Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / linux / 7277ba9601fde97225af84609a9674fa339ca60e / . / README.rst
blob: 4b06443f3239468b401f4a9f9e4a9c47e69b1b14 [file] [log] [blame]
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]1
2=====
3Linux
4=====
5
6Linux Operating Systems.
7
8* Ubuntu
9* CentOS
10* RedHat
11* Fedora
12* Arch
13
14Sample pillars
15==============
16
17Linux system
18------------
19
20Basic Linux box
21
22.. code-block:: yaml
23
24 linux:
25 system:
26 enabled: true
27 name: 'node1'
28 domain: 'domain.com'
29 cluster: 'system'
30 environment: prod
31 timezone: 'Europe/Prague'
32 utc: true
33
34Linux with system users, sowe with password set
35
36.. code-block:: yaml
37
38 linux:
39 system:
40 ...
41 user:
42 jdoe:
43 name: 'jdoe'
44 enabled: true
45 sudo: true
46 shell: /bin/bash
47 full_name: 'Jonh Doe'
48 home: '/home/jdoe'
49 email: 'jonh@doe.com'
50 jsmith:
51 name: 'jsmith'
52 enabled: true
53 full_name: 'Password'
54 home: '/home/jsmith'
55 password: userpassword
56
57Linux with package, latest version
58
59.. code-block:: yaml
60
61 linux:
62 system:
63 ...
64 package:
65 package-name:
66 version: latest
67
68Linux with package from certail repo, version with no upgrades
69
70.. code-block:: yaml
71
72 linux:
73 system:
74 ...
75 package:
76 package-name:
77 version: 2132.323
78 repo: 'custom-repo'
79 hold: true
80
81Linux with package from certail repo, version with no GPG verification
82
83.. code-block:: yaml
84
85 linux:
86 system:
87 ...
88 package:
89 package-name:
90 version: 2132.323
91 repo: 'custom-repo'
92 verify: false
93
94Linux with cron jobs
95
96.. code-block:: yaml
97
98 linux:
99 system:
100 ...
101 job:
102 cmd1:
103 command: '/cmd/to/run'
104 enabled: true
105 user: 'root'
106 hour: 2
107 minute: 0
108
Filip Pytlound0a29e72015-11-30 15:23:34 +0100[diff] [blame]109Linux security limits (limit sensu user memory usage to max 1GB):
110
111.. code-block:: yaml
112
113 linux:
114 system:
115 ...
116 limit:
117 sensu:
118 enabled: true
119 domain: sensu
120 limits:
121 - type: hard
122 item: as
123 value: 1000000
124
Filip Pytloun7fee0542015-10-15 11:19:24 +0200[diff] [blame]125Enable autologin on tty1 (may work only for Ubuntu 14.04):
126
127.. code-block:: yaml
128
129 linux:
130 system:
131 console:
132 tty1:
133 autologin: root
134
135To disable set autologin to `false`.
136
Filip Pytloun281034a2016-01-04 18:06:22 +0100[diff] [blame]137Kernel
138~~~~~~
139
140Install always up to date LTS kernel and headers from Ubuntu trusty:
141
142.. code-block:: yaml
143
144 linux:
145 system:
146 kernel:
147 type: generic
148 lts: trusty
149 headers: true
150
151Install specific kernel version and ensure all other kernel packages are
152not present. Also install extra modules and headers for this kernel:
153
154.. code-block:: yaml
155
156 linux:
157 system:
158 kernel:
159 type: generic
160 extra: true
161 headers: true
162 version: 4.2.0-22
163
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]164Repositories
165~~~~~~~~~~~~
166
167RedHat based Linux with additional OpenStack repo
168
169.. code-block:: yaml
170
171 linux:
172 system:
173 ...
174 repo:
175 rdo-icehouse:
176 enabled: true
177 source: 'http://repos.fedorapeople.org/repos/openstack/openstack-icehouse/epel-6/'
178 pgpcheck: 0
179
180Ensure system repository to use czech Debian mirror (``default: true``)
181Also pin it's packages with priority 900.
182
183.. code-block:: yaml
184
185 linux:
186 system:
187 repo:
188 debian:
189 default: true
190 source: "deb http://ftp.cz.debian.org/debian/ jessie main contrib non-free"
191 # Import signing key from URL if needed
192 key_url: "http://dummy.com/public.gpg"
193 pin:
194 - pin: 'origin "ftp.cz.debian.org"'
195 priority: 900
196 package: '*'
197
Jakub Pavlik78859382016-01-21 11:26:39 +0100[diff] [blame]198rc.local example
199
200.. code-block:: yaml
201
202 linux:
203 system:
204 rc:
205 local: |
206 #!/bin/sh -e
207 #
208 # rc.local
209 #
210 # This script is executed at the end of each multiuser runlevel.
