This is also covers the following CIS items
* CIS 1.7.1.5 Ensure permissions on /etc/issue are configured (Scored)
Change-Id: If8c237ff4db7e9ab7ee244278d28f632e73ecb56
Related-Prod: PROD-19166
This patch unifies /etc/motd managing approach for both RedHat and
Ubuntu systems. Providing a string value via linux:system:motd
pillar will configure static /etc/motd and remove dynamic scripts
from /etc/update-motd.d (if present).
update-motd can safely be removed because Ubuntu supports dynamic
motd by pam_motd means since 2009.
Related-Prod: PROD-17287
Change-Id: Ic9b7e18abb12cfe8704717b14dc1237e40715319
The 'system.kernel.elevator' and 'system.kernel.isolcpu' options
have been kept for backward compatibility and should be used in new
fashion way with system.kernel.boot_options parameter.
Change-Id: I51f7167b8b8946500df2065ee6b02bcf21809bc9
This patch implements pam ldap integration for linux host.
Related Prod: PROD-16022
Customer-Found
Change-Id: I2a05cfb4821d176724f03c61253700ef1f4d0bd8
* This merge request gives the ability to add shared libaries without set LD_LIBRARY_PATH variable.
1. Generate file in /etc/ld.so.conf.d/
2. update /etc/ld.so.cache with ldconfig command
example pillars:
linux:
system:
enabled: True
ld:
libraries:
java:
- /usr/lib/jvm/jre-openjdk/lib/amd64/server
- /opt/java/jre/lib/amd64/server
* fix format in README.rst for Shared Libraries
* Fix for #137 - change pillar libraries key to library
If ovs port is virtual, we use OVSIntPort to create it.
Otherwise it should be OVSPort.
I've added new key: ovs_port_type to not intersect with current
deployments and not hurt anyone.
I've updated doc to have an example of ovs peering patch.
Customer-Found
Change-Id: Ieddb5fcc02d410c3cc14c89737992690cb5f3975
- Add posibility do delete user password
- Delete any password, if no other option has been passed
- Allow to pass hash\plain password
- Allow to unchange password
Change-Id: Id2b7234ca5d4417475b2114e74840292fc57d0de
This enables a more fine tuned dpdk for better performance.
More details on pmd-rxq-affinity config:
http://docs.openvswitch.org/en/latest/howto/dpdk/
Change-Id: I630c6af94ff733619fb175f522fc515984862ff6
* RIL-267 Adding cpu governor and kernel module opts
* RIL-267 Adding cpu governor and kernel module opts
* RIL-267 Adding cpu governor and kernel module opts
To configure:
* set system.netconsole.enabled to true
* create system.netconsole.target dict
* set a record with IP address and MAC and interface as subdict
It works with both static and DHCP interfaces, and applies online.
You could use bash-scripting in netconsole.conf.
You could override the MAC.
See tests/pillar/system.sls for further information.
Change-Id: I1cbde47575eb5d32a34cd6d79a063f42dbea7643
Config:
linux:
network:
tap_custom_txqueuelen: 10000
in case of configuration parameter defined will create file:
/etc/udev/rules.d/60-net-txqueue.rules
with content:
KERNEL==”tap[0-9a-z\-]*", RUN+="/sbin/ip link set %k txqueuelen 10000"
Add possiblity to add ip address and mtu on dpdk ovs bridge to
be able use VXLAN as tenant segmentation.
Change-Id: I1394d30c5d9935218841b17ff7651dac7b4abefa
Epic: PROD-8957
Martin Polreich
Ondrej Smola
Oleksii Chupryn
Bruno Binet
Dzmitry Stremkouski
Michael Polenchuk
Dmitry Teselkin
Richard Felkl
Jiri Broulik
Nick Metz
Piotr Kruk
Filip Pytloun
Serhiy Ovsianikov
Ales Komarek
Jakub Pavlik
Petr Jediný
azvyagintsev
Oleg Bondarev
Petr Michalec
Andrey Shestakov
teoyaomiqui
Marek Celoud
Jakub Josef
Tomas Kamm
Jiri Broulik
Oleksandr Vlasov
Vladimir Eremin
Aleš Komárek
Andrii Petrenko