Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / linux / 4b983460d49db5896178a2e8434b50fe2afad532 / . / README.rst
blob: 5ff855a377f50226d97d0aa1db2fa2822d187d02 [file] [log] [blame]
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]1
2=====
3Linux
4=====
5
6Linux Operating Systems.
7
8* Ubuntu
9* CentOS
10* RedHat
11* Fedora
12* Arch
13
14Sample pillars
15==============
16
17Linux system
18------------
19
20Basic Linux box
21
22.. code-block:: yaml
23
24 linux:
25 system:
26 enabled: true
27 name: 'node1'
28 domain: 'domain.com'
29 cluster: 'system'
30 environment: prod
31 timezone: 'Europe/Prague'
32 utc: true
33
34Linux with system users, sowe with password set
35
36.. code-block:: yaml
37
38 linux:
39 system:
40 ...
41 user:
42 jdoe:
43 name: 'jdoe'
44 enabled: true
45 sudo: true
46 shell: /bin/bash
47 full_name: 'Jonh Doe'
48 home: '/home/jdoe'
49 email: 'jonh@doe.com'
50 jsmith:
51 name: 'jsmith'
52 enabled: true
53 full_name: 'Password'
54 home: '/home/jsmith'
55 password: userpassword
56
57Linux with package, latest version
58
59.. code-block:: yaml
60
61 linux:
62 system:
63 ...
64 package:
65 package-name:
66 version: latest
67
68Linux with package from certail repo, version with no upgrades
69
70.. code-block:: yaml
71
72 linux:
73 system:
74 ...
75 package:
76 package-name:
77 version: 2132.323
78 repo: 'custom-repo'
79 hold: true
80
81Linux with package from certail repo, version with no GPG verification
82
83.. code-block:: yaml
84
85 linux:
86 system:
87 ...
88 package:
89 package-name:
90 version: 2132.323
91 repo: 'custom-repo'
92 verify: false
93
94Linux with cron jobs
95
96.. code-block:: yaml
97
98 linux:
99 system:
100 ...
101 job:
102 cmd1:
103 command: '/cmd/to/run'
104 enabled: true
105 user: 'root'
106 hour: 2
107 minute: 0
108
Filip Pytlound0a29e72015-11-30 15:23:34 +0100[diff] [blame]109Linux security limits (limit sensu user memory usage to max 1GB):
110
111.. code-block:: yaml
112
113 linux:
114 system:
115 ...
116 limit:
117 sensu:
118 enabled: true
119 domain: sensu
120 limits:
121 - type: hard
122 item: as
123 value: 1000000
124
Filip Pytloun7fee0542015-10-15 11:19:24 +0200[diff] [blame]125Enable autologin on tty1 (may work only for Ubuntu 14.04):
126
127.. code-block:: yaml
128
129 linux:
130 system:
131 console:
132 tty1:
133 autologin: root
134
135To disable set autologin to `false`.
136
Filip Pytloun281034a2016-01-04 18:06:22 +0100[diff] [blame]137Kernel
138~~~~~~
139
140Install always up to date LTS kernel and headers from Ubuntu trusty:
141
142.. code-block:: yaml
143
144 linux:
145 system:
146 kernel:
147 type: generic
148 lts: trusty
149 headers: true
150
151Install specific kernel version and ensure all other kernel packages are
152not present. Also install extra modules and headers for this kernel:
153
154.. code-block:: yaml
155
156 linux:
157 system:
158 kernel:
159 type: generic
160 extra: true
161 headers: true
162 version: 4.2.0-22
163
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]164Repositories
165~~~~~~~~~~~~
166
167RedHat based Linux with additional OpenStack repo
168
169.. code-block:: yaml
170
171 linux:
172 system:
173 ...
174 repo:
175 rdo-icehouse:
176 enabled: true
177 source: 'http://repos.fedorapeople.org/repos/openstack/openstack-icehouse/epel-6/'
178 pgpcheck: 0
179
180Ensure system repository to use czech Debian mirror (``default: true``)
181Also pin it's packages with priority 900.
182
183.. code-block:: yaml
184
185 linux:
186 system:
187 repo:
188 debian:
189 default: true
190 source: "deb http://ftp.cz.debian.org/debian/ jessie main contrib non-free"
191 # Import signing key from URL if needed
192 key_url: "http://dummy.com/public.gpg"
193 pin:
194 - pin: 'origin "ftp.cz.debian.org"'
195 priority: 900
196 package: '*'
197
198Linux network
199-------------
200
201Linux with network manager
202
203.. code-block:: yaml
204
205 linux:
206 network:
207 enabled: true
208 network_manager: true
209
210Linux with default static network interfaces, default gateway interface and DNS servers
211
212.. code-block:: yaml
213
214 linux:
215 network:
216 enabled: true
217 interface:
218 eth0:
219 enabled: true
220 type: eth
221 address: 192.168.0.102
222 netmask: 255.255.255.0
223 gateway: 192.168.0.1
224 name_servers:
225 - 8.8.8.8
226 - 8.8.4.4
227 mtu: 1500
228
jan kaufman6d30adf2016-01-18 17:30:12 +0100[diff] [blame]229Linux with bonded interfaces and disabled NetworkManager
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]230
231.. code-block:: yaml
232
233 linux:
234 network:
235 enabled: true
236 interface:
237 eth0:
238 type: eth
239 ...
240 eth1:
241 type: eth
242 ...
