From a6daf4ece3f05600ad66fea55c5220d07a71cef1 Mon Sep 17 00:00:00 2001 From: Michael Polenchuk Date: Wed, 24 May 2017 12:44:05 +0400 Subject: [mcp] Bring in reclass system salt models Change-Id: I1a865b7524f3a5242544e60e6b36b1092721c58b Signed-off-by: Michael Polenchuk --- .../system/linux/network/interface/single_dhcp.yml | 9 +++ .../linux/network/interface/single_ovs_dvr.yml | 67 ++++++++++++++++++++++ .../linux/network/interface/single_static.yml | 10 ++++ .../classes/system/linux/storage/loopback.yml | 8 +++ .../classes/system/linux/system/haveged.yml | 5 ++ mcp/reclass/classes/system/linux/system/lowmem.yml | 17 ++++++ .../classes/system/linux/system/motd/dynamic.yml | 19 ++++++ .../classes/system/linux/system/motd/static.yml | 12 ++++ .../classes/system/linux/system/prompt/init.yml | 7 +++ .../system/linux/system/prompt/production.yml | 7 +++ .../classes/system/linux/system/repo/cassandra.yml | 10 ++++ .../classes/system/linux/system/repo/docker.yml | 9 +++ .../system/linux/system/repo/elasticsearch.yml | 8 +++ .../classes/system/linux/system/repo/glusterfs.yml | 11 ++++ .../classes/system/linux/system/repo/grafana.yml | 8 +++ .../classes/system/linux/system/repo/influxdb.yml | 8 +++ .../classes/system/linux/system/repo/kibana.yml | 7 +++ .../classes/system/linux/system/repo/mcp/extra.yml | 15 +++++ .../system/linux/system/repo/mcp/openstack.yml | 54 +++++++++++++++++ .../classes/system/linux/system/repo/mcp/salt.yml | 15 +++++ .../system/linux/system/repo/saltstack/xenial.yml | 10 ++++ .../classes/system/linux/system/repo/sensu.yml | 8 +++ .../classes/system/linux/system/repo/ubuntu.yml | 22 +++++++ mcp/reclass/classes/system/linux/system/single.yml | 58 +++++++++++++++++++ mcp/reclass/classes/system/linux/system/sudo.yml | 43 ++++++++++++++ 25 files changed, 447 insertions(+) create mode 100644 mcp/reclass/classes/system/linux/network/interface/single_dhcp.yml create mode 100644 mcp/reclass/classes/system/linux/network/interface/single_ovs_dvr.yml create mode 100644 mcp/reclass/classes/system/linux/network/interface/single_static.yml create mode 100644 mcp/reclass/classes/system/linux/storage/loopback.yml create mode 100644 mcp/reclass/classes/system/linux/system/haveged.yml create mode 100644 mcp/reclass/classes/system/linux/system/lowmem.yml create mode 100644 mcp/reclass/classes/system/linux/system/motd/dynamic.yml create mode 100644 mcp/reclass/classes/system/linux/system/motd/static.yml create mode 100644 mcp/reclass/classes/system/linux/system/prompt/init.yml create mode 100644 mcp/reclass/classes/system/linux/system/prompt/production.yml create mode 100644 mcp/reclass/classes/system/linux/system/repo/cassandra.yml create mode 100644 mcp/reclass/classes/system/linux/system/repo/docker.yml create mode 100644 mcp/reclass/classes/system/linux/system/repo/elasticsearch.yml create mode 100644 mcp/reclass/classes/system/linux/system/repo/glusterfs.yml create mode 100644 mcp/reclass/classes/system/linux/system/repo/grafana.yml create mode 100644 mcp/reclass/classes/system/linux/system/repo/influxdb.yml create mode 100644 mcp/reclass/classes/system/linux/system/repo/kibana.yml create mode 100644 mcp/reclass/classes/system/linux/system/repo/mcp/extra.yml create mode 100644 mcp/reclass/classes/system/linux/system/repo/mcp/openstack.yml