Change-Id: I2a05cfb4821d176724f03c61253700ef1f4d0bd8
před 7 roky
Refactored multipath support
před 8 roky
Add linux.storage.loopback state This state allows to configure loopback device(s). This isn't meant to be used in production but offers a cheap way to test Cinder with LVM volumes.
před 8 roky
Add support for external config generation
před 8 roky
netconsole remote kernel logger To configure: * set system.netconsole.enabled to true * create system.netconsole.target dict * set a record with IP address and MAC and interface as subdict It works with both static and DHCP interfaces, and applies online. You could use bash-scripting in netconsole.conf. You could override the MAC. See tests/pillar/system.sls for further information. Change-Id: I1cbde47575eb5d32a34cd6d79a063f42dbea7643
před 7 roky
Refactored multipath support
před 8 roky
Initial commit
před 9 roky
Unify Makefile, .gitignore and update readme
před 8 roky
 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730173117321733173417351736173717381739174017411742174317441745174617471748174917501751175217531754175517561757175817591760176117621763176417651766176717681769177017711772177317741775177617771778177917801781178217831784178517861787178817891790179117921793179417951796179717981799180018011802180318041805180618071808180918101811181218131814181518161817181818191820182118221823182418251826182718281829183018311832183318341835183618371838183918401841184218431844184518461847184818491850185118521853185418551856185718581859186018611862186318641865186618671868186918701871187218731874187518761877187818791880188118821883188418851886188718881889189018911892189318941895189618971898189919001901190219031904190519061907190819091910191119121913191419151916191719181919192019211922192319241925192619271928192919301931193219331934193519361937193819391940194119421943194419451946194719481949195019511952195319541955195619571958195919601961196219631964196519661967196819691970197119721973197419751976197719781979198019811982198319841985198619871988198919901991199219931994199519961997199819992000200120022003200420052006 
  1. ============

  2. Linux Fomula

  3. ============

  4. 

  5. Linux Operating Systems.

  6. 

  7. * Ubuntu

  8. * CentOS

  9. * RedHat

  10. * Fedora

  11. * Arch

  12. 

  13. Sample Pillars

  14. ==============

  15. 

  16. 

  17. Linux System

  18. ------------

  19. 

  20. Basic Linux box

  21. 

  22. .. code-block:: yaml

  23. 

  24.     linux:

  25.       system:

  26.         enabled: true

  27.         name: 'node1'

  28.         domain: 'domain.com'

  29.         cluster: 'system'

  30.         environment: prod

  31.         timezone: 'Europe/Prague'

  32.         utc: true

  33. 

  34. Linux with system users, some with password set:

  35. .. WARNING::

  36. If no 'password' variable has been passed - any predifined password

  37. will be removed.

  38. 

  39. .. code-block:: yaml

  40. 

  41.     linux:

  42.       system:

  43.         ...

  44.         user:

  45.           jdoe:

  46.             name: 'jdoe'

  47.             enabled: true

  48.             sudo: true

  49.             shell: /bin/bash

  50.             full_name: 'Jonh Doe'

  51.             home: '/home/jdoe'

  52.             home_dir_mode: 755

  53.             email: 'jonh@doe.com'

  54.           jsmith:

  55.             name: 'jsmith'

  56.             enabled: true

  57.             full_name: 'With clear password'

  58.             home: '/home/jsmith'

  59.             hash_password: true

  60.             password: "userpassword"

  61.           mark:

  62.             name: 'mark'

  63.             enabled: true

  64.             full_name: "unchange password'

  65.             home: '/home/mark'

  66.             password: false

  67.           elizabeth:

  68.             name: 'elizabeth'

  69.             enabled: true

  70.             full_name: 'With hased password'

  71.             home: '/home/elizabeth'

  72.             password: "$6$nUI7QEz3$dFYjzQqK5cJ6HQ38KqG4gTWA9eJu3aKx6TRVDFh6BVJxJgFWg2akfAA7f1fCxcSUeOJ2arCO6EEI6XXnHXxG10"

  73. 

  74. Configure sudo for users and groups under ``/etc/sudoers.d/``.

  75. This ways ``linux.system.sudo`` pillar map to actual sudo attributes:

  76. 

  77. .. code-block:: jinja

  78. 

  79.    # simplified template:

  80.    Cmds_Alias {{ alias }}={{ commands }}

  81.    {{ user }}   {{ hosts }}=({{ runas }}) NOPASSWD: {{ commands }}

  82.    %{{ group }} {{ hosts }}=({{ runas }}) NOPASSWD: {{ commands }}

  83. 

  84.    # when rendered:

  85.    saltuser1 ALL=(ALL) NOPASSWD: ALL

  86. 

  87. .. code-block:: yaml

  88. 

  89.   linux:

  90.     system:

  91.       sudo:

  92.         enabled: true

  93.         aliases:

  94.           host:

  95.             LOCAL:

  96.             - localhost

  97.             PRODUCTION:

  98.             - db1

  99.             - db2

  100.           runas:

  101.             DBA:

  102.             - postgres

  103.             - mysql

  104.             SALT:

  105.             - root

  106.           command:

  107.             # Note: This is not 100% safe when ALL keyword is used, user still may modify configs and hide his actions.

  108.             #       Best practice is to specify full list of commands user is allowed to run.

  109.             SUPPORT_RESTRICTED:

  110.             - /bin/vi /etc/sudoers*

  111.             - /bin/vim /etc/sudoers*

  112.             - /bin/nano /etc/sudoers*

  113.             - /bin/emacs /etc/sudoers*

  114.             - /bin/su - root

  115.             - /bin/su -

  116.             - /bin/su

  117.             - /usr/sbin/visudo

  118.             SUPPORT_SHELLS:

  119.             - /bin/sh

  120.             - /bin/ksh

  121.             - /bin/bash

  122.             - /bin/rbash

  123.             - /bin/dash

  124.             - /bin/zsh

  125.             - /bin/csh

  126.             - /bin/fish

  127.             - /bin/tcsh

  128.             - /usr/bin/login

  129.             - /usr/bin/su

  130.             - /usr/su

  131.             ALL_SALT_SAFE:

  132.             - /usr/bin/salt state*

  133.             - /usr/bin/salt service*

  134.             - /usr/bin/salt pillar*

  135.             - /usr/bin/salt grains*

  136.             - /usr/bin/salt saltutil*

  137.             - /usr/bin/salt-call state*

  138.             - /usr/bin/salt-call service*

  139.             - /usr/bin/salt-call pillar*

  140.             - /usr/bin/salt-call grains*

  141.             - /usr/bin/salt-call saltutil*

  142.             SALT_TRUSTED:

  143.             - /usr/bin/salt*

  144.         users:

  145.           # saltuser1 with default values: saltuser1 ALL=(ALL) NOPASSWD: ALL

  146.           saltuser1: {}

  147.           saltuser2:

  148.             hosts:

  149.             - LOCAL

  150.           # User Alias DBA

  151.           DBA:

  152.             hosts:

  153.             - ALL

  154.             commands:

  155.             - ALL_SALT_SAFE

  156.         groups:

  157.           db-ops:

  158.             hosts:

  159.             - ALL

  160.             - '!PRODUCTION'

  161.             runas:

  162.             - DBA

  163.             commands:

  164.             - /bin/cat *

  165.             - /bin/less *

  166.             - /bin/ls *

  167.           salt-ops:

  168.             hosts:

  169.             - 'ALL'

  170.             runas:

  171.             - SALT

  172.             commands:

  173.             - SUPPORT_SHELLS

  174.           salt-ops-2nd:

  175.             name: salt-ops

  176.             nopasswd: false

  177.             setenv: true # Enable sudo -E option

  178.             runas:

  179.             - DBA

  180.             commands:

  181.             - ALL

  182.             - '!SUPPORT_SHELLS'

  183.             - '!SUPPORT_RESTRICTED'

  184. 

  185. Linux with package, latest version

  186. 

  187. .. code-block:: yaml

  188. 

  189.     linux:

  190.       system:

  191.         ...

  192.         package:

  193.           package-name:

  194.             version: latest

  195. 

