Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / linux / 1c4c8d8932361709ea7bc36d68fa5b4de9f84f07 / . / README.rst
blob: 1b5cc7a614f3fde5fe03212bd876241a0e2cdfe1 [file] [log] [blame]
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]1=====
2Linux
3=====
4
5Linux Operating Systems.
6
7* Ubuntu
8* CentOS
9* RedHat
10* Fedora
11* Arch
12
13Sample pillars
14==============
15
16Linux system
17------------
18
19Basic Linux box
20
21.. code-block:: yaml
22
23 linux:
24 system:
25 enabled: true
26 name: 'node1'
27 domain: 'domain.com'
28 cluster: 'system'
29 environment: prod
30 timezone: 'Europe/Prague'
31 utc: true
32
Petr Michalec1c4c8d82017-02-28 19:09:21 +0100[diff] [blame^]33Linux with system users, some with password set
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]34
35.. code-block:: yaml
36
37 linux:
38 system:
39 ...
40 user:
41 jdoe:
42 name: 'jdoe'
43 enabled: true
44 sudo: true
45 shell: /bin/bash
46 full_name: 'Jonh Doe'
47 home: '/home/jdoe'
48 email: 'jonh@doe.com'
49 jsmith:
50 name: 'jsmith'
51 enabled: true
52 full_name: 'Password'
53 home: '/home/jsmith'
54 password: userpassword
55
Petr Michalec1c4c8d82017-02-28 19:09:21 +0100[diff] [blame^]56Configure sudo for users and groups under ``/etc/sudoers.d/``.
57This ways ``linux.system.sudo`` pillar map to actual sudo attributes:
58
59.. code-block:: jinja
60 # simplified template:
61 Cmds_Alias {{ alias }}={{ commands }}
62 {{ user }} {{ hosts }}=({{ runas }}) NOPASSWD: {{ commands }}
63 %{{ group }} {{ hosts }}=({{ runas }}) NOPASSWD: {{ commands }}
64
65 # when rendered:
66 saltuser1 ALL=(ALL) NOPASSWD: ALL
67
68
69.. code-block:: yaml
70 linux:
71 system:
72 sudo:
73 enabled: true
74 alias:
75 host:
76 LOCAL:
77 - localhost
78 PRODUCTION:
79 - db1
80 - db2
81 runas:
82 DBA:
83 - postgres
84 - mysql
85 SALT:
86 - root
87 command:
88 # Note: This is not 100% safe when ALL keyword is used, user still may modify configs and hide his actions.
89 # Best practice is to specify full list of commands user is allowed to run.
90 SUPPORT_RESTRICTED:
91 - /bin/vi /etc/sudoers*
92 - /bin/vim /etc/sudoers*
93 - /bin/nano /etc/sudoers*
94 - /bin/emacs /etc/sudoers*
95 - /bin/su - root
96 - /bin/su -
97 - /bin/su
98 - /usr/sbin/visudo
99 SUPPORT_SHELLS:
100 - /bin/sh
101 - /bin/ksh
102 - /bin/bash
103 - /bin/rbash
104 - /bin/dash
105 - /bin/zsh
106 - /bin/csh
107 - /bin/fish
108 - /bin/tcsh
109 - /usr/bin/login
110 - /usr/bin/su
111 - /usr/su
112 ALL_SALT_SAFE:
113 - /usr/bin/salt state*
114 - /usr/bin/salt service*
115 - /usr/bin/salt pillar*
116 - /usr/bin/salt grains*
117 - /usr/bin/salt saltutil*
118 - /usr/bin/salt-call state*
119 - /usr/bin/salt-call service*
120 - /usr/bin/salt-call pillar*
121 - /usr/bin/salt-call grains*
122 - /usr/bin/salt-call saltutil*
123 SALT_TRUSTED:
124 - /usr/bin/salt*
125 users:
126 # saltuser1 with default values: saltuser1 ALL=(ALL) NOPASSWD: ALL
127 saltuser1: {}
128 saltuser2:
129 hosts:
130 - LOCAL
131 # User Alias DBA
132 DBA:
133 hosts:
134 - ALL
135 commands:
136 - ALL_SALT_SAFE
137 groups:
138 db-ops:
139 hosts:
140 - ALL
141 - '!PRODUCTION'
142 runas:
143 - DBA
144 commands:
145 - /bin/cat *
146 - /bin/less *
147 - /bin/ls *
148 salt-ops:
149 hosts:
150 - 'ALL'
151 runas:
152 - SALT
153 commands:
154 - SUPPORT_SHELLS
155 salt-ops-2nd:
156 name: salt-ops
157 nopasswd: false
158 runas:
159 - DBA
160 commands:
161 - ALL
162 - '!SUPPORT_SHELLS'
163 - '!SUPPORT_RESTRICTED'
164
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]165Linux with package, latest version
166
167.. code-block:: yaml
168
169 linux:
170 system:
171 ...
