Browse Source

Extend modprobe files functionality

Support full set of options defined in

  man modprobe.d

Change-Id: I3d30b6bc261ef308ae6afd963f13fda1e4b22c0d
master
Dmitry Teselkin 6 years ago
parent
commit
809834c85e
4 changed files with 225 additions and 8 deletions
  1. +113
    -0
      README.rst
  2. +49
    -5
      linux/files/modprobe.conf.jinja
  3. +14
    -3
      linux/system/kernel.sls
  4. +49
    -0
      tests/pillar/system.sls

+ 113
- 0
README.rst View File

``/etc/modprobe.d/nf_conntrack.conf`` file with line ``/etc/modprobe.d/nf_conntrack.conf`` file with line
``options nf_conntrack hashsize=262144``: ``options nf_conntrack hashsize=262144``:


'option' can be a mapping (with 'enabled' and 'value' keys) or a scalar.

Example for 'scalar' option value:

.. code-block:: yaml .. code-block:: yaml


linux: linux:
option: option:
hashsize: 262144 hashsize: 262144


Example for 'mapping' option value:

.. code-block:: yaml

linux:
system:
kernel:
module:
nf_conntrack:
option:
hashsize:
enabled: true
value: 262144

NOTE: 'enabled' key is optional and is True by default.

Blacklist a module:

.. code-block:: yaml

linux:
system:
kernel:
module:
nf_conntrack:
blacklist: true

A module can have a number of aliases, wildcards are allowed.
Define an alias for a module:

.. code-block:: yaml

linux:
system:
kernel:
module:
nf_conntrack:
alias:
nfct:
enabled: true
"nf_conn*":
enabled: true

NOTE: 'enabled' key is mandatory as there are no other keys exist.

Execute custom command instead of 'insmod' when inserting a module:

.. code-block:: yaml

linux:
system:
kernel:
module:
nf_conntrack:
install:
enabled: true
command: /bin/true

NOTE: 'enabled' key is optional and is True by default.

Execute custom command instead of 'rmmod' when removing a module:

.. code-block:: yaml

linux:
system:
kernel:
module:
nf_conntrack:
remove:
enabled: true
command: /bin/true

NOTE: 'enabled' key is optional and is True by default.

Define module dependencies:

.. code-block:: yaml

linux:
system:
kernel:
module:
nf_conntrack:
softdep:
pre:
1:
enabled: true
value: a
2:
enabled: true
value: b
3:
enabled: true
value: c
post:
1:
enabled: true
value: x
2:
enabled: true
value: y
3:
enabled: true
value: z

NOTE: 'enabled' key is optional and is True by default.


Install specific kernel version and ensure all other kernel packages are Install specific kernel version and ensure all other kernel packages are
not present. Also install extra modules and headers for this kernel: not present. Also install extra modules and headers for this kernel:



+ 49
- 5
linux/files/modprobe.conf.jinja View File

{% if module_content.get('blacklist', false) -%}
{%- from "linux/map.jinja" import system with context -%}
# This file is managed by Salt, do not edit.
{%- set module_content = system.kernel.module.get(module_name) %}
{%- if module_content.get('blacklist', false) %}
blacklist {{ module_name }} blacklist {{ module_name }}
{%- else -%}

options {{ module_name }}{% for option, value in module_content.get('option', {}) | dictsort %} {{ option }}={{ value }}{% endfor %}

{%- endif %}
{%- for alias, params in module_content.get('alias', {}) | dictsort %}
{%- if params.get('enabled', true) %}
alias {{ alias }} {{ module_name }}
{%- endif %}
{%- endfor %}
{%- set options = [] %}
{%- for option, params in module_content.get('option', {}) | dictsort %}
{%- if params is mapping %}
{%- if params.get('enabled', true) and params.value is defined %}
{%- do options.append(option ~ '=' ~ params.value) %}
{%- endif %}
{%- else %}
{%- do options.append(option ~ '=' ~ params) %}
{%- endif %}
{%- endfor %}
{%- if options | length > 0 %}
options {{ module_name }} {{ options | join(' ')}}
{%- endif %}
{%- if module_content.install is defined %}
{%- if module_content.install.get('enabled', true) and module_content.install.command is defined %}
install {{ module_name }} {{ module_content.install.command }}
{%- endif %}
{%- endif %}
{%- if module_content.remove is defined %}
{%- if module_content.remove.get('enabled', true) and module_content.remove.command is defined %}
remove {{ module_name }} {{ module_content.remove.command }}
{%- endif %}
{%- endif %}
{%- if module_content.softdep is defined %}
{%- set pre = [] %}
{%- set post = [] %}
{%- for pos, params in module_content.softdep.get('pre', {}) | dictsort %}
{%- if params.get('enabled', true) and params.value is defined %}
{%- do pre.append(params.value) %}
{%- endif %}
{%- endfor %}
{%- for pos, params in module_content.softdep.get('post', {}) | dictsort %}
{%- if params.get('enabled', true) and params.value is defined %}
{%- do post.append(params.value) %}
{%- endif %}
{%- endfor %}
{%- if pre | length + post | length > 0 %}
softdep {{ module_name }}{% if pre | length > 0 %} pre: {{ pre | join(' ') }}{% endif %}{% if post | length > 0 %} post: {{ post | join(' ') }}{% endif %}
{%- endif %}
{%- endif %} {%- endif %}

+ 14
- 3
linux/system/kernel.sls View File



{%- endfor %} {%- endfor %}


{%- for module_name, module_content in system.kernel.get('module', {}).items() %}
{%- if system.kernel.module is defined %}

modprobe_d_directory:
file.directory:
- name: /etc/modprobe.d
- user: root
- group: root
- mode: 755

{%- for module_name in system.kernel.module %}


/etc/modprobe.d/{{ module_name }}.conf: /etc/modprobe.d/{{ module_name }}.conf:
file.managed: file.managed:
- template: jinja - template: jinja
- source: salt://linux/files/modprobe.conf.jinja - source: salt://linux/files/modprobe.conf.jinja
- defaults: - defaults:
module_content: {{ module_content }}
module_name: {{ module_name }} module_name: {{ module_name }}
- require:
- file: modprobe_d_directory


{%- endfor %}
{%- endfor %}
{%- endif %}


{%- for sysctl_name, sysctl_value in system.kernel.get('sysctl', {}).items() %} {%- for sysctl_name, sysctl_value in system.kernel.get('sysctl', {}).items() %}



+ 49
- 0
tests/pillar/system.sls View File

boot_options: boot_options:
- pti=off - pti=off
- spectre_v2=auto - spectre_v2=auto
module:
module_1:
install:
command: /bin/true
remove:
enabled: false
command: /bin/false
module_2:
install:
enabled: false
command: /bin/false
remove:
command: /bin/true
module_3:
blacklist: true
module_4:
blacklist: false
alias:
"module*":
enabled: true
"module_*":
enabled: false
module_5:
softdep:
pre:
1:
value: module_1
2:
value: module_2
enabled: false
post:
1:
value: module_3
2:
value: module_4
enabled: false
module_6:
option:
opt_1: 111
opt_2: 222
module_7:
option:
opt_3:
value: 333
opt_4:
enabled: true
value: 444
opt_5:
enabled: false
cgroup: cgroup:
group: group:
group_1: group_1:

Loading…
Cancel
Save