ad85db09b0
Remove non-existent CIS items
Change-Id: I91bfb8e2a06fc0499addd376db9e38483a6756d0
6 years ago
af730f9602
CIS compliance (sysctl, limits)
* CIS 1.5.1 Ensure core dumps are restricted
* CIS 1.5.3 Ensure address space layout randomization (ASLR) is enabled
* CIS 3.1.2 Ensure packet redirect sending is disabled
* CIS 3.2.1 Ensure source routed packets are not accepted
* CIS 3.2.2 Ensure ICMP redirects are not accepted
* CIS 3.2.3 Ensure secure ICMP redirects are not accepted
* CIS 3.2.4 Ensure suspicious packets are logged
* CIS 3.2.5 Ensure broadcast ICMP requests are ignored
* CIS 3.2.6 Ensure bogus ICMP responses are ignored
* CIS 3.2.7 Ensure Reverse Path Filtering is enabled
* CIS 3.2.8 Ensure TCP SYN Cookies is enabled
All sysctls are valid for Ubuntu 14.04, Ubuntu 16.04.
Change-Id: I48f34c55d97a78c253d4810db46b2a04ff5c0c1a
6 years ago
cf1b5b322a
Revert "CIS compliance (modprobe.d)"
This reverts commit d87f461319
6 years ago
d87f461319
CIS compliance (modprobe.d)
* CIS 1.1.1.1 Ensure mounting of cramfs filesystems is disabled
* CIS 1.1.1.2 Ensure mounting of freevxfs filesystems is disabled
* CIS 1.1.1.3 Ensure mounting of jffs2 filesystems is disabled
* CIS 1.1.1.4 Ensure mounting of hfs filesystems is disabled
* CIS 1.1.1.5 Ensure mounting of hfsplus filesystems is disabled
* CIS 1.1.1.6 Ensure mounting of squashfs filesystems is disabled
* CIS 1.1.1.7 Ensure mounting of udf filesystems is disabled
* CIS 1.1.1.8 Ensure mounting of FAT filesystems is disabled
* CIS 3.5.1 Ensure DCCP is disabled
* CIS 3.5.2 Ensure SCTP is disabled
* CIS 3.5.3 Ensure RDS is disabled
* CIS 3.5.4 Ensure TIPC is disabled
Related-Prod: PROD-20756
Related-Prod: PROD-20757
Related-Prod: PROD-20758
Related-Prod: PROD-20759
Change-Id: I719984829978caf0401e78daaabf1adfb0d1cfdf
6 years ago
809834c85e
Extend modprobe files functionality
Support full set of options defined in
man modprobe.d
Change-Id: I3d30b6bc261ef308ae6afd963f13fda1e4b22c0d
6 years ago
4bf87625a6
Fix pillar tests
* Update run_tests.sh to the latest revision
* drop odd .kitchen.vagrant.yml
Related-Bug: PROD-20730 (PROD:20730)
Change-Id: I367800a60ad17020700a76670d1216dfdfcfe692
7 years ago
42b64a1f29
Misc fixes
* Add\fix __virtual__ for modules
* Remove unneded multiline for repo.sls
Change-Id: I1f8d321b68dfe6a44264b4ddcd6cd0c576938da1
6 years ago
081647356f
Merge "CIS 3.3.3 Ensure IPv6 is disabled"
6 years ago
b7c2ef4b57
Fix linux_enforce_hostname for test env
* Add TODO-proper fix for state - native salt fun.