  196. Linux with package from certail repo, version with no upgrades

  197. 

  198. .. code-block:: yaml

  199. 

  200.     linux:

  201.       system:

  202.         ...

  203.         package:

  204.           package-name:

  205.             version: 2132.323

  206.             repo: 'custom-repo'

  207.             hold: true

  208. 

  209. Linux with package from certail repo, version with no GPG verification

  210. 

  211. .. code-block:: yaml

  212. 

  213.     linux:

  214.       system:

  215.         ...

  216.         package:

  217.           package-name:

  218.             version: 2132.323

  219.             repo: 'custom-repo'

  220.             verify: false

  221. 

  222. Linux with autoupdates (automatically install security package updates)

  223. 

  224. .. code-block:: yaml

  225. 

  226.     linux:

  227.       system:

  228.         ...

  229.         autoupdates:

  230.           enabled: true

  231.           mail: root@localhost

  232.           mail_only_on_error: true

  233.           remove_unused_dependencies: false

  234.           automatic_reboot: true

  235.           automatic_reboot_time: "02:00"

  236. 

  237. Linux with cron jobs

  238. By default it will use name as an identifier, unless identifier key is

  239. explicitly set or False (then it will use Salt's default behavior which is

  240. identifier same as command resulting in not being able to change it)

  241. 

  242. .. code-block:: yaml

  243. 

  244.     linux:

  245.       system:

  246.         ...

  247.         job:

  248.           cmd1:

  249.             command: '/cmd/to/run'

  250.             identifier: cmd1

  251.             enabled: true

  252.             user: 'root'

  253.             hour: 2

  254.             minute: 0

  255. 

  256. Linux security limits (limit sensu user memory usage to max 1GB):

  257. 

  258. .. code-block:: yaml

  259. 

  260.     linux:

  261.       system:

  262.         ...

  263.         limit:

  264.           sensu:

  265.             enabled: true

  266.             domain: sensu

  267.             limits:

  268.               - type: hard

  269.                 item: as

  270.                 value: 1000000

  271. 

  272. Enable autologin on tty1 (may work only for Ubuntu 14.04):

  273. 

  274. .. code-block:: yaml

  275. 

  276.     linux:

  277.       system:

  278.         console:

  279.           tty1:

  280.             autologin: root

  281.           # Enable serial console

  282.           ttyS0:

  283.             autologin: root

  284.             rate: 115200

  285.             term: xterm

  286. 

  287. To disable set autologin to `false`.

  288. 

  289. Set ``policy-rc.d`` on Debian-based systems. Action can be any available

  290. command in ``while true`` loop and ``case`` context.

  291. Following will disallow dpkg to stop/start services for cassandra package automatically:

  292. 

  293. .. code-block:: yaml

  294. 

  295.     linux:

  296.       system:

  297.         policyrcd:

  298.           - package: cassandra

  299.             action: exit 101

  300.           - package: '*'

  301.             action: switch

  302. 

  303. Set system locales:

  304. 

  305. .. code-block:: yaml

  306. 

  307.     linux:

  308.       system:

  309.         locale:

  310.           en_US.UTF-8:

  311.             default: true

  312.           "cs_CZ.UTF-8 UTF-8":

  313.             enabled: true

  314. 

  315. Systemd settings:

  316. 

  317. .. code-block:: yaml

  318. 

  319.     linux:

  320.       system:

  321.         ...

  322.         systemd:

  323.           system:

  324.             Manager:

  325.               DefaultLimitNOFILE: 307200

  326.               DefaultLimitNPROC: 307200

  327.           user:

  328.             Manager:

  329.               DefaultLimitCPU: 2

  330.               DefaultLimitNPROC: 4

  331. 

  332. Ensure presence of directory:

  333. 

  334. .. code-block:: yaml

  335. 

  336.     linux:

  337.       system:

  338.         directory:

  339.           /tmp/test:

  340.             user: root

  341.             group: root

  342.             mode: 700

  343.             makedirs: true

  344. 

  345. Ensure presence of file by specifying it's source:

  346. 

  347. .. code-block:: yaml

  348. 

  349.     linux:

  350.       system:

  351.         file:

  352.           /tmp/test.txt:

  353.             source: http://example.com/test.txt

  354.             user: root #optional

  355.             group: root #optional

  356.             mode: 700 #optional

  357.             dir_mode: 700 #optional

  358.             encoding: utf-8 #optional

  359.             hash: <<hash>> or <<URI to hash>> #optional

  360.             makedirs: true #optional

  361. 

  362.     linux:

  363.       system:

  364.         file:

  365.           test.txt:

  366.             name: /tmp/test.txt

  367.             source: http://example.com/test.txt

  368. 

  369. Ensure presence of file by specifying it's contents:

  370. 

  371. .. code-block:: yaml

  372. 

  373.     linux:

  374.       system:

  375.         file:

  376.           /tmp/test.txt:

  377.             contents: |

  378.               line1

  379.               line2

  380. 

  381.     linux:

  382.       system:

  383.         file:

  384.           /tmp/test.txt:

  385.             contents_pillar: linux:network:hostname

  386. 

  387.     linux:

  388.       system:

  389.         file:

  390.           /tmp/test.txt:

  391.             contents_grains: motd

  392. 

  393. Ensure presence of file to be serialized through one of the serializer modules

  394. (see: https://docs.saltstack.com/en/latest/ref/serializers/all/index.html):

  395. 

  396. .. code-block:: yaml

  397. 

  398.     linux:

  399.       system:

  400.         file:

  401.           /tmp/test.json:

  402.             serialize: json

  403.             contents:

  404.               foo: 1

  405.               bar: 'bar'

  406. 

  407. Kernel

  408. ~~~~~~

  409. 

  410. Install always up to date LTS kernel and headers from Ubuntu trusty:

  411. 

  412. .. code-block:: yaml

  413. 

  414.     linux:

  415.       system:

  416.         kernel:

  417.           type: generic

  418.           lts: trusty

  419.           headers: true

  420. 

  421. Load kernel modules and add them to `/etc/modules`:

  422. 

  423. .. code-block:: yaml

  424. 

  425.     linux:

  426.       system:

  427.         kernel:

  428.           modules:

  429.             - nf_conntrack

  430.             - tp_smapi

  431.             - 8021q

  432. 

  433. Configure or blacklist kernel modules with additional options to `/etc/modprobe.d` following example

  434. will add `/etc/modprobe.d/nf_conntrack.conf` file with line `options nf_conntrack hashsize=262144`:

  435. 

  436. .. code-block:: yaml

  437. 

  438.     linux:

  439.       system:

  440.         kernel:

  441.           module:

  442.             nf_conntrack:

  443.               option:

  444.                 hashsize: 262144

  445. 

  446. 

  447. 

  448. Install specific kernel version and ensure all other kernel packages are

  449. not present. Also install extra modules and headers for this kernel:

  450. 

  451. .. code-block:: yaml

  452. 

  453.     linux:

  454.       system:

  455.         kernel:

  456.           type: generic

  457.           extra: true

  458.           headers: true

  459.           version: 4.2.0-22

  460. 

  461. Systcl kernel parameters

  462. 

  463. .. code-block:: yaml

  464. 

  465.     linux:

  466.       system:

  467.         kernel:

  468.           sysctl:

  469.             net.ipv4.tcp_keepalive_intvl: 3

  470.             net.ipv4.tcp_keepalive_time: 30

  471.             net.ipv4.tcp_keepalive_probes: 8

  472. 

  473. Configure kernel boot options:

  474. 

  475. .. code-block:: yaml

  476. 

  477.     linux:

  478.       system:

  479.         kernel:

  480.           boot_options:

  481.             - elevator=deadline

  482.             - spectre_v2=off

  483.             - nopti

  484. 

  485. 

  486. CPU

  487. ~~~

  488. 

  489. Enable cpufreq governor for every cpu:

  490. 

  491. .. code-block:: yaml

  492. 

  493.     linux:

  494.       system:

  495.         cpu:

  496.           governor: performance

  497. 

  498. 

  499. CGROUPS

  500. ~~~~~~~

  501. 

