New Saltstack Salt formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

README.rst 14KB

9 vuotta sitten
9 vuotta sitten
9 vuotta sitten
9 vuotta sitten
9 vuotta sitten
8 vuotta sitten
9 vuotta sitten
9 vuotta sitten
8 vuotta sitten
9 vuotta sitten
9 vuotta sitten
8 vuotta sitten
8 vuotta sitten
9 vuotta sitten
9 vuotta sitten
8 vuotta sitten
9 vuotta sitten
8 vuotta sitten
8 vuotta sitten
9 vuotta sitten
8 vuotta sitten
9 vuotta sitten
8 vuotta sitten
9 vuotta sitten
8 vuotta sitten
9 vuotta sitten
8 vuotta sitten
9 vuotta sitten
8 vuotta sitten
9 vuotta sitten
8 vuotta sitten
9 vuotta sitten
8 vuotta sitten
9 vuotta sitten
9 vuotta sitten
8 vuotta sitten
8 vuotta sitten
9 vuotta sitten
8 vuotta sitten
9 vuotta sitten
8 vuotta sitten
9 vuotta sitten
8 vuotta sitten
9 vuotta sitten
8 vuotta sitten
9 vuotta sitten
8 vuotta sitten
9 vuotta sitten
8 vuotta sitten
9 vuotta sitten
8 vuotta sitten
9 vuotta sitten
8 vuotta sitten
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621
  1. ============
  2. Salt Formula
  3. ============
  4. Salt is a new approach to infrastructure management. Easy enough to get
  5. running in minutes, scalable enough to manage tens of thousands of servers,
  6. and fast enough to communicate with them in seconds.
  7. Salt delivers a dynamic communication bus for infrastructures that can be used
  8. for orchestration, remote execution, configuration management and much more.
  9. Sample Metadata
  10. ===============
  11. Salt master
  12. -----------
  13. Salt master with base formulas and pillar metadata backend
  14. .. literalinclude:: tests/pillar/master_single_pillar.sls
  15. :language: yaml
  16. Salt master with reclass ENC metadata backend
  17. .. literalinclude:: tests/pillar/master_single_reclass.sls
  18. :language: yaml
  19. Salt master with multiple ext_pillars
  20. .. literalinclude:: tests/pillar/master_single_extpillars.sls
  21. :language: yaml
  22. Salt master with API
  23. .. literalinclude:: tests/pillar/master_api.sls
  24. :language: yaml
  25. Salt master with defined user ACLs
  26. .. literalinclude:: tests/pillar/master_acl.sls
  27. :language: yaml
  28. Salt master with preset minions
  29. .. code-block:: yaml
  30. salt:
  31. master:
  32. enabled: true
  33. minions:
  34. - name: 'node1.system.location.domain.com'
  35. Salt master with pip based installation (optional)
  36. .. code-block:: yaml
  37. salt:
  38. master:
  39. enabled: true
  40. ...
  41. source:
  42. engine: pip
  43. version: 2016.3.0rc2
  44. Install formula through system package management
  45. .. code-block:: yaml
  46. salt:
  47. master:
  48. enabled: true
  49. ...
  50. environment:
  51. prd:
  52. keystone:
  53. source: pkg
  54. name: salt-formula-keystone
  55. nova:
  56. source: pkg
  57. name: salt-formula-keystone
  58. version: 0.1+0~20160818133412.24~1.gbp6e1ebb
  59. postresql:
  60. source: pkg
  61. name: salt-formula-postgresql
  62. version: purged
  63. Formula keystone is installed latest version and the formulas without version are installed in one call to aptpkg module.
  64. If the version attribute is present sls iterates over formulas and take action to install specific version or remove it.
  65. The version attribute may have these values ``[latest|purged|removed|<VERSION>]``.
  66. Clone master branch of keystone formula as local feature branch
  67. .. code-block:: yaml
  68. salt:
  69. master:
  70. enabled: true
  71. ...
  72. environment:
  73. dev:
  74. formula:
  75. keystone:
  76. source: git
  77. address: git@github.com:openstack/salt-formula-keystone.git
  78. revision: master
  79. branch: feature
  80. Salt master with specified formula refs (for example for Gerrit review)
  81. .. code-block:: yaml
  82. salt:
  83. master:
  84. enabled: true
  85. ...
