salt
/
linux-formula
複製自 ExternalMirrors/linux-formula
關注 1
收藏 0
複製 0
程式碼 版本發佈 8 活動
Saltstack Official Linux Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
520 提交
26 分支
目錄樹: ebf5552f66
分支列表 標籤
${ item.name }
建立分支 ${ searchTerm }
從 'ebf5552f66'
${ noResults }
linux-formula/README.rst

README.rst 42KB
原始文件 Normal View 歷史記錄

Update README.rst
7 年之前
Initial commit
9 年之前
Update README.rst
7 年之前
Initial commit
9 年之前
Update README.rst
7 年之前
Initial commit
9 年之前
Extend linux.user - Add posibility do delete user password - Delete any password, if no other option has been passed - Allow to pass hash\plain password - Allow to unchange password Change-Id: Id2b7234ca5d4417475b2114e74840292fc57d0de
7 年之前
Initial commit
9 年之前
Extend linux.user - Add posibility do delete user password - Delete any password, if no other option has been passed - Allow to pass hash\plain password - Allow to unchange password Change-Id: Id2b7234ca5d4417475b2114e74840292fc57d0de
7 年之前
Initial commit
9 年之前
Extend linux.user - Add posibility do delete user password - Delete any password, if no other option has been passed - Allow to pass hash\plain password - Allow to unchange password Change-Id: Id2b7234ca5d4417475b2114e74840292fc57d0de
7 年之前
Initial commit
9 年之前
Add sudo state, salt-managed aliases,users,groups - apply review comments - add visudo check cmd
8 年之前
Update README.rst
7 年之前
Add sudo state, salt-managed aliases,users,groups - apply review comments - add visudo check cmd
8 年之前
Update README.rst
7 年之前
Add sudo state, salt-managed aliases,users,groups - apply review comments - add visudo check cmd
8 年之前
Update README.rst fixed typo in sudo part
7 年之前
Add sudo state, salt-managed aliases,users,groups - apply review comments - add visudo check cmd
8 年之前
Added ability to enable SETENV in sudoers Change-Id: Icee295720a5a2425390a1bcd588841897071938e
7 年之前
Add sudo state, salt-managed aliases,users,groups - apply review comments - add visudo check cmd
8 年之前
Initial commit
9 年之前
Add system.autoupdates state (#61) * Add support for autoupdates only Debian-based systems are supported for now (through unattended-upgrades package) * Fix test on system.autoupdates.pkgs
8 年之前
Initial commit
9 年之前
Use cron job identifier to be able to update command Change-Id: Id571945585863a08bd2317b57ecc6123a16e1857
7 年之前
Initial commit
9 年之前
Use cron job identifier to be able to update command Change-Id: Id571945585863a08bd2317b57ecc6123a16e1857
7 年之前
Initial commit
9 年之前
Support for setting security limits
9 年之前
Enable/disable console autologin
9 年之前
More options for consoles
9 年之前
Enable/disable console autologin
9 年之前
Allow setting policy-rc.d
9 年之前
Allow setting system locales
8 年之前
Fix readme of cs_CZ locales
8 年之前
Allow setting system locales
8 年之前
Allow configure systemd Change-Id: I54bc92902137899834408732ab852fd96d3f5a53
7 年之前
Add linux.system.directory state Change-Id: Ida91f545cc705457d1bc567fbee483e14a202a3a
7 年之前
Make linux.system.kernel functional
9 年之前
add support for kernel modules Change-Id: I6ba3d72307805341829fe0f6919e326f3698e833
8 年之前
RIL-267 Adding cpu governor and kernel module opts (#101) * RIL-267 Adding cpu governor and kernel module opts * RIL-267 Adding cpu governor and kernel module opts * RIL-267 Adding cpu governor and kernel module opts
7 年之前
Make linux.system.kernel functional
9 年之前
Linux sysctl kernel parameters
9 年之前
Handle kernel boot options The 'system.kernel.elevator' and 'system.kernel.isolcpu' options have been kept for backward compatibility and should be used in new fashion way with system.kernel.boot_options parameter. Change-Id: I51f7167b8b8946500df2065ee6b02bcf21809bc9
7 年之前
cpu governor
8 年之前
RIL-267 Adding cpu governor and kernel module opts (#101) * RIL-267 Adding cpu governor and kernel module opts * RIL-267 Adding cpu governor and kernel module opts * RIL-267 Adding cpu governor and kernel module opts
7 年之前
cpu governor
8 年之前
add additional shared libraries (#137) * This merge request gives the ability to add shared libaries without set LD_LIBRARY_PATH variable. 1. Generate file in /etc/ld.so.conf.d/ 2. update /etc/ld.so.cache with ldconfig command example pillars: linux: system: enabled: True ld: libraries: java: - /usr/lib/jvm/jre-openjdk/lib/amd64/server - /opt/java/jre/lib/amd64/server * fix format in README.rst for Shared Libraries * Fix for #137 - change pillar libraries key to library
7 年之前
cgroups PROD-16845 Change-Id: Iabc6f4584e34c988e67ff42ee8ceb20c469823d6
7 年之前
add additional shared libraries (#137) * This merge request gives the ability to add shared libaries without set LD_LIBRARY_PATH variable. 1. Generate file in /etc/ld.so.conf.d/ 2. update /etc/ld.so.cache with ldconfig command example pillars: linux: system: enabled: True ld: libraries: java: - /usr/lib/jvm/jre-openjdk/lib/amd64/server - /opt/java/jre/lib/amd64/server * fix format in README.rst for Shared Libraries * Fix for #137 - change pillar libraries key to library
7 年之前
Add ca_certificates into readme Fixes: #120 Change-Id: Idc3b239418630a6d7cb8d5451726095c70fb6247
7 年之前
Add support for sysfs Change-Id: I29cfe2cd9dd39b74a1d39313f78dfddc87cb79b8
7 年之前
Hugepages support Grub hugepages configuration and mount point action. Change-Id: I49b26871c325b95a7d3f264892a9e997b58765bc Epic: PROD-8959
8 年之前
cpu governor
8 年之前
SRIOV support Enable SR-IOV support on server. Change-Id: I7dabe340abd398cc0422698112cbdd81804446b7 Epic: PROD-8956
8 年之前
Implement isolcpu grub configuration Separate cpu for host os from workload. Change-Id: I5b274a6324fe2fa47c09df82c01e3b95dadb5e53 Epic: PROD-8959
8 年之前
cpu governor
8 年之前
Initial commit
9 年之前
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 年之前
Add dhclient basic configuration Allows configuring general section as well as configuring each dhcp enabled interface separetly. Does not allow alias or lease configuration.
7 年之前
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 年之前
Add dhclient basic configuration Allows configuring general section as well as configuring each dhcp enabled interface separetly. Does not allow alias or lease configuration.
7 年之前
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 年之前
README fix for purging repos
7 年之前
Add linux.system.apt state Change-Id: I1e190f1f5b34a049335efbecffad3dddf7c41644
7 年之前
README fix for purging repos
7 年之前
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 年之前
rc.local added to linux formula
9 年之前
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 年之前
Allow setting system-wide prompt
9 年之前
Ensure PS1 is enforced for root
9 年之前
rc.local added to linux formula
9 年之前
Option to preserve bash history
9 年之前
Set message of the day
9 年之前
add service management support Change-Id: Iffb55fee41b8398de12554b58a9d36ae2b81e7ff
7 年之前
Add atop Change-Id: I59297736406469e5314236cb40851d9a6f94386e
7 年之前
RHEL compatibility of motd and prompt
9 年之前
Support for haveged
9 年之前
RHEL compatibility of motd and prompt
9 年之前
Support for haveged
9 年之前
Initial commit
9 年之前
example usage to disable NM
9 年之前
Initial commit
9 年之前
example usage to disable NM
9 年之前
Initial commit
9 年之前
vlan networking support
9 年之前
fix fillar syntax
9 年之前
vlan networking support
9 年之前
Initial commit
9 年之前
vlan networking support
9 年之前
Initial commit
9 年之前
vlan networking support
9 年之前
Initial commit
9 年之前
One should be able to change ovs port type if its not virtual. If ovs port is virtual, we use OVSIntPort to create it. Otherwise it should be OVSPort. I've added new key: ovs_port_type to not intersect with current deployments and not hurt anyone. I've updated doc to have an example of ovs peering patch. Customer-Found Change-Id: Ieddb5fcc02d410c3cc14c89737992690cb5f3975
7 年之前
Initial commit
9 年之前
Introduce ipflush_onchange Change-Id: I4dc6d6db82dc4074ed247b7fc0c29bfdc867b0d6
7 年之前
ifdown ifup fix PROD-16903 Change-Id: I660f745fc7518836f262b08fb92d39bbbe7a24e8
7 年之前
Introduce ipflush_onchange Change-Id: I4dc6d6db82dc4074ed247b7fc0c29bfdc867b0d6
7 年之前
Add concat and remove for interfaces.d Change-Id: Ia97c5a79c5298f24aca6ca9148ce48546f3bcb70
7 年之前
Add dhclient basic configuration Allows configuring general section as well as configuring each dhcp enabled interface separetly. Does not allow alias or lease configuration.
7 年之前
Add linux.network.systemd support
7 年之前
Add dhclient basic configuration Allows configuring general section as well as configuring each dhcp enabled interface separetly. Does not allow alias or lease configuration.
7 年之前
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 年之前
Allow mining for the dns records for local hosts records Change-Id: I8f2a66c6edafc425794d7cedc8b9217df7ee5951
7 年之前
Initial commit
9 年之前
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 年之前
Initial commit
9 年之前
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 年之前
Initial commit
9 年之前
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 年之前
Allow mining for the dns records for local hosts records Change-Id: I8f2a66c6edafc425794d7cedc8b9217df7ee5951
7 年之前
Add system.env, system.profile, system.proxy and configure proxy under system.repo
7 年之前
Initial commit
9 年之前
Allow enforcing of whole /etc/hosts Parameter purge_hosts will enforce whole /etc/hosts file, removing entries that are not defined in model except defaults for both IPv4 and IPv6 localhost and hostname + fqdn. It's good to use this option if you want to ensure /etc/hosts is always in a clean state however it's not enabled by default for safety. Change-Id: Ieb219b2dd494d5a66ecc52a2ec00dd5157ee2b7a
8 年之前
Allow mining for the dns records for local hosts records Change-Id: I8f2a66c6edafc425794d7cedc8b9217df7ee5951
7 年之前
Allow enforcing of whole /etc/hosts Parameter purge_hosts will enforce whole /etc/hosts file, removing entries that are not defined in model except defaults for both IPv4 and IPv6 localhost and hostname + fqdn. It's good to use this option if you want to ensure /etc/hosts is always in a clean state however it's not enabled by default for safety. Change-Id: Ieb219b2dd494d5a66ecc52a2ec00dd5157ee2b7a
8 年之前
Initial commit
9 年之前
Allow enforcing of whole /etc/hosts Parameter purge_hosts will enforce whole /etc/hosts file, removing entries that are not defined in model except defaults for both IPv4 and IPv6 localhost and hostname + fqdn. It's good to use this option if you want to ensure /etc/hosts is always in a clean state however it's not enabled by default for safety. Change-Id: Ieb219b2dd494d5a66ecc52a2ec00dd5157ee2b7a
8 年之前
Initial commit
9 年之前
Allow enforcing of whole /etc/hosts Parameter purge_hosts will enforce whole /etc/hosts file, removing entries that are not defined in model except defaults for both IPv4 and IPv6 localhost and hostname + fqdn. It's good to use this option if you want to ensure /etc/hosts is always in a clean state however it's not enabled by default for safety. Change-Id: Ieb219b2dd494d5a66ecc52a2ec00dd5157ee2b7a
8 年之前
Initial commit
9 年之前
Allow mining for the dns records for local hosts records Change-Id: I8f2a66c6edafc425794d7cedc8b9217df7ee5951
7 年之前
Allow enforcing of whole /etc/hosts Parameter purge_hosts will enforce whole /etc/hosts file, removing entries that are not defined in model except defaults for both IPv4 and IPv6 localhost and hostname + fqdn. It's good to use this option if you want to ensure /etc/hosts is always in a clean state however it's not enabled by default for safety. Change-Id: Ieb219b2dd494d5a66ecc52a2ec00dd5157ee2b7a
8 年之前
Allow setting resolv.conf
9 年之前
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
8 年之前
Allow setting resolv.conf
9 年之前
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
8 年之前
fix options setting in resolv
8 年之前
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
8 年之前
Allow mining for the dns records for local hosts records Change-Id: I8f2a66c6edafc425794d7cedc8b9217df7ee5951
7 年之前
Feature: automatically set txqueuelen for all tap* network interfaces Config: linux: network: tap_custom_txqueuelen: 10000 in case of configuration parameter defined will create file: /etc/udev/rules.d/60-net-txqueue.rules with content: KERNEL==”tap[0-9a-z\-]*", RUN+="/sbin/ip link set %k txqueuelen 10000"
7 年之前
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
8 年之前
[DPDK] Enable VT-d in kernel via grub in case vfio-pci PMD driver This is required in order to use vfio-pci driver. More info: http://docs.openvswitch.org/en/latest/intro/install/dpdk/ Change-Id: I1c936ffd4a903b9c6d67cdde6c612019a85f9b9e
7 年之前
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
8 年之前
[DPDK] Enable VT-d in kernel via grub in case vfio-pci PMD driver This is required in order to use vfio-pci driver. More info: http://docs.openvswitch.org/en/latest/intro/install/dpdk/ Change-Id: I1c936ffd4a903b9c6d67cdde6c612019a85f9b9e
7 年之前
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
8 年之前
[DPDK] Add ability to set pmd_rxq_affinity for dpdk interfaces This enables a more fine tuned dpdk for better performance. More details on pmd-rxq-affinity config: http://docs.openvswitch.org/en/latest/howto/dpdk/ Change-Id: I630c6af94ff733619fb175f522fc515984862ff6
7 年之前
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
8 年之前
Linux OVS dpdk vxlan tunnel endpoint ip address Add possiblity to add ip address and mtu on dpdk ovs bridge to be able use VXLAN as tenant segmentation. Change-Id: I1394d30c5d9935218841b17ff7651dac7b4abefa Epic: PROD-8957
8 年之前
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
8 年之前
Allow setting resolv.conf
9 年之前
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
8 年之前
[DPDK] Enable VT-d in kernel via grub in case vfio-pci PMD driver This is required in order to use vfio-pci driver. More info: http://docs.openvswitch.org/en/latest/intro/install/dpdk/ Change-Id: I1c936ffd4a903b9c6d67cdde6c612019a85f9b9e
7 年之前
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
8 年之前
[DPDK] Enable VT-d in kernel via grub in case vfio-pci PMD driver This is required in order to use vfio-pci driver. More info: http://docs.openvswitch.org/en/latest/intro/install/dpdk/ Change-Id: I1c936ffd4a903b9c6d67cdde6c612019a85f9b9e
7 年之前
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
8 年之前
[DPDK] Add ability to set pmd_rxq_affinity for dpdk interfaces This enables a more fine tuned dpdk for better performance. More details on pmd-rxq-affinity config: http://docs.openvswitch.org/en/latest/howto/dpdk/ Change-Id: I630c6af94ff733619fb175f522fc515984862ff6
7 年之前
Linux OVS dpdk vxlan tunnel endpoint ip address Add possiblity to add ip address and mtu on dpdk ovs bridge to be able use VXLAN as tenant segmentation. Change-Id: I1394d30c5d9935218841b17ff7651dac7b4abefa Epic: PROD-8957
8 年之前
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
8 年之前
[DPDK] Enable VT-d in kernel via grub in case vfio-pci PMD driver This is required in order to use vfio-pci driver. More info: http://docs.openvswitch.org/en/latest/intro/install/dpdk/ Change-Id: I1c936ffd4a903b9c6d67cdde6c612019a85f9b9e
7 年之前
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
8 年之前
[DPDK] Add ability to set pmd_rxq_affinity for dpdk interfaces This enables a more fine tuned dpdk for better performance. More details on pmd-rxq-affinity config: http://docs.openvswitch.org/en/latest/howto/dpdk/ Change-Id: I630c6af94ff733619fb175f522fc515984862ff6
7 年之前
Linux OVS dpdk vxlan tunnel endpoint ip address Add possiblity to add ip address and mtu on dpdk ovs bridge to be able use VXLAN as tenant segmentation. Change-Id: I1394d30c5d9935218841b17ff7651dac7b4abefa Epic: PROD-8957
8 年之前
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
8 年之前
Linux OVS dpdk vxlan tunnel endpoint ip address Add possiblity to add ip address and mtu on dpdk ovs bridge to be able use VXLAN as tenant segmentation. Change-Id: I1394d30c5d9935218841b17ff7651dac7b4abefa Epic: PROD-8957
8 年之前
[dpdk] Support ovs bridge tagging Bring in "tag" option for dpdk/ovs bridges to support vlan-tagged vxlan mode. Change-Id: I7f1f88233694f2c8b968a6cf55584f32879ec042
7 年之前
Linux OVS dpdk vxlan tunnel endpoint ip address Add possiblity to add ip address and mtu on dpdk ovs bridge to be able use VXLAN as tenant segmentation. Change-Id: I1394d30c5d9935218841b17ff7651dac7b4abefa Epic: PROD-8957
8 年之前
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
8 年之前
Initial commit
9 年之前
Fix mount examples in the README The enabled flag is mandatory.
8 年之前
Initial commit
9 年之前
nfs storage mount
7 年之前
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
8 年之前
Initial commit
9 年之前
Linux OVS-dpdk and multiqueue support Introduce dpdk support for linux OVS configuration. It configures dpdk interface bind, ovs dpdk ports, bonding, parameters for dpdk cpu pmd and set multique queues for specific ovs dpdk interfaces. Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9 Epic: PROD-8957 Epic: PROD-8958
8 年之前
add swap partition support
9 年之前
Support for LVM
9 年之前
Fix mount examples in the README The enabled flag is mandatory.
8 年之前
Support for LVM
9 年之前
Disk partitioning Ability to create partitions on empty disks. Change-Id: I0a71da9d62d8f7df3fa03e3f34d49bad6988ba6d
7 年之前
add startsector for partitions
7 年之前
Disk partitioning Ability to create partitions on empty disks. Change-Id: I0a71da9d62d8f7df3fa03e3f34d49bad6988ba6d
7 年之前
add startsector for partitions
7 年之前
Disk partitioning Ability to create partitions on empty disks. Change-Id: I0a71da9d62d8f7df3fa03e3f34d49bad6988ba6d
7 年之前
Extend by mkfs for XFS filesystem Change-Id: I3a6a8fc227cb9abd785b342584038e34d57a4175
7 年之前
Disk partitioning Ability to create partitions on empty disks. Change-Id: I0a71da9d62d8f7df3fa03e3f34d49bad6988ba6d
7 年之前
Refactored multipath support
8 年之前
Presenting pam_ldap auth for linux feature This patch implements pam ldap integration for linux host. Related Prod: PROD-16022 Customer-Found Change-Id: I2a05cfb4821d176724f03c61253700ef1f4d0bd8
7 年之前
Refactored multipath support
8 年之前
Add linux.storage.loopback state This state allows to configure loopback device(s). This isn't meant to be used in production but offers a cheap way to test Cinder with LVM volumes.
8 年之前
Add support for external config generation
8 年之前
netconsole remote kernel logger To configure: * set system.netconsole.enabled to true * create system.netconsole.target dict * set a record with IP address and MAC and interface as subdict It works with both static and DHCP interfaces, and applies online. You could use bash-scripting in netconsole.conf. You could override the MAC. See tests/pillar/system.sls for further information. Change-Id: I1cbde47575eb5d32a34cd6d79a063f42dbea7643
7 年之前
Refactored multipath support
8 年之前
Initial commit
9 年之前
Unify Makefile, .gitignore and update readme
8 年之前
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755175617571758175917601761176217631764176517661767 
  1. ============

  2. Linux Fomula

  3. ============

  4. 

  5. Linux Operating Systems.

  6. 

  7. * Ubuntu

  8. * CentOS

  9. * RedHat

  10. * Fedora

  11. * Arch

  12. 

  13. Sample Pillars

  14. ==============

  15. 

  16. 

  17. Linux System

  18. ------------

  19. 

  20. Basic Linux box

  21. 

  22. .. code-block:: yaml

  23. 

  24.     linux:

  25.       system:

  26.         enabled: true

  27.         name: 'node1'

  28.         domain: 'domain.com'

  29.         cluster: 'system'

  30.         environment: prod

  31.         timezone: 'Europe/Prague'

  32.         utc: true

  33. 

  34. Linux with system users, some with password set:

  35. .. WARNING::

  36. If no 'password' variable has been passed - any predifined password

  37. will be removed.

  38. 

  39. .. code-block:: yaml

  40. 

  41.     linux:

  42.       system:

  43.         ...

  44.         user:

  45.           jdoe:

  46.             name: 'jdoe'

  47.             enabled: true

  48.             sudo: true

  49.             shell: /bin/bash

  50.             full_name: 'Jonh Doe'

  51.             home: '/home/jdoe'

  52.             email: 'jonh@doe.com'

  53.           jsmith:

  54.             name: 'jsmith'

  55.             enabled: true

  56.             full_name: 'With clear password'

  57.             home: '/home/jsmith'

  58.             hash_password: true

  59.             password: "userpassword"

  60.           mark:

  61.             name: 'mark'

  62.             enabled: true

  63.             full_name: "unchange password'

  64.             home: '/home/mark'

  65.             password: false

  66.           elizabeth:

  67.             name: 'elizabeth'

  68.             enabled: true

  69.             full_name: 'With hased password'

  70.             home: '/home/elizabeth'

  71.             password: "$6$nUI7QEz3$dFYjzQqK5cJ6HQ38KqG4gTWA9eJu3aKx6TRVDFh6BVJxJgFWg2akfAA7f1fCxcSUeOJ2arCO6EEI6XXnHXxG10"

  72. 

  73. Configure sudo for users and groups under ``/etc/sudoers.d/``.

  74. This ways ``linux.system.sudo`` pillar map to actual sudo attributes:

  75. 

  76. .. code-block:: jinja

  77. 

  78.    # simplified template:

  79.    Cmds_Alias {{ alias }}={{ commands }}

  80.    {{ user }}   {{ hosts }}=({{ runas }}) NOPASSWD: {{ commands }}

  81.    %{{ group }} {{ hosts }}=({{ runas }}) NOPASSWD: {{ commands }}

  82. 

  83.    # when rendered:

  84.    saltuser1 ALL=(ALL) NOPASSWD: ALL

  85. 

  86. .. code-block:: yaml

  87. 

  88.   linux:

  89.     system:

  90.       sudo:

  91.         enabled: true

  92.         aliases:

  93.           host:

  94.             LOCAL:

  95.             - localhost

  96.             PRODUCTION:

  97.             - db1

  98.             - db2

  99.           runas:

  100.             DBA:

  101.             - postgres

  102.             - mysql

  103.             SALT:

  104.             - root

  105.           command:

  106.             # Note: This is not 100% safe when ALL keyword is used, user still may modify configs and hide his actions.

  107.             #       Best practice is to specify full list of commands user is allowed to run.

  108.             SUPPORT_RESTRICTED:

  109.             - /bin/vi /etc/sudoers*

  110.             - /bin/vim /etc/sudoers*

  111.             - /bin/nano /etc/sudoers*

  112.             - /bin/emacs /etc/sudoers*

  113.             - /bin/su - root

  114.             - /bin/su -

  115.             - /bin/su

  116.             - /usr/sbin/visudo

  117.             SUPPORT_SHELLS:

  118.             - /bin/sh

  119.             - /bin/ksh

  120.             - /bin/bash

  121.             - /bin/rbash

  122.             - /bin/dash

  123.             - /bin/zsh

  124.             - /bin/csh

  125.             - /bin/fish

  126.             - /bin/tcsh

  127.             - /usr/bin/login

  128.             - /usr/bin/su

  129.             - /usr/su

  130.             ALL_SALT_SAFE:

  131.             - /usr/bin/salt state*

  132.             - /usr/bin/salt service*

  133.             - /usr/bin/salt pillar*

  134.             - /usr/bin/salt grains*

  135.             - /usr/bin/salt saltutil*

  136.             - /usr/bin/salt-call state*

  137.             - /usr/bin/salt-call service*

  138.             - /usr/bin/salt-call pillar*

  139.             - /usr/bin/salt-call grains*

  140.             - /usr/bin/salt-call saltutil*

  141.             SALT_TRUSTED:

  142.             - /usr/bin/salt*

  143.         users:

  144.           # saltuser1 with default values: saltuser1 ALL=(ALL) NOPASSWD: ALL

  145.           saltuser1: {}

  146.           saltuser2:

  147.             hosts:

  148.             - LOCAL

  149.           # User Alias DBA

  150.           DBA:

  151.             hosts:

  152.             - ALL

  153.             commands:

  154.             - ALL_SALT_SAFE

  155.         groups:

  156.           db-ops:

  157.             hosts:

  158.             - ALL

  159.             - '!PRODUCTION'

  160.             runas:

  161.             - DBA

  162.             commands:

  163.             - /bin/cat *

  164.             - /bin/less *

  165.             - /bin/ls *

  166.           salt-ops:

  167.             hosts:

  168.             - 'ALL'

  169.             runas:

  170.             - SALT

  171.             commands:

  172.             - SUPPORT_SHELLS

  173.           salt-ops-2nd:

  174.             name: salt-ops

  175.             nopasswd: false

  176.             setenv: true # Enable sudo -E option

  177.             runas:

  178.             - DBA

  179.             commands:

  180.             - ALL

  181.             - '!SUPPORT_SHELLS'

  182.             - '!SUPPORT_RESTRICTED'

  183. 

  184. Linux with package, latest version

  185. 

  186. .. code-block:: yaml

  187. 

  188.     linux:

  189.       system:

  190.         ...

  191.         package:

  192.           package-name:

  193.             version: latest

  194. 

  195. Linux with package from certail repo, version with no upgrades

  196. 

  197. .. code-block:: yaml

  198. 

  199.     linux:

  200.       system:

  201.         ...

  202.         package:

  203.           package-name:

  204.             version: 2132.323

  205.             repo: 'custom-repo'

  206.             hold: true

  207. 

  208. Linux with package from certail repo, version with no GPG verification

  209. 

  210. .. code-block:: yaml

  211. 

  212.     linux:

  213.       system:

  214.         ...

  215.         package:

  216.           package-name:

  217.             version: 2132.323

  218.             repo: 'custom-repo'

  219.             verify: false

  220. 

  221. Linux with autoupdates (automatically install security package updates)

  222. 

  223. .. code-block:: yaml

  224. 

  225.     linux:

  226.       system:

  227.         ...

  228.         autoupdates:

  229.           enabled: true

  230.           mail: root@localhost

  231.           mail_only_on_error: true

  232.           remove_unused_dependencies: false

  233.           automatic_reboot: true

  234.           automatic_reboot_time: "02:00"

  235. 

  236. Linux with cron jobs

  237. By default it will use name as an identifier, unless identifier key is

  238. explicitly set or False (then it will use Salt's default behavior which is

  239. identifier same as command resulting in not being able to change it)

  240. 

  241. .. code-block:: yaml

  242. 

  243.     linux:

  244.       system:

  245.         ...

  246.         job:

  247.           cmd1:

  248.             command: '/cmd/to/run'

  249.             identifier: cmd1

  250.             enabled: true

  251.             user: 'root'

  252.             hour: 2

  253.             minute: 0

  254. 

  255. Linux security limits (limit sensu user memory usage to max 1GB):

  256. 

  257. .. code-block:: yaml

  258. 

  259.     linux:

  260.       system:

  261.         ...

  262.         limit:

  263.           sensu:

  264.             enabled: true

  265.             domain: sensu

  266.             limits:

  267.               - type: hard

  268.                 item: as

  269.                 value: 1000000

  270. 

  271. Enable autologin on tty1 (may work only for Ubuntu 14.04):

  272. 

  273. .. code-block:: yaml

  274. 

  275.     linux:

  276.       system:

  277.         console:

  278.           tty1:

  279.             autologin: root

  280.           # Enable serial console

  281.           ttyS0:

  282.             autologin: root

  283.             rate: 115200

  284.             term: xterm

  285. 

  286. To disable set autologin to `false`.

  287. 

  288. Set ``policy-rc.d`` on Debian-based systems. Action can be any available

  289. command in ``while true`` loop and ``case`` context.

  290. Following will disallow dpkg to stop/start services for cassandra package automatically:

  291. 

  292. .. code-block:: yaml

  293. 

  294.     linux:

  295.       system:

  296.         policyrcd:

  297.           - package: cassandra

  298.             action: exit 101

  299.           - package: '*'

  300.             action: switch

  301. 

  302. Set system locales:

  303. 

  304. .. code-block:: yaml

  305. 

  306.     linux:

  307.       system:

  308.         locale:

  309.           en_US.UTF-8:

  310.             default: true

  311.           "cs_CZ.UTF-8 UTF-8":

  312.             enabled: true

  313. 

  314. Systemd settings:

  315. 

  316. .. code-block:: yaml

  317. 

  318.     linux:

  319.       system:

  320.         ...

  321.         systemd:

  322.           system:

  323.             Manager:

  324.               DefaultLimitNOFILE: 307200

  325.               DefaultLimitNPROC: 307200

  326.           user:

  327.             Manager:

  328.               DefaultLimitCPU: 2

  329.               DefaultLimitNPROC: 4

  330. 

  331. Ensure presence of directory:

  332. 

  333. .. code-block:: yaml

  334. 

  335.     linux:

  336.       system:

  337.         directory:

  338.           /tmp/test:

  339.             user: root

  340.             group: root

  341.             mode: 700

  342.             makedirs: true

  343. 

  344. Kernel

  345. ~~~~~~

  346. 

  347. Install always up to date LTS kernel and headers from Ubuntu trusty:

  348. 

  349. .. code-block:: yaml

  350. 

  351.     linux:

  352.       system:

  353.         kernel:

  354.           type: generic

  355.           lts: trusty

  356.           headers: true

  357. 

  358. Load kernel modules and add them to `/etc/modules`:

  359. 

  360. .. code-block:: yaml

  361. 

  362.     linux:

  363.       system:

  364.         kernel:

  365.           modules:

  366.             - nf_conntrack

  367.             - tp_smapi

  368.             - 8021q

  369. 

  370. Configure or blacklist kernel modules with additional options to `/etc/modprobe.d` following example 

  371. will add `/etc/modprobe.d/nf_conntrack.conf` file with line `options nf_conntrack hashsize=262144`:

  372. 

  373. .. code-block:: yaml

  374. 

  375.     linux:

  376.       system:

  377.         kernel:

  378.           module:

  379.             nf_conntrack:

  380.               option:

  381.                 hashsize: 262144

  382. 

  383. 

  384. 

  385. Install specific kernel version and ensure all other kernel packages are

  386. not present. Also install extra modules and headers for this kernel:

  387. 

  388. .. code-block:: yaml

  389. 

  390.     linux:

  391.       system:

  392.         kernel:

  393.           type: generic

  394.           extra: true

  395.           headers: true

  396.           version: 4.2.0-22

  397. 

  398. Systcl kernel parameters

  399. 

  400. .. code-block:: yaml

  401. 

  402.     linux:

  403.       system:

  404.         kernel:

  405.           sysctl:

  406.             net.ipv4.tcp_keepalive_intvl: 3

  407.             net.ipv4.tcp_keepalive_time: 30

  408.             net.ipv4.tcp_keepalive_probes: 8

  409. 

  410. Configure kernel boot options:

  411. 

  412. .. code-block:: yaml

  413. 

  414.     linux:

  415.       system:

  416.         kernel:

  417.           boot_options:

  418.             - elevator=deadline

  419.             - spectre_v2=off

  420.             - nopti

  421. 

  422. 

  423. CPU

  424. ~~~

  425. 

  426. Enable cpufreq governor for every cpu:

  427. 

  428. .. code-block:: yaml

  429. 

  430.     linux:

  431.       system:

  432.         cpu:

  433.           governor: performance

  434. 

  435. 

  436. CGROUPS

  437. ~~~~~~~

  438. 

  439. Setup linux cgroups:

  440. 

  441. .. code-block:: yaml

  442. 

  443.     linux:

  444.       system:

  445.         cgroup:

  446.           enabled: true

  447.           group:

  448.             ceph_group_1:

  449.               controller:

  450.                 cpu:

  451.                   shares:

  452.                     value: 250

  453.                 cpuacct:

  454.                   usage:

  455.                     value: 0

  456.                 cpuset:

  457.                   cpus:

  458.                     value: 1,2,3

  459.                 memory:

  460.                   limit_in_bytes:

  461.                     value: 2G

  462.                   memsw.limit_in_bytes:

  463.                     value: 3G

  464.               mapping:

  465.                 subjects:

  466.                 - '@ceph'

  467.             generic_group_1:

  468.               controller:

  469.                 cpu:

  470.                   shares:

  471.                     value: 250

  472.                 cpuacct:

  473.                   usage:

  474.                     value: 0

  475.               mapping:

  476.                 subjects:

  477.                 - '*:firefox'

  478.                 - 'student:cp'

  479. 

  480. 

  481. Shared Libraries

  482. ~~~~~~~~~~~~~~~~

  483. 

  484. Set additional shared library to Linux system library path

  485. 

  486. .. code-block:: yaml

  487. 

  488.     linux:

  489.       system:

  490.         ld:

  491.           library:

  492.             java:

  493.               - /usr/lib/jvm/jre-openjdk/lib/amd64/server

  494.               - /opt/java/jre/lib/amd64/server

  495.     

  496. 

  497. Certificates

  498. ~~~~~~~~~~~~

  499. 

  500. Add certificate authority into system trusted CA bundle

  501. 

  502. .. code-block:: yaml

  503. 

  504.     linux:

  505.       system:

  506.         ca_certificates:

  507.           mycert: |

  508.             -----BEGIN CERTIFICATE-----

  509.             MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG

  510.             A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz

  511.             cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2

  512.             MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV

  513.             BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt

  514.             YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN

  515.             ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE

  516.             BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is

  517.             I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G

  518.             CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do

  519.             lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc

  520.             AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k

  521.             -----END CERTIFICATE-----

  522. 

  523. Sysfs

  524. ~~~~~

  525. 

  526. Install sysfsutils and set sysfs attributes:

  527. 

  528. .. code-block:: yaml

  529. 

  530.     linux:

  531.       system:

  532.         sysfs:

  533.           scheduler:

  534.             block/sda/queue/scheduler: deadline

  535.           power:

  536.             mode:

  537.               power/state: 0660

  538.             owner:

  539.               power/state: "root:power"

  540.             devices/system/cpu/cpu0/cpufreq/scaling_governor: powersave

  541. 

  542. Huge Pages

  543. ~~~~~~~~~~~~

  544. 

  545. Huge Pages give a performance boost to applications that intensively deal

  546. with memory allocation/deallocation by decreasing memory fragmentation.

  547. 

  548. .. code-block:: yaml

  549. 

  550.     linux:

  551.       system:

  552.         kernel:

  553.           hugepages:

  554.             small:

  555.               size: 2M

  556.               count: 107520

  557.               mount_point: /mnt/hugepages_2MB

  558.               mount: false/true # default false

  559.             large:

  560.               default: true # default automatically mounted

  561.               size: 1G

  562.               count: 210

  563.               mount_point: /mnt/hugepages_1GB

  564. 

  565. Note: not recommended to use both pagesizes in concurrently.

  566. 

  567. Intel SR-IOV

  568. ~~~~~~~~~~~~

  569. 

  570. PCI-SIG Single Root I/O Virtualization and Sharing (SR-IOV) specification defines a standardized mechanism to virtualize PCIe devices. The mechanism can virtualize a single PCIe Ethernet controller to appear as multiple PCIe devices.

  571. 

  572. .. code-block:: yaml

  573. 

  574.     linux:

  575.       system:

  576.         kernel:

  577.           sriov: True

  578.           unsafe_interrupts: False # Default is false. for older platforms and AMD we need to add interrupt remapping workaround

  579.         rc:

  580.           local: |

  581.             #!/bin/sh -e

  582.             # Enable 7 VF on eth1

  583.             echo 7 > /sys/class/net/eth1/device/sriov_numvfs; sleep 2; ifup -a

  584.             exit 0

  585. 

  586. Isolate CPU options

  587. ~~~~~~~~~~~~~~~~~~~

  588. 

  589. Remove the specified CPUs, as defined by the cpu_number values, from the general kernel

  590. SMP balancing and scheduler algroithms. The only way to move a process onto or off an

  591. "isolated" CPU is via the CPU affinity syscalls. cpu_number begins at 0, so the

  592. maximum value is 1 less than the number of CPUs on the system.

  593. 

