salt
/
salt-formula
Watch 2
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 7 Wiki Activity
New Saltstack Salt formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
354 Commits
26 Branches
Tree: d7549eaccd
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'd7549eaccd'
${ noResults }
salt-formula/README.rst

README.rst 19KB
Raw Normal View History

Initial commit
9 years ago
Reactor system, documentation fixes Change-Id: Ic64656c6fc3d4f561226d884b8bfb535dd537e14
7 years ago
Initial commit
9 years ago
Reactor system, documentation fixes Change-Id: Ic64656c6fc3d4f561226d884b8bfb535dd537e14
7 years ago
Initial commit
9 years ago
Reactor system, documentation fixes Change-Id: Ic64656c6fc3d4f561226d884b8bfb535dd537e14
7 years ago
Initial commit
9 years ago
Normalized documentation Change-Id: Idf6a88ca1ac0b6b5fd3976f2e27d8cb24d7a1b3d
6 years ago
Initial commit
9 years ago
Reactor system, documentation fixes Change-Id: Ic64656c6fc3d4f561226d884b8bfb535dd537e14
7 years ago
Initial commit
9 years ago
Provisioning overhaul
8 years ago
Initial commit
9 years ago
Reactor system, documentation fixes Change-Id: Ic64656c6fc3d4f561226d884b8bfb535dd537e14
7 years ago
Initial commit
9 years ago
Provisioning overhaul
8 years ago
Initial commit
9 years ago
SaltStack - Architect integration Change-Id: I96e16a3b203f9b3c9c150db1cb85e966bd14b573
6 years ago
allow-multiple-ext-pillars-and-reclass-options Change-Id: I336b0825712218e2381e1654251765a24581da00
7 years ago
Initial commit
9 years ago
Pillar test data
8 years ago
Salt ACL and API updates
8 years ago
Pillar test data
8 years ago
Initial commit
9 years ago
Reactor system, documentation fixes Change-Id: Ic64656c6fc3d4f561226d884b8bfb535dd537e14
7 years ago
Optional installation source - pip source:engine metadata created - defaults to pkg installation, pip installation alternative added
8 years ago
Reactor system, documentation fixes Change-Id: Ic64656c6fc3d4f561226d884b8bfb535dd537e14
7 years ago
Formula reset to specific refs (example: Gerrit review)
8 years ago
version to be specified for salt formula
7 years ago
Formula reset to specific refs (example: Gerrit review)
8 years ago
version to be specified for salt formula
7 years ago
Formula reset to specific refs (example: Gerrit review)
8 years ago
Add posibility to configure salt logging params: - LOG_FILE - LOG_LEVEL - LOG_LEVEL_LOGFILE Change-Id: Ic8c0c3bb2a4a80ba0590ca79d8e491dd4f840897
6 years ago
Reactor system, documentation fixes Change-Id: Ic64656c6fc3d4f561226d884b8bfb535dd537e14
7 years ago
Initial commit
9 years ago
Provisioning overhaul
8 years ago
Initial commit
9 years ago
Provisioning overhaul
8 years ago
Add support for salt master engines Change-Id: Ic9decbeaf57e9aba2f95c3dd616393dc32763fcc
7 years ago
SaltStack - Architect integration Change-Id: I96e16a3b203f9b3c9c150db1cb85e966bd14b573
6 years ago
Add support for salt master engines Change-Id: Ic9decbeaf57e9aba2f95c3dd616393dc32763fcc
7 years ago
Reactor system, documentation fixes Change-Id: Ic64656c6fc3d4f561226d884b8bfb535dd537e14
7 years ago
remote peer sign
8 years ago
Initial commit
9 years ago
Backup and restore of Salt master's state: pki and generated metadata Change-Id: I5c88d22589ec1fa6a9806c1a625b752dd4fc8b54
7 years ago
parametrize backup server side dir PROD-18191 Change-Id: I15c2cc66f0c0010408863b46c0dccf84730f31d9
6 years ago
Backup and restore of Salt master's state: pki and generated metadata Change-Id: I5c88d22589ec1fa6a9806c1a625b752dd4fc8b54
7 years ago
configure state_output This option can configure default output of state calls. Terse (default option) will make each call to be on single line and make salt output better. Change-Id: Id0987561e34a84fb26a796729d6ab3de3b9ae8e5
7 years ago
set state_output to "changes" Terse output is not enough for debugging. Change-Id: Ida9a4ef0a2ad053fc370d3833d716d9e8d38d814
7 years ago
configure state_output This option can configure default output of state calls. Terse (default option) will make each call to be on single line and make salt output better. Change-Id: Id0987561e34a84fb26a796729d6ab3de3b9ae8e5
7 years ago
Normalized documentation Change-Id: Idf6a88ca1ac0b6b5fd3976f2e27d8cb24d7a1b3d
6 years ago
Updated the windows repository support Change-Id: I9d834d67e29d7c6d0b11599b0b543427cf1d7706
6 years ago
Normalized documentation Change-Id: Idf6a88ca1ac0b6b5fd3976f2e27d8cb24d7a1b3d
6 years ago
allow-multiple-ext-pillars-and-reclass-options Change-Id: I336b0825712218e2381e1654251765a24581da00
7 years ago
Orchestrates and reactors Change-Id: I9e48e113656dd9f1ce644e98650276b36e444009
7 years ago
Reactor system, documentation fixes Change-Id: Ic64656c6fc3d4f561226d884b8bfb535dd537e14
7 years ago
Orchestrates and reactors Change-Id: I9e48e113656dd9f1ce644e98650276b36e444009
7 years ago
Reactor system, documentation fixes Change-Id: Ic64656c6fc3d4f561226d884b8bfb535dd537e14
7 years ago
Orchestrates and reactors Change-Id: I9e48e113656dd9f1ce644e98650276b36e444009
7 years ago
Minion key create/delete - reactors and orchestration pipelines Change-Id: I07e86cb5d132a83b2460deda08b8a7e65f379d33
7 years ago
Salt orchestrate pipeline stars based on reactor triggers Change-Id: I3f8ada34bf7e6e356bf6805d98eb0fa4bd66d8d3
7 years ago
Orchestrates and reactors Change-Id: I9e48e113656dd9f1ce644e98650276b36e444009
7 years ago
Salt orchestrate pipeline stars based on reactor triggers Change-Id: I3f8ada34bf7e6e356bf6805d98eb0fa4bd66d8d3
7 years ago
Orchestrates and reactors Change-Id: I9e48e113656dd9f1ce644e98650276b36e444009
7 years ago
Salt orchestrate pipeline stars based on reactor triggers Change-Id: I3f8ada34bf7e6e356bf6805d98eb0fa4bd66d8d3
