Blame - README.rst - salt-formulas/salt

blob: f0abbc4fac92c4c351f5eeed777b07fa5f4ae807 [file] [log] [blame]

Filip Pytloun	b4b8059	2015-10-06 16:28:32 +0200	[diff] [blame]	1
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	2	=====
				3	Usage
				4	=====
Filip Pytloun	b4b8059	2015-10-06 16:28:32 +0200	[diff] [blame]	5
Ales Komarek	5474068	2017-05-15 07:16:23 +0200	[diff] [blame]	6	Salt is a new approach to infrastructure management. Easy enough to get
				7	running in minutes, scalable enough to manage tens of thousands of servers,
				8	and fast enough to communicate with them in seconds.
Filip Pytloun	b4b8059	2015-10-06 16:28:32 +0200	[diff] [blame]	9
Ales Komarek	5474068	2017-05-15 07:16:23 +0200	[diff] [blame]	10	Salt delivers a dynamic communication bus for infrastructures that can be used
				11	for orchestration, remote execution, configuration management and much more.
Filip Pytloun	b4b8059	2015-10-06 16:28:32 +0200	[diff] [blame]	12
Ales Komarek	5474068	2017-05-15 07:16:23 +0200	[diff] [blame]	13	Sample Metadata
				14	===============
				15
Ales Komarek	d768f1c	2018-01-30 22:37:18 +0100	[diff] [blame]	16	Salt Master
Filip Pytloun	b4b8059	2015-10-06 16:28:32 +0200	[diff] [blame]	17	-----------
				18
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	19	Salt master with base formulas and pillar metadata back end:
Filip Pytloun	b4b8059	2015-10-06 16:28:32 +0200	[diff] [blame]	20
Ales Komarek	8ba9c0b	2016-02-21 14:59:59 +0100	[diff] [blame]	21	.. literalinclude:: tests/pillar/master_single_pillar.sls
				22	:language: yaml
Filip Pytloun	b4b8059	2015-10-06 16:28:32 +0200	[diff] [blame]	23
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	24	Salt master with reclass ENC metadata back end:
Filip Pytloun	b4b8059	2015-10-06 16:28:32 +0200	[diff] [blame]	25
Ales Komarek	8ba9c0b	2016-02-21 14:59:59 +0100	[diff] [blame]	26	.. literalinclude:: tests/pillar/master_single_reclass.sls
				27	:language: yaml
Filip Pytloun	b4b8059	2015-10-06 16:28:32 +0200	[diff] [blame]	28
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	29	Salt master with Architect ENC metadata back end:
Ales Komarek	459407b	2018-01-18 17:16:31 +0100	[diff] [blame]	30
				31	.. code-block:: yaml
				32
				33	salt:
				34	master:
				35	enabled: true
				36	pillar:
				37	engine: architect
				38	project: project-name
				39	host: architect-api
				40	port: 8181
				41	username: salt
				42	password: password
				43
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	44	Salt master with multiple ``ext_pillars``:
Petr Michalec	1f541c4	2017-08-17 13:30:37 +0200	[diff] [blame]	45
				46	.. literalinclude:: tests/pillar/master_single_extpillars.sls
				47	:language: yaml
				48
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	49	Salt master with API:
Filip Pytloun	b4b8059	2015-10-06 16:28:32 +0200	[diff] [blame]	50
Ales Komarek	b2c8ff6	2016-08-22 00:20:01 +0200	[diff] [blame]	51	.. literalinclude:: tests/pillar/master_api.sls
				52	:language: yaml
Ales Komarek	cdb280f	2016-07-27 15:37:51 +0200	[diff] [blame]	53
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	54	Salt master with defined user ACLs:
Ales Komarek	cdb280f	2016-07-27 15:37:51 +0200	[diff] [blame]	55
Ales Komarek	b2c8ff6	2016-08-22 00:20:01 +0200	[diff] [blame]	56	.. literalinclude:: tests/pillar/master_acl.sls
				57	:language: yaml
Filip Pytloun	b4b8059	2015-10-06 16:28:32 +0200	[diff] [blame]	58
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	59	Salt master with preset minions:
Filip Pytloun	b4b8059	2015-10-06 16:28:32 +0200	[diff] [blame]	60
				61	.. code-block:: yaml
				62
				63	salt:
				64	master:
				65	enabled: true
Filip Pytloun	b4b8059	2015-10-06 16:28:32 +0200	[diff] [blame]	66	minions:
				67	- name: 'node1.system.location.domain.com'
				68
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	69	Salt master with pip based installation (optional):
Adam Tengler	caedd97	2016-05-04 16:44:00 +0200	[diff] [blame]	70
				71	.. code-block:: yaml
				72
				73	salt:
				74	master:
				75	enabled: true
				76	...
				77	source:
				78	engine: pip
				79	version: 2016.3.0rc2
				80
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	81	Install formula through system package management:
Adam Tengler	3eb85ad	2016-05-06 02:52:40 +0200	[diff] [blame]	82
				83	.. code-block:: yaml
				84
				85	salt:
				86	master:
				87	enabled: true
				88	...
				89	environment:
				90	prd:
Petr Michalec	7a2f1d2	2017-05-17 22:08:32 +0200	[diff] [blame]	91	keystone:
Adam Tengler	3eb85ad	2016-05-06 02:52:40 +0200	[diff] [blame]	92	source: pkg
				93	name: salt-formula-keystone
Petr Michalec	7a2f1d2	2017-05-17 22:08:32 +0200	[diff] [blame]	94	nova:
				95	source: pkg
				96	name: salt-formula-keystone
				97	version: 0.1+0~20160818133412.24~1.gbp6e1ebb
				98	postresql:
				99	source: pkg
				100	name: salt-formula-postgresql
				101	version: purged
				102
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	103	Formula keystone is installed latest version and the formulas
				104	without version are installed in one call to aptpkg module.
				105	If the version attribute is present sls iterates over formulas
				106	and take action to install specific version or remove it.
				107	The version attribute may have these values
				108	``[latest\|purged\|removed\|<VERSION>]``.
Adam Tengler	3eb85ad	2016-05-06 02:52:40 +0200	[diff] [blame]	109
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	110	Clone master branch of keystone formula as local feature branch:
Adam Tengler	3eb85ad	2016-05-06 02:52:40 +0200	[diff] [blame]	111
				112	.. code-block:: yaml
				113
				114	salt:
				115	master:
				116	enabled: true
				117	...
				118	environment:
				119	dev:
				120	formula:
				121	keystone:
				122	source: git
				123	address: git@github.com:openstack/salt-formula-keystone.git
				124	revision: master
				125	branch: feature
				126
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	127	Salt master with specified formula refs (for example, for Gerrit
				128	review):
Adam Tengler	3eb85ad	2016-05-06 02:52:40 +0200	[diff] [blame]	129
				130	.. code-block:: yaml
				131
				132	salt:
				133	master:
				134	enabled: true
				135	...
				136	environment:
				137	dev:
				138	formula:
				139	keystone:
				140	source: git
				141	address: https://git.openstack.org/openstack/salt-formula-keystone
				142	revision: refs/changes/56/123456/1
				143
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	144	Salt master logging configuration:
Oleksii Chupryn	7b7102a	2018-05-11 10:32:11 +0300	[diff] [blame]	145
				146	.. code-block:: yaml
				147
				148	salt:
				149	master:
				150	enabled: true
				151	log:
				152	level: warning
				153	file: '/var/log/salt/master'
				154	level_logfile: warning
				155
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	156	Salt minion logging configuration:
Oleksii Chupryn	7b7102a	2018-05-11 10:32:11 +0300	[diff] [blame]	157
				158	.. code-block:: yaml
				159
				160	salt:
				161	minion:
				162	enabled: true
				163	log:
				164	level: info
				165	file: '/var/log/salt/minion'
				166	level_logfile: warning
				167
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	168	Salt master with logging handlers:
Filip Pytloun	b4b8059	2015-10-06 16:28:32 +0200	[diff] [blame]	169
				170	.. code-block:: yaml
				171
				172	salt:
				173	master:
				174	enabled: true
Ales Komarek	8ba9c0b	2016-02-21 14:59:59 +0100	[diff] [blame]	175	handler:
				176	handler01:
				177	engine: udp
				178	bind:
				179	host: 127.0.0.1
				180	port: 9999
Filip Pytloun	b4b8059	2015-10-06 16:28:32 +0200	[diff] [blame]	181	minion:
Ales Komarek	8ba9c0b	2016-02-21 14:59:59 +0100	[diff] [blame]	182	handler:
				183	handler01:
				184	engine: udp
				185	bind:
				186	host: 127.0.0.1
				187	port: 9999
				188	handler02:
				189	engine: zmq
				190	bind:
				191	host: 127.0.0.1
				192	port: 9999
				193
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	194	Salt engine definition for saltgraph metadata collector:
Ales Komarek	a9fc6e7	2017-09-06 15:02:40 +0200	[diff] [blame]	195
				196	.. code-block:: yaml
				197
				198	salt:
				199	master:
				200	engine:
				201	graph_metadata:
				202	engine: saltgraph
				203	host: 127.0.0.1
				204	port: 5432
				205	user: salt
				206	password: salt
				207	database: salt
				208
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	209	Salt engine definition for Architect service:
Ales Komarek	459407b	2018-01-18 17:16:31 +0100	[diff] [blame]	210
				211	.. code-block:: yaml
				212
				213	salt:
				214	master:
				215	engine:
				216	architect:
				217	engine: architect
				218	project: project-name
				219	host: architect-api
				220	port: 8181
				221	username: salt
				222	password: password
				223
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	224	Salt engine definition for sending events from docker events:
Ales Komarek	a9fc6e7	2017-09-06 15:02:40 +0200	[diff] [blame]	225
				226	.. code-block:: yaml
				227
				228	salt:
				229	master:
				230	engine:
				231	docker_events:
				232	docker_url: unix://var/run/docker.sock
				233
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	234	Salt master peer setup for remote certificate signing:
Jakub Pavlik	d485984	2016-05-23 10:48:04 +0200	[diff] [blame]	235
				236	.. code-block:: yaml
				237
				238	salt:
				239	master:
				240	peer:
				241	".*":
				242	- x509.sign_remote_certificate
Filip Pytloun	b4b8059	2015-10-06 16:28:32 +0200	[diff] [blame]	243
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	244	Salt master backup configuration:
Ales Komarek	b2ada52	2017-12-07 11:31:32 +0100	[diff] [blame]	245
				246	.. code-block:: yaml
				247
				248	salt:
				249	master:
				250	backup: true
				251	initial_data:
				252	engine: backupninja
Jiri Broulik	3e28164	2018-03-02 18:17:21 +0100	[diff] [blame]	253	home_dir: remote-backup-home-dir
Ales Komarek	b2ada52	2017-12-07 11:31:32 +0100	[diff] [blame]	254	source: backup-node-host
				255	host: original-salt-master-id
				256
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	257	Configure verbosity of state output (used for :command:`salt`
				258	command):
Tomáš Kukrál	8922aef	2017-05-10 10:27:04 +0200	[diff] [blame]	259
				260	.. code-block:: yaml
				261
				262	salt:
				263	master:
Tomáš Kukrál	044667b	2017-05-11 10:12:15 +0200	[diff] [blame]	264	state_output: changes
Tomáš Kukrál	8922aef	2017-05-10 10:27:04 +0200	[diff] [blame]	265
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	266	Pass pillar render error to minion log:
Ales Komarek	d768f1c	2018-01-30 22:37:18 +0100	[diff] [blame]	267
				268	.. note:: When set to `False` this option is great for debuging.
				269	However it is not recomended for any production environment as it may contain
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	270	templating data as passwords, and so on, that minion should not expose.
Ales Komarek	d768f1c	2018-01-30 22:37:18 +0100	[diff] [blame]	271
				272	.. code-block:: yaml
				273
				274	salt:
				275	master:
				276	pillar_safe_render_error: False
				277
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	278	Enable Windows repository support:
Ales Komarek	f44e64c	2018-05-29 10:22:31 +0200	[diff] [blame]	279
				280	.. code-block:: yaml
				281
				282	salt:
				283	master:
				284	win_repo:
				285	source: git
				286	address: https://github.com/saltstack/salt-winrepo-ng
				287	revision: master
				288
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	289	Event/Reactor systems
Ales Komarek	d768f1c	2018-01-30 22:37:18 +0100	[diff] [blame]	290	~~~~~~~~~~~~~~~~~~~~~
Petr Michalec	1f541c4	2017-08-17 13:30:37 +0200	[diff] [blame]	291
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	292	Salt to synchronize node pillar and modules after start:
Ales Komarek	5474068	2017-05-15 07:16:23 +0200	[diff] [blame]	293
				294	.. code-block:: yaml
				295
				296	salt:
				297	master:
				298	reactor:
				299	salt/minion/*/start:
Ales Komarek	e7844d1	2017-06-08 12:00:01 +0200	[diff] [blame]	300	- salt://salt/reactor/node_start.sls
Ales Komarek	5474068	2017-05-15 07:16:23 +0200	[diff] [blame]	301
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	302	Trigger basic node install:
Ales Komarek	e7844d1	2017-06-08 12:00:01 +0200	[diff] [blame]	303
				304	.. code-block:: yaml
				305
				306	salt:
				307	master:
				308	reactor:
				309	salt/minion/install:
				310	- salt://salt/reactor/node_install.sls
				311
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	312	Sample event to trigger the node installation:
Ales Komarek	e7844d1	2017-06-08 12:00:01 +0200	[diff] [blame]	313
				314	.. code-block:: bash
				315
				316	salt-call event.send 'salt/minion/install'
				317
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	318	Run any defined orchestration pipeline:
Ales Komarek	5c58de3	2017-06-06 11:49:32 +0200	[diff] [blame]	319
				320	.. code-block:: yaml
				321
				322	salt:
				323	master:
				324	reactor:
				325	salt/orchestrate/start:
				326	- salt://salt/reactor/orchestrate_start.sls
				327
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	328	Event to trigger the orchestration pipeline:
Ales Komarek	5c58de3	2017-06-06 11:49:32 +0200	[diff] [blame]	329
				330	.. code-block:: bash
				331
Ales Komarek	e7844d1	2017-06-08 12:00:01 +0200	[diff] [blame]	332	salt-call event.send 'salt/orchestrate/start' "{'orchestrate': 'salt/orchestrate/infra_install.sls'}"
Ales Komarek	5c58de3	2017-06-06 11:49:32 +0200	[diff] [blame]	333
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	334	Synchronise modules and pillars on minion start:
Ales Komarek	3ed7c43	2017-08-24 16:15:49 +0200	[diff] [blame]	335
				336	.. code-block:: yaml
				337
				338	salt:
				339	master:
				340	reactor:
				341	'salt/minion/*/start':
				342	- salt://salt/reactor/minion_start.sls
				343
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	344	Add and/or remove the minion key:
Ales Komarek	5c58de3	2017-06-06 11:49:32 +0200	[diff] [blame]	345
				346	.. code-block:: yaml
				347
				348	salt:
				349	master:
				350	reactor:
Ales Komarek	213fbe0	2017-08-21 16:39:05 +0200	[diff] [blame]	351	salt/key/create:
				352	- salt://salt/reactor/key_create.sls
				353	salt/key/remove:
				354	- salt://salt/reactor/key_remove.sls
Ales Komarek	5c58de3	2017-06-06 11:49:32 +0200	[diff] [blame]	355
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	356	Event to trigger the key creation:
Ales Komarek	5c58de3	2017-06-06 11:49:32 +0200	[diff] [blame]	357
				358	.. code-block:: bash
				359
Adam Tengler	6218896	2017-09-04 13:34:44 +0000	[diff] [blame]	360	salt-call event.send 'salt/key/create' \
				361	> "{'node_id': 'id-of-minion', 'node_host': '172.16.10.100', 'orch_post_create': 'kubernetes.orchestrate.compute_install', 'post_create_pillar': {'node_name': 'id-of-minion'}}"
Ales Komarek	5c58de3	2017-06-06 11:49:32 +0200	[diff] [blame]	362
Ales Komarek	213fbe0	2017-08-21 16:39:05 +0200	[diff] [blame]	363	.. note::
				364
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	365	You can add pass additional ``orch_pre_create``, ``orch_post_create``,
				366	``orch_pre_remove`` or ``orch_post_remove`` parameters to the event
				367	to call extra orchestrate files. This can be useful for example for
Ales Komarek	213fbe0	2017-08-21 16:39:05 +0200	[diff] [blame]	368	registering/unregistering nodes from the monitoring alarms or dashboards.
