Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / salt / 7e2a2ca3209f029a758e4b250f51fc8c5d6f6bec / . / README.rst
blob: d18f0539357ff6a876dcdd573be21002be4310a2 [file] [log] [blame]
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]1
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]2=====
3Usage
4=====
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]5
Ales Komarek54740682017-05-15 07:16:23 +0200[diff] [blame]6Salt is a new approach to infrastructure management. Easy enough to get
7running in minutes, scalable enough to manage tens of thousands of servers,
8and fast enough to communicate with them in seconds.
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]9
Ales Komarek54740682017-05-15 07:16:23 +0200[diff] [blame]10Salt delivers a dynamic communication bus for infrastructures that can be used
11for orchestration, remote execution, configuration management and much more.
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]12
Ales Komarek54740682017-05-15 07:16:23 +0200[diff] [blame]13Sample Metadata
14===============
15
Ales Komarekd768f1c2018-01-30 22:37:18 +0100[diff] [blame]16Salt Master
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]17-----------
18
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]19Salt master with base formulas and pillar metadata back end:
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]20
Ales Komarek8ba9c0b2016-02-21 14:59:59 +0100[diff] [blame]21.. literalinclude:: tests/pillar/master_single_pillar.sls
22 :language: yaml
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]23
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]24Salt master with reclass ENC metadata back end:
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]25
Ales Komarek8ba9c0b2016-02-21 14:59:59 +0100[diff] [blame]26.. literalinclude:: tests/pillar/master_single_reclass.sls
27 :language: yaml
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]28
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]29Salt master with Architect ENC metadata back end:
Ales Komarek459407b2018-01-18 17:16:31 +0100[diff] [blame]30
31.. code-block:: yaml
32
33 salt:
34 master:
35 enabled: true
36 pillar:
37 engine: architect
38 project: project-name
39 host: architect-api
40 port: 8181
41 username: salt
42 password: password
43
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]44Salt master with multiple ``ext_pillars``:
Petr Michalec1f541c42017-08-17 13:30:37 +0200[diff] [blame]45
Dzmitry Stremkouski7b15d8a2018-08-11 22:02:45 +0200[diff] [blame]46.. code-block:: yaml
47
48 salt:
49 master:
50 enabled: true
51 pillar:
52 engine: salt
53 source:
54 engine: local
55 ext_pillars:
56 1:
57 module: cmd_json
58 params: '"echo {\"arg\": \"val\"}"'
59 2:
60 module: cmd_yaml
61 params: /usr/local/bin/get_yml.sh
Petr Michalec1f541c42017-08-17 13:30:37 +0200[diff] [blame]62
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]63Salt master with API:
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]64
Ales Komarekb2c8ff62016-08-22 00:20:01 +0200[diff] [blame]65.. literalinclude:: tests/pillar/master_api.sls
66 :language: yaml
Ales Komarekcdb280f2016-07-27 15:37:51 +0200[diff] [blame]67
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]68Salt master with defined user ACLs:
Ales Komarekcdb280f2016-07-27 15:37:51 +0200[diff] [blame]69
Ales Komarekb2c8ff62016-08-22 00:20:01 +0200[diff] [blame]70.. literalinclude:: tests/pillar/master_acl.sls
71 :language: yaml
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]72
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]73Salt master with preset minions:
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]74
75.. code-block:: yaml
76
77 salt:
78 master:
79 enabled: true
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]80 minions:
81 - name: 'node1.system.location.domain.com'
82
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]83Salt master with pip based installation (optional):
Adam Tenglercaedd972016-05-04 16:44:00 +0200[diff] [blame]84
85.. code-block:: yaml
86
87 salt:
88 master:
89 enabled: true
90 ...
91 source:
92 engine: pip
93 version: 2016.3.0rc2
94
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]95Install formula through system package management:
Adam Tengler3eb85ad2016-05-06 02:52:40 +0200[diff] [blame]96
97.. code-block:: yaml
98
99 salt:
100 master:
101 enabled: true
102 ...
103 environment:
104 prd:
Petr Michalec7a2f1d22017-05-17 22:08:32 +0200[diff] [blame]105 keystone:
Adam Tengler3eb85ad2016-05-06 02:52:40 +0200[diff] [blame]106 source: pkg
107 name: salt-formula-keystone
Petr Michalec7a2f1d22017-05-17 22:08:32 +0200[diff] [blame]108 nova:
109 source: pkg
110 name: salt-formula-keystone
111 version: 0.1+0~20160818133412.24~1.gbp6e1ebb
112 postresql:
113 source: pkg
114 name: salt-formula-postgresql
115 version: purged
116
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]117Formula keystone is installed latest version and the formulas
118without version are installed in one call to aptpkg module.
