Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / salt / 00f187a90ed0c02b72e09bfa61231ec3d7efe5fc / . / README.rst
blob: b7e51544651b72a93ffac36614f064da54bc1263 [file] [log] [blame]
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]1
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]2=====
3Usage
4=====
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]5
Ales Komarek54740682017-05-15 07:16:23 +0200[diff] [blame]6Salt is a new approach to infrastructure management. Easy enough to get
7running in minutes, scalable enough to manage tens of thousands of servers,
8and fast enough to communicate with them in seconds.
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]9
Ales Komarek54740682017-05-15 07:16:23 +0200[diff] [blame]10Salt delivers a dynamic communication bus for infrastructures that can be used
11for orchestration, remote execution, configuration management and much more.
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]12
Ales Komarek54740682017-05-15 07:16:23 +0200[diff] [blame]13Sample Metadata
14===============
15
Ales Komarekd768f1c2018-01-30 22:37:18 +0100[diff] [blame]16Salt Master
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]17-----------
18
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]19Salt master with base formulas and pillar metadata back end:
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]20
Ales Komarek8ba9c0b2016-02-21 14:59:59 +0100[diff] [blame]21.. literalinclude:: tests/pillar/master_single_pillar.sls
22 :language: yaml
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]23
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]24Salt master with reclass ENC metadata back end:
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]25
Ales Komarek8ba9c0b2016-02-21 14:59:59 +0100[diff] [blame]26.. literalinclude:: tests/pillar/master_single_reclass.sls
27 :language: yaml
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]28
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]29Salt master with Architect ENC metadata back end:
Ales Komarek459407b2018-01-18 17:16:31 +0100[diff] [blame]30
31.. code-block:: yaml
32
33 salt:
34 master:
35 enabled: true
36 pillar:
37 engine: architect
38 project: project-name
39 host: architect-api
40 port: 8181
41 username: salt
42 password: password
43
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]44Salt master with multiple ``ext_pillars``:
Petr Michalec1f541c42017-08-17 13:30:37 +0200[diff] [blame]45
Dzmitry Stremkouski7b15d8a2018-08-11 22:02:45 +0200[diff] [blame]46.. code-block:: yaml
47
48 salt:
49 master:
50 enabled: true
51 pillar:
52 engine: salt
53 source:
54 engine: local
55 ext_pillars:
56 1:
57 module: cmd_json
58 params: '"echo {\"arg\": \"val\"}"'
59 2:
60 module: cmd_yaml
61 params: /usr/local/bin/get_yml.sh
Petr Michalec1f541c42017-08-17 13:30:37 +0200[diff] [blame]62
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]63Salt master with API:
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]64
Ales Komarekb2c8ff62016-08-22 00:20:01 +0200[diff] [blame]65.. literalinclude:: tests/pillar/master_api.sls
66 :language: yaml
Ales Komarekcdb280f2016-07-27 15:37:51 +0200[diff] [blame]67
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]68Salt master with defined user ACLs:
Ales Komarekcdb280f2016-07-27 15:37:51 +0200[diff] [blame]69
Ales Komarekb2c8ff62016-08-22 00:20:01 +0200[diff] [blame]70.. literalinclude:: tests/pillar/master_acl.sls
71 :language: yaml
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]72
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]73Salt master with preset minions:
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]74
75.. code-block:: yaml
76
77 salt:
78 master:
79 enabled: true
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]80 minions:
81 - name: 'node1.system.location.domain.com'
82
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]83Salt master with pip based installation (optional):
Adam Tenglercaedd972016-05-04 16:44:00 +0200[diff] [blame]84
85.. code-block:: yaml
86
87 salt:
88 master:
89 enabled: true
90 ...
91 source:
92 engine: pip
93 version: 2016.3.0rc2
94
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]95Install formula through system package management:
Adam Tengler3eb85ad2016-05-06 02:52:40 +0200[diff] [blame]96
97.. code-block:: yaml
98
99 salt:
100 master:
101 enabled: true
102 ...
103 environment:
104 prd:
Petr Michalec7a2f1d22017-05-17 22:08:32 +0200[diff] [blame]105 keystone:
Adam Tengler3eb85ad2016-05-06 02:52:40 +0200[diff] [blame]106 source: pkg
107 name: salt-formula-keystone
Petr Michalec7a2f1d22017-05-17 22:08:32 +0200[diff] [blame]108 nova:
109 source: pkg
110 name: salt-formula-keystone
111 version: 0.1+0~20160818133412.24~1.gbp6e1ebb
112 postresql:
113 source: pkg
114 name: salt-formula-postgresql
115 version: purged
116
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]117Formula keystone is installed latest version and the formulas
118without version are installed in one call to aptpkg module.