  502. Setup linux cgroups:

  503. 

  504. .. code-block:: yaml

  505. 

  506.     linux:

  507.       system:

  508.         cgroup:

  509.           enabled: true

  510.           group:

  511.             ceph_group_1:

  512.               controller:

  513.                 cpu:

  514.                   shares:

  515.                     value: 250

  516.                 cpuacct:

  517.                   usage:

  518.                     value: 0

  519.                 cpuset:

  520.                   cpus:

  521.                     value: 1,2,3

  522.                 memory:

  523.                   limit_in_bytes:

  524.                     value: 2G

  525.                   memsw.limit_in_bytes:

  526.                     value: 3G

  527.               mapping:

  528.                 subjects:

  529.                 - '@ceph'

  530.             generic_group_1:

  531.               controller:

  532.                 cpu:

  533.                   shares:

  534.                     value: 250

  535.                 cpuacct:

  536.                   usage:

  537.                     value: 0

  538.               mapping:

  539.                 subjects:

  540.                 - '*:firefox'

  541.                 - 'student:cp'

  542. 

  543. 

  544. Shared Libraries

  545. ~~~~~~~~~~~~~~~~

  546. 

  547. Set additional shared library to Linux system library path

  548. 

  549. .. code-block:: yaml

  550. 

  551.     linux:

  552.       system:

  553.         ld:

  554.           library:

  555.             java:

  556.               - /usr/lib/jvm/jre-openjdk/lib/amd64/server

  557.               - /opt/java/jre/lib/amd64/server

  558. 

  559. 

  560. Certificates

  561. ~~~~~~~~~~~~

  562. 

  563. Add certificate authority into system trusted CA bundle

  564. 

  565. .. code-block:: yaml

  566. 

  567.     linux:

  568.       system:

  569.         ca_certificates:

  570.           mycert: |

  571.             -----BEGIN CERTIFICATE-----

  572.             MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG

  573.             A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz

  574.             cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2

  575.             MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV

  576.             BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt

  577.             YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN

  578.             ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE

  579.             BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is

  580.             I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G

  581.             CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do

  582.             lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc

  583.             AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k

  584.             -----END CERTIFICATE-----

  585. 

  586. Sysfs

  587. ~~~~~

  588. 

  589. Install sysfsutils and set sysfs attributes:

  590. 

  591. .. code-block:: yaml

  592. 

  593.     linux:

  594.       system:

  595.         sysfs:

  596.           scheduler:

  597.             block/sda/queue/scheduler: deadline

  598.           power:

  599.             mode:

  600.               power/state: 0660

  601.             owner:

  602.               power/state: "root:power"

  603.             devices/system/cpu/cpu0/cpufreq/scaling_governor: powersave

  604. 

  605. Optional: You can also use list that will ensure order of items.

  606. 

  607. .. code-block:: yaml

  608. 

  609.     linux:

  610.       system:

  611.         sysfs:

  612.           scheduler:

  613.             block/sda/queue/scheduler: deadline

  614.           power:

  615.             - mode:

  616.                 power/state: 0660

  617.             - owner:

  618.                 power/state: "root:power"

  619.             - devices/system/cpu/cpu0/cpufreq/scaling_governor: powersave

  620. 

  621. Huge Pages

  622. ~~~~~~~~~~~~

  623. 

  624. Huge Pages give a performance boost to applications that intensively deal

  625. with memory allocation/deallocation by decreasing memory fragmentation.

  626. 

  627. .. code-block:: yaml

  628. 

  629.     linux:

  630.       system:

  631.         kernel:

  632.           hugepages:

  633.             small:

  634.               size: 2M

  635.               count: 107520

  636.               mount_point: /mnt/hugepages_2MB

  637.               mount: false/true # default is true (mount immediately) / false (just save in the fstab)

  638.             large:

  639.               default: true # default automatically mounted

  640.               size: 1G

  641.               count: 210

  642.               mount_point: /mnt/hugepages_1GB

  643. 

  644. Note: not recommended to use both pagesizes in concurrently.

  645. 

  646. Intel SR-IOV

  647. ~~~~~~~~~~~~

  648. 

  649. PCI-SIG Single Root I/O Virtualization and Sharing (SR-IOV) specification defines a standardized mechanism to virtualize PCIe devices. The mechanism can virtualize a single PCIe Ethernet controller to appear as multiple PCIe devices.

  650. 

  651. .. code-block:: yaml

  652. 

  653.     linux:

  654.       system:

  655.         kernel:

  656.           sriov: True

  657.           unsafe_interrupts: False # Default is false. for older platforms and AMD we need to add interrupt remapping workaround

  658.         rc:

  659.           local: |

  660.             #!/bin/sh -e

  661.             # Enable 7 VF on eth1

  662.             echo 7 > /sys/class/net/eth1/device/sriov_numvfs; sleep 2; ifup -a

  663.             exit 0

  664. 

  665. Isolate CPU options

  666. ~~~~~~~~~~~~~~~~~~~

  667. 

  668. Remove the specified CPUs, as defined by the cpu_number values, from the general kernel

  669. SMP balancing and scheduler algroithms. The only way to move a process onto or off an

  670. "isolated" CPU is via the CPU affinity syscalls. cpu_number begins at 0, so the

  671. maximum value is 1 less than the number of CPUs on the system.

  672. 

  673. .. code-block:: yaml

  674. 

  675.     linux:

  676.       system:

  677.         kernel:

  678.           isolcpu: 1,2,3,4,5,6,7 # isolate first cpu 0

  679. 

  680. Repositories

  681. ~~~~~~~~~~~~

  682. 

  683. RedHat based Linux with additional OpenStack repo

  684. 

  685. .. code-block:: yaml

  686. 

  687.     linux:

  688.       system:

  689.         ...

  690.         repo:

  691.           rdo-icehouse:

  692.             enabled: true

  693.             source: 'http://repos.fedorapeople.org/repos/openstack/openstack-icehouse/epel-6/'

  694.             pgpcheck: 0

  695. 

  696. Ensure system repository to use czech Debian mirror (``default: true``)

  697. Also pin it's packages with priority 900.

  698. 

  699. .. code-block:: yaml

  700. 

  701.    linux:

  702.      system:

  703.        repo:

  704.          debian:

  705.            default: true

  706.            source: "deb http://ftp.cz.debian.org/debian/ jessie main contrib non-free"

  707.            # Import signing key from URL if needed

  708.            key_url: "http://dummy.com/public.gpg"

  709.            pin:

  710.              - pin: 'origin "ftp.cz.debian.org"'

  711.                priority: 900

  712.                package: '*'

  713. 

  714. .. note:: For old ubuntu releases (<xenial)

  715.           extra packages for apt transport, like ``apt-transport-https``

  716.           may be required to be installed manually.

  717.           (Chicken-eggs problem: we need to install packages to

  718.           reach repo from where they should be installed)

  719.           Otherwise, you still can try 'fortune' and install prereq.packages before

  720.           any repo configuration, using list of requires in map.jinja.

  721. 

  722. 

  723. Disabling any prerequirment packages installation:

  724. You can simply drop any package pre-installation (before system.linux.repo

  725. will be processed) via cluster lvl:

  726. 

  727. .. code-block:: yaml

  728. 

  729.    linux:

  730.      system:

  731.        pkgs: ~

  732. 

  733. 

  734. Package manager proxy setup globally:

  735. 

  736. .. code-block:: yaml

  737. 

  738.     linux:

  739.       system:

  740.         ...

  741.         repo:

  742.           apt-mk:

  743.             source: "deb http://apt-mk.mirantis.com/ stable main salt"

  744.         ...

  745.         proxy:

  746.           pkg:

  747.             enabled: true

  748.             ftp:   ftp://ftp-proxy-for-apt.host.local:2121

  749.           ...

  750.           # NOTE: Global defaults for any other componet that configure proxy on the system.

  751.           #       If your environment has just one simple proxy, set it on linux:system:proxy.

  752.           #

  753.           # fall back system defaults if linux:system:proxy:pkg has no protocol specific entries

  754.           # as for https and http

  755.           ftp:   ftp://proxy.host.local:2121

  756.           http:  http://proxy.host.local:3142

  757.           https: https://proxy.host.local:3143

  758. 

