|
- {% set system = salt['grains.filter_by']({
- 'Arch': {
- 'pkgs': ['sudo', 'vim', 'wget'],
- 'utc': true,
- 'user': {},
- 'group': {},
- 'job': {},
- 'limit': {},
- 'locale': {},
- 'motd': {},
- 'env': {},
- 'profile': {},
- 'proxy': {},
- 'repo': {},
- 'package': {},
- 'autoupdates': {
- 'pkgs': []
- },
- 'selinux': 'permissive',
- 'ca_certs_dir': '/usr/local/share/ca-certificates',
- 'ca_certs_bin': 'update-ca-certificates',
- 'atop': {
- 'enabled': false,
- 'interval': '20',
- 'autostart': true,
- 'logpath': '/var/log/atop',
- 'outfile': '/var/log/atop/daily.log'
- },
- },
- 'Debian': {
- 'pkgs': ['python-apt', 'apt-transport-https', 'libmnl0'],
- 'utc': true,
- 'user': {},
- 'group': {},
- 'job': {},
- 'limit': {},
- 'locale': {},
- 'motd': {},
- 'env': {},
- 'profile': {},
- 'proxy': {},
- 'repo': {},
- 'package': {},
- 'autoupdates': {
- 'pkgs': ['unattended-upgrades']
- },
- 'selinux': 'permissive',
- 'ca_certs_dir': '/usr/local/share/ca-certificates',
- 'ca_certs_bin': 'update-ca-certificates',
- 'atop': {
- 'enabled': false,
- 'interval': '20',
- 'autostart': true,
- 'logpath': '/var/log/atop',
- 'outfile': '/var/log/atop/daily.log'
- },
- },
- 'RedHat': {
- 'pkgs': ['policycoreutils', 'policycoreutils-python', 'telnet', 'wget'],
- 'utc': true,
- 'user': {},
- 'group': {},
- 'job': {},
- 'limit': {},
- 'locale': {},
- 'motd': {},
- 'env': {},
- 'profile': {},
- 'proxy': {},
- 'repo': {},
- 'package': {},
- 'autoupdates': {
- 'pkgs': []
- },
- 'selinux': 'permissive',
- 'ca_certs_dir': '/etc/pki/ca-trust/source/anchors',
- 'ca_certs_bin': 'update-ca-trust extract',
- 'atop': {
- 'enabled': false,
- 'interval': '20',
- 'autostart': true,
- 'logpath': '/var/log/atop',
- 'outfile': '/var/log/atop/daily.log'
- },
- },
- }, grain='os_family', merge=salt['pillar.get']('linux:system')) %}
-
- {% set banner = salt['grains.filter_by']({
- 'BaseDefaults': {
- 'enabled': false,
- },
- }, grain='os_family', merge=salt['pillar.get']('linux:system:banner'), base='BaseDefaults') %}
-
- {% set auth = salt['grains.filter_by']({
- 'Arch': {
- 'enabled': false,
- },
- 'RedHat': {
- 'enabled': false,
- },
- 'Debian': {
- 'enabled': false,
- },
- }, grain='os_family', merge=salt['pillar.get']('linux:system:auth')) %}
-
- {% set ldap = salt['grains.filter_by']({
- 'RedHat': {
- 'enabled': false,
- 'pkgs': ['openldap-clients', 'nss-pam-ldapd', 'authconfig'],
- 'version': '3',
- 'scope': 'sub',
- 'uid': 'nslcd',
- 'gid': 'nslcd',
- },
- 'Debian': {
- 'enabled': false,
- 'pkgs': ['libnss-ldapd', 'libpam-ldapd'],
- 'version': '3',
- 'scope': 'sub',
- 'uid': 'nslcd',
- 'gid': 'nslcd',
- },
- }, grain='os_family', merge=salt['pillar.get']('linux:system:auth:ldap')) %}
-
- {# 'network_name', #}
-
- {% set interface_params = [
- 'gateway',
- 'mtu',
- 'network',
- 'broadcast',
- 'master',
- 'miimon',
- 'ovs_ports',
- 'ovs_bridge',
- 'mode',
- 'port_type',
- 'peer',
- 'lacp-rate',
- 'dns-search',
- 'up_cmds',
- 'pre_up_cmds',
- 'post_up_cmds',
- 'down_cmds',
- 'pre_down_cmds',
- 'post_down_cmds',
- 'maxwait',
- 'stp',
- 'gro',
- 'rx',
- 'tx',
- 'sg',
- 'tso',
- 'ufo',
- 'gso',
- 'lro',
- 'lacp_rate',
- 'ad_select',
- 'downdelay',
- 'updelay',
- 'hashing-algorithm',
- 'hardware-dma-ring-rx',
- 'hwaddr',
- 'noifupdown',
- 'arp_ip_target',
- 'primary',
- ] %}
- {% set debian_headers = "linux-headers-" + grains.get('kernelrelease')|string %}
- {% set network = salt['grains.filter_by']({
- 'Arch': {
- 'pkgs': ['wpa_supplicant', 'dhclient', 'wireless_tools', 'ifenslave'],
- 'bridge_pkgs': ['bridge-utils', 'vlan'],
- 'ovs_pkgs': ['openvswitch-switch', 'vlan'],
- 'hostname_file': '/etc/hostname',
- 'network_manager': False,
- 'systemd': {},
