Merge "Add Salt 2018.3 tests"
diff --git a/README.rst b/README.rst
index 2492aaf..5b7c72a 100644
--- a/README.rst
+++ b/README.rst
@@ -603,7 +603,7 @@
size: 2M
count: 107520
mount_point: /mnt/hugepages_2MB
- mount: false/true # default false
+ mount: false/true # default is true (mount immediately) / false (just save in the fstab)
large:
default: true # default automatically mounted
size: 1G
@@ -822,6 +822,30 @@
bash:
preserve_history: true
+Login banner message
+~~~~~~~~~~~~~~~~~~~~
+
+/etc/issue is a text file which contains a message or system
+identification to be printed before the login prompt. It may contain
+various @char and \char sequences, if supported by the getty-type
+program employed on the system.
+
+Setting logon banner message is easy:
+
+.. code-block:: yaml
+
+ liunx:
+ system:
+ banner:
+ enabled: true
+ contents: |
+ UNAUTHORIZED ACCESS TO THIS SYSTEM IS PROHIBITED
+
+ You must have explicit, authorized permission to access or configure this
+ device. Unauthorized attempts and actions to access or use this system may
+ result in civil and/or criminal penalties.
+ All activities performed on this system are logged and monitored.
+
Message of the day
~~~~~~~~~~~~~~~~~~
diff --git a/linux/files/modprobe.conf.jinja b/linux/files/modprobe.conf.jinja
index 2314bdb..8dcd782 100644
--- a/linux/files/modprobe.conf.jinja
+++ b/linux/files/modprobe.conf.jinja
@@ -2,8 +2,6 @@
blacklist {{ module_name }}
{%- else -%}
-{%- for option, value in module_content.get('option', {}) | dictsort -%}
-options {{ module_name }} {{ option }}={{ value }}
-{%- endfor %}
+options {{ module_name }}{% for option, value in module_content.get('option', {}) | dictsort %} {{ option }}={{ value }}{% endfor %}
{%- endif %}
diff --git a/linux/map.jinja b/linux/map.jinja
index d5c957b..4236a14 100644
--- a/linux/map.jinja
+++ b/linux/map.jinja
@@ -85,6 +85,12 @@
},
}, grain='os_family', merge=salt['pillar.get']('linux:system')) %}
+{% set banner = salt['grains.filter_by']({
+ 'BaseDefaults': {
+ 'enabled': false,
+ },
+}, grain='os_family', merge=salt['pillar.get']('linux:system:banner'), base='BaseDefaults') %}
+
{% set auth = salt['grains.filter_by']({
'Arch': {
'enabled': false,
@@ -268,8 +274,11 @@
'service': 'multipath'
},
},
-}, grain='os_family', merge=salt['pillar.get']('linux:storage')) %}
-
+}, merge=salt['grains.filter_by']({
+ 'trusty': {
+ 'lvm_services': ['udev'],
+ },
+}, grain='oscodename', merge=salt['pillar.get']('linux:storage'))) %}
{% set monitoring = salt['grains.filter_by']({
'default': {
diff --git a/linux/meta/fluentd.yml b/linux/meta/fluentd.yml
index 621a378..94b1fbc 100644
--- a/linux/meta/fluentd.yml
+++ b/linux/meta/fluentd.yml
@@ -109,4 +109,64 @@
tag: 'metric.**'
type: relabel
label: default_metric
+{%- else %}
+agent:
+ config:
+ label:
+ default_metric:
+ filter:
+ metric_hdd_errors_parse:
+ tag: metric.hdd_errors
+ type: parser
+ key_name: Payload
+ parser:
+ type: regexp
+ format: '/(?<device>[sv]d[a-z]+\d*)/'
+ metric_hdd_errors:
+ tag: metric.hdd_errors
+ require:
+ - metric_hdd_errors_parse
+ type: prometheus
+ metric:
+ - name: hdd_errors_total
+ type: counter
+ desc: The total number of hdd errors.
