config.rst 19 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689
  1. .. _salt-cloud-config:
  2. ==================
  3. Core Configuration
  4. ==================
  5. A number of core configuration options and some options that are global to the
  6. VM profiles can be set in the cloud configuration file. By default this file is
  7. located at ``/etc/salt/cloud``.
  8. Thread Pool Size
  9. ================
  10. When salt cloud is operating in parallel mode via the ``-P`` argument, you can
  11. control the thread pool size by specifying the ``pool_size`` parameter with
  12. a positive integer value.
  13. By default, the thread pool size will be set to the number of VMs that salt
  14. cloud is operating on.
  15. .. code-block:: yaml
  16. pool_size: 10
  17. Minion Configuration
  18. ====================
  19. The default minion configuration is set up in this file. Minions created by
  20. salt-cloud derive their configuration from this file. Almost all parameters
  21. found in :ref:`Configuring the Salt Minion <configuration-salt-minion>` can be
  22. used here.
  23. .. code-block:: yaml
  24. minion:
  25. master: saltmaster.example.com
  26. In particular, this is the location to specify the location of the salt master
  27. and its listening port, if the port is not set to the default.
  28. Similar to most other settings, Minion configuration settings are inherited
  29. across configuration files. For example, the master setting might be contained
  30. in the main ``cloud`` configuration file as demonstrated above, but additional
  31. settings can be placed in the provider, profile or map configuration files:
  32. .. code-block:: yaml
  33. ec2-web:
  34. size: t1.micro
  35. minion:
  36. environment: test
  37. startup_states: sls
  38. sls_list:
  39. - web
  40. When salt cloud creates a new minion, it can automatically add grain information
  41. to the minion configuration file identifying the sources originally used
  42. to define it.
  43. The generated grain information will appear similar to:
  44. .. code-block:: yaml
  45. grains:
  46. salt-cloud:
  47. driver: ec2
  48. provider: my_ec2:ec2
  49. profile: ec2-web
  50. The generation of the salt-cloud grain can be suppressed by the
  51. option ``enable_cloud_grains: 'False'`` in the cloud configuration file.
  52. Cloud Configuration Syntax
  53. ==========================
  54. The data specific to interacting with public clouds is set up :ref:`here
  55. <cloud-provider-specifics>`.
  56. Cloud provider configuration settings can live in several places. The first is in
  57. ``/etc/salt/cloud``:
  58. .. code-block:: yaml
  59. # /etc/salt/cloud
  60. providers:
  61. my-aws-migrated-config:
  62. id: HJGRYCILJLKJYG
  63. key: 'kdjgfsgm;woormgl/aserigjksjdhasdfgn'
  64. keyname: test
  65. securitygroup: quick-start
  66. private_key: /root/test.pem
  67. driver: ec2
  68. Cloud provider configuration data can also be housed in ``/etc/salt/cloud.providers``
  69. or any file matching ``/etc/salt/cloud.providers.d/*.conf``. All files in any of these
  70. locations will be parsed for cloud provider data.
  71. Using the example configuration above:
  72. .. code-block:: yaml
  73. # /etc/salt/cloud.providers
  74. # or could be /etc/salt/cloud.providers.d/*.conf
  75. my-aws-config:
  76. id: HJGRYCILJLKJYG
  77. key: 'kdjgfsgm;woormgl/aserigjksjdhasdfgn'
  78. keyname: test
  79. securitygroup: quick-start
  80. private_key: /root/test.pem
  81. driver: ec2
  82. .. note::
  83. Salt Cloud provider configurations within ``/etc/cloud.provider.d/`` should not
  84. specify the ``providers`` starting key.