create mode 100644 mcp/reclass/classes/system/linux/system/repo/mcp/salt.yml create mode 100644 mcp/reclass/classes/system/linux/system/repo/saltstack/xenial.yml create mode 100644 mcp/reclass/classes/system/linux/system/repo/sensu.yml create mode 100644 mcp/reclass/classes/system/linux/system/repo/ubuntu.yml create mode 100644 mcp/reclass/classes/system/linux/system/single.yml create mode 100644 mcp/reclass/classes/system/linux/system/sudo.yml (limited to 'mcp/reclass/classes/system/linux') diff --git a/mcp/reclass/classes/system/linux/network/interface/single_dhcp.yml b/mcp/reclass/classes/system/linux/network/interface/single_dhcp.yml new file mode 100644 index 000000000..c3a69ab7f --- /dev/null +++ b/mcp/reclass/classes/system/linux/network/interface/single_dhcp.yml @@ -0,0 +1,9 @@ +parameters: + linux: + network: + interface: + primary_interface: + enabled: true + name: ${_param:primary_interface} + type: eth + proto: dhcp diff --git a/mcp/reclass/classes/system/linux/network/interface/single_ovs_dvr.yml b/mcp/reclass/classes/system/linux/network/interface/single_ovs_dvr.yml new file mode 100644 index 000000000..482bd028a --- /dev/null +++ b/mcp/reclass/classes/system/linux/network/interface/single_ovs_dvr.yml @@ -0,0 +1,67 @@ +parameters: + _param: + primary_interface: eth1 + tenant_interface: eth2 + external_interface: eth3 + interface_mtu: 9000 + linux: + network: + bridge: openvswitch + interface: + primary_interface: + enabled: true + name: ${_param:primary_interface} + type: eth + mtu: ${_param:interface_mtu} + proto: manual + tenant_interface: + enabled: true + name: ${_param:tenant_interface} + type: eth + mtu: ${_param:interface_mtu} + proto: manual + external_interface: + enabled: true + name: ${_param:external_interface} + type: eth + mtu: ${_param:interface_mtu} + proto: manual + br-int: + enabled: true + mtu: ${_param:interface_mtu} + type: ovs_bridge + br-floating: + enabled: true + mtu: ${_param:interface_mtu} + type: ovs_bridge + float-to-ex: + enabled: true + type: ovs_port + mtu: 65000 + bridge: br-floating + br-mgmt: + enabled: true + type: bridge + mtu: ${_param:interface_mtu} + address: ${_param:single_address} + netmask: 255.255.255.0 + use_interfaces: + - ${_param:primary_interface} + br-mesh: + enabled: true + type: bridge + mtu: ${_param:interface_mtu} + address: ${_param:tenant_address} + netmask: 255.255.255.0 + use_interfaces: + - ${_param:tenant_interface} + br-ex: + enabled: true + type: bridge + mtu: ${_param:interface_mtu} + address: ${_param:external_address} + netmask: 255.255.255.0 + use_interfaces: + - ${_param:external_interface} + use_ovs_ports: + - float-to-ex \ No newline at end of file diff --git a/mcp/reclass/classes/system/linux/network/interface/single_static.yml b/mcp/reclass/classes/system/linux/network/interface/single_static.yml new file mode 100644 index 000000000..18f46a255 --- /dev/null +++ b/mcp/reclass/classes/system/linux/network/interface/single_static.yml @@ -0,0 +1,10 @@ +parameters: + linux: + network: + interface: + primary_interface: + enabled: true + name: ${_param:primary_interface} + type: eth + proto: manual + address: ${_param:single_address} \ No newline at end of file diff --git a/mcp/reclass/classes/system/linux/storage/loopback.yml