				369
				370	The key creation event needs to be run from other machine than the one
				371	being registered.
				372
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	373	Event to trigger the key removal:
Ales Komarek	213fbe0	2017-08-21 16:39:05 +0200	[diff] [blame]	374
				375	.. code-block:: bash
				376
				377	salt-call event.send 'salt/key/remove'
Ales Komarek	5474068	2017-05-15 07:16:23 +0200	[diff] [blame]	378
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	379	Control VM provisioning:
Dzmitry Stremkouski	7ee2340	2018-04-10 00:43:48 +0200	[diff] [blame]	380
				381	.. code-block:: yaml
				382
				383	virt:
				384	disk:
				385	three_disks:
				386	- system:
				387	size: 4096
				388	image: ubuntu.qcow
				389	- repository_snapshot:
				390	size: 8192
				391	image: snapshot.qcow
				392	- cinder-volume:
				393	size: 2048
Ondrej Smola	e6bcb29	2018-04-13 10:56:39 +0200	[diff] [blame]	394	nic:
				395	control:
				396	- name: nic01
				397	bridge: br-pxe
				398	model: virtio
				399	- name: nic02
				400	bridge: br-cp
				401	model: virtio
				402	- name: nic03
				403	bridge: br-store-front
				404	model: virtio
				405	- name: nic04
				406	bridge: br-public
				407	model: virtio
Dzmitry Stremkouski	b8acf1f	2018-06-28 12:56:23 +0200	[diff] [blame]	408	- name: nic05
				409	bridge: br-prv
				410	model: virtio
				411	virtualport:
				412	type: openvswitch
Ondrej Smola	e6bcb29	2018-04-13 10:56:39 +0200	[diff] [blame]	413
Dzmitry Stremkouski	7ee2340	2018-04-10 00:43:48 +0200	[diff] [blame]	414	salt:
				415	control:
				416	enabled: true
				417	virt_enabled: true
				418	size:
				419	medium_three_disks:
				420	cpu: 2
				421	ram: 4
				422	disk_profile: three_disks
				423	cluster:
				424	mycluster:
				425	domain: neco.virt.domain.com
				426	engine: virt
Ondrej Smola	c7f6cfc	2018-05-21 15:55:08 +0200	[diff] [blame]	427	#Option to set rng globaly
				428	rng: false
Dzmitry Stremkouski	7ee2340	2018-04-10 00:43:48 +0200	[diff] [blame]	429	node:
				430	ubuntu1:
				431	provider: node01.domain.com
				432	image: ubuntu.qcow
				433	size: medium
				434	img_dest: /var/lib/libvirt/ssdimages
Ondrej Smola	c7f6cfc	2018-05-21 15:55:08 +0200	[diff] [blame]	435	#Rng defined on node will have higher priority then global one
Dzmitry Stremkouski	7ee2340	2018-04-10 00:43:48 +0200	[diff] [blame]	436	rng:
				437	backend: /dev/urandom
				438	model: random
				439	rate:
				440	period: '1800'
				441	bytes: '1500'
Ondrej Smola	e6bcb29	2018-04-13 10:56:39 +0200	[diff] [blame]	442	mac:
				443	nic01: AC:DE:48:AA:AA:AA
				444	nic02: AC:DE:48:AA:AA:BB
				445
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	446	To enable Redis plugin for the Salt caching subsystem, use the
				447	below pillar structure:
Oleh Hryhorov	ca6b917	2018-06-21 14:21:35 +0000	[diff] [blame]	448
				449	.. code-block:: yaml
				450
				451	salt:
				452	master:
				453	cache:
				454	plugin: redis
				455	host: localhost
				456	port: 6379
				457	db: '0'
				458	password: pass_word
				459	bank_prefix: 'MCP'
				460	bank_keys_prefix: 'MCPKEY'
				461	key_prefix: 'KEY'
				462	separator: '@'
Ondrej Smola	e6bcb29	2018-04-13 10:56:39 +0200	[diff] [blame]	463
Petr Michalec	df75d68	2018-02-07 13:43:53 +0100	[diff] [blame]	464	Jinja options
				465	-------------
				466
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	467	Use the following options to update default Jinja renderer options.
				468	Salt recognize Jinja options for templates and for the ``sls`` files.
Petr Michalec	df75d68	2018-02-07 13:43:53 +0100	[diff] [blame]	469
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	470	For full list of options, see Jinja documentation:
				471	http://jinja.pocoo.org/docs/api/#high-level-api
Petr Michalec	df75d68	2018-02-07 13:43:53 +0100	[diff] [blame]	472
				473	.. code-block:: yaml
				474
Petr Michalec	df75d68	2018-02-07 13:43:53 +0100	[diff] [blame]	475	salt:
				476	renderer:
				477	# for templates
				478	jinja: &jina_env
				479	# Default Jinja environment options
				480	block_start_string: '{%'
				481	block_end_string: '%}'
				482	variable_start_string: '{{'
				483	variable_end_string: '}}'
				484	comment_start_string: '{#'
				485	comment_end_string: '#}'
				486	keep_trailing_newline: False
				487	newline_sequence: '\n'
				488
				489	# Next two are enabled by default in Salt
				490	trim_blocks: True
				491	lstrip_blocks: True
				492
				493	# Next two are not enabled by default in Salt
				494	# but worth to consider to enable in future for salt-formulas
				495	line_statement_prefix: '%'
				496	line_comment_prefix: '##'
				497
				498	# for .sls state files
				499	jinja_sls: *jinja_env
				500
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	501	With the ``line_statement/comment* _prefix`` options enabled following
				502	code statements are valid:
Petr Michalec	df75d68	2018-02-07 13:43:53 +0100	[diff] [blame]	503
				504	.. code-block:: yaml
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	505
Petr Michalec	df75d68	2018-02-07 13:43:53 +0100	[diff] [blame]	506	%- set myvar = 'one'
				507
				508	## You can mix even with '{%'
				509	{%- set myvar = 'two' %} ## comment
				510	%- set mylist = ['one', 'two', 'three'] ## comment
				511
				512	## comment
				513	%- for item in mylist: ## comment
				514	{{- item }}
				515	%- endfor
				516
Petr Michalec	df75d68	2018-02-07 13:43:53 +0100	[diff] [blame]	517	Encrypted pillars
Ales Komarek	d768f1c	2018-01-30 22:37:18 +0100	[diff] [blame]	518	~~~~~~~~~~~~~~~~~
Petr Michalec	1f541c4	2017-08-17 13:30:37 +0200	[diff] [blame]	519
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	520	.. note:: NACL and the below configuration will be available in Salt > 2017.7.
Petr Michalec	1f541c4	2017-08-17 13:30:37 +0200	[diff] [blame]	521
				522	External resources:
				523
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	524	- Tutorial to configure the Salt and Reclass ``ext_pillar`` and NACL:
				525	http://apealive.net/post/2017-09-salt-nacl-ext-pillar/
				526	- SaltStack documentation:
				527	https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.nacl.html
Petr Michalec	1f541c4	2017-08-17 13:30:37 +0200	[diff] [blame]	528
				529	Configure salt NACL module:
				530
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	531	.. code-block:: bash
Petr Michalec	1f541c4	2017-08-17 13:30:37 +0200	[diff] [blame]	532
				533	pip install --upgrade libnacl===1.5.2
				534	salt-call --local nacl.keygen /etc/salt/pki/master/nacl
				535
				536	local:
				537	saved sk_file:/etc/salt/pki/master/nacl pk_file: /etc/salt/pki/master/nacl.pub
				538
Petr Michalec	1f541c4	2017-08-17 13:30:37 +0200	[diff] [blame]	539	.. code-block:: yaml
				540
				541	salt:
				542	master:
				543	pillar:
				544	reclass: *reclass
				545	nacl:
				546	index: 99
				547	nacl:
				548	box_type: sealedbox
				549	sk_file: /etc/salt/pki/master/nacl
				550	pk_file: /etc/salt/pki/master/nacl.pub
				551	#sk: None
				552	#pk: None
				553
				554	NACL encrypt secrets:
				555
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	556	.. code-block:: bash
				557
Petr Michalec	1f541c4	2017-08-17 13:30:37 +0200	[diff] [blame]	558	salt-call --local nacl.enc 'my_secret_value' pk_file=/etc/salt/pki/master/nacl.pub
				559	hXTkJpC1hcKMS7yZVGESutWrkvzusXfETXkacSklIxYjfWDlMJmR37MlmthdIgjXpg4f2AlBKb8tc9Woma7q
				560	# or
				561	salt-run nacl.enc 'myotherpass'
				562	ADDFD0Rav6p6+63sojl7Htfrncp5rrDVyeE4BSPO7ipq8fZuLDIVAzQLf4PCbDqi+Fau5KD3/J/E+Pw=
				563
Petr Michalec	1f541c4	2017-08-17 13:30:37 +0200	[diff] [blame]	564	NACL encrypted values on pillar:
				565
				566	Use Boxed syntax `NACL[CryptedValue=]` to encode value on pillar:
				567
				568	.. code-block:: yaml
				569
				570	my_pillar:
				571	my_nacl:
				572	key0: unencrypted_value
				573	key1: NACL[hXTkJpC1hcKMS7yZVGESutWrkvzusXfETXkacSklIxYjfWDlMJmR37MlmthdIgjXpg4f2AlBKb8tc9Woma7q]
				574
				575	NACL large files:
				576
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	577	.. code-block:: bash
				578
Petr Michalec	1f541c4	2017-08-17 13:30:37 +0200	[diff] [blame]	579	salt-call nacl.enc_file /tmp/cert.crt out=/srv/salt/env/dev/cert.nacl
				580	# or more advanced
				581	cert=$(cat /tmp/cert.crt)
				582	salt-call --out=newline_values_only nacl.enc_pub data="$cert" > /srv/salt/env/dev/cert.nacl
				583
Petr Michalec	1f541c4	2017-08-17 13:30:37 +0200	[diff] [blame]	584	NACL within template/native pillars:
				585
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	586	.. code-block:: yaml
				587
Petr Michalec	1f541c4	2017-08-17 13:30:37 +0200	[diff] [blame]	588	pillarexample:
				589	user: root
				590	password1: {{salt.nacl.dec('DRB7Q6/X5gGSRCTpZyxS6hlbWj0llUA+uaVyvou3vJ4=')\|json}}
				591	cert_key: {{salt.nacl.dec_file('/srv/salt/env/dev/certs/example.com/cert.nacl')\|json}}
				592	cert_key2: {{salt.nacl.dec_file('salt:///certs/example.com/cert2.nacl')\|json}}
				593
Ales Komarek	d768f1c	2018-01-30 22:37:18 +0100	[diff] [blame]	594	Salt Syndic
Ales Komarek	5474068	2017-05-15 07:16:23 +0200	[diff] [blame]	595	-----------
				596
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	597	The master of masters:
Ales Komarek	5474068	2017-05-15 07:16:23 +0200	[diff] [blame]	598
				599	.. code-block:: yaml
				600
				601	salt:
				602	master:
				603	enabled: true
				604	order_masters: True
				605
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	606	Lower syndicated master:
Ales Komarek	5474068	2017-05-15 07:16:23 +0200	[diff] [blame]	607
				608	.. code-block:: yaml
				609
				610	salt:
				611	syndic:
				612	enabled: true
				613	master:
				614	host: master-of-master-host
				615	timeout: 5
				616
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	617	Syndicated master with multiple master of masters:
Ales Komarek	5474068	2017-05-15 07:16:23 +0200	[diff] [blame]	618
				619	.. code-block:: yaml
				620
				621	salt:
				622	syndic:
				623	enabled: true
				624	masters:
				625	- host: master-of-master-host1
				626	- host: master-of-master-host2
				627	timeout: 5
				628
Ales Komarek	d768f1c	2018-01-30 22:37:18 +0100	[diff] [blame]	629	Salt Minion
				630	-----------
				631
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	632	Minion ID by default triggers dependency on Linux formula, as it uses fqdn
				633	configured from `linux.system.name` and `linux.system.domain` pillar.
				634	To override, provide exact minion ID you require. The same can be set for
				635	master ID rendered at ``master.conf``.
Petr Michalec	cfd93e1	2018-06-26 18:11:44 +0200	[diff] [blame]	636
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	637	.. code-block:: yaml
Petr Michalec	cfd93e1	2018-06-26 18:11:44 +0200	[diff] [blame]	638
				639	salt:
				640	minion:
				641	id: minion1.production
				642	master:
				643	id: master.production
				644
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	645	Simplest Salt minion setup with central configuration node:
Ales Komarek	d768f1c	2018-01-30 22:37:18 +0100	[diff] [blame]	646
				647	.. literalinclude:: tests/pillar/minion_master.sls
				648	:language: yaml
				649
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	650	Multi-master Salt minion setup:
Ales Komarek	d768f1c	2018-01-30 22:37:18 +0100	[diff] [blame]	651
				652	.. literalinclude:: tests/pillar/minion_multi_master.sls
				653	:language: yaml
				654
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	655	Salt minion with salt mine options:
Ales Komarek	d768f1c	2018-01-30 22:37:18 +0100	[diff] [blame]	656
				657	.. literalinclude:: tests/pillar/minion_mine.sls
				658	:language: yaml
				659
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	660	Salt minion with graphing dependencies:
Ales Komarek	d768f1c	2018-01-30 22:37:18 +0100	[diff] [blame]	661
				662	.. literalinclude:: tests/pillar/minion_graph.sls
				663	:language: yaml
				664
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	665	Salt minion behind HTTP proxy:
Ales Komarek	d768f1c	2018-01-30 22:37:18 +0100	[diff] [blame]	666
				667	.. code-block:: yaml
				668
				669	salt:
				670	minion:
				671	proxy:
				672	host: 127.0.0.1
				673	port: 3128
				674
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	675	Salt minion to specify non-default HTTP backend. The default
				676	tornado backend does not respect HTTP proxy settings set as
				677	environment variables. This is useful for cases where you need
				678	to set no_proxy lists.