119If the version attribute is present sls iterates over formulas
120and take action to install specific version or remove it.
121The version attribute may have these values
122``[latest|purged|removed|<VERSION>]``.
Adam Tengler3eb85ad2016-05-06 02:52:40 +0200[diff] [blame]123
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]124Clone master branch of keystone formula as local feature branch:
Adam Tengler3eb85ad2016-05-06 02:52:40 +0200[diff] [blame]125
126.. code-block:: yaml
127
128 salt:
129 master:
130 enabled: true
131 ...
132 environment:
133 dev:
134 formula:
135 keystone:
136 source: git
137 address: git@github.com:openstack/salt-formula-keystone.git
138 revision: master
139 branch: feature
140
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]141Salt master with specified formula refs (for example, for Gerrit
142review):
Adam Tengler3eb85ad2016-05-06 02:52:40 +0200[diff] [blame]143
144.. code-block:: yaml
145
146 salt:
147 master:
148 enabled: true
149 ...
150 environment:
151 dev:
152 formula:
153 keystone:
154 source: git
155 address: https://git.openstack.org/openstack/salt-formula-keystone
156 revision: refs/changes/56/123456/1
157
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]158Salt master logging configuration:
Oleksii Chupryn7b7102a2018-05-11 10:32:11 +0300[diff] [blame]159
160.. code-block:: yaml
161
162 salt:
163 master:
164 enabled: true
165 log:
166 level: warning
167 file: '/var/log/salt/master'
168 level_logfile: warning
169
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]170Salt minion logging configuration:
Oleksii Chupryn7b7102a2018-05-11 10:32:11 +0300[diff] [blame]171
172.. code-block:: yaml
173
174 salt:
175 minion:
176 enabled: true
177 log:
178 level: info
179 file: '/var/log/salt/minion'
180 level_logfile: warning
181
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]182Salt master with logging handlers:
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]183
184.. code-block:: yaml
185
186 salt:
187 master:
188 enabled: true
Ales Komarek8ba9c0b2016-02-21 14:59:59 +0100[diff] [blame]189 handler:
190 handler01:
191 engine: udp
192 bind:
193 host: 127.0.0.1
194 port: 9999
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]195 minion:
Ales Komarek8ba9c0b2016-02-21 14:59:59 +0100[diff] [blame]196 handler:
197 handler01:
198 engine: udp
199 bind:
200 host: 127.0.0.1
201 port: 9999
202 handler02:
203 engine: zmq
204 bind:
205 host: 127.0.0.1
206 port: 9999
207
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]208Salt engine definition for saltgraph metadata collector:
Ales Komareka9fc6e72017-09-06 15:02:40 +0200[diff] [blame]209
210.. code-block:: yaml
211
212 salt:
213 master:
214 engine:
215 graph_metadata:
216 engine: saltgraph
217 host: 127.0.0.1
218 port: 5432
219 user: salt
220 password: salt
221 database: salt
222
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]223Salt engine definition for Architect service:
Ales Komarek459407b2018-01-18 17:16:31 +0100[diff] [blame]224
225.. code-block:: yaml
226
227 salt:
228 master:
229 engine:
230 architect:
231 engine: architect
232 project: project-name
233 host: architect-api
234 port: 8181
235 username: salt
236 password: password
237
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]238Salt engine definition for sending events from docker events:
Ales Komareka9fc6e72017-09-06 15:02:40 +0200[diff] [blame]239
240.. code-block:: yaml
241
242 salt:
243 master:
244 engine:
245 docker_events:
246 docker_url: unix://var/run/docker.sock
247
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]248Salt master peer setup for remote certificate signing:
Jakub Pavlikd4859842016-05-23 10:48:04 +0200[diff] [blame]249
250.. code-block:: yaml
251
252 salt:
253 master:
254 peer:
255 ".*":
256 - x509.sign_remote_certificate
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]257
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]258Salt master backup configuration:
Ales Komarekb2ada522017-12-07 11:31:32 +0100[diff] [blame]259
260.. code-block:: yaml
261
262 salt:
263 master:
264 backup: true
265 initial_data:
266 engine: backupninja
Jiri Broulik3e281642018-03-02 18:17:21 +0100[diff] [blame]267 home_dir: remote-backup-home-dir
Ales Komarekb2ada522017-12-07 11:31:32 +0100[diff] [blame]268 source: backup-node-host
269 host: original-salt-master-id
270
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]271Configure verbosity of state output (used for :command:`salt`
272command):
Tomáš Kukrál8922aef2017-05-10 10:27:04 +0200[diff] [blame]273
274.. code-block:: yaml
275
276 salt:
277 master:
Tomáš Kukrál044667b2017-05-11 10:12:15 +0200[diff] [blame]278 state_output: changes
Tomáš Kukrál8922aef2017-05-10 10:27:04 +0200[diff] [blame]279
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]280Pass pillar render error to minion log:
Ales Komarekd768f1c2018-01-30 22:37:18 +0100[diff] [blame]281
282.. note:: When set to `False` this option is great for debuging.