  759. Package manager proxy setup per repository:

  760. 

  761. .. code-block:: yaml

  762. 

  763.     linux:

  764.       system:

  765.         ...

  766.         repo:

  767.           debian:

  768.             source: "deb http://apt-mk.mirantis.com/ stable main salt"

  769.         ...

  770.           apt-mk:

  771.             source: "deb http://apt-mk.mirantis.com/ stable main salt"

  772.             # per repository proxy

  773.             proxy:

  774.               enabled: true

  775.               http:  http://maas-01:8080

  776.               https: http://maas-01:8080

  777.         ...

  778.         proxy:

  779.           # package manager fallback defaults

  780.           # used if linux:system:repo:apt-mk:proxy has no protocol specific entries

  781.           pkg:

  782.             enabled: true

  783.             ftp:   ftp://proxy.host.local:2121

  784.             #http:  http://proxy.host.local:3142

  785.             #https: https://proxy.host.local:3143

  786.           ...

  787.           # global system fallback system defaults

  788.           ftp:   ftp://proxy.host.local:2121

  789.           http:  http://proxy.host.local:3142

  790.           https: https://proxy.host.local:3143

  791. 

  792. 

  793. Remove all repositories:

  794. 

  795. .. code-block:: yaml

  796. 

  797.     linux:

  798.       system:

  799.         purge_repos: true

  800. 

  801. Refresh repositories metada, after configuration:

  802. 

  803. .. code-block:: yaml

  804. 

  805.     linux:

  806.       system:

  807.         refresh_repos_meta: true

  808. 

  809. Setup custom apt config options:

  810. 

  811. .. code-block:: yaml

  812. 

  813.     linux:

  814.       system:

  815.         apt:

  816.           config:

  817.             compression-workaround:

  818.               "Acquire::CompressionTypes::Order": "gz"

  819.             docker-clean:

  820.               "DPkg::Post-Invoke":

  821.                 - "rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true"

  822.               "APT::Update::Post-Invoke":

  823.                 - "rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true"

  824. 

  825. RC

  826. ~~

  827. 

  828. rc.local example

  829. 

  830. .. code-block:: yaml

  831. 

  832.    linux:

  833.      system:

  834.        rc:

  835.          local: |

  836.            #!/bin/sh -e

  837.            #

  838.            # rc.local

  839.            #

  840.            # This script is executed at the end of each multiuser runlevel.

  841.            # Make sure that the script will "exit 0" on success or any other

  842.            # value on error.

  843.            #

  844.            # In order to enable or disable this script just change the execution

  845.            # bits.

  846.            #

  847.            # By default this script does nothing.

  848.            exit 0

  849. 

  850. 

  851. Prompt

  852. ~~~~~~

  853. 

  854. Setting prompt is implemented by creating ``/etc/profile.d/prompt.sh``. Every

  855. user can have different prompt.

  856. 

  857. .. code-block:: yaml

  858. 

  859.     linux:

  860.       system:

  861.         prompt:

  862.           root: \\n\\[\\033[0;37m\\]\\D{%y/%m/%d %H:%M:%S} $(hostname -f)\\[\\e[0m\\]\\n\\[\\e[1;31m\\][\\u@\\h:\\w]\\[\\e[0m\\]

  863.           default: \\n\\D{%y/%m/%d %H:%M:%S} $(hostname -f)\\n[\\u@\\h:\\w]

  864. 

  865. On Debian systems to set prompt system-wide it's necessary to remove setting

  866. PS1 in ``/etc/bash.bashrc`` and ``~/.bashrc`` (which comes from

  867. ``/etc/skel/.bashrc``). This formula will do this automatically, but will not

  868. touch existing user's ``~/.bashrc`` files except root.

  869. 

  870. Bash

  871. ~~~~

  872. 

  873. Fix bash configuration to preserve history across sessions (like ZSH does by

  874. default).

  875. 

  876. .. code-block:: yaml

  877. 

  878.     linux:

  879.       system:

  880.         bash:

  881.           preserve_history: true

  882. 

  883. Login banner message

  884. ~~~~~~~~~~~~~~~~~~~~

  885. 

  886. /etc/issue is a text file which contains a message or system

  887. identification to be printed before the login prompt.  It may contain

  888. various @char and \char sequences, if supported by the getty-type

  889. program employed on the system.

  890. 

  891. Setting logon banner message is easy:

  892. 

  893. .. code-block:: yaml

  894. 

  895.     liunx:

  896.       system:

  897.         banner:

  898.           enabled: true

  899.           contents: |

  900.             UNAUTHORIZED ACCESS TO THIS SYSTEM IS PROHIBITED

  901. 

  902.             You must have explicit, authorized permission to access or configure this

  903.             device. Unauthorized attempts and actions to access or use this system may

  904.             result in civil and/or criminal penalties.

  905.             All activities performed on this system are logged and monitored.

  906. 

  907. Message of the day

  908. ~~~~~~~~~~~~~~~~~~

  909. 

  910. ``pam_motd`` from package ``libpam-modules`` is used for dynamic messages of the

  911. day. Setting custom motd will cleanup existing ones.

  912. 

  913. Setting static motd will replace existing ``/etc/motd`` and remove scripts from

  914. ``/etc/update-motd.d``.

  915. 

  916. Setting static motd:

  917. 

  918. .. code-block:: yaml

  919. 

  920.     linux:

  921.       system:

  922.         motd: |

  923.           UNAUTHORIZED ACCESS TO THIS SYSTEM IS PROHIBITED

  924. 

  925.           You must have explicit, authorized permission to access or configure this

  926.           device. Unauthorized attempts and actions to access or use this system may

  927.           result in civil and/or criminal penalties.

  928.           All activities performed on this system are logged and monitored.

  929. 

  930. Setting dynamic motd:

  931. 

  932. .. code-block:: yaml

  933. 

  934.     linux:

  935.       system:

  936.         motd:

  937.           - release: |

  938.               #!/bin/sh

  939.               [ -r /etc/lsb-release ] && . /etc/lsb-release

  940. 

  941.               if [ -z "$DISTRIB_DESCRIPTION" ] && [ -x /usr/bin/lsb_release ]; then

  942.               	# Fall back to using the very slow lsb_release utility

  943.               	DISTRIB_DESCRIPTION=$(lsb_release -s -d)

  944.               fi

  945. 

  946.               printf "Welcome to %s (%s %s %s)\n" "$DISTRIB_DESCRIPTION" "$(uname -o)" "$(uname -r)" "$(uname -m)"

  947.           - warning: |

  948.               #!/bin/sh

  949.               printf "This is [company name] network.\n"

  950.               printf "Unauthorized access strictly prohibited.\n"

  951. 

  952. Services

  953. ~~~~~~~~

  954. 

  955. Stop and disable linux service:

  956. 

  957. .. code-block:: yaml

  958. 

  959.     linux:

  960.       system:

  961.         service:

  962.           apt-daily.timer:

  963.             status: dead

  964. 

  965. Possible status is dead (disable service by default), running (enable service by default), enabled, disabled.

  966. 

  967. Linux with atop service:

  968. 

  969. .. code-block:: yaml

  970. 

  971.     linux:

  972.       system:

  973.         atop:

  974.           enabled: true

  975.           interval: 20

  976.           logpath: "/var/log/atop"

  977.           outfile: "/var/log/atop/daily.log"

  978. 

  979. Linux with mcelog service:

  980. 

  981. .. code-block:: yaml

  982. 

  983.     linux:

  984.       system:

  985.         mcelog:

  986.           enabled: true

  987.           logging:

  988.             syslog: true

  989.             syslog_error: true

  990. 

  991. RHEL / CentOS

  992. ^^^^^^^^^^^^^

  993. 

  994. Unfortunately ``update-motd`` is currently not available for RHEL so there's

  995. no native support for dynamic motd.

  996. You can still set static one, only pillar structure differs:

  997. 

  998. .. code-block:: yaml

  999. 

  1000.     linux:

  1001.       system:

  1002.         motd: |

  1003.           This is [company name] network.

  1004.           Unauthorized access strictly prohibited.

  1005. 

  1006. Haveged

  1007. ~~~~~~~

  1008. 

  1009. If you are running headless server and are low on entropy, it may be a good

  1010. idea to setup Haveged.

  1011. 

  1012. .. code-block:: yaml

  1013. 

  1014.     linux:

  1015.       system:

  1016.         haveged:

  1017.           enabled: true

  1018. 

  1019. Linux network

  1020. -------------

  1021. 

  1022. Linux with network manager

  1023. 

  1024. .. code-block:: yaml

  1025. 

  1026.     linux:

  1027.       network:

  1028.         enabled: true

  1029.         network_manager: true

  1030. 

  1031. Linux with default static network interfaces, default gateway interface and DNS servers

  1032. 

  1033. .. code-block:: yaml

  1034. 

  1035.     linux:

  1036.       network:

  1037.         enabled: true

  1038.         interface:

  1039.           eth0:

  1040.             enabled: true

  1041.             type: eth

  1042.             address: 192.168.0.102

  1043.             netmask: 255.255.255.0

  1044.             gateway: 192.168.0.1

  1045.             name_servers:

  1046.             - 8.8.8.8

  1047.             - 8.8.4.4

  1048.             mtu: 1500

  1049. 

  1050. Linux with bonded interfaces and disabled NetworkManager

  1051. 

  1052. .. code-block:: yaml

  1053. 

  1054.     linux:

  1055.       network:

  1056.         enabled: true

  1057.         interface:

  1058.           eth0:

  1059.             type: eth

  1060.             ...

  1061.           eth1:

  1062.             type: eth

  1063.             ...

  1064.           bond0:

  1065.             enabled: true

  1066.             type: bond

  1067.             address: 192.168.0.102

  1068.             netmask: 255.255.255.0

  1069.             mtu: 1500

  1070.             use_in:

  1071.             - interface: ${linux:interface:eth0}

  1072.             - interface: ${linux:interface:eth0}

  1073.         network_manager:

  1074.           disable: true

  1075. 

  1076. Linux with vlan interface_params

  1077. 

  1078. .. code-block:: yaml

  1079. 

  1080.     linux:

  1081.       network:

  1082.         enabled: true

  1083.         interface:

  1084.           vlan69:

  1085.             type: vlan

  1086.             use_interfaces:

  1087.             - interface: ${linux:interface:bond0}

  1088. 

  1089. Linux with wireless interface parameters

  1090. 

  1091. .. code-block:: yaml

  1092. 

  1093.     linux:

  1094.       network:

  1095.         enabled: true

  1096.         gateway: 10.0.0.1

  1097.         default_interface: eth0

  1098.         interface:

  1099.           wlan0:

  1100.             type: eth

  1101.             wireless:

  1102.               essid: example

  1103.               key: example_key

  1104.               security: wpa

  1105.               priority: 1

  1106. 

  1107. Linux networks with routes defined

  1108. 

  1109. .. code-block:: yaml

  1110. 

  1111.     linux:

  1112.       network:

  1113.         enabled: true

  1114.         gateway: 10.0.0.1

  1115.         default_interface: eth0

  1116.         interface:

  1117.           eth0:

  1118.             type: eth

  1119.             route:

  1120.               default:

  1121.                 address: 192.168.0.123

  1122.                 netmask: 255.255.255.0

  1123.                 gateway: 192.168.0.1

  1124. 

  1125. Native Linux Bridges

  1126. 

  1127. .. code-block:: yaml

  1128. 

  1129.     linux:

  1130.       network:

  1131.         interface:

  1132.           eth1:

  1133.             enabled: true

  1134.             type: eth

  1135.             proto: manual

  1136.             up_cmds:

  1137.             - ip address add 0/0 dev $IFACE

  1138.             - ip link set $IFACE up

  1139.             down_cmds:

  1140.             - ip link set $IFACE down

  1141.           br-ex:

  1142.             enabled: true

  1143.             type: bridge

  1144.             address: ${linux:network:host:public_local:address}

  1145.             netmask: 255.255.255.0

  1146.             use_interfaces:

  1147.             - eth1

  1148. 

  1149. OpenVswitch Bridges

  1150. 

  1151. .. code-block:: yaml

  1152. 

  1153.     linux:

  1154.       network:

  1155.         bridge: openvswitch

  1156.         interface:

  1157.           eth1:

  1158.             enabled: true

  1159.             type: eth

  1160.             proto: manual

  1161.             up_cmds:

  1162.             - ip address add 0/0 dev $IFACE

  1163.             - ip link set $IFACE up

  1164.             down_cmds:

  1165.             - ip link set $IFACE down

  1166.           br-ex:

  1167.             enabled: true

  1168.             type: bridge

  1169.             address: ${linux:network:host:public_local:address}

  1170.             netmask: 255.255.255.0

  1171.             use_interfaces:

  1172.             - eth1

  1173.           br-prv:

  1174.             enabled: true

  1175.             type: ovs_bridge

  1176.             mtu: 65000

  1177.           br-ens7:

  1178.             enabled: true

  1179.             name: br-ens7

  1180.             type: ovs_bridge

  1181.             proto: manual

  1182.             mtu: 9000

  1183.             use_interfaces:

  1184.             - ens7

  1185.           patch-br-ens7-br-prv:

  1186.             enabled: true

  1187.             name: ens7-prv

  1188.             ovs_type: ovs_port

  1189.             type: ovs_port

  1190.             bridge: br-ens7

  1191.             port_type: patch

  1192.             peer: prv-ens7

  1193.             tag: 109 # [] to unset a tag

  1194.             mtu: 65000

  1195.           patch-br-prv-br-ens7:

  1196.             enabled: true

  1197.             name: prv-ens7

  1198.             bridge: br-prv

  1199.             ovs_type: ovs_port

  1200.             type: ovs_port

  1201.             port_type: patch

  1202.             peer: ens7-prv

  1203.             tag: 109

  1204.             mtu: 65000

  1205.           ens7:

  1206.             enabled: true

  1207.             name: ens7

  1208.             proto: manual

  1209.             ovs_port_type: OVSPort

  1210.             type: ovs_port

  1211.             ovs_bridge: br-ens7

  1212.             bridge: br-ens7

  1213. 

  1214. Debian manual proto interfaces

  1215. 

  1216. When you are changing interface proto from static in up state to manual, you

  1217. may need to flush ip addresses. For example, if you want to use the interface

  1218. and the ip on the bridge. This can be done by setting the ``ipflush_onchange``

  1219. to true.

  1220. 

  1221. .. code-block:: yaml

  1222. 

  1223.     linux:

  1224.       network:

  1225.         interface:

  1226.           eth1:

  1227.             enabled: true

  1228.             type: eth

  1229.             proto: manual

  1230.             mtu: 9100

  1231.             ipflush_onchange: true

  1232. 

  1233. Debian static proto interfaces

  1234. 

  1235. When you are changing interface proto from dhcp in up state to static, you

  1236. may need to flush ip addresses and restart interface to assign ip address from a managed file.

  1237. For example, if you want to use the interface and the ip on the bridge.

  1238. This can be done by setting the ``ipflush_onchange`` with combination

  1239. ``restart_on_ipflush`` param set to to true.

  1240. 

  1241. .. code-block:: yaml

  1242. 

  1243.     linux:

  1244.       network:

  1245.         interface:

  1246.           eth1:

  1247.             enabled: true

  1248.             type: eth

  1249.             proto: static

  1250.             address: 10.1.0.22

  1251.             netmask: 255.255.255.0

  1252.             ipflush_onchange: true

  1253.             restart_on_ipflush: true

  1254. 

  1255. Concatinating and removing interface files

  1256. 

  1257. Debian based distributions have `/etc/network/interfaces.d/` directory, where

  1258. you can store configuration of network interfaces in separate files. You can

  1259. concatinate the files to the defined destination when needed, this operation

  1260. removes the file from the `/etc/network/interfaces.d/`. If you just need to

  1261. remove iface files, you can use the `remove_iface_files` key.

  1262. 