119If the version attribute is present sls iterates over formulas
120and take action to install specific version or remove it.
121The version attribute may have these values
122``[latest|purged|removed|<VERSION>]``.
Adam Tengler3eb85ad2016-05-06 02:52:40 +0200[diff] [blame]123
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]124Clone master branch of keystone formula as local feature branch:
Adam Tengler3eb85ad2016-05-06 02:52:40 +0200[diff] [blame]125
126.. code-block:: yaml
127
128 salt:
129 master:
130 enabled: true
131 ...
132 environment:
133 dev:
134 formula:
135 keystone:
136 source: git
137 address: git@github.com:openstack/salt-formula-keystone.git
138 revision: master
139 branch: feature
140
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]141Salt master with specified formula refs (for example, for Gerrit
142review):
Adam Tengler3eb85ad2016-05-06 02:52:40 +0200[diff] [blame]143
144.. code-block:: yaml
145
146 salt:
147 master:
148 enabled: true
149 ...
150 environment:
151 dev:
152 formula:
153 keystone:
154 source: git
155 address: https://git.openstack.org/openstack/salt-formula-keystone
156 revision: refs/changes/56/123456/1
157
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]158Salt master logging configuration:
Oleksii Chupryn7b7102a2018-05-11 10:32:11 +0300[diff] [blame]159
160.. code-block:: yaml
161
162 salt:
163 master:
164 enabled: true
165 log:
166 level: warning
167 file: '/var/log/salt/master'
168 level_logfile: warning
169
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]170Salt minion logging configuration:
Oleksii Chupryn7b7102a2018-05-11 10:32:11 +0300[diff] [blame]171
172.. code-block:: yaml
173
174 salt:
175 minion:
176 enabled: true
177 log:
178 level: info
179 file: '/var/log/salt/minion'
180 level_logfile: warning
181
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]182Salt master with logging handlers:
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]183
184.. code-block:: yaml
185
186 salt:
187 master:
188 enabled: true
Ales Komarek8ba9c0b2016-02-21 14:59:59 +0100[diff] [blame]189 handler:
190 handler01:
191 engine: udp
192 bind:
193 host: 127.0.0.1
194 port: 9999
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]195 minion:
Ales Komarek8ba9c0b2016-02-21 14:59:59 +0100[diff] [blame]196 handler:
197 handler01:
198 engine: udp
199 bind:
200 host: 127.0.0.1
201 port: 9999
202 handler02:
203 engine: zmq
204 bind:
205 host: 127.0.0.1
206 port: 9999
207
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]208Salt engine definition for saltgraph metadata collector:
Ales Komareka9fc6e72017-09-06 15:02:40 +0200[diff] [blame]209
210.. code-block:: yaml
211
212 salt:
213 master:
214 engine:
215 graph_metadata:
216 engine: saltgraph
217 host: 127.0.0.1
218 port: 5432
219 user: salt
220 password: salt
221 database: salt
222
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]223Salt engine definition for Architect service:
Ales Komarek459407b2018-01-18 17:16:31 +0100[diff] [blame]224
225.. code-block:: yaml
226
227 salt:
228 master:
229 engine:
230 architect:
231 engine: architect
232 project: project-name
233 host: architect-api
234 port: 8181
235 username: salt
236 password: password
237
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]238Salt engine definition for sending events from docker events:
Ales Komareka9fc6e72017-09-06 15:02:40 +0200[diff] [blame]239
240.. code-block:: yaml
241
242 salt:
243 master:
244 engine:
245 docker_events:
246 docker_url: unix://var/run/docker.sock
247
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]248Salt master peer setup for remote certificate signing:
Jakub Pavlikd4859842016-05-23 10:48:04 +0200[diff] [blame]249
250.. code-block:: yaml
251
252 salt:
253 master:
254 peer:
255 ".*":
256 - x509.sign_remote_certificate
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]257
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]258Salt master backup configuration:
Ales Komarekb2ada522017-12-07 11:31:32 +0100[diff] [blame]259
260.. code-block:: yaml
261
262 salt:
263 master:
264 backup: true
265 initial_data:
266 engine: backupninja
Jiri Broulik3e281642018-03-02 18:17:21 +0100[diff] [blame]267 home_dir: remote-backup-home-dir
Ales Komarekb2ada522017-12-07 11:31:32 +0100[diff] [blame]268 source: backup-node-host
269 host: original-salt-master-id
270
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]271Configure verbosity of state output (used for :command:`salt`
272command):
Tomáš Kukrál8922aef2017-05-10 10:27:04 +0200[diff] [blame]273
274.. code-block:: yaml
275
276 salt:
277 master:
Tomáš Kukrál044667b2017-05-11 10:12:15 +0200[diff] [blame]278 state_output: changes
Tomáš Kukrál8922aef2017-05-10 10:27:04 +0200[diff] [blame]279
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]280Pass pillar render error to minion log:
Ales Komarekd768f1c2018-01-30 22:37:18 +0100[diff] [blame]281
282.. note:: When set to `False` this option is great for debuging.