172 package:
173 package-name:
174 version: latest
175
176Linux with package from certail repo, version with no upgrades
177
178.. code-block:: yaml
179
180 linux:
181 system:
182 ...
183 package:
184 package-name:
185 version: 2132.323
186 repo: 'custom-repo'
187 hold: true
188
189Linux with package from certail repo, version with no GPG verification
190
191.. code-block:: yaml
192
193 linux:
194 system:
195 ...
196 package:
197 package-name:
198 version: 2132.323
199 repo: 'custom-repo'
200 verify: false
201
Bruno Binet69a9d8d2017-02-16 22:34:32 +0100[diff] [blame]202Linux with autoupdates (automatically install security package updates)
203
204.. code-block:: yaml
205
206 linux:
207 system:
208 ...
209 autoupdates:
210 enabled: true
211 mail: root@localhost
212 mail_only_on_error: true
213 remove_unused_dependencies: false
214 automatic_reboot: true
215 automatic_reboot_time: "02:00"
216
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]217Linux with cron jobs
218
219.. code-block:: yaml
220
221 linux:
222 system:
223 ...
224 job:
225 cmd1:
226 command: '/cmd/to/run'
227 enabled: true
228 user: 'root'
229 hour: 2
230 minute: 0
231
Filip Pytlound0a29e72015-11-30 15:23:34 +0100[diff] [blame]232Linux security limits (limit sensu user memory usage to max 1GB):
233
234.. code-block:: yaml
235
236 linux:
237 system:
238 ...
239 limit:
240 sensu:
241 enabled: true
242 domain: sensu
243 limits:
244 - type: hard
245 item: as
246 value: 1000000
247
Filip Pytloun7fee0542015-10-15 11:19:24 +0200[diff] [blame]248Enable autologin on tty1 (may work only for Ubuntu 14.04):
249
250.. code-block:: yaml
251
252 linux:
253 system:
254 console:
255 tty1:
256 autologin: root
Filip Pytloun281d0202016-01-29 14:03:51 +0100[diff] [blame]257 # Enable serial console
258 ttyS0:
259 autologin: root
260 rate: 115200
261 term: xterm
Filip Pytloun7fee0542015-10-15 11:19:24 +0200[diff] [blame]262
263To disable set autologin to `false`.
264
Filip Pytloun7731b852016-02-01 11:13:47 +0100[diff] [blame]265Set ``policy-rc.d`` on Debian-based systems. Action can be any available
266command in ``while true`` loop and ``case`` context.