But due bug[1] in saltstack - we can't enable
proper solution now
[1] 74599bbdfc
6 years ago
cc7263a275
CIS 3.3.3 Ensure IPv6 is disabled
Related-Prod: PROD-20755
Change-Id: I44cc3bdb4a0436ff17f790a828d03697b89d3520
6 years ago
7903ba97da
Refactor pillar repo key fetch
Change-Id: I511996de9d8abc69d6775b45482f8196c7159a1a
6 years ago
2828f5fcd4
README update
Change-Id: I70a28cac5c07fb3093b6038a0c448d16847a42e3
6 years ago
b08a9144f7
Merge branch 'master' of github.com:salt-formulas/salt-formula-linux
Change-Id: I5468d69c362cbd2e71a064bd2bc89f843fbefe7e
6 years ago
45cf452dbb
Fix global proxy processing
* Fix processing disabled repo
* Extend tests for such case
Change-Id: Ib3243f2b3e70aecef65273be215b30613b8df025
Closes-Bug: PROD-21954 (PROD:21954)
6 years ago
21c68864a9
Merge pull request #163 from alexandruavadanii/fix-duplicate-ids
system:repo: Fix duplicate file.absent sls IDs
6 years ago
5df87a1a13
system:repo: Fix duplicate file.absent sls IDs
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
6 years ago
c6f75efb50
Merge "Fix|change system.repo update logic"
6 years ago
ff089d2428
Fix|change system.repo update logic
- Add possibility to remove prereq. packages installation BEFORE
* Crucial logic violation - if we don't have any repo\
have them configured in wrong way - stage will always fail.
* install prereq. packages after all - sounds stupid, but correct.
* By default - it will still try to install prereq. We don't want to
broke OLD logic.See readme, how-to overide such behaviour.
- don't update cache per-repo - it's simply useless and may fail due p1.
Run update only once - after all repos configured\reconfigured
- Add new option at system:refresh_repos_meta - for case, when update
should not be run in any case. By default - true.
- remove 99proxies-salt-{{ name }} along with disabled repo
- fix duplicate 'clean_file' option
Closes-Bug: PROD-15992 (PROD:15992)
Change-Id: I4b312f82f65be80e7726f62482978f68c25746a3
6 years ago
adb655e604
Fix dependency for dpdk bond interfaces.
Wait for dpdk bond interfaces to come up.
linux.network.dpdk state fails to update a port within for loop
when this port does not exist yet.
Dependency will require interfaces to be added before
Prod-Related: PROD-19696
Closes-Bug: PROD-19696
Change-Id: Ia83218a76dd6e86664e7f9498a76341717eb5b80
6 years ago
ee7c76af8b
Enable nstat input plugin for softnet_stat data
Since we added to nstat's telegraf plugin the possibility
to collect data from `/proc/net/softnet_stat` regarding
dropped packets and rx_net_action a.k.a time squeeze, we need to enable
it globally on all hosts.
Also grafana dashboard update to include new graphs + added four
new Prometheus alers.
Related-Bug: PROD-21090
Change-Id: I9dfe87bdc8b677a51e3f305dd3c75c7d4cc4e0d4
6 years ago
f27f4367d3
0-change sugar
* Make system.repo more readable
Change-Id: I0f28e71f4b00422a70006559525e5be24c4cb065
6 years ago
6040a3f96d
added indexing for sysfs id
related bug: PROD-21512
Change-Id: I874535dbc6882ad49f133999209ae6a4c3bde403
6 years ago
4fcd5c0eae
Enable setting home dir permissions
Fixes: PROD-21350
Change-Id: If5a4473296e4d2cb6a80cb7397ac38a66011f39d
6 years ago
2a52a52057
Install nscd for caching LDAP queries
nscd is recommended package for libpam-ldapd and libnss-ldapd, but
since we disabled Install-Recommends for apt in
https://gerrit.mcp.mirantis.net/14431 we need to specify this package in
linux formula.
nscd is a daemon which handles passwd, group and host lookups for
running programs and caches the results for the next query.
Change-Id: Ia17441da2b3072d943d0e9225721dc9921de2514
6 years ago
563f47cfac
Merge "added possibility to use list for sysfs params"
6 years ago
ef9bd76e4b
added possibility to use list for sysfs params
Change-Id: Id9ffc5cbbbb10fd6136d459ed461151a1800e857
related-bug: PROD-21205
6 years ago
2c34cb1489
vlan pkg for interfaces
PROD-20944
Change-Id: I9ef98b529d57171cf17c33597fd6af69d2f43a41
6 years ago
f546f9582f
Revert "Add monitoring for cron job"
As we resign to develop full-stack solution to monitor cron jobs
This reverts commit 697ce4bf04
6 years ago
697ce4bf04
Add monitoring for cron job
Change-Id: I710b65decf6697d0bb5d21fc3fc2d332b78119c5
Closes-bug: PROD-21073
6 years ago
792316452f
Merge "Add ability to configure VLAN tag on patch port"
6 years ago
a0c0ccda99
Rationalize Linux dashboards
Change-Id: I6b21bed3dd2c632af8274769b562f366c4057b82
Closes-Prod: PROD-20090
6 years ago
d7be9fca73
Merge "Disable creation of /dev/hugepages mount point"
6 years ago
694ee72f51
Add ability to configure VLAN tag on patch port
Change-Id: I41f6e9c4feed93d03ac0479f9bd3626e48ad8063
Co-Authored-By: Michael Polenchuk <mpolenchuk@mirantis.com>
Closes-Bug: PROD-20729
6 years ago
b1c8a3022f
Disable creation of /dev/hugepages mount point
We create custom hugepages mount point for KVM/DPDK with custom
parameters (ownership flags/hugepages size). Need to disable default
mount point, because it can be unexpectedly used by DPDK.
