New Saltstack Salt formula

README.rst 23KB

9 vuotta sitten
9 vuotta sitten
9 vuotta sitten
9 vuotta sitten
9 vuotta sitten
9 vuotta sitten
9 vuotta sitten
9 vuotta sitten
9 vuotta sitten
9 vuotta sitten
9 vuotta sitten
9 vuotta sitten
8 vuotta sitten
8 vuotta sitten
9 vuotta sitten
9 vuotta sitten
9 vuotta sitten
9 vuotta sitten
9 vuotta sitten
9 vuotta sitten
8 vuotta sitten
9 vuotta sitten
6 vuotta sitten
6 vuotta sitten
6 vuotta sitten
8 vuotta sitten
8 vuotta sitten
8 vuotta sitten
8 vuotta sitten
8 vuotta sitten
9 vuotta sitten
9 vuotta sitten
9 vuotta sitten
9 vuotta sitten
9 vuotta sitten
9 vuotta sitten
9 vuotta sitten
9 vuotta sitten
9 vuotta sitten
9 vuotta sitten
9 vuotta sitten
9 vuotta sitten
9 vuotta sitten
9 vuotta sitten
9 vuotta sitten
9 vuotta sitten
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960
  1. =====
  2. Usage
  3. =====
  4. Salt is a new approach to infrastructure management. Easy enough to get
  5. running in minutes, scalable enough to manage tens of thousands of servers,
  6. and fast enough to communicate with them in seconds.
  7. Salt delivers a dynamic communication bus for infrastructures that can be used
  8. for orchestration, remote execution, configuration management and much more.
  9. Sample Metadata
  10. ===============
  11. Salt Master
  12. -----------
  13. Salt master with base formulas and pillar metadata back end:
  14. .. literalinclude:: tests/pillar/master_single_pillar.sls
  15. :language: yaml
  16. Salt master with reclass ENC metadata back end:
  17. .. literalinclude:: tests/pillar/master_single_reclass.sls
  18. :language: yaml
  19. Salt master with Architect ENC metadata back end:
  20. .. code-block:: yaml
  21. salt:
  22. master:
  23. enabled: true
  24. pillar:
  25. engine: architect
  26. project: project-name
  27. host: architect-api
  28. port: 8181
  29. username: salt
  30. password: password
  31. Salt master with multiple ``ext_pillars``:
  32. .. code-block:: yaml
  33. salt:
  34. master:
  35. enabled: true
  36. pillar:
  37. engine: salt
  38. source:
  39. engine: local
  40. ext_pillars:
  41. 1:
  42. module: cmd_json
  43. params: '"echo {\"arg\": \"val\"}"'
  44. 2:
  45. module: cmd_yaml
  46. params: /usr/local/bin/get_yml.sh
  47. Salt master with API:
  48. .. literalinclude:: tests/pillar/master_api.sls
  49. :language: yaml
  50. Salt master with defined user ACLs:
  51. .. literalinclude:: tests/pillar/master_acl.sls
  52. :language: yaml
  53. Salt master with preset minions:
  54. .. code-block:: yaml
  55. salt:
  56. master:
  57. enabled: true
  58. minions:
  59. - name: 'node1.system.location.domain.com'
  60. Salt master with pip based installation (optional):
  61. .. code-block:: yaml
  62. salt:
  63. master:
  64. enabled: true
  65. ...
  66. source:
  67. engine: pip
  68. version: 2016.3.0rc2
  69. Install formula through system package management:
  70. .. code-block:: yaml
  71. salt:
  72. master:
  73. enabled: true
  74. ...
  75. environment:
  76. prd:
  77. keystone:
  78. source: pkg
  79. name: salt-formula-keystone
  80. nova:
  81. source: pkg
  82. name: salt-formula-keystone
  83. version: 0.1+0~20160818133412.24~1.gbp6e1ebb
  84. postresql:
  85. source: pkg
  86. name: salt-formula-postgresql
  87. version: purged
  88. Formula keystone is installed latest version and the formulas
  89. without version are installed in one call to aptpkg module.