211 # Make sure that the script will "exit 0" on success or any other
212 # value on error.
213 #
214 # In order to enable or disable this script just change the execution
215 # bits.
216 #
217 # By default this script does nothing.
218 exit 0
219
Filip Pytloun1f40dac2016-01-22 15:52:57 +0100[diff] [blame]220Prompt
221~~~~~~
222
223Setting prompt is implemented by creating ``/etc/profile.d/prompt.sh``. Every
224user can have different prompt.
225
226.. code-block:: yaml
227
228 linux:
229 system:
230 prompt:
231 root: \\n\\[\\033[0;37m\\]\\D{%y/%m/%d %H:%M:%S} $(hostname -f)\\[\\e[0m\\]\\n\\[\\e[1;31m\\][\\u@\\h:\\w]\\[\\e[0m\\]
232 default: \\n\\D{%y/%m/%d %H:%M:%S} $(hostname -f)\\n[\\u@\\h:\\w]
233
234On Debian systems to set prompt system-wide it's necessary to remove setting
235PS1 in ``/etc/bash.bashrc`` and ``~/.bashrc`` (which comes from
236``/etc/skel/.bashrc``). This formula will do this automatically, but will not
Filip Pytlound9b68da2016-01-22 15:58:41 +0100[diff] [blame]237touch existing user's ``~/.bashrc`` files except root.
Jakub Pavlik78859382016-01-21 11:26:39 +0100[diff] [blame]238
Filip Pytloune874dfb2016-01-22 16:57:34 +0100[diff] [blame]239Message of the day
240~~~~~~~~~~~~~~~~~~
241
242``pam_motd`` from package ``update-motd`` is used for dynamic messages of the
243day. Setting custom motd will cleanup existing ones.
244
245.. code-block:: yaml
246
247 linux:
248 system:
249 motd:
250 - release: |
251 #!/bin/sh
252 [ -r /etc/lsb-release ] && . /etc/lsb-release
253
254 if [ -z "$DISTRIB_DESCRIPTION" ] && [ -x /usr/bin/lsb_release ]; then
255 # Fall back to using the very slow lsb_release utility
256 DISTRIB_DESCRIPTION=$(lsb_release -s -d)
257 fi
258
259 printf "Welcome to %s (%s %s %s)\n" "$DISTRIB_DESCRIPTION" "$(uname -o)" "$(uname -r)" "$(uname -m)"
260 - warning: |
261 #!/bin/sh
262 printf "This is [company name] network.\n"
263 printf "Unauthorized access strictly prohibited.\n"
264
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]265Linux network
266-------------
267
268Linux with network manager
269
270.. code-block:: yaml
271
272 linux:
273 network:
274 enabled: true
275 network_manager: true
276
277Linux with default static network interfaces, default gateway interface and DNS servers
278
279.. code-block:: yaml
280
281 linux:
282 network:
283 enabled: true
284 interface:
285 eth0:
286 enabled: true
287 type: eth
288 address: 192.168.0.102
289 netmask: 255.255.255.0
290 gateway: 192.168.0.1
291 name_servers:
292 - 8.8.8.8
293 - 8.8.4.4
294 mtu: 1500
295
jan kaufman6d30adf2016-01-18 17:30:12 +0100[diff] [blame]296Linux with bonded interfaces and disabled NetworkManager
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]297
298.. code-block:: yaml
299
300 linux:
301 network:
302 enabled: true
303 interface:
304 eth0:
305 type: eth
306 ...
307 eth1:
308 type: eth
309 ...