  1263. .. code-block:: yaml

  1264. 

  1265.     linux:

  1266.       network:

  1267.         concat_iface_files:

  1268.         - src: '/etc/network/interfaces.d/50-cloud-init.cfg'

  1269.           dst: '/etc/network/interfaces'

  1270.         remove_iface_files:

  1271.         - '/etc/network/interfaces.d/90-custom.cfg'

  1272. 

  1273. 

  1274. DHCP client configuration

  1275. 

  1276. None of the keys is mandatory, include only those you really need. For full list

  1277. of available options under send, supersede, prepend, append refer to dhcp-options(5)

  1278. 

  1279. .. code-block:: yaml

  1280. 

  1281.      linux:

  1282.        network:

  1283.          dhclient:

  1284.            enabled: true

  1285.            backoff_cutoff: 15

  1286.            initial_interval: 10

  1287.            reboot: 10

  1288.            retry: 60

  1289.            select_timeout: 0

  1290.            timeout: 120

  1291.            send:

  1292.              - option: host-name

  1293.                declaration: "= gethostname()"

  1294.            supersede:

  1295.              - option: host-name

  1296.                declaration: "spaceship"

  1297.              - option: domain-name

  1298.                declaration: "domain.home"

  1299.              #- option: arp-cache-timeout

  1300.              #  declaration: 20

  1301.            prepend:

  1302.              - option: domain-name-servers

  1303.                declaration:

  1304.                  - 8.8.8.8

  1305.                  - 8.8.4.4

  1306.              - option: domain-search

  1307.                declaration:

  1308.                  - example.com

  1309.                  - eng.example.com

  1310.            #append:

  1311.              #- option: domain-name-servers

  1312.              #  declaration: 127.0.0.1

  1313.            # ip or subnet to reject dhcp offer from

  1314.            reject:

  1315.              - 192.33.137.209

  1316.              - 10.0.2.0/24

  1317.            request:

  1318.              - subnet-mask

  1319.              - broadcast-address

  1320.              - time-offset

  1321.              - routers

  1322.              - domain-name

  1323.              - domain-name-servers

  1324.              - domain-search

  1325.              - host-name

  1326.              - dhcp6.name-servers

  1327.              - dhcp6.domain-search

  1328.              - dhcp6.fqdn

  1329.              - dhcp6.sntp-servers

  1330.              - netbios-name-servers

  1331.              - netbios-scope

  1332.              - interface-mtu

  1333.              - rfc3442-classless-static-routes

  1334.              - ntp-servers

  1335.            require:

  1336.              - subnet-mask

  1337.              - domain-name-servers

  1338.            # if per interface configuration required add below

  1339.            interface:

  1340.              ens2:

  1341.                initial_interval: 11

  1342.                reject:

  1343.                  - 192.33.137.210

  1344.              ens3:

  1345.                initial_interval: 12

  1346.                reject:

  1347.                  - 192.33.137.211

  1348. 

  1349. Linux network systemd settings:

  1350. 

  1351. .. code-block:: yaml

  1352. 

  1353.     linux:

  1354.       network:

  1355.         ...

  1356.         systemd:

  1357.           link:

  1358.             10-iface-dmz:

  1359.               Match:

  1360.                 MACAddress: c8:5b:67:fa:1a:af

  1361.                 OriginalName: eth0

  1362.               Link:

  1363.                 Name: dmz0

  1364.           netdev:

  1365.             20-bridge-dmz:

  1366.               match:

  1367.                 name: dmz0

  1368.               network:

  1369.                 mescription: bridge

  1370.                 bridge: br-dmz0

  1371.           network:

  1372.           # works with lowercase, keys are by default capitalized

  1373.             40-dhcp:

  1374.               match:

  1375.                 name: '*'

  1376.               network:

  1377.                 DHCP: yes

  1378. 

  1379. 

  1380. Configure global environment variables

  1381. 

  1382. Use ``/etc/environment`` for static system wide variable assignment after

  1383. boot. Variable expansion is frequently not supported.

  1384. 

  1385. .. code-block:: yaml

  1386. 

  1387.     linux:

  1388.       system:

  1389.         env:

  1390.           BOB_VARIABLE: Alice

  1391.           ...

  1392.           BOB_PATH:

  1393.             - /srv/alice/bin

  1394.             - /srv/bob/bin

  1395.           ...

  1396.           ftp_proxy:   none

  1397.           http_proxy:  http://global-http-proxy.host.local:8080

  1398.           https_proxy: ${linux:system:proxy:https}

  1399.           no_proxy:

  1400.             - 192.168.0.80

  1401.             - 192.168.1.80

  1402.             - .domain.com

  1403.             - .local

  1404.         ...

  1405.         # NOTE: global defaults proxy configuration.

  1406.         proxy:

  1407.           ftp:   ftp://proxy.host.local:2121

  1408.           http:  http://proxy.host.local:3142

  1409.           https: https://proxy.host.local:3143

  1410.           noproxy:

  1411.             - .domain.com

  1412.             - .local

  1413. 

  1414. Configure profile.d scripts

  1415. 

  1416. The profile.d scripts are being sourced during .sh execution and support

  1417. variable expansion in opposite to /etc/environment global settings in

  1418. ``/etc/environment``.

  1419. 

  1420. .. code-block:: yaml

  1421. 

  1422.     linux:

  1423.       system:

  1424.         profile:

  1425.           locales: |

  1426.             export LANG=C

  1427.             export LC_ALL=C

  1428.           ...

  1429.           vi_flavors.sh: |

  1430.             export PAGER=view

  1431.             export EDITOR=vim

  1432.             alias vi=vim

  1433.           shell_locales.sh: |

  1434.             export LANG=en_US

  1435.             export LC_ALL=en_US.UTF-8

  1436.           shell_proxies.sh: |

  1437.             export FTP_PROXY=ftp://127.0.3.3:2121

  1438.             export NO_PROXY='.local'

  1439. 

  1440. Linux with hosts

  1441. 

  1442. Parameter purge_hosts will enforce whole /etc/hosts file, removing entries

  1443. that are not defined in model except defaults for both IPv4 and IPv6 localhost

  1444. and hostname + fqdn.

  1445. 

  1446. It's good to use this option if you want to ensure /etc/hosts is always in a

  1447. clean state however it's not enabled by default for safety.

  1448. 

  1449. .. code-block:: yaml

  1450. 

  1451.     linux:

  1452.       network:

  1453.         purge_hosts: true

  1454.         host:

  1455.           # No need to define this one if purge_hosts is true

  1456.           hostname:

  1457.             address: 127.0.1.1

  1458.             names:

  1459.             - ${linux:network:fqdn}

  1460.             - ${linux:network:hostname}

  1461.           node1:

  1462.             address: 192.168.10.200

  1463.             names:

  1464.             - node2.domain.com

  1465.             - service2.domain.com

  1466.           node2:

  1467.             address: 192.168.10.201

  1468.             names:

  1469.             - node2.domain.com

  1470.             - service2.domain.com

  1471. 

  1472. Linux with hosts collected from mine

  1473. 

  1474. In this case all dns records defined within infrastrucuture will be passed to

  1475. local hosts records or any DNS server. Only hosts with `grain` parameter to

  1476. true will be propagated to the mine.

  1477. 

  1478. .. code-block:: yaml

  1479. 

  1480.     linux:

  1481.       network:

  1482.         purge_hosts: true

  1483.         mine_dns_records: true

  1484.         host:

  1485.           node1:

  1486.             address: 192.168.10.200

  1487.             grain: true

  1488.             names:

  1489.             - node2.domain.com

  1490.             - service2.domain.com

  1491. 

  1492. Setup resolv.conf, nameservers, domain and search domains

  1493. 

  1494. .. code-block:: yaml

  1495. 

  1496.     linux:

  1497.       network:

  1498.         resolv:

  1499.           dns:

  1500.           - 8.8.4.4

  1501.           - 8.8.8.8

  1502.           domain: my.example.com

  1503.           search:

  1504.           - my.example.com

  1505.           - example.com

  1506.           options:

  1507.           - ndots: 5

  1508.           - timeout: 2

  1509.           - attempts: 2

  1510. 

