blob: 97910c94b54494450de6583f7c9b00a95d6252a4 [file] [log] [blame]
Filip Pytlounb4b80592015-10-06 16:28:32 +02001
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +03002=====
3Usage
4=====
Filip Pytlounb4b80592015-10-06 16:28:32 +02005
Ales Komarek54740682017-05-15 07:16:23 +02006Salt is a new approach to infrastructure management. Easy enough to get
7running in minutes, scalable enough to manage tens of thousands of servers,
8and fast enough to communicate with them in seconds.
Filip Pytlounb4b80592015-10-06 16:28:32 +02009
Ales Komarek54740682017-05-15 07:16:23 +020010Salt delivers a dynamic communication bus for infrastructures that can be used
11for orchestration, remote execution, configuration management and much more.
Filip Pytlounb4b80592015-10-06 16:28:32 +020012
Ales Komarek54740682017-05-15 07:16:23 +020013Sample Metadata
14===============
15
Ales Komarekd768f1c2018-01-30 22:37:18 +010016Salt Master
Filip Pytlounb4b80592015-10-06 16:28:32 +020017-----------
18
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +030019Salt master with base formulas and pillar metadata back end:
Filip Pytlounb4b80592015-10-06 16:28:32 +020020
Ales Komarek8ba9c0b2016-02-21 14:59:59 +010021.. literalinclude:: tests/pillar/master_single_pillar.sls
22 :language: yaml
Filip Pytlounb4b80592015-10-06 16:28:32 +020023
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +030024Salt master with reclass ENC metadata back end:
Filip Pytlounb4b80592015-10-06 16:28:32 +020025
Ales Komarek8ba9c0b2016-02-21 14:59:59 +010026.. literalinclude:: tests/pillar/master_single_reclass.sls
27 :language: yaml
Filip Pytlounb4b80592015-10-06 16:28:32 +020028
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +030029Salt master with Architect ENC metadata back end:
Ales Komarek459407b2018-01-18 17:16:31 +010030
31.. code-block:: yaml
32
33 salt:
34 master:
35 enabled: true
36 pillar:
37 engine: architect
38 project: project-name
39 host: architect-api
40 port: 8181
41 username: salt
42 password: password
43
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +030044Salt master with multiple ``ext_pillars``:
Petr Michalec1f541c42017-08-17 13:30:37 +020045
Dzmitry Stremkouski7b15d8a2018-08-11 22:02:45 +020046.. code-block:: yaml
47
48 salt:
49 master:
50 enabled: true
51 pillar:
52 engine: salt
53 source:
54 engine: local
55 ext_pillars:
56 1:
57 module: cmd_json
58 params: '"echo {\"arg\": \"val\"}"'
59 2:
60 module: cmd_yaml
61 params: /usr/local/bin/get_yml.sh
Petr Michalec1f541c42017-08-17 13:30:37 +020062
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +030063Salt master with API:
Filip Pytlounb4b80592015-10-06 16:28:32 +020064
Ales Komarekb2c8ff62016-08-22 00:20:01 +020065.. literalinclude:: tests/pillar/master_api.sls
66 :language: yaml
Ales Komarekcdb280f2016-07-27 15:37:51 +020067
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +030068Salt master with defined user ACLs:
Ales Komarekcdb280f2016-07-27 15:37:51 +020069
Ales Komarekb2c8ff62016-08-22 00:20:01 +020070.. literalinclude:: tests/pillar/master_acl.sls
71 :language: yaml
Filip Pytlounb4b80592015-10-06 16:28:32 +020072
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +030073Salt master with preset minions:
Filip Pytlounb4b80592015-10-06 16:28:32 +020074
75.. code-block:: yaml
76
77 salt:
78 master:
79 enabled: true
Filip Pytlounb4b80592015-10-06 16:28:32 +020080 minions:
81 - name: 'node1.system.location.domain.com'
82
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +030083Salt master with pip based installation (optional):
Adam Tenglercaedd972016-05-04 16:44:00 +020084
85.. code-block:: yaml
86
87 salt:
88 master:
89 enabled: true
90 ...
91 source:
92 engine: pip
93 version: 2016.3.0rc2
94
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +030095Install formula through system package management:
Adam Tengler3eb85ad2016-05-06 02:52:40 +020096
97.. code-block:: yaml
98
99 salt:
100 master:
101 enabled: true
102 ...
103 environment:
104 prd:
Petr Michalec7a2f1d22017-05-17 22:08:32 +0200105 keystone:
Adam Tengler3eb85ad2016-05-06 02:52:40 +0200106 source: pkg
107 name: salt-formula-keystone
Petr Michalec7a2f1d22017-05-17 22:08:32 +0200108 nova:
109 source: pkg
110 name: salt-formula-keystone
111 version: 0.1+0~20160818133412.24~1.gbp6e1ebb
112 postresql:
113 source: pkg
114 name: salt-formula-postgresql
115 version: purged
116
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300117Formula keystone is installed latest version and the formulas
118without version are installed in one call to aptpkg module.
119If the version attribute is present sls iterates over formulas
120and take action to install specific version or remove it.
121The version attribute may have these values
122``[latest|purged|removed|<VERSION>]``.
Adam Tengler3eb85ad2016-05-06 02:52:40 +0200123
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300124Clone master branch of keystone formula as local feature branch:
Adam Tengler3eb85ad2016-05-06 02:52:40 +0200125
126.. code-block:: yaml
127
128 salt:
129 master:
130 enabled: true
131 ...
132 environment:
133 dev:
134 formula:
135 keystone:
136 source: git
137 address: git@github.com:openstack/salt-formula-keystone.git
138 revision: master
139 branch: feature
140
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300141Salt master with specified formula refs (for example, for Gerrit
142review):
Adam Tengler3eb85ad2016-05-06 02:52:40 +0200143
144.. code-block:: yaml
145
146 salt:
147 master:
148 enabled: true
149 ...