  90. If the version attribute is present sls iterates over formulas
  91. and take action to install specific version or remove it.
  92. The version attribute may have these values
  93. ``[latest|purged|removed|<VERSION>]``.
  94. Clone master branch of keystone formula as local feature branch:
  95. .. code-block:: yaml
  96. salt:
  97. master:
  98. enabled: true
  99. ...
  100. environment:
  101. dev:
  102. formula:
  103. keystone:
  104. source: git
  105. address: git@github.com:openstack/salt-formula-keystone.git
  106. revision: master
  107. branch: feature
  108. Salt master with specified formula refs (for example, for Gerrit
  109. review):
  110. .. code-block:: yaml
  111. salt:
  112. master:
  113. enabled: true
  114. ...
  115. environment:
  116. dev:
  117. formula:
  118. keystone:
  119. source: git
  120. address: https://git.openstack.org/openstack/salt-formula-keystone
  121. revision: refs/changes/56/123456/1
  122. Salt master logging configuration:
  123. .. code-block:: yaml
  124. salt:
  125. master:
  126. enabled: true
  127. log:
  128. level: warning
  129. file: '/var/log/salt/master'
  130. level_logfile: warning
  131. Salt minion logging configuration:
  132. .. code-block:: yaml
  133. salt:
  134. minion:
  135. enabled: true
  136. log:
  137. level: info
  138. file: '/var/log/salt/minion'
  139. level_logfile: warning
  140. Salt master with logging handlers:
  141. .. code-block:: yaml
  142. salt:
  143. master:
  144. enabled: true
  145. handler:
  146. handler01:
  147. engine: udp
  148. bind:
  149. host: 127.0.0.1
  150. port: 9999
  151. minion:
  152. handler:
  153. handler01:
  154. engine: udp
  155. bind:
  156. host: 127.0.0.1
  157. port: 9999
  158. handler02:
  159. engine: zmq
  160. bind:
  161. host: 127.0.0.1
  162. port: 9999
  163. Salt engine definition for saltgraph metadata collector:
  164. .. code-block:: yaml
  165. salt:
  166. master:
  167. engine:
  168. graph_metadata:
  169. engine: saltgraph
  170. host: 127.0.0.1
  171. port: 5432
  172. user: salt
  173. password: salt
  174. database: salt
  175. Salt engine definition for Architect service:
  176. .. code-block:: yaml
  177. salt:
  178. master:
  179. engine:
  180. architect:
  181. engine: architect
  182. project: project-name
  183. host: architect-api
  184. port: 8181
  185. username: salt
  186. password: password
  187. Salt engine definition for sending events from docker events:
  188. .. code-block:: yaml
  189. salt:
  190. master:
  191. engine:
  192. docker_events:
  193. docker_url: unix://var/run/docker.sock
  194. Salt master peer setup for remote certificate signing:
  195. .. code-block:: yaml
  196. salt:
  197. master:
  198. peer:
  199. ".*":
  200. - x509.sign_remote_certificate
  201. Salt master backup configuration:
  202. .. code-block:: yaml
  203. salt:
  204. master:
  205. backup: true
  206. initial_data:
  207. engine: backupninja
  208. home_dir: remote-backup-home-dir
  209. source: backup-node-host
  210. host: original-salt-master-id
  211. Configure verbosity of state output (used for :command:`salt`
  212. command):
  213. .. code-block:: yaml
  214. salt:
  215. master:
  216. state_output: changes
  217. Pass pillar render error to minion log:
  218. .. note:: When set to `False` this option is great for debuging.
  219. However it is not recomended for any production environment as it may contain
  220. templating data as passwords, and so on, that minion should not expose.
  221. .. code-block:: yaml
  222. salt:
  223. master:
  224. pillar_safe_render_error: False
  225. Enable Windows repository support:
  226. .. code-block:: yaml
  227. salt:
  228. master:
  229. win_repo:
  230. source: git
  231. address: https://github.com/saltstack/salt-winrepo-ng
  232. revision: master
  233. Configure a gitfs_remotes resource:
  234. .. code-block:: yaml
  235. salt:
  236. master:
  237. gitfs_remotes:
  238. salt_formula:
  239. url: https://github.com/salt-formulas/salt-formula-salt.git
  240. enabled: true
  241. params:
  242. base: master
  243. Read more about gitfs resource options in the official Salt documentation.
  244. Event/Reactor systems
  245. ~~~~~~~~~~~~~~~~~~~~~
  246. Salt to synchronize node pillar and modules after start:
  247. .. code-block:: yaml
  248. salt:
  249. master:
  250. reactor:
  251. salt/minion/*/start:
  252. - salt://salt/reactor/node_start.sls
  253. Trigger basic node install:
  254. .. code-block:: yaml
  255. salt:
  256. master:
  257. reactor:
  258. salt/minion/install:
  259. - salt://salt/reactor/node_install.sls
  260. Sample event to trigger the node installation:
  261. .. code-block:: bash
  262. salt-call event.send 'salt/minion/install'
  263. Run any defined orchestration pipeline:
  264. .. code-block:: yaml
  265. salt:
  266. master:
  267. reactor:
  268. salt/orchestrate/start:
  269. - salt://salt/reactor/orchestrate_start.sls
  270. Event to trigger the orchestration pipeline:
  271. .. code-block:: bash
  272. salt-call event.send 'salt/orchestrate/start' "{'orchestrate': 'salt/orchestrate/infra_install.sls'}"
  273. Synchronise modules and pillars on minion start:
  274. .. code-block:: yaml
  275. salt:
  276. master:
  277. reactor:
  278. 'salt/minion/*/start':
  279. - salt://salt/reactor/minion_start.sls
  280. Add and/or remove the minion key:
  281. .. code-block:: yaml
  282. salt:
  283. master:
  284. reactor:
  285. salt/key/create:
  286. - salt://salt/reactor/key_create.sls
  287. salt/key/remove:
  288. - salt://salt/reactor/key_remove.sls
  289. Event to trigger the key creation:
  290. .. code-block:: bash
  291. salt-call event.send 'salt/key/create' \
  292. > "{'node_id': 'id-of-minion', 'node_host': '172.16.10.100', 'orch_post_create': 'kubernetes.orchestrate.compute_install', 'post_create_pillar': {'node_name': 'id-of-minion'}}"
  293. .. note::
  294. You can add pass additional ``orch_pre_create``, ``orch_post_create``,
  295. ``orch_pre_remove`` or ``orch_post_remove`` parameters to the event
  296. to call extra orchestrate files. This can be useful for example for
  297. registering/unregistering nodes from the monitoring alarms or dashboards.
  298. The key creation event needs to be run from other machine than the one
  299. being registered.
  300. Event to trigger the key removal:
  301. .. code-block:: bash
  302. salt-call event.send 'salt/key/remove'
  303. Control VM provisioning:
  304. .. code-block:: yaml
  305. _param:
  306. private-ipv4: &private-ipv4
  307. - id: private-ipv4
  308. type: ipv4
  309. link: ens2
  310. netmask: 255.255.255.0
  311. routes:
  312. - gateway: 192.168.0.1
  313. netmask: 0.0.0.0
  314. network: 0.0.0.0
  315. virt:
  316. disk:
  317. three_disks:
  318. - system:
  319. size: 4096
  320. image: ubuntu.qcow
  321. - repository_snapshot:
  322. size: 8192
  323. image: snapshot.qcow
  324. - cinder-volume:
  325. size: 2048
  326. nic:
  327. control:
  328. - name: nic01
  329. bridge: br-pxe
  330. model: virtio
  331. - name: nic02
  332. bridge: br-cp
  333. model: virtio
  334. - name: nic03
  335. bridge: br-store-front
  336. model: virtio