Ales Komarek	d768f1c	2018-01-30 22:37:18 +0100	[diff] [blame]	679
				680	.. code-block:: yaml
				681
				682	salt:
				683	minion:
				684	backend: urllib2
				685
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	686	Salt minion with PKI certificate authority (CA):
Ales Komarek	d768f1c	2018-01-30 22:37:18 +0100	[diff] [blame]	687
				688	.. literalinclude:: tests/pillar/minion_pki_ca.sls
				689	:language: yaml
				690
				691	Salt minion using PKI certificate
				692
				693	.. literalinclude:: tests/pillar/minion_pki_cert.sls
				694	:language: yaml
				695
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	696	Salt minion trust CA certificates issued by salt CA on a
				697	specific host (ie: salt-master node):
Ales Komarek	d768f1c	2018-01-30 22:37:18 +0100	[diff] [blame]	698
				699	.. code-block:: yaml
				700
				701	salt:
				702	minion:
				703	trusted_ca_minions:
				704	- cfg01
				705
Ales Komarek	d768f1c	2018-01-30 22:37:18 +0100	[diff] [blame]	706	Salt Minion Proxy
				707	~~~~~~~~~~~~~~~~~
Jiri Broulik	a0f4668	2017-04-20 22:45:01 +0200	[diff] [blame]	708
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	709	Salt proxy pillar:
Jiri Broulik	a0f4668	2017-04-20 22:45:01 +0200	[diff] [blame]	710
				711	.. code-block:: yaml
				712
				713	salt:
				714	minion:
Jiri Broulik	8827524	2017-05-24 17:21:17 +0200	[diff] [blame]	715	proxy_minion:
Jiri Broulik	a0f4668	2017-04-20 22:45:01 +0200	[diff] [blame]	716	master: localhost
				717	device:
				718	vsrx01.mydomain.local:
				719	enabled: true
				720	engine: napalm
				721	csr1000v.mydomain.local:
				722	enabled: true
				723	engine: napalm
				724
				725	.. note:: This is pillar of the the real salt-minion
				726
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	727	Proxy pillar for IOS device:
Jiri Broulik	a0f4668	2017-04-20 22:45:01 +0200	[diff] [blame]	728
				729	.. code-block:: yaml
				730
				731	proxy:
				732	proxytype: napalm
				733	driver: ios
				734	host: csr1000v.mydomain.local
				735	username: root
				736	passwd: r00tme
				737
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	738	.. note:: This is pillar of the node thats not able to run
				739	salt-minion itself.
Jiri Broulik	a0f4668	2017-04-20 22:45:01 +0200	[diff] [blame]	740
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	741	Proxy pillar for JunOS device:
Jiri Broulik	a0f4668	2017-04-20 22:45:01 +0200	[diff] [blame]	742
				743	.. code-block:: yaml
				744
				745	proxy:
				746	proxytype: napalm
				747	driver: junos
				748	host: vsrx01.mydomain.local
				749	username: root
				750	passwd: r00tme
				751	optional_args:
				752	config_format: set
				753
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	754	.. note:: This pillar applies to the node that can not run
				755	salt-minion itself.
Ales Komarek	8fb1da8	2016-08-21 23:52:03 +0200	[diff] [blame]	756
				757	Salt SSH
Ales Komarek	d768f1c	2018-01-30 22:37:18 +0100	[diff] [blame]	758	~~~~~~~~
Ales Komarek	8fb1da8	2016-08-21 23:52:03 +0200	[diff] [blame]	759
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	760	Salt SSH with sudoer using key:
Ales Komarek	8fb1da8	2016-08-21 23:52:03 +0200	[diff] [blame]	761
				762	.. literalinclude:: tests/pillar/master_ssh_minion_key.sls
				763	:language: yaml
				764
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	765	Salt SSH with sudoer using password:
Ales Komarek	8fb1da8	2016-08-21 23:52:03 +0200	[diff] [blame]	766
				767	.. literalinclude:: tests/pillar/master_ssh_minion_password.sls
				768	:language: yaml
				769
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	770	Salt SSH with root using password:
Ales Komarek	8fb1da8	2016-08-21 23:52:03 +0200	[diff] [blame]	771
				772	.. literalinclude:: tests/pillar/master_ssh_minion_root.sls
				773	:language: yaml
				774
Ales Komarek	8ba9c0b	2016-02-21 14:59:59 +0100	[diff] [blame]	775	Salt control (cloud/kvm/docker)
				776	-------------------------------
Filip Pytloun	b4b8059	2015-10-06 16:28:32 +0200	[diff] [blame]	777
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	778	Salt cloud with local OpenStack provider:
Filip Pytloun	b4b8059	2015-10-06 16:28:32 +0200	[diff] [blame]	779
Ales Komarek	8ba9c0b	2016-02-21 14:59:59 +0100	[diff] [blame]	780	.. literalinclude:: tests/pillar/control_cloud_openstack.sls
				781	:language: yaml
Filip Pytloun	b4b8059	2015-10-06 16:28:32 +0200	[diff] [blame]	782
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	783	Salt cloud with Digital Ocean provider:
Filip Pytloun	b4b8059	2015-10-06 16:28:32 +0200	[diff] [blame]	784