283 However it is not recomended for any production environment as it may contain
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]284 templating data as passwords, and so on, that minion should not expose.
Ales Komarekd768f1c2018-01-30 22:37:18 +0100[diff] [blame]285
286.. code-block:: yaml
287
288 salt:
289 master:
290 pillar_safe_render_error: False
291
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]292Enable Windows repository support:
Ales Komarekf44e64c2018-05-29 10:22:31 +0200[diff] [blame]293
294.. code-block:: yaml
295
296 salt:
297 master:
298 win_repo:
299 source: git
300 address: https://github.com/saltstack/salt-winrepo-ng
301 revision: master
302
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]303Event/Reactor systems
Ales Komarekd768f1c2018-01-30 22:37:18 +0100[diff] [blame]304~~~~~~~~~~~~~~~~~~~~~
Petr Michalec1f541c42017-08-17 13:30:37 +0200[diff] [blame]305
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]306Salt to synchronize node pillar and modules after start:
Ales Komarek54740682017-05-15 07:16:23 +0200[diff] [blame]307
308.. code-block:: yaml
309
310 salt:
311 master:
312 reactor:
313 salt/minion/*/start:
Ales Komareke7844d12017-06-08 12:00:01 +0200[diff] [blame]314 - salt://salt/reactor/node_start.sls
Ales Komarek54740682017-05-15 07:16:23 +0200[diff] [blame]315
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]316Trigger basic node install:
Ales Komareke7844d12017-06-08 12:00:01 +0200[diff] [blame]317
318.. code-block:: yaml
319
320 salt:
321 master:
322 reactor:
323 salt/minion/install:
324 - salt://salt/reactor/node_install.sls
325
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]326Sample event to trigger the node installation:
Ales Komareke7844d12017-06-08 12:00:01 +0200[diff] [blame]327
328.. code-block:: bash
329
330 salt-call event.send 'salt/minion/install'
331
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]332Run any defined orchestration pipeline:
Ales Komarek5c58de32017-06-06 11:49:32 +0200[diff] [blame]333
334.. code-block:: yaml
335
336 salt:
337 master:
338 reactor:
339 salt/orchestrate/start:
340 - salt://salt/reactor/orchestrate_start.sls
341
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]342Event to trigger the orchestration pipeline:
Ales Komarek5c58de32017-06-06 11:49:32 +0200[diff] [blame]343
344.. code-block:: bash
345
Ales Komareke7844d12017-06-08 12:00:01 +0200[diff] [blame]346 salt-call event.send 'salt/orchestrate/start' "{'orchestrate': 'salt/orchestrate/infra_install.sls'}"
Ales Komarek5c58de32017-06-06 11:49:32 +0200[diff] [blame]347
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]348Synchronise modules and pillars on minion start:
Ales Komarek3ed7c432017-08-24 16:15:49 +0200[diff] [blame]349
350.. code-block:: yaml
351
352 salt:
353 master:
354 reactor:
355 'salt/minion/*/start':
356 - salt://salt/reactor/minion_start.sls
357
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]358Add and/or remove the minion key:
Ales Komarek5c58de32017-06-06 11:49:32 +0200[diff] [blame]359
360.. code-block:: yaml
361
362 salt:
363 master:
364 reactor:
Ales Komarek213fbe02017-08-21 16:39:05 +0200[diff] [blame]365 salt/key/create:
366 - salt://salt/reactor/key_create.sls
367 salt/key/remove:
368 - salt://salt/reactor/key_remove.sls
Ales Komarek5c58de32017-06-06 11:49:32 +0200[diff] [blame]369
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]370Event to trigger the key creation:
Ales Komarek5c58de32017-06-06 11:49:32 +0200[diff] [blame]371
372.. code-block:: bash
373
Adam Tengler62188962017-09-04 13:34:44 +0000[diff] [blame]374 salt-call event.send 'salt/key/create' \
375 > "{'node_id': 'id-of-minion', 'node_host': '172.16.10.100', 'orch_post_create': 'kubernetes.orchestrate.compute_install', 'post_create_pillar': {'node_name': 'id-of-minion'}}"
Ales Komarek5c58de32017-06-06 11:49:32 +0200[diff] [blame]376
Ales Komarek213fbe02017-08-21 16:39:05 +0200[diff] [blame]377.. note::
378
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]379 You can add pass additional ``orch_pre_create``, ``orch_post_create``,
380 ``orch_pre_remove`` or ``orch_post_remove`` parameters to the event
381 to call extra orchestrate files. This can be useful for example for
Ales Komarek213fbe02017-08-21 16:39:05 +0200[diff] [blame]382 registering/unregistering nodes from the monitoring alarms or dashboards.
