linux-formula/linux/map.jinja

{% set system = salt['grains.filter_by']({
    'Arch': {
        'pkgs': ['sudo', 'vim', 'wget'],
        'utc': true,
        'user': {},
        'group': {},
        'job': {},
        'limit': {},
        'locale': {},
        'motd': {},
        'env': {},
        'profile': {},
        'proxy': {},
        'repo': {},
        'package': {},
        'autoupdates': {
          'pkgs': []
         },
        'selinux': 'permissive',
        'ca_certs_dir': '/usr/local/share/ca-certificates',
        'ca_certs_bin': 'update-ca-certificates',
        'atop': {
             'enabled': false,
             'interval': '20',
             'autostart': true,
             'logpath': '/var/log/atop',
             'outfile': '/var/log/atop/daily.log'
         },
        'at': {
             'pkgs': [],
             'services': []
        },
        'cron': {
             'pkgs': [],
             'services': []
        },
    },
    'Debian': {
        'pkgs': ['python-apt', 'apt-transport-https', 'libmnl0'],
        'utc': true,
        'user': {},
        'group': {},
        'job': {},
        'limit': {},
        'locale': {},
        'motd': {},
        'env': {},
        'profile': {},
        'proxy': {},
        'repo': {},
        'package': {},
        'autoupdates': {
             'pkgs': ['unattended-upgrades']
         },
        'selinux': 'permissive',
        'ca_certs_dir': '/usr/local/share/ca-certificates',
        'ca_certs_bin': 'update-ca-certificates',
        'atop': {
             'enabled': false,
             'interval': '20',
             'autostart': true,
             'logpath': '/var/log/atop',
             'outfile': '/var/log/atop/daily.log'
         },
        'at': {
             'pkgs': ['at'],
             'services': ['atd'],
             'user': {}
         },
        'cron': {
             'pkgs': ['cron'],
             'services': ['cron'],
             'user': {}
         },
    },
    'RedHat': {
        'pkgs': ['policycoreutils', 'policycoreutils-python', 'telnet', 'wget'],
        'utc': true,
        'user': {},
        'group': {},
        'job': {},
        'limit': {},
        'locale': {},
        'motd': {},
        'env': {},
        'profile': {},
        'proxy': {},
        'repo': {},
        'package': {},
        'autoupdates': {
             'pkgs': []
         },
        'selinux': 'permissive',
        'ca_certs_dir': '/etc/pki/ca-trust/source/anchors',
        'ca_certs_bin': 'update-ca-trust extract',
        'atop': {
             'enabled': false,
             'interval': '20',
             'autostart': true,
             'logpath': '/var/log/atop',
             'outfile': '/var/log/atop/daily.log'
         },
        'at': {
             'pkgs': [],
             'services': []
        },
        'cron': {
             'pkgs': [],
             'services': []
        },
    },
}, merge=salt['grains.filter_by']({
    'bullseye': {
        'pkgs': ['python3-apt', 'apt-transport-https', 'libmnl0'],
    },
    'bookworm': {
        'pkgs': ['python3-apt', 'apt-transport-https', 'libmnl0'],
    },
    'sid': {
        'pkgs': ['python3-apt', 'apt-transport-https', 'libmnl0'],
    },
    'jammy': {
        'pkgs': ['python3-apt', 'apt-transport-https', 'libmnl0'],
    },
}, grain='oscodename', merge=salt['pillar.get']('linux:system'))) %}

{% set banner = salt['grains.filter_by']({
    'BaseDefaults': {
        'enabled': false,
    },
}, grain='os_family', merge=salt['pillar.get']('linux:system:banner'), base='BaseDefaults') %}

{% set auth = salt['grains.filter_by']({
    'Arch': {
        'enabled': false,
        'duo': {
            'enabled': false,
            'duo_host': 'localhost',
            'duo_ikey': '',
            'duo_skey': ''
        }
    },
    'RedHat': {
        'enabled': false,
        'duo': {
            'enabled': false,
            'duo_host': 'localhost',
            'duo_ikey': '',
            'duo_skey': ''
        }
    },
    'Debian': {
        'enabled': false,
        'duo': {
            'enabled': false,
            'duo_host': 'localhost',
            'duo_ikey': '',
            'duo_skey': ''
        }
    },
}, grain='os_family', merge=salt['pillar.get']('linux:system:auth')) %}

{% set ldap = salt['grains.filter_by']({
    'RedHat': {
        'enabled': false,
        'pkgs': ['openldap-clients', 'nss-pam-ldapd', 'authconfig', 'nscd'],
        'version': '3',
        'scope': 'sub',
        'uid': 'nslcd',
        'gid': 'nslcd',
    },
    'Debian': {
        'enabled': false,
        'pkgs': ['libnss-ldapd', 'libpam-ldapd', 'nscd'],
        'version': '3',
        'scope': 'sub',
        'uid': 'nslcd',
        'gid': 'nslcd',
    },
}, grain='os_family', merge=salt['pillar.get']('linux:system:auth:ldap')) %}

{%- load_yaml as login_defs_defaults %}
Debian:
    CHFN_RESTRICT:
        value: 'rwh'
    DEFAULT_HOME:
        value: 'yes'
    ENCRYPT_METHOD:
        value: 'SHA512'
    ENV_PATH:
        value: 'PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games'
    ENV_SUPATH:
        value: 'PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'
    ERASECHAR:
        value: '0177'
    FAILLOG_ENAB:
        value: 'yes'
    FTMP_FILE:
        value: '/var/log/btmp'
    GID_MAX:
        value: '60000'
    GID_MIN:
        value: '1000'
    HUSHLOGIN_FILE:
        value: '.hushlogin'
    KILLCHAR:
        value: '025'
    LOGIN_RETRIES:
        value: '5'
    LOGIN_TIMEOUT:
        value: '60'
    LOG_OK_LOGINS:
        value: 'no'
    LOG_UNKFAIL_ENAB:
        value: 'no'
    MAIL_DIR:
        value: '/var/mail'
    PASS_MAX_DAYS:
        value: '99999'
    PASS_MIN_DAYS:
        value: '0'
    PASS_WARN_AGE:
        value: '7'
    SU_NAME:
        value: 'su'
    SYSLOG_SG_ENAB:
        value: 'yes'
    SYSLOG_SU_ENAB:
        value: 'yes'
    TTYGROUP:
        value: 'tty'
    TTYPERM:
        value: '0600'
    UID_MAX:
        value: '60000'
    UID_MIN:
        value: '1000'
    UMASK:
        value: '022'
    USERGROUPS_ENAB:
        value: 'yes'
{%- endload %}
{%- set login_defs = salt['grains.filter_by'](login_defs_defaults,
    grain='os_family', merge=salt['pillar.get']('linux:system:login_defs')) %}

{#    'network_name', #}

{% set interface_params = [
    'gateway',
    'mtu',
    'network',
    'broadcast',
    'master',
    'miimon',
    'ovs_ports',
    'ovs_bridge',
    'mode',
    'port_type',
    'peer',
    'lacp-rate',
    'dns-search',
    'up_cmds',
    'pre_up_cmds',
    'post_up_cmds',
    'down_cmds',
    'pre_down_cmds',
    'post_down_cmds',
    'maxwait',
    'stp',
    'gro',
    'rx',
    'tx',
    'sg',
    'tso',
    'ufo',
    'gso',
    'lro',
    'lacp_rate',
    'ad_select',
    'downdelay',
    'updelay',
    'hashing-algorithm',
    'hardware-dma-ring-rx',
    'hwaddr',
    'noifupdown',
    'arp_ip_target',
    'primary',
] %}
{% set debian_headers = "linux-headers-" + grains.get('kernelrelease')|string %}
{% set network = salt['grains.filter_by']({
    'Arch': {
        'pkgs': ['wpa_supplicant', 'dhclient', 'wireless_tools', 'ifenslave'],
        'bridge_pkgs': ['bridge-utils', 'vlan'],
        'ovs_pkgs': ['openvswitch-switch', 'vlan'],
        'hostname_file': '/etc/hostname',
        'network_manager': False,
        'systemd': {},
        'interface': {},
        'interface_params': interface_params,
        'bridge': 'none',
        'proxy': {
           'host': 'none',
        },
        'host': {},
        'mine_dns_records': False,
        'dhclient_config': '/etc/dhcp/dhclient.conf',
        'ovs_nowait': False,
    },
    'Debian': {
        'pkgs': ['ifenslave'],
        'hostname_file': '/etc/hostname',
        'bridge_pkgs': ['bridge-utils', 'vlan'],
        'ovs_pkgs': ['openvswitch-switch', 'bridge-utils', 'vlan'],
        'dpdk_pkgs': ['dpdk', 'dpdk-dev', 'dpdk-igb-uio-dkms', 'dpdk-rte-kni-dkms', debian_headers.encode('utf8') ],
        'network_manager': False,
        'systemd': {},
        'interface': {},
        'interface_params': interface_params,
        'bridge': 'none',
        'proxy': {
           'host': 'none'
        },
        'host': {},
        'mine_dns_records': False,
        'dhclient_config': '/etc/dhcp/dhclient.conf',
        'ovs_nowait': False,
    },
    'RedHat': {
        'pkgs': ['iputils'],
        'bridge_pkgs': ['bridge-utils', 'vlan'],
        'ovs_pkgs': ['openvswitch-switch', 'bridge-utils', 'vlan'],
        'hostname_file': '/etc/sysconfig/network',
        'network_manager': False,
        'systemd': {},
        'interface': {},
        'interface_params': interface_params,
        'bridge': 'none',
        'proxy': {
           'host': 'none'
        },
        'host': {},
        'mine_dns_records': False,
        'dhclient_config': '/etc/dhcp/dhclient.conf',
        'ovs_nowait': False,
    },
}, grain='os_family', merge=salt['pillar.get']('linux:network')) %}

