Saltstack Official Linux Formula
Nelze vybrat více než 25 témat Téma musí začínat písmenem nebo číslem, může obsahovat pomlčky („-“) a může být dlouhé až 35 znaků.

353 lines
9.1KB

  1. {% set system = salt['grains.filter_by']({
  2. 'Arch': {
  3. 'pkgs': ['sudo', 'vim', 'wget'],
  4. 'utc': true,
  5. 'user': {},
  6. 'group': {},
  7. 'job': {},
  8. 'limit': {},
  9. 'locale': {},
  10. 'motd': {},
  11. 'env': {},
  12. 'profile': {},
  13. 'proxy': {},
  14. 'repo': {},
  15. 'package': {},
  16. 'autoupdates': {
  17. 'pkgs': []
  18. },
  19. 'selinux': 'permissive',
  20. 'ca_certs_dir': '/usr/local/share/ca-certificates',
  21. 'ca_certs_bin': 'update-ca-certificates',
  22. 'atop': {
  23. 'enabled': false,
  24. 'interval': '20',
  25. 'autostart': true,
  26. 'logpath': '/var/log/atop',
  27. 'outfile': '/var/log/atop/daily.log'
  28. },
  29. },
  30. 'Debian': {
  31. 'pkgs': ['python-apt', 'apt-transport-https', 'libmnl0'],
  32. 'utc': true,
  33. 'user': {},
  34. 'group': {},
  35. 'job': {},
  36. 'limit': {},
  37. 'locale': {},
  38. 'motd': {},
  39. 'env': {},
  40. 'profile': {},
  41. 'proxy': {},
  42. 'repo': {},
  43. 'package': {},
  44. 'autoupdates': {
  45. 'pkgs': ['unattended-upgrades']
  46. },
  47. 'selinux': 'permissive',
  48. 'ca_certs_dir': '/usr/local/share/ca-certificates',
  49. 'ca_certs_bin': 'update-ca-certificates',
  50. 'atop': {
  51. 'enabled': false,
  52. 'interval': '20',
  53. 'autostart': true,
  54. 'logpath': '/var/log/atop',
  55. 'outfile': '/var/log/atop/daily.log'
  56. },
  57. },
  58. 'RedHat': {
  59. 'pkgs': ['policycoreutils', 'policycoreutils-python', 'telnet', 'wget'],
  60. 'utc': true,
  61. 'user': {},
  62. 'group': {},
  63. 'job': {},
  64. 'limit': {},
  65. 'locale': {},
  66. 'motd': {},
  67. 'env': {},
  68. 'profile': {},
  69. 'proxy': {},
  70. 'repo': {},
  71. 'package': {},
  72. 'autoupdates': {
  73. 'pkgs': []
  74. },
  75. 'selinux': 'permissive',
  76. 'ca_certs_dir': '/etc/pki/ca-trust/source/anchors',
  77. 'ca_certs_bin': 'update-ca-trust extract',
  78. 'atop': {
  79. 'enabled': false,
  80. 'interval': '20',
  81. 'autostart': true,
  82. 'logpath': '/var/log/atop',
  83. 'outfile': '/var/log/atop/daily.log'
  84. },
  85. },
  86. }, grain='os_family', merge=salt['pillar.get']('linux:system')) %}
  87. {% set banner = salt['grains.filter_by']({
  88. 'BaseDefaults': {
  89. 'enabled': false,
  90. },
  91. }, grain='os_family', merge=salt['pillar.get']('linux:system:banner'), base='BaseDefaults') %}
  92. {% set auth = salt['grains.filter_by']({
  93. 'Arch': {
  94. 'enabled': false,
  95. },
  96. 'RedHat': {
  97. 'enabled': false,
  98. },
  99. 'Debian': {
  100. 'enabled': false,
  101. },
  102. }, grain='os_family', merge=salt['pillar.get']('linux:system:auth')) %}
  103. {% set ldap = salt['grains.filter_by']({
  104. 'RedHat': {
  105. 'enabled': false,
  106. 'pkgs': ['openldap-clients', 'nss-pam-ldapd', 'authconfig'],
  107. 'version': '3',
  108. 'scope': 'sub',
  109. 'uid': 'nslcd',