150 environment:
151 dev:
152 formula:
153 keystone:
154 source: git
155 address: https://git.openstack.org/openstack/salt-formula-keystone
156 revision: refs/changes/56/123456/1
157
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300158Salt master logging configuration:
Oleksii Chupryn7b7102a2018-05-11 10:32:11 +0300159
160.. code-block:: yaml
161
162 salt:
163 master:
164 enabled: true
165 log:
166 level: warning
167 file: '/var/log/salt/master'
168 level_logfile: warning
169
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300170Salt minion logging configuration:
Oleksii Chupryn7b7102a2018-05-11 10:32:11 +0300171
172.. code-block:: yaml
173
174 salt:
175 minion:
176 enabled: true
177 log:
178 level: info
179 file: '/var/log/salt/minion'
180 level_logfile: warning
181
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300182Salt master with logging handlers:
Filip Pytlounb4b80592015-10-06 16:28:32 +0200183
184.. code-block:: yaml
185
186 salt:
187 master:
188 enabled: true
Ales Komarek8ba9c0b2016-02-21 14:59:59 +0100189 handler:
190 handler01:
191 engine: udp
192 bind:
193 host: 127.0.0.1
194 port: 9999
Filip Pytlounb4b80592015-10-06 16:28:32 +0200195 minion:
Ales Komarek8ba9c0b2016-02-21 14:59:59 +0100196 handler:
197 handler01:
198 engine: udp
199 bind:
200 host: 127.0.0.1
201 port: 9999
202 handler02:
203 engine: zmq
204 bind:
205 host: 127.0.0.1
206 port: 9999
207
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300208Salt engine definition for saltgraph metadata collector:
Ales Komareka9fc6e72017-09-06 15:02:40 +0200209
210.. code-block:: yaml
211
212 salt:
213 master:
214 engine:
215 graph_metadata:
216 engine: saltgraph
217 host: 127.0.0.1
218 port: 5432
219 user: salt
220 password: salt
221 database: salt
222
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300223Salt engine definition for Architect service:
Ales Komarek459407b2018-01-18 17:16:31 +0100224
225.. code-block:: yaml
226
227 salt:
228 master:
229 engine:
230 architect:
231 engine: architect
232 project: project-name
233 host: architect-api
234 port: 8181
235 username: salt
236 password: password
237
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300238Salt engine definition for sending events from docker events:
Ales Komareka9fc6e72017-09-06 15:02:40 +0200239
240.. code-block:: yaml
241
242 salt:
243 master:
244 engine:
245 docker_events:
246 docker_url: unix://var/run/docker.sock
247
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300248Salt master peer setup for remote certificate signing:
Jakub Pavlikd4859842016-05-23 10:48:04 +0200249
250.. code-block:: yaml
251
252 salt:
253 master:
254 peer:
255 ".*":
256 - x509.sign_remote_certificate
Filip Pytlounb4b80592015-10-06 16:28:32 +0200257
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300258Salt master backup configuration:
Ales Komarekb2ada522017-12-07 11:31:32 +0100259
260.. code-block:: yaml
261
262 salt:
263 master:
264 backup: true
265 initial_data:
266 engine: backupninja
Jiri Broulik3e281642018-03-02 18:17:21 +0100267 home_dir: remote-backup-home-dir
Ales Komarekb2ada522017-12-07 11:31:32 +0100268 source: backup-node-host
269 host: original-salt-master-id
270
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300271Configure verbosity of state output (used for :command:`salt`
272command):
Tomáš Kukrál8922aef2017-05-10 10:27:04 +0200273
274.. code-block:: yaml
275
276 salt:
277 master:
Tomáš Kukrál044667b2017-05-11 10:12:15 +0200278 state_output: changes
Tomáš Kukrál8922aef2017-05-10 10:27:04 +0200279
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300280Pass pillar render error to minion log:
Ales Komarekd768f1c2018-01-30 22:37:18 +0100281
282.. note:: When set to `False` this option is great for debuging.
283 However it is not recomended for any production environment as it may contain
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300284 templating data as passwords, and so on, that minion should not expose.
Ales Komarekd768f1c2018-01-30 22:37:18 +0100285
286.. code-block:: yaml
287
288 salt:
289 master:
290 pillar_safe_render_error: False
291
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300292Enable Windows repository support:
Ales Komarekf44e64c2018-05-29 10:22:31 +0200293
294.. code-block:: yaml
295
296 salt:
297 master:
298 win_repo:
299 source: git
300 address: https://github.com/saltstack/salt-winrepo-ng
301 revision: master
302
Ivan Suzdal7e2a2ca2018-08-23 12:31:19 +0400303Configure a gitfs_remotes resource:
304
305.. code-block:: yaml
306
307 salt:
308 master:
309 gitfs_remotes:
310 salt_formula:
Pavel Cizinsky6b67f5f2018-12-12 12:03:18 +0100311 url: https://gerrit.mcp.mirantis.com/salt-formulas/salt.git
Ivan Suzdal7e2a2ca2018-08-23 12:31:19 +0400312 enabled: true
313 params:
314 base: master
315
316Read more about gitfs resource options in the official Salt documentation.
317
318
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300319Event/Reactor systems
Ales Komarekd768f1c2018-01-30 22:37:18 +0100320~~~~~~~~~~~~~~~~~~~~~
Petr Michalec1f541c42017-08-17 13:30:37 +0200321
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300322Salt to synchronize node pillar and modules after start:
Ales Komarek54740682017-05-15 07:16:23 +0200323
324.. code-block:: yaml
325
326 salt:
327 master:
328 reactor:
329 salt/minion/*/start:
Ales Komareke7844d12017-06-08 12:00:01 +0200330 - salt://salt/reactor/node_start.sls
Ales Komarek54740682017-05-15 07:16:23 +0200331
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300332Trigger basic node install:
Ales Komareke7844d12017-06-08 12:00:01 +0200333
334.. code-block:: yaml
335
336 salt:
337 master:
338 reactor:
339 salt/minion/install:
340 - salt://salt/reactor/node_install.sls
341
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300342Sample event to trigger the node installation:
Ales Komareke7844d12017-06-08 12:00:01 +0200343
344.. code-block:: bash
345
346 salt-call event.send 'salt/minion/install'
347
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300348Run any defined orchestration pipeline:
Ales Komarek5c58de32017-06-06 11:49:32 +0200349
350.. code-block:: yaml
351
352 salt:
353 master:
354 reactor:
355 salt/orchestrate/start:
356 - salt://salt/reactor/orchestrate_start.sls
357
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300358Event to trigger the orchestration pipeline:
Ales Komarek5c58de32017-06-06 11:49:32 +0200359
360.. code-block:: bash
361
Ales Komareke7844d12017-06-08 12:00:01 +0200362 salt-call event.send 'salt/orchestrate/start' "{'orchestrate': 'salt/orchestrate/infra_install.sls'}"
Ales Komarek5c58de32017-06-06 11:49:32 +0200363
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300364Synchronise modules and pillars on minion start:
Ales Komarek3ed7c432017-08-24 16:15:49 +0200365
366.. code-block:: yaml
367
368 salt:
369 master:
370 reactor:
371 'salt/minion/*/start':
372 - salt://salt/reactor/minion_start.sls
373
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300374Add and/or remove the minion key:
Ales Komarek5c58de32017-06-06 11:49:32 +0200375
376.. code-block:: yaml
377
378 salt:
379 master:
380 reactor:
Ales Komarek213fbe02017-08-21 16:39:05 +0200381 salt/key/create:
382 - salt://salt/reactor/key_create.sls
383 salt/key/remove:
384 - salt://salt/reactor/key_remove.sls
Ales Komarek5c58de32017-06-06 11:49:32 +0200385
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300386Event to trigger the key creation:
Ales Komarek5c58de32017-06-06 11:49:32 +0200387
388.. code-block:: bash
389
Adam Tengler62188962017-09-04 13:34:44 +0000390 salt-call event.send 'salt/key/create' \
391 > "{'node_id': 'id-of-minion', 'node_host': '172.16.10.100', 'orch_post_create': 'kubernetes.orchestrate.compute_install', 'post_create_pillar': {'node_name': 'id-of-minion'}}"
Ales Komarek5c58de32017-06-06 11:49:32 +0200392
Ales Komarek213fbe02017-08-21 16:39:05 +0200393.. note::
394
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300395 You can add pass additional ``orch_pre_create``, ``orch_post_create``,
396 ``orch_pre_remove`` or ``orch_post_remove`` parameters to the event
397 to call extra orchestrate files. This can be useful for example for
Ales Komarek213fbe02017-08-21 16:39:05 +0200398 registering/unregistering nodes from the monitoring alarms or dashboards.
399
400 The key creation event needs to be run from other machine than the one
401 being registered.
402
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300403Event to trigger the key removal:
Ales Komarek213fbe02017-08-21 16:39:05 +0200404
405.. code-block:: bash
406
407 salt-call event.send 'salt/key/remove'
Ales Komarek54740682017-05-15 07:16:23 +0200408
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300409Control VM provisioning:
Dzmitry Stremkouski7ee23402018-04-10 00:43:48 +0200410
411.. code-block:: yaml
412
Dzmitry Stremkouski97927ee2018-08-23 23:20:38 +0200413 _param:
Dzmitry Stremkouski30c7d2f2019-01-16 23:40:36 +0100414 vcp_links: &vcp_links
415 - type: phy
416 id: ens2
417 name: ens2
Dzmitry Stremkouski97927ee2018-08-23 23:20:38 +0200418 private-ipv4: &private-ipv4
419 - id: private-ipv4
420 type: ipv4
421 link: ens2
422 netmask: 255.255.255.0
423 routes:
424 - gateway: 192.168.0.1
425 netmask: 0.0.0.0
426 network: 0.0.0.0
Dzmitry Stremkouski7ee23402018-04-10 00:43:48 +0200427 virt:
428 disk:
429 three_disks:
430 - system:
431 size: 4096
432 image: ubuntu.qcow
433 - repository_snapshot:
434 size: 8192
435 image: snapshot.qcow
436 - cinder-volume:
437 size: 2048
Ondrej Smolae6bcb292018-04-13 10:56:39 +0200438 nic:
439 control:
440 - name: nic01
441 bridge: br-pxe
442 model: virtio
443 - name: nic02
444 bridge: br-cp
445 model: virtio
446 - name: nic03
447 bridge: br-store-front
448 model: virtio
449 - name: nic04
450 bridge: br-public
451 model: virtio
Roman Lubianyi8a7640e2021-04-29 17:51:47 +0300452 driver:
453 name: vhost
454 # Optional value. If not set - equal to quantity CPU of VM
455 queues: '2'
456 # Optional values. Must be a power of 2 between 256 and 1024
457 tx_queue_size: '1024'
458 rx_queue_size: '1024'
Dzmitry Stremkouskib8acf1f2018-06-28 12:56:23 +0200459 - name: nic05
460 bridge: br-prv
461 model: virtio
462 virtualport:
463 type: openvswitch
Ondrej Smolae6bcb292018-04-13 10:56:39 +0200464
Dzmitry Stremkouski7ee23402018-04-10 00:43:48 +0200465 salt:
466 control:
467 enabled: true
468 virt_enabled: true
469 size:
470 medium_three_disks:
471 cpu: 2
472 ram: 4
473 disk_profile: three_disks
474 cluster:
475 mycluster:
476 domain: neco.virt.domain.com
477 engine: virt
Martin Horak9e11aa22018-09-17 06:46:59 +0200478 # Cluster global settings
Ondrej Smolac7f6cfc2018-05-21 15:55:08 +0200479 rng: false
Martin Horak9e11aa22018-09-17 06:46:59 +0200480 enable_vnc: True
Andrei Danin996e2092018-09-10 21:58:23 -0700481 seed: cloud-init
Dzmitry Stremkouski97927ee2018-08-23 23:20:38 +0200482 cloud_init:
483 user_data:
484 disable_ec2_metadata: true
485 resize_rootfs: True
486 timezone: UTC
487 ssh_deletekeys: True
488 ssh_genkeytypes: ['rsa', 'dsa', 'ecdsa']
489 ssh_svcname: ssh
490 locale: en_US.UTF-8
491 disable_root: true
492 apt_preserve_sources_list: false
493 apt:
494 sources_list: ""
495 sources:
496 ubuntu.list:
497 source: ${linux:system:repo:ubuntu:source}
498 mcp_saltstack.list:
499 source: ${linux:system:repo:mcp_saltstack:source}
Dzmitry Stremkouski7ee23402018-04-10 00:43:48 +0200500 node:
501 ubuntu1:
502 provider: node01.domain.com
503 image: ubuntu.qcow
504 size: medium
505 img_dest: /var/lib/libvirt/ssdimages
Martin Horak9e11aa22018-09-17 06:46:59 +0200506 # Node settings override cluster global ones
507 enable_vnc: False
Dzmitry Stremkouski7ee23402018-04-10 00:43:48 +0200508 rng:
509 backend: /dev/urandom
510 model: random
511 rate:
512 period: '1800'
513 bytes: '1500'
Alexandru Avadanii00f187a2018-06-24 20:36:44 +0200514 # Custom per-node loader definition (e.g. for AArch64 UEFI)
515 loader:
516 readonly: yes
517 type: pflash
518 path: /usr/share/AAVMF/AAVMF_CODE.fd
519 machine: virt-2.11 # Custom per-node virt machine type
520 cpu_mode: host-passthrough
Pavel Cizinskyf03c4e82018-09-10 14:56:11 +0200521 cpuset: '1-4'
Ondrej Smolae6bcb292018-04-13 10:56:39 +0200522 mac:
523 nic01: AC:DE:48:AA:AA:AA
524 nic02: AC:DE:48:AA:AA:BB
Dzmitry Stremkouski97927ee2018-08-23 23:20:38 +0200525 # netconfig affects: hostname during boot
526 # manual interfaces configuration
527 cloud_init:
528 network_data:
Dzmitry Stremkouski30c7d2f2019-01-16 23:40:36 +0100529 links: *vcp_links
Dzmitry Stremkouski97927ee2018-08-23 23:20:38 +0200530 networks:
531 - <<: *private-ipv4
532 ip_address: 192.168.0.161
Andrei Danin996e2092018-09-10 21:58:23 -0700533 user_data:
534 salt_minion:
535 conf:
536 master: 10.1.1.1
537 ubuntu2:
538 seed: qemu-nbd
539 cloud_init:
540 enabled: false
541
542There are two methods to seed an initial Salt minion configuration to
543Libvirt VMs: mount a disk and update a filesystem or create a ConfigDrive with
544a Cloud-init config. This is controlled by the "seed" parameter on cluster and
545node levels. When set to _True_ or "qemu-nbd", the old method of mounting a disk
546will be used. When set to "cloud-init", the new method will be used. When set
547to _False_, no seeding will happen. The default value is _True_, meaning
548the "qemu-nbd" method will be used. This is done for backward compatibility
549and may be changed in future.
550
551The recommended method is to use Cloud-init.
552It's controlled by the "cloud_init" dictionary on cluster and node levels.
553Node level parameters are merged on top of cluster level parameters.