383
384 The key creation event needs to be run from other machine than the one
385 being registered.
386
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]387Event to trigger the key removal:
Ales Komarek213fbe02017-08-21 16:39:05 +0200[diff] [blame]388
389.. code-block:: bash
390
391 salt-call event.send 'salt/key/remove'
Ales Komarek54740682017-05-15 07:16:23 +0200[diff] [blame]392
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]393Control VM provisioning:
Dzmitry Stremkouski7ee23402018-04-10 00:43:48 +0200[diff] [blame]394
395.. code-block:: yaml
396
Dzmitry Stremkouski97927ee2018-08-23 23:20:38 +0200[diff] [blame]397 _param:
398 private-ipv4: &private-ipv4
399 - id: private-ipv4
400 type: ipv4
401 link: ens2
402 netmask: 255.255.255.0
403 routes:
404 - gateway: 192.168.0.1
405 netmask: 0.0.0.0
406 network: 0.0.0.0
Dzmitry Stremkouski7ee23402018-04-10 00:43:48 +0200[diff] [blame]407 virt:
408 disk:
409 three_disks:
410 - system:
411 size: 4096
412 image: ubuntu.qcow
413 - repository_snapshot:
414 size: 8192
415 image: snapshot.qcow
416 - cinder-volume:
417 size: 2048
Ondrej Smolae6bcb292018-04-13 10:56:39 +0200[diff] [blame]418 nic:
419 control:
420 - name: nic01
421 bridge: br-pxe
422 model: virtio
423 - name: nic02
424 bridge: br-cp
425 model: virtio
426 - name: nic03
427 bridge: br-store-front
428 model: virtio
429 - name: nic04
430 bridge: br-public
431 model: virtio
Dzmitry Stremkouskib8acf1f2018-06-28 12:56:23 +0200[diff] [blame]432 - name: nic05
433 bridge: br-prv
434 model: virtio
435 virtualport:
436 type: openvswitch
Ondrej Smolae6bcb292018-04-13 10:56:39 +0200[diff] [blame]437
Dzmitry Stremkouski7ee23402018-04-10 00:43:48 +0200[diff] [blame]438 salt:
439 control:
440 enabled: true
441 virt_enabled: true
442 size:
443 medium_three_disks:
444 cpu: 2
445 ram: 4
446 disk_profile: three_disks
447 cluster:
448 mycluster:
449 domain: neco.virt.domain.com
450 engine: virt
Ondrej Smolac7f6cfc2018-05-21 15:55:08 +0200[diff] [blame]451 #Option to set rng globaly
452 rng: false
Dzmitry Stremkouski97927ee2018-08-23 23:20:38 +0200[diff] [blame]453 cloud_init:
454 user_data:
455 disable_ec2_metadata: true
456 resize_rootfs: True
457 timezone: UTC
458 ssh_deletekeys: True
459 ssh_genkeytypes: ['rsa', 'dsa', 'ecdsa']
460 ssh_svcname: ssh
461 locale: en_US.UTF-8
462 disable_root: true
463 apt_preserve_sources_list: false
464 apt:
465 sources_list: ""
466 sources:
467 ubuntu.list:
468 source: ${linux:system:repo:ubuntu:source}
469 mcp_saltstack.list:
470 source: ${linux:system:repo:mcp_saltstack:source}
Dzmitry Stremkouski7ee23402018-04-10 00:43:48 +0200[diff] [blame]471 node:
472 ubuntu1:
473 provider: node01.domain.com
474 image: ubuntu.qcow
475 size: medium
476 img_dest: /var/lib/libvirt/ssdimages
Ondrej Smolac7f6cfc2018-05-21 15:55:08 +0200[diff] [blame]477 #Rng defined on node will have higher priority then global one
Dzmitry Stremkouski7ee23402018-04-10 00:43:48 +0200[diff] [blame]478 rng:
479 backend: /dev/urandom
480 model: random
481 rate:
482 period: '1800'
483 bytes: '1500'
Alexandru Avadanii00f187a2018-06-24 20:36:44 +0200[diff] [blame^]484 # Custom per-node loader definition (e.g. for AArch64 UEFI)
485 loader:
486 readonly: yes
487 type: pflash
488 path: /usr/share/AAVMF/AAVMF_CODE.fd
489 machine: virt-2.11 # Custom per-node virt machine type
490 cpu_mode: host-passthrough
Ondrej Smolae6bcb292018-04-13 10:56:39 +0200[diff] [blame]491 mac:
492 nic01: AC:DE:48:AA:AA:AA
493 nic02: AC:DE:48:AA:AA:BB
Dzmitry Stremkouski97927ee2018-08-23 23:20:38 +0200[diff] [blame]494 # netconfig affects: hostname during boot
495 # manual interfaces configuration
496 cloud_init:
497 network_data:
498 networks:
499 - <<: *private-ipv4
500 ip_address: 192.168.0.161
Ondrej Smolae6bcb292018-04-13 10:56:39 +0200[diff] [blame]501
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]502To enable Redis plugin for the Salt caching subsystem, use the
503below pillar structure:
Oleh Hryhorovca6b9172018-06-21 14:21:35 +0000[diff] [blame]504
505.. code-block:: yaml
506
507 salt:
508 master:
509 cache:
510 plugin: redis
511 host: localhost
512 port: 6379
513 db: '0'
514 password: pass_word
515 bank_prefix: 'MCP'
516 bank_keys_prefix: 'MCPKEY'
517 key_prefix: 'KEY'
518 separator: '@'
Ondrej Smolae6bcb292018-04-13 10:56:39 +0200[diff] [blame]519
Petr Michalecdf75d682018-02-07 13:43:53 +0100[diff] [blame]520Jinja options
521-------------
522
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]523Use the following options to update default Jinja renderer options.
