This is also covers the following CIS items
* CIS 1.7.1.5 Ensure permissions on /etc/issue are configured (Scored)
Change-Id: If8c237ff4db7e9ab7ee244278d28f632e73ecb56
Related-Prod: PROD-19166
The patch makes IP address flush for external network
interface where IP address is assigned automatically
however an IP address from the same IP range is hardcoded in
the model.
Change-Id: I4220a635a96a031ad74dca1034c917e7d87d4b11
Related-PROD: PROD-19504
saltstack 2017.7 is failing to create user when default group for user is not present, commit which changes this behavior from 2016.3 is a18dbe0c11
Change-Id: I478d632e8aa7303ab2ee32b033478148c18c473d
This patch unifies /etc/motd managing approach for both RedHat and
Ubuntu systems. Providing a string value via linux:system:motd
pillar will configure static /etc/motd and remove dynamic scripts
from /etc/update-motd.d (if present).
update-motd can safely be removed because Ubuntu supports dynamic
motd by pam_motd means since 2009.
Related-Prod: PROD-17287
Change-Id: Ic9b7e18abb12cfe8704717b14dc1237e40715319
Issue: First time you configure dpdk ovs switch it would stuck on
answering salt-minion because kernel options, such as
intel_iommu,iommu,isolcpus, are not set and ovs would
exhaust all hugepages and fail to apply options on the fly.
Fix: Configure ovs switch without waiting for an answer and
reboot the node afterall as we do this all the time before
starting automated pipeline.
Change-Id: Ica27a6cc47312bcc0762cddde049a0abf771f9fb
Previously there were no dependency and as result we tried to add port to
non existent bridge.
Change-Id: I69ad6a6faecf399185a72650e8dbeb019b6fbc05
Related-Prod: PROD-18112
Current state of distro packages systemd unit deps (extract):
- dpdk.service wants network-pre.target;
- network-pre.target wants openvswitch-nonetwork.service;
- openvswitch-switch.service wants openvswitch-nonetwork.service,
network.target;
However, openvswitch-nonetwork requires ports to be bound already,
handled by dpdk service. On system boot, since openvswitch-nonetwork
starts before dpdk (succesfully, despite the binding issue), and the
ulterior start of openvswitch-switch does not trigger a restart, the
system is left in a slightly broken state, fixed by restarting either
of the openvswitch-* services.
To avoid another race condition leading to dead openvswitch-switch,
restart the openvswitch-nonetwork service directly.
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
On mirror.fuel-infra.org there is a package
td-agent-additional-plugins which ships all the additional
fluentd gems (plugins and its deps).
Change-Id: I0f66c793de67e9574d38b30ee3f62d534aa0bb75
Related-Bug: PROD-17532
By default, the alternative installed by `openvswitch-switch`
packages shadows (higher prio) `openvswitch-switch-dpdk` version,
e.g. for UCA Pike packages:
$ update-alternatives --query ovs-vswitchd
Alternative: /usr/lib/openvswitch-switch-dpdk/ovs-vswitchd-dpdk
Priority: 50
Alternative: /usr/lib/openvswitch-switch/ovs-vswitchd
Priority: 100
To avoid confusion, when DPDK is enabled and ovs-vswitchd-dpdk
should be used, remove the alternative for classic ovs-vswitchd
(which can easily be re-eneabled later if needed).
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Allow hugepages to be used right away. This is a best effort attempt,
as memory might be too fragmented to free enough contiguous regions
for all hugepages, so early allocation during boot remains the norm.
This allows using ovs-switchd-dpdk without rebooting the node first.
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Its possible for fluentd to match and report false positives with
current regex for hdd errors. The following log example line:
failed to deactivate service binding for container
jenkins_slave02.1.tijvdstzxrs6gikbwrtu85078" error=
can be catched by the regex and report about the (false positive)
issue will be sent to prometheus. So the new regex must be more strict,
in order to avoid such alerts.
Change-Id: Ieb27ca39a32ad7bf6e1d0e88d564405e460a4f5f
Closes-Bug: PROD-17883
This patch fixes issue with duplicate task IDs when multiple
loopback devices should be added, and they stored in the same
directory.
Change-Id: Iae0027b6ee187f5366967e667380dfb3eae232fc
Related-Prod: PROD-17620