This is also covers the following CIS items
* CIS 1.7.1.5 Ensure permissions on /etc/issue are configured (Scored)
Change-Id: If8c237ff4db7e9ab7ee244278d28f632e73ecb56
Related-Prod: PROD-19166
The patch makes IP address flush for external network
interface where IP address is assigned automatically
however an IP address from the same IP range is hardcoded in
the model.
Change-Id: I4220a635a96a031ad74dca1034c917e7d87d4b11
Related-PROD: PROD-19504
saltstack 2017.7 is failing to create user when default group for user is not present, commit which changes this behavior from 2016.3 is a18dbe0c11
Change-Id: I478d632e8aa7303ab2ee32b033478148c18c473d
This patch unifies /etc/motd managing approach for both RedHat and
Ubuntu systems. Providing a string value via linux:system:motd
pillar will configure static /etc/motd and remove dynamic scripts
from /etc/update-motd.d (if present).
update-motd can safely be removed because Ubuntu supports dynamic
motd by pam_motd means since 2009.
Related-Prod: PROD-17287
Change-Id: Ic9b7e18abb12cfe8704717b14dc1237e40715319
Issue: First time you configure dpdk ovs switch it would stuck on
answering salt-minion because kernel options, such as
intel_iommu,iommu,isolcpus, are not set and ovs would
exhaust all hugepages and fail to apply options on the fly.
Fix: Configure ovs switch without waiting for an answer and
reboot the node afterall as we do this all the time before
starting automated pipeline.
Change-Id: Ica27a6cc47312bcc0762cddde049a0abf771f9fb
Previously there were no dependency and as result we tried to add port to
non existent bridge.
Change-Id: I69ad6a6faecf399185a72650e8dbeb019b6fbc05
Related-Prod: PROD-18112
On mirror.fuel-infra.org there is a package
td-agent-additional-plugins which ships all the additional
fluentd gems (plugins and its deps).
Change-Id: I0f66c793de67e9574d38b30ee3f62d534aa0bb75
Related-Bug: PROD-17532
By default, the alternative installed by `openvswitch-switch`
packages shadows (higher prio) `openvswitch-switch-dpdk` version,
e.g. for UCA Pike packages:
$ update-alternatives --query ovs-vswitchd
Alternative: /usr/lib/openvswitch-switch-dpdk/ovs-vswitchd-dpdk
Priority: 50
Alternative: /usr/lib/openvswitch-switch/ovs-vswitchd
Priority: 100
To avoid confusion, when DPDK is enabled and ovs-vswitchd-dpdk
should be used, remove the alternative for classic ovs-vswitchd
(which can easily be re-eneabled later if needed).
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Allow hugepages to be used right away. This is a best effort attempt,
as memory might be too fragmented to free enough contiguous regions
for all hugepages, so early allocation during boot remains the norm.
This allows using ovs-switchd-dpdk without rebooting the node first.
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Its possible for fluentd to match and report false positives with
current regex for hdd errors. The following log example line:
failed to deactivate service binding for container
jenkins_slave02.1.tijvdstzxrs6gikbwrtu85078" error=
can be catched by the regex and report about the (false positive)
issue will be sent to prometheus. So the new regex must be more strict,
in order to avoid such alerts.
Change-Id: Ieb27ca39a32ad7bf6e1d0e88d564405e460a4f5f
Closes-Bug: PROD-17883
This patch fixes issue with duplicate task IDs when multiple
loopback devices should be added, and they stored in the same
directory.
Change-Id: Iae0027b6ee187f5366967e667380dfb3eae232fc
Related-Prod: PROD-17620
The 'system.kernel.elevator' and 'system.kernel.isolcpu' options
have been kept for backward compatibility and should be used in new
fashion way with system.kernel.boot_options parameter.
Change-Id: I51f7167b8b8946500df2065ee6b02bcf21809bc9
When resolv.conf file is managed by salt, resolvconf service should be disabled
because it overwriting resolv.conf after reboot.
Change-Id: I7ec85872ddbd5f90232d5d41a8171169c779a1c5
This patch implements pam ldap integration for linux host.
Related Prod: PROD-16022
Customer-Found
Change-Id: I2a05cfb4821d176724f03c61253700ef1f4d0bd8
Wipe off this excess meta package from dpdk required packages
list in order to be compatible with UCA repos as well.
Change-Id: Ia0e894e48f2cbb9d911f33756cf5a5508a20179c
Closes-Bug: #PROD-17033
The patches fixes the situation when repo is not defined but
formula tries to get access to source parameter of the repo.
Change-Id: Ifa7b8475bfc2cece6803ab7da7b2d0d5cc12b652
Related-PROD: PROD-17001
* This merge request gives the ability to add shared libaries without set LD_LIBRARY_PATH variable.
1. Generate file in /etc/ld.so.conf.d/
2. update /etc/ld.so.cache with ldconfig command
example pillars:
linux:
system:
enabled: True
ld:
libraries:
java:
- /usr/lib/jvm/jre-openjdk/lib/amd64/server
- /opt/java/jre/lib/amd64/server
* fix format in README.rst for Shared Libraries
* Fix for #137 - change pillar libraries key to library
Fixed:
* The udev-rules template is not tested
* Wrong unicode character in the template leads to udev ignoring
the rule completely
* The template is unable to be rendered due to absent import
* udev is not retrigerred with new rules
Change-Id: I134b5e49b883afcc5e34feaaa561d7ca70192796
Closes-Bug: PROD-16649
Mateusz Matuszkowiak
ibumarskov
Michael Polenchuk
Michel Nederlof
Dmitry Teselkin
Oleh Hryhorov
Ondrej Smola
Oleg Bondarev
Dzmitry Stremkouski
Oleksii Chupryn
Alexandru Avadanii
Michael Fladischer
Richard Felkl
Vasyl Saienko
Bruno Binet
Filip Pytloun
cristinapauna
Sergey Otpuschennikov
Andrey Shestakov
Martin Polreich
Jiri Broulik
Bartosz Kupidura
Petr Michalec
Nick Metz
Denis V. Meltsaykin