  594. .. code-block:: yaml

  595. 

  596.     linux:

  597.       system:

  598.         kernel:

  599.           isolcpu: 1,2,3,4,5,6,7 # isolate first cpu 0

  600. 

  601. Repositories

  602. ~~~~~~~~~~~~

  603. 

  604. RedHat based Linux with additional OpenStack repo

  605. 

  606. .. code-block:: yaml

  607. 

  608.     linux:

  609.       system:

  610.         ...

  611.         repo:

  612.           rdo-icehouse:

  613.             enabled: true

  614.             source: 'http://repos.fedorapeople.org/repos/openstack/openstack-icehouse/epel-6/'

  615.             pgpcheck: 0

  616. 

  617. Ensure system repository to use czech Debian mirror (``default: true``)

  618. Also pin it's packages with priority 900.

  619. 

  620. .. code-block:: yaml

  621. 

  622.    linux:

  623.      system:

  624.        repo:

  625.          debian:

  626.            default: true

  627.            source: "deb http://ftp.cz.debian.org/debian/ jessie main contrib non-free"

  628.            # Import signing key from URL if needed

  629.            key_url: "http://dummy.com/public.gpg"

  630.            pin:

  631.              - pin: 'origin "ftp.cz.debian.org"'

  632.                priority: 900

  633.                package: '*'

  634. 

  635. 

  636. Package manager proxy setup globally:

  637. 

  638. .. code-block:: yaml

  639. 

  640.     linux:

  641.       system:

  642.         ...

  643.         repo:

  644.           apt-mk:

  645.             source: "deb http://apt-mk.mirantis.com/ stable main salt"

  646.         ...

  647.         proxy:

  648.           pkg:

  649.             enabled: true

  650.             ftp:   ftp://ftp-proxy-for-apt.host.local:2121

  651.           ...

  652.           # NOTE: Global defaults for any other componet that configure proxy on the system.

  653.           #       If your environment has just one simple proxy, set it on linux:system:proxy.

  654.           #

  655.           # fall back system defaults if linux:system:proxy:pkg has no protocol specific entries

  656.           # as for https and http

  657.           ftp:   ftp://proxy.host.local:2121

  658.           http:  http://proxy.host.local:3142

  659.           https: https://proxy.host.local:3143

  660. 

  661. Package manager proxy setup per repository:

  662. 

  663. .. code-block:: yaml

  664. 

  665.     linux:

  666.       system:

  667.         ...

  668.         repo:

  669.           debian:

  670.             source: "deb http://apt-mk.mirantis.com/ stable main salt"

  671.         ...

  672.           apt-mk:

  673.             source: "deb http://apt-mk.mirantis.com/ stable main salt"

  674.             # per repository proxy

  675.             proxy:

  676.               enabled: true

  677.               http:  http://maas-01:8080

  678.               https: http://maas-01:8080

  679.         ...

  680.         proxy:

  681.           # package manager fallback defaults

  682.           # used if linux:system:repo:apt-mk:proxy has no protocol specific entries

  683.           pkg:

  684.             enabled: true

  685.             ftp:   ftp://proxy.host.local:2121

  686.             #http:  http://proxy.host.local:3142

  687.             #https: https://proxy.host.local:3143

  688.           ...

  689.           # global system fallback system defaults

  690.           ftp:   ftp://proxy.host.local:2121

  691.           http:  http://proxy.host.local:3142

  692.           https: https://proxy.host.local:3143

  693. 

  694. 

  695. Remove all repositories:

  696. 

  697. .. code-block:: yaml

  698. 

  699.     linux:

  700.       system:

  701.         purge_repos: true

  702. 

  703. Setup custom apt config options:

  704. 

  705. .. code-block:: yaml

  706. 

  707.     linux:

  708.       system:

  709.         apt:

  710.           config:

  711.             compression-workaround:

  712.               "Acquire::CompressionTypes::Order": "gz"

  713.             docker-clean:

  714.               "DPkg::Post-Invoke":

  715.                 - "rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true"

  716.               "APT::Update::Post-Invoke":

  717.                 - "rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true"

  718. 

  719. RC

  720. ~~

  721. 

  722. rc.local example

  723. 

  724. .. code-block:: yaml

  725. 

  726.    linux:

  727.      system:

  728.        rc:

  729.          local: |

  730.            #!/bin/sh -e

  731.            #

  732.            # rc.local

  733.            #

  734.            # This script is executed at the end of each multiuser runlevel.

  735.            # Make sure that the script will "exit 0" on success or any other

  736.            # value on error.

  737.            #

  738.            # In order to enable or disable this script just change the execution

  739.            # bits.

  740.            #

  741.            # By default this script does nothing.

  742.            exit 0

  743. 

  744. 

  745. Prompt

  746. ~~~~~~

  747. 

  748. Setting prompt is implemented by creating ``/etc/profile.d/prompt.sh``. Every

  749. user can have different prompt.

  750. 

  751. .. code-block:: yaml

  752. 

  753.     linux:

  754.       system:

  755.         prompt:

  756.           root: \\n\\[\\033[0;37m\\]\\D{%y/%m/%d %H:%M:%S} $(hostname -f)\\[\\e[0m\\]\\n\\[\\e[1;31m\\][\\u@\\h:\\w]\\[\\e[0m\\]

  757.           default: \\n\\D{%y/%m/%d %H:%M:%S} $(hostname -f)\\n[\\u@\\h:\\w]

  758. 

  759. On Debian systems to set prompt system-wide it's necessary to remove setting

  760. PS1 in ``/etc/bash.bashrc`` and ``~/.bashrc`` (which comes from

  761. ``/etc/skel/.bashrc``). This formula will do this automatically, but will not

  762. touch existing user's ``~/.bashrc`` files except root.

  763. 

  764. Bash

  765. ~~~~

  766. 

  767. Fix bash configuration to preserve history across sessions (like ZSH does by

  768. default).

  769. 

  770. .. code-block:: yaml

  771. 

  772.     linux:

  773.       system:

  774.         bash:

  775.           preserve_history: true

  776. 

  777. Message of the day

  778. ~~~~~~~~~~~~~~~~~~

  779. 

  780. ``pam_motd`` from package ``update-motd`` is used for dynamic messages of the

  781. day. Setting custom motd will cleanup existing ones.

  782. 

  783. .. code-block:: yaml

  784. 

  785.     linux:

  786.       system:

  787.         motd:

  788.           - release: |

  789.               #!/bin/sh

  790.               [ -r /etc/lsb-release ] && . /etc/lsb-release

  791. 

  792.               if [ -z "$DISTRIB_DESCRIPTION" ] && [ -x /usr/bin/lsb_release ]; then

  793.               	# Fall back to using the very slow lsb_release utility

  794.               	DISTRIB_DESCRIPTION=$(lsb_release -s -d)

  795.               fi

  796. 

  797.               printf "Welcome to %s (%s %s %s)\n" "$DISTRIB_DESCRIPTION" "$(uname -o)" "$(uname -r)" "$(uname -m)"

  798.           - warning: |

  799.               #!/bin/sh

  800.               printf "This is [company name] network.\n"

  801.               printf "Unauthorized access strictly prohibited.\n"

  802. 

  803. Services

  804. ~~~~~~~~

  805. 

  806. Stop and disable linux service:

  807. 

  808. .. code-block:: yaml

  809. 

  810.     linux:

  811.       system:

  812.         service:

  813.           apt-daily.timer:

  814.             status: dead

  815. 

  816. Possible status is dead (disable service by default), running (enable service by default), enabled, disabled.

  817. 

  818. Linux with atop service:

  819. 

  820. .. code-block:: yaml

  821. 

  822.     linux:

  823.       system:

  824.         atop:

  825.           enabled: true

  826.           interval: 20

  827.           logpath: "/var/log/atop"

  828.           outfile: "/var/log/atop/daily.log"

  829. 

  830. RHEL / CentOS

  831. ^^^^^^^^^^^^^

  832. 

  833. Unfortunately ``update-motd`` is currently not available for RHEL so there's

  834. no native support for dynamic motd.

  835. You can still set static one, only pillar structure differs:

  836. 

  837. .. code-block:: yaml

  838. 

  839.     linux:

  840.       system:

  841.         motd: |

  842.           This is [company name] network.

  843.           Unauthorized access strictly prohibited.

  844. 

  845. Haveged

  846. ~~~~~~~

  847. 

  848. If you are running headless server and are low on entropy, it may be a good

  849. idea to setup Haveged.

  850. 

  851. .. code-block:: yaml

  852. 

  853.     linux:

  854.       system:

  855.         haveged:

  856.           enabled: true

  857. 

  858. Linux network

  859. -------------

  860. 

  861. Linux with network manager

  862. 

  863. .. code-block:: yaml

  864. 

  865.     linux:

  866.       network:

  867.         enabled: true

  868.         network_manager: true

  869. 

  870. Linux with default static network interfaces, default gateway interface and DNS servers

  871. 

  872. .. code-block:: yaml

  873. 

  874.     linux:

  875.       network:

  876.         enabled: true

  877.         interface:

  878.           eth0:

  879.             enabled: true

  880.             type: eth

  881.             address: 192.168.0.102

  882.             netmask: 255.255.255.0

  883.             gateway: 192.168.0.1

  884.             name_servers:

  885.             - 8.8.8.8

  886.             - 8.8.4.4

  887.             mtu: 1500

  888. 