267Following will disallow dpkg to stop/start services for cassandra package automatically:
268
269.. code-block:: yaml
270
271 linux:
272 system:
273 policyrcd:
274 - package: cassandra
275 action: exit 101
276 - package: '*'
277 action: switch
278
Filip Pytlounc49445a2016-04-04 14:23:20 +0200[diff] [blame]279Set system locales:
280
281.. code-block:: yaml
282
283 linux:
284 system:
285 locale:
286 en_US.UTF-8:
287 default: true
Filip Pytlounee1745f2016-04-04 17:39:41 +0200[diff] [blame]288 "cs_CZ.UTF-8 UTF-8":
Filip Pytlounc49445a2016-04-04 14:23:20 +0200[diff] [blame]289 enabled: true
290
Filip Pytloun281034a2016-01-04 18:06:22 +0100[diff] [blame]291Kernel
292~~~~~~
293
294Install always up to date LTS kernel and headers from Ubuntu trusty:
295
296.. code-block:: yaml
297
298 linux:
299 system:
300 kernel:
301 type: generic
302 lts: trusty
303 headers: true
304
Tomáš Kukrálba35b212017-02-15 17:59:46 +0100[diff] [blame]305Load kernel modules and add them to `/etc/modules`:
306
307.. code-block:: yaml
308
309 linux:
310 system:
311 kernel:
312 modules:
313 - nf_conntrack
314 - tp_smapi
315 - 8021q
316
Filip Pytloun281034a2016-01-04 18:06:22 +0100[diff] [blame]317Install specific kernel version and ensure all other kernel packages are
318not present. Also install extra modules and headers for this kernel:
319
320.. code-block:: yaml
321
322 linux:
323 system:
324 kernel:
325 type: generic
326 extra: true
327 headers: true
328 version: 4.2.0-22
329
Jakub Pavlik32c2cb02016-01-29 12:45:29 +0100[diff] [blame]330Systcl kernel parameters
331
332.. code-block:: yaml
333
334 linux:
335 system:
336 kernel:
337 sysctl:
338 net.ipv4.tcp_keepalive_intvl: 3
339 net.ipv4.tcp_keepalive_time: 30
340 net.ipv4.tcp_keepalive_probes: 8
341
Jiri Broulikf8f55a22017-01-26 14:36:46 +0100[diff] [blame]342
343CPU
344~~~
345
346Disable ondemand cpu mode service:
347
348.. code-block:: yaml
349
350 linux:
351 system:
352 cpu:
353 governor: performance
354
Jakub Pavlikb148c8c2017-02-12 21:30:48 +0100[diff] [blame]355Huge Pages
356~~~~~~~~~~~~
357
358Huge Pages give a performance boost to applications that intensively deal
359with memory allocation/deallocation by decreasing memory fragmentation.
360
361.. code-block:: yaml
362
363 linux:
364 system:
365 kernel:
366 hugepages:
367 small:
368 size: 2M
369 count: 107520
370 mount_point: /mnt/hugepages_2MB
371 mount: false/true # default false
372 large:
373 default: true # default automatically mounted
374 size: 1G
375 count: 210
376 mount_point: /mnt/hugepages_1GB
377
378Note: not recommended to use both pagesizes in concurrently.
Jiri Broulikf8f55a22017-01-26 14:36:46 +0100[diff] [blame]379
Jakub Pavlik5398d872017-02-13 22:30:47 +0100[diff] [blame]380Intel SR-IOV
381~~~~~~~~~~~~
382
383PCI-SIG Single Root I/O Virtualization and Sharing (SR-IOV) specification defines a standardized mechanism to virtualize PCIe devices. The mechanism can virtualize a single PCIe Ethernet controller to appear as multiple PCIe devices.
384
385.. code-block:: yaml
386
387 linux:
388 system:
389 kernel:
390 sriov: True
391 unsafe_interrupts: False # Default is false. for older platforms and AMD we need to add interrupt remapping workaround
392 rc:
393 local: |
394 #!/bin/sh -e
395 # Enable 7 VF on eth1
396 echo 7 > /sys/class/net/eth1/device/sriov_numvfs; sleep 2; ifup -a
397 exit 0
398
Jakub Pavlik6c9ead12017-02-16 21:53:13 +0100[diff] [blame]399Isolate CPU options
400~~~~~~~~~~~~~~~~~~~
401
402Remove the specified CPUs, as defined by the cpu_number values, from the general kernel
403SMP balancing and scheduler algroithms. The only way to move a process onto or off an
404"isolated" CPU is via the CPU affinity syscalls. cpu_number begins at 0, so the
405maximum value is 1 less than the number of CPUs on the system.
406
407.. code-block:: yaml
408
409 linux:
410 system:
411 kernel:
412 isolcpu: 1,2,3,4,5,6,7 # isolate first cpu 0
Jiri Broulikf8f55a22017-01-26 14:36:46 +0100[diff] [blame]413
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]414Repositories
415~~~~~~~~~~~~
416
417RedHat based Linux with additional OpenStack repo
418
419.. code-block:: yaml
420
421 linux:
422 system:
423 ...