  1511. setting custom TX queue length for tap interfaces

  1512. 

  1513. .. code-block:: yaml

  1514. 

  1515.     linux:

  1516.       network:

  1517.         tap_custom_txqueuelen: 10000

  1518. 

  1519. DPDK OVS interfaces

  1520. 

  1521. **DPDK OVS NIC**

  1522. 

  1523. .. code-block:: yaml

  1524. 

  1525.     linux:

  1526.       network:

  1527.         bridge: openvswitch

  1528.         dpdk:

  1529.           enabled: true

  1530.           driver: uio/vfio

  1531.         openvswitch:

  1532.           pmd_cpu_mask: "0x6"

  1533.           dpdk_socket_mem: "1024,1024"

  1534.           dpdk_lcore_mask: "0x400"

  1535.           memory_channels: 2

  1536.         interface:

  1537.           dpkd0:

  1538.             name: ${_param:dpdk_nic}

  1539.             pci: 0000:06:00.0

  1540.             driver: igb_uio/vfio-pci

  1541.             enabled: true

  1542.             type: dpdk_ovs_port

  1543.             n_rxq: 2

  1544.             pmd_rxq_affinity: "0:1,1:2"

  1545.             bridge: br-prv

  1546.             mtu: 9000

  1547.           br-prv:

  1548.             enabled: true

  1549.             type: dpdk_ovs_bridge

  1550. 

  1551. **DPDK OVS Bond**

  1552. 

  1553. .. code-block:: yaml

  1554. 

  1555.     linux:

  1556.       network:

  1557.         bridge: openvswitch

  1558.         dpdk:

  1559.           enabled: true

  1560.           driver: uio/vfio

  1561.         openvswitch:

  1562.           pmd_cpu_mask: "0x6"

  1563.           dpdk_socket_mem: "1024,1024"

  1564.           dpdk_lcore_mask: "0x400"

  1565.           memory_channels: 2

  1566.         interface:

  1567.           dpdk_second_nic:

  1568.             name: ${_param:primary_second_nic}

  1569.             pci: 0000:06:00.0

  1570.             driver: igb_uio/vfio-pci

  1571.             bond: dpdkbond0

  1572.             enabled: true

  1573.             type: dpdk_ovs_port

  1574.             n_rxq: 2

  1575.             pmd_rxq_affinity: "0:1,1:2"

  1576.             mtu: 9000

  1577.           dpdk_first_nic:

  1578.             name: ${_param:primary_first_nic}

  1579.             pci: 0000:05:00.0

  1580.             driver: igb_uio/vfio-pci

  1581.             bond: dpdkbond0

  1582.             enabled: true

  1583.             type: dpdk_ovs_port

  1584.             n_rxq: 2

  1585.             pmd_rxq_affinity: "0:1,1:2"

  1586.             mtu: 9000

  1587.           dpdkbond0:

  1588.             enabled: true

  1589.             bridge: br-prv

  1590.             type: dpdk_ovs_bond

  1591.             mode: active-backup

  1592.           br-prv:

  1593.             enabled: true

  1594.             type: dpdk_ovs_bridge

  1595. 

  1596. **DPDK OVS LACP Bond with vlan tag**

  1597. 

  1598. .. code-block:: yaml

  1599. 

  1600.     linux:

  1601.       network:

  1602.         bridge: openvswitch

  1603.         dpdk:

  1604.           enabled: true

  1605.           driver: uio

  1606.         openvswitch:

  1607.           pmd_cpu_mask: "0x6"

  1608.           dpdk_socket_mem: "1024,1024"

  1609.           dpdk_lcore_mask: "0x400"

  1610.           memory_channels: "2"

  1611.         interface:

  1612.           eth3:

  1613.             enabled: true

  1614.             type: eth

  1615.             proto: manual

  1616.             name: ${_param:tenant_first_nic}

  1617.           eth4:

  1618.             enabled: true

  1619.             type: eth

  1620.             proto: manual

  1621.             name: ${_param:tenant_second_nic}

  1622.           dpdk0:

  1623.             name: ${_param:tenant_first_nic}

  1624.             pci: "0000:81:00.0"

  1625.             driver: igb_uio

  1626.             bond: bond1

  1627.             enabled: true

  1628.             type: dpdk_ovs_port

  1629.             n_rxq: 2

  1630.           dpdk1:

  1631.             name: ${_param:tenant_second_nic}

  1632.             pci: "0000:81:00.1"

  1633.             driver: igb_uio

  1634.             bond: bond1

  1635.             enabled: true

  1636.             type: dpdk_ovs_port

  1637.             n_rxq: 2

  1638.           bond1:

  1639.             enabled: true

  1640.             bridge: br-prv

  1641.             type: dpdk_ovs_bond

  1642.             mode: balance-slb

  1643.           br-prv:

  1644.             enabled: true

  1645.             type: dpdk_ovs_bridge

  1646.             tag: ${_param:tenant_vlan}

  1647.             address: ${_param:tenant_address}

  1648.             netmask: ${_param:tenant_network_netmask}

  1649. 

  1650. **DPDK OVS bridge for VXLAN**

  1651. 

  1652. If VXLAN is used as tenant segmentation then ip address must be set on br-prv

  1653. 

  1654. .. code-block:: yaml

  1655. 

  1656.     linux:

  1657.       network:

  1658.         ...

  1659.         interface:

  1660.           br-prv:

  1661.             enabled: true

  1662.             type: dpdk_ovs_bridge

  1663.             address: 192.168.50.0

  1664.             netmask: 255.255.255.0

  1665.             tag: 101

  1666.             mtu: 9000

  1667. 

  1668. 

  1669. 

  1670. **DPDK OVS bridge with Linux network interface**

  1671. 

  1672. .. code-block:: yaml

  1673. 

  1674.     linux:

  1675.       network:

  1676.         ...

  1677.         interface:

  1678.           eth0:

  1679.             type: eth

  1680.             ovs_bridge: br-prv

  1681.             ...

  1682.           br-prv:

  1683.             enabled: true

  1684.             type: dpdk_ovs_bridge

  1685.             ...

  1686. 

  1687. Linux storage

  1688. -------------

  1689. 

  1690. Linux with mounted Samba

  1691. 

  1692. .. code-block:: yaml

  1693. 

  1694.     linux:

  1695.       storage:

  1696.         enabled: true

  1697.         mount:

  1698.           samba1:

  1699.           - enabled: true

  1700.           - path: /media/myuser/public/

  1701.           - device: //192.168.0.1/storage

  1702.           - file_system: cifs

  1703.           - options: guest,uid=myuser,iocharset=utf8,file_mode=0777,dir_mode=0777,noperm

  1704. 

  1705. NFS mount

  1706. 

  1707. .. code-block:: yaml

  1708. 

  1709.   linux:

  1710.     storage:

  1711.       enabled: true

  1712.       mount:

  1713.         nfs_glance:

  1714.           enabled: true

  1715.           path: /var/lib/glance/images

  1716.           device: 172.16.10.110:/var/nfs/glance

  1717.           file_system: nfs

  1718.           opts: rw,sync

  1719. 

  1720. 

  1721. File swap configuration

  1722. 

  1723. .. code-block:: yaml

  1724. 

  1725.     linux:

  1726.       storage:

  1727.         enabled: true

  1728.         swap:

  1729.           file:

  1730.             enabled: true

  1731.             engine: file

  1732.             device: /swapfile

  1733.             size: 1024

  1734. 

  1735. Partition swap configuration

  1736. 

  1737. .. code-block:: yaml

  1738. 

  1739.     linux:

  1740.       storage:

  1741.         enabled: true

  1742.         swap:

  1743.           partition:

  1744.             enabled: true

  1745.             engine: partition

  1746.             device: /dev/vg0/swap

  1747. 

  1748. LVM group `vg1` with one device and `data` volume mounted into `/mnt/data`

  1749. 

  1750. .. code-block:: yaml

  1751. 

