From d852bc0ab9ee5ce0ba4c92b08981b980440a72e3 Mon Sep 17 00:00:00 2001 From: Martin Horak Date: Wed, 5 Sep 2018 08:18:51 +0200 Subject: [PATCH 1/5] Fix obsolete parameter. --- linux/system/repo.sls | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/linux/system/repo.sls b/linux/system/repo.sls index dd41afe6..9a602ec1 100644 --- a/linux/system/repo.sls +++ b/linux/system/repo.sls @@ -113,7 +113,7 @@ linux_repo_{{ name }}_key: {%- if repo.get('enabled', True) %} linux_repo_{{ name }}: pkgrepo.managed: - - refresh_db: False + - refresh: False - require_in: - refresh_db {%- if repo.ppa is defined %} @@ -146,7 +146,7 @@ linux_repo_{{ name }}: {%- else %} linux_repo_{{ name }}: pkgrepo.absent: - - refresh_db: False + - refresh: False - require: - file: /etc/apt/apt.conf.d/99proxies-salt-{{ name }} - require_in: @@ -177,7 +177,7 @@ linux_repo_{{ name }}: {%- if not repo.get('default', False) %} linux_repo_{{ name }}: pkgrepo.managed: - - refresh_db: False + - refresh: False - require_in: - refresh_db - name: {{ name }} @@ -194,7 +194,7 @@ linux_repo_{{ name }}: {%- endif %} {%- else %} pkgrepo.absent: - - refresh_db: False + - refresh: False - require_in: - refresh_db - name: {{ repo.source }} From 31dbc2fb251d452dc7a1b85b90a7a7eb0dbd3bcf Mon Sep 17 00:00:00 2001 From: Martin Horak Date: Wed, 19 Sep 2018 10:39:59 +0200 Subject: [PATCH 2/5] Backward compatibility with older salt. --- linux/system/repo.sls | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/linux/system/repo.sls b/linux/system/repo.sls index 9a602ec1..fa4c2800 100644 --- a/linux/system/repo.sls +++ b/linux/system/repo.sls @@ -113,7 +113,11 @@ linux_repo_{{ name }}_key: {%- if repo.get('enabled', True) %} linux_repo_{{ name }}: pkgrepo.managed: + {%- if salt['grains.get']('saltversion') < '2018.3' %} + - refresh_db: False + {%- else %} - refresh: False + {%- endif %} - require_in: - refresh_db {%- if repo.ppa is defined %} @@ -146,7 +150,11 @@ linux_repo_{{ name }}: {%- else %} linux_repo_{{ name }}: pkgrepo.absent: + {%- if salt['grains.get']('saltversion') < '2018.3' %} + - refresh_db: False + {%- else %} - refresh: False + {%- endif %} - require: - file: /etc/apt/apt.conf.d/99proxies-salt-{{ name }} - require_in: @@ -177,7 +185,11 @@ linux_repo_{{ name }}: {%- if not repo.get('default', False) %} linux_repo_{{ name }}: pkgrepo.managed: + {%- if salt['grains.get']('saltversion') < '2018.3' %} + - refresh_db: False + {%- else %} - refresh: False + {%- endif %} - require_in: - refresh_db - name: {{ name }} @@ -194,7 +206,11 @@ linux_repo_{{ name }}: {%- endif %} {%- else %} pkgrepo.absent: + {%- if salt['grains.get']('saltversion') < '2018.3' %} + - refresh_db: False + {%- else %} - refresh: False + {%- endif %} - require_in: - refresh_db - name: {{ repo.source }} From cf25288f9ad8582410b2f1ea23dfca8ae4680e8f Mon Sep 17 00:00:00 2001 From: Martin Horak Date: Fri, 3 Aug 2018 14:24:05 +0200 Subject: [PATCH 3/5] Changes in user management: - Allow to specify primary gid for user - Use user.name field for setting linux username - Allow non-unique uids - Workaround file.directory bug for non-unique uids - Allow system users (Choose UID in the range of FIRST_SYSTEM_UID and LAST_SYSTEM_UID) --- README.rst | 10 ++++++++++ linux/system/user.sls | 34 +++++++++++++++++++--------------- 2 files changed, 29 insertions(+), 15 deletions(-) diff --git a/README.rst b/README.rst index cd9d5c22..c8a6e77d 100644 --- a/README.rst +++ b/README.rst @@ -70,6 +70,16 @@ Linux with system users, some with password set: full_name: 'With hased password' home: '/home/elizabeth' password: "$6$nUI7QEz3$dFYjzQqK5cJ6HQ38KqG4gTWA9eJu3aKx6TRVDFh6BVJxJgFWg2akfAA7f1fCxcSUeOJ2arCO6EEI6XXnHXxG10" + someserv: + name: 'someservice' + enabled: true + full_name: 'Some super service owner' + home: '/usr/lib/someservice' + home_dir_mode: 700 + system:true + unique: false + uid: 0 + gid: 0 Configure password expiration parameters ---------------------------------------- diff --git a/linux/system/user.sls b/linux/system/user.sls index 42086d5a..7b9a02b1 100644 --- a/linux/system/user.sls +++ b/linux/system/user.sls @@ -16,16 +16,16 @@ include: {%- endfor %} {%- if user.gid is not defined %} -system_group_{{ name }}: +system_group_{{ user.name }}: group.present: - - name: {{ name }} + - name: {{ user.name }} - require_in: - - user: system_user_{{ name }} + - user: system_user_{{ user.name }} {%- endif %} -system_user_{{ name }}: +system_user_{{ user.name }}: user.present: - - name: {{ name }} + - name: {{ user.name }} - home: {{ user.home }} {% if user.get('password') == False %} - enforce_password: false @@ -51,7 +51,7 @@ system_user_{{ name }}: {%- else %} - shell: {{ user.get('shell', '/bin/bash') }} {%- endif %} - {%- if user.uid is defined and user.uid %} + {%- if user.uid is defined %} - uid: {{ user.uid }} {%- endif %} {%- if user.unique is defined %} @@ -74,15 +74,19 @@ system_user_{{ name }}: system_user_home_{{ user.home }}: file.directory: - name: {{ user.home }} - - user: {{ name }} + {%- if user.uid is defined and user.uid == 0 %} + - user: root + {%- else %} + - user: {{ user.name }} + {%- endif %} - mode: {{ user.get('home_dir_mode', 700) }} - makedirs: true - require: - - user: system_user_{{ name }} + - user: system_user_{{ user.name }} {%- if user.get('sudo', False) %} -/etc/sudoers.d/90-salt-user-{{ name|replace('.', '-') }}: +/etc/sudoers.d/90-salt-user-{{ user.name|replace('.', '-') }}: file.managed: - source: salt://linux/files/sudoer - template: jinja @@ -90,29 +94,29 @@ system_user_home_{{ user.home }}: - group: root - mode: 440 - defaults: - user_name: {{ name }} + user_name: {{ user.name }} - require: - - user: system_user_{{ name }} + - user: system_user_{{ user.name }} - check_cmd: /usr/sbin/visudo -c -f {%- else %} -/etc/sudoers.d/90-salt-user-{{ name|replace('.', '-') }}: +/etc/sudoers.d/90-salt-user-{{ user.name|replace('.', '-') }}: file.absent {%- endif %} {%- else %} -system_user_{{ name }}: +system_user_{{ user.name }}: user.absent: - - name: {{ name }} + - name: {{ user.name }} system_user_home_{{ user.home }}: file.absent: - name: {{ user.home }} -/etc/sudoers.d/90-salt-user-{{ name|replace('.', '-') }}: +/etc/sudoers.d/90-salt-user-{{ user.name|replace('.', '-') }}: file.absent {%- endif %} From 15cb5ce44ee0c309a384d2037e967c3230b502ce Mon Sep 17 00:00:00 2001 From: Martin Horak Date: Wed, 24 Oct 2018 12:55:45 +0200 Subject: [PATCH 4/5] added native ovs bonding --- README.rst | 12 ++++++++++++ linux/network/interface.sls | 6 ++++++ tests/pillar/network_openvswitch.sls | 7 +++++++ 3 files changed, 25 insertions(+) diff --git a/README.rst b/README.rst index c8a6e77d..e02b531a 100644 --- a/README.rst +++ b/README.rst @@ -1478,6 +1478,18 @@ Open vSwitch Bridges: ovs_bridge: br-ens7 bridge: br-ens7 +Open vSwitch native bond: + +.. code-block:: yaml + + bond1: + enabled: true + type: ovs_bond + mode: balance-slb + bridge: br-ex + slaves: ${_param:interface_3} ${_param:interface_4} + + Debian manual proto interfaces When you are changing interface proto from static in up state diff --git a/linux/network/interface.sls b/linux/network/interface.sls index a39fc371..aa21757e 100644 --- a/linux/network/interface.sls +++ b/linux/network/interface.sls @@ -109,6 +109,12 @@ add_int_{{ int_name }}_to_ovs_bridge_{{ interface_name }}: {%- endfor %} +{%- elif interface.type == 'ovs_bond' %} +ovs_bond_{{ interface_name }}: + cmd.run: + - name: ovs-vsctl add-bond {{ interface.bridge }} {{ interface_name }} {{ interface.slaves }} bond_mode={{ interface.mode }} + - unless: ovs-vsctl show | grep -A 2 'Port.*{{ interface_name }}.' + {%- elif interface.type == 'ovs_port' %} {%- if interface.get('port_type','internal') == 'patch' %} diff --git a/tests/pillar/network_openvswitch.sls b/tests/pillar/network_openvswitch.sls index 80c482ac..e7b51f4c 100644 --- a/tests/pillar/network_openvswitch.sls +++ b/tests/pillar/network_openvswitch.sls @@ -48,3 +48,10 @@ linux: type: ovs_port ovs_bridge: br-ens0 bridge: br-ens0 + bond1: + enabled: true + type: ovs_bond + mode: balance-slb + bridge: br-ex + slaves: eno3 eno4 + From a724a54bb874f2cdb282c3b10f36274a56d19ac5 Mon Sep 17 00:00:00 2001 From: Martin Horak Date: Wed, 24 Oct 2018 14:07:01 +0200 Subject: [PATCH 5/5] updated README.rst --- README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.rst b/README.rst index e02b531a..55652532 100644 --- a/README.rst +++ b/README.rst @@ -1487,7 +1487,7 @@ Open vSwitch native bond: type: ovs_bond mode: balance-slb bridge: br-ex - slaves: ${_param:interface_3} ${_param:interface_4} + slaves: eno3 eno4 Debian manual proto interfaces