ss-archive / salt-states Goto Github PK
View Code? Open in Web Editor NEWCollection of salt state files for use and testing
Home Page: http://saltstack.org
salt-states's Issues
iptables args given in wrong order
state declaration:
iptables.insert:
- table: filter
- chain: INPUT
- position: 1
- protocol: tcp
- dport: 22
- match: state
- connstate: NEW,ESTABLISHED
- jump: ACCEPT
- save: True
Fails with:
Function: iptables.insert
Result: False
Comment: Failed to set iptables rule for openssh.
Attempted rule was iptables -t filter -I INPUT 1 -m state --state NEW,ESTABLISHED --dport 22 --protocol tcp --jump ACCEPT
Changes:
The generated command line should give --protocol before --dport, e.g.
tables -t filter -I INPUT 1 -m state --state NEW,ESTABLISHED --protocol tcp --dport 22 --jump ACCEPT would work.
`apt-key` behind a fire-wall
I tried to install the mongodb-10gen state for a dev vm, and quickly realized that apt-key retrieves it's keys via port 11371, which was blocked by my corp. proxy.
The work-around was to use hkp://keyserver.ubuntu.com:80 instead of keyserver.ubuntu.com in the keyserver argument.
There are two references to apt-key in the "small" state:
small/lamp-drupal/init.slssmall/mongodb-10gen/init.sls
I'm not sure what this does in terms of security; but if you don't see any issue with this, I'll submit a pull-request.
Possible documentation bug for states.file.managed
Salt version: 0.9.7
After spending a considerable amount of time tonight troubleshooting a file.managed state using the example here as a guide, I finally took a look at the salt-states repo and noticed that the syntax is different.
If you look at the info on RTD, it tells you to define your "context" area like so:
- context:
custom_var: "override"
However, in the LDAP example from salt-states there is a difference. Here, it appears that curly braces and commas are needed, making it more of a python dictionary than actual YAML syntax.
The method from RTD never worked for me, but using the syntax from the salt-states repo did work.
Can anyone else reproduce the issue i am experiencing? In case it matters, the "context" section I was trying to define is within an if / elif jinja block, which itself is within a jinja for loop. I haven't tried it without the loop yet, so I don't know if being two levels deep in jinja flow control statements would have any impact. And it is 4am, so I am barely coherent enough to file this issue right now, let alone test things like this. :)
Will try to reproduce without the loop tomorrow.
I can't find my lamp-stack
I submitted a lamp-stack previously: 66a4c83
But I can't find it now since the recent cleanup that herlo did. Am I missing it somewhere? I looked back through the commits and can't tell where it was even moved or deleted.
Missing LICENSE/COPYING
prereq checker causes an exception
Prereq checker fails in 2014.1.5.
I know that this creates a recursion loop, but running this with 'require' instead of 'prereq' fails with a "Recursive requisite found" error, instead of the exception noted below.
$ cat ./dev/scr/init.sls
scratch:
file.directory:
- name: '/scr'
- user: root
- group: psgvb
- mode: 2770
- prereq:
- file: '/scr'
Output from running the state:
$ sudo salt '*' state.sls saltenv=dev scr test=True
pdx-cent6-salt.schrodinger.com:
The minion function caused an exception: Traceback (most recent call last):
File "/usr/lib/python2.6/site-packages/salt/minion.py", line 796, in _thread_return
return_data = func(*args, **kwargs)
File "/usr/lib/python2.6/site-packages/salt/modules/state.py", line 394, in sls
ret = st_.state.call_high(high_)
File "/usr/lib/python2.6/site-packages/salt/state.py", line 1713, in call_high
ret = self.call_chunks(chunks)
File "/usr/lib/python2.6/site-packages/salt/state.py", line 1437, in call_chunks
running = self.call_chunk(low, running, chunks)
File "/usr/lib/python2.6/site-packages/salt/state.py", line 1639, in call_chunk
running = self.call_chunk(chunk, running, chunks)
File "/usr/lib/python2.6/site-packages/salt/state.py", line 1639, in call_chunk
running = self.call_chunk(chunk, running, chunks)
...