7 years ago
Added support for sync modules and pillar after minion start Change-Id: Ia3b1e93e5f0b3da7097a285122d24c5b1d2b20e2
7 years ago
Minion key create/delete - reactors and orchestration pipelines Change-Id: I07e86cb5d132a83b2460deda08b8a7e65f379d33
7 years ago
Salt orchestrate pipeline stars based on reactor triggers Change-Id: I3f8ada34bf7e6e356bf6805d98eb0fa4bd66d8d3
7 years ago
Minion key create/delete - reactors and orchestration pipelines Change-Id: I07e86cb5d132a83b2460deda08b8a7e65f379d33
7 years ago
Salt orchestrate pipeline stars based on reactor triggers Change-Id: I3f8ada34bf7e6e356bf6805d98eb0fa4bd66d8d3
7 years ago
Minion key create/delete - reactors and orchestration pipelines Change-Id: I07e86cb5d132a83b2460deda08b8a7e65f379d33
7 years ago
Salt orchestrate pipeline stars based on reactor triggers Change-Id: I3f8ada34bf7e6e356bf6805d98eb0fa4bd66d8d3
7 years ago
Salt reactor features refactoring Change-Id: Ifac3f5e03099e8190db0a3af62a7be1f762f87be
7 years ago
Salt orchestrate pipeline stars based on reactor triggers Change-Id: I3f8ada34bf7e6e356bf6805d98eb0fa4bd66d8d3
7 years ago
Minion key create/delete - reactors and orchestration pipelines Change-Id: I07e86cb5d132a83b2460deda08b8a7e65f379d33
7 years ago
Reactor system, documentation fixes Change-Id: Ic64656c6fc3d4f561226d884b8bfb535dd537e14
7 years ago
[Feature] libvirt xml: pass rng to vm [Fix] Doc Issue: - It is not possible to pass [R]andom [N]umber [G]enerator device to libvirt guest xml in order to control entropy. - Doc has no information on how to provision vms using salt Solution: - Pass rng parameters via kwargs from node: pillar Attach rng xml object to generated xml. - Provide with an example Prod-Related: PROD-19214 Customer-Found Change-Id: Iea111f2d927edf46f06bb7ccfad06d37b752fba9
6 years ago
added option to manage VMs mac addresses Change-Id: I28bbc7a6b5810dfb56b8391a557aecd1fa523385
6 years ago
[Feature] libvirt xml: pass rng to vm [Fix] Doc Issue: - It is not possible to pass [R]andom [N]umber [G]enerator device to libvirt guest xml in order to control entropy. - Doc has no information on how to provision vms using salt Solution: - Pass rng parameters via kwargs from node: pillar Attach rng xml object to generated xml. - Provide with an example Prod-Related: PROD-19214 Customer-Found Change-Id: Iea111f2d927edf46f06bb7ccfad06d37b752fba9
6 years ago
add option to globally disable rng device related to bug: PROD-20139 Change-Id: I32fee91f22e0963ec60de63b4c6e020df92f9f3b
6 years ago
[Feature] libvirt xml: pass rng to vm [Fix] Doc Issue: - It is not possible to pass [R]andom [N]umber [G]enerator device to libvirt guest xml in order to control entropy. - Doc has no information on how to provision vms using salt Solution: - Pass rng parameters via kwargs from node: pillar Attach rng xml object to generated xml. - Provide with an example Prod-Related: PROD-19214 Customer-Found Change-Id: Iea111f2d927edf46f06bb7ccfad06d37b752fba9
6 years ago
add option to globally disable rng device related to bug: PROD-20139 Change-Id: I32fee91f22e0963ec60de63b4c6e020df92f9f3b
6 years ago
[Feature] libvirt xml: pass rng to vm [Fix] Doc Issue: - It is not possible to pass [R]andom [N]umber [G]enerator device to libvirt guest xml in order to control entropy. - Doc has no information on how to provision vms using salt Solution: - Pass rng parameters via kwargs from node: pillar Attach rng xml object to generated xml. - Provide with an example Prod-Related: PROD-19214 Customer-Found Change-Id: Iea111f2d927edf46f06bb7ccfad06d37b752fba9
6 years ago
added option to manage VMs mac addresses Change-Id: I28bbc7a6b5810dfb56b8391a557aecd1fa523385
6 years ago
allow-multiple-ext-pillars-and-reclass-options Change-Id: I336b0825712218e2381e1654251765a24581da00
7 years ago
Add support for jinja2 renderer options. (2018.2) Change-Id: Idf6c18597a222e6c1b60bf940eadb1d6d8a611c7
6 years ago
Normalized documentation Change-Id: Idf6a88ca1ac0b6b5fd3976f2e27d8cb24d7a1b3d
6 years ago
allow-multiple-ext-pillars-and-reclass-options Change-Id: I336b0825712218e2381e1654251765a24581da00
7 years ago
Normalized documentation Change-Id: Idf6a88ca1ac0b6b5fd3976f2e27d8cb24d7a1b3d
6 years ago
Reactor system, documentation fixes Change-Id: Ic64656c6fc3d4f561226d884b8bfb535dd537e14
7 years ago
Normalized documentation Change-Id: Idf6a88ca1ac0b6b5fd3976f2e27d8cb24d7a1b3d
6 years ago
salt-proxy Change-Id: I2aba1213b1dda46aee929b8ea583c41316e3eb0b
7 years ago
proxy_minion fix Change-Id: I73a4a14734651f6483fae169a2290e9c5b377d76
7 years ago
salt-proxy Change-Id: I2aba1213b1dda46aee929b8ea583c41316e3eb0b
7 years ago
Salt-ssh support
8 years ago
Normalized documentation Change-Id: Idf6a88ca1ac0b6b5fd3976f2e27d8cb24d7a1b3d
6 years ago
Salt-ssh support
8 years ago
Provisioning overhaul
8 years ago
Initial commit
9 years ago
Provisioning overhaul
8 years ago
Initial commit
9 years ago
Provisioning overhaul
8 years ago
Initial commit
9 years ago
Provisioning overhaul
8 years ago
Initial commit
9 years ago
Salt-ssh support
8 years ago
Initial commit
9 years ago
Provisioning overhaul
8 years ago
Initial commit
9 years ago
support for putting vm images in custom locations Change-Id: I685de4207f1f7f17264cc4ad2d81c3348ca20074
6 years ago
Initial commit
9 years ago
Provisioning overhaul
8 years ago
Normalized documentation Change-Id: Idf6a88ca1ac0b6b5fd3976f2e27d8cb24d7a1b3d
6 years ago
Initial commit
9 years ago
Provisioning overhaul
8 years ago
Initial commit
9 years ago
Provisioning overhaul
8 years ago
Unify Makefile, .gitignore and update readme
7 years ago
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837 
  1. 