  85. It is also possible to have multiple cloud configuration blocks within the same alias block.
  86. For example:
  87. .. code-block:: yaml
  88. production-config:
  89. - id: HJGRYCILJLKJYG
  90. key: 'kdjgfsgm;woormgl/aserigjksjdhasdfgn'
  91. keyname: test
  92. securitygroup: quick-start
  93. private_key: /root/test.pem
  94. driver: ec2
  95. - user: example_user
  96. apikey: 123984bjjas87034
  97. driver: rackspace
  98. However, using this configuration method requires a change with profile configuration blocks.
  99. The provider alias needs to have the provider key value appended as in the following example:
  100. .. code-block:: yaml
  101. rhel_aws_dev:
  102. provider: production-config:ec2
  103. image: ami-e565ba8c
  104. size: t1.micro
  105. rhel_aws_prod:
  106. provider: production-config:ec2
  107. image: ami-e565ba8c
  108. size: High-CPU Extra Large Instance
  109. database_prod:
  110. provider: production-config:rackspace
  111. image: Ubuntu 12.04 LTS
  112. size: 256 server
  113. Notice that because of the multiple entries, one has to be explicit about the provider alias and
  114. name, from the above example, ``production-config: ec2``.
  115. This data interactions with the ``salt-cloud`` binary regarding its ``--list-location``,
  116. ``--list-images``, and ``--list-sizes`` which needs a cloud provider as an argument. The argument
  117. used should be the configured cloud provider alias. If the provider alias has multiple entries,
  118. ``<provider-alias>: <provider-name>`` should be used.
  119. To allow for a more extensible configuration, ``--providers-config``, which defaults to
  120. ``/etc/salt/cloud.providers``, was added to the cli parser. It allows for the providers'
  121. configuration to be added on a per-file basis.
  122. Pillar Configuration
  123. ====================
  124. It is possible to configure cloud providers using pillars. This is only used when inside the cloud
  125. module. You can setup a variable called ``cloud`` that contains your profile, provider, and map to
  126. pass that information to the cloud servers instead of having to copy the full configuration to every
  127. minion. In your pillar file, you would use something like this:
  128. .. code-block:: yaml
  129. cloud:
  130. ssh_key_name: saltstack
  131. ssh_key_file: /root/.ssh/id_rsa
  132. update_cachedir: True
  133. diff_cache_events: True
  134. providers:
  135. my-openstack:
  136. driver: openstack
  137. region_name: ORD
  138. cloud: mycloud
  139. profiles:
  140. ubuntu-openstack:
  141. provider: my-openstack
  142. size: ds512M
  143. image: CentOS 7
  144. script_args: git develop
  145. maps:
  146. my-dev-map:
  147. ubuntu-openstack:
  148. - dev-test01
  149. - dev-test02
  150. - dev-test03
  151. - dev-test04
  152. my-prd-map:
  153. ubuntu-openstack:
  154. - prd-web01
  155. - prd-web02
  156. minion:
  157. id: custom-minion-id-app1-stack1-frontend
  158. grains:
  159. roles:
  160. - webserver
  161. deployment: datacenter4-openstack
  162. - prod-db01
  163. - prod-db02
  164. Cloud Configurations
  165. ====================
  166. Scaleway
  167. --------
  168. To use Salt Cloud with Scaleway, you need to get an ``access key`` and an ``API token``. ``API tokens`` are unique identifiers associated with your Scaleway account.
  169. To retrieve your ``access key`` and ``API token``, log-in to the Scaleway control panel, open the pull-down menu on your account name and click on "My Credentials" link.
  170. If you do not have ``API token`` you can create one by clicking the "Create New Token" button on the right corner.
  171. .. code-block:: yaml
  172. my-scaleway-config:
  173. access_key: 15cf404d-4560-41b1-9a0c-21c3d5c4ff1f
  174. token: a7347ec8-5de1-4024-a5e3-24b77d1ba91d
  175. driver: scaleway
  176. .. note::
  177. In the cloud profile that uses this provider configuration, the syntax for the
  178. ``provider`` required field would be ``provider: my-scaleway-config``.
  179. Rackspace
  180. ---------
  181. Rackspace cloud requires two configuration options; a ``user`` and an ``apikey``:
  182. .. code-block:: yaml
  183. my-rackspace-config:
  184. user: example_user
  185. apikey: 123984bjjas87034
  186. driver: rackspace
  187. .. note::
  188. In the cloud profile that uses this provider configuration, the syntax for the
  189. ``provider`` required field would be ``provider: my-rackspace-config``.
