ExternalMirrors
/
linux-formula
镜像来自 https://github.com/salt-formulas/salt-formula-linux
關注 1
收藏 0
複製 1
程式碼 問題 0 版本發佈 8 Wiki 活動
Saltstack Official Linux Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
657 提交
26 分支
目錄樹: ba028c3e95
分支列表 標籤
${ item.name }
建立分支 ${ searchTerm }
從 'ba028c3e95'
${ noResults }
linux-formula/linux/map.jinja

443 line
11KB
原始文件 Blame 歷史記錄 

  1. {% set system = salt['grains.filter_by']({

  2.     'Arch': {

  3.         'pkgs': ['sudo', 'vim', 'wget'],

  4.         'utc': true,

  5.         'user': {},

  6.         'group': {},

  7.         'job': {},

  8.         'limit': {},

  9.         'locale': {},

  10.         'motd': {},

  11.         'env': {},

  12.         'profile': {},

  13.         'proxy': {},

  14.         'repo': {},

  15.         'package': {},

  16.         'autoupdates': {

  17.           'pkgs': []

  18.          },

  19.         'selinux': 'permissive',

  20.         'ca_certs_dir': '/usr/local/share/ca-certificates',

  21.         'ca_certs_bin': 'update-ca-certificates',

  22.         'atop': {

  23.              'enabled': false,

  24.              'interval': '20',

  25.              'autostart': true,

  26.              'logpath': '/var/log/atop',

  27.              'outfile': '/var/log/atop/daily.log'

  28.          },

  29.     },

  30.     'Debian': {

  31.         'pkgs': ['python-apt', 'apt-transport-https', 'libmnl0'],

  32.         'utc': true,

  33.         'user': {},

  34.         'group': {},

  35.         'job': {},

  36.         'limit': {},

  37.         'locale': {},

  38.         'motd': {},

  39.         'env': {},

  40.         'profile': {},

  41.         'proxy': {},

  42.         'repo': {},

  43.         'package': {},

  44.         'autoupdates': {

  45.              'pkgs': ['unattended-upgrades']

  46.          },

  47.         'selinux': 'permissive',

  48.         'ca_certs_dir': '/usr/local/share/ca-certificates',

  49.         'ca_certs_bin': 'update-ca-certificates',

  50.         'atop': {

  51.              'enabled': false,

  52.              'interval': '20',

  53.              'autostart': true,

  54.              'logpath': '/var/log/atop',

  55.              'outfile': '/var/log/atop/daily.log'

  56.          },

  57.     },

  58.     'RedHat': {

  59.         'pkgs': ['policycoreutils', 'policycoreutils-python', 'telnet', 'wget'],

  60.         'utc': true,

  61.         'user': {},

  62.         'group': {},

  63.         'job': {},

  64.         'limit': {},

  65.         'locale': {},

  66.         'motd': {},

  67.         'env': {},

  68.         'profile': {},

  69.         'proxy': {},

  70.         'repo': {},

  71.         'package': {},

  72.         'autoupdates': {

  73.              'pkgs': []

  74.          },

  75.         'selinux': 'permissive',

  76.         'ca_certs_dir': '/etc/pki/ca-trust/source/anchors',

  77.         'ca_certs_bin': 'update-ca-trust extract',

  78.         'atop': {

  79.              'enabled': false,

  80.              'interval': '20',

  81.              'autostart': true,

  82.              'logpath': '/var/log/atop',

  83.              'outfile': '/var/log/atop/daily.log'

  84.          },

  85.     },

  86. }, grain='os_family', merge=salt['pillar.get']('linux:system')) %}

  87. 

  88. {% set at = salt['grains.filter_by']({

  89.     'Debian': {

  90.         'enabled': false,

  91.         'pkgs': ['at'],

  92.         'services': ['atd'],

  93.         'user': {}

  94.     },

  95. }, grain='os_family', merge=salt['pillar.get']('linux:system:at')) %}

  96. 

  97. {% set cron = salt['grains.filter_by']({

  98.     'Debian': {

  99.         'enabled': false,

  100.         'pkgs': ['cron'],

  101.         'services': ['cron'],

  102.         'user': {}

  103.     },

  104. }, grain='os_family', merge=salt['pillar.get']('linux:system:cron')) %}

  105. 

  106. {% set banner = salt['grains.filter_by']({

  107.     'BaseDefaults': {

  108.         'enabled': false,

  109.     },

  110. }, grain='os_family', merge=salt['pillar.get']('linux:system:banner'), base='BaseDefaults') %}

  111. 

  112. {% set auth = salt['grains.filter_by']({

  113.     'Arch': {

  114.         'enabled': false,

  115.     },

  116.     'RedHat': {

  117.         'enabled': false,

  118.     },

  119.     'Debian': {

  120.         'enabled': false,

  121.     },

  122. }, grain='os_family', merge=salt['pillar.get']('linux:system:auth')) %}

  123. 

  124. {% set ldap = salt['grains.filter_by']({

  125.     'RedHat': {

  126.         'enabled': false,

  127.         'pkgs': ['openldap-clients', 'nss-pam-ldapd', 'authconfig', 'nscd'],

  128.         'version': '3',

  129.         'scope': 'sub',

  130.         'uid': 'nslcd',

  131.         'gid': 'nslcd',

  132.     },

  133.     'Debian': {

  134.         'enabled': false,

  135.         'pkgs': ['libnss-ldapd', 'libpam-ldapd', 'nscd'],

  136.         'version': '3',

  137.         'scope': 'sub',

  138.         'uid': 'nslcd',

  139.         'gid': 'nslcd',

  140.     },

  141. }, grain='os_family', merge=salt['pillar.get']('linux:system:auth:ldap')) %}

  142. 

  143. {%- load_yaml as login_defs_defaults %}

  144. Debian:

  145.     CHFN_RESTRICT:

  146.         value: 'rwh'

  147.     DEFAULT_HOME:

  148.         value: 'yes'

  149.     ENCRYPT_METHOD:

  150.         value: 'SHA512'

  151.     ENV_PATH:

  152.         value: 'PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games'

  153.     ENV_SUPATH:

  154.         value: 'PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'

  155.     ERASECHAR:

  156.         value: '0177'

  157.     FAILLOG_ENAB:

  158.         value: 'yes'

  159.     FTMP_FILE:

  160.         value: '/var/log/btmp'

  161.     GID_MAX:

  162.         value: '60000'

  163.     GID_MIN:

  164.         value: '1000'

  165.     HUSHLOGIN_FILE:

  166.         value: '.hushlogin'

  167.     KILLCHAR:

  168.         value: '025'

  169.     LOGIN_RETRIES:

  170.         value: '5'

  171.     LOGIN_TIMEOUT:

  172.         value: '60'

  173.     LOG_OK_LOGINS:

  174.         value: 'no'

  175.     LOG_UNKFAIL_ENAB:

  176.         value: 'no'

  177.     MAIL_DIR:

  178.         value: '/var/mail'

  179.     PASS_MAX_DAYS:

  180.         value: '99999'

  181.     PASS_MIN_DAYS:

  182.         value: '0'

  183.     PASS_WARN_AGE:

  184.         value: '7'

  185.     SU_NAME:

  186.         value: 'su'

  187.     SYSLOG_SG_ENAB:

  188.         value: 'yes'

  189.     SYSLOG_SU_ENAB:

  190.         value: 'yes'

  191.     TTYGROUP:

  192.         value: 'tty'

  193.     TTYPERM:

  194.         value: '0600'

  195.     UID_MAX:

  196.         value: '60000'

  197.     UID_MIN:

  198.         value: '1000'

  199.     UMASK:

  200.         value: '022'

  201.     USERGROUPS_ENAB:

  202.         value: 'yes'

  203. {%- endload %}

  204. {%- set login_defs = salt['grains.filter_by'](login_defs_defaults,

  205.     grain='os_family', merge=salt['pillar.get']('linux:system:login_defs')) %}

  206. 

  207. {#    'network_name', #}

  208. 

