Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / linux / 8b497149ea11baf64335a98d79fbda1068d4ac12 / . / README.rst
blob: 14f0cb3c12bbce3e62c38c4fe525ced238721c5f [file] [log] [blame]
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]1
2=====
3Linux
4=====
5
6Linux Operating Systems.
7
8* Ubuntu
9* CentOS
10* RedHat
11* Fedora
12* Arch
13
14Sample pillars
15==============
16
17Linux system
18------------
19
20Basic Linux box
21
22.. code-block:: yaml
23
24 linux:
25 system:
26 enabled: true
27 name: 'node1'
28 domain: 'domain.com'
29 cluster: 'system'
30 environment: prod
31 timezone: 'Europe/Prague'
32 utc: true
33
34Linux with system users, sowe with password set
35
36.. code-block:: yaml
37
38 linux:
39 system:
40 ...
41 user:
42 jdoe:
43 name: 'jdoe'
44 enabled: true
45 sudo: true
46 shell: /bin/bash
47 full_name: 'Jonh Doe'
48 home: '/home/jdoe'
49 email: 'jonh@doe.com'
50 jsmith:
51 name: 'jsmith'
52 enabled: true
53 full_name: 'Password'
54 home: '/home/jsmith'
55 password: userpassword
56
57Linux with package, latest version
58
59.. code-block:: yaml
60
61 linux:
62 system:
63 ...
64 package:
65 package-name:
66 version: latest
67
68Linux with package from certail repo, version with no upgrades
69
70.. code-block:: yaml
71
72 linux:
73 system:
74 ...
75 package:
76 package-name:
77 version: 2132.323
78 repo: 'custom-repo'
79 hold: true
80
81Linux with package from certail repo, version with no GPG verification
82
83.. code-block:: yaml
84
85 linux:
86 system:
87 ...
88 package:
89 package-name:
90 version: 2132.323
91 repo: 'custom-repo'
92 verify: false
93
94Linux with cron jobs
95
96.. code-block:: yaml
97
98 linux:
99 system:
100 ...
101 job:
102 cmd1:
103 command: '/cmd/to/run'
104 enabled: true
105 user: 'root'
106 hour: 2
107 minute: 0
108
Filip Pytlound0a29e72015-11-30 15:23:34 +0100[diff] [blame]109Linux security limits (limit sensu user memory usage to max 1GB):
110
111.. code-block:: yaml
112
113 linux:
114 system:
115 ...
116 limit:
117 sensu:
118 enabled: true
119 domain: sensu
120 limits:
121 - type: hard
122 item: as
123 value: 1000000
124
Filip Pytloun7fee0542015-10-15 11:19:24 +0200[diff] [blame]125Enable autologin on tty1 (may work only for Ubuntu 14.04):
126
127.. code-block:: yaml
128
129 linux:
130 system:
131 console:
132 tty1:
133 autologin: root
Filip Pytloun281d0202016-01-29 14:03:51 +0100[diff] [blame]134 # Enable serial console
135 ttyS0:
136 autologin: root
137 rate: 115200
138 term: xterm
Filip Pytloun7fee0542015-10-15 11:19:24 +0200[diff] [blame]139
140To disable set autologin to `false`.
141
Filip Pytloun7731b852016-02-01 11:13:47 +0100[diff] [blame]142Set ``policy-rc.d`` on Debian-based systems. Action can be any available
143command in ``while true`` loop and ``case`` context.
144Following will disallow dpkg to stop/start services for cassandra package automatically:
145
146.. code-block:: yaml
147
148 linux:
149 system:
150 policyrcd:
151 - package: cassandra
152 action: exit 101
153 - package: '*'
154 action: switch
155
Filip Pytlounc49445a2016-04-04 14:23:20 +0200[diff] [blame]156Set system locales:
157
158.. code-block:: yaml
159
160 linux:
161 system:
162 locale:
163 en_US.UTF-8:
164 default: true
Filip Pytlounee1745f2016-04-04 17:39:41 +0200[diff] [blame]165 "cs_CZ.UTF-8 UTF-8":
Filip Pytlounc49445a2016-04-04 14:23:20 +0200[diff] [blame]166 enabled: true
167
Filip Pytloun281034a2016-01-04 18:06:22 +0100[diff] [blame]168Kernel
169~~~~~~
170
171Install always up to date LTS kernel and headers from Ubuntu trusty:
172
173.. code-block:: yaml
174
175 linux:
176 system:
177 kernel:
178 type: generic
179 lts: trusty
180 headers: true
181
182Install specific kernel version and ensure all other kernel packages are
183not present. Also install extra modules and headers for this kernel:
184
185.. code-block:: yaml
186
187 linux:
188 system:
189 kernel:
190 type: generic
191 extra: true
192 headers: true
193 version: 4.2.0-22
194
Jakub Pavlik32c2cb02016-01-29 12:45:29 +0100[diff] [blame]195Systcl kernel parameters
196
197.. code-block:: yaml
198
199 linux:
200 system:
201 kernel:
202 sysctl:
203 net.ipv4.tcp_keepalive_intvl: 3
204 net.ipv4.tcp_keepalive_time: 30
205 net.ipv4.tcp_keepalive_probes: 8
206
Jiri Broulikf8f55a22017-01-26 14:36:46 +0100[diff] [blame]207
208CPU
209~~~
210
211Disable ondemand cpu mode service:
212
213.. code-block:: yaml
214
215 linux:
216 system:
217 cpu:
218 governor: performance
219
220
221
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]222Repositories
223~~~~~~~~~~~~
224
225RedHat based Linux with additional OpenStack repo
226
227.. code-block:: yaml
228
229 linux:
230 system:
231 ...
232 repo:
233 rdo-icehouse:
234 enabled: true
235 source: 'http://repos.fedorapeople.org/repos/openstack/openstack-icehouse/epel-6/'
236 pgpcheck: 0
237
238Ensure system repository to use czech Debian mirror (``default: true``)
239Also pin it's packages with priority 900.
240
241.. code-block:: yaml
242
243 linux:
244 system:
245 repo:
246 debian:
247 default: true
248 source: "deb http://ftp.cz.debian.org/debian/ jessie main contrib non-free"
249 # Import signing key from URL if needed
250 key_url: "http://dummy.com/public.gpg"
251 pin:
252 - pin: 'origin "ftp.cz.debian.org"'
253 priority: 900
254 package: '*'
255
Jakub Pavlik78859382016-01-21 11:26:39 +0100[diff] [blame]256rc.local example
257
258.. code-block:: yaml
259
260 linux:
261 system:
262 rc:
263 local: |
264 #!/bin/sh -e
265 #
266 # rc.local
267 #
268 # This script is executed at the end of each multiuser runlevel.
269 # Make sure that the script will "exit 0" on success or any other
270 # value on error.
271 #
272 # In order to enable or disable this script just change the execution
273 # bits.
274 #
275 # By default this script does nothing.
276 exit 0
277
Filip Pytloun1f40dac2016-01-22 15:52:57 +0100[diff] [blame]278Prompt
279~~~~~~
280
281Setting prompt is implemented by creating ``/etc/profile.d/prompt.sh``. Every
282user can have different prompt.
283
284.. code-block:: yaml
285
286 linux:
287 system:
288 prompt:
289 root: \\n\\[\\033[0;37m\\]\\D{%y/%m/%d %H:%M:%S} $(hostname -f)\\[\\e[0m\\]\\n\\[\\e[1;31m\\][\\u@\\h:\\w]\\[\\e[0m\\]
290 default: \\n\\D{%y/%m/%d %H:%M:%S} $(hostname -f)\\n[\\u@\\h:\\w]
291
292On Debian systems to set prompt system-wide it's necessary to remove setting
293PS1 in ``/etc/bash.bashrc`` and ``~/.bashrc`` (which comes from
294``/etc/skel/.bashrc``). This formula will do this automatically, but will not
Filip Pytlound9b68da2016-01-22 15:58:41 +0100[diff] [blame]295touch existing user's ``~/.bashrc`` files except root.
Jakub Pavlik78859382016-01-21 11:26:39 +0100[diff] [blame]296
Filip Pytlouneef11c12016-03-25 11:00:23 +0100[diff] [blame]297Bash
298~~~~
299
300Fix bash configuration to preserve history across sessions (like ZSH does by
301default).