283 However it is not recomended for any production environment as it may contain
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]284 templating data as passwords, and so on, that minion should not expose.
Ales Komarekd768f1c2018-01-30 22:37:18 +0100[diff] [blame]285
286.. code-block:: yaml
287
288 salt:
289 master:
290 pillar_safe_render_error: False
291
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]292Enable Windows repository support:
Ales Komarekf44e64c2018-05-29 10:22:31 +0200[diff] [blame]293
294.. code-block:: yaml
295
296 salt:
297 master:
298 win_repo:
299 source: git
300 address: https://github.com/saltstack/salt-winrepo-ng
301 revision: master
302
Ivan Suzdal7e2a2ca2018-08-23 12:31:19 +0400[diff] [blame^]303Configure a gitfs_remotes resource:
304
305.. code-block:: yaml
306
307 salt:
308 master:
309 gitfs_remotes:
310 salt_formula:
311 url: https://github.com/salt-formulas/salt-formula-salt.git
312 enabled: true
313 params:
314 base: master
315
316Read more about gitfs resource options in the official Salt documentation.
317
318
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]319Event/Reactor systems
Ales Komarekd768f1c2018-01-30 22:37:18 +0100[diff] [blame]320~~~~~~~~~~~~~~~~~~~~~
Petr Michalec1f541c42017-08-17 13:30:37 +0200[diff] [blame]321
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]322Salt to synchronize node pillar and modules after start:
Ales Komarek54740682017-05-15 07:16:23 +0200[diff] [blame]323
324.. code-block:: yaml
325
326 salt:
327 master:
328 reactor:
329 salt/minion/*/start:
Ales Komareke7844d12017-06-08 12:00:01 +0200[diff] [blame]330 - salt://salt/reactor/node_start.sls
Ales Komarek54740682017-05-15 07:16:23 +0200[diff] [blame]331
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]332Trigger basic node install:
Ales Komareke7844d12017-06-08 12:00:01 +0200[diff] [blame]333
334.. code-block:: yaml
335
336 salt:
337 master:
338 reactor:
339 salt/minion/install:
340 - salt://salt/reactor/node_install.sls
341
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]342Sample event to trigger the node installation:
Ales Komareke7844d12017-06-08 12:00:01 +0200[diff] [blame]343
344.. code-block:: bash
345
346 salt-call event.send 'salt/minion/install'
347
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]348Run any defined orchestration pipeline:
Ales Komarek5c58de32017-06-06 11:49:32 +0200[diff] [blame]349
350.. code-block:: yaml
351
352 salt:
353 master:
354 reactor:
355 salt/orchestrate/start:
356 - salt://salt/reactor/orchestrate_start.sls
357
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]358Event to trigger the orchestration pipeline:
Ales Komarek5c58de32017-06-06 11:49:32 +0200[diff] [blame]359
360.. code-block:: bash
361
Ales Komareke7844d12017-06-08 12:00:01 +0200[diff] [blame]362 salt-call event.send 'salt/orchestrate/start' "{'orchestrate': 'salt/orchestrate/infra_install.sls'}"
Ales Komarek5c58de32017-06-06 11:49:32 +0200[diff] [blame]363
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]364Synchronise modules and pillars on minion start:
Ales Komarek3ed7c432017-08-24 16:15:49 +0200[diff] [blame]365
366.. code-block:: yaml
367
368 salt:
369 master:
370 reactor:
371 'salt/minion/*/start':
372 - salt://salt/reactor/minion_start.sls
373
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]374Add and/or remove the minion key:
Ales Komarek5c58de32017-06-06 11:49:32 +0200[diff] [blame]375
376.. code-block:: yaml
377
378 salt:
379 master:
380 reactor:
Ales Komarek213fbe02017-08-21 16:39:05 +0200[diff] [blame]381 salt/key/create:
382 - salt://salt/reactor/key_create.sls
383 salt/key/remove:
384 - salt://salt/reactor/key_remove.sls
Ales Komarek5c58de32017-06-06 11:49:32 +0200[diff] [blame]385
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]386Event to trigger the key creation:
Ales Komarek5c58de32017-06-06 11:49:32 +0200[diff] [blame]387
388.. code-block:: bash
389
Adam Tengler62188962017-09-04 13:34:44 +0000[diff] [blame]390 salt-call event.send 'salt/key/create' \
391 > "{'node_id': 'id-of-minion', 'node_host': '172.16.10.100', 'orch_post_create': 'kubernetes.orchestrate.compute_install', 'post_create_pillar': {'node_name': 'id-of-minion'}}"
Ales Komarek5c58de32017-06-06 11:49:32 +0200[diff] [blame]392
Ales Komarek213fbe02017-08-21 16:39:05 +0200[diff] [blame]393.. note::
394
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]395 You can add pass additional ``orch_pre_create``, ``orch_post_create``,
396 ``orch_pre_remove`` or ``orch_post_remove`` parameters to the event
397 to call extra orchestrate files. This can be useful for example for
Ales Komarek213fbe02017-08-21 16:39:05 +0200[diff] [blame]398 registering/unregistering nodes from the monitoring alarms or dashboards.