  1752.     parameters:

  1753.       linux:

  1754.         storage:

  1755.           mount:

  1756.             data:

  1757.               enabled: true

  1758.               device: /dev/vg1/data

  1759.               file_system: ext4

  1760.               path: /mnt/data

  1761.           lvm:

  1762.             vg1:

  1763.               enabled: true

  1764.               devices:

  1765.                 - /dev/sdb

  1766.               volume:

  1767.                 data:

  1768.                   size: 40G

  1769.                   mount: ${linux:storage:mount:data}

  1770. 

  1771. Create partitions on disk. Specify size in MB. It expects empty

  1772. disk without any existing partitions. (set startsector=1, if you want to start partitions from 2048)

  1773. 

  1774. .. code-block:: yaml

  1775. 

  1776.       linux:

  1777.         storage:

  1778.           disk:

  1779.             first_drive:

  1780.               startsector: 1

  1781.               name: /dev/loop1

  1782.               type: gpt

  1783.               partitions:

  1784.                 - size: 200 #size in MB

  1785.                   type: fat32

  1786.                 - size: 300 #size in MB

  1787.                   mkfs: True

  1788.                   type: xfs

  1789.             /dev/vda1:

  1790.               partitions:

  1791.                 - size: 5

  1792.                   type: ext2

  1793.                 - size: 10

  1794.                   type: ext4

  1795. 

  1796. Multipath with Fujitsu Eternus DXL

  1797. 

  1798. .. code-block:: yaml

  1799. 

  1800.     parameters:

  1801.       linux:

  1802.         storage:

  1803.           multipath:

  1804.             enabled: true

  1805.             blacklist_devices:

  1806.             - /dev/sda

  1807.             - /dev/sdb

  1808.             backends:

  1809.             - fujitsu_eternus_dxl

  1810. 

  1811. Multipath with Hitachi VSP 1000

  1812. 

  1813. .. code-block:: yaml

  1814. 

  1815.     parameters:

  1816.       linux:

  1817.         storage:

  1818.           multipath:

  1819.             enabled: true

  1820.             blacklist_devices:

  1821.             - /dev/sda

  1822.             - /dev/sdb

  1823.             backends:

  1824.             - hitachi_vsp1000

  1825. 

  1826. Multipath with IBM Storwize

  1827. 

  1828. .. code-block:: yaml

  1829. 

  1830.     parameters:

  1831.       linux:

  1832.         storage:

  1833.           multipath:

  1834.             enabled: true

  1835.             blacklist_devices:

  1836.             - /dev/sda

  1837.             - /dev/sdb

  1838.             backends:

  1839.             - ibm_storwize

  1840. 

  1841. Multipath with multiple backends

  1842. 

  1843. .. code-block:: yaml

  1844. 

  1845.     parameters:

  1846.       linux:

  1847.         storage:

  1848.           multipath:

  1849.             enabled: true

  1850.             blacklist_devices:

  1851.             - /dev/sda

  1852.             - /dev/sdb

  1853.             - /dev/sdc

  1854.             - /dev/sdd

  1855.             backends:

  1856.             - ibm_storwize

  1857.             - fujitsu_eternus_dxl

  1858.             - hitachi_vsp1000

  1859. 

  1860. PAM LDAP integration

  1861. 

  1862. .. code-block:: yaml

  1863. 

  1864.     parameters:

  1865.       linux:

  1866.         system:

  1867.           auth:

  1868.             enabled: true

  1869.             mkhomedir:

  1870.               enabled: true

  1871.               umask: 0027

  1872.             ldap:

  1873.               enabled: true

  1874.               binddn: cn=bind,ou=service_users,dc=example,dc=com

  1875.               bindpw: secret

  1876.               uri: ldap://127.0.0.1

  1877.               base: ou=users,dc=example,dc=com

  1878.               ldap_version: 3

  1879.               pagesize: 65536

  1880.               referrals: off

  1881.               filter:

  1882.                 passwd: (&(&(objectClass=person)(uidNumber=*))(unixHomeDirectory=*))

  1883.                 shadow: (&(&(objectClass=person)(uidNumber=*))(unixHomeDirectory=*))

  1884.                 group:  (&(objectClass=group)(gidNumber=*))

  1885. 

  1886. Disabled multipath (the default setup)

  1887. 

  1888. .. code-block:: yaml

  1889. 

  1890.     parameters:

  1891.       linux:

  1892.         storage:

  1893.           multipath:

  1894.             enabled: false

  1895. 

  1896. Linux with local loopback device

  1897. 

  1898. .. code-block:: yaml

  1899. 

  1900.     linux:

  1901.       storage:

  1902.         loopback:

  1903.           disk1:

  1904.             file: /srv/disk1

  1905.             size: 50G

  1906. 

  1907. External config generation

  1908. --------------------------

  1909. 

  1910. You are able to use config support metadata between formulas and only generate

  1911. config files for external use, eg. docker, etc.

  1912. 

  1913. .. code-block:: yaml

  1914. 

  1915.     parameters:

  1916.       linux:

  1917.         system:

  1918.           config:

  1919.             pillar:

  1920.               jenkins:

  1921.                 master:

  1922.                   home: /srv/volumes/jenkins

  1923.                   approved_scripts:

  1924.                     - method java.net.URL openConnection

  1925.                   credentials:

  1926.                     - type: username_password

  1927.                       scope: global

  1928.                       id: test

  1929.                       desc: Testing credentials

  1930.                       username: test

  1931.                       password: test

  1932. 

  1933. Netconsole Remote Kernel Logging

  1934. --------------------------------

  1935. 

  1936. Netconsole logger could be configured for configfs-enabled kernels

  1937. (`CONFIG_NETCONSOLE_DYNAMIC` should be enabled). Configuration applies both in

  1938. runtime (if network is already configured), and on-boot after interface

  1939. initialization. Notes:

  1940. 

  1941.  * receiver could be located only in same L3 domain

  1942.    (or you need to configure gateway MAC manually)

  1943.  * receiver's MAC is detected only on configuration time

  1944.  * using broadcast MAC is not recommended

  1945. 

  1946. .. code-block:: yaml

  1947. 

  1948.     parameters:

  1949.       linux:

  1950.         system:

  1951.           netconsole:

  1952.             enabled: true

  1953.             port: 514 (optional)

  1954.             loglevel: debug (optional)

  1955.             target:

  1956.               192.168.0.1:

  1957.                 interface: bond0

  1958.                 mac: "ff:ff:ff:ff:ff:ff" (optional)

  1959. 

  1960. Usage

  1961. =====

  1962. 

  1963. Set mtu of network interface eth0 to 1400

  1964. 

  1965. .. code-block:: bash

  1966. 

  1967.     ip link set dev eth0 mtu 1400

  1968. 

  1969. Read more

  1970. =========

  1971. 

  1972. * https://www.archlinux.org/

  1973. * http://askubuntu.com/questions/175172/how-do-i-configure-proxies-in-ubuntu-server-or-minimal-cli-ubuntu

  1974. 

  1975. Documentation and Bugs

  1976. ======================

  1977. 

  1978. To learn how to install and update salt-formulas, consult the documentation

  1979. available online at:

  1980. 

  1981.     http://salt-formulas.readthedocs.io/

  1982. 

  1983. In the unfortunate event that bugs are discovered, they should be reported to

  1984. the appropriate issue tracker. Use Github issue tracker for specific salt

  1985. formula:

  1986. 

  1987.     https://github.com/salt-formulas/salt-formula-linux/issues

  1988. 

  1989. For feature requests, bug reports or blueprints affecting entire ecosystem,

  1990. use Launchpad salt-formulas project:

  1991. 

  1992.     https://launchpad.net/salt-formulas

  1993. 

  1994. You can also join salt-formulas-users team and subscribe to mailing list:

  1995. 

  1996.     https://launchpad.net/~salt-formulas-users

  1997. 

  1998. Developers wishing to work on the salt-formulas projects should always base

  1999. their work on master branch and submit pull request against specific formula.

  2000. 

  2001.     https://github.com/salt-formulas/salt-formula-linux

  2002. 

  2003. Any questions or feedback is always welcome so feel free to join our IRC

  2004. channel:

  2005. 

  2006.     #salt-formulas @ irc.freenode.net