b/mcp/reclass/classes/system/linux/storage/loopback.yml new file mode 100644 index 000000000..adbbe65f3 --- /dev/null +++ b/mcp/reclass/classes/system/linux/storage/loopback.yml @@ -0,0 +1,8 @@ +parameters: + linux: + storage: + enabled: true + loopback: + loop0: + file: "/srv/disk0" + size: ${_param:loopback_device_size}G diff --git a/mcp/reclass/classes/system/linux/system/haveged.yml b/mcp/reclass/classes/system/linux/system/haveged.yml new file mode 100644 index 000000000..5c0be1512 --- /dev/null +++ b/mcp/reclass/classes/system/linux/system/haveged.yml @@ -0,0 +1,5 @@ +parameters: + linux: + system: + haveged: + enabled: true diff --git a/mcp/reclass/classes/system/linux/system/lowmem.yml b/mcp/reclass/classes/system/linux/system/lowmem.yml new file mode 100644 index 000000000..e1f119384 --- /dev/null +++ b/mcp/reclass/classes/system/linux/system/lowmem.yml @@ -0,0 +1,17 @@ +parameters: + linux: + storage: + swap: + swap01: + enabled: true + engine: file + device: /var/tmp/swap01 + size: 2048 +# opencontrail: +# database: +# max_heap_size: "1G" +# heap_newsize: "200M" +# rabbitmq: +# server: +# memory: +# vm_high_watermark: 0.2 diff --git a/mcp/reclass/classes/system/linux/system/motd/dynamic.yml b/mcp/reclass/classes/system/linux/system/motd/dynamic.yml new file mode 100644 index 000000000..9589e8ef9 --- /dev/null +++ b/mcp/reclass/classes/system/linux/system/motd/dynamic.yml @@ -0,0 +1,19 @@ +parameters: + linux: + system: + motd: + - warning: | + #!/bin/sh + printf "WARNING: This is private network.\n" + printf " Unauthorized access is strictly prohibited.\n" + printf "\n" + - info: | + #!/bin/sh + printf -- "------------------------------------------------------\n" + printf " Hostname | $(hostname)\n" + printf " Domain | $(hostname -d)\n" + printf " System | %s\n" "$(lsb_release -s -d)" + printf " Kernel | %s\n" "$(uname -r)" + printf " Uptime | %s\n" "$(uptime -p)" + printf " Load Average | %s\n" "$(cat /proc/loadavg | awk '{print $1", "$2", "$3}')" + printf -- "------------------------------------------------------\n" diff --git a/mcp/reclass/classes/system/linux/system/motd/static.yml b/mcp/reclass/classes/system/linux/system/motd/static.yml new file mode 100644 index 000000000..774abc67f --- /dev/null +++ b/mcp/reclass/classes/system/linux/system/motd/static.yml @@ -0,0 +1,12 @@ +parameters: + linux: + system: + motd: | + WARNING: This is private network + Unauthorized access is strictly prohibited + + ------------------------------------------------------ + Hostname | ${linux:system:name} + Domain | ${linux:system:domain} + ------------------------------------------------------ + diff --git a/mcp/reclass/classes/system/linux/system/prompt/init.yml b/mcp/reclass/classes/system/linux/system/prompt/init.yml new file mode 100644 index 000000000..2f0120d8c --- /dev/null +++ b/mcp/reclass/classes/system/linux/system/prompt/init.yml @@ -0,0 +1,7 @@ +parameters: + linux: + system: + prompt: + default: \\n\\[\\033[0;37m\\]\\D{%y/%m/%d %H:%M:%S} ${linux:system:name}.