  889. Linux with bonded interfaces and disabled NetworkManager

  890. 

  891. .. code-block:: yaml

  892. 

  893.     linux:

  894.       network:

  895.         enabled: true

  896.         interface:

  897.           eth0:

  898.             type: eth

  899.             ...

  900.           eth1:

  901.             type: eth

  902.             ...

  903.           bond0:

  904.             enabled: true

  905.             type: bond

  906.             address: 192.168.0.102

  907.             netmask: 255.255.255.0

  908.             mtu: 1500

  909.             use_in:

  910.             - interface: ${linux:interface:eth0}

  911.             - interface: ${linux:interface:eth0}

  912.         network_manager:

  913.           disable: true

  914. 

  915. Linux with vlan interface_params

  916. 

  917. .. code-block:: yaml

  918. 

  919.     linux:

  920.       network:

  921.         enabled: true

  922.         interface:

  923.           vlan69:

  924.             type: vlan

  925.             use_interfaces:

  926.             - interface: ${linux:interface:bond0}

  927. 

  928. Linux with wireless interface parameters

  929. 

  930. .. code-block:: yaml

  931. 

  932.     linux:

  933.       network:

  934.         enabled: true

  935.         gateway: 10.0.0.1

  936.         default_interface: eth0

  937.         interface:

  938.           wlan0:

  939.             type: eth

  940.             wireless:

  941.               essid: example

  942.               key: example_key

  943.               security: wpa

  944.               priority: 1

  945. 

  946. Linux networks with routes defined

  947. 

  948. .. code-block:: yaml

  949. 

  950.     linux:

  951.       network:

  952.         enabled: true

  953.         gateway: 10.0.0.1

  954.         default_interface: eth0

  955.         interface:

  956.           eth0:

  957.             type: eth

  958.             route:

  959.               default:

  960.                 address: 192.168.0.123

  961.                 netmask: 255.255.255.0

  962.                 gateway: 192.168.0.1

  963. 

  964. Native Linux Bridges

  965. 

  966. .. code-block:: yaml

  967. 

  968.     linux:

  969.       network:

  970.         interface:

  971.           eth1:

  972.             enabled: true

  973.             type: eth

  974.             proto: manual

  975.             up_cmds:

  976.             - ip address add 0/0 dev $IFACE

  977.             - ip link set $IFACE up

  978.             down_cmds:

  979.             - ip link set $IFACE down

  980.           br-ex:

  981.             enabled: true

  982.             type: bridge

  983.             address: ${linux:network:host:public_local:address}

  984.             netmask: 255.255.255.0

  985.             use_interfaces:

  986.             - eth1

  987. 

  988. OpenVswitch Bridges

  989. 

  990. .. code-block:: yaml

  991. 

  992.     linux:

  993.       network:

  994.         bridge: openvswitch

  995.         interface:

  996.           eth1:

  997.             enabled: true

  998.             type: eth

  999.             proto: manual

  1000.             up_cmds:

  1001.             - ip address add 0/0 dev $IFACE

  1002.             - ip link set $IFACE up

  1003.             down_cmds:

  1004.             - ip link set $IFACE down

  1005.           br-ex:

  1006.             enabled: true

  1007.             type: bridge

  1008.             address: ${linux:network:host:public_local:address}

  1009.             netmask: 255.255.255.0

  1010.             use_interfaces:

  1011.             - eth1

  1012.           br-prv:

  1013.             enabled: true

  1014.             type: ovs_bridge

  1015.             mtu: 65000

  1016.           br-ens7:

  1017.             enabled: true

  1018.             name: br-ens7

  1019.             type: ovs_bridge

  1020.             proto: manual

  1021.             mtu: 9000

  1022.             use_interfaces:

  1023.             - ens7

  1024.           patch-br-ens7-br-prv:

  1025.             enabled: true

  1026.             name: ens7-prv

  1027.             ovs_type: ovs_port

  1028.             type: ovs_port

  1029.             bridge: br-ens7

  1030.             port_type: patch

  1031.             peer: prv-ens7

  1032.             mtu: 65000

  1033.           patch-br-prv-br-ens7:

  1034.             enabled: true

  1035.             name: prv-ens7

  1036.             bridge: br-prv

  1037.             ovs_type: ovs_port

  1038.             type: ovs_port

  1039.             port_type: patch

  1040.             peer: ens7-prv

  1041.             mtu: 65000

  1042.           ens7:

  1043.             enabled: true

  1044.             name: ens7

  1045.             proto: manual

  1046.             ovs_port_type: OVSPort

  1047.             type: ovs_port

  1048.             ovs_bridge: br-ens7

  1049.             bridge: br-ens7

  1050. 

  1051. Debian manual proto interfaces

  1052. 

  1053. When you are changing interface proto from static in up state to manual, you

  1054. may need to flush ip addresses. For example, if you want to use the interface

  1055. and the ip on the bridge. This can be done by setting the ``ipflush_onchange``

  1056. to true.

  1057. 

  1058. .. code-block:: yaml

  1059. 

  1060.     linux:

  1061.       network:

  1062.         interface:

  1063.           eth1:

  1064.             enabled: true

  1065.             type: eth

  1066.             proto: manual

  1067.             mtu: 9100

  1068.             ipflush_onchange: true

  1069. 

  1070. Debian static proto interfaces

  1071. 

  1072. When you are changing interface proto from dhcp in up state to static, you

  1073. may need to flush ip addresses and restart interface to assign ip address from a managed file.

  1074. For example, if you want to use the interface and the ip on the bridge.

  1075. This can be done by setting the ``ipflush_onchange`` with combination

  1076. ``restart_on_ipflush`` param set to to true.

  1077. 

  1078. .. code-block:: yaml

  1079. 

  1080.     linux:

  1081.       network:

  1082.         interface:

  1083.           eth1:

  1084.             enabled: true

  1085.             type: eth

  1086.             proto: static

  1087.             address: 10.1.0.22

  1088.             netmask: 255.255.255.0

  1089.             ipflush_onchange: true

  1090.             restart_on_ipflush: true

  1091. 

  1092. Concatinating and removing interface files

  1093. 

  1094. Debian based distributions have `/etc/network/interfaces.d/` directory, where

  1095. you can store configuration of network interfaces in separate files. You can

  1096. concatinate the files to the defined destination when needed, this operation

  1097. removes the file from the `/etc/network/interfaces.d/`. If you just need to

  1098. remove iface files, you can use the `remove_iface_files` key.

  1099. 

  1100. .. code-block:: yaml

  1101. 

  1102.     linux:

  1103.       network:

  1104.         concat_iface_files:

  1105.         - src: '/etc/network/interfaces.d/50-cloud-init.cfg'

  1106.           dst: '/etc/network/interfaces'

  1107.         remove_iface_files:

  1108.         - '/etc/network/interfaces.d/90-custom.cfg'

  1109. 

  1110. 

  1111. DHCP client configuration

  1112. 

  1113. None of the keys is mandatory, include only those you really need. For full list

  1114. of available options under send, supersede, prepend, append refer to dhcp-options(5)

  1115. 

  1116. .. code-block:: yaml

  1117. 

  1118.      linux:

  1119.        network:

  1120.          dhclient:

  1121.            enabled: true

  1122.            backoff_cutoff: 15

  1123.            initial_interval: 10

  1124.            reboot: 10

  1125.            retry: 60

  1126.            select_timeout: 0

  1127.            timeout: 120

  1128.            send:

  1129.              - option: host-name

  1130.                declaration: "= gethostname()"

  1131.            supersede:

  1132.              - option: host-name

  1133.                declaration: "spaceship"

  1134.              - option: domain-name

  1135.                declaration: "domain.home"

  1136.              #- option: arp-cache-timeout

  1137.              #  declaration: 20

  1138.            prepend:

  1139.              - option: domain-name-servers

  1140.                declaration:

  1141.                  - 8.8.8.8

  1142.                  - 8.8.4.4

  1143.              - option: domain-search

  1144.                declaration:

  1145.                  - example.com

  1146.                  - eng.example.com

  1147.            #append:

  1148.              #- option: domain-name-servers

  1149.              #  declaration: 127.0.0.1

  1150.            # ip or subnet to reject dhcp offer from

  1151.            reject:

  1152.              - 192.33.137.209

  1153.              - 10.0.2.0/24

  1154.            request:

  1155.              - subnet-mask

  1156.              - broadcast-address

  1157.              - time-offset

  1158.              - routers

  1159.              - domain-name

  1160.              - domain-name-servers

  1161.              - domain-search

  1162.              - host-name

  1163.              - dhcp6.name-servers

  1164.              - dhcp6.domain-search

  1165.              - dhcp6.fqdn

  1166.              - dhcp6.sntp-servers

  1167.              - netbios-name-servers

  1168.              - netbios-scope

  1169.              - interface-mtu

  1170.              - rfc3442-classless-static-routes

  1171.              - ntp-servers

  1172.            require:

  1173.              - subnet-mask

  1174.              - domain-name-servers

  1175.            # if per interface configuration required add below

  1176.            interface:

  1177.              ens2:

  1178.                initial_interval: 11

  1179.                reject:

  1180.                  - 192.33.137.210

  1181.              ens3:

  1182.                initial_interval: 12

  1183.                reject:

  1184.                  - 192.33.137.211

  1185. 

  1186. Linux network systemd settings:

  1187. 

  1188. .. code-block:: yaml

  1189. 