243 bond0:
244 enabled: true
245 type: bond
246 address: 192.168.0.102
247 netmask: 255.255.255.0
248 mtu: 1500
249 use_in:
250 - interface: ${linux:interface:eth0}
251 - interface: ${linux:interface:eth0}
jan kaufman6d30adf2016-01-18 17:30:12 +0100[diff] [blame]252 network_manager:
253 disable: true
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]254
Jan Kaufman6a1ad712015-12-11 14:44:19 +0100[diff] [blame]255Linux with vlan interface_params
256
257.. code-block:: yaml
258
259 linux:
260 network:
261 enabled: true
262 interface:
263 vlan69:
264 type: vlan
jan kaufmanc0bd76f2015-12-15 16:45:44 +0100[diff] [blame]265 use_interfaces:
Jan Kaufman6a1ad712015-12-11 14:44:19 +0100[diff] [blame]266 - interface: ${linux:interface:bond0}
Jan Kaufman6a1ad712015-12-11 14:44:19 +0100[diff] [blame]267
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]268Linux with wireless interface parameters
269
270.. code-block:: yaml
271
272 linux:
273 network:
274 enabled: true
275 gateway: 10.0.0.1
Jan Kaufman6a1ad712015-12-11 14:44:19 +0100[diff] [blame]276 default_interface: eth0
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]277 interface:
278 wlan0:
279 type: eth
280 wireless:
281 essid: example
282 key: example_key
283 security: wpa
284 priority: 1
285
286Linux networks with routes defined
287
288.. code-block:: yaml
289
290 linux:
291 network:
292 enabled: true
293 gateway: 10.0.0.1
Jan Kaufman6a1ad712015-12-11 14:44:19 +0100[diff] [blame]294 default_interface: eth0
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]295 interface:
296 eth0:
297 type: eth
298 route:
299 default:
300 address: 192.168.0.123
301 netmask: 255.255.255.0
302 gateway: 192.168.0.1
303
304Native Linux Bridges
305
306.. code-block:: yaml
307
308 linux:
309 network:
310 interface:
311 eth1:
312 enabled: true
313 type: eth
314 proto: manual
315 up_cmds:
316 - ip address add 0/0 dev $IFACE
317 - ip link set $IFACE up
318 down_cmds:
319 - ip link set $IFACE down
320 br-ex:
321 enabled: true
322 type: bridge
323 address: ${linux:network:host:public_local:address}
324 netmask: 255.255.255.0
325 use_interfaces:
326 - eth1
327
328OpenVswitch Bridges
329
330.. code-block:: yaml
331
332 linux:
333 network:
334 bridge: openvswitch
335 interface:
336 eth1:
337 enabled: true
338 type: eth
339 proto: manual
340 up_cmds:
341 - ip address add 0/0 dev $IFACE
342 - ip link set $IFACE up
343 down_cmds:
344 - ip link set $IFACE down
345 br-ex:
346 enabled: true
347 type: bridge
348 address: ${linux:network:host:public_local:address}
349 netmask: 255.255.255.0
350 use_interfaces:
351 - eth1
352
353Linux with proxy
354
355.. code-block:: yaml
356
357 linux:
358 network:
359 ...
360 proxy:
361 host: proxy.domain.com
362 port: 3128
363
364Linux with hosts
365
366.. code-block:: yaml
367
368 linux:
369 network:
370 ...
371 host:
372 node1:
373 address: 192.168.10.200
374 names:
375 - node2.domain.com
376 - service2.domain.com
377 node2:
378 address: 192.168.10.201
379 names:
380 - node2.domain.com
381 - service2.domain.com
382
Filip Pytlounde9bea52016-01-11 15:39:10 +0100[diff] [blame]383Setup resolv.conf, nameservers, domain and search domains
384
385.. code-block:: yaml
386
387 linux:
388 network:
389 resolv:
390 dns:
391 - 8.8.4.4
392 - 8.8.8.8
393 domain: my.example.com
394 search:
395 - my.example.com
396 - example.com
397
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]398Linux storage pillars
399---------------------
400
401Linux with mounted Samba
402
403.. code-block:: yaml
404
405 linux:
406 storage:
407 enabled: true
408 mount:
409 samba1:
410 - path: /media/myuser/public/
411 - device: //192.168.0.1/storage
412 - file_system: cifs
413 - options: guest,uid=myuser,iocharset=utf8,file_mode=0777,dir_mode=0777,noperm
414
415Linux with file swap
416
417.. code-block:: yaml
418
419 linux:
420 storage:
421 enabled: true
422 swap:
423 file:
424 enabled: true
425 engine: file
426 device: /swapfile
427 size: 1024
428
Filip Pytlounc8a001a2015-12-15 14:09:19 +0100[diff] [blame]429LVM group `vg1` with one device and `data` volume mounted into `/mnt/data`
430
431.. code-block:: yaml
432
433 parameters:
434 linux:
435 storage:
436 mount:
437 data:
438 device: /dev/vg1/data
439 file_system: ext4
440 path: /mnt/data
441 lvm:
442 vg1:
443 enabled: true
444 devices:
445 - /dev/sdb
446 volume:
447 data:
448 size: 40G
449 mount: ${linux:storage:mount:data}
450
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]451Usage
452=====
453
454Set mtu of network interface eth0 to 1400
455
456.. code-block:: bash
457
458 ip link set dev eth0 mtu 1400
459
460Read more
461=========
462
463* https://www.archlinux.org/
464* http://askubuntu.com/questions/175172/how-do-i-configure-proxies-in-ubuntu-server-or-minimal-cli-ubuntu