Merge "Add slave interfaces to bond master after bond was created/set up"
diff --git a/README.rst b/README.rst
index 620f582..f62a937 100644
--- a/README.rst
+++ b/README.rst
@@ -407,6 +407,32 @@
cpu:
governor: performance
+Certificates
+~~~~~~~~~~~~
+
+Add certificate authority into system trusted CA bundle
+
+.. code-block:: yaml
+
+ linux:
+ system:
+ ca_certificates:
+ mycert: |
+ -----BEGIN CERTIFICATE-----
+ MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG
+ A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
+ cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2
+ MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV
+ BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt
+ YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE
+ BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is
+ I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G
+ CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do
+ lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc
+ AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k
+ -----END CERTIFICATE-----
+
Sysfs
~~~~~
diff --git a/linux/map.jinja b/linux/map.jinja
index 04b6441..de250bb 100644
--- a/linux/map.jinja
+++ b/linux/map.jinja
@@ -113,6 +113,7 @@
'updelay',
'hashing-algorithm',
'hardware-dma-ring-rx',
+ 'hwaddr',
] %}
{% set network = salt['grains.filter_by']({
diff --git a/linux/meta/prometheus.yml b/linux/meta/prometheus.yml
index df53426..f044530 100644
--- a/linux/meta/prometheus.yml
+++ b/linux/meta/prometheus.yml
@@ -85,7 +85,7 @@
if: rate(net_drop_in[1m]) > {{ net_rx_dropped_threshold }}
{% raw %}
labels:
- severity: warning
+ severity: critical
service: system
annotations:
summary: 'Too many received packets dropped on {{ $labels.host }} for interface {{ $labels.interface }}'
@@ -95,21 +95,11 @@
if: rate(net_drop_out[1m]) > {{ net_tx_dropped_threshold }}
{% raw %}
labels:
- severity: warning
+ severity: critical
service: system
annotations:
summary: 'Too many transmitted packets dropped on {{ $labels.host }} for interface {{ $labels.interface }}'
description: 'The rate of transmitted packets which are dropped is too high on node {{ $labels.host }} for interface {{ $labels.interface }} (current value={{ $value }}/sec, threshold={% endraw %}{{ net_tx_dropped_threshold }}/sec)'
- SystemSwapUsed:
- {%- set swap_used_threshold = monitoring.swap.warn.strip('%')|float %}
- if: avg_over_time(swap_used_percent[1m]) > {{ swap_used_threshold }}
- {% raw %}
- labels:
- severity: warning
- service: system
- annotations:
- summary: 'Swap usage too high on {{ $labels.host }}'
- description: 'The average percentage of used swap is too high on node {{ $labels.host }} (current value={{ $value }}%, threshold={% endraw %}{{ swap_used_threshold }}%)'
SystemSwapIn:
{%- set swap_in_threshold = monitoring.swap_in_rate.warn %}
if: rate(swap_in[2m]) > {{ swap_in_threshold }}
diff --git a/linux/network/dpdk.sls b/linux/network/dpdk.sls
index cadc599..751941c 100644
--- a/linux/network/dpdk.sls
+++ b/linux/network/dpdk.sls
@@ -148,8 +148,10 @@
- require:
- cmd: linux_network_dpdk_bridge_interface_{{ interface.bridge }}
+ {%- endif %}
+
{# Multiqueue n_rxq, pmd_rxq_affinity and mtu setup on interfaces #}
- {%- elif interface.type == 'dpdk_ovs_port' and (interface.n_rxq is defined or interface.mtu is defined or interface.pmd_rxq_affinity is defined) %}
+ {%- if interface.type == 'dpdk_ovs_port' %}
{%- if interface.n_rxq is defined %}
diff --git a/linux/system/selinux.sls b/linux/system/selinux.sls
index ff1d84d..5bbd815 100644
--- a/linux/system/selinux.sls
+++ b/linux/system/selinux.sls
@@ -1,5 +1,5 @@
{%- from "linux/map.jinja" import system with context %}
-{%- if system.enabled %}
+{%- if system.selinux is defined %}
include:
- linux.system.repo
@@ -7,24 +7,22 @@
{%- if grains.os_family == 'RedHat' %}
{%- if system.selinux == 'disabled' %}
+ {%- set mode = 'permissive' %}
+{%- else %}
+ {%- set mode = system.selinux %}
+{%- endif %}
selinux_config:
cmd.run:
- - names:
- - "sed -i 's/enforcing/disabled/g' /etc/selinux/config; setenforce 0"
- - "sed -i 's/permissive/disabled/g' /etc/selinux/config; setenforce 0"
- - unless: cat '/etc/selinux/config' | grep 'SELINUX=disabled'
-
-{%- else %}
-
-selinux_config:
- selinux.mode:
- - name: {{ system.get('selinux', 'permissive') }}
+ - name: "sed -i 's/SELINUX=[a-z][a-z]*$/SELINUX={{ system.selinux }}/' /etc/selinux/config"
+ - unless: grep 'SELINUX={{ system.selinux }}' /etc/selinux/config
- require:
- pkg: linux_repo_prereq_pkgs
-{%- endif %}
+{{ mode }}:
+ selinux.mode
{%- endif %}
{%- endif %}
+