The following parameters defined in /etc/login.defs can
be overridden per-user:
* PASS_MAX_DAYS
* PASS_MIN_DAYS
* PASS_WARN_DAYS
* INACTIVE
Related-Prod: PROD-18386
Change-Id: I5b182128f9dd8a043b48fb86e61febb2fd5c7e0a
* Ubuntu pinning params allow to be used
multiply times. In same time, old `list`
format now allowing to be predictable
iterated inside jinja
Related-Bug: PROD-21604 (PROD:21604)
Change-Id: If1c0f0f834a296b9a19d0af5fc7673c9229a7ac5
* CIS 5.4.4 Ensure default user umask is 027 or more restrictive (Scored)
* CIS 5.4.5 Ensure default user shell timeout is 900 seconds or less (Scored)
Related-Prod: PROD-20765
Change-Id: I5ff5e5bc76e1d87432caec70f2b35eec288e9213
* Add TODO-proper fix for state - native salt fun.
But due bug[1] in saltstack - we can't enable
proper solution now
[1] 74599bbdfc
Related-PROD: PROD-20730
Change-Id: I11b6d81ae0f9a7864518f638e8fc423e4e087285
This is also covers the following CIS items
* CIS 1.7.1.5 Ensure permissions on /etc/issue are configured (Scored)
Change-Id: If8c237ff4db7e9ab7ee244278d28f632e73ecb56
Related-Prod: PROD-19166
The 'system.kernel.elevator' and 'system.kernel.isolcpu' options
have been kept for backward compatibility and should be used in new
fashion way with system.kernel.boot_options parameter.
Change-Id: I51f7167b8b8946500df2065ee6b02bcf21809bc9
This patch implements pam ldap integration for linux host.
Related Prod: PROD-16022
Customer-Found
Change-Id: I2a05cfb4821d176724f03c61253700ef1f4d0bd8
Fixed:
* The udev-rules template is not tested
* Wrong unicode character in the template leads to udev ignoring
the rule completely
* The template is unable to be rendered due to absent import
* udev is not retrigerred with new rules
Change-Id: I134b5e49b883afcc5e34feaaa561d7ca70192796
Closes-Bug: PROD-16649
Currently when OVS-DPDK is enabled, instances fail to spawn
due to permissions mismatch, see nova bug for details:
https://bugs.launchpad.net/nova/+bug/1670950
This patch configures OVS to use a separate dir, created by
nova formula [1].
[1] https://gerrit.mcp.mirantis.net/11213
Related-PROD: PROD-14413
Change-Id: Ia86658b0967b4d35f063c7f6f53e26e78a1fbd39
If ovs port is virtual, we use OVSIntPort to create it.
Otherwise it should be OVSPort.
I've added new key: ovs_port_type to not intersect with current
deployments and not hurt anyone.
I've updated doc to have an example of ovs peering patch.
Customer-Found
Change-Id: Ieddb5fcc02d410c3cc14c89737992690cb5f3975
- Disable sudo for kitchen tests
- No update grub on docker/lxc
- Avoid changing hostname in docker based tests
Change-Id: Ic93ecc4680fb9a44388f494259de28ea9e8a0fc0
To configure:
* set system.netconsole.enabled to true
* create system.netconsole.target dict
* set a record with IP address and MAC and interface as subdict
It works with both static and DHCP interfaces, and applies online.
You could use bash-scripting in netconsole.conf.
You could override the MAC.
See tests/pillar/system.sls for further information.
Change-Id: I1cbde47575eb5d32a34cd6d79a063f42dbea7643
Introduce dpdk support for linux OVS configuration.
It configures dpdk interface bind, ovs dpdk ports, bonding,
parameters for dpdk cpu pmd and set multique queues for specific
ovs dpdk interfaces.
Change-Id: I3f38660bab8db0c2b38f03ed8c94eb10b6b3beb9
Epic: PROD-8957
Epic: PROD-8958
- enable topics on test pillar
- add integration test for sudo enabled groups
- use loop devices only for storage suite
- example inspec test for sudo state