424 repo:
425 rdo-icehouse:
426 enabled: true
427 source: 'http://repos.fedorapeople.org/repos/openstack/openstack-icehouse/epel-6/'
428 pgpcheck: 0
429
430Ensure system repository to use czech Debian mirror (``default: true``)
431Also pin it's packages with priority 900.
432
433.. code-block:: yaml
434
435 linux:
436 system:
437 repo:
438 debian:
439 default: true
440 source: "deb http://ftp.cz.debian.org/debian/ jessie main contrib non-free"
441 # Import signing key from URL if needed
442 key_url: "http://dummy.com/public.gpg"
443 pin:
444 - pin: 'origin "ftp.cz.debian.org"'
445 priority: 900
446 package: '*'
447
Jakub Pavlik78859382016-01-21 11:26:39 +0100[diff] [blame]448rc.local example
449
450.. code-block:: yaml
451
452 linux:
453 system:
454 rc:
455 local: |
456 #!/bin/sh -e
457 #
458 # rc.local
459 #
460 # This script is executed at the end of each multiuser runlevel.
461 # Make sure that the script will "exit 0" on success or any other
462 # value on error.
463 #
464 # In order to enable or disable this script just change the execution
465 # bits.
466 #
467 # By default this script does nothing.
468 exit 0
469
Filip Pytloun1f40dac2016-01-22 15:52:57 +0100[diff] [blame]470Prompt
471~~~~~~
472
473Setting prompt is implemented by creating ``/etc/profile.d/prompt.sh``. Every
474user can have different prompt.
475
476.. code-block:: yaml
477
478 linux:
479 system:
480 prompt:
481 root: \\n\\[\\033[0;37m\\]\\D{%y/%m/%d %H:%M:%S} $(hostname -f)\\[\\e[0m\\]\\n\\[\\e[1;31m\\][\\u@\\h:\\w]\\[\\e[0m\\]
482 default: \\n\\D{%y/%m/%d %H:%M:%S} $(hostname -f)\\n[\\u@\\h:\\w]
483
484On Debian systems to set prompt system-wide it's necessary to remove setting
485PS1 in ``/etc/bash.bashrc`` and ``~/.bashrc`` (which comes from
486``/etc/skel/.bashrc``). This formula will do this automatically, but will not
Filip Pytlound9b68da2016-01-22 15:58:41 +0100[diff] [blame]487touch existing user's ``~/.bashrc`` files except root.
Jakub Pavlik78859382016-01-21 11:26:39 +0100[diff] [blame]488
Filip Pytlouneef11c12016-03-25 11:00:23 +0100[diff] [blame]489Bash
490~~~~
491
492Fix bash configuration to preserve history across sessions (like ZSH does by
493default).
494
495.. code-block:: yaml
496
497 linux:
498 system:
499 bash:
500 preserve_history: true
501
Filip Pytloune874dfb2016-01-22 16:57:34 +0100[diff] [blame]502Message of the day
503~~~~~~~~~~~~~~~~~~
504
505``pam_motd`` from package ``update-motd`` is used for dynamic messages of the
506day. Setting custom motd will cleanup existing ones.
507
508.. code-block:: yaml
509
510 linux:
511 system:
512 motd:
513 - release: |
514 #!/bin/sh
515 [ -r /etc/lsb-release ] && . /etc/lsb-release
516
517 if [ -z "$DISTRIB_DESCRIPTION" ] && [ -x /usr/bin/lsb_release ]; then
518 # Fall back to using the very slow lsb_release utility
519 DISTRIB_DESCRIPTION=$(lsb_release -s -d)
520 fi
521
522 printf "Welcome to %s (%s %s %s)\n" "$DISTRIB_DESCRIPTION" "$(uname -o)" "$(uname -r)" "$(uname -m)"
523 - warning: |
524 #!/bin/sh
525 printf "This is [company name] network.\n"
526 printf "Unauthorized access strictly prohibited.\n"
527
Filip Pytloun2f70b492016-02-19 15:55:25 +0100[diff] [blame]528RHEL / CentOS
Filip Pytloun8296bb92016-02-19 18:42:09 +0100[diff] [blame]529^^^^^^^^^^^^^
Filip Pytloun2f70b492016-02-19 15:55:25 +0100[diff] [blame]530
531Unfortunately ``update-motd`` is currently not available for RHEL so there's
532no native support for dynamic motd.