File "/usr/lib/python2.6/site-packages/salt/state.py", line 1639, in call_chunk
running = self.call_chunk(chunk, running, chunks)
File "/usr/lib/python2.6/site-packages/salt/state.py", line 1564, in call_chunk
status = self.check_requisite(low, running, chunks)
File "/usr/lib/python2.6/site-packages/salt/state.py", line 1482, in check_requisite
req = trim_req(req)
File "/usr/lib/python2.6/site-packages/salt/state.py", line 94, in trim_req
reqfirst = next(iter(req))
RuntimeError: maximum recursion depth exceeded while calling a Python object
The show_sls output:
$ sudo salt '*' state.show_sls saltenv=dev scr test=True
pdx-cent6-salt.schrodinger.com:
----------
scratch:
----------
__env__:
dev
__sls__:
scr
file:
----------
- name:
/scr
----------
- user:
root
----------
- group:
psgvb
----------
- mode:
2770
----------
- prereq:
----------
- file:
/scr
- directory
----------
- order:
10000
Merge all formulas with the specifc repository in the new formula org
Packages which do not install on Ubuntu
This is on AWS using state.highstate on ami-137bcf7a:
State: - pkg
Name: openldap-servers
Function: installed
Result: False
Comment: Package openldap-servers failed to install
Changes:
State: - pkg
Name: openldap-clients
Function: installed
Result: False
Comment: Package openldap-clients failed to install
Changes:
State: - file
Name: /etc/ldap/ldap.conf
Function: managed
Result: False
Comment: One or more requisite failed
Changes:
State: - pkg
Name: openssh
Function: installed
Result: False
Comment: Package openssh failed to install
Changes:
State: - pkg
Name: python-typepad
Function: installed
Result: False
Comment: Package python-typepad failed to install
Changes:
Need to research the correct package names to use for these.
Man pages are out of date.
From man salt-cloud:
--raw-out
Print the output from the salt command in raw python form, this is suitable for re-reading the output into an executing python script with eval.
--text-out
Print the output from the salt command in the same form the shell would.
--yaml-out
Print the output from the salt command in yaml.
--json-out
Print the output from the salt command in json.
--no-color
Disable all colored output.
But salt-cloud -Q --json-out fails:
$ salt-cloud -Q --json-out
Usage: salt-cloud
salt-cloud: error: no such option: --json-out
From salt-cloud -h:
Output Options:
Configure your preferred output format
--out=OUTPUT, --output=OUTPUT
Print the output from the 'salt-cloud' command using
the specified outputter. The builtins are 'no_return',
'grains', 'yaml', 'overstatestage', 'json', 'pprint',
'nested', 'raw', 'highstate', 'quiet', 'key', 'txt',
'virt_query'.
--out-indent=OUTPUT_INDENT, --output-indent=OUTPUT_INDENT
Print the output indented by the provided value in
spaces. Negative values disables indentation. Only
applicable in outputters that support indentation.
--no-color, --no-colour
Disable all colored output
--out=json does work.
top.sls calls "- redhat" when checking for "os:CentOS" redhat folder and / or sls file is missing.
causes
Data failed to compile:
No matching sls found for 'redhat' in env 'base'
removing this line does fix the problem, obviously.
Link to the cheph's quick start
It's been changed to
http://eu.ceph.com/docs/wip-6919/start/quick-start/
Some of Opengeo packages are named improperly
It seems I rushed through committing this one. Some of the package names don't exist.
I'll be updating these soon so that they all work.
feature request: ability to set a default returner for all state runs
Hi,
I would like to get salt events (state executions & their results, module executions, etc..) into getsentry, and see that a returner can be configured for sentry, but fwict it requires that every state run include the option, '--return sentry'. My goal here is to enable our development and operations teams to see what states have run, when, their results regardless of whether it was kicked off by a scheduler, or executed on the command line. I don't want to require '--return sentry' for every command line run. If this isn't possible already, I would like to file it as a feature request.
Thanks in advance!
Traceback failure occurs and lock ups of minions, yet will usuall run perfectly the next time.
Running a high state
Failed run
ID: vm.swappiness
Function: sysctl.present
Result: True
Comment: Updated sysctl value vm.swappiness = 20
Changes:
----------
vm.swappiness:
20
ID: net.ipv4.conf.all.log_martians
Function: sysctl.present
Result: True
Comment: Updated sysctl value net.ipv4.conf.all.log_martians = 1
Changes:
----------
net.ipv4.conf.all.log_martians:
1
ID: net.ipv4.conf.default.log_martians
Function: sysctl.present
Result: True
Comment: Updated sysctl value net.ipv4.conf.default.log_martians = 1
Changes:
----------
net.ipv4.conf.default.log_martians:
1
ID: net.ipv4.ip_forward
Function: sysctl.present
Result: True
Comment: Sysctl value net.ipv4.ip_forward = 0 is already set
Changes:
ID: net.ipv4.route.flush
Function: sysctl.present
Result: True
Comment: Updated sysctl value net.ipv4.route.flush = 1
Changes:
----------
net.ipv4.route.flush:
1
ID: net.ipv4.conf.all.send_redirects
Function: sysctl.present
Result: True
Comment: Updated sysctl value net.ipv4.conf.all.send_redirects = 0
Changes:
----------
net.ipv4.conf.all.send_redirects:
0
ID: net.ipv4.conf.default.send_redirects
Function: sysctl.present
Result: True
Comment: Updated sysctl value net.ipv4.conf.default.send_redirects = 0
Changes:
----------
net.ipv4.conf.default.send_redirects:
0
ID: net.ipv4.conf.all.accept_source_route
Function: sysctl.present
Result: True
Comment: Updated sysctl value net.ipv4.conf.all.accept_source_route = 0
Changes:
----------
net.ipv4.conf.all.accept_source_route:
0
ID: net.ipv4.conf.default.accept_source_route
Function: sysctl.present
Result: True
Comment: Sysctl value net.ipv4.conf.default.accept_source_route = 0 is already set
Changes:
ID: net.ipv4.conf.all.secure_redirects
Function: sysctl.present
Result: True
Comment: Updated sysctl value net.ipv4.conf.all.secure_redirects = 0
Changes:
----------
net.ipv4.conf.all.secure_redirects:
0
ID: net.ipv4.conf.default.secure_redirects
Function: sysctl.present
Result: True
Comment: Updated sysctl value net.ipv4.conf.default.secure_redirects = 0
Changes:
----------
net.ipv4.conf.default.secure_redirects:
0
ID: net.ipv4.icmp_echo_ignore_broadcasts
Function: sysctl.present
Result: True
Comment: Updated sysctl value net.ipv4.icmp_echo_ignore_broadcasts = 1
Changes:
----------
net.ipv4.icmp_echo_ignore_broadcasts:
1
ID: net.ipv4.icmp_ignore_bogus_error_responses
Function: sysctl.present
Result: True
Comment: Updated sysctl value net.ipv4.icmp_ignore_bogus_error_responses = 1
Changes:
----------
net.ipv4.icmp_ignore_bogus_error_responses:
1
ID: net.ipv4.conf.all.rp_filter
Function: sysctl.present
Result: True
Comment: Updated sysctl value net.ipv4.conf.all.rp_filter = 1
Changes:
----------
net.ipv4.conf.all.rp_filter:
1
ID: net.ipv4.conf.default.rp_filter
Function: sysctl.present
Result: True
Comment: Sysctl value net.ipv4.conf.default.rp_filter = 1 is already set
Changes:
ID: net.ipv4.tcp_syncookies
Function: sysctl.present
Result: True
Comment: Sysctl value net.ipv4.tcp_syncookies = 1 is already set
Changes:
ID: net.ipv6.conf.all.accept_ra
Function: sysctl.present
Result: False
Comment: An exception occurred in this state: Traceback (most recent call last):
File "/usr/lib/python2.6/site-packages/salt/state.py", line 1379, in call
**cdata['kwargs'])
File "/usr/lib/python2.6/site-packages/salt/states/sysctl.py", line 72, in present
update = __salt__['sysctl.persist'](name, value, config)
File "/usr/lib/python2.6/site-packages/salt/modules/linux_sysctl.py", line 226, in persist
assign(name, value)
File "/usr/lib/python2.6/site-packages/salt/modules/linux_sysctl.py", line 118, in assign
raise CommandExecutionError('sysctl {0} does not exist'.format(name))
CommandExecutionError: sysctl net.ipv6.conf.all.accept_ra does not exist
Changes:
ID: net.ipv6.conf.default.accept_ra
Function: sysctl.present
Result: False
Comment: An exception occurred in this state: Traceback (most recent call last):
File "/usr/lib/python2.6/site-packages/salt/state.py", line 1379, in call
**cdata['kwargs'])
File "/usr/lib/python2.6/site-packages/salt/states/sysctl.py", line 72, in present
update = __salt__['sysctl.persist'](name, value, config)
File "/usr/lib/python2.6/site-packages/salt/modules/linux_sysctl.py", line 226, in persist
assign(name, value)
File "/usr/lib/python2.6/site-packages/salt/modules/linux_sysctl.py", line 118, in assign
raise CommandExecutionError('sysctl {0} does not exist'.format(name))
CommandExecutionError: sysctl net.ipv6.conf.default.accept_ra does not exist
Changes:
ID: net.ipv6.conf.default.accept_redirects
Function: sysctl.present
Result: False
Comment: An exception occurred in this state: Traceback (most recent call last):
File "/usr/lib/python2.6/site-packages/salt/state.py", line 1379, in call
**cdata['kwargs'])
File "/usr/lib/python2.6/site-packages/salt/states/sysctl.py", line 72, in present
update = __salt__['sysctl.persist'](name, value, config)
File "/usr/lib/python2.6/site-packages/salt/modules/linux_sysctl.py", line 226, in persist
assign(name, value)
File "/usr/lib/python2.6/site-packages/salt/modules/linux_sysctl.py", line 118, in assign
raise CommandExecutionError('sysctl {0} does not exist'.format(name))
CommandExecutionError: sysctl net.ipv6.conf.default.accept_redirects does not exist
Changes:
ID: net.ipv6.conf.all.accept_redirects
Function: sysctl.present
Result: False
Comment: An exception occurred in this state: Traceback (most recent call last):
File "/usr/lib/python2.6/site-packages/salt/state.py", line 1379, in call
**cdata['kwargs'])
File "/usr/lib/python2.6/site-packages/salt/states/sysctl.py", line 72, in present
update = __salt__['sysctl.persist'](name, value, config)
File "/usr/lib/python2.6/site-packages/salt/modules/linux_sysctl.py", line 226, in persist
assign(name, value)
File "/usr/lib/python2.6/site-packages/salt/modules/linux_sysctl.py", line 118, in assign
raise CommandExecutionError('sysctl {0} does not exist'.format(name))
CommandExecutionError: sysctl net.ipv6.conf.all.accept_redirects does not exist
Changes:
ID: fs.suid_dumpable
Function: sysctl.present
Result: True
Comment: Updated sysctl value fs.suid_dumpable = 0
Changes:
----------
fs.suid_dumpable:
0
ID: kernel.exec-shield
Function: sysctl.present
Result: True
Comment: Updated sysctl value kernel.exec-shield = 1
Changes:
----------
kernel.exec-shield:
1
ID: kernel.randomize_va_space
Function: sysctl.present
Result: True
Comment: Updated sysctl value kernel.randomize_va_space = 2
Changes:
----------
kernel.randomize_va_space:
2
ID: ipv6_setup
Function: cmd.script
Result: True
Comment: Command 'ipv6_setup' run
Changes:
----------
pid:
26704
retcode:
0
stderr:
stdout:
ID: semanage
Function: pkg.installed
Result: True
Comment: All specified packages are already installed.
Changes:
ID: ssh_setup
Function: cmd.script
Result: True
Comment: Command 'ssh_setup' run
Changes:
----------
pid:
26728
retcode:
0
stderr:
stdout:
Stopping sshd: [ OK ]
Starting sshd: [ OK ]
ID: ssh-semanage
Function: cmd.run
Name: semanage port -a -t ssh_port_t -p tcp 10
Result: False
Comment: Command "semanage port -a -t ssh_port_t -p tcp 10" run
Changes:
----------
pid:
26761
retcode:
1
stderr:
/usr/sbin/semanage: Port tcp/10 already defined
stdout:
ID: /etc/rsyslog.conf
Function: file.managed
Result: True
Comment: File /etc/rsyslog.conf updated
Changes:
----------
diff:
---
+++
@@ -76,7 +76,6 @@
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
#*.* @@remote-host:514
# ### end of the forwarding rule ###
-*.* @130.195.85.202
#2012-04-27-AS
local3.* /var/log/rhn/jabberd.log
ID: rsyslog-restart
Function: cmd.run
Name: service rsyslog restart
Result: True
Comment: Command "service rsyslog restart" run
Changes:
----------
pid:
26772
retcode:
0
stderr:
stdout:
Shutting down system logger: [ OK ]
Starting system logger: [ OK ]
ID: sudo_ipa_setup
Function: cmd.script
Result: True
Comment: Command 'sudo_ipa_setup' run
Changes:
----------
pid:
26810
retcode:
0
stderr:
stdout:
ID: /etc/sudo-ldap.conf
Function: file.managed
Result: True
Comment: File /etc/sudo-ldap.conf updated
Changes:
----------
diff:
---
+++
@@ -1,86 +1,12 @@
-## BINDDN DN
-## The BINDDN parameter specifies the identity, in the form of a Dis‐
-## tinguished Name (DN), to use when performing LDAP operations. If
-## not specified, LDAP operations are performed with an anonymous
-## identity. By default, most LDAP servers will allow anonymous
-## access.
