* Ubuntu pinning params allow to be used
multiply times. In same time, old `list`
format now allowing to be predictable
iterated inside jinja
Related-Bug: PROD-21604 (PROD:21604)
Change-Id: If1c0f0f834a296b9a19d0af5fc7673c9229a7ac5
Permissions 640 root:root doesn't allow regular user to read
/etc/{at,cron}.allow files, that changes behavior of at / crontab
commands:
* crontab command can't read /etc/cron.allow and allow any user to modify
their crontab files.
* at command can't read /etc/at.allow and deny every user.
at / crontab files have SGID bits set, so setting correct group
on /etc/{at,cron}.allow fixes the issue.
Change-Id: I4a3fc8d8e823498d6715e26307424e3065cbd6ca
linux/system/user.sls ignores 'shell' option if a
user is system. This is quite strange behavior, and it
breaks CIS:
* 5.4.2 Ensure system accounts are non-login
Change-Id: I32dd44ac4fcc1425ea47eb4cf60acf41f6ce0887
Related-Prod: PROD-20764
* Add TODO-proper fix for state - native salt fun.
But due bug[1] in saltstack - we can't enable
proper solution now
[1] 74599bbdfc
Related-PROD: PROD-20730
Change-Id: I11b6d81ae0f9a7864518f638e8fc423e4e087285
- Add possibility to remove prereq. packages installation BEFORE
* Crucial logic violation - if we don't have any repo\
have them configured in wrong way - stage will always fail.
* install prereq. packages after all - sounds stupid, but correct.
* By default - it will still try to install prereq. We don't want to
broke OLD logic.See readme, how-to overide such behaviour.
- don't update cache per-repo - it's simply useless and may fail due p1.
Run update only once - after all repos configured\reconfigured
- Add new option at system:refresh_repos_meta - for case, when update
should not be run in any case. By default - true.
- remove 99proxies-salt-{{ name }} along with disabled repo
- fix duplicate 'clean_file' option
Closes-Bug: PROD-15992 (PROD:15992)
Change-Id: I4b312f82f65be80e7726f62482978f68c25746a3
Wait for dpdk bond interfaces to come up.
linux.network.dpdk state fails to update a port within for loop
when this port does not exist yet.
Dependency will require interfaces to be added before
Prod-Related: PROD-19696
Closes-Bug: PROD-19696
Change-Id: Ia83218a76dd6e86664e7f9498a76341717eb5b80
Since we added to nstat's telegraf plugin the possibility
to collect data from `/proc/net/softnet_stat` regarding
dropped packets and rx_net_action a.k.a time squeeze, we need to enable
it globally on all hosts.
Also grafana dashboard update to include new graphs + added four
new Prometheus alers.
Related-Bug: PROD-21090
Change-Id: I9dfe87bdc8b677a51e3f305dd3c75c7d4cc4e0d4
nscd is recommended package for libpam-ldapd and libnss-ldapd, but
since we disabled Install-Recommends for apt in
https://gerrit.mcp.mirantis.net/14431 we need to specify this package in
linux formula.
nscd is a daemon which handles passwd, group and host lookups for
running programs and caches the results for the next query.
Change-Id: Ia17441da2b3072d943d0e9225721dc9921de2514
We create custom hugepages mount point for KVM/DPDK with custom
parameters (ownership flags/hugepages size). Need to disable default
mount point, because it can be unexpectedly used by DPDK.
Change-Id: Ibee95422213260e544406391c7a0922f1a41c5c2
Closes-Bug: PROD-14325
- fixed pkgrepo.manage to use/prefer key_url for salt >= 2017.7
- updated syntax for key verificatoin
- fix, avoid curl for salt:// schema (as in #156)
Change-Id: I1b50c287a4030a9cefa1b819017d59cc5fb1c197
The patch adds ability to configure variety logging options
for OVS. In order to configure OVS log options the below pillar
sctructure should be used:
linux:
network:
openvswitch:
enabled: true
logging:
enabled: true
ovsdb:
console: emer
syslog: err
file: info
facility: local0
vswitchd:
console: emer
syslog: err
file: info
facility: local1
Change-Id: I59ef0636447a974215d872259a26beb858495cfb
Related-PROD: PROD-19980