* Update file.sls
add replace
* Update file.sls
update replace
* Update job.sls
Added the opportunity to set a job with a special keyword like '@reboot' or '@hourly'. Quotes must be used, otherwise PyYAML will strip the '@' sign.
https://docs.saltstack.com/en/master/ref/states/all/salt.states.cron.html
* Update README.rst
Added the opportunity to set a job with a special keyword like '@reboot' or '@hourly'. Quotes must be used, otherwise PyYAML will strip the '@' sign.
* Update README.rst
* fix(deprecation): update to new method (#214)
Signed-off-by: Felipe Zipitria <fzipitria@perceptyx.com>
* Allow swap to be completely disabled
* sort repos so they do not change order every run
* allow use of new state syntax for module.run
The new syntax has been supported since ~2017.
From the docs, in case they change:
! New Style
test.random_hash:
module.run:
- test.random_hash:
- size: 42
- hash_type: sha256
! Legacy Style
test.random_hash:
module.run:
- size: 42
- hash_type: sha256
* Update map.jinja
Add support fpr Ubuntu Focal.
* Update file.sls
added possibility to delete files
* Network resolf.conf handling
the handling as the Resolv.conf is generated and adapted, adapted.
previously the Resolv.conf was created and then through
Overwrite "network.system" in the interface.sls again.
With two search servers that should actually be included.
"search example.com. sudomain.example.com"
but it always became that
search ['example.com.', 'sudomain.example.com']
The resolv.conf was first created correctly but then overwritten again in the interface.sls.
The problem only arises if you don't want to have a "Domain:" in resov.conf
Co-authored-by: Felipe Zipitría <fzipi@fing.edu.uy>
Co-authored-by: Kyle Gullion <kgullion@gmail.com>
Co-authored-by: Matthew Thode <thode@fsi.io>
Co-authored-by: Matthew Thode <mthode@mthode.org>
* Update file.sls
add replace
* Update file.sls
update replace
* Update job.sls
Added the opportunity to set a job with a special keyword like '@reboot' or '@hourly'. Quotes must be used, otherwise PyYAML will strip the '@' sign.
https://docs.saltstack.com/en/master/ref/states/all/salt.states.cron.html
* Update README.rst
Added the opportunity to set a job with a special keyword like '@reboot' or '@hourly'. Quotes must be used, otherwise PyYAML will strip the '@' sign.
* Update README.rst
* fix(deprecation): update to new method (#214)
Signed-off-by: Felipe Zipitria <fzipitria@perceptyx.com>
* Allow swap to be completely disabled
* sort repos so they do not change order every run
* allow use of new state syntax for module.run
The new syntax has been supported since ~2017.
From the docs, in case they change:
! New Style
test.random_hash:
module.run:
- test.random_hash:
- size: 42
- hash_type: sha256
! Legacy Style
test.random_hash:
module.run:
- size: 42
- hash_type: sha256
* Update map.jinja
Add support fpr Ubuntu Focal.
* Update file.sls
added possibility to delete files
Co-authored-by: Felipe Zipitría <fzipi@fing.edu.uy>
Co-authored-by: Kyle Gullion <kgullion@gmail.com>
Co-authored-by: Matthew Thode <thode@fsi.io>
Co-authored-by: Matthew Thode <mthode@mthode.org>
The new syntax has been supported since ~2017.
From the docs, in case they change:
! New Style
test.random_hash:
module.run:
- test.random_hash:
- size: 42
- hash_type: sha256
! Legacy Style
test.random_hash:
module.run:
- size: 42
- hash_type: sha256
* Update file.sls
add replace
* Update file.sls
update replace
* Update job.sls
Added the opportunity to set a job with a special keyword like '@reboot' or '@hourly'. Quotes must be used, otherwise PyYAML will strip the '@' sign.
https://docs.saltstack.com/en/master/ref/states/all/salt.states.cron.html
* Update README.rst
Added the opportunity to set a job with a special keyword like '@reboot' or '@hourly'. Quotes must be used, otherwise PyYAML will strip the '@' sign.
* Update README.rst
* Added journal settings
* Fixed error:
----------
ID: package_duo
Function: pkg.installed
Name: duo-unix
Result: False
Comment: Problem encountered installing package(s). Additional info follows:
errors:
- E: There were unauthenticated packages and -y was used without --allow-unauthenticated
* Removed 2016 system checks as it doesn't support path_join and added 2019 version checks
----------
ID: package_duo
Function: pkg.installed
Name: duo-unix
Result: False
Comment: Problem encountered installing package(s). Additional info follows:
errors:
- E: There were unauthenticated packages and -y was used without --allow-unauthenticated
System modules are enables by default. But they should only be enables if
in pillars defined and supported by os_family.
