517a910f29
Don't try to update timezone when grain noservices is set
as it will fail because dbus service is not running
Change-Id: I498f5b09b146c643f4d53ab0cb65146274f12b5d
6年前
75a4eb54a6
Disable cis-3-3-3 rule
Change-Id: I956da1f26e500eae693827ed5dce0f7e65e291bc
Closes-Bug: PROD-22520 (PROD:22520)
6年前
ad85db09b0
Remove non-existent CIS items
Change-Id: I91bfb8e2a06fc0499addd376db9e38483a6756d0
6年前
af730f9602
CIS compliance (sysctl, limits)
* CIS 1.5.1 Ensure core dumps are restricted
* CIS 1.5.3 Ensure address space layout randomization (ASLR) is enabled
* CIS 3.1.2 Ensure packet redirect sending is disabled
* CIS 3.2.1 Ensure source routed packets are not accepted
* CIS 3.2.2 Ensure ICMP redirects are not accepted
* CIS 3.2.3 Ensure secure ICMP redirects are not accepted
* CIS 3.2.4 Ensure suspicious packets are logged
* CIS 3.2.5 Ensure broadcast ICMP requests are ignored
* CIS 3.2.6 Ensure bogus ICMP responses are ignored
* CIS 3.2.7 Ensure Reverse Path Filtering is enabled
* CIS 3.2.8 Ensure TCP SYN Cookies is enabled
All sysctls are valid for Ubuntu 14.04, Ubuntu 16.04.
Change-Id: I48f34c55d97a78c253d4810db46b2a04ff5c0c1a
6年前
cf1b5b322a
Revert "CIS compliance (modprobe.d)"
This reverts commit d87f461319
6年前
d87f461319
CIS compliance (modprobe.d)
* CIS 1.1.1.1 Ensure mounting of cramfs filesystems is disabled
* CIS 1.1.1.2 Ensure mounting of freevxfs filesystems is disabled
* CIS 1.1.1.3 Ensure mounting of jffs2 filesystems is disabled
* CIS 1.1.1.4 Ensure mounting of hfs filesystems is disabled
* CIS 1.1.1.5 Ensure mounting of hfsplus filesystems is disabled
* CIS 1.1.1.6 Ensure mounting of squashfs filesystems is disabled
* CIS 1.1.1.7 Ensure mounting of udf filesystems is disabled
* CIS 1.1.1.8 Ensure mounting of FAT filesystems is disabled
* CIS 3.5.1 Ensure DCCP is disabled
* CIS 3.5.2 Ensure SCTP is disabled
* CIS 3.5.3 Ensure RDS is disabled
* CIS 3.5.4 Ensure TIPC is disabled
Related-Prod: PROD-20756
Related-Prod: PROD-20757
Related-Prod: PROD-20758
Related-Prod: PROD-20759
Change-Id: I719984829978caf0401e78daaabf1adfb0d1cfdf
6年前
809834c85e
Extend modprobe files functionality
Support full set of options defined in
man modprobe.d
Change-Id: I3d30b6bc261ef308ae6afd963f13fda1e4b22c0d
6年前
4bf87625a6
Fix pillar tests
* Update run_tests.sh to the latest revision
* drop odd .kitchen.vagrant.yml
Related-Bug: PROD-20730 (PROD:20730)
Change-Id: I367800a60ad17020700a76670d1216dfdfcfe692
7年前
42b64a1f29
Misc fixes
* Add\fix __virtual__ for modules
* Remove unneded multiline for repo.sls
Change-Id: I1f8d321b68dfe6a44264b4ddcd6cd0c576938da1
6年前
081647356f
Merge "CIS 3.3.3 Ensure IPv6 is disabled"
6年前
b7c2ef4b57
Fix linux_enforce_hostname for test env
* Add TODO-proper fix for state - native salt fun.
But due bug[1] in saltstack - we can't enable
proper solution now
[1] 74599bbdfc
6年前
cc7263a275
CIS 3.3.3 Ensure IPv6 is disabled
Related-Prod: PROD-20755
Change-Id: I44cc3bdb4a0436ff17f790a828d03697b89d3520
6年前
7903ba97da
Refactor pillar repo key fetch
Change-Id: I511996de9d8abc69d6775b45482f8196c7159a1a
6年前
2828f5fcd4
README update
Change-Id: I70a28cac5c07fb3093b6038a0c448d16847a42e3
6年前
b08a9144f7
Merge branch 'master' of github.com:salt-formulas/salt-formula-linux
Change-Id: I5468d69c362cbd2e71a064bd2bc89f843fbefe7e
6年前
45cf452dbb
Fix global proxy processing
* Fix processing disabled repo
* Extend tests for such case
Change-Id: Ib3243f2b3e70aecef65273be215b30613b8df025
Closes-Bug: PROD-21954 (PROD:21954)
6年前
21c68864a9
Merge pull request #163 from alexandruavadanii/fix-duplicate-ids
system:repo: Fix duplicate file.absent sls IDs
6年前
5df87a1a13
system:repo: Fix duplicate file.absent sls IDs
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
6年前
c6f75efb50
Merge "Fix|change system.repo update logic"
6年前
ff089d2428
Fix|change system.repo update logic
- Add possibility to remove prereq. packages installation BEFORE
* Crucial logic violation - if we don't have any repo\
have them configured in wrong way - stage will always fail.
* install prereq. packages after all - sounds stupid, but correct.
* By default - it will still try to install prereq. We don't want to
broke OLD logic.See readme, how-to overide such behaviour.
- don't update cache per-repo - it's simply useless and may fail due p1.
Run update only once - after all repos configured\reconfigured
- Add new option at system:refresh_repos_meta - for case, when update
should not be run in any case. By default - true.
- remove 99proxies-salt-{{ name }} along with disabled repo
- fix duplicate 'clean_file' option
Closes-Bug: PROD-15992 (PROD:15992)
Change-Id: I4b312f82f65be80e7726f62482978f68c25746a3
6年前
adb655e604
Fix dependency for dpdk bond interfaces.
Wait for dpdk bond interfaces to come up.
linux.network.dpdk state fails to update a port within for loop
when this port does not exist yet.
Dependency will require interfaces to be added before
Prod-Related: PROD-19696
Closes-Bug: PROD-19696
Change-Id: Ia83218a76dd6e86664e7f9498a76341717eb5b80
6年前
ee7c76af8b
Enable nstat input plugin for softnet_stat data
Since we added to nstat's telegraf plugin the possibility
to collect data from `/proc/net/softnet_stat` regarding
dropped packets and rx_net_action a.k.a time squeeze, we need to enable
it globally on all hosts.
Also grafana dashboard update to include new graphs + added four
new Prometheus alers.
Related-Bug: PROD-21090
Change-Id: I9dfe87bdc8b677a51e3f305dd3c75c7d4cc4e0d4
6年前
f27f4367d3
0-change sugar
* Make system.repo more readable
Change-Id: I0f28e71f4b00422a70006559525e5be24c4cb065
6年前
6040a3f96d
added indexing for sysfs id
related bug: PROD-21512
Change-Id: I874535dbc6882ad49f133999209ae6a4c3bde403
6年前
4fcd5c0eae
Enable setting home dir permissions
Fixes: PROD-21350
Change-Id: If5a4473296e4d2cb6a80cb7397ac38a66011f39d
6年前
2a52a52057
Install nscd for caching LDAP queries
nscd is recommended package for libpam-ldapd and libnss-ldapd, but
since we disabled Install-Recommends for apt in
https://gerrit.mcp.mirantis.net/14431 we need to specify this package in
linux formula.
nscd is a daemon which handles passwd, group and host lookups for
running programs and caches the results for the next query.