  86. environment:
  87. dev:
  88. formula:
  89. keystone:
  90. source: git
  91. address: https://git.openstack.org/openstack/salt-formula-keystone
  92. revision: refs/changes/56/123456/1
  93. Salt master with logging handlers
  94. .. code-block:: yaml
  95. salt:
  96. master:
  97. enabled: true
  98. handler:
  99. handler01:
  100. engine: udp
  101. bind:
  102. host: 127.0.0.1
  103. port: 9999
  104. minion:
  105. handler:
  106. handler01:
  107. engine: udp
  108. bind:
  109. host: 127.0.0.1
  110. port: 9999
  111. handler02:
  112. engine: zmq
  113. bind:
  114. host: 127.0.0.1
  115. port: 9999
  116. Salt engine definition for saltgraph metadata collector
  117. .. code-block:: yaml
  118. salt:
  119. master:
  120. engine:
  121. graph_metadata:
  122. engine: saltgraph
  123. host: 127.0.0.1
  124. port: 5432
  125. user: salt
  126. password: salt
  127. database: salt
  128. Salt engine definition for sending events from docker events
  129. .. code-block:: yaml
  130. salt:
  131. master:
  132. engine:
  133. docker_events:
  134. docker_url: unix://var/run/docker.sock
  135. Salt master peer setup for remote certificate signing
  136. .. code-block:: yaml
  137. salt:
  138. master:
  139. peer:
  140. ".*":
  141. - x509.sign_remote_certificate
  142. Configure verbosity of state output (used for `salt` command)
  143. .. code-block:: yaml
  144. salt:
  145. master:
  146. state_output: changes
  147. Salt synchronise node pillar and modules after start
  148. .. code-block:: yaml
  149. salt:
  150. master:
  151. reactor:
  152. salt/minion/*/start:
  153. - salt://salt/reactor/node_start.sls
  154. Trigger basic node install
  155. .. code-block:: yaml
  156. salt:
  157. master:
  158. reactor:
  159. salt/minion/install:
  160. - salt://salt/reactor/node_install.sls
  161. Sample event to trigger the node installation
  162. .. code-block:: bash
  163. salt-call event.send 'salt/minion/install'
  164. Run any defined orchestration pipeline
  165. .. code-block:: yaml
  166. salt:
  167. master:
  168. reactor:
  169. salt/orchestrate/start:
  170. - salt://salt/reactor/orchestrate_start.sls
  171. Event to trigger the orchestration pipeline
  172. .. code-block:: bash
  173. salt-call event.send 'salt/orchestrate/start' "{'orchestrate': 'salt/orchestrate/infra_install.sls'}"
  174. Synchronise modules and pillars on minion start.
  175. .. code-block:: yaml
  176. salt:
  177. master:
  178. reactor:
  179. 'salt/minion/*/start':
  180. - salt://salt/reactor/minion_start.sls
  181. Add and/or remove the minion key
  182. .. code-block:: yaml
  183. salt:
  184. master:
  185. reactor:
  186. salt/key/create:
  187. - salt://salt/reactor/key_create.sls
  188. salt/key/remove:
  189. - salt://salt/reactor/key_remove.sls
  190. Event to trigger the key creation
  191. .. code-block:: bash
  192. salt-call event.send 'salt/key/create' \
  193. > "{'node_id': 'id-of-minion', 'node_host': '172.16.10.100', 'orch_post_create': 'kubernetes.orchestrate.compute_install', 'post_create_pillar': {'node_name': 'id-of-minion'}}"
  194. .. note::
  195. You can add pass additional `orch_pre_create`, `orch_post_create`,
  196. `orch_pre_remove` or `orch_post_remove` parameters to the event to call
  197. extra orchestrate files. This can be useful for example for
  198. registering/unregistering nodes from the monitoring alarms or dashboards.
  199. The key creation event needs to be run from other machine than the one
  200. being registered.
  201. Event to trigger the key removal
  202. .. code-block:: bash
  203. salt-call event.send 'salt/key/remove'