310 bond0:
311 enabled: true
312 type: bond
313 address: 192.168.0.102
314 netmask: 255.255.255.0
315 mtu: 1500
316 use_in:
317 - interface: ${linux:interface:eth0}
318 - interface: ${linux:interface:eth0}
jan kaufman6d30adf2016-01-18 17:30:12 +0100[diff] [blame]319 network_manager:
320 disable: true
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]321
Jan Kaufman6a1ad712015-12-11 14:44:19 +0100[diff] [blame]322Linux with vlan interface_params
323
324.. code-block:: yaml
325
326 linux:
327 network:
328 enabled: true
329 interface:
330 vlan69:
331 type: vlan
jan kaufmanc0bd76f2015-12-15 16:45:44 +0100[diff] [blame]332 use_interfaces:
Jan Kaufman6a1ad712015-12-11 14:44:19 +0100[diff] [blame]333 - interface: ${linux:interface:bond0}
Jan Kaufman6a1ad712015-12-11 14:44:19 +0100[diff] [blame]334
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]335Linux with wireless interface parameters
336
337.. code-block:: yaml
338
339 linux:
340 network:
341 enabled: true
342 gateway: 10.0.0.1
Jan Kaufman6a1ad712015-12-11 14:44:19 +0100[diff] [blame]343 default_interface: eth0
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]344 interface:
345 wlan0:
346 type: eth
347 wireless:
348 essid: example
349 key: example_key
350 security: wpa
351 priority: 1
352
353Linux networks with routes defined
354
355.. code-block:: yaml
356
357 linux:
358 network:
359 enabled: true
360 gateway: 10.0.0.1
Jan Kaufman6a1ad712015-12-11 14:44:19 +0100[diff] [blame]361 default_interface: eth0
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]362 interface:
363 eth0:
364 type: eth
365 route:
366 default:
367 address: 192.168.0.123
368 netmask: 255.255.255.0
369 gateway: 192.168.0.1
370
371Native Linux Bridges
372
373.. code-block:: yaml
374
375 linux:
376 network:
377 interface:
378 eth1:
379 enabled: true
380 type: eth
381 proto: manual
382 up_cmds:
383 - ip address add 0/0 dev $IFACE
384 - ip link set $IFACE up
385 down_cmds:
386 - ip link set $IFACE down
387 br-ex:
388 enabled: true
389 type: bridge
390 address: ${linux:network:host:public_local:address}
391 netmask: 255.255.255.0
392 use_interfaces:
393 - eth1
394
395OpenVswitch Bridges
396
397.. code-block:: yaml
398
399 linux:
400 network:
401 bridge: openvswitch
402 interface:
403 eth1:
404 enabled: true
405 type: eth
406 proto: manual
407 up_cmds:
408 - ip address add 0/0 dev $IFACE
409 - ip link set $IFACE up
410 down_cmds:
411 - ip link set $IFACE down
412 br-ex:
413 enabled: true
414 type: bridge
415 address: ${linux:network:host:public_local:address}
416 netmask: 255.255.255.0
417 use_interfaces:
418 - eth1
419
420Linux with proxy
421
422.. code-block:: yaml
423
424 linux:
425 network:
426 ...
427 proxy:
428 host: proxy.domain.com
429 port: 3128
430
431Linux with hosts
432
433.. code-block:: yaml
434
435 linux:
436 network:
437 ...
438 host:
439 node1:
440 address: 192.168.10.200
441 names:
442 - node2.domain.com
443 - service2.domain.com
444 node2:
445 address: 192.168.10.201
446 names:
447 - node2.domain.com
448 - service2.domain.com
449
Filip Pytlounde9bea52016-01-11 15:39:10 +0100[diff] [blame]450Setup resolv.conf, nameservers, domain and search domains
451
452.. code-block:: yaml
453
454 linux:
455 network:
456 resolv:
457 dns:
458 - 8.8.4.4
459 - 8.8.8.8
460 domain: my.example.com
461 search:
462 - my.example.com
463 - example.com
464
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]465Linux storage pillars
466---------------------
467
468Linux with mounted Samba
469
470.. code-block:: yaml
471
472 linux:
473 storage:
474 enabled: true
475 mount:
476 samba1:
477 - path: /media/myuser/public/
478 - device: //192.168.0.1/storage
479 - file_system: cifs
480 - options: guest,uid=myuser,iocharset=utf8,file_mode=0777,dir_mode=0777,noperm
481
482Linux with file swap
483
484.. code-block:: yaml
485
486 linux:
487 storage:
488 enabled: true
489 swap:
490 file:
491 enabled: true
492 engine: file
493 device: /swapfile
494 size: 1024
495
Lachlan Evenson30676512016-01-22 15:43:28 -0800[diff] [blame]496Linux with partition swap
497
498.. code-block:: yaml
499
500 linux:
501 storage:
502 enabled: true
503 swap:
504 partition:
505 enabled: true
506 engine: partition
507 device: /dev/vg0/swap
508
Filip Pytlounc8a001a2015-12-15 14:09:19 +0100[diff] [blame]509LVM group `vg1` with one device and `data` volume mounted into `/mnt/data`
510
511.. code-block:: yaml
512
513 parameters:
514 linux:
515 storage:
516 mount:
517 data:
518 device: /dev/vg1/data
519 file_system: ext4
520 path: /mnt/data
521 lvm:
522 vg1:
523 enabled: true
524 devices:
525 - /dev/sdb
526 volume:
527 data:
528 size: 40G
529 mount: ${linux:storage:mount:data}
530
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]531Usage
532=====
533
534Set mtu of network interface eth0 to 1400
535
536.. code-block:: bash
537
538 ip link set dev eth0 mtu 1400
539
540Read more
541=========
542
543* https://www.archlinux.org/
544* http://askubuntu.com/questions/175172/how-do-i-configure-proxies-in-ubuntu-server-or-minimal-cli-ubuntu