Merge "Add slave interfaces to bond master after bond was created/set up"
diff --git a/README.rst b/README.rst
index 620f582..f62a937 100644
--- a/README.rst
+++ b/README.rst
@@ -407,6 +407,32 @@
         cpu:
           governor: performance
 
+Certificates
+~~~~~~~~~~~~
+
+Add certificate authority into system trusted CA bundle
+
+.. code-block:: yaml
+
+    linux:
+      system:
+        ca_certificates:
+          mycert: |
+            -----BEGIN CERTIFICATE-----
+            MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG
+            A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
+            cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2
+            MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV
+            BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt
+            YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
+            ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE
+            BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is
+            I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G
+            CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do
+            lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc
+            AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k
+            -----END CERTIFICATE-----
+
 Sysfs
 ~~~~~
 
diff --git a/linux/map.jinja b/linux/map.jinja
index 04b6441..de250bb 100644
--- a/linux/map.jinja
+++ b/linux/map.jinja
@@ -113,6 +113,7 @@
     'updelay',
     'hashing-algorithm',
     'hardware-dma-ring-rx',
+    'hwaddr',
 ] %}
 
 {% set network = salt['grains.filter_by']({
diff --git a/linux/meta/prometheus.yml b/linux/meta/prometheus.yml
index df53426..f044530 100644
--- a/linux/meta/prometheus.yml
+++ b/linux/meta/prometheus.yml
@@ -85,7 +85,7 @@
       if: rate(net_drop_in[1m]) > {{ net_rx_dropped_threshold }}
       {% raw %}
       labels:
-        severity: warning
+        severity: critical
         service: system
       annotations:
         summary: 'Too many received packets dropped on {{ $labels.host }} for interface {{ $labels.interface }}'
@@ -95,21 +95,11 @@
       if: rate(net_drop_out[1m]) > {{ net_tx_dropped_threshold }}
       {% raw %}
       labels:
-        severity: warning
+        severity: critical
         service: system
       annotations:
         summary: 'Too many transmitted packets dropped on {{ $labels.host }} for interface {{ $labels.interface }}'
         description: 'The rate of transmitted packets which are dropped is too high on node {{ $labels.host }} for interface {{ $labels.interface }} (current value={{ $value }}/sec, threshold={% endraw %}{{ net_tx_dropped_threshold }}/sec)'
-    SystemSwapUsed:
-      {%- set swap_used_threshold = monitoring.swap.warn.strip('%')|float %}
-      if: avg_over_time(swap_used_percent[1m]) > {{ swap_used_threshold }}
-      {% raw %}
-      labels:
-        severity: warning
-        service: system
-      annotations:
-        summary: 'Swap usage too high on {{ $labels.host }}'
-        description: 'The average percentage of used swap is too high on node {{ $labels.host }} (current value={{ $value }}%, threshold={% endraw %}{{ swap_used_threshold }}%)'
     SystemSwapIn:
       {%- set swap_in_threshold = monitoring.swap_in_rate.warn %}
       if: rate(swap_in[2m]) > {{ swap_in_threshold }}
diff --git a/linux/network/dpdk.sls b/linux/network/dpdk.sls
index cadc599..751941c 100644
--- a/linux/network/dpdk.sls
+++ b/linux/network/dpdk.sls
@@ -148,8 +148,10 @@
     - require:
       - cmd: linux_network_dpdk_bridge_interface_{{ interface.bridge }}
 
+  {%- endif %}
+
   {# Multiqueue n_rxq, pmd_rxq_affinity and mtu setup on interfaces #}
-  {%- elif interface.type == 'dpdk_ovs_port' and (interface.n_rxq is defined or interface.mtu is defined or interface.pmd_rxq_affinity is defined) %}
+  {%- if interface.type == 'dpdk_ovs_port' %}
 
   {%- if interface.n_rxq is defined %}
 
diff --git a/linux/system/selinux.sls b/linux/system/selinux.sls
index ff1d84d..5bbd815 100644
--- a/linux/system/selinux.sls
+++ b/linux/system/selinux.sls
@@ -1,5 +1,5 @@
 {%- from "linux/map.jinja" import system with context %}
-{%- if system.enabled %}
+{%- if system.selinux is defined %}
 
 include:
 - linux.system.repo
@@ -7,24 +7,22 @@
 {%- if grains.os_family == 'RedHat' %}
 
 {%- if system.selinux == 'disabled' %}
+  {%- set mode = 'permissive' %}
+{%- else %}
+  {%- set mode = system.selinux %}
+{%- endif %}
 
 selinux_config:
   cmd.run:
-  - names:
-    - "sed -i 's/enforcing/disabled/g' /etc/selinux/config; setenforce 0"
-    - "sed -i 's/permissive/disabled/g' /etc/selinux/config; setenforce 0"
-  - unless: cat '/etc/selinux/config' | grep 'SELINUX=disabled'
-
-{%- else %}
-
-selinux_config:
-  selinux.mode:
-  - name: {{ system.get('selinux', 'permissive') }}
+  - name: "sed -i 's/SELINUX=[a-z][a-z]*$/SELINUX={{ system.selinux }}/' /etc/selinux/config"
+  - unless: grep 'SELINUX={{ system.selinux }}' /etc/selinux/config
   - require:
     - pkg: linux_repo_prereq_pkgs
 
-{%- endif %}
+{{ mode }}:
+  selinux.mode
 
 {%- endif %}
 
 {%- endif %}
+