  110. 'gid': 'nslcd',
  111. },
  112. 'Debian': {
  113. 'enabled': false,
  114. 'pkgs': ['libnss-ldapd', 'libpam-ldapd'],
  115. 'version': '3',
  116. 'scope': 'sub',
  117. 'uid': 'nslcd',
  118. 'gid': 'nslcd',
  119. },
  120. }, grain='os_family', merge=salt['pillar.get']('linux:system:auth:ldap')) %}
  121. {# 'network_name', #}
  122. {% set interface_params = [
  123. 'gateway',
  124. 'mtu',
  125. 'network',
  126. 'broadcast',
  127. 'master',
  128. 'miimon',
  129. 'ovs_ports',
  130. 'ovs_bridge',
  131. 'mode',
  132. 'port_type',
  133. 'peer',
  134. 'lacp-rate',
  135. 'dns-search',
  136. 'up_cmds',
  137. 'pre_up_cmds',
  138. 'post_up_cmds',
  139. 'down_cmds',
  140. 'pre_down_cmds',
  141. 'post_down_cmds',
  142. 'maxwait',
  143. 'stp',
  144. 'gro',
  145. 'rx',
  146. 'tx',
  147. 'sg',
  148. 'tso',
  149. 'ufo',
  150. 'gso',
  151. 'lro',
  152. 'lacp_rate',
  153. 'ad_select',
  154. 'downdelay',
  155. 'updelay',
  156. 'hashing-algorithm',
  157. 'hardware-dma-ring-rx',
  158. 'hwaddr',
  159. 'noifupdown',
  160. 'arp_ip_target',
  161. 'primary',
  162. ] %}
  163. {% set debian_headers = "linux-headers-" + grains.get('kernelrelease')|string %}
  164. {% set network = salt['grains.filter_by']({
  165. 'Arch': {
  166. 'pkgs': ['wpa_supplicant', 'dhclient', 'wireless_tools', 'ifenslave'],
  167. 'bridge_pkgs': ['bridge-utils', 'vlan'],
  168. 'ovs_pkgs': ['openvswitch-switch', 'vlan'],
  169. 'hostname_file': '/etc/hostname',
  170. 'network_manager': False,
  171. 'systemd': {},
  172. 'interface': {},
  173. 'interface_params': interface_params,
  174. 'bridge': 'none',
  175. 'proxy': {
  176. 'host': 'none',
  177. },
  178. 'host': {},
  179. 'mine_dns_records': False,
  180. 'dhclient_config': '/etc/dhcp/dhclient.conf',
  181. 'ovs_nowait': False,
  182. },
  183. 'Debian': {
  184. 'pkgs': ['ifenslave'],
  185. 'hostname_file': '/etc/hostname',
  186. 'bridge_pkgs': ['bridge-utils', 'vlan'],
  187. 'ovs_pkgs': ['openvswitch-switch', 'bridge-utils', 'vlan'],
  188. 'dpdk_pkgs': ['dpdk', 'dpdk-dev', 'dpdk-igb-uio-dkms', 'dpdk-rte-kni-dkms', debian_headers.encode('utf8') ],
  189. 'network_manager': False,
  190. 'systemd': {},
  191. 'interface': {},
  192. 'interface_params': interface_params,
  193. 'bridge': 'none',
  194. 'proxy': {
  195. 'host': 'none'
  196. },
  197. 'host': {},
  198. 'mine_dns_records': False,
  199. 'dhclient_config': '/etc/dhcp/dhclient.conf',
  200. 'ovs_nowait': False,
  201. },
  202. 'RedHat': {
  203. 'pkgs': ['iputils'],
  204. 'bridge_pkgs': ['bridge-utils', 'vlan'],
  205. 'ovs_pkgs': ['openvswitch-switch', 'bridge-utils', 'vlan'],
  206. 'hostname_file': '/etc/sysconfig/network',
  207. 'network_manager': False,
  208. 'systemd': {},
  209. 'interface': {},
  210. 'interface_params': interface_params,
  211. 'bridge': 'none',
  212. 'proxy': {
  213. 'host': 'none'
  214. },
  215. 'host': {},
  216. 'mine_dns_records': False,
  217. 'dhclient_config': '/etc/dhcp/dhclient.conf',
  218. 'ovs_nowait': False,