  1190.     linux:

  1191.       network:

  1192.         ...

  1193.         systemd:

  1194.           link:

  1195.             10-iface-dmz:

  1196.               Match:

  1197.                 MACAddress: c8:5b:67:fa:1a:af

  1198.                 OriginalName: eth0

  1199.               Link:

  1200.                 Name: dmz0

  1201.           netdev:

  1202.             20-bridge-dmz:

  1203.               match:

  1204.                 name: dmz0

  1205.               network:

  1206.                 mescription: bridge

  1207.                 bridge: br-dmz0

  1208.           network:

  1209.           # works with lowercase, keys are by default capitalized

  1210.             40-dhcp:

  1211.               match:

  1212.                 name: '*'

  1213.               network:

  1214.                 DHCP: yes

  1215. 

  1216. 

  1217. Configure global environment variables

  1218. 

  1219. Use ``/etc/environment`` for static system wide variable assignment after

  1220. boot. Variable expansion is frequently not supported.

  1221. 

  1222. .. code-block:: yaml

  1223. 

  1224.     linux:

  1225.       system:

  1226.         env:

  1227.           BOB_VARIABLE: Alice

  1228.           ...

  1229.           BOB_PATH:

  1230.             - /srv/alice/bin

  1231.             - /srv/bob/bin

  1232.           ...

  1233.           ftp_proxy:   none

  1234.           http_proxy:  http://global-http-proxy.host.local:8080

  1235.           https_proxy: ${linux:system:proxy:https}

  1236.           no_proxy:

  1237.             - 192.168.0.80

  1238.             - 192.168.1.80

  1239.             - .domain.com

  1240.             - .local

  1241.         ...

  1242.         # NOTE: global defaults proxy configuration.

  1243.         proxy:

  1244.           ftp:   ftp://proxy.host.local:2121

  1245.           http:  http://proxy.host.local:3142

  1246.           https: https://proxy.host.local:3143

  1247.           noproxy:

  1248.             - .domain.com

  1249.             - .local

  1250. 

  1251. Configure profile.d scripts

  1252. 

  1253. The profile.d scripts are being sourced during .sh execution and support

  1254. variable expansion in opposite to /etc/environment global settings in

  1255. ``/etc/environment``.

  1256. 

  1257. .. code-block:: yaml

  1258. 

  1259.     linux:

  1260.       system:

  1261.         profile:

  1262.           locales: |

  1263.             export LANG=C

  1264.             export LC_ALL=C

  1265.           ...

  1266.           vi_flavors.sh: |

  1267.             export PAGER=view

  1268.             export EDITOR=vim

  1269.             alias vi=vim

  1270.           shell_locales.sh: |

  1271.             export LANG=en_US

  1272.             export LC_ALL=en_US.UTF-8

  1273.           shell_proxies.sh: |

  1274.             export FTP_PROXY=ftp://127.0.3.3:2121

  1275.             export NO_PROXY='.local'

  1276. 

  1277. Linux with hosts

  1278. 

  1279. Parameter purge_hosts will enforce whole /etc/hosts file, removing entries

  1280. that are not defined in model except defaults for both IPv4 and IPv6 localhost

  1281. and hostname + fqdn.

  1282. 

  1283. It's good to use this option if you want to ensure /etc/hosts is always in a

  1284. clean state however it's not enabled by default for safety.

  1285. 

  1286. .. code-block:: yaml

  1287. 

  1288.     linux:

  1289.       network:

  1290.         purge_hosts: true

  1291.         host:

  1292.           # No need to define this one if purge_hosts is true

  1293.           hostname:

  1294.             address: 127.0.1.1

  1295.             names:

  1296.             - ${linux:network:fqdn}

  1297.             - ${linux:network:hostname}

  1298.           node1:

  1299.             address: 192.168.10.200

  1300.             names:

  1301.             - node2.domain.com

  1302.             - service2.domain.com

  1303.           node2:

  1304.             address: 192.168.10.201

  1305.             names:

  1306.             - node2.domain.com

  1307.             - service2.domain.com

  1308. 

  1309. Linux with hosts collected from mine

  1310. 

  1311. In this case all dns records defined within infrastrucuture will be passed to

  1312. local hosts records or any DNS server. Only hosts with `grain` parameter to

  1313. true will be propagated to the mine.

  1314. 

  1315. .. code-block:: yaml

  1316. 

  1317.     linux:

  1318.       network:

  1319.         purge_hosts: true

  1320.         mine_dns_records: true

  1321.         host:

  1322.           node1:

  1323.             address: 192.168.10.200

  1324.             grain: true

  1325.             names:

  1326.             - node2.domain.com

  1327.             - service2.domain.com

  1328. 

  1329. Setup resolv.conf, nameservers, domain and search domains

  1330. 

  1331. .. code-block:: yaml

  1332. 

  1333.     linux:

  1334.       network:

  1335.         resolv:

  1336.           dns:

  1337.           - 8.8.4.4

  1338.           - 8.8.8.8

  1339.           domain: my.example.com

  1340.           search:

  1341.           - my.example.com

  1342.           - example.com

  1343.           options:

  1344.           - ndots: 5

  1345.           - timeout: 2

  1346.           - attempts: 2

  1347. 

  1348. setting custom TX queue length for tap interfaces

  1349. 

  1350. .. code-block:: yaml

  1351. 

  1352.     linux:

  1353.       network:

  1354.         tap_custom_txqueuelen: 10000

  1355. 

  1356. DPDK OVS interfaces

  1357. 

  1358. **DPDK OVS NIC**

  1359. 

  1360. .. code-block:: yaml

  1361. 

  1362.     linux:

  1363.       network:

  1364.         bridge: openvswitch

  1365.         dpdk:

  1366.           enabled: true

  1367.           driver: uio/vfio

  1368.         openvswitch:

  1369.           pmd_cpu_mask: "0x6"

  1370.           dpdk_socket_mem: "1024,1024"

  1371.           dpdk_lcore_mask: "0x400"

  1372.           memory_channels: 2

  1373.         interface:

  1374.           dpkd0:

  1375.             name: ${_param:dpdk_nic}

  1376.             pci: 0000:06:00.0

  1377.             driver: igb_uio/vfio-pci

  1378.             enabled: true

  1379.             type: dpdk_ovs_port

  1380.             n_rxq: 2

  1381.             pmd_rxq_affinity: "0:1,1:2"

  1382.             bridge: br-prv

  1383.             mtu: 9000

  1384.           br-prv:

  1385.             enabled: true

  1386.             type: dpdk_ovs_bridge

  1387. 

  1388. **DPDK OVS Bond**

  1389. 

  1390. .. code-block:: yaml

  1391. 

  1392.     linux:

  1393.       network:

  1394.         bridge: openvswitch

  1395.         dpdk:

  1396.           enabled: true

  1397.           driver: uio/vfio

  1398.         openvswitch:

  1399.           pmd_cpu_mask: "0x6"

  1400.           dpdk_socket_mem: "1024,1024"

  1401.           dpdk_lcore_mask: "0x400"

  1402.           memory_channels: 2

  1403.         interface:

  1404.           dpdk_second_nic:

  1405.             name: ${_param:primary_second_nic}

  1406.             pci: 0000:06:00.0

  1407.             driver: igb_uio/vfio-pci

  1408.             bond: dpdkbond0

  1409.             enabled: true

  1410.             type: dpdk_ovs_port

  1411.             n_rxq: 2

  1412.             pmd_rxq_affinity: "0:1,1:2"

  1413.             mtu: 9000

  1414.           dpdk_first_nic:

  1415.             name: ${_param:primary_first_nic}

  1416.             pci: 0000:05:00.0

  1417.             driver: igb_uio/vfio-pci

  1418.             bond: dpdkbond0

  1419.             enabled: true

  1420.             type: dpdk_ovs_port

  1421.             n_rxq: 2

  1422.             pmd_rxq_affinity: "0:1,1:2"

  1423.             mtu: 9000

  1424.           dpdkbond0:

  1425.             enabled: true

  1426.             bridge: br-prv

  1427.             type: dpdk_ovs_bond

  1428.             mode: active-backup

  1429.           br-prv:

  1430.             enabled: true

  1431.             type: dpdk_ovs_bridge

  1432. 

  1433. **DPDK OVS bridge for VXLAN**

  1434. 

  1435. If VXLAN is used as tenant segmentation then ip address must be set on br-prv

  1436. 

  1437. .. code-block:: yaml

  1438. 

  1439.     linux:

  1440.       network:

  1441.         ...

  1442.         interface:

  1443.           br-prv:

  1444.             enabled: true

  1445.             type: dpdk_ovs_bridge

  1446.             address: 192.168.50.0

  1447.             netmask: 255.255.255.0

  1448.             tag: 101

  1449.             mtu: 9000

  1450. 

  1451. Linux storage

  1452. -------------

  1453. 

  1454. Linux with mounted Samba

  1455. 

  1456. .. code-block:: yaml

  1457. 

  1458.     linux:

  1459.       storage:

  1460.         enabled: true

  1461.         mount:

  1462.           samba1:

  1463.           - enabled: true

  1464.           - path: /media/myuser/public/

  1465.           - device: //192.168.0.1/storage

  1466.           - file_system: cifs

  1467.           - options: guest,uid=myuser,iocharset=utf8,file_mode=0777,dir_mode=0777,noperm

  1468. 

  1469. NFS mount

  1470. 

  1471. .. code-block:: yaml

  1472. 

  1473.   linux:

  1474.     storage:

  1475.       enabled: true

  1476.       mount:

  1477.         nfs_glance:

  1478.           enabled: true

  1479.           path: /var/lib/glance/images

  1480.           device: 172.16.10.110:/var/nfs/glance

  1481.           file_system: nfs

  1482.           opts: rw,sync

  1483. 

  1484. 

  1485. File swap configuration

  1486. 

  1487. .. code-block:: yaml

  1488. 

  1489.     linux:

  1490.       storage:

  1491.         enabled: true

  1492.         swap:

  1493.           file:

  1494.             enabled: true

  1495.             engine: file

  1496.             device: /swapfile

  1497.             size: 1024

  1498. 

  1499. Partition swap configuration

  1500. 

  1501. .. code-block:: yaml

  1502. 

  1503.     linux:

  1504.       storage:

  1505.         enabled: true

  1506.         swap:

  1507.           partition:

  1508.             enabled: true

  1509.             engine: partition

  1510.             device: /dev/vg0/swap

  1511. 

  1512. LVM group `vg1` with one device and `data` volume mounted into `/mnt/data`

  1513. 

  1514. .. code-block:: yaml

  1515. 

  1516.     parameters:

  1517.       linux:

  1518.         storage:

  1519.           mount:

  1520.             data:

  1521.               enabled: true

  1522.               device: /dev/vg1/data

  1523.               file_system: ext4

  1524.               path: /mnt/data

  1525.           lvm:

  1526.             vg1:

  1527.               enabled: true

  1528.               devices:

  1529.                 - /dev/sdb

  1530.               volume:

  1531.                 data:

  1532.                   size: 40G

  1533.                   mount: ${linux:storage:mount:data}

  1534. 

  1535. Create partitions on disk. Specify size in MB. It expects empty

  1536. disk without any existing partitions. (set startsector=1, if you want to start partitions from 2048)

  1537. 

  1538. .. code-block:: yaml

  1539. 

  1540.       linux:

  1541.         storage:

  1542.           disk:

  1543.             first_drive:

  1544.               startsector: 1

  1545.               name: /dev/loop1

  1546.               type: gpt

  1547.               partitions:

  1548.                 - size: 200 #size in MB

  1549.                   type: fat32

  1550.                 - size: 300 #size in MB

  1551.                   mkfs: True

  1552.                   type: xfs

  1553.             /dev/vda1:

  1554.               partitions:

  1555.                 - size: 5

  1556.                   type: ext2

  1557.                 - size: 10

  1558.                   type: ext4

  1559. 

  1560. Multipath with Fujitsu Eternus DXL

  1561. 

  1562. .. code-block:: yaml

  1563. 

  1564.     parameters:

  1565.       linux:

  1566.         storage:

  1567.           multipath:

  1568.             enabled: true

  1569.             blacklist_devices:

  1570.             - /dev/sda

  1571.             - /dev/sdb

  1572.             backends:

  1573.             - fujitsu_eternus_dxl

  1574. 

  1575. Multipath with Hitachi VSP 1000

  1576. 

  1577. .. code-block:: yaml

  1578. 

  1579.     parameters:

  1580.       linux:

  1581.         storage:

  1582.           multipath:

  1583.             enabled: true

  1584.             blacklist_devices:

  1585.             - /dev/sda

  1586.             - /dev/sdb

  1587.             backends:

  1588.             - hitachi_vsp1000

  1589. 

  1590. Multipath with IBM Storwize

  1591. 

  1592. .. code-block:: yaml

  1593. 

  1594.     parameters:

  1595.       linux:

  1596.         storage:

  1597.           multipath:

  1598.             enabled: true

  1599.             blacklist_devices:

  1600.             - /dev/sda

  1601.             - /dev/sdb

  1602.             backends:

  1603.             - ibm_storwize

  1604. 

  1605. Multipath with multiple backends

  1606. 

  1607. .. code-block:: yaml

  1608. 

  1609.     parameters:

  1610.       linux:

  1611.         storage:

  1612.           multipath:

  1613.             enabled: true

  1614.             blacklist_devices:

  1615.             - /dev/sda

  1616.             - /dev/sdb

  1617.             - /dev/sdc

  1618.             - /dev/sdd

  1619.             backends:

  1620.             - ibm_storwize

  1621.             - fujitsu_eternus_dxl

  1622.             - hitachi_vsp1000

  1623. 

  1624. PAM LDAP integration

  1625. 

  1626. .. code-block:: yaml

  1627. 

  1628.     parameters:

  1629.       linux:

  1630.         system:

  1631.           auth:

  1632.             enabled: true

  1633.             ldap:

  1634.               enabled: true

  1635.               binddn: cn=bind,ou=service_users,dc=example,dc=com

  1636.               bindpw: secret

  1637.               uri: ldap://127.0.0.1

  1638.               base: ou=users,dc=example,dc=com

  1639.               ldap_version: 3

  1640.               pagesize: 65536

  1641.               referrals: off

  1642.               filter:

  1643.                 passwd: (&(&(objectClass=person)(uidNumber=*))(unixHomeDirectory=*))

  1644.                 shadow: (&(&(objectClass=person)(uidNumber=*))(unixHomeDirectory=*))

  1645.                 group:  (&(objectClass=group)(gidNumber=*))

  1646. 

  1647. Disabled multipath (the default setup)

  1648. 

  1649. .. code-block:: yaml

  1650. 

  1651.     parameters:

  1652.       linux:

  1653.         storage:

  1654.           multipath:

  1655.             enabled: false

  1656. 

  1657. Linux with local loopback device

  1658. 

  1659. .. code-block:: yaml

  1660. 

  1661.     linux:

  1662.       storage:

  1663.         loopback:

  1664.           disk1:

  1665.             file: /srv/disk1

  1666.             size: 50G

  1667. 

  1668. External config generation

  1669. --------------------------

  1670. 

  1671. You are able to use config support metadata between formulas and only generate

  1672. config files for external use, eg. docker, etc.

  1673. 

  1674. .. code-block:: yaml

  1675. 

  1676.     parameters:

  1677.       linux:

  1678.         system:

  1679.           config:

  1680.             pillar:

  1681.               jenkins:

  1682.                 master:

  1683.                   home: /srv/volumes/jenkins

  1684.                   approved_scripts:

  1685.                     - method java.net.URL openConnection

  1686.                   credentials:

  1687.                     - type: username_password

  1688.                       scope: global

  1689.                       id: test

  1690.                       desc: Testing credentials

  1691.                       username: test

  1692.                       password: test

  1693. 

  1694. Netconsole Remote Kernel Logging

  1695. --------------------------------

  1696. 

  1697. Netconsole logger could be configured for configfs-enabled kernels

  1698. (`CONFIG_NETCONSOLE_DYNAMIC` should be enabled). Configuration applies both in

  1699. runtime (if network is already configured), and on-boot after interface

  1700. initialization. Notes:

  1701. 

  1702.  * receiver could be located only in same L3 domain

  1703.    (or you need to configure gateway MAC manually)

  1704.  * receiver's MAC is detected only on configuration time

  1705.  * using broadcast MAC is not recommended

  1706. 

  1707. .. code-block:: yaml

  1708. 

  1709.     parameters:

  1710.       linux:

  1711.         system:

  1712.           netconsole:

  1713.             enabled: true

  1714.             port: 514 (optional)

  1715.             loglevel: debug (optional)

  1716.             target:

  1717.               192.168.0.1:

  1718.                 interface: bond0

  1719.                 mac: "ff:ff:ff:ff:ff:ff" (optional)

  1720. 

  1721. Usage

  1722. =====

  1723. 

  1724. Set mtu of network interface eth0 to 1400

  1725. 

  1726. .. code-block:: bash

  1727. 

  1728.     ip link set dev eth0 mtu 1400

  1729. 

  1730. Read more

  1731. =========

  1732. 

  1733. * https://www.archlinux.org/

  1734. * http://askubuntu.com/questions/175172/how-do-i-configure-proxies-in-ubuntu-server-or-minimal-cli-ubuntu

  1735. 

  1736. Documentation and Bugs

  1737. ======================

  1738. 

  1739. To learn how to install and update salt-formulas, consult the documentation

  1740. available online at:

  1741. 

  1742.     http://salt-formulas.readthedocs.io/

  1743. 

  1744. In the unfortunate event that bugs are discovered, they should be reported to

  1745. the appropriate issue tracker. Use Github issue tracker for specific salt

  1746. formula:

  1747. 

  1748.     https://github.com/salt-formulas/salt-formula-linux/issues

  1749. 

  1750. For feature requests, bug reports or blueprints affecting entire ecosystem,

  1751. use Launchpad salt-formulas project:

  1752. 

  1753.     https://launchpad.net/salt-formulas

  1754. 

  1755. You can also join salt-formulas-users team and subscribe to mailing list:

  1756. 

  1757.     https://launchpad.net/~salt-formulas-users

  1758. 

  1759. Developers wishing to work on the salt-formulas projects should always base

  1760. their work on master branch and submit pull request against specific formula.

  1761. 

  1762.     https://github.com/salt-formulas/salt-formula-linux

  1763. 

  1764. Any questions or feedback is always welcome so feel free to join our IRC

  1765. channel:

  1766. 

  1767.     #salt-formulas @ irc.freenode.net