  190. Amazon AWS
  191. ----------
  192. A number of configuration options are required for Amazon AWS including ``id``,
  193. ``key``, ``keyname``, ``securitygroup``, and ``private_key``:
  194. .. code-block:: yaml
  195. my-aws-quick-start:
  196. id: HJGRYCILJLKJYG
  197. key: 'kdjgfsgm;woormgl/aserigjksjdhasdfgn'
  198. keyname: test
  199. securitygroup: quick-start
  200. private_key: /root/test.pem
  201. driver: ec2
  202. my-aws-default:
  203. id: HJGRYCILJLKJYG
  204. key: 'kdjgfsgm;woormgl/aserigjksjdhasdfgn'
  205. keyname: test
  206. securitygroup: default
  207. private_key: /root/test.pem
  208. driver: ec2
  209. .. note::
  210. In the cloud profile that uses this provider configuration, the syntax for the
  211. ``provider`` required field would be either ``provider: my-aws-quick-start``
  212. or ``provider: my-aws-default``.
  213. Linode
  214. ------
  215. Linode requires a single API key, but the default root password also needs to
  216. be set:
  217. .. code-block:: yaml
  218. my-linode-config:
  219. apikey: asldkgfakl;sdfjsjaslfjaklsdjf;askldjfaaklsjdfhasldsadfghdkf
  220. password: F00barbaz
  221. ssh_pubkey: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKHEOLLbeXgaqRQT9NBAopVz366SdYc0KKX33vAnq+2R user@host
  222. ssh_key_file: ~/.ssh/id_ed25519
  223. driver: linode
  224. The password needs to be 8 characters and contain lowercase, uppercase, and
  225. numbers.
  226. .. note::
  227. In the cloud profile that uses this provider configuration, the syntax for the
  228. ``provider`` required field would be ``provider: my-linode-config``
  229. Joyent Cloud
  230. ------------
  231. The Joyent cloud requires three configuration parameters: The username and
  232. password that are used to log into the Joyent system, as well as the location
  233. of the private SSH key associated with the Joyent account. The SSH key is needed
  234. to send the provisioning commands up to the freshly created virtual machine.
  235. .. code-block:: yaml
  236. my-joyent-config:
  237. user: fred
  238. password: saltybacon
  239. private_key: /root/joyent.pem
  240. driver: joyent
  241. .. note::
  242. In the cloud profile that uses this provider configuration, the syntax for the
  243. ``provider`` required field would be ``provider: my-joyent-config``
  244. GoGrid
  245. ------
  246. To use Salt Cloud with GoGrid, log into the GoGrid web interface and create an
  247. API key. Do this by clicking on "My Account" and then going to the API Keys
  248. tab.
  249. The ``apikey`` and the ``sharedsecret`` configuration parameters need to
  250. be set in the configuration file to enable interfacing with GoGrid:
  251. .. code-block:: yaml
  252. my-gogrid-config:
  253. apikey: asdff7896asdh789
  254. sharedsecret: saltybacon
  255. driver: gogrid
  256. .. note::
  257. In the cloud profile that uses this provider configuration, the syntax for the
  258. ``provider`` required field would be ``provider: my-gogrid-config``.
  259. OpenStack
  260. ---------
  261. Using Salt for OpenStack uses the `shade <https://docs.openstack.org/shade/latest/>` driver managed by the
  262. openstack-infra team.
  263. This driver can be configured using the ``/etc/openstack/clouds.yml`` file with
  264. `os-client-config <https://docs.openstack.org/os-client-config/latest/>`
  265. .. code-block:: yaml
  266. myopenstack:
  267. driver: openstack
  268. region_name: RegionOne
  269. cloud: mycloud
  270. Or by just configuring the same auth block directly in the cloud provider config.
  271. .. code-block:: yaml
  272. myopenstack:
  273. driver: openstack
  274. region_name: RegionOne
  275. auth:
  276. username: 'demo'
  277. password: secret
  278. project_name: 'demo'
  279. auth_url: 'http://openstack/identity'
  280. Both of these methods support using the
  281. `vendor <https://docs.openstack.org/os-client-config/latest/user/vendor-support.html>`
  282. options.
  283. For more information, look at :mod:`Openstack Cloud Driver Docs <salt.cloud.clouds.openstack>`
  284. DigitalOcean
  285. ------------
  286. Using Salt for DigitalOcean requires a ``client_key`` and an ``api_key``. These
  287. can be found in the DigitalOcean web interface, in the "My Settings" section,
  288. under the API Access tab.
  289. .. code-block:: yaml
  290. my-digitalocean-config:
  291. driver: digitalocean
  292. personal_access_token: xxx
  293. location: New York 1
  294. .. note::
  295. In the cloud profile that uses this provider configuration, the syntax for the
  296. ``provider`` required field would be ``provider: my-digital-ocean-config``.
  297. Parallels
  298. ---------
  299. Using Salt with Parallels requires a ``user``, ``password`` and ``URL``. These
  300. can be obtained from your cloud provider.
  301. .. code-block:: yaml
  302. my-parallels-config:
  303. user: myuser
  304. password: xyzzy
  305. url: https://api.cloud.xmission.com:4465/paci/v1.0/
  306. driver: parallels
  307. .. note::
  308. In the cloud profile that uses this provider configuration, the syntax for the
  309. ``provider`` required field would be ``provider: my-parallels-config``.
  310. Proxmox
  311. -------
  312. Using Salt with Proxmox requires a ``user``, ``password``, and ``URL``. These can be
  313. obtained from your cloud host. Both PAM and PVE users can be used.
  314. .. code-block:: yaml
  315. my-proxmox-config:
  316. driver: proxmox
  317. user: saltcloud@pve
  318. password: xyzzy
  319. url: your.proxmox.host
  320. .. note::
  321. In the cloud profile that uses this provider configuration, the syntax for the
  322. ``provider`` required field would be ``provider: my-proxmox-config``.
  323. LXC
  324. ---
  325. The lxc driver uses saltify to install salt and attach the lxc container as a new lxc
  326. minion. As soon as we can, we manage baremetal operation over SSH. You can also destroy
  327. those containers via this driver.
  328. .. code-block:: yaml
  329. devhost10-lxc:
  330. target: devhost10
  331. driver: lxc
  332. And in the map file:
  333. .. code-block:: yaml
  334. devhost10-lxc:
  335. provider: devhost10-lxc
  336. from_container: ubuntu
  337. backing: lvm
  338. sudo: True
  339. size: 3g
  340. ip: 10.0.3.9
  341. minion:
  342. master: 10.5.0.1
  343. master_port: 4506
  344. lxc_conf:
  345. - lxc.utsname: superlxc
  346. .. note::
  347. In the cloud profile that uses this provider configuration, the syntax for the
  348. ``provider`` required field would be ``provider: devhost10-lxc``.
  349. .. _config_saltify:
  350. Saltify
  351. -------
  352. The Saltify driver is a new, experimental driver designed to install Salt on a remote
  353. machine, virtual or bare metal, using SSH. This driver is useful for provisioning
  354. machines which are already installed, but not Salted. For more information about using
  355. this driver and for configuration examples, please see the
  356. :ref:`Getting Started with Saltify <getting-started-with-saltify>` documentation.
  357. .. _config_vagrant:
  358. Vagrant
  359. -------
  360. The Vagrant driver is a new, experimental driver for controlling a VagrantBox
  361. virtual machine, and installing Salt on it. The target host machine must be a
  362. working salt minion, which is controlled via the salt master using salt-api.
  363. For more information, see
  364. :ref:`Getting Started With Vagrant <getting-started-with-vagrant>`.
  365. Extending Profiles and Cloud Providers Configuration
  366. ====================================================
  367. As of 0.8.7, the option to extend both the profiles and cloud providers
  368. configuration and avoid duplication was added. The extends feature works on the
  369. current profiles configuration, but, regarding the cloud providers
  370. configuration, **only** works in the new syntax and respective configuration
  371. files, i.e. ``/etc/salt/salt/cloud.providers`` or
  372. ``/etc/salt/cloud.providers.d/*.conf``.
  373. .. note::
  374. Extending cloud profiles and providers is not recursive. For example, a
  375. profile that is extended by a second profile is possible, but the second
  376. profile cannot be extended by a third profile.
  377. Also, if a profile (or provider) is extending another profile and each
  378. contains a list of values, the lists from the extending profile will
  379. override the list from the original profile. The lists are not merged
  380. together.