524Salt recognize Jinja options for templates and for the ``sls`` files.
Petr Michalecdf75d682018-02-07 13:43:53 +0100[diff] [blame]525
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]526For full list of options, see Jinja documentation:
527http://jinja.pocoo.org/docs/api/#high-level-api
Petr Michalecdf75d682018-02-07 13:43:53 +0100[diff] [blame]528
529.. code-block:: yaml
530
Petr Michalecdf75d682018-02-07 13:43:53 +0100[diff] [blame]531 salt:
532 renderer:
533 # for templates
534 jinja: &jina_env
535 # Default Jinja environment options
536 block_start_string: '{%'
537 block_end_string: '%}'
538 variable_start_string: '{{'
539 variable_end_string: '}}'
540 comment_start_string: '{#'
541 comment_end_string: '#}'
542 keep_trailing_newline: False
543 newline_sequence: '\n'
544
545 # Next two are enabled by default in Salt
546 trim_blocks: True
547 lstrip_blocks: True
548
549 # Next two are not enabled by default in Salt
550 # but worth to consider to enable in future for salt-formulas
551 line_statement_prefix: '%'
552 line_comment_prefix: '##'
553
554 # for .sls state files
555 jinja_sls: *jinja_env
556
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]557With the ``line_statement/comment* _prefix`` options enabled following
558code statements are valid:
Petr Michalecdf75d682018-02-07 13:43:53 +0100[diff] [blame]559
560.. code-block:: yaml
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]561
Petr Michalecdf75d682018-02-07 13:43:53 +0100[diff] [blame]562 %- set myvar = 'one'
563
564 ## You can mix even with '{%'
565 {%- set myvar = 'two' %} ## comment
566 %- set mylist = ['one', 'two', 'three'] ## comment
567
568 ## comment
569 %- for item in mylist: ## comment
570 {{- item }}
571 %- endfor
572
Petr Michalecdf75d682018-02-07 13:43:53 +0100[diff] [blame]573Encrypted pillars
Ales Komarekd768f1c2018-01-30 22:37:18 +0100[diff] [blame]574~~~~~~~~~~~~~~~~~
Petr Michalec1f541c42017-08-17 13:30:37 +0200[diff] [blame]575
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]576.. note:: NACL and the below configuration will be available in Salt > 2017.7.
Petr Michalec1f541c42017-08-17 13:30:37 +0200[diff] [blame]577
578External resources:
579
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]580- Tutorial to configure the Salt and Reclass ``ext_pillar`` and NACL:
581 http://apealive.net/post/2017-09-salt-nacl-ext-pillar/
582- SaltStack documentation:
583 https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.nacl.html
Petr Michalec1f541c42017-08-17 13:30:37 +0200[diff] [blame]584
585Configure salt NACL module:
586
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]587.. code-block:: bash
Petr Michalec1f541c42017-08-17 13:30:37 +0200[diff] [blame]588
589 pip install --upgrade libnacl===1.5.2
590 salt-call --local nacl.keygen /etc/salt/pki/master/nacl
591
592 local:
593 saved sk_file:/etc/salt/pki/master/nacl pk_file: /etc/salt/pki/master/nacl.pub
594
Petr Michalec1f541c42017-08-17 13:30:37 +0200[diff] [blame]595.. code-block:: yaml
596
597 salt:
598 master:
599 pillar:
600 reclass: *reclass
601 nacl:
602 index: 99
603 nacl:
604 box_type: sealedbox
605 sk_file: /etc/salt/pki/master/nacl
606 pk_file: /etc/salt/pki/master/nacl.pub
607 #sk: None
608 #pk: None
609
610NACL encrypt secrets:
611
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]612.. code-block:: bash
613
Petr Michalec1f541c42017-08-17 13:30:37 +0200[diff] [blame]614 salt-call --local nacl.enc 'my_secret_value' pk_file=/etc/salt/pki/master/nacl.pub
615 hXTkJpC1hcKMS7yZVGESutWrkvzusXfETXkacSklIxYjfWDlMJmR37MlmthdIgjXpg4f2AlBKb8tc9Woma7q
616 # or
617 salt-run nacl.enc 'myotherpass'
618 ADDFD0Rav6p6+63sojl7Htfrncp5rrDVyeE4BSPO7ipq8fZuLDIVAzQLf4PCbDqi+Fau5KD3/J/E+Pw=
619
Petr Michalec1f541c42017-08-17 13:30:37 +0200[diff] [blame]620NACL encrypted values on pillar:
621
622Use Boxed syntax `NACL[CryptedValue=]` to encode value on pillar:
623
624.. code-block:: yaml
625
626 my_pillar:
627 my_nacl:
628 key0: unencrypted_value
629 key1: NACL[hXTkJpC1hcKMS7yZVGESutWrkvzusXfETXkacSklIxYjfWDlMJmR37MlmthdIgjXpg4f2AlBKb8tc9Woma7q]
630
631NACL large files:
632
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]633.. code-block:: bash
634
Petr Michalec1f541c42017-08-17 13:30:37 +0200[diff] [blame]635 salt-call nacl.enc_file /tmp/cert.crt out=/srv/salt/env/dev/cert.nacl
636 # or more advanced
637 cert=$(cat /tmp/cert.crt)
638 salt-call --out=newline_values_only nacl.enc_pub data="$cert" > /srv/salt/env/dev/cert.nacl
639
Petr Michalec1f541c42017-08-17 13:30:37 +0200[diff] [blame]640NACL within template/native pillars:
641
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]642.. code-block:: yaml
643
Petr Michalec1f541c42017-08-17 13:30:37 +0200[diff] [blame]644 pillarexample:
645 user: root
646 password1: {{salt.nacl.dec('DRB7Q6/X5gGSRCTpZyxS6hlbWj0llUA+uaVyvou3vJ4=')|json}}
647 cert_key: {{salt.nacl.dec_file('/srv/salt/env/dev/certs/example.com/cert.nacl')|json}}
648 cert_key2: {{salt.nacl.dec_file('salt:///certs/example.com/cert2.nacl')|json}}
649
Ales Komarekd768f1c2018-01-30 22:37:18 +0100[diff] [blame]650Salt Syndic
Ales Komarek54740682017-05-15 07:16:23 +0200[diff] [blame]651-----------
652
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]653The master of masters:
Ales Komarek54740682017-05-15 07:16:23 +0200[diff] [blame]654
655.. code-block:: yaml
656
657 salt:
658 master:
659 enabled: true
660 order_masters: True
661
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]662Lower syndicated master:
Ales Komarek54740682017-05-15 07:16:23 +0200[diff] [blame]663
664.. code-block:: yaml
665
666 salt:
667 syndic:
668 enabled: true
669 master:
670 host: master-of-master-host
671 timeout: 5
672
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]673Syndicated master with multiple master of masters:
Ales Komarek54740682017-05-15 07:16:23 +0200[diff] [blame]674
675.. code-block:: yaml
676
677 salt:
678 syndic:
679 enabled: true
680 masters:
681 - host: master-of-master-host1
682 - host: master-of-master-host2
683 timeout: 5
684
Ales Komarekd768f1c2018-01-30 22:37:18 +0100[diff] [blame]685Salt Minion
686-----------
687
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]688Minion ID by default triggers dependency on Linux formula, as it uses fqdn
689configured from `linux.system.name` and `linux.system.domain` pillar.
690To override, provide exact minion ID you require. The same can be set for
691master ID rendered at ``master.conf``.