533You can still set static one, only pillar structure differs:
534
535.. code-block:: yaml
536
537 linux:
538 system:
539 motd: |
540 This is [company name] network.
541 Unauthorized access strictly prohibited.
542
Filip Pytloun8296bb92016-02-19 18:42:09 +0100[diff] [blame]543Haveged
544~~~~~~~
545
546If you are running headless server and are low on entropy, it may be a good
547idea to setup Haveged.
548
549.. code-block:: yaml
550
551 linux:
552 system:
553 haveged:
554 enabled: true
555
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]556Linux network
557-------------
558
559Linux with network manager
560
561.. code-block:: yaml
562
563 linux:
564 network:
565 enabled: true
566 network_manager: true
567
568Linux with default static network interfaces, default gateway interface and DNS servers
569
570.. code-block:: yaml
571
572 linux:
573 network:
574 enabled: true
575 interface:
576 eth0:
577 enabled: true
578 type: eth
579 address: 192.168.0.102
580 netmask: 255.255.255.0
581 gateway: 192.168.0.1
582 name_servers:
583 - 8.8.8.8
584 - 8.8.4.4
585 mtu: 1500
586
jan kaufman6d30adf2016-01-18 17:30:12 +0100[diff] [blame]587Linux with bonded interfaces and disabled NetworkManager
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]588
589.. code-block:: yaml
590
591 linux:
592 network:
593 enabled: true
594 interface:
595 eth0:
596 type: eth
597 ...
598 eth1:
599 type: eth
600 ...
601 bond0:
602 enabled: true
603 type: bond
604 address: 192.168.0.102
605 netmask: 255.255.255.0
606 mtu: 1500
607 use_in:
608 - interface: ${linux:interface:eth0}
609 - interface: ${linux:interface:eth0}
jan kaufman6d30adf2016-01-18 17:30:12 +0100[diff] [blame]610 network_manager:
611 disable: true
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]612
Jan Kaufman6a1ad712015-12-11 14:44:19 +0100[diff] [blame]613Linux with vlan interface_params
614
615.. code-block:: yaml
616
617 linux:
618 network:
619 enabled: true
620 interface:
621 vlan69:
622 type: vlan
jan kaufmanc0bd76f2015-12-15 16:45:44 +0100[diff] [blame]623 use_interfaces:
Jan Kaufman6a1ad712015-12-11 14:44:19 +0100[diff] [blame]624 - interface: ${linux:interface:bond0}
Jan Kaufman6a1ad712015-12-11 14:44:19 +0100[diff] [blame]625
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]626Linux with wireless interface parameters
627
628.. code-block:: yaml
629
630 linux:
631 network:
632 enabled: true
633 gateway: 10.0.0.1
Jan Kaufman6a1ad712015-12-11 14:44:19 +0100[diff] [blame]634 default_interface: eth0
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]635 interface:
636 wlan0:
637 type: eth
638 wireless:
639 essid: example
640 key: example_key
641 security: wpa
642 priority: 1
643
644Linux networks with routes defined
645
646.. code-block:: yaml
647
648 linux:
649 network:
650 enabled: true
651 gateway: 10.0.0.1
Jan Kaufman6a1ad712015-12-11 14:44:19 +0100[diff] [blame]652 default_interface: eth0
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]653 interface:
654 eth0:
655 type: eth
656 route:
657 default:
658 address: 192.168.0.123
659 netmask: 255.255.255.0
660 gateway: 192.168.0.1
661
662Native Linux Bridges
663
664.. code-block:: yaml
665
666 linux:
667 network:
668 interface:
669 eth1:
670 enabled: true
671 type: eth
672 proto: manual
673 up_cmds:
674 - ip address add 0/0 dev $IFACE
675 - ip link set $IFACE up
676 down_cmds:
677 - ip link set $IFACE down
678 br-ex:
679 enabled: true
680 type: bridge
681 address: ${linux:network:host:public_local:address}
682 netmask: 255.255.255.0
683 use_interfaces:
684 - eth1
685
686OpenVswitch Bridges
687
688.. code-block:: yaml
689
690 linux:
691 network:
692 bridge: openvswitch
693 interface:
694 eth1:
695 enabled: true
696 type: eth
697 proto: manual
698 up_cmds:
699 - ip address add 0/0 dev $IFACE
700 - ip link set $IFACE up
701 down_cmds:
702 - ip link set $IFACE down
703 br-ex:
704 enabled: true
705 type: bridge
706 address: ${linux:network:host:public_local:address}
707 netmask: 255.255.255.0
708 use_interfaces:
709 - eth1
710
711Linux with proxy
712
713.. code-block:: yaml
714
715 linux:
716 network:
717 ...