  337. - name: nic04
  338. bridge: br-public
  339. model: virtio
  340. - name: nic05
  341. bridge: br-prv
  342. model: virtio
  343. virtualport:
  344. type: openvswitch
  345. salt:
  346. control:
  347. enabled: true
  348. virt_enabled: true
  349. size:
  350. medium_three_disks:
  351. cpu: 2
  352. ram: 4
  353. disk_profile: three_disks
  354. cluster:
  355. mycluster:
  356. domain: neco.virt.domain.com
  357. engine: virt
  358. # Cluster global settings
  359. rng: false
  360. enable_vnc: True
  361. seed: cloud-init
  362. cloud_init:
  363. user_data:
  364. disable_ec2_metadata: true
  365. resize_rootfs: True
  366. timezone: UTC
  367. ssh_deletekeys: True
  368. ssh_genkeytypes: ['rsa', 'dsa', 'ecdsa']
  369. ssh_svcname: ssh
  370. locale: en_US.UTF-8
  371. disable_root: true
  372. apt_preserve_sources_list: false
  373. apt:
  374. sources_list: ""
  375. sources:
  376. ubuntu.list:
  377. source: ${linux:system:repo:ubuntu:source}
  378. mcp_saltstack.list:
  379. source: ${linux:system:repo:mcp_saltstack:source}
  380. node:
  381. ubuntu1:
  382. provider: node01.domain.com
  383. image: ubuntu.qcow
  384. size: medium
  385. img_dest: /var/lib/libvirt/ssdimages
  386. # Node settings override cluster global ones
  387. enable_vnc: False
  388. rng:
  389. backend: /dev/urandom
  390. model: random
  391. rate:
  392. period: '1800'
  393. bytes: '1500'
  394. # Custom per-node loader definition (e.g. for AArch64 UEFI)
  395. loader:
  396. readonly: yes
  397. type: pflash
  398. path: /usr/share/AAVMF/AAVMF_CODE.fd
  399. machine: virt-2.11 # Custom per-node virt machine type
  400. cpu_mode: host-passthrough
  401. cpuset: '1-4'
  402. mac:
  403. nic01: AC:DE:48:AA:AA:AA
  404. nic02: AC:DE:48:AA:AA:BB
  405. # netconfig affects: hostname during boot
  406. # manual interfaces configuration
  407. cloud_init:
  408. network_data:
  409. networks:
  410. - <<: *private-ipv4
  411. ip_address: 192.168.0.161
  412. user_data:
  413. salt_minion:
  414. conf:
  415. master: 10.1.1.1
  416. ubuntu2:
  417. seed: qemu-nbd
  418. cloud_init:
  419. enabled: false
  420. There are two methods to seed an initial Salt minion configuration to
  421. Libvirt VMs: mount a disk and update a filesystem or create a ConfigDrive with
  422. a Cloud-init config. This is controlled by the "seed" parameter on cluster and
  423. node levels. When set to _True_ or "qemu-nbd", the old method of mounting a disk
  424. will be used. When set to "cloud-init", the new method will be used. When set
  425. to _False_, no seeding will happen. The default value is _True_, meaning
  426. the "qemu-nbd" method will be used. This is done for backward compatibility
  427. and may be changed in future.
  428. The recommended method is to use Cloud-init.
  429. It's controlled by the "cloud_init" dictionary on cluster and node levels.
  430. Node level parameters are merged on top of cluster level parameters.
  431. The Salt Minion config is populated automatically based on a VM name and config
  432. settings of the minion who is actually executing a state. To override them,
  433. add the "salt_minion" section into the "user_data" section as shown above.
  434. It is possible to disable Cloud-init by setting "cloud_init.enabled" to _False_.
  435. To enable Redis plugin for the Salt caching subsystem, use the
  436. below pillar structure:
  437. .. code-block:: yaml
  438. salt:
  439. master:
  440. cache:
  441. plugin: redis
  442. host: localhost
  443. port: 6379
  444. db: '0'
  445. password: pass_word
  446. bank_prefix: 'MCP'
  447. bank_keys_prefix: 'MCPKEY'
  448. key_prefix: 'KEY'
  449. separator: '@'
  450. Jinja options
  451. -------------
  452. Use the following options to update default Jinja renderer options.
  453. Salt recognize Jinja options for templates and for the ``sls`` files.
  454. For full list of options, see Jinja documentation:
  455. http://jinja.pocoo.org/docs/api/#high-level-api
  456. .. code-block:: yaml
  457. salt:
  458. renderer:
  459. # for templates
  460. jinja: &jina_env
  461. # Default Jinja environment options
  462. block_start_string: '{%'
  463. block_end_string: '%}'
  464. variable_start_string: '{{'
  465. variable_end_string: '}}'
  466. comment_start_string: '{#'
  467. comment_end_string: '#}'
  468. keep_trailing_newline: False
  469. newline_sequence: '\n'
  470. # Next two are enabled by default in Salt
  471. trim_blocks: True
  472. lstrip_blocks: True
  473. # Next two are not enabled by default in Salt
  474. # but worth to consider to enable in future for salt-formulas
  475. line_statement_prefix: '%'
  476. line_comment_prefix: '##'
  477. # for .sls state files
  478. jinja_sls: *jinja_env
  479. With the ``line_statement/comment* _prefix`` options enabled following
  480. code statements are valid:
  481. .. code-block:: yaml
  482. %- set myvar = 'one'
  483. ## You can mix even with '{%'
  484. {%- set myvar = 'two' %} ## comment
  485. %- set mylist = ['one', 'two', 'three'] ## comment
  486. ## comment
  487. %- for item in mylist: ## comment
  488. {{- item }}
  489. %- endfor
  490. Encrypted pillars
  491. ~~~~~~~~~~~~~~~~~
  492. .. note:: NACL and the below configuration will be available in Salt > 2017.7.
  493. External resources:
  494. - Tutorial to configure the Salt and Reclass ``ext_pillar`` and NACL:
  495. http://apealive.net/post/2017-09-salt-nacl-ext-pillar/
  496. - SaltStack documentation:
  497. https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.nacl.html
  498. Configure salt NACL module:
  499. .. code-block:: bash
  500. pip install --upgrade libnacl===1.5.2
  501. salt-call --local nacl.keygen /etc/salt/pki/master/nacl
  502. local:
  503. saved sk_file:/etc/salt/pki/master/nacl pk_file: /etc/salt/pki/master/nacl.pub
  504. .. code-block:: yaml
  505. salt:
  506. master:
  507. pillar:
  508. reclass: *reclass
  509. nacl:
  510. index: 99
  511. nacl:
  512. box_type: sealedbox
  513. sk_file: /etc/salt/pki/master/nacl
  514. pk_file: /etc/salt/pki/master/nacl.pub
  515. #sk: None
  516. #pk: None
  517. NACL encrypt secrets:
  518. .. code-block:: bash
  519. salt-call --local nacl.enc 'my_secret_value' pk_file=/etc/salt/pki/master/nacl.pub
  520. hXTkJpC1hcKMS7yZVGESutWrkvzusXfETXkacSklIxYjfWDlMJmR37MlmthdIgjXpg4f2AlBKb8tc9Woma7q
  521. # or
  522. salt-run nacl.enc 'myotherpass'
  523. ADDFD0Rav6p6+63sojl7Htfrncp5rrDVyeE4BSPO7ipq8fZuLDIVAzQLf4PCbDqi+Fau5KD3/J/E+Pw=
  524. NACL encrypted values on pillar:
  525. Use Boxed syntax `NACL[CryptedValue=]` to encode value on pillar:
  526. .. code-block:: yaml
  527. my_pillar:
  528. my_nacl:
  529. key0: unencrypted_value
  530. key1: NACL[hXTkJpC1hcKMS7yZVGESutWrkvzusXfETXkacSklIxYjfWDlMJmR37MlmthdIgjXpg4f2AlBKb8tc9Woma7q]
  531. NACL large files:
  532. .. code-block:: bash
  533. salt-call nacl.enc_file /tmp/cert.crt out=/srv/salt/env/dev/cert.nacl
  534. # or more advanced
  535. cert=$(cat /tmp/cert.crt)
  536. salt-call --out=newline_values_only nacl.enc_pub data="$cert" > /srv/salt/env/dev/cert.nacl
  537. NACL within template/native pillars:
  538. .. code-block:: yaml
  539. pillarexample:
  540. user: root
  541. password1: {{salt.nacl.dec('DRB7Q6/X5gGSRCTpZyxS6hlbWj0llUA+uaVyvou3vJ4=')|json}}
  542. cert_key: {{salt.nacl.dec_file('/srv/salt/env/dev/certs/example.com/cert.nacl')|json}}
  543. cert_key2: {{salt.nacl.dec_file('salt:///certs/example.com/cert2.nacl')|json}}
  544. Salt Syndic
  545. -----------
  546. The master of masters:
  547. .. code-block:: yaml
  548. salt:
  549. master:
  550. enabled: true
  551. order_masters: True
  552. Lower syndicated master:
  553. .. code-block:: yaml
  554. salt:
  555. syndic:
  556. enabled: true
  557. master:
  558. host: master-of-master-host
  559. timeout: 5
  560. Syndicated master with multiple master of masters:
  561. .. code-block:: yaml
  562. salt:
  563. syndic:
  564. enabled: true
  565. masters:
  566. - host: master-of-master-host1
  567. - host: master-of-master-host2
  568. timeout: 5
  569. Salt Minion
  570. -----------
  571. Minion ID by default triggers dependency on Linux formula, as it uses fqdn
  572. configured from `linux.system.name` and `linux.system.domain` pillar.
  573. To override, provide exact minion ID you require. The same can be set for
  574. master ID rendered at ``master.conf``.
  575. .. code-block:: yaml
  576. salt:
  577. minion:
  578. id: minion1.production
  579. master:
  580. id: master.production
  581. Simplest Salt minion setup with central configuration node:
  582. .. literalinclude:: tests/pillar/minion_master.sls
  583. :language: yaml
  584. Multi-master Salt minion setup:
  585. .. literalinclude:: tests/pillar/minion_multi_master.sls
  586. :language: yaml
  587. Salt minion with salt mine options:
  588. .. literalinclude:: tests/pillar/minion_mine.sls
  589. :language: yaml
  590. Salt minion with graphing dependencies:
  591. .. literalinclude:: tests/pillar/minion_graph.sls
  592. :language: yaml
  593. Salt minion behind HTTP proxy:
  594. .. code-block:: yaml
  595. salt:
  596. minion:
  597. proxy:
  598. host: 127.0.0.1
  599. port: 3128
  600. Salt minion to specify non-default HTTP backend. The default
  601. tornado backend does not respect HTTP proxy settings set as
  602. environment variables. This is useful for cases where you need
  603. to set no_proxy lists.
  604. .. code-block:: yaml
  605. salt:
  606. minion:
  607. backend: urllib2
  608. Salt minion with PKI certificate authority (CA):
  609. .. literalinclude:: tests/pillar/minion_pki_ca.sls
  610. :language: yaml
  611. Salt minion using PKI certificate
  612. .. literalinclude:: tests/pillar/minion_pki_cert.sls
  613. :language: yaml
  614. Salt minion trust CA certificates issued by salt CA on a
  615. specific host (ie: salt-master node):
  616. .. code-block:: yaml
  617. salt:
  618. minion:
  619. trusted_ca_minions:
  620. - cfg01
  621. Salt Minion Proxy
  622. ~~~~~~~~~~~~~~~~~
  623. Salt proxy pillar:
  624. .. code-block:: yaml
  625. salt:
  626. minion:
  627. proxy_minion:
  628. master: localhost
  629. device:
  630. vsrx01.mydomain.local:
  631. enabled: true
  632. engine: napalm
  633. csr1000v.mydomain.local:
  634. enabled: true
  635. engine: napalm
  636. .. note:: This is pillar of the the real salt-minion
  637. Proxy pillar for IOS device:
  638. .. code-block:: yaml
  639. proxy:
  640. proxytype: napalm
  641. driver: ios
  642. host: csr1000v.mydomain.local
  643. username: root
  644. passwd: r00tme
  645. .. note:: This is pillar of the node thats not able to run
  646. salt-minion itself.