  219. },
  220. }, grain='os_family', merge=salt['pillar.get']('linux:network')) %}
  221. {% set storage = salt['grains.filter_by']({
  222. 'Arch': {
  223. 'mount': {},
  224. 'swap': {},
  225. 'disk': {},
  226. 'lvm': {},
  227. 'lvm_services': ['lvm2-lvmetad', 'lvm2-lvmpolld', 'lvm2-monitor'],
  228. 'loopback': {},
  229. 'nfs': {
  230. 'pkgs': ['nfs-utils']
  231. },
  232. 'multipath': {
  233. 'enabled': False,
  234. 'pkgs': ['multipath-tools', 'multipath-tools-boot'],
  235. 'service': ''
  236. },
  237. },
  238. 'Debian': {
  239. 'mount': {},
  240. 'swap': {},
  241. 'lvm': {},
  242. 'disk': {},
  243. 'lvm_services': ['lvm2-lvmetad', 'lvm2-lvmpolld', 'lvm2-monitor'],
  244. 'loopback': {},
  245. 'nfs': {
  246. 'pkgs': ['nfs-common']
  247. },
  248. 'multipath': {
  249. 'enabled': False,
  250. 'pkgs': ['multipath-tools', 'multipath-tools-boot'],
  251. 'service': 'multipath-tools'
  252. },
  253. 'lvm_pkgs': ['lvm2'],
  254. },
  255. 'RedHat': {
  256. 'mount': {},
  257. 'swap': {},
  258. 'lvm': {},
  259. 'disk': {},
  260. 'lvm_services': ['lvm2-lvmetad', 'lvm2-lvmpolld', 'lvm2-monitor'],
  261. 'loopback': {},
  262. 'nfs': {
  263. 'pkgs': ['nfs-utils']
  264. },
  265. 'multipath': {
  266. 'enabled': False,
  267. 'pkgs': [],
  268. 'service': 'multipath'
  269. },
  270. },
  271. }, merge=salt['grains.filter_by']({
  272. 'trusty': {
  273. 'lvm_services': ['udev'],
  274. },
  275. }, grain='oscodename', merge=salt['pillar.get']('linux:storage'))) %}
  276. {% set monitoring = salt['grains.filter_by']({
  277. 'default': {
  278. 'bond_status': {
  279. 'interfaces': False
  280. },
  281. 'zombie': {
  282. 'warn': 3,
  283. 'crit': 7,
  284. },
  285. 'procs': {
  286. 'warn': 5000,
  287. 'crit': 10000,
  288. },
  289. 'load': {
  290. 'warn': '6,4,2',
  291. 'crit': '12,8,4',
  292. },
  293. 'swap': {
  294. 'warn': '50%',
  295. 'crit': '20%',
  296. },
  297. 'disk': {
  298. 'warn': '15%',
  299. 'crit': '5%',
  300. },
  301. 'netlink': {
  302. 'interfaces': [],
  303. 'interface_regex': '^[a-z0-9]+$',
  304. 'ignore_selected': False,
  305. },
  306. 'cpu_usage_percentage': {
  307. 'warn': 90.0,
  308. },
  309. 'memory_usage_percentage': {
  310. 'warn': 90.0,
  311. 'major': 95.0,
  312. },
  313. 'disk_usage_percentage': {
  314. 'warn': 85.0,
  315. 'major': 95.0,
  316. },
  317. 'swap_usage_percentage': {
  318. 'warn': 50.0,
  319. 'minor': 90.0,
  320. },
  321. 'inodes_usage_percentage': {
  322. 'warn': 85.0,
  323. 'major': 95.0,
  324. },
  325. 'system_load_threshold': {
  326. 'warn': 1,
  327. 'crit': 2,
  328. },
  329. 'rx_packets_dropped_threshold': {
  330. 'warn': 100,
  331. },
  332. 'tx_packets_dropped_threshold': {
  333. 'warn': 100,
  334. },
  335. 'swap_in_rate': {
  336. 'warn': 1024 * 1024,
  337. },
  338. 'swap_out_rate': {
  339. 'warn': 1024 * 1024,
  340. },
  341. 'failed_auths_threshold': {
  342. 'warn': 5,
  343. },
  344. },
  345. }, grain='os_family', merge=salt['pillar.get']('linux:monitoring')) %}