718 proxy:
719 host: proxy.domain.com
720 port: 3128
721
722Linux with hosts
723
Filip Pytloun86506fe2017-01-26 14:36:16 +0100[diff] [blame]724Parameter purge_hosts will enforce whole /etc/hosts file, removing entries
725that are not defined in model except defaults for both IPv4 and IPv6 localhost
726and hostname + fqdn.
727It's good to use this option if you want to ensure /etc/hosts is always in a
728clean state however it's not enabled by default for safety.
729
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]730.. code-block:: yaml
731
732 linux:
733 network:
734 ...
Filip Pytloun86506fe2017-01-26 14:36:16 +0100[diff] [blame]735 purge_hosts: true
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]736 host:
Filip Pytloun86506fe2017-01-26 14:36:16 +0100[diff] [blame]737 # No need to define this one if purge_hosts is true
738 hostname:
739 address: 127.0.1.1
740 names:
741 - ${linux:network:fqdn}
742 - ${linux:network:hostname}
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]743 node1:
744 address: 192.168.10.200
745 names:
746 - node2.domain.com
747 - service2.domain.com
748 node2:
749 address: 192.168.10.201
750 names:
751 - node2.domain.com
752 - service2.domain.com
753
Filip Pytloun86506fe2017-01-26 14:36:16 +0100[diff] [blame]754
Filip Pytlounde9bea52016-01-11 15:39:10 +0100[diff] [blame]755Setup resolv.conf, nameservers, domain and search domains
756
757.. code-block:: yaml
758
759 linux:
760 network:
761 resolv:
762 dns:
763 - 8.8.4.4
764 - 8.8.8.8
765 domain: my.example.com
766 search:
767 - my.example.com
768 - example.com
Marek Celoudf6cd1922016-12-05 13:39:49 +0100[diff] [blame]769 options:
770 - ndots:5
771 - timeout:2
772 - attempts:2
Filip Pytlounde9bea52016-01-11 15:39:10 +0100[diff] [blame]773
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]774Linux storage pillars
775---------------------
776
777Linux with mounted Samba
778
779.. code-block:: yaml
780
781 linux:
782 storage:
783 enabled: true
784 mount:
785 samba1:
Simon Pasquier376262a2016-11-16 15:21:51 +0100[diff] [blame]786 - enabled: true
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]787 - path: /media/myuser/public/
788 - device: //192.168.0.1/storage
789 - file_system: cifs
790 - options: guest,uid=myuser,iocharset=utf8,file_mode=0777,dir_mode=0777,noperm
791
792Linux with file swap
793
794.. code-block:: yaml
795
796 linux:
797 storage:
798 enabled: true
799 swap:
800 file:
801 enabled: true
802 engine: file
803 device: /swapfile
804 size: 1024
805
Lachlan Evenson30676512016-01-22 15:43:28 -0800[diff] [blame]806Linux with partition swap
807
808.. code-block:: yaml
809
810 linux:
811 storage:
812 enabled: true
813 swap:
814 partition:
815 enabled: true
816 engine: partition
817 device: /dev/vg0/swap
818
Filip Pytlounc8a001a2015-12-15 14:09:19 +0100[diff] [blame]819LVM group `vg1` with one device and `data` volume mounted into `/mnt/data`
820
821.. code-block:: yaml
822
823 parameters:
824 linux:
825 storage:
826 mount:
827 data:
Simon Pasquier376262a2016-11-16 15:21:51 +0100[diff] [blame]828 enabled: true
Filip Pytlounc8a001a2015-12-15 14:09:19 +0100[diff] [blame]829 device: /dev/vg1/data
830 file_system: ext4
831 path: /mnt/data
832 lvm:
833 vg1:
834 enabled: true
835 devices:
836 - /dev/sdb
837 volume:
838 data:
839 size: 40G
840 mount: ${linux:storage:mount:data}
841
Ales Komareka634f4b2016-10-02 13:11:04 +0200[diff] [blame]842
843Multipath with Fujitsu Eternus DXL
844
845.. code-block:: yaml
846
847 parameters:
848 linux:
849 storage:
850 multipath:
851 enabled: true
852 blacklist_devices:
853 - /dev/sda
854 - /dev/sdb
855 backends:
856 - fujitsu_eternus_dxl
857
858Multipath with Hitachi VSP 1000
859
860.. code-block:: yaml
861
862 parameters:
863 linux:
864 storage:
865 multipath:
866 enabled: true
867 blacklist_devices:
868 - /dev/sda
869 - /dev/sdb
870 backends:
871 - hitachi_vsp1000
872
873Multipath with IBM Storwize
874
875.. code-block:: yaml
876
877 parameters:
878 linux:
879 storage:
880 multipath:
881 enabled: true
882 blacklist_devices:
883 - /dev/sda
884 - /dev/sdb
885 backends:
886 - ibm_storwize
887
888Multipath with multiple backends
889
890.. code-block:: yaml
891
892 parameters:
893 linux:
894 storage:
895 multipath:
896 enabled: true
897 blacklist_devices:
898 - /dev/sda
899 - /dev/sdb
900 - /dev/sdc
901 - /dev/sdd
902 backends:
903 - ibm_storwize
904 - fujitsu_eternus_dxl
905 - hitachi_vsp1000
906
907Disabled multipath (the default setup)
908
909.. code-block:: yaml
910
911 parameters:
912 linux:
913 storage:
914 multipath:
915 enabled: false
916
Simon Pasquier375001e2017-01-26 13:22:33 +0100[diff] [blame]917Linux with local loopback device
918
919.. code-block:: yaml
920
921 linux:
922 storage:
923 loopback:
924 disk1:
925 file: /srv/disk1
926 size: 50G
927
Filip Pytlounb2c8f852016-11-21 17:03:43 +0100[diff] [blame]928External config generation
929--------------------------
930
931You are able to use config support metadata between formulas and only generate
932config files for external use, eg. docker, etc.
933
934.. code-block:: yaml
935
936 parameters:
937 linux:
938 system:
939 config:
940 pillar:
941 jenkins:
942 master:
943 home: /srv/volumes/jenkins
944 approved_scripts:
945 - method java.net.URL openConnection
946 credentials:
947 - type: username_password
948 scope: global
949 id: test
950 desc: Testing credentials
951 username: test
952 password: test
953
Ales Komareka634f4b2016-10-02 13:11:04 +0200[diff] [blame]954
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]955Usage
956=====
957
958Set mtu of network interface eth0 to 1400
959
960.. code-block:: bash
961
962 ip link set dev eth0 mtu 1400
963
964Read more
965=========
966
967* https://www.archlinux.org/
968* http://askubuntu.com/questions/175172/how-do-i-configure-proxies-in-ubuntu-server-or-minimal-cli-ubuntu
Filip Pytloun018f8712017-02-02 13:02:03 +0100[diff] [blame]969
970Documentation and Bugs
971======================
972
973To learn how to install and update salt-formulas, consult the documentation
974available online at:
975
976 http://salt-formulas.readthedocs.io/
977
978In the unfortunate event that bugs are discovered, they should be reported to
979the appropriate issue tracker. Use Github issue tracker for specific salt
980formula:
981
982 https://github.com/salt-formulas/salt-formula-linux/issues
983
984For feature requests, bug reports or blueprints affecting entire ecosystem,
985use Launchpad salt-formulas project:
986
987 https://launchpad.net/salt-formulas
988
989You can also join salt-formulas-users team and subscribe to mailing list:
990
991 https://launchpad.net/~salt-formulas-users
992
993Developers wishing to work on the salt-formulas projects should always base
994their work on master branch and submit pull request against specific formula.
995
996 https://github.com/salt-formulas/salt-formula-linux
997
998Any questions or feedback is always welcome so feel free to join our IRC
999channel:
1000
1001 #salt-formulas @ irc.freenode.net