399
400 The key creation event needs to be run from other machine than the one
401 being registered.
402
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]403Event to trigger the key removal:
Ales Komarek213fbe02017-08-21 16:39:05 +0200[diff] [blame]404
405.. code-block:: bash
406
407 salt-call event.send 'salt/key/remove'
Ales Komarek54740682017-05-15 07:16:23 +0200[diff] [blame]408
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]409Control VM provisioning:
Dzmitry Stremkouski7ee23402018-04-10 00:43:48 +0200[diff] [blame]410
411.. code-block:: yaml
412
413 virt:
414 disk:
415 three_disks:
416 - system:
417 size: 4096
418 image: ubuntu.qcow
419 - repository_snapshot:
420 size: 8192
421 image: snapshot.qcow
422 - cinder-volume:
423 size: 2048
Ondrej Smolae6bcb292018-04-13 10:56:39 +0200[diff] [blame]424 nic:
425 control:
426 - name: nic01
427 bridge: br-pxe
428 model: virtio
429 - name: nic02
430 bridge: br-cp
431 model: virtio
432 - name: nic03
433 bridge: br-store-front
434 model: virtio
435 - name: nic04
436 bridge: br-public
437 model: virtio
Dzmitry Stremkouskib8acf1f2018-06-28 12:56:23 +0200[diff] [blame]438 - name: nic05
439 bridge: br-prv
440 model: virtio
441 virtualport:
442 type: openvswitch
Ondrej Smolae6bcb292018-04-13 10:56:39 +0200[diff] [blame]443
Dzmitry Stremkouski7ee23402018-04-10 00:43:48 +0200[diff] [blame]444 salt:
445 control:
446 enabled: true
447 virt_enabled: true
448 size:
449 medium_three_disks:
450 cpu: 2
451 ram: 4
452 disk_profile: three_disks
453 cluster:
454 mycluster:
455 domain: neco.virt.domain.com
456 engine: virt
Ondrej Smolac7f6cfc2018-05-21 15:55:08 +0200[diff] [blame]457 #Option to set rng globaly
458 rng: false
Dzmitry Stremkouski7ee23402018-04-10 00:43:48 +0200[diff] [blame]459 node:
460 ubuntu1:
461 provider: node01.domain.com
462 image: ubuntu.qcow
463 size: medium
464 img_dest: /var/lib/libvirt/ssdimages
Ondrej Smolac7f6cfc2018-05-21 15:55:08 +0200[diff] [blame]465 #Rng defined on node will have higher priority then global one
Dzmitry Stremkouski7ee23402018-04-10 00:43:48 +0200[diff] [blame]466 rng:
467 backend: /dev/urandom
468 model: random
469 rate:
470 period: '1800'
471 bytes: '1500'
Ondrej Smolae6bcb292018-04-13 10:56:39 +0200[diff] [blame]472 mac:
473 nic01: AC:DE:48:AA:AA:AA
474 nic02: AC:DE:48:AA:AA:BB
475
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]476To enable Redis plugin for the Salt caching subsystem, use the
477below pillar structure:
Oleh Hryhorovca6b9172018-06-21 14:21:35 +0000[diff] [blame]478
479.. code-block:: yaml
480
481 salt:
482 master:
483 cache:
484 plugin: redis
485 host: localhost
486 port: 6379
487 db: '0'
488 password: pass_word
489 bank_prefix: 'MCP'
490 bank_keys_prefix: 'MCPKEY'
491 key_prefix: 'KEY'
492 separator: '@'
Ondrej Smolae6bcb292018-04-13 10:56:39 +0200[diff] [blame]493
Petr Michalecdf75d682018-02-07 13:43:53 +0100[diff] [blame]494Jinja options
495-------------
496
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]497Use the following options to update default Jinja renderer options.
498Salt recognize Jinja options for templates and for the ``sls`` files.
Petr Michalecdf75d682018-02-07 13:43:53 +0100[diff] [blame]499
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]500For full list of options, see Jinja documentation:
501http://jinja.pocoo.org/docs/api/#high-level-api
Petr Michalecdf75d682018-02-07 13:43:53 +0100[diff] [blame]502
503.. code-block:: yaml
504
Petr Michalecdf75d682018-02-07 13:43:53 +0100[diff] [blame]505 salt:
506 renderer:
507 # for templates
508 jinja: &jina_env
509 # Default Jinja environment options
510 block_start_string: '{%'
511 block_end_string: '%}'
512 variable_start_string: '{{'
513 variable_end_string: '}}'
514 comment_start_string: '{#'
515 comment_end_string: '#}'
516 keep_trailing_newline: False
517 newline_sequence: '\n'
518
519 # Next two are enabled by default in Salt
520 trim_blocks: True
521 lstrip_blocks: True
522
523 # Next two are not enabled by default in Salt
524 # but worth to consider to enable in future for salt-formulas
525 line_statement_prefix: '%'
526 line_comment_prefix: '##'
527
528 # for .sls state files
529 jinja_sls: *jinja_env
530
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]531With the ``line_statement/comment* _prefix`` options enabled following
532code statements are valid:
Petr Michalecdf75d682018-02-07 13:43:53 +0100[diff] [blame]533
534.. code-block:: yaml
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]535
Petr Michalecdf75d682018-02-07 13:43:53 +0100[diff] [blame]536 %- set myvar = 'one'
537
538 ## You can mix even with '{%'
539 {%- set myvar = 'two' %} ## comment
540 %- set mylist = ['one', 'two', 'three'] ## comment
541
542 ## comment
543 %- for item in mylist: ## comment
544 {{- item }}
545 %- endfor
546
Petr Michalecdf75d682018-02-07 13:43:53 +0100[diff] [blame]547Encrypted pillars
Ales Komarekd768f1c2018-01-30 22:37:18 +0100[diff] [blame]548~~~~~~~~~~~~~~~~~
Petr Michalec1f541c42017-08-17 13:30:37 +0200[diff] [blame]549
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]550.. note:: NACL and the below configuration will be available in Salt > 2017.7.
Petr Michalec1f541c42017-08-17 13:30:37 +0200[diff] [blame]551
552External resources:
553
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]554- Tutorial to configure the Salt and Reclass ``ext_pillar`` and NACL:
555 http://apealive.net/post/2017-09-salt-nacl-ext-pillar/
556- SaltStack documentation:
557 https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.nacl.html
Petr Michalec1f541c42017-08-17 13:30:37 +0200[diff] [blame]558
559Configure salt NACL module:
560
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]561.. code-block:: bash
Petr Michalec1f541c42017-08-17 13:30:37 +0200[diff] [blame]562
563 pip install --upgrade libnacl===1.5.2
564 salt-call --local nacl.keygen /etc/salt/pki/master/nacl
565
566 local:
567 saved sk_file:/etc/salt/pki/master/nacl pk_file: /etc/salt/pki/master/nacl.pub
568
Petr Michalec1f541c42017-08-17 13:30:37 +0200[diff] [blame]569.. code-block:: yaml
570
571 salt:
572 master:
573 pillar:
574 reclass: *reclass
575 nacl:
576 index: 99
577 nacl:
578 box_type: sealedbox
579 sk_file: /etc/salt/pki/master/nacl
580 pk_file: /etc/salt/pki/master/nacl.pub
581 #sk: None
582 #pk: None
583
584NACL encrypt secrets:
585
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]586.. code-block:: bash
587
Petr Michalec1f541c42017-08-17 13:30:37 +0200[diff] [blame]588 salt-call --local nacl.enc 'my_secret_value' pk_file=/etc/salt/pki/master/nacl.pub
589 hXTkJpC1hcKMS7yZVGESutWrkvzusXfETXkacSklIxYjfWDlMJmR37MlmthdIgjXpg4f2AlBKb8tc9Woma7q
590 # or
591 salt-run nacl.enc 'myotherpass'
592 ADDFD0Rav6p6+63sojl7Htfrncp5rrDVyeE4BSPO7ipq8fZuLDIVAzQLf4PCbDqi+Fau5KD3/J/E+Pw=
593
Petr Michalec1f541c42017-08-17 13:30:37 +0200[diff] [blame]594NACL encrypted values on pillar:
595
596Use Boxed syntax `NACL[CryptedValue=]` to encode value on pillar:
597
598.. code-block:: yaml
599
600 my_pillar:
601 my_nacl:
602 key0: unencrypted_value
603 key1: NACL[hXTkJpC1hcKMS7yZVGESutWrkvzusXfETXkacSklIxYjfWDlMJmR37MlmthdIgjXpg4f2AlBKb8tc9Woma7q]
604
605NACL large files:
606
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]607.. code-block:: bash
608
Petr Michalec1f541c42017-08-17 13:30:37 +0200[diff] [blame]609 salt-call nacl.enc_file /tmp/cert.crt out=/srv/salt/env/dev/cert.nacl
610 # or more advanced
611 cert=$(cat /tmp/cert.crt)
612 salt-call --out=newline_values_only nacl.enc_pub data="$cert" > /srv/salt/env/dev/cert.nacl
613
Petr Michalec1f541c42017-08-17 13:30:37 +0200[diff] [blame]614NACL within template/native pillars:
615
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]616.. code-block:: yaml
617
Petr Michalec1f541c42017-08-17 13:30:37 +0200[diff] [blame]618 pillarexample:
619 user: root
620 password1: {{salt.nacl.dec('DRB7Q6/X5gGSRCTpZyxS6hlbWj0llUA+uaVyvou3vJ4=')|json}}
621 cert_key: {{salt.nacl.dec_file('/srv/salt/env/dev/certs/example.com/cert.nacl')|json}}
622 cert_key2: {{salt.nacl.dec_file('salt:///certs/example.com/cert2.nacl')|json}}
623
Ales Komarekd768f1c2018-01-30 22:37:18 +0100[diff] [blame]624Salt Syndic
Ales Komarek54740682017-05-15 07:16:23 +0200[diff] [blame]625-----------
626
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]627The master of masters:
Ales Komarek54740682017-05-15 07:16:23 +0200[diff] [blame]628
629.. code-block:: yaml
630
631 salt:
632 master:
633 enabled: true
634 order_masters: True
635
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]636Lower syndicated master:
Ales Komarek54740682017-05-15 07:16:23 +0200[diff] [blame]637
638.. code-block:: yaml
639
640 salt:
641 syndic:
642 enabled: true
643 master:
644 host: master-of-master-host
645 timeout: 5
646
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]647Syndicated master with multiple master of masters:
Ales Komarek54740682017-05-15 07:16:23 +0200[diff] [blame]648
649.. code-block:: yaml
650
651 salt:
652 syndic:
653 enabled: true
654 masters:
655 - host: master-of-master-host1
656 - host: master-of-master-host2
657 timeout: 5
658
Ales Komarekd768f1c2018-01-30 22:37:18 +0100[diff] [blame]659Salt Minion
660-----------
661
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]662Minion ID by default triggers dependency on Linux formula, as it uses fqdn
663configured from `linux.system.name` and `linux.system.domain` pillar.
664To override, provide exact minion ID you require. The same can be set for
665master ID rendered at ``master.conf``.
Petr Michaleccfd93e12018-06-26 18:11:44 +0200[diff] [blame]666
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]667 .. code-block:: yaml
Petr Michaleccfd93e12018-06-26 18:11:44 +0200[diff] [blame]668
669 salt:
670 minion:
671 id: minion1.production
672 master:
673 id: master.production
674
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]675Simplest Salt minion setup with central configuration node:
Ales Komarekd768f1c2018-01-30 22:37:18 +0100[diff] [blame]676
677.. literalinclude:: tests/pillar/minion_master.sls
678 :language: yaml
679
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]680Multi-master Salt minion setup:
Ales Komarekd768f1c2018-01-30 22:37:18 +0100[diff] [blame]681
682.. literalinclude:: tests/pillar/minion_multi_master.sls
683 :language: yaml
684
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]685Salt minion with salt mine options:
Ales Komarekd768f1c2018-01-30 22:37:18 +0100[diff] [blame]686
687.. literalinclude:: tests/pillar/minion_mine.sls
688 :language: yaml
689
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]690Salt minion with graphing dependencies:
Ales Komarekd768f1c2018-01-30 22:37:18 +0100[diff] [blame]691
692.. literalinclude:: tests/pillar/minion_graph.sls
693 :language: yaml
694
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]695Salt minion behind HTTP proxy:
Ales Komarekd768f1c2018-01-30 22:37:18 +0100[diff] [blame]696
697.. code-block:: yaml
698
699 salt:
700 minion:
701 proxy:
702 host: 127.0.0.1
703 port: 3128
704
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]705Salt minion to specify non-default HTTP backend. The default
706tornado backend does not respect HTTP proxy settings set as
707environment variables. This is useful for cases where you need
708to set no_proxy lists.
