Merge "Add fluentd support"
diff --git a/README.rst b/README.rst
index a4d5323..1cbc18c 100644
--- a/README.rst
+++ b/README.rst
@@ -328,6 +328,19 @@
DefaultLimitCPU: 2
DefaultLimitNPROC: 4
+Ensure presence of directory:
+
+.. code-block:: yaml
+
+ linux:
+ system:
+ directory:
+ /tmp/test:
+ user: root
+ group: root
+ mode: 700
+ makedirs: true
+
Kernel
~~~~~~
diff --git a/linux/files/systemd.conf b/linux/files/systemd.conf
index 36e01a5..2663aed 100644
--- a/linux/files/systemd.conf
+++ b/linux/files/systemd.conf
@@ -1,5 +1,5 @@
{%- from "linux/map.jinja" import system with context -%}
-{%- for section, options in settings.iteritems() -%}
+{%- for section, options in settings.iteritems() %}
[{{ section }}]
{%- for option, value in options.iteritems() %}
{{ option }}={{ value }}
diff --git a/linux/map.jinja b/linux/map.jinja
index de250bb..c623d63 100644
--- a/linux/map.jinja
+++ b/linux/map.jinja
@@ -18,6 +18,7 @@
},
'selinux': 'permissive',
'ca_certs_dir': '/usr/local/share/ca-certificates',
+ 'ca_certs_bin': 'update-ca-certificates',
'atop': {
'enabled': false,
'interval': '20',
@@ -45,6 +46,7 @@
},
'selinux': 'permissive',
'ca_certs_dir': '/usr/local/share/ca-certificates',
+ 'ca_certs_bin': 'update-ca-certificates',
'atop': {
'enabled': false,
'interval': '20',
@@ -71,7 +73,8 @@
'pkgs': []
},
'selinux': 'permissive',
- 'ca_certs_dir': '/usr/local/share/ca-certificates',
+ 'ca_certs_dir': '/etc/pki/ca-trust/source/anchors',
+ 'ca_certs_bin': 'update-ca-trust extract',
'atop': {
'enabled': false,
'interval': '20',
diff --git a/linux/meta/prometheus.yml b/linux/meta/prometheus.yml
index f044530..bea6995 100644
--- a/linux/meta/prometheus.yml
+++ b/linux/meta/prometheus.yml
@@ -42,7 +42,7 @@
description: 'The disk inodes ({{ $labels.path }}) will be full in less than 8 hours on {{ $labels.host }}.'
{% endraw %}
SystemDiskInodesFull:
- if: 'disk_inodes_used / disk_inodes_total >= 99'
+ if: 'disk_inodes_used / disk_inodes_total >= 0.99'
{% raw %}
labels:
severity: critical
diff --git a/linux/system/certificate.sls b/linux/system/certificate.sls
index f9f39d4..ffa20c4 100644
--- a/linux/system/certificate.sls
+++ b/linux/system/certificate.sls
@@ -35,7 +35,7 @@
update_certificates:
cmd.wait:
- - name: update-ca-certificates
+ - name: {{ system.ca_certs_bin }}
{%- endif %}
diff --git a/linux/system/directory.sls b/linux/system/directory.sls
new file mode 100644
index 0000000..f53a870
--- /dev/null
+++ b/linux/system/directory.sls
@@ -0,0 +1,15 @@
+{%- from "linux/map.jinja" import system with context %}
+
+{%- for name, dir in system.directory.iteritems() %}
+
+{{ dir.name|default(name) }}:
+ file.directory:
+ {%- if dir %}
+ {%- for key, value in dir.iteritems() %}
+ - {{ key }}: {{ value }}
+ {%- endfor %}
+ {%- else %}
+ - name: {{ name }}
+ {%- endif %}
+
+{%- endfor %}
diff --git a/linux/system/init.sls b/linux/system/init.sls
index 2f379f4..4dc1a8c 100644
--- a/linux/system/init.sls
+++ b/linux/system/init.sls
@@ -96,3 +96,6 @@
{%- if system.systemd is defined %}
- linux.system.systemd
{%- endif %}
+{%- if system.directory is defined %}
+- linux.system.directory
+{%- endif %}
diff --git a/linux/system/motd.sls b/linux/system/motd.sls
index a7ef8f2..f6cdc47 100644
--- a/linux/system/motd.sls
+++ b/linux/system/motd.sls
@@ -22,6 +22,17 @@
file.directory:
- clean: true
+{%- if grains.oscodename == "jessie" %}
+motd_fix_pam_sshd:
+ file.replace:
+ - name: /etc/pam.d/sshd
+ - pattern: "/run/motd.dynamic"
+ - repl: "/run/motd"
+{%- endif %}
+
+/etc/motd:
+ file.absent
+
{%- for motd in system.motd %}
{%- set motd_index = loop.index %}
diff --git a/tests/pillar/system.sls b/tests/pillar/system.sls
index 411323c..cba1aea 100644
--- a/tests/pillar/system.sls
+++ b/tests/pillar/system.sls
@@ -7,6 +7,9 @@
environment: prd
hostname: system.pillar.local
purge_repos: true
+ directory:
+ /tmp/test:
+ makedirs: true
apparmor:
enabled: false
haveged: