Permalink
Cannot retrieve contributors at this time
| {% set system = salt['grains.filter_by']({ | |
| 'Arch': { | |
| 'pkgs': ['sudo', 'vim', 'wget'], | |
| 'utc': true, | |
| 'user': {}, | |
| 'group': {}, | |
| 'job': {}, | |
| 'limit': {}, | |
| 'locale': {}, | |
| 'motd': {}, | |
| 'env': {}, | |
| 'profile': {}, | |
| 'proxy': {}, | |
| 'repo': {}, | |
| 'package': {}, | |
| 'autoupdates': { | |
| 'pkgs': [] | |
| }, | |
| 'selinux': 'permissive', | |
| 'ca_certs_dir': '/usr/local/share/ca-certificates', | |
| 'ca_certs_bin': 'update-ca-certificates', | |
| 'atop': { | |
| 'enabled': false, | |
| 'interval': '20', | |
| 'autostart': true, | |
| 'logpath': '/var/log/atop', | |
| 'outfile': '/var/log/atop/daily.log' | |
| }, | |
| 'at': { | |
| 'pkgs': [], | |
| 'services': [] | |
| }, | |
| 'cron': { | |
| 'pkgs': [], | |
| 'services': [] | |
| }, | |
| }, | |
| 'Debian': { | |
| 'pkgs': ['python-apt', 'apt-transport-https', 'libmnl0'], | |
| 'utc': true, | |
| 'user': {}, | |
| 'group': {}, | |
| 'job': {}, | |
| 'limit': {}, | |
| 'locale': {}, | |
| 'motd': {}, | |
| 'env': {}, | |
| 'profile': {}, | |
| 'proxy': {}, | |
| 'repo': {}, | |
| 'package': {}, | |
| 'autoupdates': { | |
| 'pkgs': ['unattended-upgrades'] | |
| }, | |
| 'selinux': 'permissive', | |
| 'ca_certs_dir': '/usr/local/share/ca-certificates', | |
| 'ca_certs_bin': 'update-ca-certificates', | |
| 'atop': { | |
| 'enabled': false, | |
| 'interval': '20', | |
| 'autostart': true, | |
| 'logpath': '/var/log/atop', | |
| 'outfile': '/var/log/atop/daily.log' | |
| }, | |
| 'at': { | |
| 'pkgs': ['at'], | |
| 'services': ['atd'], | |
| 'user': {} | |
| }, | |
| 'cron': { | |
| 'pkgs': ['cron'], | |
| 'services': ['cron'], | |
| 'user': {} | |
| }, | |
| }, | |
| 'RedHat': { | |
| 'pkgs': ['policycoreutils', 'policycoreutils-python', 'telnet', 'wget'], | |
| 'utc': true, | |
| 'user': {}, | |
| 'group': {}, | |
| 'job': {}, | |
| 'limit': {}, | |
| 'locale': {}, | |
| 'motd': {}, | |
| 'env': {}, | |
| 'profile': {}, | |
| 'proxy': {}, | |
| 'repo': {}, | |
| 'package': {}, | |
| 'autoupdates': { | |
| 'pkgs': [] | |
| }, | |
| 'selinux': 'permissive', | |
| 'ca_certs_dir': '/etc/pki/ca-trust/source/anchors', | |
| 'ca_certs_bin': 'update-ca-trust extract', | |
| 'atop': { | |
| 'enabled': false, | |
| 'interval': '20', | |
| 'autostart': true, | |
| 'logpath': '/var/log/atop', | |
| 'outfile': '/var/log/atop/daily.log' | |
| }, | |
| 'at': { | |
| 'pkgs': [], | |
| 'services': [] | |
| }, | |
| 'cron': { | |
| 'pkgs': [], | |
| 'services': [] | |
| }, | |
| }, | |
| }, grain='os_family', merge=salt['pillar.get']('linux:system')) %} | |
| {% set banner = salt['grains.filter_by']({ | |
| 'BaseDefaults': { | |
| 'enabled': false, | |
| }, | |
| }, grain='os_family', merge=salt['pillar.get']('linux:system:banner'), base='BaseDefaults') %} | |