+ label:
+ - name: host
+ value: ${Hostname}
+ - name: device
+ value: ${device}
+ syslog:
+ input:
+ syslog_file:
+ type: tail
+ tag: linux.syslog
+ path: /var/log/syslog
+ pos_file: {{ pillar.fluentd.agent.dir.positiondb }}/linux_syslog.pos
+ suppress_parse_error_log: true
+ parser:
+ type: regexp
+ format: >-
+ '/(?<Payload>.*(?<device>[sv]d[a-z]{1,2}\d{0,3}).*)/'
+ match:
+ push_to_default:
+ tag: 'linux.**'
+ type: copy
+ store:
+ - type: relabel
+ label: default_output
+ - type: rewrite_tag_filter
+ rule:
+ - name: Payload
+ regexp: >-
+ 'error.*\b[sv]d[a-z]{1,2}\d{0,3}\b.*'
+ result: metric.hdd_errors
+ - name: Payload
+ regexp: >-
+ '\b[sv]d[a-z]{1,2}\d{0,3}\b.*error'
+ result: metric.hdd_errors
+ push_to_metric:
+ tag: 'metric.**'
+ type: relabel
+ label: default_metric
{%- endif %}
diff --git a/linux/system/banner.sls b/linux/system/banner.sls
new file mode 100644
index 0000000..6e283f5
--- /dev/null
+++ b/linux/system/banner.sls
@@ -0,0 +1,10 @@
+{%- from "linux/map.jinja" import banner with context %}
+
+{%- if banner.get('enabled', False) %}
+/etc/issue:
+ file.managed:
+ - user: root
+ - group: root
+ - mode: 644
+ - contents_pillar: linux:system:banner:contents
+{%- endif %}
diff --git a/linux/system/hugepages.sls b/linux/system/hugepages.sls
index 1c43262..54ccf45 100644
--- a/linux/system/hugepages.sls
+++ b/linux/system/hugepages.sls
@@ -19,23 +19,22 @@
{%- for hugepages_type, hugepages in system.kernel.hugepages.items() %}
-{%- if hugepages.get('mount', False) or hugepages.get('default', False) %}
-
hugepages_mount_{{ hugepages_type }}:
mount.mounted:
- name: {{ hugepages.mount_point }}
- - device: Hugetlbfs-kvm
+ - device: Hugetlbfs-kvm-{{ hugepages.size|lower }}
- fstype: hugetlbfs
- mkmnt: true
- opts: mode=775,pagesize={{ hugepages.size }}
+ - mount: {{ hugepages.mount|default('true') }}
# Make hugepages available right away with a temporary systctl write
# This will be handled via krn args after reboot, so don't use `sysctl.present`
+{%- if hugepages.get('default', False) %}
hugepages_sysctl_vm_nr_hugepages:
cmd.run:
- name: "sysctl vm.nr_hugepages={{ hugepages.count }}"
- unless: "sysctl vm.nr_hugepages | grep -qE '{{ hugepages.count }}'"
-
{%- endif %}
{%- endfor %}
diff --git a/linux/system/init.sls b/linux/system/init.sls
index 8594d48..c1b13e4 100644
--- a/linux/system/init.sls
+++ b/linux/system/init.sls
@@ -114,3 +114,6 @@
{%- if system.auth is defined %}
- linux.system.auth
{%- endif %}
+{%- if system.banner is defined %}
+- linux.system.banner
+{%- endif %}
diff --git a/tests/pillar/system_banner.sls b/tests/pillar/system_banner.sls
new file mode 100644
index 0000000..6c9ca6a
--- /dev/null
+++ b/tests/pillar/system_banner.sls
@@ -0,0 +1,10 @@
+linux:
+ system:
+ enabled: true
+ banner:
+ enabled: true
+ contents: |
+ ================= WARNING =================
+ This is tcpcloud network.
+ Unauthorized access is strictly prohibited.
+ ===========================================