554The Salt Minion config is populated automatically based on a VM name and config
555settings of the minion who is actually executing a state. To override them,
556add the "salt_minion" section into the "user_data" section as shown above.
557It is possible to disable Cloud-init by setting "cloud_init.enabled" to _False_.
Ondrej Smolae6bcb292018-04-13 10:56:39 +0200558
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300559To enable Redis plugin for the Salt caching subsystem, use the
560below pillar structure:
Oleh Hryhorovca6b9172018-06-21 14:21:35 +0000561
562.. code-block:: yaml
563
564 salt:
565 master:
566 cache:
567 plugin: redis
568 host: localhost
569 port: 6379
570 db: '0'
571 password: pass_word
572 bank_prefix: 'MCP'
573 bank_keys_prefix: 'MCPKEY'
574 key_prefix: 'KEY'
575 separator: '@'
Ondrej Smolae6bcb292018-04-13 10:56:39 +0200576
Petr Michalecdf75d682018-02-07 13:43:53 +0100577Jinja options
578-------------
579
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300580Use the following options to update default Jinja renderer options.
581Salt recognize Jinja options for templates and for the ``sls`` files.
Petr Michalecdf75d682018-02-07 13:43:53 +0100582
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300583For full list of options, see Jinja documentation:
584http://jinja.pocoo.org/docs/api/#high-level-api
Petr Michalecdf75d682018-02-07 13:43:53 +0100585
586.. code-block:: yaml
587
Petr Michalecdf75d682018-02-07 13:43:53 +0100588 salt:
589 renderer:
590 # for templates
591 jinja: &jina_env
592 # Default Jinja environment options
593 block_start_string: '{%'
594 block_end_string: '%}'
595 variable_start_string: '{{'
596 variable_end_string: '}}'
597 comment_start_string: '{#'
598 comment_end_string: '#}'
599 keep_trailing_newline: False
600 newline_sequence: '\n'
601
602 # Next two are enabled by default in Salt
603 trim_blocks: True
604 lstrip_blocks: True
605
606 # Next two are not enabled by default in Salt
607 # but worth to consider to enable in future for salt-formulas
608 line_statement_prefix: '%'
609 line_comment_prefix: '##'
610
611 # for .sls state files
612 jinja_sls: *jinja_env
613
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300614With the ``line_statement/comment* _prefix`` options enabled following
615code statements are valid:
Petr Michalecdf75d682018-02-07 13:43:53 +0100616
617.. code-block:: yaml
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +0300618
Petr Michalecdf75d682018-02-07 13:43:53 +0100619 %- set myvar = 'one'
620
621 ## You can mix even with '{%'
622 {%- set myvar = 'two' %} ## comment
623 %- set mylist = ['one', 'two', 'three'] ## comment
624
625 ## comment
626 %- for item in mylist: ## comment
627 {{- item }}
628 %- endfor
629
Ivan Berezovskiy8aee9922019-07-15 18:21:22 +0400630Provision VM with secured image source.
631
632.. code-block:: yaml
633
634 salt:
635 control:
636 cluster:
637 mycluster:
638 domain: mydomain.com
639 engine: virt
640 node:
641 ubuntu01:
642 image_source:
643 secured: true
644 protocol: http
645 user: foo
646 password: bar
647 url_prefix: mirror.com
648 url_path: xenial/image.qcow2
649
650Provision several VMs with same secured image source.
651
652 salt:
653 control:
654 common_image_source:
655 protocol: https
656 user: foo
657 password: bar
658 url_prefix: mirror.com
659 cluster:
660 mycluster:
661 domain: mydomain.com
662 engine: virt
663 node:
664 ubuntu01:
665 image_source:
666 secured: true
667 url_path: xenial/ubuntu.qcow2
668 debian01:
669 image_source:
670 secured: true
671 url_path: stretch/debian.qcow2
672
Dzmitry Stremkouskib71ada92019-04-05 22:37:59 +0200673MCP Cluster health checks
674~~~~~~~~~~~~~~~~~~~~~~~~~
675
676Swiss army knife toolset for verifying MCP cluster health.
677
678.. note:: Health checks are tested with salt modules >= 2017.7.
679
680Install health_checks module:
681
682.. code-block:: bash
683
684 cp health_checks.py /usr/share/salt-formulas/env/_modules/health_checks.py
685 salt -C '*' saltutil.sync_all
686
687Usually exit codes are not catched and salt-call for a module
688will always return exit 0 regardless of errors in output.
689If you want control exit code for scripting, you should pass
690**--retcode-passthrough** to each salt call:
691
692.. code-block:: bash
693
694 salt-call health_checks.minions_check --retcode-passthrough
695
696Verify if minions are online.
697Use it to determine which minions are offline.
698
699.. code-block:: bash
700
701 salt-call health_checks.minions_check
702
703Verify time diff on your minions:
704
705.. code-block:: bash
706
707 salt-call health_checks.time_diff_check
708
709In case of failure, dump diff JSON:
710
711.. code-block:: bash
712
713 salt-call health_checks.time_diff_check debug=True --out=json
714
715Get JSON stats from ntpq:
716
717.. code-block:: bash
718
719 salt-call health_checks.ntp_status
720
721Verify NTP peers status on the environment:
722
723.. code-block:: bash
724
725 salt-call health_checks.ntp_check
726 salt-call health_checks.ntp_check min_peers=2 max_stratum=2
727
Dzmitry Stremkouski83b9c162019-09-25 09:41:45 +0200728List vrouter namespaces on contrail computes:
729
730.. code-block:: bash
731
732 salt -C 'I@opencontrail:compute' health_checks.list_namespaces
733
Dzmitry Stremkouskib71ada92019-04-05 22:37:59 +0200734Verify contrail nodes contrail-status output:
735
736.. code-block:: bash
737
738 salt-call health_checks.contrail_check debug=True
Dzmitry Stremkouski83b9c162019-09-25 09:41:45 +0200739 salt-call health_checks.contrail_check nodetool_expected_size=2 debug=True
Dzmitry Stremkouskib71ada92019-04-05 22:37:59 +0200740
741Verify galera cluster status:
742
743.. code-block:: bash
744
745 salt-call health_checks.galera_check debug=True
746 salt-call health_checks.galera_check cluster_size=3 debug=True
747
748Verify rabbitmq cluster status:
749
750.. code-block:: bash
751
752 salt-call health_checks.mysql_check debug=True
753
754Get rabbitmq json objects on command execution.
755
756.. warning:: This code is experimental. It is a hack to convert erlang object to JSON. May fail.