  204. Encrypted pillars
  205. -----------------
  206. Note: NACL + below configuration will be available in Salt > 2017.7.
  207. External resources:
  208. - Tutorial to configure salt + reclass ext_pillar and nacl: http://apealive.net/post/2017-09-salt-nacl-ext-pillar/
  209. - Saltstack documentation: https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.nacl.html
  210. Configure salt NACL module:
  211. .. code-block:: shell
  212. pip install --upgrade libnacl===1.5.2
  213. salt-call --local nacl.keygen /etc/salt/pki/master/nacl
  214. local:
  215. saved sk_file:/etc/salt/pki/master/nacl pk_file: /etc/salt/pki/master/nacl.pub
  216. .. code-block:: yaml
  217. salt:
  218. master:
  219. pillar:
  220. reclass: *reclass
  221. nacl:
  222. index: 99
  223. nacl:
  224. box_type: sealedbox
  225. sk_file: /etc/salt/pki/master/nacl
  226. pk_file: /etc/salt/pki/master/nacl.pub
  227. #sk: None
  228. #pk: None
  229. NACL encrypt secrets:
  230. salt-call --local nacl.enc 'my_secret_value' pk_file=/etc/salt/pki/master/nacl.pub
  231. hXTkJpC1hcKMS7yZVGESutWrkvzusXfETXkacSklIxYjfWDlMJmR37MlmthdIgjXpg4f2AlBKb8tc9Woma7q
  232. # or
  233. salt-run nacl.enc 'myotherpass'
  234. ADDFD0Rav6p6+63sojl7Htfrncp5rrDVyeE4BSPO7ipq8fZuLDIVAzQLf4PCbDqi+Fau5KD3/J/E+Pw=
  235. NACL encrypted values on pillar:
  236. Use Boxed syntax `NACL[CryptedValue=]` to encode value on pillar:
  237. .. code-block:: yaml
  238. my_pillar:
  239. my_nacl:
  240. key0: unencrypted_value
  241. key1: NACL[hXTkJpC1hcKMS7yZVGESutWrkvzusXfETXkacSklIxYjfWDlMJmR37MlmthdIgjXpg4f2AlBKb8tc9Woma7q]
  242. NACL large files:
  243. .. code-block:: shell
  244. salt-call nacl.enc_file /tmp/cert.crt out=/srv/salt/env/dev/cert.nacl
  245. # or more advanced
  246. cert=$(cat /tmp/cert.crt)
  247. salt-call --out=newline_values_only nacl.enc_pub data="$cert" > /srv/salt/env/dev/cert.nacl
  248. NACL within template/native pillars:
  249. pillarexample:
  250. user: root
  251. password1: {{salt.nacl.dec('DRB7Q6/X5gGSRCTpZyxS6hlbWj0llUA+uaVyvou3vJ4=')|json}}
  252. cert_key: {{salt.nacl.dec_file('/srv/salt/env/dev/certs/example.com/cert.nacl')|json}}
  253. cert_key2: {{salt.nacl.dec_file('salt:///certs/example.com/cert2.nacl')|json}}
  254. Salt syndic
  255. -----------
  256. The master of masters
  257. .. code-block:: yaml
  258. salt:
  259. master:
  260. enabled: true
  261. order_masters: True
  262. Lower syndicated master
  263. .. code-block:: yaml
  264. salt:
  265. syndic:
  266. enabled: true
  267. master:
  268. host: master-of-master-host
  269. timeout: 5
  270. Syndicated master with multiple master of masters
  271. .. code-block:: yaml
  272. salt:
  273. syndic:
  274. enabled: true
  275. masters:
  276. - host: master-of-master-host1
  277. - host: master-of-master-host2
  278. timeout: 5
  279. Salt-minion proxy
  280. -----------------
  281. Salt proxy pillar
  282. .. code-block:: yaml
  283. salt:
  284. minion:
  285. proxy_minion:
  286. master: localhost
  287. device:
  288. vsrx01.mydomain.local:
  289. enabled: true
  290. engine: napalm
  291. csr1000v.mydomain.local:
  292. enabled: true
  293. engine: napalm
  294. .. note:: This is pillar of the the real salt-minion
  295. Proxy pillar for IOS device
  296. .. code-block:: yaml
  297. proxy:
  298. proxytype: napalm
  299. driver: ios
  300. host: csr1000v.mydomain.local
  301. username: root
  302. passwd: r00tme
  303. .. note:: This is pillar of the node thats not able to run salt-minion itself
  304. Proxy pillar for JunOS device
  305. .. code-block:: yaml
  306. proxy:
  307. proxytype: napalm
  308. driver: junos
  309. host: vsrx01.mydomain.local
  310. username: root
  311. passwd: r00tme
  312. optional_args:
  313. config_format: set
  314. .. note:: This is pillar of the node thats not able to run salt-minion itself
  315. Salt SSH
  316. --------
  317. Salt SSH with sudoer using key
  318. .. literalinclude:: tests/pillar/master_ssh_minion_key.sls
  319. :language: yaml
  320. Salt SSH with sudoer using password
  321. .. literalinclude:: tests/pillar/master_ssh_minion_password.sls
  322. :language: yaml
  323. Salt SSH with root using password
  324. .. literalinclude:: tests/pillar/master_ssh_minion_root.sls
  325. :language: yaml
  326. Salt minion
  327. -----------
  328. Simplest Salt minion setup with central configuration node
  329. .. code-block:: yaml
  330. .. literalinclude:: tests/pillar/minion_master.sls
  331. :language: yaml
  332. Multi-master Salt minion setup
  333. .. literalinclude:: tests/pillar/minion_multi_master.sls
  334. :language: yaml
  335. Salt minion with salt mine options
  336. .. literalinclude:: tests/pillar/minion_mine.sls
  337. :language: yaml
  338. Salt minion with graphing dependencies
  339. .. literalinclude:: tests/pillar/minion_graph.sls
  340. :language: yaml
  341. Salt minion behind HTTP proxy
  342. .. code-block:: yaml
  343. salt:
  344. minion:
  345. proxy:
  346. host: 127.0.0.1
  347. port: 3128
  348. Salt minion to specify non-default HTTP backend. The default tornado backend
  349. does not respect HTTP proxy settings set as environment variables. This is
  350. useful for cases where you need to set no_proxy lists.
  351. .. code-block:: yaml
  352. salt:
  353. minion:
  354. backend: urllib2
  355. Salt minion with PKI certificate authority (CA)
  356. .. literalinclude:: tests/pillar/minion_pki_ca.sls
  357. :language: yaml
  358. Salt minion using PKI certificate
  359. .. literalinclude:: tests/pillar/minion_pki_cert.sls
  360. :language: yaml
  361. Salt minion trust CA certificates issued by salt CA on a specific host (ie: salt-master node)
  362. .. code-block:: yaml
  363. salt:
  364. minion:
  365. trusted_ca_minions:
  366. - cfg01
  367. Salt control (cloud/kvm/docker)
  368. -------------------------------
  369. Salt cloud with local OpenStack provider
  370. .. literalinclude:: tests/pillar/control_cloud_openstack.sls
  371. :language: yaml
  372. Salt cloud with Digital Ocean provider
  373. .. literalinclude:: tests/pillar/control_cloud_digitalocean.sls
  374. :language: yaml
  375. Salt virt with KVM cluster
  376. .. literalinclude:: tests/pillar/control_virt.sls
  377. :language: yaml
  378. Usage
  379. =====
  380. Working with salt-cloud
  381. .. code-block:: bash
  382. salt-cloud -m /path/to/map --assume-yes
  383. Debug LIBCLOUD for salt-cloud connection
  384. .. code-block:: bash
  385. export LIBCLOUD_DEBUG=/dev/stderr; salt-cloud --list-sizes provider_name --log-level all
  386. More Information
  387. ================
  388. * http://salt.readthedocs.org/en/latest/
  389. * https://github.com/DanielBryan/salt-state-graph
  390. * http://karlgrz.com/testing-salt-states-rapidly-with-docker/
  391. * https://mywushublog.com/2013/03/configuration-management-with-salt-stack/
  392. * http://russell.ballestrini.net/replace-the-nagios-scheduler-and-nrpe-with-salt-stack/
  393. * https://github.com/saltstack-formulas/salt-formula
  394. * http://docs.saltstack.com/en/latest/topics/tutorials/multimaster.html
  395. salt-cloud
  396. ----------
  397. * http://www.blog.sandro-mathys.ch/2013/07/setting-user-password-when-launching.html
  398. * http://cloudinit.readthedocs.org/en/latest/topics/examples.html
  399. * http://salt-cloud.readthedocs.org/en/latest/topics/install/index.html
  400. * http://docs.saltstack.com/topics/cloud/digitalocean.html
  401. * http://salt-cloud.readthedocs.org/en/latest/topics/rackspace.html
  402. * http://salt-cloud.readthedocs.org/en/latest/topics/map.html
  403. * http://docs.saltstack.com/en/latest/topics/tutorials/multimaster.html
  404. Documentation and Bugs
  405. ======================
  406. To learn how to install and update salt-formulas, consult the documentation
  407. available online at:
  408. http://salt-formulas.readthedocs.io/
  409. In the unfortunate event that bugs are discovered, they should be reported to
  410. the appropriate issue tracker. Use Github issue tracker for specific salt
  411. formula:
  412. https://github.com/salt-formulas/salt-formula-salt/issues
  413. For feature requests, bug reports or blueprints affecting entire ecosystem,
  414. use Launchpad salt-formulas project:
  415. https://launchpad.net/salt-formulas
  416. You can also join salt-formulas-users team and subscribe to mailing list:
  417. https://launchpad.net/~salt-formulas-users
  418. Developers wishing to work on the salt-formulas projects should always base
  419. their work on master branch and submit pull request against specific formula.
  420. https://github.com/salt-formulas/salt-formula-salt
  421. Any questions or feedback is always welcome so feel free to join our IRC
  422. channel:
  423. #salt-formulas @ irc.freenode.net