  2. ============

  3. Salt Formula

  4. ============

  5. 

  6. Salt is a new approach to infrastructure management. Easy enough to get

  7. running in minutes, scalable enough to manage tens of thousands of servers,

  8. and fast enough to communicate with them in seconds.

  9. 

  10. Salt delivers a dynamic communication bus for infrastructures that can be used

  11. for orchestration, remote execution, configuration management and much more.

  12. 

  13. 

  14. Sample Metadata

  15. ===============

  16. 

  17. 

  18. Salt Master

  19. -----------

  20. 

  21. Salt master with base formulas and pillar metadata backend

  22. 

  23. .. literalinclude:: tests/pillar/master_single_pillar.sls

  24.    :language: yaml

  25. 

  26. Salt master with reclass ENC metadata backend

  27. 

  28. .. literalinclude:: tests/pillar/master_single_reclass.sls

  29.    :language: yaml

  30. 

  31. Salt master with Architect ENC metadata backend

  32. 

  33. .. code-block:: yaml

  34. 

  35.     salt:

  36.       master:

  37.         enabled: true

  38.         pillar:

  39.           engine: architect

  40.           project: project-name

  41.           host: architect-api

  42.           port: 8181

  43.           username: salt

  44.           password: password

  45. 

  46. Salt master with multiple ext_pillars

  47. 

  48. .. literalinclude:: tests/pillar/master_single_extpillars.sls

  49.    :language: yaml

  50. 

  51. Salt master with API

  52. 

  53. .. literalinclude:: tests/pillar/master_api.sls

  54.    :language: yaml

  55. 

  56. Salt master with defined user ACLs

  57. 

  58. .. literalinclude:: tests/pillar/master_acl.sls

  59.    :language: yaml

  60. 

  61. Salt master with preset minions

  62. 

  63. .. code-block:: yaml

  64. 

  65.     salt:

  66.       master:

  67.         enabled: true

  68.         minions:

  69.         - name: 'node1.system.location.domain.com'

  70. 

  71. Salt master with pip based installation (optional)

  72. 

  73. .. code-block:: yaml

  74. 

  75.     salt:

  76.       master:

  77.         enabled: true

  78.         ...

  79.         source:

  80.           engine: pip

  81.           version: 2016.3.0rc2

  82. 

  83. Install formula through system package management

  84. 

  85. .. code-block:: yaml

  86. 

  87.     salt:

  88.       master:

  89.         enabled: true

  90.         ...

  91.         environment:

  92.           prd:

  93.             keystone:

  94.               source: pkg

  95.               name: salt-formula-keystone

  96.             nova:

  97.               source: pkg

  98.               name: salt-formula-keystone

  99.               version: 0.1+0~20160818133412.24~1.gbp6e1ebb

  100.             postresql:

  101.               source: pkg

  102.               name: salt-formula-postgresql

  103.               version: purged

  104. 

  105. Formula keystone is installed latest version and the formulas without version are installed in one call to aptpkg module.

  106. If the version attribute is present sls iterates over formulas and take action to install specific version or remove it.

  107. The version attribute may have these values ``[latest|purged|removed|<VERSION>]``.

  108. 

  109. Clone master branch of keystone formula as local feature branch

  110. 

  111. .. code-block:: yaml

  112. 

  113.     salt:

  114.       master:

  115.         enabled: true

  116.         ...

  117.         environment:

  118.           dev:

  119.             formula:

  120.               keystone:

  121.                 source: git

  122.                 address: git@github.com:openstack/salt-formula-keystone.git

  123.                 revision: master

  124.                 branch: feature

  125. 

  126. Salt master with specified formula refs (for example for Gerrit review)

  127. 

  128. .. code-block:: yaml

  129. 

  130.     salt:

  131.       master:

  132.         enabled: true

  133.         ...

  134.         environment:

  135.           dev:

  136.             formula:

  137.               keystone:

  138.                 source: git

  139.                 address: https://git.openstack.org/openstack/salt-formula-keystone

  140.                 revision: refs/changes/56/123456/1

  141. 

  142. Salt master logging configuration

  143. 

  144. .. code-block:: yaml

  145. 

  146.     salt:

  147.       master:

  148.         enabled: true

  149.         log:

  150.           level: warning

  151.           file: '/var/log/salt/master'

  152.           level_logfile: warning

  153. 

  154. Salt minion logging configuration

  155. 

  156. .. code-block:: yaml

  157. 

  158.     salt:

  159.       minion:

  160.         enabled: true

  161.         log:

  162.           level: info

  163.           file: '/var/log/salt/minion'

  164.           level_logfile: warning

  165. 

  166. Salt master with logging handlers

  167. 

  168. .. code-block:: yaml

  169. 

  170.     salt:

  171.       master:

  172.         enabled: true

  173.         handler:

  174.           handler01:

  175.             engine: udp

  176.             bind:

  177.               host: 127.0.0.1

  178.               port: 9999

  179.       minion:

  180.         handler:

  181.           handler01:

  182.             engine: udp

  183.             bind:

  184.               host: 127.0.0.1

  185.               port: 9999

  186.           handler02:

  187.             engine: zmq

  188.             bind:

  189.               host: 127.0.0.1

  190.               port: 9999

  191. 

  192. Salt engine definition for saltgraph metadata collector

  193. 

  194. .. code-block:: yaml

  195. 

  196.     salt:

  197.       master:

  198.         engine:

  199.           graph_metadata:

  200.             engine: saltgraph

  201.             host: 127.0.0.1

  202.             port: 5432

  203.             user: salt

  204.             password: salt

  205.             database: salt

  206. 

  207. Salt engine definition for Architect service

  208. 

  209. .. code-block:: yaml

  210. 

  211.     salt:

  212.       master:

  213.         engine:

  214.           architect:

  215.             engine: architect

  216.             project: project-name

  217.             host: architect-api

  218.             port: 8181

  219.             username: salt

  220.             password: password

  221. 

  222. Salt engine definition for sending events from docker events

  223. 

  224. .. code-block:: yaml

  225. 

  226.     salt:

  227.       master:

  228.         engine:

  229.           docker_events:

  230.             docker_url: unix://var/run/docker.sock

  231. 

  232. Salt master peer setup for remote certificate signing

  233. 

  234. .. code-block:: yaml

  235. 

  236.     salt:

  237.       master:

  238.         peer:

  239.           ".*":

  240.           - x509.sign_remote_certificate

  241. 

  242. 

  243. Salt master backup configuration

  244. 

  245. .. code-block:: yaml

  246. 

  247.     salt:

  248.       master:

  249.         backup: true

  250.         initial_data:

  251.           engine: backupninja

  252.           home_dir: remote-backup-home-dir

  253.           source: backup-node-host

  254.           host: original-salt-master-id

  255. 

  256. Configure verbosity of state output (used for `salt` command)

  257. 

  258. .. code-block:: yaml

  259. 

  260.     salt:

  261.       master:

  262.         state_output: changes

  263. 

  264. Pass pillar render error to minion log

  265. 

  266. .. note:: When set to `False` this option is great for debuging.

  267.    However it is not recomended for any production environment as it may contain

  268.    templating data as passwords, etc... ,  that minion should not expose.

  269. 

  270. .. code-block:: yaml

  271. 

  272.     salt:

  273.       master:

  274.         pillar_safe_render_error: False

  275. 

  276. Enable Windows repo support

  277. 

  278. .. code-block:: yaml

  279. 

  280.     salt:

  281.       master:

  282.         win_repo:

  283.           source: git

  284.           address: https://github.com/saltstack/salt-winrepo-ng

  285.           revision: master

  286. 

  287. 

  288. Event/Reactor Systems

  289. ~~~~~~~~~~~~~~~~~~~~~

  290. 

  291. Salt synchronise node pillar and modules after start

  292. 

  293. .. code-block:: yaml

  294. 

  295.     salt:

  296.       master:

  297.         reactor:

  298.           salt/minion/*/start:

  299.           - salt://salt/reactor/node_start.sls

  300. 

  301. Trigger basic node install

  302. 

  303. .. code-block:: yaml

  304. 

  305.     salt:

  306.       master:

  307.         reactor:

  308.           salt/minion/install:

  309.           - salt://salt/reactor/node_install.sls

  310. 

  311. Sample event to trigger the node installation

  312. 

  313. .. code-block:: bash

  314. 

  315.     salt-call event.send 'salt/minion/install'

  316. 

  317. Run any defined orchestration pipeline

  318. 

  319. .. code-block:: yaml

  320. 

  321.     salt:

  322.       master:

  323.         reactor:

  324.           salt/orchestrate/start:

  325.           - salt://salt/reactor/orchestrate_start.sls

  326. 

  327. Event to trigger the orchestration pipeline

  328. 

  329. .. code-block:: bash

  330. 

  331.     salt-call event.send 'salt/orchestrate/start' "{'orchestrate': 'salt/orchestrate/infra_install.sls'}"

  332. 

  333. Synchronise modules and pillars on minion start.

  334. 

  335. .. code-block:: yaml

  336. 

  337.     salt:

  338.       master:

  339.         reactor:

  340.           'salt/minion/*/start':

  341.           - salt://salt/reactor/minion_start.sls

  342. 

  343. Add and/or remove the minion key

  344. 

  345. .. code-block:: yaml

  346. 

  347.     salt:

  348.       master:

  349.         reactor:

  350.           salt/key/create:

  351.           - salt://salt/reactor/key_create.sls

  352.           salt/key/remove:

  353.           - salt://salt/reactor/key_remove.sls

  354. 

  355. Event to trigger the key creation

  356. 

  357. .. code-block:: bash

  358. 

  359.     salt-call event.send 'salt/key/create' \

  360.     > "{'node_id': 'id-of-minion', 'node_host': '172.16.10.100', 'orch_post_create': 'kubernetes.orchestrate.compute_install', 'post_create_pillar': {'node_name': 'id-of-minion'}}"

  361. 

  362. .. note::

  363. 

  364.     You can add pass additional `orch_pre_create`, `orch_post_create`,

  365.     `orch_pre_remove` or `orch_post_remove` parameters to the event to call

  366.     extra orchestrate files. This can be useful for example for

  367.     registering/unregistering nodes from the monitoring alarms or dashboards.

  368. 

  369.     The key creation event needs to be run from other machine than the one

  370.     being registered.

  371. 

  372. Event to trigger the key removal

  373. 

  374. .. code-block:: bash

  375. 

  376.     salt-call event.send 'salt/key/remove'

  377. 

  378. Control VM provisioning

  379. 

  380. .. code-block:: yaml

  381. 

  382.     virt:

  383.       disk:

  384.         three_disks:

  385.           - system:

  386.               size: 4096

  387.               image: ubuntu.qcow

  388.           - repository_snapshot:

  389.               size: 8192

  390.               image: snapshot.qcow

  391.           - cinder-volume:

  392.               size: 2048

  393.       nic:

  394.         control:

  395.         - name: nic01

  396.           bridge: br-pxe

  397.           model: virtio

  398.         - name: nic02

  399.           bridge: br-cp

  400.           model: virtio

  401.         - name: nic03

  402.           bridge: br-store-front

  403.           model: virtio

  404.         - name: nic04

  405.           bridge: br-public

  406.           model: virtio

  407. 