Ales Komarekd768f1c2018-01-30 22:37:18 +0100[diff] [blame]709
710.. code-block:: yaml
711
712 salt:
713 minion:
714 backend: urllib2
715
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]716Salt minion with PKI certificate authority (CA):
Ales Komarekd768f1c2018-01-30 22:37:18 +0100[diff] [blame]717
718.. literalinclude:: tests/pillar/minion_pki_ca.sls
719 :language: yaml
720
721Salt minion using PKI certificate
722
723.. literalinclude:: tests/pillar/minion_pki_cert.sls
724 :language: yaml
725
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]726Salt minion trust CA certificates issued by salt CA on a
727specific host (ie: salt-master node):
Ales Komarekd768f1c2018-01-30 22:37:18 +0100[diff] [blame]728
729.. code-block:: yaml
730
731 salt:
732 minion:
733 trusted_ca_minions:
734 - cfg01
735
Ales Komarekd768f1c2018-01-30 22:37:18 +0100[diff] [blame]736Salt Minion Proxy
737~~~~~~~~~~~~~~~~~
Jiri Broulika0f46682017-04-20 22:45:01 +0200[diff] [blame]738
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]739Salt proxy pillar:
Jiri Broulika0f46682017-04-20 22:45:01 +0200[diff] [blame]740
741.. code-block:: yaml
742
743 salt:
744 minion:
Jiri Broulik88275242017-05-24 17:21:17 +0200[diff] [blame]745 proxy_minion:
Jiri Broulika0f46682017-04-20 22:45:01 +0200[diff] [blame]746 master: localhost
747 device:
748 vsrx01.mydomain.local:
749 enabled: true
750 engine: napalm
751 csr1000v.mydomain.local:
752 enabled: true
753 engine: napalm
754
755.. note:: This is pillar of the the real salt-minion
756
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]757Proxy pillar for IOS device:
Jiri Broulika0f46682017-04-20 22:45:01 +0200[diff] [blame]758
759.. code-block:: yaml
760
761 proxy:
762 proxytype: napalm
763 driver: ios
764 host: csr1000v.mydomain.local
765 username: root
766 passwd: r00tme
767
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]768.. note:: This is pillar of the node thats not able to run
769 salt-minion itself.
Jiri Broulika0f46682017-04-20 22:45:01 +0200[diff] [blame]770
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]771Proxy pillar for JunOS device:
Jiri Broulika0f46682017-04-20 22:45:01 +0200[diff] [blame]772
773.. code-block:: yaml
774
775 proxy:
776 proxytype: napalm
777 driver: junos
778 host: vsrx01.mydomain.local
779 username: root
780 passwd: r00tme
781 optional_args:
782 config_format: set
783
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]784.. note:: This pillar applies to the node that can not run
785 salt-minion itself.