Change-Id: Ia17441da2b3072d943d0e9225721dc9921de2514
6年前
563f47cfac
Merge "added possibility to use list for sysfs params"
6年前
ef9bd76e4b
added possibility to use list for sysfs params
Change-Id: Id9ffc5cbbbb10fd6136d459ed461151a1800e857
related-bug: PROD-21205
6年前
2c34cb1489
vlan pkg for interfaces
PROD-20944
Change-Id: I9ef98b529d57171cf17c33597fd6af69d2f43a41
6年前
f546f9582f
Revert "Add monitoring for cron job"
As we resign to develop full-stack solution to monitor cron jobs
This reverts commit 697ce4bf04
6年前
697ce4bf04
Add monitoring for cron job
Change-Id: I710b65decf6697d0bb5d21fc3fc2d332b78119c5
Closes-bug: PROD-21073
6年前
792316452f
Merge "Add ability to configure VLAN tag on patch port"
6年前
a0c0ccda99
Rationalize Linux dashboards
Change-Id: I6b21bed3dd2c632af8274769b562f366c4057b82
Closes-Prod: PROD-20090
6年前
d7be9fca73
Merge "Disable creation of /dev/hugepages mount point"
6年前
694ee72f51
Add ability to configure VLAN tag on patch port
Change-Id: I41f6e9c4feed93d03ac0479f9bd3626e48ad8063
Co-Authored-By: Michael Polenchuk <mpolenchuk@mirantis.com>
Closes-Bug: PROD-20729
6年前
b1c8a3022f
Disable creation of /dev/hugepages mount point
We create custom hugepages mount point for KVM/DPDK with custom
parameters (ownership flags/hugepages size). Need to disable default
mount point, because it can be unexpectedly used by DPDK.
Change-Id: Ibee95422213260e544406391c7a0922f1a41c5c2
Closes-Bug: PROD-14325
6年前
9f30456a0e
Fix, system.repo don't use curl if not needed
- fixed pkgrepo.manage to use/prefer key_url for salt >= 2017.7
- updated syntax for key verificatoin
- fix, avoid curl for salt:// schema (as in #156 )
Change-Id: I1b50c287a4030a9cefa1b819017d59cc5fb1c197
6年前
4a23e4d201
Revert "Fix, system.repo don't use curl on fixed pkgrepo.manage"
Commit totally broke all deployment CI job.
This reverts commit 24477c590b
6年前
24477c590b
Fix, system.repo don't use curl on fixed pkgrepo.manage
Change-Id: Id5b5a44f3dfbbdd60442fd2f273b72557fa9e191
6年前
38727e21df
Merge "Cosmetic changes for alerts"
6年前
97242f156a
Cosmetic changes for alerts
Change-Id: I9e8464e3ee5ef28ca5eb7eb84e645e42fb6576cd
Closes-bug: PROD-20466
6年前
eda3823a09
Fix default_repo requirments
Change-Id: I2d374a589e18f38f91beac9514ff5bf3c034d637
6年前
e959ef234a
Merge "Fix system:repo"
6年前
41b86940bb
Merge pull request #152 from bbinet/file.serialize
Add support file.serialize in linux:system:file
6年前
9c2fe220a8
Add support file.serialize in linux:system:file
Ensure presence of file to be serialized through one of the serializer modules
(see: https://docs.saltstack.com/en/latest/ref/serializers/all/index.html ):
6年前
6f5e69e2bf
Fix system:repo
* Currently, 'key' was processed only for default repos
* Remove double-definition
* Re-use idempotent fix
Co-Authored-By: Dennis Dmitriev <ddmitriev@mirantis.com>
Change-Id: Ic733f671b39e7b4a8d8e0a83515b6b0632c3a41b
6年前
64113f1216
Merge pull request #150 from horakmar/repo-key-via-proxy
Workaround for fetching repo keys via proxy.
6年前
7752d48fac
Merge pull request #151 from salt-formulas/atp-proxy
Fixed https apt proxy to same host as http
6年前
d620630de5
Fixed https apt proxy to same host as http
6年前
9673a18fba
Fixed curl to follow redirections.
6年前
Bruno Binet
azvyagintsev
Dmitry Teselkin
Dennis Dmitriev
Vasyl Saienko
OlgaGusarenko
Martin Polreich
Filip Pytloun
Alexandru Avadanii
Dzmitry Stremkouski
Mateusz Matuszkowiak
Ondrej Smola
Alexander Noskov
Richard Felkl
Jiri Broulik
mkobus
Ondrej Smola
Dmitry Kalashnik
Petr Jediny
Oleksii Chupryn
Sergey Kreys
Petr Michalec
mcp-jenkins
Aleš Komárek
Martin Horak