  408. 

  409.     salt:

  410.       control:

  411.         enabled: true

  412.         virt_enabled: true

  413.         size:

  414.           medium_three_disks:

  415.             cpu: 2

  416.             ram: 4

  417.             disk_profile: three_disks

  418.         cluster:

  419.           mycluster:

  420.             domain: neco.virt.domain.com

  421.             engine: virt

  422.             #Option to set rng globaly

  423.             rng: false

  424.             node:

  425.               ubuntu1:

  426.                 provider: node01.domain.com

  427.                 image: ubuntu.qcow

  428.                 size: medium

  429.                 img_dest: /var/lib/libvirt/ssdimages

  430.                 #Rng defined on node will have higher priority then global one

  431.                 rng:

  432.                   backend: /dev/urandom

  433.                   model: random

  434.                   rate:

  435.                     period: '1800'

  436.                     bytes: '1500'

  437.                 mac:

  438.                   nic01: AC:DE:48:AA:AA:AA

  439.                   nic02: AC:DE:48:AA:AA:BB

  440. 

  441. 

  442. 

  443. Jinja options

  444. -------------

  445. 

  446. Use following options to update default jinja renderer options. Salt recognize Jinja options for templates and for sls files.

  447. 

  448. For full list of options check jinja documentation: http://jinja.pocoo.org/docs/api/#high-level-api.

  449. 

  450. .. code-block:: yaml

  451. 

  452. 

  453.   salt:

  454.     renderer:

  455.       # for templates

  456.       jinja: &jina_env

  457.         # Default Jinja environment options

  458.         block_start_string: '{%'

  459.         block_end_string: '%}'

  460.         variable_start_string: '{{'

  461.         variable_end_string: '}}'

  462.         comment_start_string: '{#'

  463.         comment_end_string: '#}'

  464.         keep_trailing_newline: False

  465.         newline_sequence: '\n'

  466. 

  467.         # Next two are enabled by default in Salt

  468.         trim_blocks: True

  469.         lstrip_blocks: True

  470. 

  471.         # Next two are not enabled by default in Salt

  472.         # but worth to consider to enable in future for salt-formulas

  473.         line_statement_prefix: '%'

  474.         line_comment_prefix: '##'

  475. 

  476.       # for .sls state files

  477.       jinja_sls: *jinja_env

  478. 

  479. 

  480. 

  481. With the line_statement/comment* _prefix options enabled following code statements are valid:

  482. 

  483. .. code-block:: yaml

  484.    %- set myvar = 'one'

  485. 

  486.    ## You can mix even with '{%'

  487.    {%- set myvar = 'two' %} ## comment

  488.    %- set mylist = ['one', 'two', 'three'] ## comment

  489. 

  490.    ## comment

  491.    %- for item in mylist:  ## comment

  492.    {{- item }}

  493.    %- endfor

  494. 

  495. 

  496. Encrypted pillars

  497. ~~~~~~~~~~~~~~~~~

  498. 

  499. Note: NACL + below configuration will be available in Salt > 2017.7.

  500. 

  501. External resources:

  502. 

  503. - Tutorial to configure salt + reclass ext_pillar and nacl: http://apealive.net/post/2017-09-salt-nacl-ext-pillar/

  504. - Saltstack documentation: https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.nacl.html

  505. 

  506. Configure salt NACL module:

  507. 

  508. .. code-block:: shell

  509. 

  510.   pip install --upgrade libnacl===1.5.2

  511.   salt-call --local nacl.keygen /etc/salt/pki/master/nacl

  512. 

  513.     local:

  514.         saved sk_file:/etc/salt/pki/master/nacl  pk_file: /etc/salt/pki/master/nacl.pub

  515. 

  516. 

  517. .. code-block:: yaml

  518. 

  519.     salt:

  520.       master:

  521.         pillar:

  522.           reclass: *reclass

  523.           nacl:

  524.             index: 99

  525.         nacl:

  526.           box_type: sealedbox

  527.           sk_file: /etc/salt/pki/master/nacl

  528.           pk_file: /etc/salt/pki/master/nacl.pub

  529.           #sk: None

  530.           #pk: None

  531. 

  532. NACL encrypt secrets:

  533. 

  534.   salt-call --local nacl.enc 'my_secret_value' pk_file=/etc/salt/pki/master/nacl.pub

  535.     hXTkJpC1hcKMS7yZVGESutWrkvzusXfETXkacSklIxYjfWDlMJmR37MlmthdIgjXpg4f2AlBKb8tc9Woma7q

  536.   # or

  537.   salt-run nacl.enc 'myotherpass'

  538.     ADDFD0Rav6p6+63sojl7Htfrncp5rrDVyeE4BSPO7ipq8fZuLDIVAzQLf4PCbDqi+Fau5KD3/J/E+Pw=

  539. 

  540. 

  541. NACL encrypted values on pillar:

  542. 

  543. Use Boxed syntax `NACL[CryptedValue=]` to encode value on pillar:

  544. 