  647. Proxy pillar for JunOS device:
  648. .. code-block:: yaml
  649. proxy:
  650. proxytype: napalm
  651. driver: junos
  652. host: vsrx01.mydomain.local
  653. username: root
  654. passwd: r00tme
  655. optional_args:
  656. config_format: set
  657. .. note:: This pillar applies to the node that can not run
  658. salt-minion itself.
  659. Salt SSH
  660. ~~~~~~~~
  661. Salt SSH with sudoer using key:
  662. .. literalinclude:: tests/pillar/master_ssh_minion_key.sls
  663. :language: yaml
  664. Salt SSH with sudoer using password:
  665. .. literalinclude:: tests/pillar/master_ssh_minion_password.sls
  666. :language: yaml
  667. Salt SSH with root using password:
  668. .. literalinclude:: tests/pillar/master_ssh_minion_root.sls
  669. :language: yaml
  670. Salt control (cloud/kvm/docker)
  671. -------------------------------
  672. Salt cloud with local OpenStack provider:
  673. .. literalinclude:: tests/pillar/control_cloud_openstack.sls
  674. :language: yaml
  675. Salt cloud with Digital Ocean provider:
  676. .. literalinclude:: tests/pillar/control_cloud_digitalocean.sls
  677. :language: yaml
  678. Salt virt with KVM cluster:
  679. .. literalinclude:: tests/pillar/control_virt.sls
  680. :language: yaml
  681. Salt virt with custom destination for image file:
  682. .. literalinclude:: tests/pillar/control_virt_custom.sls
  683. :language: yaml
  684. Usage
  685. =====
  686. Working with salt-cloud:
  687. .. code-block:: bash
  688. salt-cloud -m /path/to/map --assume-yes
  689. Debug LIBCLOUD for salt-cloud connection:
  690. .. code-block:: bash
  691. export LIBCLOUD_DEBUG=/dev/stderr; salt-cloud --list-sizes provider_name --log-level all
  692. Read more
  693. =========
  694. * http://salt.readthedocs.org/en/latest/
  695. * https://github.com/DanielBryan/salt-state-graph
  696. * http://karlgrz.com/testing-salt-states-rapidly-with-docker/
  697. * https://mywushublog.com/2013/03/configuration-management-with-salt-stack/
  698. * http://russell.ballestrini.net/replace-the-nagios-scheduler-and-nrpe-with-salt-stack/
  699. * https://github.com/saltstack-formulas/salt-formula
  700. * http://docs.saltstack.com/en/latest/topics/tutorials/multimaster.html
  701. salt-cloud
  702. ----------
  703. * http://www.blog.sandro-mathys.ch/2013/07/setting-user-password-when-launching.html
  704. * http://cloudinit.readthedocs.org/en/latest/topics/examples.html
  705. * http://salt-cloud.readthedocs.org/en/latest/topics/install/index.html
  706. * http://docs.saltstack.com/topics/cloud/digitalocean.html
  707. * http://salt-cloud.readthedocs.org/en/latest/topics/rackspace.html
  708. * http://salt-cloud.readthedocs.org/en/latest/topics/map.html
  709. * http://docs.saltstack.com/en/latest/topics/tutorials/multimaster.html
  710. Documentation and Bugs
  711. ======================
  712. * http://salt-formulas.readthedocs.io/
  713. Learn how to install and update salt-formulas
  714. * https://github.com/salt-formulas/salt-formula-salt/issues
  715. In the unfortunate event that bugs are discovered, report the issue to the
  716. appropriate issue tracker. Use the Github issue tracker for a specific salt
  717. formula
  718. * https://launchpad.net/salt-formulas
  719. For feature requests, bug reports, or blueprints affecting the entire
  720. ecosystem, use the Launchpad salt-formulas project
  721. * https://launchpad.net/~salt-formulas-users
  722. Join the salt-formulas-users team and subscribe to mailing list if required
  723. * https://github.com/salt-formulas/salt-formula-salt
  724. Develop the salt-formulas projects in the master branch and then submit pull
  725. requests against a specific formula
  726. * #salt-formulas @ irc.freenode.net
  727. Use this IRC channel in case of any questions or feedback which is always
  728. welcome