Merge "Add fluentd support"
diff --git a/README.rst b/README.rst
index a4d5323..1cbc18c 100644
--- a/README.rst
+++ b/README.rst
@@ -328,6 +328,19 @@
               DefaultLimitCPU: 2
               DefaultLimitNPROC: 4
 
+Ensure presence of directory:
+
+.. code-block:: yaml
+
+    linux:
+      system:
+        directory:
+          /tmp/test:
+            user: root
+            group: root
+            mode: 700
+            makedirs: true
+
 Kernel
 ~~~~~~
 
diff --git a/linux/files/systemd.conf b/linux/files/systemd.conf
index 36e01a5..2663aed 100644
--- a/linux/files/systemd.conf
+++ b/linux/files/systemd.conf
@@ -1,5 +1,5 @@
 {%- from "linux/map.jinja" import system with context -%}
-{%- for section, options in settings.iteritems() -%}
+{%- for section, options in settings.iteritems() %}
 [{{ section }}]
 {%- for option, value in options.iteritems() %}
 {{ option }}={{ value }}
diff --git a/linux/map.jinja b/linux/map.jinja
index de250bb..c623d63 100644
--- a/linux/map.jinja
+++ b/linux/map.jinja
@@ -18,6 +18,7 @@
          },
         'selinux': 'permissive',
         'ca_certs_dir': '/usr/local/share/ca-certificates',
+        'ca_certs_bin': 'update-ca-certificates',
         'atop': {
              'enabled': false,
              'interval': '20',
@@ -45,6 +46,7 @@
          },
         'selinux': 'permissive',
         'ca_certs_dir': '/usr/local/share/ca-certificates',
+        'ca_certs_bin': 'update-ca-certificates',
         'atop': {
              'enabled': false,
              'interval': '20',
@@ -71,7 +73,8 @@
              'pkgs': []
          },
         'selinux': 'permissive',
-        'ca_certs_dir': '/usr/local/share/ca-certificates',
+        'ca_certs_dir': '/etc/pki/ca-trust/source/anchors',
+        'ca_certs_bin': 'update-ca-trust extract',
         'atop': {
              'enabled': false,
              'interval': '20',
diff --git a/linux/meta/prometheus.yml b/linux/meta/prometheus.yml
index f044530..bea6995 100644
--- a/linux/meta/prometheus.yml
+++ b/linux/meta/prometheus.yml
@@ -42,7 +42,7 @@
         description: 'The disk inodes ({{ $labels.path }}) will be full in less than 8 hours on {{ $labels.host }}.'
       {% endraw %}
     SystemDiskInodesFull:
-      if: 'disk_inodes_used / disk_inodes_total >= 99'
+      if: 'disk_inodes_used / disk_inodes_total >= 0.99'
       {% raw %}
       labels:
         severity: critical
diff --git a/linux/system/certificate.sls b/linux/system/certificate.sls
index f9f39d4..ffa20c4 100644
--- a/linux/system/certificate.sls
+++ b/linux/system/certificate.sls
@@ -35,7 +35,7 @@
 
 update_certificates:
   cmd.wait:
-  - name: update-ca-certificates
+  - name: {{ system.ca_certs_bin }}
 
 {%- endif %}
 
diff --git a/linux/system/directory.sls b/linux/system/directory.sls
new file mode 100644
index 0000000..f53a870
--- /dev/null
+++ b/linux/system/directory.sls
@@ -0,0 +1,15 @@
+{%- from "linux/map.jinja" import system with context %}
+
+{%- for name, dir in system.directory.iteritems() %}
+
+{{ dir.name|default(name) }}:
+  file.directory:
+    {%- if dir %}
+      {%- for key, value in dir.iteritems() %}
+    - {{ key }}: {{ value }}
+      {%- endfor %}
+    {%- else %}
+    - name: {{ name }}
+    {%- endif %}
+
+{%- endfor %}
diff --git a/linux/system/init.sls b/linux/system/init.sls
index 2f379f4..4dc1a8c 100644
--- a/linux/system/init.sls
+++ b/linux/system/init.sls
@@ -96,3 +96,6 @@
 {%- if system.systemd is defined %}
 - linux.system.systemd
 {%- endif %}
+{%- if system.directory is defined %}
+- linux.system.directory
+{%- endif %}
diff --git a/linux/system/motd.sls b/linux/system/motd.sls
index a7ef8f2..f6cdc47 100644
--- a/linux/system/motd.sls
+++ b/linux/system/motd.sls
@@ -22,6 +22,17 @@
   file.directory:
     - clean: true
 
+{%- if grains.oscodename == "jessie" %}
+motd_fix_pam_sshd:
+  file.replace:
+    - name: /etc/pam.d/sshd
+    - pattern: "/run/motd.dynamic"
+    - repl: "/run/motd"
+{%- endif %}
+
+/etc/motd:
+  file.absent
+
 {%- for motd in system.motd %}
 {%- set motd_index = loop.index %}
 
diff --git a/tests/pillar/system.sls b/tests/pillar/system.sls
index 411323c..cba1aea 100644
--- a/tests/pillar/system.sls
+++ b/tests/pillar/system.sls
@@ -7,6 +7,9 @@
     environment: prd
     hostname: system.pillar.local
     purge_repos: true
+    directory:
+      /tmp/test:
+        makedirs: true
     apparmor:
       enabled: false
     haveged: