Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / salt / 6b67f5fb419127fe6e59481f20f17f604e2d13f2 / . / README.rst
blob: 5cfa7aefa5a277ff375c73b7feb44ea9c8697a09 [file] [log] [blame]
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]1
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]2=====
3Usage
4=====
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]5
Ales Komarek54740682017-05-15 07:16:23 +0200[diff] [blame]6Salt is a new approach to infrastructure management. Easy enough to get
7running in minutes, scalable enough to manage tens of thousands of servers,
8and fast enough to communicate with them in seconds.
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]9
Ales Komarek54740682017-05-15 07:16:23 +0200[diff] [blame]10Salt delivers a dynamic communication bus for infrastructures that can be used
11for orchestration, remote execution, configuration management and much more.
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]12
Ales Komarek54740682017-05-15 07:16:23 +0200[diff] [blame]13Sample Metadata
14===============
15
Ales Komarekd768f1c2018-01-30 22:37:18 +0100[diff] [blame]16Salt Master
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]17-----------
18
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]19Salt master with base formulas and pillar metadata back end:
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]20
Ales Komarek8ba9c0b2016-02-21 14:59:59 +0100[diff] [blame]21.. literalinclude:: tests/pillar/master_single_pillar.sls
22 :language: yaml
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]23
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]24Salt master with reclass ENC metadata back end:
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]25
Ales Komarek8ba9c0b2016-02-21 14:59:59 +0100[diff] [blame]26.. literalinclude:: tests/pillar/master_single_reclass.sls
27 :language: yaml
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]28
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]29Salt master with Architect ENC metadata back end:
Ales Komarek459407b2018-01-18 17:16:31 +0100[diff] [blame]30
31.. code-block:: yaml
32
33 salt:
34 master:
35 enabled: true
36 pillar:
37 engine: architect
38 project: project-name
39 host: architect-api
40 port: 8181
41 username: salt
42 password: password
43
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]44Salt master with multiple ``ext_pillars``:
Petr Michalec1f541c42017-08-17 13:30:37 +0200[diff] [blame]45
Dzmitry Stremkouski7b15d8a2018-08-11 22:02:45 +0200[diff] [blame]46.. code-block:: yaml
47
48 salt:
49 master:
50 enabled: true
51 pillar:
52 engine: salt
53 source:
54 engine: local
55 ext_pillars:
56 1:
57 module: cmd_json
58 params: '"echo {\"arg\": \"val\"}"'
59 2:
60 module: cmd_yaml
61 params: /usr/local/bin/get_yml.sh
Petr Michalec1f541c42017-08-17 13:30:37 +0200[diff] [blame]62
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]63Salt master with API:
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]64
Ales Komarekb2c8ff62016-08-22 00:20:01 +0200[diff] [blame]65.. literalinclude:: tests/pillar/master_api.sls
66 :language: yaml
Ales Komarekcdb280f2016-07-27 15:37:51 +0200[diff] [blame]67
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]68Salt master with defined user ACLs:
Ales Komarekcdb280f2016-07-27 15:37:51 +0200[diff] [blame]69
Ales Komarekb2c8ff62016-08-22 00:20:01 +0200[diff] [blame]70.. literalinclude:: tests/pillar/master_acl.sls
71 :language: yaml
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]72
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]73Salt master with preset minions:
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]74
75.. code-block:: yaml
76
77 salt:
78 master:
79 enabled: true
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]80 minions:
81 - name: 'node1.system.location.domain.com'
82
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]83Salt master with pip based installation (optional):
Adam Tenglercaedd972016-05-04 16:44:00 +0200[diff] [blame]84
85.. code-block:: yaml
86
87 salt:
88 master:
89 enabled: true
90 ...
91 source:
92 engine: pip
93 version: 2016.3.0rc2
94
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]95Install formula through system package management:
Adam Tengler3eb85ad2016-05-06 02:52:40 +0200[diff] [blame]96
97.. code-block:: yaml
98
99 salt:
100 master:
101 enabled: true
102 ...
103 environment:
104 prd:
Petr Michalec7a2f1d22017-05-17 22:08:32 +0200[diff] [blame]105 keystone:
Adam Tengler3eb85ad2016-05-06 02:52:40 +0200[diff] [blame]106 source: pkg
107 name: salt-formula-keystone
Petr Michalec7a2f1d22017-05-17 22:08:32 +0200[diff] [blame]108 nova:
109 source: pkg
110 name: salt-formula-keystone
111 version: 0.1+0~20160818133412.24~1.gbp6e1ebb
112 postresql:
113 source: pkg
114 name: salt-formula-postgresql
115 version: purged
116
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]117Formula keystone is installed latest version and the formulas
118without version are installed in one call to aptpkg module.
119If the version attribute is present sls iterates over formulas
120and take action to install specific version or remove it.