  209. {% set interface_params = [

  210.     'gateway',

  211.     'mtu',

  212.     'network',

  213.     'broadcast',

  214.     'master',

  215.     'miimon',

  216.     'ovs_ports',

  217.     'ovs_bridge',

  218.     'mode',

  219.     'port_type',

  220.     'peer',

  221.     'lacp-rate',

  222.     'dns-search',

  223.     'up_cmds',

  224.     'pre_up_cmds',

  225.     'post_up_cmds',

  226.     'down_cmds',

  227.     'pre_down_cmds',

  228.     'post_down_cmds',

  229.     'maxwait',

  230.     'stp',

  231.     'gro',

  232.     'rx',

  233.     'tx',

  234.     'sg',

  235.     'tso',

  236.     'ufo',

  237.     'gso',

  238.     'lro',

  239.     'lacp_rate',

  240.     'ad_select',

  241.     'downdelay',

  242.     'updelay',

  243.     'hashing-algorithm',

  244.     'hardware-dma-ring-rx',

  245.     'hwaddr',

  246.     'noifupdown',

  247.     'arp_ip_target',

  248.     'primary',

  249. ] %}

  250. {% set debian_headers = "linux-headers-" + grains.get('kernelrelease')|string %}

  251. {% set network = salt['grains.filter_by']({

  252.     'Arch': {

  253.         'pkgs': ['wpa_supplicant', 'dhclient', 'wireless_tools', 'ifenslave'],

  254.         'bridge_pkgs': ['bridge-utils', 'vlan'],

  255.         'ovs_pkgs': ['openvswitch-switch', 'vlan'],

  256.         'hostname_file': '/etc/hostname',

  257.         'network_manager': False,

  258.         'systemd': {},

  259.         'interface': {},

  260.         'interface_params': interface_params,

  261.         'bridge': 'none',

  262.         'proxy': {

  263.            'host': 'none',

  264.         },

  265.         'host': {},

  266.         'mine_dns_records': False,

  267.         'dhclient_config': '/etc/dhcp/dhclient.conf',

  268.         'ovs_nowait': False,

  269.     },

  270.     'Debian': {

  271.         'pkgs': ['ifenslave'],

  272.         'hostname_file': '/etc/hostname',

  273.         'bridge_pkgs': ['bridge-utils', 'vlan'],

  274.         'ovs_pkgs': ['openvswitch-switch', 'bridge-utils', 'vlan'],

  275.         'dpdk_pkgs': ['dpdk', 'dpdk-dev', 'dpdk-igb-uio-dkms', 'dpdk-rte-kni-dkms', debian_headers.encode('utf8') ],

  276.         'network_manager': False,

  277.         'systemd': {},

  278.         'interface': {},

  279.         'interface_params': interface_params,

  280.         'bridge': 'none',

  281.         'proxy': {

  282.            'host': 'none'

  283.         },

  284.         'host': {},

  285.         'mine_dns_records': False,

  286.         'dhclient_config': '/etc/dhcp/dhclient.conf',

  287.         'ovs_nowait': False,

  288.     },

  289.     'RedHat': {

  290.         'pkgs': ['iputils'],

  291.         'bridge_pkgs': ['bridge-utils', 'vlan'],

  292.         'ovs_pkgs': ['openvswitch-switch', 'bridge-utils', 'vlan'],

  293.         'hostname_file': '/etc/sysconfig/network',

  294.         'network_manager': False,

  295.         'systemd': {},

  296.         'interface': {},

  297.         'interface_params': interface_params,

  298.         'bridge': 'none',

  299.         'proxy': {

  300.            'host': 'none'

  301.         },

  302.         'host': {},

  303.         'mine_dns_records': False,

  304.         'dhclient_config': '/etc/dhcp/dhclient.conf',

  305.         'ovs_nowait': False,

  306.     },

  307. }, grain='os_family', merge=salt['pillar.get']('linux:network')) %}

  308. 