Ales Komarek8fb1da82016-08-21 23:52:03 +0200[diff] [blame]786
787Salt SSH
Ales Komarekd768f1c2018-01-30 22:37:18 +0100[diff] [blame]788~~~~~~~~
Ales Komarek8fb1da82016-08-21 23:52:03 +0200[diff] [blame]789
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]790Salt SSH with sudoer using key:
Ales Komarek8fb1da82016-08-21 23:52:03 +0200[diff] [blame]791
792.. literalinclude:: tests/pillar/master_ssh_minion_key.sls
793 :language: yaml
794
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]795Salt SSH with sudoer using password:
Ales Komarek8fb1da82016-08-21 23:52:03 +0200[diff] [blame]796
797.. literalinclude:: tests/pillar/master_ssh_minion_password.sls
798 :language: yaml
799
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]800Salt SSH with root using password:
Ales Komarek8fb1da82016-08-21 23:52:03 +0200[diff] [blame]801
802.. literalinclude:: tests/pillar/master_ssh_minion_root.sls
803 :language: yaml
804
Ales Komarek8ba9c0b2016-02-21 14:59:59 +0100[diff] [blame]805Salt control (cloud/kvm/docker)
806-------------------------------
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]807
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]808Salt cloud with local OpenStack provider:
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]809
Ales Komarek8ba9c0b2016-02-21 14:59:59 +0100[diff] [blame]810.. literalinclude:: tests/pillar/control_cloud_openstack.sls
811 :language: yaml
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]812
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]813Salt cloud with Digital Ocean provider:
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]814
Ales Komarek8ba9c0b2016-02-21 14:59:59 +0100[diff] [blame]815.. literalinclude:: tests/pillar/control_cloud_digitalocean.sls
816 :language: yaml
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]817
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]818Salt virt with KVM cluster:
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]819
Ales Komarek8ba9c0b2016-02-21 14:59:59 +0100[diff] [blame]820.. literalinclude:: tests/pillar/control_virt.sls
821 :language: yaml
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]822
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]823Salt virt with custom destination for image file:
Mateusz Los4c7cd2d2018-01-09 11:46:07 +0100[diff] [blame]824
825.. literalinclude:: tests/pillar/control_virt_custom.sls
826 :language: yaml
827
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]828Usage
829=====
830
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]831Working with salt-cloud:
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]832
833.. code-block:: bash
834
835 salt-cloud -m /path/to/map --assume-yes
836
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]837Debug LIBCLOUD for salt-cloud connection:
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]838
839.. code-block:: bash
840
841 export LIBCLOUD_DEBUG=/dev/stderr; salt-cloud --list-sizes provider_name --log-level all
842
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]843Read more
844=========
Filip Pytlounb4b80592015-10-06 16:28:32 +0200[diff] [blame]845
846* http://salt.readthedocs.org/en/latest/
847* https://github.com/DanielBryan/salt-state-graph
848* http://karlgrz.com/testing-salt-states-rapidly-with-docker/
849* https://mywushublog.com/2013/03/configuration-management-with-salt-stack/
850* http://russell.ballestrini.net/replace-the-nagios-scheduler-and-nrpe-with-salt-stack/
851* https://github.com/saltstack-formulas/salt-formula
852* http://docs.saltstack.com/en/latest/topics/tutorials/multimaster.html
853
854salt-cloud
855----------
856
857* http://www.blog.sandro-mathys.ch/2013/07/setting-user-password-when-launching.html
858* http://cloudinit.readthedocs.org/en/latest/topics/examples.html
859* http://salt-cloud.readthedocs.org/en/latest/topics/install/index.html
860* http://docs.saltstack.com/topics/cloud/digitalocean.html
861* http://salt-cloud.readthedocs.org/en/latest/topics/rackspace.html
862* http://salt-cloud.readthedocs.org/en/latest/topics/map.html
863* http://docs.saltstack.com/en/latest/topics/tutorials/multimaster.html
Ales Komarek8ba9c0b2016-02-21 14:59:59 +0100[diff] [blame]864
Filip Pytloun954dbd62017-02-02 13:02:03 +0100[diff] [blame]865Documentation and Bugs
866======================
867
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]868* http://salt-formulas.readthedocs.io/
869 Learn how to install and update salt-formulas
Filip Pytloun954dbd62017-02-02 13:02:03 +0100[diff] [blame]870
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]871* https://github.com/salt-formulas/salt-formula-salt/issues
872 In the unfortunate event that bugs are discovered, report the issue to the
873 appropriate issue tracker. Use the Github issue tracker for a specific salt
874 formula
Filip Pytloun954dbd62017-02-02 13:02:03 +0100[diff] [blame]875
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]876* https://launchpad.net/salt-formulas
877 For feature requests, bug reports, or blueprints affecting the entire
878 ecosystem, use the Launchpad salt-formulas project
Filip Pytloun954dbd62017-02-02 13:02:03 +0100[diff] [blame]879
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]880* https://launchpad.net/~salt-formulas-users
881 Join the salt-formulas-users team and subscribe to mailing list if required
Filip Pytloun954dbd62017-02-02 13:02:03 +0100[diff] [blame]882
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]883* https://github.com/salt-formulas/salt-formula-salt
884 Develop the salt-formulas projects in the master branch and then submit pull
885 requests against a specific formula
Filip Pytloun954dbd62017-02-02 13:02:03 +0100[diff] [blame]886
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300[diff] [blame]887* #salt-formulas @ irc.freenode.net
888 Use this IRC channel in case of any questions or feedback which is always
889 welcome
Filip Pytloun954dbd62017-02-02 13:02:03 +0100[diff] [blame]890