757
758.. code-block:: bash
759
760 salt-call health_checks.rabbitmq_cmd status
761 salt-call health_checks.rabbitmq_cmd cluster_status
762 salt-call health_checks.rabbitmq_cmd list_hashes
763 salt-call health_checks.rabbitmq_cmd list_ciphers
764
Dzmitry Stremkouskif1bcbb52019-04-11 15:48:24 +0200765Get rabbitmq json dict of queues on the node (vhost '/' by default)
766
767.. code-block:: bash
768
769 salt -C 's-msg01*' health_checks.rabbitmq_list_queues
770 salt -C 's-msg01*' health_checks.rabbitmq_list_queues /openstack
771
Dzmitry Stremkouskib71ada92019-04-05 22:37:59 +0200772Verify haproxy upstream status:
773
774.. code-block:: bash
775
776 salt-call health_checks.haproxy_check debug=True
777 salt-call health_checks.haproxy_check ignore_no_upstream=True
778
779Get haproxy JSON stats (native python calls to socket):
780
781.. code-block:: bash
782
783 salt-call health_checks.haproxy_status
784 salt-call health_checks.haproxy_status socket_path='/var/run/haproxy/admin.sock' stats_filter=['status']
785
786Verify disk space usage:
787
788.. code-block:: bash
789
790 salt-call health_checks.df_check
791 salt-call health_checks.df_check verify=space space_limit=90 ignore_partitions=['/']
792
793Verify disk inodes usage:
794
795.. code-block:: bash
796
797 salt-call health_checks.df_check verify=inodes
798 salt-call health_checks.df_check verify=inodes inode_limit=10
799
800Verify load average on the environment:
801
802.. code-block:: bash
803
804 salt-call health_checks.load_check
805 salt-call health_checks.load_check la1=4 la5=1 la15=1
806
807Verify ifaces rx/tx drops:
808
809.. code-block:: bash
810
811 salt-call health_checks.netdev_check
812 salt-call health_checks.netdev_check rx_drop_limit=0 tx_drop_limit=0
813
814Verify memory usage:
815
816.. code-block:: bash
817
818 salt-call health_checks.mem_check
819 salt-call health_checks.mem_check used_limit=50
820
Dzmitry Stremkouskif1bcbb52019-04-11 15:48:24 +0200821Verify ceph health status:
822
823.. code-block:: bash
824
825 salt-call health_checks.ceph_health_check
826 salt-call health_checks.ceph_health_check target=s-mon01* target_type=glob debug=True
827
828Execute arbitrary ceph command and get JSON output:
829
830.. code-block:: bash
831
832 salt -C 'cmn01*' health_checks.ceph_cmd 'osd tree'
833
834Retrieve docker registry recursively:
835
836.. code-block:: bash
837
838 salt-call health_checks.docker_registry_list s-apt01:5000
839 salt-call health_checks.docker_registry_list http://127.0.0.1:5000
840
Dzmitry Stremkouski7cd10fc2019-04-17 11:51:59 +0200841Retrieve docker containers list on target server:
842
843.. code-block:: bash
844
845 salt -C 'cid01*' health_checks.docker_ps
846 salt -C 'cid01*' health_checks.docker_ps list_all=1
847
Dzmitry Stremkouskif1bcbb52019-04-11 15:48:24 +0200848Retrieve glusterfs pool list:
849
850.. code-block:: bash
851
852 salt -C 'I@glusterfs:server and *02*' health_checks.gluster_pool_list
853
854Retrieve glusterfs volumes status:
855
856.. code-block:: bash
857
858 salt -C 'I@glusterfs:server and *02*' health_checks.gluster_volume_status
859
860Check glusterfs pool health and size:
861
862.. code-block:: bash
863
864 salt-call health_checks.gluster_pool_check
865 salt-call health_checks.gluster_pool_check expected_size=5
866
867Check glusterfs volumes bricks health and size:
868
869.. code-block:: bash
870
871 salt-call health_checks.gluster_volumes_check
872 salt-call health_checks.gluster_volumes_check expected_size=1 ignore_volumes=['/srv/volumes/aptly']
873
Dzmitry Stremkouski7cd10fc2019-04-17 11:51:59 +0200874Retrieve entropy size for host:
875
876.. code-block:: bash
877
878 salt -C 'msg02*' health_checks.get_entropy
879
880Check entropy size on all nodes:
881
882.. code-block:: bash
883
884 salt-call health_checks.entropy_check
885 salt-call health_checks.entropy_check minimum_bits=1000
886
Dzmitry Stremkouskib71ada92019-04-05 22:37:59 +0200887
Dzmitry Stremkouski2c709f22019-04-22 02:27:54 +0200888Execute zookeeper cmds via socket:
889
890.. code-block:: bash
891
892 salt -C s-ntw01* health_checks.zookeeper_cmd conf
893 salt -C s-ntw01* health_checks.zookeeper_cmd envi
894
895Retrieve zookeeper stats:
896
897.. code-block:: bash
898
899 salt -C s-ntw01* health_checks.zookeeper_stats
900
901Retrieve zookeeper leader:
902
903.. code-block:: bash
904
905 salt-call health_checks.get_zookeeper_leader
906
907Fetch contrail vrouter list from control node
908
909.. code-block:: bash
910
911 salt -C s-ntw01* health_checks.contrail_vrouter_list
912
913Fetch contrail vrouter summary from control node
914
915.. code-block:: bash
916
917 salt -C s-ntw01* health_checks.contrail_vrouter_show <vr_uuid>
918
919Fetch contrail vrouter agent connections from compute node
920
921.. code-block:: bash
922
923 salt -C cmp001* health_checks.contrail_vrouter_agent_status
924
Dzmitry Stremkouski36290202019-05-05 21:26:25 +0200925Retrieve contrail vrouter agent status from analyticsdb
926
927.. code-block:: bash
928
929 salt-call health_checks.contrail_collector_agent_status
930
931Retrieve filtered contrail vrouter agent info from analyticsdb
932
933.. code-block:: bash
934
935 salt-call health_checks.contrail_vrouter_agent_info cmp001
936
Dzmitry Stremkouskia78a04d2019-07-13 11:05:03 +0200937Retrieve contrail control peers summary
938
939.. code-block:: bash
940
941 salt -C s-ntw01* health_checks.contrail_control_peers_summary
942
943Retrieve contrail control filtered peers info
944
945.. code-block:: bash
946
947 salt -C s-ntw03* health_checks.contrail_control_peer_status
948
Dzmitry Stremkouski9d2a5562019-08-08 19:56:38 +0200949Fetch contrail nodes contrail processes uptime:
950
951.. code-block:: bash
952
953 salt -C 'I@opencontrail:compute' health_checks.contrail_process_list debug=True
954 salt -C 'I@opencontrail:control' health_checks.contrail_process_list role=controller debug=True
955
Dzmitry Stremkouski2c709f22019-04-22 02:27:54 +0200956Fetch libvirt supported machine types for compute node
957
958.. code-block:: bash
959
960 salt -C 'I@opencontrail:compute' health_checks.libvirt_capabilities
961
Dzmitry Stremkouski480c84a2019-10-17 19:33:18 +0200962Check if contrail elements are connected to each other
963
964.. code-block:: bash
965
966 salt-call health_checks.contrail_mesh_check
967 salt-call health_checks.contrail_mesh_check debug=True
968
969Check if contrail elements are connected to each other and DNS names match
970