121The version attribute may have these values
122``[latest|purged|removed|<VERSION>]``.
Adam Tengler3eb85ad2016-05-06 02:52:40 +0200[diff] [blame]123
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]124Clone master branch of keystone formula as local feature branch:
Adam Tengler3eb85ad2016-05-06 02:52:40 +0200[diff] [blame]125
126.. code-block:: yaml
127
128 salt:
129 master:
130 enabled: true
131 ...
132 environment:
133 dev:
134 formula:
135 keystone:
136 source: git
137 address: git@github.com:openstack/salt-formula-keystone.git
138 revision: master
139 branch: feature
140
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]141Salt master with specified formula refs (for example, for Gerrit
142review):
Adam Tengler3eb85ad2016-05-06 02:52:40 +0200[diff] [blame]143
144.. code-block:: yaml
145
146 salt:
147 master:
148 enabled: true
149 ...
150 environment:
151 dev:
152 formula:
153 keystone:
154 source: git
155 address: https://git.openstack.org/openstack/salt-formula-keystone
156 revision: refs/changes/56/123456/1
157
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]158Salt master logging configuration:
Oleksii Chupryn7b7102a2018-05-11 10:32:11 +0300[diff] [blame]159
160.. code-block:: yaml
161
162 salt:
163 master:
164 enabled: true
165 log:
166 level: warning
167 file: '/var/log/salt/master'
168 level_logfile: warning
169
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]170Salt minion logging configuration:
Oleksii Chupryn7b7102a2018-05-11 10:32:11 +0300[diff] [blame]171
172.. code-block:: yaml
173
174 salt:
175 minion:
176 enabled: true
177 log:
178 level: info
179 file: '/var/log/salt/minion'
180 level_logfile: warning
181
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]182Salt master with logging handlers:
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]183
184.. code-block:: yaml
185
186 salt:
187 master:
188 enabled: true
Ales Komarek8ba9c0b2016-02-21 14:59:59 +0100[diff] [blame]189 handler:
190 handler01:
191 engine: udp
192 bind:
193 host: 127.0.0.1
194 port: 9999
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]195 minion:
Ales Komarek8ba9c0b2016-02-21 14:59:59 +0100[diff] [blame]196 handler:
197 handler01:
198 engine: udp
199 bind:
200 host: 127.0.0.1
201 port: 9999
202 handler02:
203 engine: zmq
204 bind:
205 host: 127.0.0.1
206 port: 9999
207
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]208Salt engine definition for saltgraph metadata collector:
Ales Komareka9fc6e72017-09-06 15:02:40 +0200[diff] [blame]209
210.. code-block:: yaml
211
212 salt:
213 master:
214 engine:
215 graph_metadata:
216 engine: saltgraph
217 host: 127.0.0.1
218 port: 5432
219 user: salt
220 password: salt
221 database: salt
222
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]223Salt engine definition for Architect service:
Ales Komarek459407b2018-01-18 17:16:31 +0100[diff] [blame]224
225.. code-block:: yaml
226
227 salt:
228 master:
229 engine:
230 architect:
231 engine: architect
232 project: project-name
233 host: architect-api
234 port: 8181
235 username: salt
236 password: password
237
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]238Salt engine definition for sending events from docker events:
Ales Komareka9fc6e72017-09-06 15:02:40 +0200[diff] [blame]239
240.. code-block:: yaml
241
242 salt:
243 master:
244 engine:
245 docker_events:
246 docker_url: unix://var/run/docker.sock
247
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]248Salt master peer setup for remote certificate signing:
Jakub Pavlikd4859842016-05-23 10:48:04 +0200[diff] [blame]249
250.. code-block:: yaml
251
252 salt:
253 master:
254 peer:
255 ".*":
256 - x509.sign_remote_certificate
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]257
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]258Salt master backup configuration:
Ales Komarekb2ada522017-12-07 11:31:32 +0100[diff] [blame]259
260.. code-block:: yaml
261
262 salt:
263 master:
264 backup: true
265 initial_data:
266 engine: backupninja
Jiri Broulik3e281642018-03-02 18:17:21 +0100[diff] [blame]267 home_dir: remote-backup-home-dir
Ales Komarekb2ada522017-12-07 11:31:32 +0100[diff] [blame]268 source: backup-node-host
269 host: original-salt-master-id
270
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]271Configure verbosity of state output (used for :command:`salt`
272command):
Tomáš Kukrál8922aef2017-05-10 10:27:04 +0200[diff] [blame]273
274.. code-block:: yaml
275
276 salt:
277 master:
Tomáš Kukrál044667b2017-05-11 10:12:15 +0200[diff] [blame]278 state_output: changes
Tomáš Kukrál8922aef2017-05-10 10:27:04 +0200[diff] [blame]279
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]280Pass pillar render error to minion log:
Ales Komarekd768f1c2018-01-30 22:37:18 +0100[diff] [blame]281
282.. note:: When set to `False` this option is great for debuging.