  545. .. code-block:: yaml

  546. 

  547.   my_pillar:

  548.     my_nacl:

  549.         key0: unencrypted_value

  550.         key1: NACL[hXTkJpC1hcKMS7yZVGESutWrkvzusXfETXkacSklIxYjfWDlMJmR37MlmthdIgjXpg4f2AlBKb8tc9Woma7q]

  551. 

  552. NACL large files:

  553. 

  554. .. code-block:: shell

  555.   salt-call nacl.enc_file /tmp/cert.crt out=/srv/salt/env/dev/cert.nacl

  556.   # or more advanced

  557.   cert=$(cat /tmp/cert.crt)

  558.   salt-call --out=newline_values_only nacl.enc_pub data="$cert" > /srv/salt/env/dev/cert.nacl

  559. 

  560. 

  561. NACL within template/native pillars:

  562. 

  563.   pillarexample:

  564.       user: root

  565.       password1: {{salt.nacl.dec('DRB7Q6/X5gGSRCTpZyxS6hlbWj0llUA+uaVyvou3vJ4=')|json}}

  566.       cert_key: {{salt.nacl.dec_file('/srv/salt/env/dev/certs/example.com/cert.nacl')|json}}

  567.       cert_key2: {{salt.nacl.dec_file('salt:///certs/example.com/cert2.nacl')|json}}

  568. 

  569. 

  570. Salt Syndic

  571. -----------

  572. 

  573. The master of masters

  574. 

  575. .. code-block:: yaml

  576. 

  577.     salt:

  578.       master:

  579.         enabled: true

  580.         order_masters: True

  581. 

  582. Lower syndicated master

  583. 

  584. .. code-block:: yaml

  585. 

  586.     salt:

  587.       syndic:

  588.         enabled: true

  589.         master:

  590.           host: master-of-master-host

  591.         timeout: 5

  592. 

  593. Syndicated master with multiple master of masters

  594. 

  595. .. code-block:: yaml

  596. 

  597.     salt:

  598.       syndic:

  599.         enabled: true

  600.         masters:

  601.         - host: master-of-master-host1

  602.         - host: master-of-master-host2

  603.         timeout: 5

  604. 

  605. 

  606. Salt Minion

  607. -----------

  608. 

  609. Simplest Salt minion setup with central configuration node

  610. 

  611. .. code-block:: yaml

  612. 

  613. .. literalinclude:: tests/pillar/minion_master.sls

  614.    :language: yaml

  615. 

  616. Multi-master Salt minion setup

  617. 

  618. .. literalinclude:: tests/pillar/minion_multi_master.sls

  619.    :language: yaml

  620. 

  621. Salt minion with salt mine options

  622. 

  623. .. literalinclude:: tests/pillar/minion_mine.sls

  624.    :language: yaml

  625. 

  626. Salt minion with graphing dependencies

  627. 

  628. .. literalinclude:: tests/pillar/minion_graph.sls

  629.    :language: yaml

  630. 

  631. Salt minion behind HTTP proxy

  632. 

  633. .. code-block:: yaml

  634. 

  635.     salt:

  636.       minion:

  637.         proxy:

  638.           host: 127.0.0.1

  639.           port: 3128

  640. 

  641. Salt minion to specify non-default HTTP backend. The default tornado backend

  642. does not respect HTTP proxy settings set as environment variables. This is

  643. useful for cases where you need to set no_proxy lists.

  644. 

  645. .. code-block:: yaml

  646. 

  647.     salt:

  648.       minion:

  649.         backend: urllib2

  650. 

  651. 

  652. Salt minion with PKI certificate authority (CA)

  653. 

  654. .. literalinclude:: tests/pillar/minion_pki_ca.sls

  655.    :language: yaml

  656. 

  657. Salt minion using PKI certificate

  658. 

  659. .. literalinclude:: tests/pillar/minion_pki_cert.sls

  660.    :language: yaml

  661. 

  662. Salt minion trust CA certificates issued by salt CA on a specific host (ie: salt-master node)

  663. 

  664. .. code-block:: yaml

  665. 

  666.   salt:

  667.     minion:

  668.       trusted_ca_minions:

  669.         - cfg01

  670. 

  671. 

  672. Salt Minion Proxy

  673. ~~~~~~~~~~~~~~~~~

  674. 

  675. Salt proxy pillar

  676. 

  677. .. code-block:: yaml

  678. 

  679.     salt:

  680.       minion:

  681.         proxy_minion:

  682.           master: localhost

  683.           device:

  684.             vsrx01.mydomain.local:

  685.               enabled: true

  686.               engine: napalm

  687.             csr1000v.mydomain.local:

  688.               enabled: true

  689.               engine: napalm

  690. 

  691. .. note:: This is pillar of the the real salt-minion

  692. 

  693. 

  694. Proxy pillar for IOS device

  695. 

  696. .. code-block:: yaml

  697. 

  698.     proxy:

  699.       proxytype: napalm

  700.       driver: ios

  701.       host: csr1000v.mydomain.local

  702.       username: root

  703.       passwd: r00tme

  704. 

  705. .. note:: This is pillar of the node thats not able to run salt-minion itself

  706. 

  707. 

  708. Proxy pillar for JunOS device

  709. 

  710. .. code-block:: yaml

  711. 

  712.     proxy:

  713.       proxytype: napalm

  714.       driver: junos

  715.       host: vsrx01.mydomain.local

  716.       username: root

  717.       passwd: r00tme

  718.       optional_args:

  719.         config_format: set

  720. 

  721. .. note:: This is pillar of the node thats not able to run salt-minion itself

  722. 

  723. 

  724. Salt SSH

  725. ~~~~~~~~

  726. 

  727. Salt SSH with sudoer using key

  728. 

  729. .. literalinclude:: tests/pillar/master_ssh_minion_key.sls

  730.    :language: yaml

  731. 

  732. Salt SSH with sudoer using password

  733. 

  734. .. literalinclude:: tests/pillar/master_ssh_minion_password.sls

  735.    :language: yaml

  736. 

  737. Salt SSH with root using password

  738. 

  739. .. literalinclude:: tests/pillar/master_ssh_minion_root.sls

  740.    :language: yaml

  741. 

  742. Salt control (cloud/kvm/docker)

  743. -------------------------------

  744. 

  745. Salt cloud with local OpenStack provider

  746. 

  747. .. literalinclude:: tests/pillar/control_cloud_openstack.sls

  748.    :language: yaml

  749. 

  750. Salt cloud with Digital Ocean provider

  751. 

  752. .. literalinclude:: tests/pillar/control_cloud_digitalocean.sls

  753.    :language: yaml

  754. 

  755. Salt virt with KVM cluster

  756. 

  757. .. literalinclude:: tests/pillar/control_virt.sls

  758.    :language: yaml

  759. 

  760. salt virt with custom destination for image file

  761. 

  762. .. literalinclude:: tests/pillar/control_virt_custom.sls

  763.    :language: yaml

  764. 

  765. 

  766. Usage

  767. =====

  768. 

  769. Working with salt-cloud

  770. 

  771. .. code-block:: bash

  772. 

  773.     salt-cloud -m /path/to/map --assume-yes

  774. 

  775. Debug LIBCLOUD for salt-cloud connection

  776. 

  777. .. code-block:: bash

  778. 

  779.     export LIBCLOUD_DEBUG=/dev/stderr; salt-cloud --list-sizes provider_name --log-level all

  780. 

  781. 

  782. References

  783. ==========

  784. 

  785. * http://salt.readthedocs.org/en/latest/

  786. * https://github.com/DanielBryan/salt-state-graph

  787. * http://karlgrz.com/testing-salt-states-rapidly-with-docker/

  788. * https://mywushublog.com/2013/03/configuration-management-with-salt-stack/

  789. * http://russell.ballestrini.net/replace-the-nagios-scheduler-and-nrpe-with-salt-stack/

  790. * https://github.com/saltstack-formulas/salt-formula

  791. * http://docs.saltstack.com/en/latest/topics/tutorials/multimaster.html

  792. 

  793. 

  794. salt-cloud

  795. ----------

  796. 

  797. * http://www.blog.sandro-mathys.ch/2013/07/setting-user-password-when-launching.html

  798. * http://cloudinit.readthedocs.org/en/latest/topics/examples.html

  799. * http://salt-cloud.readthedocs.org/en/latest/topics/install/index.html

  800. * http://docs.saltstack.com/topics/cloud/digitalocean.html

  801. * http://salt-cloud.readthedocs.org/en/latest/topics/rackspace.html

  802. * http://salt-cloud.readthedocs.org/en/latest/topics/map.html

  803. * http://docs.saltstack.com/en/latest/topics/tutorials/multimaster.html

  804. 

  805. 

  806. Documentation and Bugs

  807. ======================

  808. 

  809. To learn how to install and update salt-formulas, consult the documentation

  810. available online at:

  811. 

  812.     http://salt-formulas.readthedocs.io/

  813. 

  814. In the unfortunate event that bugs are discovered, they should be reported to

  815. the appropriate issue tracker. Use Github issue tracker for specific salt

  816. formula:

  817. 

  818.     https://github.com/salt-formulas/salt-formula-salt/issues

  819. 

  820. For feature requests, bug reports or blueprints affecting entire ecosystem,

  821. use Launchpad salt-formulas project:

  822. 

  823.     https://launchpad.net/salt-formulas

  824. 

  825. You can also join salt-formulas-users team and subscribe to mailing list:

  826. 

  827.     https://launchpad.net/~salt-formulas-users

  828. 

  829. Developers wishing to work on the salt-formulas projects should always base

  830. their work on master branch and submit pull request against specific formula.

  831. 

  832.     https://github.com/salt-formulas/salt-formula-salt

  833. 

  834. Any questions or feedback is always welcome so feel free to join our IRC

  835. channel:

  836. 

  837.     #salt-formulas @ irc.freenode.net