971.. code-block:: bash
972
973 salt-call health_checks.contrail_mesh_check strict=True
974
Dzmitry Stremkouski88275d32019-07-23 19:42:42 +0200975Check keystone fernet keys are in sync
976
977.. code-block:: bash
978
979 salt-call health_checks.keystone_keys_check
980 salt-call health_checks.keystone_keys_check keys_dir='/var/lib/keystone/fernet-keys'
981
982Check keystone credential keys are in sync
983
984.. code-block:: bash
985
986 salt-call health_checks.keystone_keys_check keys_type='credential'
987
Dzmitry Stremkouski1ce1b352019-11-02 10:47:14 +0100988Retrieve cinder db release codename
989
990.. code-block:: bash
991
992 salt-call health_checks.get_cinder_db_versions db_host='192.168.0.50' db_user='cinder' \
993 db_pass='password'
994
995Retrieve glance db release codename
996
997.. code-block:: bash
998
999 salt-call health_checks.get_glance_db_versions db_host='192.168.0.50' db_user='glance' \
1000 db_pass='password'
1001
1002Retrieve heat db release codename
1003
1004.. code-block:: bash
1005
1006 salt-call health_checks.get_heat_db_versions db_host='192.168.0.50' db_user='heat' \
1007 db_pass='password'
1008
1009Retrieve neutron db release codename
1010
1011.. code-block:: bash
1012
1013 salt-call health_checks.get_neutron_db_versions db_host='192.168.0.50' db_user='neutron' \
1014 db_pass='password'
1015
1016Retrieve keystone db release codename
1017
1018.. code-block:: bash
1019
1020 salt-call health_checks.get_keystone_db_versions db_host='192.168.0.50' db_user='keystone' \
1021 db_pass='password'
1022
1023Retrieve nova db release codename
1024
1025.. code-block:: bash
1026
1027 salt-call health_checks.get_nova_db_versions db_host='192.168.0.50' db_user='nova' \
1028 db_pass='password' db_api_user='nova' db_api_pass='api_password'
1029
1030Retrieve openstack db release codenames
1031
1032.. code-block:: bash
1033
1034 salt-call health_checks.list_db_versions
1035
Dzmitry Stremkouski2c709f22019-04-22 02:27:54 +02001036
Petr Michalecdf75d682018-02-07 13:43:53 +01001037Encrypted pillars
Ales Komarekd768f1c2018-01-30 22:37:18 +01001038~~~~~~~~~~~~~~~~~
Petr Michalec1f541c42017-08-17 13:30:37 +02001039
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +03001040.. note:: NACL and the below configuration will be available in Salt > 2017.7.
Petr Michalec1f541c42017-08-17 13:30:37 +02001041
1042External resources:
1043
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +03001044- Tutorial to configure the Salt and Reclass ``ext_pillar`` and NACL:
1045 http://apealive.net/post/2017-09-salt-nacl-ext-pillar/
1046- SaltStack documentation:
1047 https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.nacl.html
Petr Michalec1f541c42017-08-17 13:30:37 +02001048
1049Configure salt NACL module:
1050
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +03001051.. code-block:: bash
Petr Michalec1f541c42017-08-17 13:30:37 +02001052
1053 pip install --upgrade libnacl===1.5.2
1054 salt-call --local nacl.keygen /etc/salt/pki/master/nacl
1055
1056 local:
1057 saved sk_file:/etc/salt/pki/master/nacl pk_file: /etc/salt/pki/master/nacl.pub
1058
Petr Michalec1f541c42017-08-17 13:30:37 +02001059.. code-block:: yaml
1060
1061 salt:
1062 master:
1063 pillar:
1064 reclass: *reclass
1065 nacl:
1066 index: 99
1067 nacl:
1068 box_type: sealedbox
1069 sk_file: /etc/salt/pki/master/nacl
1070 pk_file: /etc/salt/pki/master/nacl.pub
1071 #sk: None
1072 #pk: None
1073
1074NACL encrypt secrets:
1075
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +03001076.. code-block:: bash
1077
Petr Michalec1f541c42017-08-17 13:30:37 +02001078 salt-call --local nacl.enc 'my_secret_value' pk_file=/etc/salt/pki/master/nacl.pub
1079 hXTkJpC1hcKMS7yZVGESutWrkvzusXfETXkacSklIxYjfWDlMJmR37MlmthdIgjXpg4f2AlBKb8tc9Woma7q
1080 # or
1081 salt-run nacl.enc 'myotherpass'
1082 ADDFD0Rav6p6+63sojl7Htfrncp5rrDVyeE4BSPO7ipq8fZuLDIVAzQLf4PCbDqi+Fau5KD3/J/E+Pw=
1083
Petr Michalec1f541c42017-08-17 13:30:37 +02001084NACL encrypted values on pillar:
1085
1086Use Boxed syntax `NACL[CryptedValue=]` to encode value on pillar:
1087
1088.. code-block:: yaml
1089
1090 my_pillar:
1091 my_nacl:
1092 key0: unencrypted_value
1093 key1: NACL[hXTkJpC1hcKMS7yZVGESutWrkvzusXfETXkacSklIxYjfWDlMJmR37MlmthdIgjXpg4f2AlBKb8tc9Woma7q]
1094
1095NACL large files:
1096
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +03001097.. code-block:: bash
1098
Petr Michalec1f541c42017-08-17 13:30:37 +02001099 salt-call nacl.enc_file /tmp/cert.crt out=/srv/salt/env/dev/cert.nacl
1100 # or more advanced
1101 cert=$(cat /tmp/cert.crt)
1102 salt-call --out=newline_values_only nacl.enc_pub data="$cert" > /srv/salt/env/dev/cert.nacl
1103
Petr Michalec1f541c42017-08-17 13:30:37 +02001104NACL within template/native pillars:
1105
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +03001106.. code-block:: yaml
1107
Petr Michalec1f541c42017-08-17 13:30:37 +02001108 pillarexample:
1109 user: root
1110 password1: {{salt.nacl.dec('DRB7Q6/X5gGSRCTpZyxS6hlbWj0llUA+uaVyvou3vJ4=')|json}}
1111 cert_key: {{salt.nacl.dec_file('/srv/salt/env/dev/certs/example.com/cert.nacl')|json}}
1112 cert_key2: {{salt.nacl.dec_file('salt:///certs/example.com/cert2.nacl')|json}}
1113
Ales Komarekd768f1c2018-01-30 22:37:18 +01001114Salt Syndic
Ales Komarek54740682017-05-15 07:16:23 +02001115-----------
1116
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +03001117The master of masters:
Ales Komarek54740682017-05-15 07:16:23 +02001118
1119.. code-block:: yaml
1120
1121 salt:
1122 master:
1123 enabled: true
1124 order_masters: True
1125
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +03001126Lower syndicated master:
Ales Komarek54740682017-05-15 07:16:23 +02001127
1128.. code-block:: yaml
1129
1130 salt:
1131 syndic:
1132 enabled: true
1133 master:
1134 host: master-of-master-host
1135 timeout: 5
1136
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +03001137Syndicated master with multiple master of masters:
Ales Komarek54740682017-05-15 07:16:23 +02001138
1139.. code-block:: yaml
1140
1141 salt:
1142 syndic:
1143 enabled: true
1144 masters:
1145 - host: master-of-master-host1
1146 - host: master-of-master-host2
1147 timeout: 5
1148
Ales Komarekd768f1c2018-01-30 22:37:18 +01001149Salt Minion
1150-----------
1151
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +03001152Minion ID by default triggers dependency on Linux formula, as it uses fqdn
1153configured from `linux.system.name` and `linux.system.domain` pillar.