{% set storage = salt['grains.filter_by']({
    'Arch': {
        'mount': {},
        'swap': {},
        'disk': {},
        'lvm': {},
        'lvm_services': ['lvm2-lvmetad', 'lvm2-lvmpolld', 'lvm2-monitor'],
        'loopback': {},
        'nfs': {
             'pkgs': ['nfs-utils']
         },
        'multipath': {
             'enabled': False,
             'pkgs': ['multipath-tools', 'multipath-tools-boot'],
             'service': ''
         },
    },
    'Debian': {
        'mount': {},
        'swap': {},
        'lvm': {},
        'disk': {},
        'lvm_services': ['lvm2-lvmetad', 'lvm2-lvmpolld', 'lvm2-monitor'],
        'loopback': {},
        'nfs': {
             'pkgs': ['nfs-common']
         },
        'multipath': {
             'enabled': False,
             'pkgs': ['multipath-tools', 'multipath-tools-boot'],
             'service': 'multipath-tools'
         },
        'lvm_pkgs': ['lvm2'],
    },
    'RedHat': {
        'mount': {},
        'swap': {},
        'lvm': {},
        'disk': {},
        'lvm_services': ['lvm2-lvmetad', 'lvm2-lvmpolld', 'lvm2-monitor'],
        'loopback': {},
        'nfs': {
             'pkgs': ['nfs-utils']
         },
        'multipath': {
             'enabled': False,
             'pkgs': [],
             'service': 'multipath'
         },
    },
}, merge=salt['grains.filter_by']({
    'CentOS Stream 8': {
      'lvm_services': ['lvm2-lvmpolld', 'lvm2-monitor'],
    },
    'jammy': {
      'lvm_services': ['lvm2-monitor'],
    },
    'focal': {
      'lvm_services': ['lvm2-monitor'],
    },
    'buster': {
        'lvm_services': ['lvm2-monitor'],
    },
    'bullseye': {
        'lvm_services': ['lvm2-monitor'],
    },
    'bookworm': {
        'lvm_services': ['lvm2-monitor'],
    },
    'sid': {
        'lvm_services': ['lvm2-monitor'],
    },
    'trusty': {
        'lvm_services': ['udev'],
    },
}, grain='oscodename', merge=salt['pillar.get']('linux:storage'))) %}

{% set monitoring = salt['grains.filter_by']({
    'default': {
        'bond_status': {
            'interfaces': False
        },
        'zombie': {
            'warn': 3,
            'crit': 7,
        },
        'procs': {
            'warn': 5000,
            'crit': 10000,
        },
        'load': {
            'warn': '6,4,2',
            'crit': '12,8,4',
        },
        'swap': {
            'warn': '50%',
            'crit': '20%',
        },
        'disk': {
            'warn': '15%',
            'crit': '5%',
        },
        'netlink': {
            'interfaces': [],
            'interface_regex': '^[a-z0-9]+$',
            'ignore_selected': False,
        },
        'cpu_usage_percentage': {
              'warn': 90.0,
        },
        'memory_usage_percentage': {
            'warn': 90.0,
            'major': 95.0,
        },
        'disk_usage_percentage': {
            'warn': 85.0,
            'major': 95.0,
        },
        'swap_usage_percentage': {
            'warn': 50.0,
            'minor': 90.0,
        },
        'inodes_usage_percentage': {
            'warn': 85.0,
            'major': 95.0,
        },
        'system_load_threshold': {
            'warn': 1,
            'crit': 2,
        },
        'rx_packets_dropped_threshold': {
            'warn': 100,
        },
        'tx_packets_dropped_threshold': {
            'warn': 100,
        },
        'swap_in_rate': {
            'warn': 1024 * 1024,
        },
        'swap_out_rate': {
            'warn': 1024 * 1024,
        },
        'failed_auths_threshold': {
            'warn': 5,
        },
        'net_rx_action_per_cpu_threshold': {
            'warning': '500',
            'minor': '5000'
        },
        'packets_dropped_per_cpu_threshold': {
            'minor': '0',
            'major': '100'
        }
    },
}, grain='os_family', merge=salt['pillar.get']('linux:monitoring')) %}