| {% set auth = salt['grains.filter_by']({ | |
| 'Arch': { | |
| 'enabled': false, | |
| 'duo': { | |
| 'enabled': false, | |
| 'duo_host': 'localhost', | |
| 'duo_ikey': '', | |
| 'duo_skey': '' | |
| } | |
| }, | |
| 'RedHat': { | |
| 'enabled': false, | |
| 'duo': { | |
| 'enabled': false, | |
| 'duo_host': 'localhost', | |
| 'duo_ikey': '', | |
| 'duo_skey': '' | |
| } | |
| }, | |
| 'Debian': { | |
| 'enabled': false, | |
| 'duo': { | |
| 'enabled': false, | |
| 'duo_host': 'localhost', | |
| 'duo_ikey': '', | |
| 'duo_skey': '' | |
| } | |
| }, | |
| }, grain='os_family', merge=salt['pillar.get']('linux:system:auth')) %} | |
| {% set ldap = salt['grains.filter_by']({ | |
| 'RedHat': { | |
| 'enabled': false, | |
| 'pkgs': ['openldap-clients', 'nss-pam-ldapd', 'authconfig', 'nscd'], | |
| 'version': '3', | |
| 'scope': 'sub', | |
| 'uid': 'nslcd', | |
| 'gid': 'nslcd', | |
| }, | |
| 'Debian': { | |
| 'enabled': false, | |
| 'pkgs': ['libnss-ldapd', 'libpam-ldapd', 'nscd'], | |
| 'version': '3', | |
| 'scope': 'sub', | |
| 'uid': 'nslcd', | |
| 'gid': 'nslcd', | |
| }, | |
| }, grain='os_family', merge=salt['pillar.get']('linux:system:auth:ldap')) %} | |
| {%- load_yaml as login_defs_defaults %} | |
| Debian: | |
| CHFN_RESTRICT: | |
| value: 'rwh' | |
| DEFAULT_HOME: | |
| value: 'yes' | |
| ENCRYPT_METHOD: | |
| value: 'SHA512' | |
| ENV_PATH: | |
| value: 'PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games' | |
| ENV_SUPATH: | |
| value: 'PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' | |
| ERASECHAR: | |
| value: '0177' | |
| FAILLOG_ENAB: | |
| value: 'yes' | |
| FTMP_FILE: | |
| value: '/var/log/btmp' | |
| GID_MAX: | |
| value: '60000' | |
| GID_MIN: | |
| value: '1000' | |
| HUSHLOGIN_FILE: | |
| value: '.hushlogin' | |
| KILLCHAR: | |
| value: '025' | |
| LOGIN_RETRIES: | |
| value: '5' | |
| LOGIN_TIMEOUT: | |
| value: '60' | |
| LOG_OK_LOGINS: | |
| value: 'no' | |
| LOG_UNKFAIL_ENAB: | |
| value: 'no' | |
| MAIL_DIR: | |
| value: '/var/mail' | |
| PASS_MAX_DAYS: | |
| value: '99999' | |
| PASS_MIN_DAYS: | |
| value: '0' | |
| PASS_WARN_AGE: | |
| value: '7' | |
| SU_NAME: | |
| value: 'su' | |
| SYSLOG_SG_ENAB: | |
| value: 'yes' | |
| SYSLOG_SU_ENAB: | |
| value: 'yes' | |
| TTYGROUP: | |
| value: 'tty' | |
| TTYPERM: | |
| value: '0600' | |
| UID_MAX: | |
| value: '60000' | |
| UID_MIN: | |
| value: '1000' | |
| UMASK: | |
| value: '022' | |
| USERGROUPS_ENAB: | |
| value: 'yes' | |
| {%- endload %} | |
| {%- set login_defs = salt['grains.filter_by'](login_defs_defaults, | |
| grain='os_family', merge=salt['pillar.get']('linux:system:login_defs')) %} | |
| {# 'network_name', #} | |
| {% set interface_params = [ | |
| 'gateway', | |
| 'mtu', | |
| 'network', | |
| 'broadcast', | |
| 'master', | |
| 'miimon', | |
| 'ovs_ports', | |
| 'ovs_bridge', | |
| 'mode', | |
| 'port_type', | |
| 'peer', | |
| 'lacp-rate', | |
| 'dns-search', | |
| 'up_cmds', | |
| 'pre_up_cmds', | |
| 'post_up_cmds', | |
| 'down_cmds', | |
| 'pre_down_cmds', | |
| 'post_down_cmds', | |
| 'maxwait', | |
| 'stp', | |
| 'gro', | |
| 'rx', | |
| 'tx', | |
| 'sg', | |
| 'tso', | |
| 'ufo', | |
| 'gso', | |
| 'lro', | |
| 'lacp_rate', | |
| 'ad_select', | |
| 'downdelay', | |
| 'updelay', | |
| 'hashing-algorithm', | |
| 'hardware-dma-ring-rx', | |
| 'hwaddr', | |
| 'noifupdown', | |
| 'arp_ip_target', | |
| 'primary', | |
| ] %} | |
| {% set debian_headers = "linux-headers-" + grains.get('kernelrelease')|string %} | |
| {% set network = salt['grains.filter_by']({ | |
| 'Arch': { | |
| 'pkgs': ['wpa_supplicant', 'dhclient', 'wireless_tools', 'ifenslave'], | |
| 'bridge_pkgs': ['bridge-utils', 'vlan'], | |
| 'ovs_pkgs': ['openvswitch-switch', 'vlan'], | |
| 'hostname_file': '/etc/hostname', | |
| 'network_manager': False, | |
| 'systemd': {}, | |
| 'interface': {}, | |
| 'interface_params': interface_params, | |
| 'bridge': 'none', | |
| 'proxy': { | |
| 'host': 'none', | |
| }, | |
| 'host': {}, | |
| 'mine_dns_records': False, | |
| 'dhclient_config': '/etc/dhcp/dhclient.conf', | |
| 'ovs_nowait': False, | |
| }, | |
| 'Debian': { | |
| 'pkgs': ['ifenslave'], | |
| 'hostname_file': '/etc/hostname', | |
| 'bridge_pkgs': ['bridge-utils', 'vlan'], | |
| 'ovs_pkgs': ['openvswitch-switch', 'bridge-utils', 'vlan'], | |
| 'dpdk_pkgs': ['dpdk', 'dpdk-dev', 'dpdk-igb-uio-dkms', 'dpdk-rte-kni-dkms', debian_headers.encode('utf8') ], | |
| 'network_manager': False, | |
| 'systemd': {}, | |
| 'interface': {}, | |
| 'interface_params': interface_params, | |
| 'bridge': 'none', | |
| 'proxy': { | |
| 'host': 'none' | |
| }, | |
| 'host': {}, | |
| 'mine_dns_records': False, | |
| 'dhclient_config': '/etc/dhcp/dhclient.conf', | |
| 'ovs_nowait': False, | |
| }, | |
| 'RedHat': { | |
| 'pkgs': ['iputils'], | |
| 'bridge_pkgs': ['bridge-utils', 'vlan'], | |
| 'ovs_pkgs': ['openvswitch-switch', 'bridge-utils', 'vlan'], | |
| 'hostname_file': '/etc/sysconfig/network', | |
| 'network_manager': False, | |
| 'systemd': {}, | |
| 'interface': {}, | |
| 'interface_params': interface_params, | |
| 'bridge': 'none', | |
| 'proxy': { | |
| 'host': 'none' | |
| }, | |
| 'host': {}, | |
| 'mine_dns_records': False, | |
| 'dhclient_config': '/etc/dhcp/dhclient.conf', | |
| 'ovs_nowait': False, | |
| }, | |
| }, grain='os_family', merge=salt['pillar.get']('linux:network')) %} | |
| {% set storage = salt['grains.filter_by']({ | |
| 'Arch': { | |
| 'mount': {}, | |
| 'swap': {}, | |
| 'disk': {}, | |
| 'lvm': {}, | |
| 'lvm_services': ['lvm2-lvmetad', 'lvm2-lvmpolld', 'lvm2-monitor'], | |
| 'loopback': {}, | |
| 'nfs': { | |
| 'pkgs': ['nfs-utils'] | |
| }, | |
| 'multipath': { | |
