linux/system/user.sls ignores 'shell' option if a
user is system. This is quite strange behavior, and it
breaks CIS:
* 5.4.2 Ensure system accounts are non-login
Change-Id: I32dd44ac4fcc1425ea47eb4cf60acf41f6ce0887
Related-Prod: PROD-20764
- Add possibility to remove prereq. packages installation BEFORE
* Crucial logic violation - if we don't have any repo\
have them configured in wrong way - stage will always fail.
* install prereq. packages after all - sounds stupid, but correct.
* By default - it will still try to install prereq. We don't want to
broke OLD logic.See readme, how-to overide such behaviour.
- don't update cache per-repo - it's simply useless and may fail due p1.
Run update only once - after all repos configured\reconfigured
- Add new option at system:refresh_repos_meta - for case, when update
should not be run in any case. By default - true.
- remove 99proxies-salt-{{ name }} along with disabled repo
- fix duplicate 'clean_file' option
Closes-Bug: PROD-15992 (PROD:15992)
Change-Id: I4b312f82f65be80e7726f62482978f68c25746a3
We create custom hugepages mount point for KVM/DPDK with custom
parameters (ownership flags/hugepages size). Need to disable default
mount point, because it can be unexpectedly used by DPDK.
Change-Id: Ibee95422213260e544406391c7a0922f1a41c5c2
Closes-Bug: PROD-14325
- fixed pkgrepo.manage to use/prefer key_url for salt >= 2017.7
- updated syntax for key verificatoin
- fix, avoid curl for salt:// schema (as in #156)
Change-Id: I1b50c287a4030a9cefa1b819017d59cc5fb1c197
This is also covers the following CIS items
* CIS 1.7.1.5 Ensure permissions on /etc/issue are configured (Scored)
Change-Id: If8c237ff4db7e9ab7ee244278d28f632e73ecb56
Related-Prod: PROD-19166
saltstack 2017.7 is failing to create user when default group for user is not present, commit which changes this behavior from 2016.3 is a18dbe0c11
Change-Id: I478d632e8aa7303ab2ee32b033478148c18c473d
This patch unifies /etc/motd managing approach for both RedHat and
Ubuntu systems. Providing a string value via linux:system:motd
pillar will configure static /etc/motd and remove dynamic scripts
from /etc/update-motd.d (if present).
update-motd can safely be removed because Ubuntu supports dynamic
motd by pam_motd means since 2009.
Related-Prod: PROD-17287
Change-Id: Ic9b7e18abb12cfe8704717b14dc1237e40715319
Allow hugepages to be used right away. This is a best effort attempt,
as memory might be too fragmented to free enough contiguous regions
for all hugepages, so early allocation during boot remains the norm.
This allows using ovs-switchd-dpdk without rebooting the node first.
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
The 'system.kernel.elevator' and 'system.kernel.isolcpu' options
have been kept for backward compatibility and should be used in new
fashion way with system.kernel.boot_options parameter.
Change-Id: I51f7167b8b8946500df2065ee6b02bcf21809bc9
This patch implements pam ldap integration for linux host.
Related Prod: PROD-16022
Customer-Found
Change-Id: I2a05cfb4821d176724f03c61253700ef1f4d0bd8
The patches fixes the situation when repo is not defined but
formula tries to get access to source parameter of the repo.
Change-Id: Ifa7b8475bfc2cece6803ab7da7b2d0d5cc12b652
Related-PROD: PROD-17001
Bruno Binet
Dmitry Teselkin
azvyagintsev
Alexandru Avadanii
Ondrej Smola
Martin Polreich
Sergey Kreys
Petr Michalec
Vasyl Saienko
Martin Horak
Dzmitry Stremkouski
Oleksii Chupryn
Michael Polenchuk
Michael Fladischer
Richard Felkl
cristinapauna
Sergey Otpuschennikov
Oleh Hryhorov
Jiri Broulik