Ales Komarek	8ba9c0b	2016-02-21 14:59:59 +0100	[diff] [blame]	785	.. literalinclude:: tests/pillar/control_cloud_digitalocean.sls
				786	:language: yaml
Filip Pytloun	b4b8059	2015-10-06 16:28:32 +0200	[diff] [blame]	787
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	788	Salt virt with KVM cluster:
Filip Pytloun	b4b8059	2015-10-06 16:28:32 +0200	[diff] [blame]	789
Ales Komarek	8ba9c0b	2016-02-21 14:59:59 +0100	[diff] [blame]	790	.. literalinclude:: tests/pillar/control_virt.sls
				791	:language: yaml
Filip Pytloun	b4b8059	2015-10-06 16:28:32 +0200	[diff] [blame]	792
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	793	Salt virt with custom destination for image file:
Mateusz Los	4c7cd2d	2018-01-09 11:46:07 +0100	[diff] [blame]	794
				795	.. literalinclude:: tests/pillar/control_virt_custom.sls
				796	:language: yaml
				797
Filip Pytloun	b4b8059	2015-10-06 16:28:32 +0200	[diff] [blame]	798	Usage
				799	=====
				800
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	801	Working with salt-cloud:
Filip Pytloun	b4b8059	2015-10-06 16:28:32 +0200	[diff] [blame]	802
				803	.. code-block:: bash
				804
				805	salt-cloud -m /path/to/map --assume-yes
				806
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	807	Debug LIBCLOUD for salt-cloud connection:
Filip Pytloun	b4b8059	2015-10-06 16:28:32 +0200	[diff] [blame]	808
				809	.. code-block:: bash
				810
				811	export LIBCLOUD_DEBUG=/dev/stderr; salt-cloud --list-sizes provider_name --log-level all
				812
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	813	Read more
				814	=========
Filip Pytloun	b4b8059	2015-10-06 16:28:32 +0200	[diff] [blame]	815
				816	* http://salt.readthedocs.org/en/latest/
				817	* https://github.com/DanielBryan/salt-state-graph
				818	* http://karlgrz.com/testing-salt-states-rapidly-with-docker/
				819	* https://mywushublog.com/2013/03/configuration-management-with-salt-stack/
				820	* http://russell.ballestrini.net/replace-the-nagios-scheduler-and-nrpe-with-salt-stack/
				821	* https://github.com/saltstack-formulas/salt-formula
				822	* http://docs.saltstack.com/en/latest/topics/tutorials/multimaster.html
				823
				824	salt-cloud
				825	----------
				826
				827	* http://www.blog.sandro-mathys.ch/2013/07/setting-user-password-when-launching.html
				828	* http://cloudinit.readthedocs.org/en/latest/topics/examples.html
				829	* http://salt-cloud.readthedocs.org/en/latest/topics/install/index.html
				830	* http://docs.saltstack.com/topics/cloud/digitalocean.html
				831	* http://salt-cloud.readthedocs.org/en/latest/topics/rackspace.html
				832	* http://salt-cloud.readthedocs.org/en/latest/topics/map.html
				833	* http://docs.saltstack.com/en/latest/topics/tutorials/multimaster.html
Ales Komarek	8ba9c0b	2016-02-21 14:59:59 +0100	[diff] [blame]	834
Filip Pytloun	954dbd6	2017-02-02 13:02:03 +0100	[diff] [blame]	835	Documentation and Bugs
				836	======================
				837
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	838	* http://salt-formulas.readthedocs.io/
				839	Learn how to install and update salt-formulas
Filip Pytloun	954dbd6	2017-02-02 13:02:03 +0100	[diff] [blame]	840
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	841	* https://github.com/salt-formulas/salt-formula-salt/issues
				842	In the unfortunate event that bugs are discovered, report the issue to the
				843	appropriate issue tracker. Use the Github issue tracker for a specific salt
				844	formula
Filip Pytloun	954dbd6	2017-02-02 13:02:03 +0100	[diff] [blame]	845
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	846	* https://launchpad.net/salt-formulas
				847	For feature requests, bug reports, or blueprints affecting the entire
				848	ecosystem, use the Launchpad salt-formulas project
Filip Pytloun	954dbd6	2017-02-02 13:02:03 +0100	[diff] [blame]	849
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	850	* https://launchpad.net/~salt-formulas-users
				851	Join the salt-formulas-users team and subscribe to mailing list if required
Filip Pytloun	954dbd6	2017-02-02 13:02:03 +0100	[diff] [blame]	852
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	853	* https://github.com/salt-formulas/salt-formula-salt
				854	Develop the salt-formulas projects in the master branch and then submit pull
				855	requests against a specific formula
Filip Pytloun	954dbd6	2017-02-02 13:02:03 +0100	[diff] [blame]	856
OlgaGusarenko	f1fd82e	2018-07-31 01:20:49 +0300	[diff] [blame^]	857	* #salt-formulas @ irc.freenode.net
				858	Use this IRC channel in case of any questions or feedback which is always
				859	welcome
Filip Pytloun	954dbd6	2017-02-02 13:02:03 +0100	[diff] [blame]	860