302
303.. code-block:: yaml
304
305 linux:
306 system:
307 bash:
308 preserve_history: true
309
Filip Pytloune874dfb2016-01-22 16:57:34 +0100[diff] [blame]310Message of the day
311~~~~~~~~~~~~~~~~~~
312
313``pam_motd`` from package ``update-motd`` is used for dynamic messages of the
314day. Setting custom motd will cleanup existing ones.
315
316.. code-block:: yaml
317
318 linux:
319 system:
320 motd:
321 - release: |
322 #!/bin/sh
323 [ -r /etc/lsb-release ] && . /etc/lsb-release
324
325 if [ -z "$DISTRIB_DESCRIPTION" ] && [ -x /usr/bin/lsb_release ]; then
326 # Fall back to using the very slow lsb_release utility
327 DISTRIB_DESCRIPTION=$(lsb_release -s -d)
328 fi
329
330 printf "Welcome to %s (%s %s %s)\n" "$DISTRIB_DESCRIPTION" "$(uname -o)" "$(uname -r)" "$(uname -m)"
331 - warning: |
332 #!/bin/sh
333 printf "This is [company name] network.\n"
334 printf "Unauthorized access strictly prohibited.\n"
335
Filip Pytloun2f70b492016-02-19 15:55:25 +0100[diff] [blame]336RHEL / CentOS
Filip Pytloun8296bb92016-02-19 18:42:09 +0100[diff] [blame]337^^^^^^^^^^^^^
Filip Pytloun2f70b492016-02-19 15:55:25 +0100[diff] [blame]338
339Unfortunately ``update-motd`` is currently not available for RHEL so there's
340no native support for dynamic motd.
341You can still set static one, only pillar structure differs:
342
343.. code-block:: yaml
344
345 linux:
346 system:
347 motd: |
348 This is [company name] network.
349 Unauthorized access strictly prohibited.
350
Filip Pytloun8296bb92016-02-19 18:42:09 +0100[diff] [blame]351Haveged
352~~~~~~~
353
354If you are running headless server and are low on entropy, it may be a good
355idea to setup Haveged.
356
357.. code-block:: yaml
358
359 linux:
360 system:
361 haveged:
362 enabled: true
363
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]364Linux network
365-------------
366
367Linux with network manager
368
369.. code-block:: yaml
370
371 linux:
372 network:
373 enabled: true
374 network_manager: true
375
376Linux with default static network interfaces, default gateway interface and DNS servers
377
378.. code-block:: yaml
379
380 linux:
381 network:
382 enabled: true
383 interface:
384 eth0:
385 enabled: true
386 type: eth
387 address: 192.168.0.102
388 netmask: 255.255.255.0
389 gateway: 192.168.0.1
390 name_servers:
391 - 8.8.8.8
392 - 8.8.4.4
393 mtu: 1500
394
jan kaufman6d30adf2016-01-18 17:30:12 +0100[diff] [blame]395Linux with bonded interfaces and disabled NetworkManager
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]396
397.. code-block:: yaml
398
399 linux:
400 network:
401 enabled: true
402 interface:
403 eth0:
404 type: eth
405 ...
406 eth1:
407 type: eth
408 ...
409 bond0:
410 enabled: true
411 type: bond
412 address: 192.168.0.102
413 netmask: 255.255.255.0
414 mtu: 1500
415 use_in:
416 - interface: ${linux:interface:eth0}
417 - interface: ${linux:interface:eth0}
jan kaufman6d30adf2016-01-18 17:30:12 +0100[diff] [blame]418 network_manager:
419 disable: true
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]420
Jan Kaufman6a1ad712015-12-11 14:44:19 +0100[diff] [blame]421Linux with vlan interface_params
422
423.. code-block:: yaml
424
425 linux:
426 network:
427 enabled: true
428 interface:
429 vlan69:
430 type: vlan
jan kaufmanc0bd76f2015-12-15 16:45:44 +0100[diff] [blame]431 use_interfaces:
Jan Kaufman6a1ad712015-12-11 14:44:19 +0100[diff] [blame]432 - interface: ${linux:interface:bond0}
Jan Kaufman6a1ad712015-12-11 14:44:19 +0100[diff] [blame]433
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]434Linux with wireless interface parameters
435
436.. code-block:: yaml
437
438 linux:
439 network:
440 enabled: true
441 gateway: 10.0.0.1
Jan Kaufman6a1ad712015-12-11 14:44:19 +0100[diff] [blame]442 default_interface: eth0
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]443 interface:
444 wlan0:
445 type: eth
446 wireless:
447 essid: example
448 key: example_key
449 security: wpa
450 priority: 1
451
452Linux networks with routes defined
453
454.. code-block:: yaml
455
456 linux:
457 network:
458 enabled: true
459 gateway: 10.0.0.1
Jan Kaufman6a1ad712015-12-11 14:44:19 +0100[diff] [blame]460 default_interface: eth0
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]461 interface:
462 eth0:
463 type: eth
464 route:
465 default:
466 address: 192.168.0.123
467 netmask: 255.255.255.0
468 gateway: 192.168.0.1
469
470Native Linux Bridges
471
472.. code-block:: yaml
473
474 linux:
475 network:
476 interface:
477 eth1:
478 enabled: true
479 type: eth
480 proto: manual
481 up_cmds:
482 - ip address add 0/0 dev $IFACE
483 - ip link set $IFACE up
484 down_cmds:
485 - ip link set $IFACE down
486 br-ex:
487 enabled: true
488 type: bridge
489 address: ${linux:network:host:public_local:address}
490 netmask: 255.255.255.0
491 use_interfaces:
492 - eth1
493
494OpenVswitch Bridges
495
496.. code-block:: yaml
497
498 linux:
499 network:
500 bridge: openvswitch
501 interface:
502 eth1:
503 enabled: true
504 type: eth
505 proto: manual
506 up_cmds:
507 - ip address add 0/0 dev $IFACE
508 - ip link set $IFACE up
509 down_cmds:
510 - ip link set $IFACE down
511 br-ex:
512 enabled: true
513 type: bridge
514 address: ${linux:network:host:public_local:address}
515 netmask: 255.255.255.0
516 use_interfaces:
517 - eth1
518
519Linux with proxy
520
521.. code-block:: yaml
522
523 linux:
524 network:
525 ...
526 proxy:
527 host: proxy.domain.com
528 port: 3128
529
530Linux with hosts
531
532.. code-block:: yaml
533
534 linux:
535 network:
536 ...
537 host:
538 node1:
539 address: 192.168.10.200
540 names:
541 - node2.domain.com
542 - service2.domain.com
543 node2:
544 address: 192.168.10.201
545 names:
546 - node2.domain.com
547 - service2.domain.com
548
Filip Pytlounde9bea52016-01-11 15:39:10 +0100[diff] [blame]549Setup resolv.conf, nameservers, domain and search domains
550
551.. code-block:: yaml
552
553 linux:
554 network:
555 resolv:
556 dns:
557 - 8.8.4.4
558 - 8.8.8.8
559 domain: my.example.com
560 search:
561 - my.example.com
562 - example.com
Marek Celoudf6cd1922016-12-05 13:39:49 +0100[diff] [blame]563 options:
564 - ndots:5
565 - timeout:2
566 - attempts:2
Filip Pytlounde9bea52016-01-11 15:39:10 +0100[diff] [blame]567
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]568Linux storage pillars
569---------------------
570
571Linux with mounted Samba
572
573.. code-block:: yaml
574
575 linux:
576 storage:
577 enabled: true
578 mount:
579 samba1:
Simon Pasquier376262a2016-11-16 15:21:51 +0100[diff] [blame]580 - enabled: true
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]581 - path: /media/myuser/public/
582 - device: //192.168.0.1/storage
583 - file_system: cifs
584 - options: guest,uid=myuser,iocharset=utf8,file_mode=0777,dir_mode=0777,noperm
585
586Linux with file swap
587
588.. code-block:: yaml
589
590 linux:
591 storage:
592 enabled: true
593 swap:
594 file:
595 enabled: true
596 engine: file
597 device: /swapfile
598 size: 1024
599
Lachlan Evenson30676512016-01-22 15:43:28 -0800[diff] [blame]600Linux with partition swap
601
602.. code-block:: yaml
603
604 linux:
605 storage:
606 enabled: true
607 swap:
608 partition:
609 enabled: true
610 engine: partition
611 device: /dev/vg0/swap
612
Filip Pytlounc8a001a2015-12-15 14:09:19 +0100[diff] [blame]613LVM group `vg1` with one device and `data` volume mounted into `/mnt/data`
614
615.. code-block:: yaml
616
617 parameters:
618 linux:
619 storage:
620 mount:
621 data:
Simon Pasquier376262a2016-11-16 15:21:51 +0100[diff] [blame]622 enabled: true
Filip Pytlounc8a001a2015-12-15 14:09:19 +0100[diff] [blame]623 device: /dev/vg1/data
624 file_system: ext4
625 path: /mnt/data
626 lvm:
627 vg1:
628 enabled: true
629 devices:
630 - /dev/sdb
631 volume:
632 data:
633 size: 40G
634 mount: ${linux:storage:mount:data}
635
Ales Komareka634f4b2016-10-02 13:11:04 +0200[diff] [blame]636
637Multipath with Fujitsu Eternus DXL
638
639.. code-block:: yaml
640
641 parameters:
642 linux:
643 storage:
644 multipath:
645 enabled: true
646 blacklist_devices:
647 - /dev/sda
648 - /dev/sdb
649 backends:
650 - fujitsu_eternus_dxl
651
652Multipath with Hitachi VSP 1000
653
654.. code-block:: yaml
655
656 parameters:
657 linux:
658 storage:
659 multipath:
660 enabled: true
661 blacklist_devices:
662 - /dev/sda
663 - /dev/sdb
664 backends:
665 - hitachi_vsp1000
666
667Multipath with IBM Storwize
668
669.. code-block:: yaml
670
671 parameters:
672 linux:
673 storage:
674 multipath:
675 enabled: true
676 blacklist_devices:
677 - /dev/sda
678 - /dev/sdb
679 backends:
680 - ibm_storwize
681
682Multipath with multiple backends
683
684.. code-block:: yaml
685
686 parameters:
687 linux:
688 storage:
689 multipath:
690 enabled: true
691 blacklist_devices:
692 - /dev/sda
693 - /dev/sdb
694 - /dev/sdc
695 - /dev/sdd
696 backends:
697 - ibm_storwize
698 - fujitsu_eternus_dxl
699 - hitachi_vsp1000
700
701Disabled multipath (the default setup)
702
703.. code-block:: yaml
704
705 parameters:
706 linux:
707 storage:
708 multipath:
709 enabled: false
710
Simon Pasquier375001e2017-01-26 13:22:33 +0100[diff] [blame]711Linux with local loopback device
712
713.. code-block:: yaml
714
715 linux:
716 storage:
717 loopback:
718 disk1:
719 file: /srv/disk1
720 size: 50G
721
Filip Pytlounb2c8f852016-11-21 17:03:43 +0100[diff] [blame]722External config generation
723--------------------------
724
725You are able to use config support metadata between formulas and only generate
726config files for external use, eg. docker, etc.
727
728.. code-block:: yaml
729
730 parameters:
731 linux:
732 system:
733 config:
734 pillar:
735 jenkins:
736 master:
737 home: /srv/volumes/jenkins
738 approved_scripts:
739 - method java.net.URL openConnection
740 credentials:
741 - type: username_password
742 scope: global
743 id: test
744 desc: Testing credentials
745 username: test
746 password: test
747
Ales Komareka634f4b2016-10-02 13:11:04 +0200[diff] [blame]748
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]749Usage
750=====
751
752Set mtu of network interface eth0 to 1400
753
754.. code-block:: bash
755
756 ip link set dev eth0 mtu 1400
757
758Read more
759=========
760
761* https://www.archlinux.org/
762* http://askubuntu.com/questions/175172/how-do-i-configure-proxies-in-ubuntu-server-or-minimal-cli-ubuntu