  309. {% set storage = salt['grains.filter_by']({

  310.     'Arch': {

  311.         'mount': {},

  312.         'swap': {},

  313.         'disk': {},

  314.         'lvm': {},

  315.         'lvm_services': ['lvm2-lvmetad', 'lvm2-lvmpolld', 'lvm2-monitor'],

  316.         'loopback': {},

  317.         'nfs': {

  318.              'pkgs': ['nfs-utils']

  319.          },

  320.         'multipath': {

  321.              'enabled': False,

  322.              'pkgs': ['multipath-tools', 'multipath-tools-boot'],

  323.              'service': ''

  324.          },

  325.     },

  326.     'Debian': {

  327.         'mount': {},

  328.         'swap': {},

  329.         'lvm': {},

  330.         'disk': {},

  331.         'lvm_services': ['lvm2-lvmetad', 'lvm2-lvmpolld', 'lvm2-monitor'],

  332.         'loopback': {},

  333.         'nfs': {

  334.              'pkgs': ['nfs-common']

  335.          },

  336.         'multipath': {

  337.              'enabled': False,

  338.              'pkgs': ['multipath-tools', 'multipath-tools-boot'],

  339.              'service': 'multipath-tools'

  340.          },

  341.         'lvm_pkgs': ['lvm2'],

  342.     },

  343.     'RedHat': {

  344.         'mount': {},

  345.         'swap': {},

  346.         'lvm': {},

  347.         'disk': {},

  348.         'lvm_services': ['lvm2-lvmetad', 'lvm2-lvmpolld', 'lvm2-monitor'],

  349.         'loopback': {},

  350.         'nfs': {

  351.              'pkgs': ['nfs-utils']

  352.          },

  353.         'multipath': {

  354.              'enabled': False,

  355.              'pkgs': [],

  356.              'service': 'multipath'

  357.          },

  358.     },

  359. }, merge=salt['grains.filter_by']({

  360.     'trusty': {

  361.         'lvm_services': ['udev'],

  362.     },

  363. }, grain='oscodename', merge=salt['pillar.get']('linux:storage'))) %}

  364. 

  365. {% set monitoring = salt['grains.filter_by']({

  366.     'default': {

  367.         'bond_status': {

  368.             'interfaces': False

  369.         },

  370.         'zombie': {

  371.             'warn': 3,

  372.             'crit': 7,

  373.         },

  374.         'procs': {

  375.             'warn': 5000,

  376.             'crit': 10000,

  377.         },

  378.         'load': {

  379.             'warn': '6,4,2',

  380.             'crit': '12,8,4',

  381.         },

  382.         'swap': {

  383.             'warn': '50%',

  384.             'crit': '20%',

  385.         },

  386.         'disk': {

  387.             'warn': '15%',

  388.             'crit': '5%',

  389.         },

  390.         'netlink': {

  391.             'interfaces': [],

  392.             'interface_regex': '^[a-z0-9]+$',

  393.             'ignore_selected': False,

  394.         },

  395.         'cpu_usage_percentage': {

  396.               'warn': 90.0,

  397.         },

  398.         'memory_usage_percentage': {

  399.             'warn': 90.0,

  400.             'major': 95.0,

  401.         },

  402.         'disk_usage_percentage': {

  403.             'warn': 85.0,

  404.             'major': 95.0,

  405.         },

  406.         'swap_usage_percentage': {

  407.             'warn': 50.0,

  408.             'minor': 90.0,

  409.         },

  410.         'inodes_usage_percentage': {

  411.             'warn': 85.0,

  412.             'major': 95.0,

  413.         },

  414.         'system_load_threshold': {

  415.             'warn': 1,

  416.             'crit': 2,

  417.         },

  418.         'rx_packets_dropped_threshold': {

  419.             'warn': 100,

  420.         },

  421.         'tx_packets_dropped_threshold': {

  422.             'warn': 100,

  423.         },

  424.         'swap_in_rate': {

  425.             'warn': 1024 * 1024,

  426.         },

  427.         'swap_out_rate': {

  428.             'warn': 1024 * 1024,

  429.         },

  430.         'failed_auths_threshold': {

  431.             'warn': 5,

  432.         },

  433.         'net_rx_action_per_cpu_threshold': {

  434.             'warning': '0',

  435.             'minor': '100'

  436.         },

  437.         'packets_dropped_per_cpu_threshold': {

  438.             'minor': '0',

  439.             'major': '100'

  440.         }

  441.     },

  442. }, grain='os_family', merge=salt['pillar.get']('linux:monitoring')) %}