283 However it is not recomended for any production environment as it may contain
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]284 templating data as passwords, and so on, that minion should not expose.
Ales Komarekd768f1c2018-01-30 22:37:18 +0100[diff] [blame]285
286.. code-block:: yaml
287
288 salt:
289 master:
290 pillar_safe_render_error: False
291
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]292Enable Windows repository support:
Ales Komarekf44e64c2018-05-29 10:22:31 +0200[diff] [blame]293
294.. code-block:: yaml
295
296 salt:
297 master:
298 win_repo:
299 source: git
300 address: https://github.com/saltstack/salt-winrepo-ng
301 revision: master
302
Ivan Suzdal7e2a2ca2018-08-23 12:31:19 +0400[diff] [blame]303Configure a gitfs_remotes resource:
304
305.. code-block:: yaml
306
307 salt:
308 master:
309 gitfs_remotes:
310 salt_formula:
Pavel Cizinsky6b67f5f2018-12-12 12:03:18 +0100[diff] [blame^]311 url: https://gerrit.mcp.mirantis.com/salt-formulas/salt.git
Ivan Suzdal7e2a2ca2018-08-23 12:31:19 +0400[diff] [blame]312 enabled: true
313 params:
314 base: master
315
316Read more about gitfs resource options in the official Salt documentation.
317
318
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]319Event/Reactor systems
Ales Komarekd768f1c2018-01-30 22:37:18 +0100[diff] [blame]320~~~~~~~~~~~~~~~~~~~~~
Petr Michalec1f541c42017-08-17 13:30:37 +0200[diff] [blame]321
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]322Salt to synchronize node pillar and modules after start:
Ales Komarek54740682017-05-15 07:16:23 +0200[diff] [blame]323
324.. code-block:: yaml
325
326 salt:
327 master:
328 reactor:
329 salt/minion/*/start:
Ales Komareke7844d12017-06-08 12:00:01 +0200[diff] [blame]330 - salt://salt/reactor/node_start.sls
Ales Komarek54740682017-05-15 07:16:23 +0200[diff] [blame]331
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]332Trigger basic node install:
Ales Komareke7844d12017-06-08 12:00:01 +0200[diff] [blame]333
334.. code-block:: yaml
335
336 salt:
337 master:
338 reactor:
339 salt/minion/install:
340 - salt://salt/reactor/node_install.sls
341
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]342Sample event to trigger the node installation:
Ales Komareke7844d12017-06-08 12:00:01 +0200[diff] [blame]343
344.. code-block:: bash
345
346 salt-call event.send 'salt/minion/install'
347
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]348Run any defined orchestration pipeline:
Ales Komarek5c58de32017-06-06 11:49:32 +0200[diff] [blame]349
350.. code-block:: yaml
351
352 salt:
353 master:
354 reactor:
355 salt/orchestrate/start:
356 - salt://salt/reactor/orchestrate_start.sls
357
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]358Event to trigger the orchestration pipeline:
Ales Komarek5c58de32017-06-06 11:49:32 +0200[diff] [blame]359
360.. code-block:: bash
361
Ales Komareke7844d12017-06-08 12:00:01 +0200[diff] [blame]362 salt-call event.send 'salt/orchestrate/start' "{'orchestrate': 'salt/orchestrate/infra_install.sls'}"
Ales Komarek5c58de32017-06-06 11:49:32 +0200[diff] [blame]363
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]364Synchronise modules and pillars on minion start:
Ales Komarek3ed7c432017-08-24 16:15:49 +0200[diff] [blame]365
366.. code-block:: yaml
367
368 salt:
369 master:
370 reactor:
371 'salt/minion/*/start':
372 - salt://salt/reactor/minion_start.sls
373
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]374Add and/or remove the minion key:
Ales Komarek5c58de32017-06-06 11:49:32 +0200[diff] [blame]375
376.. code-block:: yaml
377
378 salt:
379 master:
380 reactor:
Ales Komarek213fbe02017-08-21 16:39:05 +0200[diff] [blame]381 salt/key/create:
382 - salt://salt/reactor/key_create.sls
383 salt/key/remove:
384 - salt://salt/reactor/key_remove.sls
Ales Komarek5c58de32017-06-06 11:49:32 +0200[diff] [blame]385
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]386Event to trigger the key creation:
Ales Komarek5c58de32017-06-06 11:49:32 +0200[diff] [blame]387
388.. code-block:: bash
389
Adam Tengler62188962017-09-04 13:34:44 +0000[diff] [blame]390 salt-call event.send 'salt/key/create' \
391 > "{'node_id': 'id-of-minion', 'node_host': '172.16.10.100', 'orch_post_create': 'kubernetes.orchestrate.compute_install', 'post_create_pillar': {'node_name': 'id-of-minion'}}"
Ales Komarek5c58de32017-06-06 11:49:32 +0200[diff] [blame]392
Ales Komarek213fbe02017-08-21 16:39:05 +0200[diff] [blame]393.. note::
394
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]395 You can add pass additional ``orch_pre_create``, ``orch_post_create``,
396 ``orch_pre_remove`` or ``orch_post_remove`` parameters to the event
397 to call extra orchestrate files. This can be useful for example for
Ales Komarek213fbe02017-08-21 16:39:05 +0200[diff] [blame]398 registering/unregistering nodes from the monitoring alarms or dashboards.
399
400 The key creation event needs to be run from other machine than the one
401 being registered.
402
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]403Event to trigger the key removal:
Ales Komarek213fbe02017-08-21 16:39:05 +0200[diff] [blame]404
405.. code-block:: bash
406
407 salt-call event.send 'salt/key/remove'
Ales Komarek54740682017-05-15 07:16:23 +0200[diff] [blame]408
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]409Control VM provisioning:
Dzmitry Stremkouski7ee23402018-04-10 00:43:48 +0200[diff] [blame]410
411.. code-block:: yaml
412
Dzmitry Stremkouski97927ee2018-08-23 23:20:38 +0200[diff] [blame]413 _param:
414 private-ipv4: &private-ipv4
415 - id: private-ipv4
416 type: ipv4
417 link: ens2
418 netmask: 255.255.255.0
419 routes:
420 - gateway: 192.168.0.1
421 netmask: 0.0.0.0
422 network: 0.0.0.0
Dzmitry Stremkouski7ee23402018-04-10 00:43:48 +0200[diff] [blame]423 virt:
424 disk:
425 three_disks:
426 - system:
427 size: 4096
428 image: ubuntu.qcow
429 - repository_snapshot:
430 size: 8192
431 image: snapshot.qcow
432 - cinder-volume:
433 size: 2048
Ondrej Smolae6bcb292018-04-13 10:56:39 +0200[diff] [blame]434 nic:
435 control:
436 - name: nic01
437 bridge: br-pxe
438 model: virtio
439 - name: nic02
440 bridge: br-cp
441 model: virtio
442 - name: nic03
443 bridge: br-store-front
444 model: virtio
445 - name: nic04
446 bridge: br-public
447 model: virtio
Dzmitry Stremkouskib8acf1f2018-06-28 12:56:23 +0200[diff] [blame]448 - name: nic05
449 bridge: br-prv
450 model: virtio
451 virtualport:
452 type: openvswitch
Ondrej Smolae6bcb292018-04-13 10:56:39 +0200[diff] [blame]453
Dzmitry Stremkouski7ee23402018-04-10 00:43:48 +0200[diff] [blame]454 salt:
455 control:
456 enabled: true
457 virt_enabled: true
458 size:
459 medium_three_disks:
460 cpu: 2
461 ram: 4
462 disk_profile: three_disks
463 cluster:
464 mycluster:
465 domain: neco.virt.domain.com
466 engine: virt
Martin Horak9e11aa22018-09-17 06:46:59 +0200[diff] [blame]467 # Cluster global settings
Ondrej Smolac7f6cfc2018-05-21 15:55:08 +0200[diff] [blame]468 rng: false
Martin Horak9e11aa22018-09-17 06:46:59 +0200[diff] [blame]469 enable_vnc: True
Andrei Danin996e2092018-09-10 21:58:23 -0700[diff] [blame]470 seed: cloud-init
Dzmitry Stremkouski97927ee2018-08-23 23:20:38 +0200[diff] [blame]471 cloud_init:
472 user_data:
473 disable_ec2_metadata: true
474 resize_rootfs: True
475 timezone: UTC
476 ssh_deletekeys: True
477 ssh_genkeytypes: ['rsa', 'dsa', 'ecdsa']
478 ssh_svcname: ssh
479 locale: en_US.UTF-8
480 disable_root: true
481 apt_preserve_sources_list: false
482 apt:
483 sources_list: ""
484 sources:
485 ubuntu.list:
486 source: ${linux:system:repo:ubuntu:source}
487 mcp_saltstack.list:
488 source: ${linux:system:repo:mcp_saltstack:source}
Dzmitry Stremkouski7ee23402018-04-10 00:43:48 +0200[diff] [blame]489 node:
490 ubuntu1:
491 provider: node01.domain.com
492 image: ubuntu.qcow
493 size: medium
494 img_dest: /var/lib/libvirt/ssdimages
Martin Horak9e11aa22018-09-17 06:46:59 +0200[diff] [blame]495 # Node settings override cluster global ones
496 enable_vnc: False
Dzmitry Stremkouski7ee23402018-04-10 00:43:48 +0200[diff] [blame]497 rng:
498 backend: /dev/urandom
499 model: random
500 rate:
501 period: '1800'
502 bytes: '1500'
Alexandru Avadanii00f187a2018-06-24 20:36:44 +0200[diff] [blame]503 # Custom per-node loader definition (e.g. for AArch64 UEFI)
504 loader:
505 readonly: yes
506 type: pflash
507 path: /usr/share/AAVMF/AAVMF_CODE.fd
508 machine: virt-2.11 # Custom per-node virt machine type
509 cpu_mode: host-passthrough
Pavel Cizinskyf03c4e82018-09-10 14:56:11 +0200[diff] [blame]510 cpuset: '1-4'
Ondrej Smolae6bcb292018-04-13 10:56:39 +0200[diff] [blame]511 mac:
512 nic01: AC:DE:48:AA:AA:AA
513 nic02: AC:DE:48:AA:AA:BB
Dzmitry Stremkouski97927ee2018-08-23 23:20:38 +0200[diff] [blame]514 # netconfig affects: hostname during boot
515 # manual interfaces configuration
516 cloud_init:
517 network_data:
518 networks:
519 - <<: *private-ipv4
520 ip_address: 192.168.0.161
Andrei Danin996e2092018-09-10 21:58:23 -0700[diff] [blame]521 user_data:
522 salt_minion:
523 conf:
524 master: 10.1.1.1
525 ubuntu2:
526 seed: qemu-nbd
527 cloud_init:
528 enabled: false
529
530There are two methods to seed an initial Salt minion configuration to
531Libvirt VMs: mount a disk and update a filesystem or create a ConfigDrive with
532a Cloud-init config. This is controlled by the "seed" parameter on cluster and
533node levels. When set to _True_ or "qemu-nbd", the old method of mounting a disk
534will be used. When set to "cloud-init", the new method will be used. When set
535to _False_, no seeding will happen. The default value is _True_, meaning
536the "qemu-nbd" method will be used. This is done for backward compatibility
537and may be changed in future.
538
539The recommended method is to use Cloud-init.
540It's controlled by the "cloud_init" dictionary on cluster and node levels.
541Node level parameters are merged on top of cluster level parameters.
542The Salt Minion config is populated automatically based on a VM name and config
543settings of the minion who is actually executing a state. To override them,
544add the "salt_minion" section into the "user_data" section as shown above.
545It is possible to disable Cloud-init by setting "cloud_init.enabled" to _False_.
Ondrej Smolae6bcb292018-04-13 10:56:39 +0200[diff] [blame]546
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]547To enable Redis plugin for the Salt caching subsystem, use the
548below pillar structure:
Oleh Hryhorovca6b9172018-06-21 14:21:35 +0000[diff] [blame]549
550.. code-block:: yaml
551
552 salt:
553 master:
554 cache:
555 plugin: redis
556 host: localhost
557 port: 6379
558 db: '0'
559 password: pass_word
560 bank_prefix: 'MCP'
561 bank_keys_prefix: 'MCPKEY'
562 key_prefix: 'KEY'
563 separator: '@'
Ondrej Smolae6bcb292018-04-13 10:56:39 +0200[diff] [blame]564
Petr Michalecdf75d682018-02-07 13:43:53 +0100[diff] [blame]565Jinja options
566-------------
567
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]568Use the following options to update default Jinja renderer options.
569Salt recognize Jinja options for templates and for the ``sls`` files.
Petr Michalecdf75d682018-02-07 13:43:53 +0100[diff] [blame]570
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]571For full list of options, see Jinja documentation:
572http://jinja.pocoo.org/docs/api/#high-level-api
Petr Michalecdf75d682018-02-07 13:43:53 +0100[diff] [blame]573
574.. code-block:: yaml
575
Petr Michalecdf75d682018-02-07 13:43:53 +0100[diff] [blame]576 salt:
577 renderer:
578 # for templates
579 jinja: &jina_env
580 # Default Jinja environment options
581 block_start_string: '{%'
582 block_end_string: '%}'
583 variable_start_string: '{{'
584 variable_end_string: '}}'
585 comment_start_string: '{#'
586 comment_end_string: '#}'
587 keep_trailing_newline: False
588 newline_sequence: '\n'
589
590 # Next two are enabled by default in Salt
591 trim_blocks: True
592 lstrip_blocks: True
593
594 # Next two are not enabled by default in Salt
595 # but worth to consider to enable in future for salt-formulas
596 line_statement_prefix: '%'
597 line_comment_prefix: '##'
598
599 # for .sls state files
600 jinja_sls: *jinja_env
601
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]602With the ``line_statement/comment* _prefix`` options enabled following
603code statements are valid:
Petr Michalecdf75d682018-02-07 13:43:53 +0100[diff] [blame]604
605.. code-block:: yaml
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]606
Petr Michalecdf75d682018-02-07 13:43:53 +0100[diff] [blame]607 %- set myvar = 'one'
608
609 ## You can mix even with '{%'
610 {%- set myvar = 'two' %} ## comment
611 %- set mylist = ['one', 'two', 'three'] ## comment
612
613 ## comment
614 %- for item in mylist: ## comment
615 {{- item }}
616 %- endfor
617
Petr Michalecdf75d682018-02-07 13:43:53 +0100[diff] [blame]618Encrypted pillars
Ales Komarekd768f1c2018-01-30 22:37:18 +0100[diff] [blame]619~~~~~~~~~~~~~~~~~
Petr Michalec1f541c42017-08-17 13:30:37 +0200[diff] [blame]620
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]621.. note:: NACL and the below configuration will be available in Salt > 2017.7.
