ExternalMirrors
/
linux-formula
espelhamento de https://github.com/salt-formulas/salt-formula-linux
Observar 1
Favorito 0
Fork 1
Código Issues 0 Versões 8 Wiki Atividade
Saltstack Official Linux Formula
Você não pode selecionar mais de 25 tópicos Os tópicos devem começar com uma letra ou um número, podem incluir traços ('-') e podem ter até 35 caracteres.
778 Commits
26 Branches
Branch: master
Branches Tags
${ item.name }
Criar branch ${ searchTerm }
de master
${ noResults }
linux-formula/linux/map.jinja

503 linhas
13KB
Original Link permanente Anotar Histórico 

  1. {% set system = salt['grains.filter_by']({

  2.     'Arch': {

  3.         'pkgs': ['sudo', 'vim', 'wget'],

  4.         'utc': true,

  5.         'user': {},

  6.         'group': {},

  7.         'job': {},

  8.         'limit': {},

  9.         'locale': {},

  10.         'motd': {},

  11.         'env': {},

  12.         'profile': {},

  13.         'proxy': {},

  14.         'repo': {},

  15.         'package': {},

  16.         'autoupdates': {

  17.           'pkgs': []

  18.          },

  19.         'selinux': 'permissive',

  20.         'ca_certs_dir': '/usr/local/share/ca-certificates',

  21.         'ca_certs_bin': 'update-ca-certificates',

  22.         'atop': {

  23.              'enabled': false,

  24.              'interval': '20',

  25.              'autostart': true,

  26.              'logpath': '/var/log/atop',

  27.              'outfile': '/var/log/atop/daily.log'

  28.          },

  29.         'at': {

  30.              'pkgs': [],

  31.              'services': []

  32.         },

  33.         'cron': {

  34.              'pkgs': [],

  35.              'services': []

  36.         },

  37.     },

  38.     'Debian': {

  39.         'pkgs': ['python-apt', 'apt-transport-https', 'libmnl0'],

  40.         'utc': true,

  41.         'user': {},

  42.         'group': {},

  43.         'job': {},

  44.         'limit': {},

  45.         'locale': {},

  46.         'motd': {},

  47.         'env': {},

  48.         'profile': {},

  49.         'proxy': {},

  50.         'repo': {},

  51.         'package': {},

  52.         'autoupdates': {

  53.              'pkgs': ['unattended-upgrades']

  54.          },

  55.         'selinux': 'permissive',

  56.         'ca_certs_dir': '/usr/local/share/ca-certificates',

  57.         'ca_certs_bin': 'update-ca-certificates',

  58.         'atop': {

  59.              'enabled': false,

  60.              'interval': '20',

  61.              'autostart': true,

  62.              'logpath': '/var/log/atop',

  63.              'outfile': '/var/log/atop/daily.log'

  64.          },

  65.         'at': {

  66.              'pkgs': ['at'],

  67.              'services': ['atd'],

  68.              'user': {}

  69.          },

  70.         'cron': {

  71.              'pkgs': ['cron'],

  72.              'services': ['cron'],

  73.              'user': {}

  74.          },

  75.     },

  76.     'RedHat': {

  77.         'pkgs': ['policycoreutils', 'policycoreutils-python', 'telnet', 'wget'],

  78.         'utc': true,

  79.         'user': {},

  80.         'group': {},

  81.         'job': {},

  82.         'limit': {},

  83.         'locale': {},

  84.         'motd': {},

  85.         'env': {},

  86.         'profile': {},

  87.         'proxy': {},

  88.         'repo': {},

  89.         'package': {},

  90.         'autoupdates': {

  91.              'pkgs': []

  92.          },

  93.         'selinux': 'permissive',

  94.         'ca_certs_dir': '/etc/pki/ca-trust/source/anchors',

  95.         'ca_certs_bin': 'update-ca-trust extract',

  96.         'atop': {

  97.              'enabled': false,

  98.              'interval': '20',

  99.              'autostart': true,

  100.              'logpath': '/var/log/atop',

  101.              'outfile': '/var/log/atop/daily.log'

  102.          },

  103.         'at': {

  104.              'pkgs': [],

  105.              'services': []

  106.         },

  107.         'cron': {

  108.              'pkgs': [],

  109.              'services': []

  110.         },

  111.     },

  112. }, merge=salt['grains.filter_by']({

  113.     'bullseye': {

  114.         'pkgs': ['python3-apt', 'apt-transport-https', 'libmnl0'],

  115.     },

  116.     'bookworm': {

  117.         'pkgs': ['python3-apt', 'apt-transport-https', 'libmnl0'],

  118.     },

  119.     'sid': {

  120.         'pkgs': ['python3-apt', 'apt-transport-https', 'libmnl0'],

  121.     },

  122.     'jammy': {

  123.         'pkgs': ['python3-apt', 'apt-transport-https', 'libmnl0'],

  124.     },

  125. }, grain='oscodename', merge=salt['pillar.get']('linux:system'))) %}

  126. 