1154To override, provide exact minion ID you require. The same can be set for
1155master ID rendered at ``master.conf``.
Petr Michaleccfd93e12018-06-26 18:11:44 +02001156
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +03001157 .. code-block:: yaml
Petr Michaleccfd93e12018-06-26 18:11:44 +02001158
1159 salt:
1160 minion:
1161 id: minion1.production
1162 master:
1163 id: master.production
1164
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +03001165Simplest Salt minion setup with central configuration node:
Ales Komarekd768f1c2018-01-30 22:37:18 +01001166
1167.. literalinclude:: tests/pillar/minion_master.sls
1168 :language: yaml
1169
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +03001170Multi-master Salt minion setup:
Ales Komarekd768f1c2018-01-30 22:37:18 +01001171
1172.. literalinclude:: tests/pillar/minion_multi_master.sls
1173 :language: yaml
1174
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +03001175Salt minion with salt mine options:
Ales Komarekd768f1c2018-01-30 22:37:18 +01001176
1177.. literalinclude:: tests/pillar/minion_mine.sls
1178 :language: yaml
1179
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +03001180Salt minion with graphing dependencies:
Ales Komarekd768f1c2018-01-30 22:37:18 +01001181
1182.. literalinclude:: tests/pillar/minion_graph.sls
1183 :language: yaml
1184
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +03001185Salt minion behind HTTP proxy:
Ales Komarekd768f1c2018-01-30 22:37:18 +01001186
1187.. code-block:: yaml
1188
1189 salt:
1190 minion:
1191 proxy:
1192 host: 127.0.0.1
1193 port: 3128
1194
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +03001195Salt minion to specify non-default HTTP backend. The default
1196tornado backend does not respect HTTP proxy settings set as
1197environment variables. This is useful for cases where you need
1198to set no_proxy lists.
Ales Komarekd768f1c2018-01-30 22:37:18 +01001199
1200.. code-block:: yaml
1201
1202 salt:
1203 minion:
1204 backend: urllib2
1205
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +03001206Salt minion with PKI certificate authority (CA):
Ales Komarekd768f1c2018-01-30 22:37:18 +01001207
1208.. literalinclude:: tests/pillar/minion_pki_ca.sls
1209 :language: yaml
1210
1211Salt minion using PKI certificate
1212
1213.. literalinclude:: tests/pillar/minion_pki_cert.sls
1214 :language: yaml
1215
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +03001216Salt minion trust CA certificates issued by salt CA on a
1217specific host (ie: salt-master node):
Ales Komarekd768f1c2018-01-30 22:37:18 +01001218
1219.. code-block:: yaml
1220
1221 salt:
1222 minion:
1223 trusted_ca_minions:
1224 - cfg01
1225
Ales Komarekd768f1c2018-01-30 22:37:18 +01001226Salt Minion Proxy
1227~~~~~~~~~~~~~~~~~
Jiri Broulika0f46682017-04-20 22:45:01 +02001228
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +03001229Salt proxy pillar:
Jiri Broulika0f46682017-04-20 22:45:01 +02001230
1231.. code-block:: yaml
1232
1233 salt:
1234 minion:
Jiri Broulik88275242017-05-24 17:21:17 +02001235 proxy_minion:
Jiri Broulika0f46682017-04-20 22:45:01 +02001236 master: localhost
1237 device:
1238 vsrx01.mydomain.local:
1239 enabled: true
1240 engine: napalm
1241 csr1000v.mydomain.local:
1242 enabled: true
1243 engine: napalm
1244
1245.. note:: This is pillar of the the real salt-minion
1246
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +03001247Proxy pillar for IOS device:
Jiri Broulika0f46682017-04-20 22:45:01 +02001248
1249.. code-block:: yaml
1250
1251 proxy:
1252 proxytype: napalm
1253 driver: ios
1254 host: csr1000v.mydomain.local
1255 username: root
1256 passwd: r00tme
1257
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +03001258.. note:: This is pillar of the node thats not able to run
1259 salt-minion itself.
Jiri Broulika0f46682017-04-20 22:45:01 +02001260
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +03001261Proxy pillar for JunOS device:
Jiri Broulika0f46682017-04-20 22:45:01 +02001262
1263.. code-block:: yaml
1264
1265 proxy:
1266 proxytype: napalm
1267 driver: junos
1268 host: vsrx01.mydomain.local
1269 username: root
1270 passwd: r00tme
1271 optional_args:
1272 config_format: set
1273
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +03001274.. note:: This pillar applies to the node that can not run
1275 salt-minion itself.
Ales Komarek8fb1da82016-08-21 23:52:03 +02001276
1277Salt SSH
Ales Komarekd768f1c2018-01-30 22:37:18 +01001278~~~~~~~~
Ales Komarek8fb1da82016-08-21 23:52:03 +02001279
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +03001280Salt SSH with sudoer using key:
Ales Komarek8fb1da82016-08-21 23:52:03 +02001281
1282.. literalinclude:: tests/pillar/master_ssh_minion_key.sls
1283 :language: yaml
1284
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +03001285Salt SSH with sudoer using password:
Ales Komarek8fb1da82016-08-21 23:52:03 +02001286
1287.. literalinclude:: tests/pillar/master_ssh_minion_password.sls
1288 :language: yaml
1289
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +03001290Salt SSH with root using password:
Ales Komarek8fb1da82016-08-21 23:52:03 +02001291
1292.. literalinclude:: tests/pillar/master_ssh_minion_root.sls
1293 :language: yaml
1294
Ales Komarek8ba9c0b2016-02-21 14:59:59 +01001295Salt control (cloud/kvm/docker)
1296-------------------------------
Filip Pytlounb4b80592015-10-06 16:28:32 +02001297
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +03001298Salt cloud with local OpenStack provider:
Filip Pytlounb4b80592015-10-06 16:28:32 +02001299
Ales Komarek8ba9c0b2016-02-21 14:59:59 +01001300.. literalinclude:: tests/pillar/control_cloud_openstack.sls
1301 :language: yaml
Filip Pytlounb4b80592015-10-06 16:28:32 +02001302
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +03001303Salt cloud with Digital Ocean provider:
Filip Pytlounb4b80592015-10-06 16:28:32 +02001304
Ales Komarek8ba9c0b2016-02-21 14:59:59 +01001305.. literalinclude:: tests/pillar/control_cloud_digitalocean.sls
1306 :language: yaml
Filip Pytlounb4b80592015-10-06 16:28:32 +02001307
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +03001308Salt virt with KVM cluster:
Filip Pytlounb4b80592015-10-06 16:28:32 +02001309
Ales Komarek8ba9c0b2016-02-21 14:59:59 +01001310.. literalinclude:: tests/pillar/control_virt.sls
1311 :language: yaml
Filip Pytlounb4b80592015-10-06 16:28:32 +02001312
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +03001313Salt virt with custom destination for image file:
Mateusz Los4c7cd2d2018-01-09 11:46:07 +01001314
1315.. literalinclude:: tests/pillar/control_virt_custom.sls
1316 :language: yaml
1317
Dmitry Teselkin9b3097a2018-11-21 15:45:07 +03001318Salt shared library
1319-------------------
1320
1321This formula includes 'sharedlib' execution module which is a kind
1322of 'library' of function and / or classes to be used in Jinja templates
1323or directly as execution module.
1324
1325'sharedlib' implements a loader that is able to scan nested directories
1326and import Python classes / functions from nested modules. Salt doesn't
1327allow this as it only imports top-level modules:
1328
1329https://github.com/saltstack/salt/issues/37273
1330
1331'sharedlib' implements 4 main functions:
1332
1333* 'sharedlib.list' - search and print functions / classes found in nested directories
1334* 'sharedlib.info' - print docstring of a function (if it exists)
1335* 'sharedlib.get' - get function / class object, but not execute it immediately
1336* 'sharedlib.call' - get function / class and execute / initialize it with
1337 arguments given.
1338
1339Each of the commands above also have it's own docstring so it's possible to
1340use them on a system:
1341
1342.. code-block:: text
1343
1344 # salt-call sys.doc sharedlib.list
1345 local:
1346 ----------
1347 sharedlib.list:
1348
1349 List available functions.
1350
1351 .. code-block::
1352
1353 salt-call sharedlib.list
1354
1355Usage examples:
1356
1357.. code-block:: text
1358
1359 # salt-call sharedlib.list
1360 local:
1361 ----------
1362 sharedlib.list:
1363 ----------
1364 classes:
1365 - misc.Test
1366 - misc2.Test
1367 functions:
1368 - misc.cast_dict_keys_to_int
1369
1370.. code-block:: text
1371
1372 # salt-call sharedlib.info misc.cast_dict_keys_to_int
1373 local:
1374 ----------
1375 sharedlib.info:
1376 ----------
1377 misc.cast_dict_keys_to_int:
1378
1379 Return a dictionary with keys casted to int.
1380 This usually is required when you want sort the dict later.
1381
1382 Jinja example:
1383
1384 .. code-block: jinja
1385
1386 {%- set ruleset = salt['sharedlib.call']('misc.cast_dict_keys_to_int', c.get('ruleset', {})) %}
1387
1388 .. code-block:: jinja
1389
1390 {%- set func = salt['sharedlib.get']('misc.cast_dict_keys_to_int') %}
1391 {%- for c_name, c in t.chains.items() %}
1392 {%- set ruleset = func(c.get('ruleset', {})) %}
1393 {%- for rule_id, r in ruleset | dictsort %}
1394 ...
1395 {%- endfor %}
1396
Oleksandr Shyshko17176942019-02-06 17:08:23 +02001397Procedure of Data model and Schemas validation.
1398-------------------
1399Salt formula supports several mechanisms which allows to validate data model by jsonschema validator.
1400It supports unversioned schemas which must be contained at:
1401
1402.. code-block:: text
1403 'salt://{}/schemas/{}.yaml'.format(service, role)
1404
1405and/or versioned schemas which must be contained at:
1406
1407.. code-block:: text
1408 'salt://{}/schemas/{}/{}.yaml'.format(service, version, role)
1409
1410Returns list of all defined schema files.
1411
1412.. code-block:: bash
1413 salt-call modelschema.schema_list
1414
1415Returns pillar schema for given service and role.
1416
1417.. code-block:: bash
1418
1419 salt-call modelschema.schema_get ntp server
1420 .. or ..
1421 salt-call modelschema.schema_get keystone server pike
1422
1423Validates pillar schema itself of given service and role.
1424
1425.. code-block:: bash
1426
1427 salt-call modelschema.schema_validate ntp server
1428 .. or ..
1429 salt-call modelschema.schema_validate keystone server pike
1430
1431Validates pillar metadata by schema for given service and role.
1432
1433.. code-block:: bash
1434
1435 salt-call modelschema.model_validate ntp server
1436 .. or ..
1437 salt-call modelschema.model_validate keystone server pike
1438
1439Validates pillar metadata by schema for given service and role.
1440
1441.. code-block:: bash
1442 salt-run modelschema.data_validate {'a': 'b'} {'a': 'b'}
1443
1444Generate pillar schema skeleton for given service. Method iterates throught
1445test pillars and generates schema scaffold structure in JSON format that
1446can be passed to service like http://jsonschema.net/ to get the basic
1447schema for the individual roles of the service.
1448
1449.. code-block:: bash
1450
1451 salt-call modelschema.schema_from_tests ntp
1452 .. or ..
1453 salt-call modelschema.schema_from_tests keystone pike
1454
1455You can read more about it here:
1456 http://json-schema.org/implementations.html
1457 https://github.com/Julian/jsonschema
Dmitry Teselkin9b3097a2018-11-21 15:45:07 +03001458
Filip Pytlounb4b80592015-10-06 16:28:32 +02001459Usage
1460=====
1461
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +03001462Working with salt-cloud:
Filip Pytlounb4b80592015-10-06 16:28:32 +02001463
1464.. code-block:: bash
1465
1466 salt-cloud -m /path/to/map --assume-yes
1467
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +03001468Debug LIBCLOUD for salt-cloud connection:
Filip Pytlounb4b80592015-10-06 16:28:32 +02001469
1470.. code-block:: bash
1471
1472 export LIBCLOUD_DEBUG=/dev/stderr; salt-cloud --list-sizes provider_name --log-level all
1473
OlgaGusarenkof1fd82e2018-07-31 01:20:49 +03001474Read more
1475=========
Filip Pytlounb4b80592015-10-06 16:28:32 +02001476
1477* http://salt.readthedocs.org/en/latest/
1478* https://github.com/DanielBryan/salt-state-graph
1479* http://karlgrz.com/testing-salt-states-rapidly-with-docker/
1480* https://mywushublog.com/2013/03/configuration-management-with-salt-stack/
1481* http://russell.ballestrini.net/replace-the-nagios-scheduler-and-nrpe-with-salt-stack/
1482* https://github.com/saltstack-formulas/salt-formula
1483* http://docs.saltstack.com/en/latest/topics/tutorials/multimaster.html
1484
1485salt-cloud
1486----------
1487
1488* http://www.blog.sandro-mathys.ch/2013/07/setting-user-password-when-launching.html
1489* http://cloudinit.readthedocs.org/en/latest/topics/examples.html
1490* http://salt-cloud.readthedocs.org/en/latest/topics/install/index.html
1491* http://docs.saltstack.com/topics/cloud/digitalocean.html
1492* http://salt-cloud.readthedocs.org/en/latest/topics/rackspace.html
1493* http://salt-cloud.readthedocs.org/en/latest/topics/map.html
1494* http://docs.saltstack.com/en/latest/topics/tutorials/multimaster.html