Petr Michalec1f541c42017-08-17 13:30:37 +0200[diff] [blame]622
623External resources:
624
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]625- Tutorial to configure the Salt and Reclass ``ext_pillar`` and NACL:
626 http://apealive.net/post/2017-09-salt-nacl-ext-pillar/
627- SaltStack documentation:
628 https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.nacl.html
Petr Michalec1f541c42017-08-17 13:30:37 +0200[diff] [blame]629
630Configure salt NACL module:
631
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]632.. code-block:: bash
Petr Michalec1f541c42017-08-17 13:30:37 +0200[diff] [blame]633
634 pip install --upgrade libnacl===1.5.2
635 salt-call --local nacl.keygen /etc/salt/pki/master/nacl
636
637 local:
638 saved sk_file:/etc/salt/pki/master/nacl pk_file: /etc/salt/pki/master/nacl.pub
639
Petr Michalec1f541c42017-08-17 13:30:37 +0200[diff] [blame]640.. code-block:: yaml
641
642 salt:
643 master:
644 pillar:
645 reclass: *reclass
646 nacl:
647 index: 99
648 nacl:
649 box_type: sealedbox
650 sk_file: /etc/salt/pki/master/nacl
651 pk_file: /etc/salt/pki/master/nacl.pub
652 #sk: None
653 #pk: None
654
655NACL encrypt secrets:
656
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]657.. code-block:: bash
658
Petr Michalec1f541c42017-08-17 13:30:37 +0200[diff] [blame]659 salt-call --local nacl.enc 'my_secret_value' pk_file=/etc/salt/pki/master/nacl.pub
660 hXTkJpC1hcKMS7yZVGESutWrkvzusXfETXkacSklIxYjfWDlMJmR37MlmthdIgjXpg4f2AlBKb8tc9Woma7q
661 # or
662 salt-run nacl.enc 'myotherpass'
663 ADDFD0Rav6p6+63sojl7Htfrncp5rrDVyeE4BSPO7ipq8fZuLDIVAzQLf4PCbDqi+Fau5KD3/J/E+Pw=
664
Petr Michalec1f541c42017-08-17 13:30:37 +0200[diff] [blame]665NACL encrypted values on pillar:
666
667Use Boxed syntax `NACL[CryptedValue=]` to encode value on pillar:
668
669.. code-block:: yaml
670
671 my_pillar:
672 my_nacl:
673 key0: unencrypted_value
674 key1: NACL[hXTkJpC1hcKMS7yZVGESutWrkvzusXfETXkacSklIxYjfWDlMJmR37MlmthdIgjXpg4f2AlBKb8tc9Woma7q]
675
676NACL large files:
677
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]678.. code-block:: bash
679
Petr Michalec1f541c42017-08-17 13:30:37 +0200[diff] [blame]680 salt-call nacl.enc_file /tmp/cert.crt out=/srv/salt/env/dev/cert.nacl
681 # or more advanced
682 cert=$(cat /tmp/cert.crt)
683 salt-call --out=newline_values_only nacl.enc_pub data="$cert" > /srv/salt/env/dev/cert.nacl
684
Petr Michalec1f541c42017-08-17 13:30:37 +0200[diff] [blame]685NACL within template/native pillars:
686
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]687.. code-block:: yaml
688
Petr Michalec1f541c42017-08-17 13:30:37 +0200[diff] [blame]689 pillarexample:
690 user: root
691 password1: {{salt.nacl.dec('DRB7Q6/X5gGSRCTpZyxS6hlbWj0llUA+uaVyvou3vJ4=')|json}}
692 cert_key: {{salt.nacl.dec_file('/srv/salt/env/dev/certs/example.com/cert.nacl')|json}}
693 cert_key2: {{salt.nacl.dec_file('salt:///certs/example.com/cert2.nacl')|json}}
694
Ales Komarekd768f1c2018-01-30 22:37:18 +0100[diff] [blame]695Salt Syndic
Ales Komarek54740682017-05-15 07:16:23 +0200[diff] [blame]696-----------
697
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]698The master of masters:
Ales Komarek54740682017-05-15 07:16:23 +0200[diff] [blame]699
700.. code-block:: yaml
701
702 salt:
703 master:
704 enabled: true
705 order_masters: True
706
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]707Lower syndicated master:
Ales Komarek54740682017-05-15 07:16:23 +0200[diff] [blame]708
709.. code-block:: yaml
710
711 salt:
712 syndic:
713 enabled: true
714 master:
715 host: master-of-master-host
716 timeout: 5
717
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]718Syndicated master with multiple master of masters:
Ales Komarek54740682017-05-15 07:16:23 +0200[diff] [blame]719
720.. code-block:: yaml
721
722 salt:
723 syndic:
724 enabled: true
725 masters:
726 - host: master-of-master-host1
727 - host: master-of-master-host2
728 timeout: 5
729
Ales Komarekd768f1c2018-01-30 22:37:18 +0100[diff] [blame]730Salt Minion
731-----------
732
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]733Minion ID by default triggers dependency on Linux formula, as it uses fqdn
734configured from `linux.system.name` and `linux.system.domain` pillar.