  127. {% set banner = salt['grains.filter_by']({

  128.     'BaseDefaults': {

  129.         'enabled': false,

  130.     },

  131. }, grain='os_family', merge=salt['pillar.get']('linux:system:banner'), base='BaseDefaults') %}

  132. 

  133. {% set auth = salt['grains.filter_by']({

  134.     'Arch': {

  135.         'enabled': false,

  136.         'duo': {

  137.             'enabled': false,

  138.             'duo_host': 'localhost',

  139.             'duo_ikey': '',

  140.             'duo_skey': ''

  141.         }

  142.     },

  143.     'RedHat': {

  144.         'enabled': false,

  145.         'duo': {

  146.             'enabled': false,

  147.             'duo_host': 'localhost',

  148.             'duo_ikey': '',

  149.             'duo_skey': ''

  150.         }

  151.     },

  152.     'Debian': {

  153.         'enabled': false,

  154.         'duo': {

  155.             'enabled': false,

  156.             'duo_host': 'localhost',

  157.             'duo_ikey': '',

  158.             'duo_skey': ''

  159.         }

  160.     },

  161. }, grain='os_family', merge=salt['pillar.get']('linux:system:auth')) %}

  162. 

  163. {% set ldap = salt['grains.filter_by']({

  164.     'RedHat': {

  165.         'enabled': false,

  166.         'pkgs': ['openldap-clients', 'nss-pam-ldapd', 'authconfig', 'nscd'],

  167.         'version': '3',

  168.         'scope': 'sub',

  169.         'uid': 'nslcd',

  170.         'gid': 'nslcd',

  171.     },

  172.     'Debian': {

  173.         'enabled': false,

  174.         'pkgs': ['libnss-ldapd', 'libpam-ldapd', 'nscd'],

  175.         'version': '3',

  176.         'scope': 'sub',

  177.         'uid': 'nslcd',

  178.         'gid': 'nslcd',

  179.     },

  180. }, grain='os_family', merge=salt['pillar.get']('linux:system:auth:ldap')) %}

  181. 

  182. {%- load_yaml as login_defs_defaults %}

  183. Debian:

  184.     CHFN_RESTRICT:

  185.         value: 'rwh'

  186.     DEFAULT_HOME:

  187.         value: 'yes'

  188.     ENCRYPT_METHOD:

  189.         value: 'SHA512'

  190.     ENV_PATH:

  191.         value: 'PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games'

  192.     ENV_SUPATH:

  193.         value: 'PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'

  194.     ERASECHAR:

  195.         value: '0177'

  196.     FAILLOG_ENAB:

  197.         value: 'yes'

  198.     FTMP_FILE:

  199.         value: '/var/log/btmp'

  200.     GID_MAX:

  201.         value: '60000'

  202.     GID_MIN:

  203.         value: '1000'

  204.     HUSHLOGIN_FILE:

  205.         value: '.hushlogin'

  206.     KILLCHAR:

  207.         value: '025'

  208.     LOGIN_RETRIES:

  209.         value: '5'

  210.     LOGIN_TIMEOUT:

  211.         value: '60'

  212.     LOG_OK_LOGINS:

  213.         value: 'no'

  214.     LOG_UNKFAIL_ENAB:

  215.         value: 'no'

  216.     MAIL_DIR:

  217.         value: '/var/mail'

  218.     PASS_MAX_DAYS:

  219.         value: '99999'

  220.     PASS_MIN_DAYS:

  221.         value: '0'

  222.     PASS_WARN_AGE:

  223.         value: '7'

  224.     SU_NAME:

  225.         value: 'su'

  226.     SYSLOG_SG_ENAB:

  227.         value: 'yes'

  228.     SYSLOG_SU_ENAB:

  229.         value: 'yes'

  230.     TTYGROUP:

  231.         value: 'tty'

  232.     TTYPERM:

  233.         value: '0600'

  234.     UID_MAX:

  235.         value: '60000'

  236.     UID_MIN:

  237.         value: '1000'

  238.     UMASK:

  239.         value: '022'

  240.     USERGROUPS_ENAB:

  241.         value: 'yes'

  242. {%- endload %}

  243. {%- set login_defs = salt['grains.filter_by'](login_defs_defaults,

  244.     grain='os_family', merge=salt['pillar.get']('linux:system:login_defs')) %}

  245. 

  246. {#    'network_name', #}

  247. 

  248. {% set interface_params = [

  249.     'gateway',

  250.     'mtu',

  251.     'network',

  252.     'broadcast',

  253.     'master',

  254.     'miimon',

  255.     'ovs_ports',

  256.     'ovs_bridge',

  257.     'mode',

  258.     'port_type',

  259.     'peer',

  260.     'lacp-rate',

  261.     'dns-search',

  262.     'up_cmds',

  263.     'pre_up_cmds',

  264.     'post_up_cmds',

  265.     'down_cmds',

  266.     'pre_down_cmds',

  267.     'post_down_cmds',

  268.     'maxwait',

  269.     'stp',

  270.     'gro',

  271.     'rx',

  272.     'tx',

  273.     'sg',

  274.     'tso',

  275.     'ufo',

  276.     'gso',

  277.     'lro',

  278.     'lacp_rate',

  279.     'ad_select',

  280.     'downdelay',

  281.     'updelay',

  282.     'hashing-algorithm',

  283.     'hardware-dma-ring-rx',

  284.     'hwaddr',

  285.     'noifupdown',

  286.     'arp_ip_target',

  287.     'primary',

  288. ] %}

  289. {% set debian_headers = "linux-headers-" + grains.get('kernelrelease')|string %}

  290. {% set network = salt['grains.filter_by']({

  291.     'Arch': {

  292.         'pkgs': ['wpa_supplicant', 'dhclient', 'wireless_tools', 'ifenslave'],

  293.         'bridge_pkgs': ['bridge-utils', 'vlan'],

  294.         'ovs_pkgs': ['openvswitch-switch', 'vlan'],

  295.         'hostname_file': '/etc/hostname',

  296.         'network_manager': False,

  297.         'systemd': {},

  298.         'interface': {},

  299.         'interface_params': interface_params,

  300.         'bridge': 'none',

  301.         'proxy': {

  302.            'host': 'none',

  303.         },

  304.         'host': {},

  305.         'mine_dns_records': False,

  306.         'dhclient_config': '/etc/dhcp/dhclient.conf',

  307.         'ovs_nowait': False,

  308.     },

  309.     'Debian': {

  310.         'pkgs': ['ifenslave'],

  311.         'hostname_file': '/etc/hostname',

  312.         'bridge_pkgs': ['bridge-utils', 'vlan'],

  313.         'ovs_pkgs': ['openvswitch-switch', 'bridge-utils', 'vlan'],

  314.         'dpdk_pkgs': ['dpdk', 'dpdk-dev', 'dpdk-igb-uio-dkms', 'dpdk-rte-kni-dkms', debian_headers.encode('utf8') ],

  315.         'network_manager': False,

  316.         'systemd': {},

  317.         'interface': {},

  318.         'interface_params': interface_params,

  319.         'bridge': 'none',

  320.         'proxy': {

  321.            'host': 'none'

  322.         },

  323.         'host': {},

  324.         'mine_dns_records': False,

  325.         'dhclient_config': '/etc/dhcp/dhclient.conf',

  326.         'ovs_nowait': False,

  327.     },

  328.     'RedHat': {

  329.         'pkgs': ['iputils'],

  330.         'bridge_pkgs': ['bridge-utils', 'vlan'],

  331.         'ovs_pkgs': ['openvswitch-switch', 'bridge-utils', 'vlan'],

  332.         'hostname_file': '/etc/sysconfig/network',

  333.         'network_manager': False,

  334.         'systemd': {},

  335.         'interface': {},

  336.         'interface_params': interface_params,

  337.         'bridge': 'none',

  338.         'proxy': {

  339.            'host': 'none'

  340.         },

  341.         'host': {},

  342.         'mine_dns_records': False,

  343.         'dhclient_config': '/etc/dhcp/dhclient.conf',

  344.         'ovs_nowait': False,

  345.     },

  346. }, grain='os_family', merge=salt['pillar.get']('linux:network')) %}

  347. 

  348. {% set storage = salt['grains.filter_by']({

  349.     'Arch': {

  350.         'mount': {},

  351.         'swap': {},

  352.         'disk': {},

  353.         'lvm': {},

  354.         'lvm_services': ['lvm2-lvmetad', 'lvm2-lvmpolld', 'lvm2-monitor'],

  355.         'loopback': {},

  356.         'nfs': {

  357.              'pkgs': ['nfs-utils']

  358.          },

  359.         'multipath': {

  360.              'enabled': False,

  361.              'pkgs': ['multipath-tools', 'multipath-tools-boot'],

  362.              'service': ''

  363.          },

  364.     },

  365.     'Debian': {

  366.         'mount': {},

  367.         'swap': {},

  368.         'lvm': {},

  369.         'disk': {},

  370.         'lvm_services': ['lvm2-lvmetad', 'lvm2-lvmpolld', 'lvm2-monitor'],

  371.         'loopback': {},

  372.         'nfs': {

  373.              'pkgs': ['nfs-common']

  374.          },

  375.         'multipath': {

  376.              'enabled': False,

  377.              'pkgs': ['multipath-tools', 'multipath-tools-boot'],

  378.              'service': 'multipath-tools'

  379.          },

  380.         'lvm_pkgs': ['lvm2'],

  381.     },

  382.     'RedHat': {

  383.         'mount': {},

  384.         'swap': {},

  385.         'lvm': {},

  386.         'disk': {},

  387.         'lvm_services': ['lvm2-lvmetad', 'lvm2-lvmpolld', 'lvm2-monitor'],

  388.         'loopback': {},

  389.         'nfs': {

  390.              'pkgs': ['nfs-utils']

  391.          },

  392.         'multipath': {

  393.              'enabled': False,

  394.              'pkgs': [],

  395.              'service': 'multipath'

  396.          },

  397.     },

  398. }, merge=salt['grains.filter_by']({

  399.     'CentOS Stream 8': {

  400.       'lvm_services': ['lvm2-lvmpolld', 'lvm2-monitor'],

  401.     },

  402.     'jammy': {

  403.       'lvm_services': ['lvm2-monitor'],

  404.     },

  405.     'focal': {

  406.       'lvm_services': ['lvm2-monitor'],

  407.     },

  408.     'buster': {

  409.         'lvm_services': ['lvm2-monitor'],

  410.     },

  411.     'bullseye': {

  412.         'lvm_services': ['lvm2-monitor'],

  413.     },

  414.     'bookworm': {

  415.         'lvm_services': ['lvm2-monitor'],

  416.     },

  417.     'sid': {

  418.         'lvm_services': ['lvm2-monitor'],

  419.     },

  420.     'trusty': {

  421.         'lvm_services': ['udev'],

  422.     },

  423. }, grain='oscodename', merge=salt['pillar.get']('linux:storage'))) %}

  424. 

  425. {% set monitoring = salt['grains.filter_by']({

  426.     'default': {

  427.         'bond_status': {

  428.             'interfaces': False

  429.         },

  430.         'zombie': {

  431.             'warn': 3,

  432.             'crit': 7,

  433.         },

  434.         'procs': {

  435.             'warn': 5000,

  436.             'crit': 10000,

  437.         },

  438.         'load': {

  439.             'warn': '6,4,2',

  440.             'crit': '12,8,4',

  441.         },

  442.         'swap': {

  443.             'warn': '50%',

  444.             'crit': '20%',

  445.         },

  446.         'disk': {

  447.             'warn': '15%',

  448.             'crit': '5%',

  449.         },

  450.         'netlink': {

  451.             'interfaces': [],

  452.             'interface_regex': '^[a-z0-9]+$',

  453.             'ignore_selected': False,

  454.         },

  455.         'cpu_usage_percentage': {

  456.               'warn': 90.0,

  457.         },

  458.         'memory_usage_percentage': {

  459.             'warn': 90.0,

  460.             'major': 95.0,

  461.         },

  462.         'disk_usage_percentage': {

  463.             'warn': 85.0,

  464.             'major': 95.0,

  465.         },

  466.         'swap_usage_percentage': {

  467.             'warn': 50.0,

  468.             'minor': 90.0,

  469.         },

  470.         'inodes_usage_percentage': {

  471.             'warn': 85.0,

  472.             'major': 95.0,

  473.         },

  474.         'system_load_threshold': {

  475.             'warn': 1,

  476.             'crit': 2,

  477.         },

  478.         'rx_packets_dropped_threshold': {

  479.             'warn': 100,

  480.         },

  481.         'tx_packets_dropped_threshold': {

  482.             'warn': 100,

  483.         },

  484.         'swap_in_rate': {

  485.             'warn': 1024 * 1024,

  486.         },

  487.         'swap_out_rate': {

  488.             'warn': 1024 * 1024,

  489.         },

  490.         'failed_auths_threshold': {

  491.             'warn': 5,

  492.         },

  493.         'net_rx_action_per_cpu_threshold': {

  494.             'warning': '500',

  495.             'minor': '5000'

  496.         },

  497.         'packets_dropped_per_cpu_threshold': {

  498.             'minor': '0',

  499.             'major': '100'

  500.         }

  501.     },

  502. }, grain='os_family', merge=salt['pillar.get']('linux:monitoring')) %}