- 'interface': {},
- 'interface_params': interface_params,
- 'bridge': 'none',
- 'proxy': {
- 'host': 'none',
- },
- 'host': {},
- 'mine_dns_records': False,
- 'dhclient_config': '/etc/dhcp/dhclient.conf',
- 'ovs_nowait': False,
- },
- 'Debian': {
- 'pkgs': ['ifenslave'],
- 'hostname_file': '/etc/hostname',
- 'bridge_pkgs': ['bridge-utils', 'vlan'],
- 'ovs_pkgs': ['openvswitch-switch', 'bridge-utils', 'vlan'],
- 'dpdk_pkgs': ['dpdk', 'dpdk-dev', 'dpdk-igb-uio-dkms', 'dpdk-rte-kni-dkms', debian_headers.encode('utf8') ],
- 'network_manager': False,
- 'systemd': {},
- 'interface': {},
- 'interface_params': interface_params,
- 'bridge': 'none',
- 'proxy': {
- 'host': 'none'
- },
- 'host': {},
- 'mine_dns_records': False,
- 'dhclient_config': '/etc/dhcp/dhclient.conf',
- 'ovs_nowait': False,
- },
- 'RedHat': {
- 'pkgs': ['iputils'],
- 'bridge_pkgs': ['bridge-utils', 'vlan'],
- 'ovs_pkgs': ['openvswitch-switch', 'bridge-utils', 'vlan'],
- 'hostname_file': '/etc/sysconfig/network',
- 'network_manager': False,
- 'systemd': {},
- 'interface': {},
- 'interface_params': interface_params,
- 'bridge': 'none',
- 'proxy': {
- 'host': 'none'
- },
- 'host': {},
- 'mine_dns_records': False,
- 'dhclient_config': '/etc/dhcp/dhclient.conf',
- 'ovs_nowait': False,
- },
- }, grain='os_family', merge=salt['pillar.get']('linux:network')) %}
-
- {% set storage = salt['grains.filter_by']({
- 'Arch': {
- 'mount': {},
- 'swap': {},
- 'disk': {},
- 'lvm': {},
- 'lvm_services': ['lvm2-lvmetad', 'lvm2-lvmpolld', 'lvm2-monitor'],
- 'loopback': {},
- 'nfs': {
- 'pkgs': ['nfs-utils']
- },
- 'multipath': {
- 'enabled': False,
- 'pkgs': ['multipath-tools', 'multipath-tools-boot'],
- 'service': ''
- },
- },
- 'Debian': {
- 'mount': {},
- 'swap': {},
- 'lvm': {},
- 'disk': {},
- 'lvm_services': ['lvm2-lvmetad', 'lvm2-lvmpolld', 'lvm2-monitor'],
- 'loopback': {},
- 'nfs': {
- 'pkgs': ['nfs-common']
- },
- 'multipath': {
- 'enabled': False,
- 'pkgs': ['multipath-tools', 'multipath-tools-boot'],
- 'service': 'multipath-tools'
- },
- 'lvm_pkgs': ['lvm2'],
- },
- 'RedHat': {
- 'mount': {},
- 'swap': {},
- 'lvm': {},
- 'disk': {},
- 'lvm_services': ['lvm2-lvmetad', 'lvm2-lvmpolld', 'lvm2-monitor'],
- 'loopback': {},
- 'nfs': {
- 'pkgs': ['nfs-utils']
- },
- 'multipath': {
- 'enabled': False,
- 'pkgs': [],
- 'service': 'multipath'
- },
- },
- }, merge=salt['grains.filter_by']({
- 'trusty': {
- 'lvm_services': ['udev'],
- },
- }, grain='oscodename', merge=salt['pillar.get']('linux:storage'))) %}
-
- {% set monitoring = salt['grains.filter_by']({
- 'default': {
- 'bond_status': {
- 'interfaces': False
- },
- 'zombie': {
- 'warn': 3,
- 'crit': 7,
- },
- 'procs': {
- 'warn': 5000,
- 'crit': 10000,
- },
- 'load': {
- 'warn': '6,4,2',
- 'crit': '12,8,4',
- },
- 'swap': {
- 'warn': '50%',
- 'crit': '20%',
- },
- 'disk': {
- 'warn': '15%',
- 'crit': '5%',
- },
- 'netlink': {
- 'interfaces': [],
- 'interface_regex': '^[a-z0-9]+$',
- 'ignore_selected': False,
- },
- 'cpu_usage_percentage': {
- 'warn': 90.0,
- },
- 'memory_usage_percentage': {
- 'warn': 90.0,
- 'major': 95.0,
- },
- 'disk_usage_percentage': {
- 'warn': 85.0,
- 'major': 95.0,
- },
- 'swap_usage_percentage': {
- 'warn': 50.0,
- 'minor': 90.0,
- },
- 'inodes_usage_percentage': {
- 'warn': 85.0,
- 'major': 95.0,
- },
- 'system_load_threshold': {
- 'warn': 1,
- 'crit': 2,
- },
- 'rx_packets_dropped_threshold': {
- 'warn': 100,
- },
- 'tx_packets_dropped_threshold': {
- 'warn': 100,
- },
- 'swap_in_rate': {
- 'warn': 1024 * 1024,
- },
- 'swap_out_rate': {
- 'warn': 1024 * 1024,
- },
- 'failed_auths_threshold': {
- 'warn': 5,
- },
- },
- }, grain='os_family', merge=salt['pillar.get']('linux:monitoring')) %}
|