Support for Redhat os_family systems is missing in at and cron #174
Linux bridges are automatically set UP when
any parent interface is UP.
But for OVS bridges it doesn't work.
For dpdk and non-dpdk bridges, always create a
config file in /etc/network/interfaces.u/ and
bring the bridge interface up after it is configured,
even if it doesn't have IP address.
Change-Id: I92888ce0d373e412dfb7ed2e2398c0d4d008e301
Closes-Bug: https://mirantis.jira.com/browse/PROD-24343
Issue description:
PXE interfaces, which are used by salt should not be restarted
during salt calls, otherwise communication between salt master and
salt minion would be interrupted.
Therefore it is possible to specify "noifupdown: True" in pillars
for this interface or group of interfaces, which are used for PXE
network.
This pillar structure will remain until one removes it manualy.
It is not possible to remove it during deploy and enforce network
state without touching the model.
It is possible to override pillars from CLI like:
# salt ctl01* state.apply linux.network.interface \
pillar='{"linux":{"network":{"interface":{"ens3":{"noifupdown":True}}}}}'
However it is not easy/possible to predict all interfaces for PXE
network.
Solution:
Provide global noifupdown pillar value check.
If it exists, noifupdown will take effect and not otherwise.
So our deployment would have next steps:
- Execute: linux.network.interface pillar='{"linux":{"network":{"noifupdown":True}}}'
- Reboot node to enable kernel params like hugepages etc.
- Execute: linux.network.interface with no params to ensure PXE.
Pipelines may pass this parameter to control noifupdown behavior.
Change-Id: I8863f972c7805e4bf4f9e104d6c0ddf055c39cb1
Current thresholds don't matche real warning/minor values for
the time_squeeze numbers. As a result we have false positive.
Change-Id: I6990c101fe671c05d75d0640fd6799667b5f3fa1
Related-PROD: PROD-24406 (PROD:24406)
This typo mistake affects behavior of user.present module function
as it uses 'useradd' linux utility under the hood.
Missing USERGROUPS_ENAB parameter == do not create user groups by default.
This change in behavior of useradd util breaks all states, which are relaying
on creation of user group during new user creation procedure, e.g. set up
cassandra backups.
Change-Id: Ie17aae58fc6673b9c5d53bb68f681446f30d0a1a
Related-bug: PROD-23741
https://gerrit.mcp.mirantis.com/25351/ was merged but linux.system.shell
state wasn't included into init.yml and was never used.
This commit fixes this.
Related-Prod: PROD-23581
Change-Id: I89e09247dd2566b8a5b0c0e67e8ca9c789ed57f6
To simplify filtering in Kibana change
systemd.source prefix to record field "source".
Change-Id: I7729ae6721a1050a938370a588d35313f91f971a
Related-bug: PROD-21827 (PROD:21827)
Previous implementation was not able to add port 'dpdk0' to bridge
'br-dpdk0' since both matches 'grep' condition. To fix this we need to
look for port in a particular bridge
Change-Id: Ie83cebc3ab73c45a48f68fae2d6f474743215908
The following parameters defined in /etc/login.defs can
be overridden per-user:
* PASS_MAX_DAYS
* PASS_MIN_DAYS
* PASS_WARN_DAYS
* INACTIVE
Related-Prod: PROD-18386
Change-Id: I5b182128f9dd8a043b48fb86e61febb2fd5c7e0a
* Ubuntu pinning params allow to be used
multiply times. In same time, old `list`
format now allowing to be predictable
iterated inside jinja
Related-Bug: PROD-21604 (PROD:21604)
Change-Id: If1c0f0f834a296b9a19d0af5fc7673c9229a7ac5
Permissions 640 root:root doesn't allow regular user to read
/etc/{at,cron}.allow files, that changes behavior of at / crontab
commands:
* crontab command can't read /etc/cron.allow and allow any user to modify
their crontab files.
* at command can't read /etc/at.allow and deny every user.
at / crontab files have SGID bits set, so setting correct group
on /etc/{at,cron}.allow fixes the issue.
Change-Id: I4a3fc8d8e823498d6715e26307424e3065cbd6ca
* CIS 5.4.4 Ensure default user umask is 027 or more restrictive (Scored)
* CIS 5.4.5 Ensure default user shell timeout is 900 seconds or less (Scored)
Related-Prod: PROD-20765
Change-Id: I5ff5e5bc76e1d87432caec70f2b35eec288e9213