Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / linux / 37837f328068c1881ac29e61e2211fcdde91e0b3 / . / README.rst
blob: b2cf09f9cd1536f55701f5cefa7947881aaa1bb9 [file] [log] [blame]
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]1
2=====
3Linux
4=====
5
6Linux Operating Systems.
7
8* Ubuntu
9* CentOS
10* RedHat
11* Fedora
12* Arch
13
14Sample pillars
15==============
16
17Linux system
18------------
19
20Basic Linux box
21
22.. code-block:: yaml
23
24 linux:
25 system:
26 enabled: true
27 name: 'node1'
28 domain: 'domain.com'
29 cluster: 'system'
30 environment: prod
31 timezone: 'Europe/Prague'
32 utc: true
33
34Linux with system users, sowe with password set
35
36.. code-block:: yaml
37
38 linux:
39 system:
40 ...
41 user:
42 jdoe:
43 name: 'jdoe'
44 enabled: true
45 sudo: true
46 shell: /bin/bash
47 full_name: 'Jonh Doe'
48 home: '/home/jdoe'
49 email: 'jonh@doe.com'
50 jsmith:
51 name: 'jsmith'
52 enabled: true
53 full_name: 'Password'
54 home: '/home/jsmith'
55 password: userpassword
56
57Linux with package, latest version
58
59.. code-block:: yaml
60
61 linux:
62 system:
63 ...
64 package:
65 package-name:
66 version: latest
67
68Linux with package from certail repo, version with no upgrades
69
70.. code-block:: yaml
71
72 linux:
73 system:
74 ...
75 package:
76 package-name:
77 version: 2132.323
78 repo: 'custom-repo'
79 hold: true
80
81Linux with package from certail repo, version with no GPG verification
82
83.. code-block:: yaml
84
85 linux:
86 system:
87 ...
88 package:
89 package-name:
90 version: 2132.323
91 repo: 'custom-repo'
92 verify: false
93
94Linux with cron jobs
95
96.. code-block:: yaml
97
98 linux:
99 system:
100 ...
101 job:
102 cmd1:
103 command: '/cmd/to/run'
104 enabled: true
105 user: 'root'
106 hour: 2
107 minute: 0
108
Filip Pytlound0a29e72015-11-30 15:23:34 +0100[diff] [blame]109Linux security limits (limit sensu user memory usage to max 1GB):
110
111.. code-block:: yaml
112
113 linux:
114 system:
115 ...
116 limit:
117 sensu:
118 enabled: true
119 domain: sensu
120 limits:
121 - type: hard
122 item: as
123 value: 1000000
124
Filip Pytloun7fee0542015-10-15 11:19:24 +0200[diff] [blame]125Enable autologin on tty1 (may work only for Ubuntu 14.04):
126
127.. code-block:: yaml
128
129 linux:
130 system:
131 console:
132 tty1:
133 autologin: root
Filip Pytloun281d0202016-01-29 14:03:51 +0100[diff] [blame]134 # Enable serial console
135 ttyS0:
136 autologin: root
137 rate: 115200
138 term: xterm
Filip Pytloun7fee0542015-10-15 11:19:24 +0200[diff] [blame]139
140To disable set autologin to `false`.
141
Filip Pytloun7731b852016-02-01 11:13:47 +0100[diff] [blame]142Set ``policy-rc.d`` on Debian-based systems. Action can be any available
143command in ``while true`` loop and ``case`` context.
144Following will disallow dpkg to stop/start services for cassandra package automatically:
145
146.. code-block:: yaml
147
148 linux:
149 system:
150 policyrcd:
151 - package: cassandra
152 action: exit 101
153 - package: '*'
154 action: switch
155
Filip Pytlounc49445a2016-04-04 14:23:20 +0200[diff] [blame]156Set system locales:
157
158.. code-block:: yaml
159
160 linux:
161 system:
162 locale:
163 en_US.UTF-8:
164 default: true
Filip Pytlounee1745f2016-04-04 17:39:41 +0200[diff] [blame]165 "cs_CZ.UTF-8 UTF-8":
Filip Pytlounc49445a2016-04-04 14:23:20 +0200[diff] [blame]166 enabled: true
167
Filip Pytloun281034a2016-01-04 18:06:22 +0100[diff] [blame]168Kernel
169~~~~~~
170
171Install always up to date LTS kernel and headers from Ubuntu trusty:
172
173.. code-block:: yaml
174
175 linux:
176 system:
177 kernel:
178 type: generic
179 lts: trusty
180 headers: true
181
182Install specific kernel version and ensure all other kernel packages are
183not present. Also install extra modules and headers for this kernel:
184
185.. code-block:: yaml
186
187 linux:
188 system:
189 kernel:
190 type: generic
191 extra: true
192 headers: true
193 version: 4.2.0-22
194
Jakub Pavlik32c2cb02016-01-29 12:45:29 +0100[diff] [blame]195Systcl kernel parameters
196
197.. code-block:: yaml
198
199 linux:
200 system:
201 kernel:
202 sysctl:
203 net.ipv4.tcp_keepalive_intvl: 3
204 net.ipv4.tcp_keepalive_time: 30
205 net.ipv4.tcp_keepalive_probes: 8
206
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]207Repositories
208~~~~~~~~~~~~
209
210RedHat based Linux with additional OpenStack repo
211
212.. code-block:: yaml
213
214 linux:
215 system:
216 ...
217 repo:
218 rdo-icehouse:
219 enabled: true
220 source: 'http://repos.fedorapeople.org/repos/openstack/openstack-icehouse/epel-6/'
221 pgpcheck: 0
222
223Ensure system repository to use czech Debian mirror (``default: true``)
224Also pin it's packages with priority 900.
225
226.. code-block:: yaml
227
228 linux:
229 system:
230 repo:
231 debian:
232 default: true
233 source: "deb http://ftp.cz.debian.org/debian/ jessie main contrib non-free"
234 # Import signing key from URL if needed
235 key_url: "http://dummy.com/public.gpg"
236 pin:
237 - pin: 'origin "ftp.cz.debian.org"'
238 priority: 900
239 package: '*'
240
Jakub Pavlik78859382016-01-21 11:26:39 +0100[diff] [blame]241rc.local example
242
243.. code-block:: yaml
244
245 linux:
246 system:
247 rc:
248 local: |
249 #!/bin/sh -e
250 #
251 # rc.local
252 #
253 # This script is executed at the end of each multiuser runlevel.
254 # Make sure that the script will "exit 0" on success or any other
255 # value on error.
256 #
257 # In order to enable or disable this script just change the execution
258 # bits.
259 #
260 # By default this script does nothing.
261 exit 0
262
Filip Pytloun1f40dac2016-01-22 15:52:57 +0100[diff] [blame]263Prompt
264~~~~~~
265
266Setting prompt is implemented by creating ``/etc/profile.d/prompt.sh``. Every
267user can have different prompt.
268
269.. code-block:: yaml
270
271 linux:
272 system:
273 prompt:
274 root: \\n\\[\\033[0;37m\\]\\D{%y/%m/%d %H:%M:%S} $(hostname -f)\\[\\e[0m\\]\\n\\[\\e[1;31m\\][\\u@\\h:\\w]\\[\\e[0m\\]
275 default: \\n\\D{%y/%m/%d %H:%M:%S} $(hostname -f)\\n[\\u@\\h:\\w]
276
277On Debian systems to set prompt system-wide it's necessary to remove setting
278PS1 in ``/etc/bash.bashrc`` and ``~/.bashrc`` (which comes from
279``/etc/skel/.bashrc``). This formula will do this automatically, but will not
Filip Pytlound9b68da2016-01-22 15:58:41 +0100[diff] [blame]280touch existing user's ``~/.bashrc`` files except root.
Jakub Pavlik78859382016-01-21 11:26:39 +0100[diff] [blame]281
Filip Pytlouneef11c12016-03-25 11:00:23 +0100[diff] [blame]282Bash
283~~~~
284
285Fix bash configuration to preserve history across sessions (like ZSH does by
286default).
287
288.. code-block:: yaml
289
290 linux:
291 system:
292 bash:
293 preserve_history: true
294
Filip Pytloune874dfb2016-01-22 16:57:34 +0100[diff] [blame]295Message of the day
296~~~~~~~~~~~~~~~~~~
297
298``pam_motd`` from package ``update-motd`` is used for dynamic messages of the
299day. Setting custom motd will cleanup existing ones.
300
301.. code-block:: yaml
302
303 linux:
304 system:
305 motd:
306 - release: |
307 #!/bin/sh
308 [ -r /etc/lsb-release ] && . /etc/lsb-release
309
310 if [ -z "$DISTRIB_DESCRIPTION" ] && [ -x /usr/bin/lsb_release ]; then
311 # Fall back to using the very slow lsb_release utility
312 DISTRIB_DESCRIPTION=$(lsb_release -s -d)
313 fi
314
315 printf "Welcome to %s (%s %s %s)\n" "$DISTRIB_DESCRIPTION" "$(uname -o)" "$(uname -r)" "$(uname -m)"
316 - warning: |
317 #!/bin/sh
318 printf "This is [company name] network.\n"
319 printf "Unauthorized access strictly prohibited.\n"
320
Filip Pytloun2f70b492016-02-19 15:55:25 +0100[diff] [blame]321RHEL / CentOS
Filip Pytloun8296bb92016-02-19 18:42:09 +0100[diff] [blame]322^^^^^^^^^^^^^
Filip Pytloun2f70b492016-02-19 15:55:25 +0100[diff] [blame]323
324Unfortunately ``update-motd`` is currently not available for RHEL so there's
325no native support for dynamic motd.
326You can still set static one, only pillar structure differs:
327
328.. code-block:: yaml
329
330 linux:
331 system:
332 motd: |
333 This is [company name] network.
334 Unauthorized access strictly prohibited.
335
Filip Pytloun8296bb92016-02-19 18:42:09 +0100[diff] [blame]336Haveged
337~~~~~~~
338
339If you are running headless server and are low on entropy, it may be a good
340idea to setup Haveged.
341
342.. code-block:: yaml
343
344 linux:
345 system:
346 haveged:
347 enabled: true
348
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]349Linux network
350-------------
351
352Linux with network manager
353
354.. code-block:: yaml
355
356 linux:
357 network:
358 enabled: true
359 network_manager: true
360
361Linux with default static network interfaces, default gateway interface and DNS servers
362
363.. code-block:: yaml
364
365 linux:
366 network:
367 enabled: true
368 interface:
369 eth0:
370 enabled: true
371 type: eth
372 address: 192.168.0.102
373 netmask: 255.255.255.0
374 gateway: 192.168.0.1
375 name_servers:
376 - 8.8.8.8
377 - 8.8.4.4
378 mtu: 1500
379
jan kaufman6d30adf2016-01-18 17:30:12 +0100[diff] [blame]380Linux with bonded interfaces and disabled NetworkManager
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]381
382.. code-block:: yaml
383
384 linux:
385 network:
386 enabled: true
387 interface:
388 eth0:
389 type: eth
390 ...
391 eth1:
392 type: eth
393 ...