Change-Id: Ibee95422213260e544406391c7a0922f1a41c5c2
Closes-Bug: PROD-14325
6 years ago
9f30456a0e
Fix, system.repo don't use curl if not needed
- fixed pkgrepo.manage to use/prefer key_url for salt >= 2017.7
- updated syntax for key verificatoin
- fix, avoid curl for salt:// schema (as in #156 )
Change-Id: I1b50c287a4030a9cefa1b819017d59cc5fb1c197
6 years ago
4a23e4d201
Revert "Fix, system.repo don't use curl on fixed pkgrepo.manage"
Commit totally broke all deployment CI job.
This reverts commit 24477c590b
6 years ago
24477c590b
Fix, system.repo don't use curl on fixed pkgrepo.manage
Change-Id: Id5b5a44f3dfbbdd60442fd2f273b72557fa9e191
6 years ago
38727e21df
Merge "Cosmetic changes for alerts"
6 years ago
da2b13611a
Use json serializer instead of yaml to fix serialization of long lines
Yaml serializer splits long lines into multiple lines, which causes salt
parsing of generated yaml to fail.
6 years ago
97242f156a
Cosmetic changes for alerts
Change-Id: I9e8464e3ee5ef28ca5eb7eb84e645e42fb6576cd
Closes-bug: PROD-20466
6 years ago
eda3823a09
Fix default_repo requirments
Change-Id: I2d374a589e18f38f91beac9514ff5bf3c034d637
6 years ago
e959ef234a
Merge "Fix system:repo"
6 years ago
41b86940bb
Merge pull request #152 from bbinet/file.serialize
Add support file.serialize in linux:system:file
6 years ago
9c2fe220a8
Add support file.serialize in linux:system:file
Ensure presence of file to be serialized through one of the serializer modules
(see: https://docs.saltstack.com/en/latest/ref/serializers/all/index.html ):
6 years ago
6f5e69e2bf
Fix system:repo
* Currently, 'key' was processed only for default repos
* Remove double-definition
* Re-use idempotent fix
Co-Authored-By: Dennis Dmitriev <ddmitriev@mirantis.com>
Change-Id: Ic733f671b39e7b4a8d8e0a83515b6b0632c3a41b
6 years ago
64113f1216
Merge pull request #150 from horakmar/repo-key-via-proxy
Workaround for fetching repo keys via proxy.
6 years ago
7752d48fac
Merge pull request #151 from salt-formulas/atp-proxy
Fixed https apt proxy to same host as http
6 years ago
d620630de5
Fixed https apt proxy to same host as http
6 years ago
9673a18fba
Fixed curl to follow redirections.
6 years ago
ceb6686d71
Fix syntax - add quotes.
6 years ago
Dmitry Teselkin
Aleksey Zvyagintsev
Dennis Dmitriev
Vasyl Saienko
OlgaGusarenko
Martin Polreich
Filip Pytloun
Alexandru Avadanii
Dzmitry Stremkouski
Mateusz Matuszkowiak
Ondrej Smola
Alexander Noskov
Richard Felkl
Jiri Broulik
mkobus
Ondrej Smola
Dmitry Kalashnik
Petr Jediny
Oleksii Chupryn
Sergey Kreys
Petr Michalec
Bruno Binet
mcp-jenkins
Aleš Komárek
Martin Horak