  381. Extending Profiles
  382. ------------------
  383. Some example usage on how to use ``extends`` with profiles. Consider
  384. ``/etc/salt/salt/cloud.profiles`` containing:
  385. .. code-block:: yaml
  386. development-instances:
  387. provider: my-ec2-config
  388. size: t1.micro
  389. ssh_username: ec2_user
  390. securitygroup:
  391. - default
  392. deploy: False
  393. Amazon-Linux-AMI-2012.09-64bit:
  394. image: ami-54cf5c3d
  395. extends: development-instances
  396. Fedora-17:
  397. image: ami-08d97e61
  398. extends: development-instances
  399. CentOS-5:
  400. provider: my-aws-config
  401. image: ami-09b61d60
  402. extends: development-instances
  403. The above configuration, once parsed would generate the following profiles
  404. data:
  405. .. code-block:: python
  406. [
  407. {
  408. "deploy": False,
  409. "image": "ami-08d97e61",
  410. "profile": "Fedora-17",
  411. "provider": "my-ec2-config",
  412. "securitygroup": ["default"],
  413. "size": "t1.micro",
  414. "ssh_username": "ec2_user",
  415. },
  416. {
  417. "deploy": False,
  418. "image": "ami-09b61d60",
  419. "profile": "CentOS-5",
  420. "provider": "my-aws-config",
  421. "securitygroup": ["default"],
  422. "size": "t1.micro",
  423. "ssh_username": "ec2_user",
  424. },
  425. {
  426. "deploy": False,
  427. "image": "ami-54cf5c3d",
  428. "profile": "Amazon-Linux-AMI-2012.09-64bit",
  429. "provider": "my-ec2-config",
  430. "securitygroup": ["default"],
  431. "size": "t1.micro",
  432. "ssh_username": "ec2_user",
  433. },
  434. {
  435. "deploy": False,
  436. "profile": "development-instances",
  437. "provider": "my-ec2-config",
  438. "securitygroup": ["default"],
  439. "size": "t1.micro",
  440. "ssh_username": "ec2_user",
  441. },
  442. ]
  443. Pretty cool right?
  444. Extending Providers
  445. -------------------
  446. Some example usage on how to use ``extends`` within the cloud providers
  447. configuration. Consider ``/etc/salt/salt/cloud.providers`` containing:
  448. .. code-block:: yaml
  449. my-develop-envs:
  450. - id: HJGRYCILJLKJYG
  451. key: 'kdjgfsgm;woormgl/aserigjksjdhasdfgn'
  452. keyname: test
  453. securitygroup: quick-start
  454. private_key: /root/test.pem
  455. location: ap-southeast-1
  456. availability_zone: ap-southeast-1b
  457. driver: ec2
  458. - user: myuser@mycorp.com
  459. password: mypass
  460. ssh_key_name: mykey
  461. ssh_key_file: '/etc/salt/ibm/mykey.pem'
  462. location: Raleigh
  463. driver: ibmsce
  464. my-productions-envs:
  465. - extends: my-develop-envs:ibmsce
  466. user: my-production-user@mycorp.com
  467. location: us-east-1
  468. availability_zone: us-east-1
  469. The above configuration, once parsed would generate the following providers
  470. data:
  471. .. code-block:: python
  472. {
  473. "providers": {
  474. "my-develop-envs": [
  475. {
  476. "availability_zone": "ap-southeast-1b",
  477. "id": "HJGRYCILJLKJYG",
  478. "key": "kdjgfsgm;woormgl/aserigjksjdhasdfgn",
  479. "keyname": "test",
  480. "location": "ap-southeast-1",
  481. "private_key": "/root/test.pem",
  482. "driver": "aws",
  483. "securitygroup": "quick-start",
  484. },
  485. {
  486. "location": "Raleigh",
  487. "password": "mypass",
  488. "driver": "ibmsce",
  489. "ssh_key_file": "/etc/salt/ibm/mykey.pem",
  490. "ssh_key_name": "mykey",
  491. "user": "myuser@mycorp.com",
  492. },
  493. ],
  494. "my-productions-envs": [
  495. {
  496. "availability_zone": "us-east-1",
  497. "location": "us-east-1",
  498. "password": "mypass",
  499. "driver": "ibmsce",
  500. "ssh_key_file": "/etc/salt/ibm/mykey.pem",
  501. "ssh_key_name": "mykey",
  502. "user": "my-production-user@mycorp.com",
  503. }
  504. ],
  505. }
  506. }