394 bond0:
395 enabled: true
396 type: bond
397 address: 192.168.0.102
398 netmask: 255.255.255.0
399 mtu: 1500
400 use_in:
401 - interface: ${linux:interface:eth0}
402 - interface: ${linux:interface:eth0}
jan kaufman6d30adf2016-01-18 17:30:12 +0100[diff] [blame]403 network_manager:
404 disable: true
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]405
Jan Kaufman6a1ad712015-12-11 14:44:19 +0100[diff] [blame]406Linux with vlan interface_params
407
408.. code-block:: yaml
409
410 linux:
411 network:
412 enabled: true
413 interface:
414 vlan69:
415 type: vlan
jan kaufmanc0bd76f2015-12-15 16:45:44 +0100[diff] [blame]416 use_interfaces:
Jan Kaufman6a1ad712015-12-11 14:44:19 +0100[diff] [blame]417 - interface: ${linux:interface:bond0}
Jan Kaufman6a1ad712015-12-11 14:44:19 +0100[diff] [blame]418
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]419Linux with wireless interface parameters
420
421.. code-block:: yaml
422
423 linux:
424 network:
425 enabled: true
426 gateway: 10.0.0.1
Jan Kaufman6a1ad712015-12-11 14:44:19 +0100[diff] [blame]427 default_interface: eth0
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]428 interface:
429 wlan0:
430 type: eth
431 wireless:
432 essid: example
433 key: example_key
434 security: wpa
435 priority: 1
436
437Linux networks with routes defined
438
439.. code-block:: yaml
440
441 linux:
442 network:
443 enabled: true
444 gateway: 10.0.0.1
Jan Kaufman6a1ad712015-12-11 14:44:19 +0100[diff] [blame]445 default_interface: eth0
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]446 interface:
447 eth0:
448 type: eth
449 route:
450 default:
451 address: 192.168.0.123
452 netmask: 255.255.255.0
453 gateway: 192.168.0.1
454
455Native Linux Bridges
456
457.. code-block:: yaml
458
459 linux:
460 network:
461 interface:
462 eth1:
463 enabled: true
464 type: eth
465 proto: manual
466 up_cmds:
467 - ip address add 0/0 dev $IFACE
468 - ip link set $IFACE up
469 down_cmds:
470 - ip link set $IFACE down
471 br-ex:
472 enabled: true
473 type: bridge
474 address: ${linux:network:host:public_local:address}
475 netmask: 255.255.255.0
476 use_interfaces:
477 - eth1
478
479OpenVswitch Bridges
480
481.. code-block:: yaml
482
483 linux:
484 network:
485 bridge: openvswitch
486 interface:
487 eth1:
488 enabled: true
489 type: eth
490 proto: manual
491 up_cmds:
492 - ip address add 0/0 dev $IFACE
493 - ip link set $IFACE up
494 down_cmds:
495 - ip link set $IFACE down
496 br-ex:
497 enabled: true
498 type: bridge
499 address: ${linux:network:host:public_local:address}
500 netmask: 255.255.255.0
501 use_interfaces:
502 - eth1
503
504Linux with proxy
505
506.. code-block:: yaml
507
508 linux:
509 network:
510 ...
511 proxy:
512 host: proxy.domain.com
513 port: 3128
514
515Linux with hosts
516
517.. code-block:: yaml
518
519 linux:
520 network:
521 ...
522 host:
523 node1:
524 address: 192.168.10.200
525 names:
526 - node2.domain.com
527 - service2.domain.com
528 node2:
529 address: 192.168.10.201
530 names:
531 - node2.domain.com
532 - service2.domain.com
533
Filip Pytlounde9bea52016-01-11 15:39:10 +0100[diff] [blame]534Setup resolv.conf, nameservers, domain and search domains
535
536.. code-block:: yaml
537
538 linux:
539 network:
540 resolv:
541 dns:
542 - 8.8.4.4
543 - 8.8.8.8
544 domain: my.example.com
545 search:
546 - my.example.com
547 - example.com
Marek Celoudf6cd1922016-12-05 13:39:49 +0100[diff] [blame]548 options:
549 - ndots:5
550 - timeout:2
551 - attempts:2
Filip Pytlounde9bea52016-01-11 15:39:10 +0100[diff] [blame]552
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]553Linux storage pillars
554---------------------
555
556Linux with mounted Samba
557
558.. code-block:: yaml
559
560 linux:
561 storage:
562 enabled: true
563 mount:
564 samba1:
Simon Pasquier376262a2016-11-16 15:21:51 +0100[diff] [blame]565 - enabled: true
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]566 - path: /media/myuser/public/
567 - device: //192.168.0.1/storage
568 - file_system: cifs
569 - options: guest,uid=myuser,iocharset=utf8,file_mode=0777,dir_mode=0777,noperm
570
571Linux with file swap
572
573.. code-block:: yaml
574
575 linux:
576 storage:
577 enabled: true
578 swap:
579 file:
580 enabled: true
581 engine: file
582 device: /swapfile
583 size: 1024
584
Lachlan Evenson30676512016-01-22 15:43:28 -0800[diff] [blame]585Linux with partition swap
586
587.. code-block:: yaml
588
589 linux:
590 storage:
591 enabled: true
592 swap:
593 partition:
594 enabled: true
595 engine: partition
596 device: /dev/vg0/swap
597
Filip Pytlounc8a001a2015-12-15 14:09:19 +0100[diff] [blame]598LVM group `vg1` with one device and `data` volume mounted into `/mnt/data`
599
600.. code-block:: yaml
601
602 parameters:
603 linux:
604 storage:
605 mount:
606 data:
Simon Pasquier376262a2016-11-16 15:21:51 +0100[diff] [blame]607 enabled: true
Filip Pytlounc8a001a2015-12-15 14:09:19 +0100[diff] [blame]608 device: /dev/vg1/data
609 file_system: ext4
610 path: /mnt/data
611 lvm:
612 vg1:
613 enabled: true
614 devices:
615 - /dev/sdb
616 volume:
617 data:
618 size: 40G
619 mount: ${linux:storage:mount:data}
620
Ales Komareka634f4b2016-10-02 13:11:04 +0200[diff] [blame]621
622Multipath with Fujitsu Eternus DXL
623
624.. code-block:: yaml
625
626 parameters:
627 linux:
628 storage:
629 multipath:
630 enabled: true
631 blacklist_devices:
632 - /dev/sda
633 - /dev/sdb
634 backends:
635 - fujitsu_eternus_dxl
636
637Multipath with Hitachi VSP 1000
638
639.. code-block:: yaml
640
641 parameters:
642 linux:
643 storage:
644 multipath:
645 enabled: true
646 blacklist_devices:
647 - /dev/sda
648 - /dev/sdb
649 backends:
650 - hitachi_vsp1000
651
652Multipath with IBM Storwize
653
654.. code-block:: yaml
655
656 parameters:
657 linux:
658 storage:
659 multipath:
660 enabled: true
661 blacklist_devices:
662 - /dev/sda
663 - /dev/sdb
664 backends:
665 - ibm_storwize
666
667Multipath with multiple backends
668
669.. code-block:: yaml
670
671 parameters:
672 linux:
673 storage:
674 multipath:
675 enabled: true
676 blacklist_devices:
677 - /dev/sda
678 - /dev/sdb
679 - /dev/sdc
680 - /dev/sdd
681 backends:
682 - ibm_storwize
683 - fujitsu_eternus_dxl
684 - hitachi_vsp1000
685
686Disabled multipath (the default setup)
687
688.. code-block:: yaml
689
690 parameters:
691 linux:
692 storage:
693 multipath:
694 enabled: false
695
Filip Pytlounb2c8f852016-11-21 17:03:43 +0100[diff] [blame]696External config generation
697--------------------------
698
699You are able to use config support metadata between formulas and only generate
700config files for external use, eg. docker, etc.
701
702.. code-block:: yaml
703
704 parameters:
705 linux:
706 system:
707 config:
708 pillar:
709 jenkins:
710 master:
711 home: /srv/volumes/jenkins
712 approved_scripts:
713 - method java.net.URL openConnection
714 credentials:
715 - type: username_password
716 scope: global
717 id: test
718 desc: Testing credentials
719 username: test
720 password: test
721
Ales Komareka634f4b2016-10-02 13:11:04 +0200[diff] [blame]722
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]723Usage
724=====
725
726Set mtu of network interface eth0 to 1400
727
728.. code-block:: bash
729
730 ip link set dev eth0 mtu 1400
731
732Read more
733=========
734
735* https://www.archlinux.org/
736* http://askubuntu.com/questions/175172/how-do-i-configure-proxies-in-ubuntu-server-or-minimal-cli-ubuntu