${linux:system:domain}\\[\\e[0m\\]\\n\\[\\e[1;39m\\][\\u@\\h:\\w]\\[\\e[0m\\] + bash: + preserve_history: true diff --git a/mcp/reclass/classes/system/linux/system/prompt/production.yml b/mcp/reclass/classes/system/linux/system/prompt/production.yml new file mode 100644 index 000000000..f8784605d --- /dev/null +++ b/mcp/reclass/classes/system/linux/system/prompt/production.yml @@ -0,0 +1,7 @@ +classes: + - system.linux.system.prompt +parameters: + linux: + system: + prompt: + default: \\n\\[\\033[0;37m\\]\\D{%y/%m/%d %H:%M:%S} ${linux:system:name}.${linux:system:domain}\\[\\e[0m\\]\\n\\[\\e[1;31m\\][\\u@\\h:\\w]\\[\\e[0m\\] diff --git a/mcp/reclass/classes/system/linux/system/repo/cassandra.yml b/mcp/reclass/classes/system/linux/system/repo/cassandra.yml new file mode 100644 index 000000000..74fb02119 --- /dev/null +++ b/mcp/reclass/classes/system/linux/system/repo/cassandra.yml @@ -0,0 +1,10 @@ +parameters: + _param: + linux_repo_cassandra_component: 21x + linux: + system: + repo: + cassandra: + source: "deb http://www.apache.org/dist/cassandra/debian/ ${_param:linux_repo_cassandra_component} main" + architectures: amd64 + key_url: "https://www.apache.org/dist/cassandra/KEYS" diff --git a/mcp/reclass/classes/system/linux/system/repo/docker.yml b/mcp/reclass/classes/system/linux/system/repo/docker.yml new file mode 100644 index 000000000..6eae575d0 --- /dev/null +++ b/mcp/reclass/classes/system/linux/system/repo/docker.yml @@ -0,0 +1,9 @@ +parameters: + linux: + system: + repo: + docker: + source: "deb https://apt.dockerproject.org/repo ubuntu-${_param:linux_system_codename} main" + architectures: amd64 + key_id: 58118E89F3A912897C070ADBF76221572C52609D + key_server: hkp://p80.pool.sks-keyservers.net:80 diff --git a/mcp/reclass/classes/system/linux/system/repo/elasticsearch.yml b/mcp/reclass/classes/system/linux/system/repo/elasticsearch.yml new file mode 100644 index 000000000..60f6fd075 --- /dev/null +++ b/mcp/reclass/classes/system/linux/system/repo/elasticsearch.yml @@ -0,0 +1,8 @@ +parameters: + linux: + system: + repo: + elasticsearch: + source: "deb http://packages.elastic.co/elasticsearch/2.x/debian stable main" + architectures: amd64 + key_url: "https://packages.elastic.co/GPG-KEY-elasticsearch" \ No newline at end of file diff --git a/mcp/reclass/classes/system/linux/system/repo/glusterfs.yml b/mcp/reclass/classes/system/linux/system/repo/glusterfs.yml new file mode 100644 index 000000000..fb331f0f3 --- /dev/null +++ b/mcp/reclass/classes/system/linux/system/repo/glusterfs.yml @@ -0,0 +1,11 @@ +parameters: + _param: + glusterfs_version: 3.8 + linux: + system: + repo: + glusterfs-ppa: + source: "deb http://ppa.launchpad.net/gluster/glusterfs-${_param:glusterfs_version}/ubuntu ${_param:linux_system_codename} main" + architectures: amd64 + key_id: 3FE869A9 + key_server: keyserver.ubuntu.com diff --git a/mcp/reclass/classes/system/linux/system/repo/grafana.yml b/mcp/reclass/classes/system/linux/system/repo/grafana.yml new file mode 100644 index 000000000..c1c8a5b35 --- /dev/null +++ b/mcp/reclass/classes/system/linux/system/repo/grafana.yml @@ -0,0 +1,8 @@ +parameters: + linux: + system: + repo: + grafana: + enabled: true + source: 'deb https://packagecloud.io/grafana/stable/debian/ jessie main' + key_url: 'https://packagecloud.io/gpg.key' diff --git a/mcp/reclass/classes/system/linux/system/repo/influxdb.yml b/mcp/reclass/classes/system/linux/system/repo/influxdb.yml new file mode 100644 index 000000000..b9345039d --- /dev/null +++ b/mcp/reclass/classes/system/linux/system/repo/influxdb.yml @@ -0,0 +1,8 @@ +parameters: + linux: + system: + repo: + influxdb: + source: 'deb [arch=amd64] https://repos.influxdata.com/ubuntu ${_param:linux_system_codename} stable' + architectures: amd64 + key_url: 'https://repos.influxdata.com/influxdb.key' \ No newline at end of file diff --git a/mcp/reclass/classes/system/linux/system/repo/kibana.yml b/mcp/reclass/classes/system/linux/system/repo/kibana.yml new file mode 100644 index 000000000..425141d10 --- /dev/null +++ b/mcp/reclass/classes/system/linux/system/repo/kibana.yml @@ -0,0 +1,7 @@ +parameters: + linux: + system: + repo: + kibana: + source: "deb https://packages.elastic.co/kibana/4.6/debian stable main" + key_url: "https://packages.elastic.co/GPG-KEY-elasticsearch" diff --git a/mcp/reclass/classes/system/linux/system/repo/mcp/extra.yml b/mcp/reclass/classes/system/linux/system/repo/mcp/extra.yml new file mode 100644 index 000000000..00de9eacd --- /dev/null +++ b/mcp/reclass/classes/system/linux/system/repo/mcp/extra.yml @@ -0,0 +1,15 @@ +parameters: + _param: + apt_mk_version: stable + linux: + system: + repo: + mcp_extra: + source: "deb [arch=amd64] http://apt-mk.mirantis.com/${_param:linux_system_codename}/ ${_param:apt_mk_version} extra" + architectures: amd64 + key_url: "http://apt-mk.mirantis.com/public.gpg" + clean_file: true + pin: + - pin: 'release a=${_param:apt_mk_version}' + priority: 1100 + package: '*' diff --git a/mcp/reclass/classes/system/linux/system/repo/mcp/openstack.yml b/mcp/reclass/classes/system/linux/system/repo/mcp/openstack.yml new file mode 100644 index 000000000..9f26821d0 --- /dev/null +++ b/mcp/reclass/classes/system/linux/system/repo/mcp/openstack.yml @@ -0,0 +1,54 @@ +parameters: + _param: + apt_mk_version: stable + linux: + system: + repo: + mirantis_openstack: + source: "deb http://mirror.fuel-infra.org/mcp-repos/${_param:openstack_version}/${_param:linux_system_codename} ${_param:openstack_version} main" + architectures: amd64 + key_url: "http://mirror.fuel-infra.org/mcp-repos/${_param:openstack_version}/${_param:linux_system_codename}/archive-mcp${_param:openstack_version}.key" + pin: + - pin: 'release a=${_param:openstack_version}' + priority: 1100 + package: '*' + mirantis_openstack_hotfix: + source: "deb http://mirror.fuel-infra.org/mcp-repos/${_param:openstack_version}/${_param:linux_system_codename} ${_param:openstack_version}-hotfix main" + architectures: amd64 + key_url: "http://mirror.fuel-infra.org/mcp-repos/${_param:openstack_version}/${_param:linux_system_codename}/archive-mcp${_param:openstack_version}.key" + pin: + - pin: 'release a=${_param:openstack_version}-hotfix' + priority: 1100 + package: '*' + mirantis_openstack_security: + source: "deb http://mirror.fuel-infra.org/mcp-repos/${_param:openstack_version}/${_param:linux_system_codename} ${_param:openstack_version}-security main" + architectures: amd64 + key_url: "http://mirror.fuel-infra.org/mcp-repos/${_param:openstack_version}/${_param:linux_system_codename}/archive-mcp${_param:openstack_version}.key" + pin: + - pin: 'release a=${_param:openstack_version}-security' + priority: 1100 + package: '*' + mirantis_openstack_updates: + source: "deb http://mirror.fuel-infra.org/mcp-repos/${_param:openstack_version}/${_param:linux_system_codename} ${_param:openstack_version}-updates main" + architectures: amd64 + key_url: "http://mirror.fuel-infra.org/mcp-repos/${_param:openstack_version}/${_param:linux_system_codename}/archive-mcp${_param:openstack_version}.key" + pin: + - pin: 'release a=${_param:openstack_version}-uptades' + priority: 1100 + package: '*' + mirantis_openstack_holdback: + source: "deb http://mirror.fuel-infra.org/mcp-repos/${_param:openstack_version}/${_param:linux_system_codename} ${_param:openstack_version}-holdback main" + architectures: amd64 + key_url: "http://mirror.fuel-infra.org/mcp-repos/${_param:openstack_version}/${_param:linux_system_codename}/archive-mcp${_param:openstack_version}.key" + pin: + - pin: 'release a=${_param:openstack_version}-holdback' + priority: 1100 + package: '*' + mk_openstack: + source: "deb [arch=amd64] http://apt-mk.mirantis.com/${_param:linux_system_codename}/ ${_param:apt_mk_version} ${_param:openstack_version}" + architectures: amd64 + key_url: "http://apt-mk.mirantis.com/public.gpg" + pin: + - pin: 'release a=${_param:apt_mk_version}' + priority: 1100 + package: '*' diff --git a/mcp/reclass/classes/system/linux/system/repo/mcp/salt.yml b/mcp/reclass/classes/system/linux/system/repo/mcp/salt.yml new file mode 100644 index 000000000..d40cc5fbe --- /dev/null +++ b/mcp/reclass/classes/system/linux/system/repo/mcp/salt.yml @@ -0,0 +1,15 @@ +parameters: + _param: + apt_mk_version: stable + linux: + system: + repo: + mcp_salt: + source: "deb [arch=amd64] http://apt-mk.mirantis.com/${_param:linux_system_codename}/ ${_param:apt_mk_version} salt" + architectures: amd64 + key_url: "http://apt-mk.mirantis.com/public.gpg" + clean_file: true + pin: + - pin: 'release a=${_param:apt_mk_version}' + priority: 1100 + package: '*' diff --git a/mcp/reclass/classes/system/linux/system/repo/saltstack/xenial.yml b/mcp/reclass/classes/system/linux/system/repo/saltstack/xenial.yml new file mode 100644 index 000000000..aca462a67 --- /dev/null +++ b/mcp/reclass/classes/system/linux/system/repo/saltstack/xenial.yml @@ -0,0 +1,10 @@ +parameters: + _param: + salt_version: 2016.3 + linux: + system: + repo: + salt: + source: "deb http://repo.saltstack.com/apt/ubuntu/16.04/amd64/${_param:salt_version} xenial main" + architectures: amd64 + key_url: "http://repo.saltstack.com/apt/ubuntu/16.04/amd64/${_param:salt_version}/SALTSTACK-GPG-KEY.pub" \ No newline at end of file diff --git a/mcp/reclass/classes/system/linux/system/repo/sensu.yml b/mcp/reclass/classes/system/linux/system/repo/sensu.yml new file mode 100644 index 000000000..1ea368712 --- /dev/null +++ b/mcp/reclass/classes/system/linux/system/repo/sensu.yml @@ -0,0 +1,8 @@ +parameters: + linux: + system: + repo: + sensu: + source: "deb https://sensu.global.ssl.fastly.net/apt ${_param:linux_system_codename} main" + architectures: amd64 + key_url: "https://sensu.global.ssl.fastly.net/apt/pubkey.gpg" \ No newline at end of file diff --git a/mcp/reclass/classes/system/linux/system/repo/ubuntu.yml b/mcp/reclass/classes/system/linux/system/repo/ubuntu.yml new file mode 100644 index 000000000..d36bcc1f0 --- /dev/null +++ b/mcp/reclass/classes/system/linux/system/repo/ubuntu.yml @@ -0,0 +1,22 @@ +parameters: + linux: + system: + repo: + ubuntu: + source: "deb [arch=amd64] http://archive.ubuntu.com/ubuntu/ ${_param:linux_system_codename} main restricted universe" + architectures: amd64 + default: true + key_id: 437D05B5 + key_server: keyserver.ubuntu.com + ubuntu_updates: + source: "deb [arch=amd64] http://archive.ubuntu.com/ubuntu/ ${_param:linux_system_codename}-updates main restricted universe" + architectures: amd64 + default: true + key_id: 437D05B5 + key_server: keyserver.ubuntu.com + ubuntu_security: + source: "deb [arch=amd64] http://archive.ubuntu.com/ubuntu/ ${_param:linux_system_codename}-security main restricted universe" + architectures: amd64 + default: true + key_id: 437D05B5 + key_server: keyserver.ubuntu.com \ No newline at end of file diff --git a/mcp/reclass/classes/system/linux/system/single.yml b/mcp/reclass/classes/system/linux/system/single.yml new file mode 100644 index 000000000..056fb9863 --- /dev/null +++ b/mcp/reclass/classes/system/linux/system/single.yml @@ -0,0 +1,58 @@ +classes: +- service.linux.system +- service.salt.minion.master +- system.ntp.client.single +parameters: + linux: + system: + package: + python-msgpack: + version: latest + cloud-init: + version: purged + mcelog: + version: latest + kernel: + modules: + - nf_conntrack + sysctl: + net.ipv4.tcp_keepalive_intvl: 3 + net.ipv4.tcp_keepalive_time: 30 + net.ipv4.tcp_keepalive_probes: 8 + fs.file-max: 124165 + net.core.somaxconn: 4096 + vm.swappiness: 10 + net.nf_conntrack_max: 1048576 + net.ipv4.tcp_retries2: 5 + net.ipv4.tcp_max_syn_backlog: 8192 + net.ipv4.neigh.default.gc_thresh1: 4096 + net.ipv4.neigh.default.gc_thresh2: 8192 + net.ipv4.neigh.default.gc_thresh3: 16384 + net.core.netdev_max_backlog: 261144 + kernel.panic: 60 + cpu: + governor: performance + timezone: UTC + locale: + en_US.UTF-8: + enabled: true + default: true + cs_CZ.UTF-8: + enabled: true + limit: + default: + enabled: true + domain: "*" + limits: + - type: hard + item: nofile + value: 307200 + - type: soft + item: nofile + value: 307200 + - type: soft + item: nproc + value: 307200 + - type: hard + item: nproc + value: 307200 diff --git a/mcp/reclass/classes/system/linux/system/sudo.yml b/mcp/reclass/classes/system/linux/system/sudo.yml new file mode 100644 index 000000000..1668c1277 --- /dev/null +++ b/mcp/reclass/classes/system/linux/system/sudo.yml @@ -0,0 +1,43 @@ +parameters: + _param: + sudo_shells: + - /bin/sh + - /bin/ksh + - /bin/bash + - /bin/rbash + - /bin/dash + - /bin/zsh + - /bin/csh + - /bin/fish + - /bin/tcsh + - /usr/bin/login + - /usr/bin/su + - /usr/su + sudo_restricted_su: + - /bin/vi* /etc/sudoers* + - /bin/nano /etc/sudoers* + - /bin/emacs /etc/sudoers* + - /bin/su - root + - /bin/su - + - /bin/su + - /usr/sbin/visudo + sudo_coreutils_safe: + - /usr/bin/less + sudo_rabbitmq_safe: + - /usr/sbin/rabbitmqctl status + - /usr/sbin/rabbitmqctl cluster_status + - /usr/sbin/rabbitmqctl list_queues* + sudo_salt_safe: + - /usr/bin/salt * state* + - /usr/bin/salt * service* + - /usr/bin/salt * pillar* + - /usr/bin/salt * grains* + - /usr/bin/salt * saltutil* + - /usr/bin/salt * test.ping + - /usr/bin/salt-call state* + - /usr/bin/salt-call service* + - /usr/bin/salt-call pillar* + - /usr/bin/salt-call grains* + - /usr/bin/salt-call saltutil* + sudo_salt_trusted: + - /usr/bin/salt* -- cgit 1.2.3-korg