Petr Michaleccfd93e12018-06-26 18:11:44 +0200[diff] [blame]692
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]693 .. code-block:: yaml
Petr Michaleccfd93e12018-06-26 18:11:44 +0200[diff] [blame]694
695 salt:
696 minion:
697 id: minion1.production
698 master:
699 id: master.production
700
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]701Simplest Salt minion setup with central configuration node:
Ales Komarekd768f1c2018-01-30 22:37:18 +0100[diff] [blame]702
703.. literalinclude:: tests/pillar/minion_master.sls
704 :language: yaml
705
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]706Multi-master Salt minion setup:
Ales Komarekd768f1c2018-01-30 22:37:18 +0100[diff] [blame]707
708.. literalinclude:: tests/pillar/minion_multi_master.sls
709 :language: yaml
710
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]711Salt minion with salt mine options:
Ales Komarekd768f1c2018-01-30 22:37:18 +0100[diff] [blame]712
713.. literalinclude:: tests/pillar/minion_mine.sls
714 :language: yaml
715
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]716Salt minion with graphing dependencies:
Ales Komarekd768f1c2018-01-30 22:37:18 +0100[diff] [blame]717
718.. literalinclude:: tests/pillar/minion_graph.sls
719 :language: yaml
720
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]721Salt minion behind HTTP proxy:
Ales Komarekd768f1c2018-01-30 22:37:18 +0100[diff] [blame]722
723.. code-block:: yaml
724
725 salt:
726 minion:
727 proxy:
728 host: 127.0.0.1
729 port: 3128
730
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]731Salt minion to specify non-default HTTP backend. The default
732tornado backend does not respect HTTP proxy settings set as
733environment variables. This is useful for cases where you need
734to set no_proxy lists.
Ales Komarekd768f1c2018-01-30 22:37:18 +0100[diff] [blame]735
736.. code-block:: yaml
737
738 salt:
739 minion:
740 backend: urllib2
741
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]742Salt minion with PKI certificate authority (CA):
Ales Komarekd768f1c2018-01-30 22:37:18 +0100[diff] [blame]743
744.. literalinclude:: tests/pillar/minion_pki_ca.sls
745 :language: yaml
746
747Salt minion using PKI certificate
748
749.. literalinclude:: tests/pillar/minion_pki_cert.sls
750 :language: yaml
751
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]752Salt minion trust CA certificates issued by salt CA on a
753specific host (ie: salt-master node):
Ales Komarekd768f1c2018-01-30 22:37:18 +0100[diff] [blame]754
755.. code-block:: yaml
756
757 salt:
758 minion:
759 trusted_ca_minions:
760 - cfg01
761
Ales Komarekd768f1c2018-01-30 22:37:18 +0100[diff] [blame]762Salt Minion Proxy
763~~~~~~~~~~~~~~~~~
Jiri Broulika0f46682017-04-20 22:45:01 +0200[diff] [blame]764
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]765Salt proxy pillar:
Jiri Broulika0f46682017-04-20 22:45:01 +0200[diff] [blame]766
767.. code-block:: yaml
768
769 salt:
770 minion:
Jiri Broulik88275242017-05-24 17:21:17 +0200[diff] [blame]771 proxy_minion:
Jiri Broulika0f46682017-04-20 22:45:01 +0200[diff] [blame]772 master: localhost
773 device:
774 vsrx01.mydomain.local:
775 enabled: true
776 engine: napalm
777 csr1000v.mydomain.local:
778 enabled: true
779 engine: napalm
780
781.. note:: This is pillar of the the real salt-minion
782
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]783Proxy pillar for IOS device:
Jiri Broulika0f46682017-04-20 22:45:01 +0200[diff] [blame]784
785.. code-block:: yaml
786
787 proxy:
788 proxytype: napalm
789 driver: ios
790 host: csr1000v.mydomain.local
791 username: root
792 passwd: r00tme
793
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]794.. note:: This is pillar of the node thats not able to run
795 salt-minion itself.
Jiri Broulika0f46682017-04-20 22:45:01 +0200[diff] [blame]796
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]797Proxy pillar for JunOS device:
Jiri Broulika0f46682017-04-20 22:45:01 +0200[diff] [blame]798
799.. code-block:: yaml
800
801 proxy:
802 proxytype: napalm
803 driver: junos
804 host: vsrx01.mydomain.local
805 username: root
806 passwd: r00tme
807 optional_args:
808 config_format: set
809
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]810.. note:: This pillar applies to the node that can not run
811 salt-minion itself.
Ales Komarek8fb1da82016-08-21 23:52:03 +0200[diff] [blame]812
813Salt SSH
Ales Komarekd768f1c2018-01-30 22:37:18 +0100[diff] [blame]814~~~~~~~~
Ales Komarek8fb1da82016-08-21 23:52:03 +0200[diff] [blame]815
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]816Salt SSH with sudoer using key:
Ales Komarek8fb1da82016-08-21 23:52:03 +0200[diff] [blame]817
818.. literalinclude:: tests/pillar/master_ssh_minion_key.sls
819 :language: yaml
820
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]821Salt SSH with sudoer using password:
Ales Komarek8fb1da82016-08-21 23:52:03 +0200[diff] [blame]822
823.. literalinclude:: tests/pillar/master_ssh_minion_password.sls
824 :language: yaml
825
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]826Salt SSH with root using password:
Ales Komarek8fb1da82016-08-21 23:52:03 +0200[diff] [blame]827
828.. literalinclude:: tests/pillar/master_ssh_minion_root.sls
829 :language: yaml
830
Ales Komarek8ba9c0b2016-02-21 14:59:59 +0100[diff] [blame]831Salt control (cloud/kvm/docker)
832-------------------------------
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]833
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]834Salt cloud with local OpenStack provider:
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]835
Ales Komarek8ba9c0b2016-02-21 14:59:59 +0100[diff] [blame]836.. literalinclude:: tests/pillar/control_cloud_openstack.sls
837 :language: yaml
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]838
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]839Salt cloud with Digital Ocean provider:
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]840
Ales Komarek8ba9c0b2016-02-21 14:59:59 +0100[diff] [blame]841.. literalinclude:: tests/pillar/control_cloud_digitalocean.sls
842 :language: yaml
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]843
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]844Salt virt with KVM cluster:
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]845
Ales Komarek8ba9c0b2016-02-21 14:59:59 +0100[diff] [blame]846.. literalinclude:: tests/pillar/control_virt.sls
847 :language: yaml
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]848
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]849Salt virt with custom destination for image file:
Mateusz Los4c7cd2d2018-01-09 11:46:07 +0100[diff] [blame]850
851.. literalinclude:: tests/pillar/control_virt_custom.sls
852 :language: yaml
853
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]854Usage
855=====
856
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]857Working with salt-cloud:
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]858
859.. code-block:: bash
860
861 salt-cloud -m /path/to/map --assume-yes
862
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]863Debug LIBCLOUD for salt-cloud connection:
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]864
865.. code-block:: bash
866
867 export LIBCLOUD_DEBUG=/dev/stderr; salt-cloud --list-sizes provider_name --log-level all
868
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]869Read more
870=========
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]871
872* http://salt.readthedocs.org/en/latest/
873* https://github.com/DanielBryan/salt-state-graph
874* http://karlgrz.com/testing-salt-states-rapidly-with-docker/
875* https://mywushublog.com/2013/03/configuration-management-with-salt-stack/
876* http://russell.ballestrini.net/replace-the-nagios-scheduler-and-nrpe-with-salt-stack/
877* https://github.com/saltstack-formulas/salt-formula
878* http://docs.saltstack.com/en/latest/topics/tutorials/multimaster.html
879
880salt-cloud
881----------
882
883* http://www.blog.sandro-mathys.ch/2013/07/setting-user-password-when-launching.html
884* http://cloudinit.readthedocs.org/en/latest/topics/examples.html
885* http://salt-cloud.readthedocs.org/en/latest/topics/install/index.html
886* http://docs.saltstack.com/topics/cloud/digitalocean.html
887* http://salt-cloud.readthedocs.org/en/latest/topics/rackspace.html
888* http://salt-cloud.readthedocs.org/en/latest/topics/map.html
889* http://docs.saltstack.com/en/latest/topics/tutorials/multimaster.html
Ales Komarek8ba9c0b2016-02-21 14:59:59 +0100[diff] [blame]890
Filip Pytloun954dbd62017-02-02 13:02:03 +0100[diff] [blame]891Documentation and Bugs
892======================
893
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]894* http://salt-formulas.readthedocs.io/
895 Learn how to install and update salt-formulas
Filip Pytloun954dbd62017-02-02 13:02:03 +0100[diff] [blame]896
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]897* https://github.com/salt-formulas/salt-formula-salt/issues
898 In the unfortunate event that bugs are discovered, report the issue to the
899 appropriate issue tracker. Use the Github issue tracker for a specific salt
900 formula
Filip Pytloun954dbd62017-02-02 13:02:03 +0100[diff] [blame]901
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]902* https://launchpad.net/salt-formulas
903 For feature requests, bug reports, or blueprints affecting the entire
904 ecosystem, use the Launchpad salt-formulas project
Filip Pytloun954dbd62017-02-02 13:02:03 +0100[diff] [blame]905
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]906* https://launchpad.net/~salt-formulas-users
907 Join the salt-formulas-users team and subscribe to mailing list if required
Filip Pytloun954dbd62017-02-02 13:02:03 +0100[diff] [blame]908
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]909* https://github.com/salt-formulas/salt-formula-salt
910 Develop the salt-formulas projects in the master branch and then submit pull
911 requests against a specific formula
Filip Pytloun954dbd62017-02-02 13:02:03 +0100[diff] [blame]912
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]913* #salt-formulas @ irc.freenode.net
914 Use this IRC channel in case of any questions or feedback which is always
915 welcome
Filip Pytloun954dbd62017-02-02 13:02:03 +0100[diff] [blame]916