735To override, provide exact minion ID you require. The same can be set for
736master ID rendered at ``master.conf``.
Petr Michaleccfd93e12018-06-26 18:11:44 +0200[diff] [blame]737
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]738 .. code-block:: yaml
Petr Michaleccfd93e12018-06-26 18:11:44 +0200[diff] [blame]739
740 salt:
741 minion:
742 id: minion1.production
743 master:
744 id: master.production
745
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]746Simplest Salt minion setup with central configuration node:
Ales Komarekd768f1c2018-01-30 22:37:18 +0100[diff] [blame]747
748.. literalinclude:: tests/pillar/minion_master.sls
749 :language: yaml
750
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]751Multi-master Salt minion setup:
Ales Komarekd768f1c2018-01-30 22:37:18 +0100[diff] [blame]752
753.. literalinclude:: tests/pillar/minion_multi_master.sls
754 :language: yaml
755
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]756Salt minion with salt mine options:
Ales Komarekd768f1c2018-01-30 22:37:18 +0100[diff] [blame]757
758.. literalinclude:: tests/pillar/minion_mine.sls
759 :language: yaml
760
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]761Salt minion with graphing dependencies:
Ales Komarekd768f1c2018-01-30 22:37:18 +0100[diff] [blame]762
763.. literalinclude:: tests/pillar/minion_graph.sls
764 :language: yaml
765
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]766Salt minion behind HTTP proxy:
Ales Komarekd768f1c2018-01-30 22:37:18 +0100[diff] [blame]767
768.. code-block:: yaml
769
770 salt:
771 minion:
772 proxy:
773 host: 127.0.0.1
774 port: 3128
775
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]776Salt minion to specify non-default HTTP backend. The default
777tornado backend does not respect HTTP proxy settings set as
778environment variables. This is useful for cases where you need
779to set no_proxy lists.
Ales Komarekd768f1c2018-01-30 22:37:18 +0100[diff] [blame]780
781.. code-block:: yaml
782
783 salt:
784 minion:
785 backend: urllib2
786
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]787Salt minion with PKI certificate authority (CA):
Ales Komarekd768f1c2018-01-30 22:37:18 +0100[diff] [blame]788
789.. literalinclude:: tests/pillar/minion_pki_ca.sls
790 :language: yaml
791
792Salt minion using PKI certificate
793
794.. literalinclude:: tests/pillar/minion_pki_cert.sls
795 :language: yaml
796
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]797Salt minion trust CA certificates issued by salt CA on a
798specific host (ie: salt-master node):
Ales Komarekd768f1c2018-01-30 22:37:18 +0100[diff] [blame]799
800.. code-block:: yaml
801
802 salt:
803 minion:
804 trusted_ca_minions:
805 - cfg01
806
Ales Komarekd768f1c2018-01-30 22:37:18 +0100[diff] [blame]807Salt Minion Proxy
808~~~~~~~~~~~~~~~~~
Jiri Broulika0f46682017-04-20 22:45:01 +0200[diff] [blame]809
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]810Salt proxy pillar:
Jiri Broulika0f46682017-04-20 22:45:01 +0200[diff] [blame]811
812.. code-block:: yaml
813
814 salt:
815 minion:
Jiri Broulik88275242017-05-24 17:21:17 +0200[diff] [blame]816 proxy_minion:
Jiri Broulika0f46682017-04-20 22:45:01 +0200[diff] [blame]817 master: localhost
818 device:
819 vsrx01.mydomain.local:
820 enabled: true
821 engine: napalm
822 csr1000v.mydomain.local:
823 enabled: true
824 engine: napalm
825
826.. note:: This is pillar of the the real salt-minion
827
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]828Proxy pillar for IOS device:
Jiri Broulika0f46682017-04-20 22:45:01 +0200[diff] [blame]829
830.. code-block:: yaml
831
832 proxy:
833 proxytype: napalm
834 driver: ios
835 host: csr1000v.mydomain.local
836 username: root
837 passwd: r00tme
838
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]839.. note:: This is pillar of the node thats not able to run
840 salt-minion itself.
Jiri Broulika0f46682017-04-20 22:45:01 +0200[diff] [blame]841
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]842Proxy pillar for JunOS device:
Jiri Broulika0f46682017-04-20 22:45:01 +0200[diff] [blame]843
844.. code-block:: yaml
845
846 proxy:
847 proxytype: napalm
848 driver: junos
849 host: vsrx01.mydomain.local
850 username: root
851 passwd: r00tme
852 optional_args:
853 config_format: set
854
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]855.. note:: This pillar applies to the node that can not run
856 salt-minion itself.
Ales Komarek8fb1da82016-08-21 23:52:03 +0200[diff] [blame]857
858Salt SSH
Ales Komarekd768f1c2018-01-30 22:37:18 +0100[diff] [blame]859~~~~~~~~
Ales Komarek8fb1da82016-08-21 23:52:03 +0200[diff] [blame]860
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]861Salt SSH with sudoer using key:
Ales Komarek8fb1da82016-08-21 23:52:03 +0200[diff] [blame]862
863.. literalinclude:: tests/pillar/master_ssh_minion_key.sls
864 :language: yaml
865
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]866Salt SSH with sudoer using password:
Ales Komarek8fb1da82016-08-21 23:52:03 +0200[diff] [blame]867
868.. literalinclude:: tests/pillar/master_ssh_minion_password.sls
869 :language: yaml
870
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]871Salt SSH with root using password:
Ales Komarek8fb1da82016-08-21 23:52:03 +0200[diff] [blame]872
873.. literalinclude:: tests/pillar/master_ssh_minion_root.sls
874 :language: yaml
875
Ales Komarek8ba9c0b2016-02-21 14:59:59 +0100[diff] [blame]876Salt control (cloud/kvm/docker)
877-------------------------------
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]878
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]879Salt cloud with local OpenStack provider:
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]880
Ales Komarek8ba9c0b2016-02-21 14:59:59 +0100[diff] [blame]881.. literalinclude:: tests/pillar/control_cloud_openstack.sls
882 :language: yaml
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]883
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]884Salt cloud with Digital Ocean provider:
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]885
Ales Komarek8ba9c0b2016-02-21 14:59:59 +0100[diff] [blame]886.. literalinclude:: tests/pillar/control_cloud_digitalocean.sls
887 :language: yaml
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]888
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]889Salt virt with KVM cluster:
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]890
Ales Komarek8ba9c0b2016-02-21 14:59:59 +0100[diff] [blame]891.. literalinclude:: tests/pillar/control_virt.sls
892 :language: yaml
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]893
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]894Salt virt with custom destination for image file:
Mateusz Los4c7cd2d2018-01-09 11:46:07 +0100[diff] [blame]895
896.. literalinclude:: tests/pillar/control_virt_custom.sls
897 :language: yaml
898
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]899Usage
900=====
901
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]902Working with salt-cloud:
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]903
904.. code-block:: bash
905
906 salt-cloud -m /path/to/map --assume-yes
907
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]908Debug LIBCLOUD for salt-cloud connection:
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]909
910.. code-block:: bash
911
912 export LIBCLOUD_DEBUG=/dev/stderr; salt-cloud --list-sizes provider_name --log-level all
913
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]914Read more
915=========
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]916
917* http://salt.readthedocs.org/en/latest/
918* https://github.com/DanielBryan/salt-state-graph
919* http://karlgrz.com/testing-salt-states-rapidly-with-docker/
920* https://mywushublog.com/2013/03/configuration-management-with-salt-stack/
921* http://russell.ballestrini.net/replace-the-nagios-scheduler-and-nrpe-with-salt-stack/
922* https://github.com/saltstack-formulas/salt-formula
923* http://docs.saltstack.com/en/latest/topics/tutorials/multimaster.html
924
925salt-cloud
926----------
927
928* http://www.blog.sandro-mathys.ch/2013/07/setting-user-password-when-launching.html
929* http://cloudinit.readthedocs.org/en/latest/topics/examples.html
930* http://salt-cloud.readthedocs.org/en/latest/topics/install/index.html
931* http://docs.saltstack.com/topics/cloud/digitalocean.html
932* http://salt-cloud.readthedocs.org/en/latest/topics/rackspace.html
933* http://salt-cloud.readthedocs.org/en/latest/topics/map.html
934* http://docs.saltstack.com/en/latest/topics/tutorials/multimaster.html