| 'enabled': False, | |
| 'pkgs': ['multipath-tools', 'multipath-tools-boot'], | |
| 'service': '' | |
| }, | |
| }, | |
| 'Debian': { | |
| 'mount': {}, | |
| 'swap': {}, | |
| 'lvm': {}, | |
| 'disk': {}, | |
| 'lvm_services': ['lvm2-lvmetad', 'lvm2-lvmpolld', 'lvm2-monitor'], | |
| 'loopback': {}, | |
| 'nfs': { | |
| 'pkgs': ['nfs-common'] | |
| }, | |
| 'multipath': { | |
| 'enabled': False, | |
| 'pkgs': ['multipath-tools', 'multipath-tools-boot'], | |
| 'service': 'multipath-tools' | |
| }, | |
| 'lvm_pkgs': ['lvm2'], | |
| }, | |
| 'RedHat': { | |
| 'mount': {}, | |
| 'swap': {}, | |
| 'lvm': {}, | |
| 'disk': {}, | |
| 'lvm_services': ['lvm2-lvmetad', 'lvm2-lvmpolld', 'lvm2-monitor'], | |
| 'loopback': {}, | |
| 'nfs': { | |
| 'pkgs': ['nfs-utils'] | |
| }, | |
| 'multipath': { | |
| 'enabled': False, | |
| 'pkgs': [], | |
| 'service': 'multipath' | |
| }, | |
| }, | |
| }, merge=salt['grains.filter_by']({ | |
| 'focal': { | |
| 'lvm_services': ['lvm2-monitor'], | |
| }, | |
| 'buster': { | |
| 'lvm_services': ['lvm2-monitor'], | |
| }, | |
| 'trusty': { | |
| 'lvm_services': ['udev'], | |
| }, | |
| }, grain='oscodename', merge=salt['pillar.get']('linux:storage'))) %} | |
| {% set monitoring = salt['grains.filter_by']({ | |
| 'default': { | |
| 'bond_status': { | |
| 'interfaces': False | |
| }, | |
| 'zombie': { | |
| 'warn': 3, | |
| 'crit': 7, | |
| }, | |
| 'procs': { | |
| 'warn': 5000, | |
| 'crit': 10000, | |
| }, | |
| 'load': { | |
| 'warn': '6,4,2', | |
| 'crit': '12,8,4', | |
| }, | |
| 'swap': { | |
| 'warn': '50%', | |
| 'crit': '20%', | |
| }, | |
| 'disk': { | |
| 'warn': '15%', | |
| 'crit': '5%', | |
| }, | |
| 'netlink': { | |
| 'interfaces': [], | |
| 'interface_regex': '^[a-z0-9]+$', | |
| 'ignore_selected': False, | |
| }, | |
| 'cpu_usage_percentage': { | |
| 'warn': 90.0, | |
| }, | |
| 'memory_usage_percentage': { | |
| 'warn': 90.0, | |
| 'major': 95.0, | |
| }, | |
| 'disk_usage_percentage': { | |
| 'warn': 85.0, | |
| 'major': 95.0, | |
| }, | |
| 'swap_usage_percentage': { | |
| 'warn': 50.0, | |
| 'minor': 90.0, | |
| }, | |
| 'inodes_usage_percentage': { | |
| 'warn': 85.0, | |
| 'major': 95.0, | |
| }, | |
| 'system_load_threshold': { | |
| 'warn': 1, | |
| 'crit': 2, | |
| }, | |
| 'rx_packets_dropped_threshold': { | |
| 'warn': 100, | |
| }, | |
| 'tx_packets_dropped_threshold': { | |
| 'warn': 100, | |
| }, | |
| 'swap_in_rate': { | |
| 'warn': 1024 * 1024, | |
| }, | |
| 'swap_out_rate': { | |
| 'warn': 1024 * 1024, | |
| }, | |
| 'failed_auths_threshold': { | |
| 'warn': 5, | |
| }, | |
| 'net_rx_action_per_cpu_threshold': { | |
| 'warning': '500', | |
| 'minor': '5000' | |
| }, | |
| 'packets_dropped_per_cpu_threshold': { | |
| 'minor': '0', | |
| 'major': '100' | |
| } | |
| }, | |
| }, grain='os_family', merge=salt['pillar.get']('linux:monitoring')) %} |