-##
-#binddn uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com
+uri ldap://vuwunicoipam001.ods.vuw.ac.nz ldap://vuwunicoipam002.ods.vuw.ac.nz ldap://vuwunicoipam003.ods.vuw.ac.nz
+ldap_version 3
+sudoers_base ou=SUDOers,dc=ods,dc=vuw,dc=ac,dc=nz
+binddn uid=sudo,cn=sysaccounts,cn=etc,dc=ods,dc=vuw,dc=ac,dc=nz
+bindpw www.apac.c0m
+bind_timelimit 5000
+timelimt 15
+ssl start_tls
+tls_checkpeer (yes)
+tls_cacertfile /etc/ipa/ca.crt
+sudoers_debug 2
-## BINDPW secret
-## The BINDPW parameter specifies the password to use when performing
-## LDAP operations. This is typically used in conjunction with the
-## BINDDN parameter.
-##
-#bindpw secret
-
-## SSL start_tls
-## If the SSL parameter is set to start_tls, the LDAP server connec‐
-## tion is initiated normally and TLS encryption is begun before the
-## bind credentials are sent. This has the advantage of not requiring
-## a dedicated port for encrypted communications. This parameter is
-## only supported by LDAP servers that honor the start_tls extension,
-## such as the OpenLDAP and Tivoli Directory servers.
-##
-#ssl start_tls
-
-## TLS_CACERTFILE file name
-## The path to a certificate authority bundle which contains the cer‐
-## tificates for all the Certificate Authorities the client knows to
-## be valid, e.g. /etc/ssl/ca-bundle.pem. This option is only sup‐
-## ported by the OpenLDAP libraries. Netscape-derived LDAP libraries
-## use the same certificate database for CA and client certificates
-## (see TLS_CERT).
-##
-#tls_cacertfile /path/to/CA.crt
-
-## TLS_CHECKPEER on/true/yes/off/false/no
-## If enabled, TLS_CHECKPEER will cause the LDAP server's TLS certifi‐
-## cated to be verified. If the server's TLS certificate cannot be
-## verified (usually because it is signed by an unknown certificate
-## authority), sudo will be unable to connect to it. If TLS_CHECKPEER
-## is disabled, no check is made. Note that disabling the check cre‐
-## ates an opportunity for man-in-the-middle attacks since the
-## server's identity will not be authenticated. If possible, the CA's
-## certificate should be installed locally so it can be verified.
-## This option is not supported by the Tivoli Directory Server LDAP
-## libraries.
-#tls_checkpeer yes
-
-##
-## URI ldap[s]://[hostname[:port]] ...
-## Specifies a whitespace-delimited list of one or more
-## URIs describing the LDAP server(s) to connect to.
-##
-#uri ldap://ldapserver
-
-##
-## SUDOERS_BASE base
-## The base DN to use when performing sudo LDAP queries.
-## Multiple SUDOERS_BASE lines may be specified, in which
-## case they are queried in the order specified.
-##
-#sudoers_base ou=SUDOers,dc=example,dc=com
-
-##
-## BIND_TIMELIMIT seconds
-## The BIND_TIMELIMIT parameter specifies the amount of
-## time to wait while trying to connect to an LDAP server.
-##
-#bind_timelimit 30
-
-##
-## TIMELIMIT seconds
-## The TIMELIMIT parameter specifies the amount of time
-## to wait for a response to an LDAP query.
-##
-#timelimit 30
-
-##
-## SUDOERS_DEBUG debug_level
-## This sets the debug level for sudo LDAP queries. Debugging
-## information is printed to the standard error. A value of 1
-## results in a moderate amount of debugging information.
-## A value of 2 shows the results of the matches themselves.
-##
-#sudoers_debug 1
mode:
0440
ID: nis_ipa_setup
Function: cmd.script
Result: True
Comment: Command 'nis_ipa_setup' run
Changes:
----------
pid:
26841
retcode:
0
stderr:
stdout:
ID: /etc/rc.d/rc.local
Function: file.managed
Result: True
Comment: File /etc/rc.d/rc.local is in the correct state
Changes:
ID: iptables
Function: service.dead
Result: True
Comment: Service iptables has been disabled, and is dead
Changes:
----------
iptables:
True
ID: snmp
Function: pkg.installed
Result: True
Comment: The following packages were installed/updated: net-snmp.
Changes:
----------
net-snmp:
----------
new:
5.5-49.el6_5.1
old:
webmin:
----------
new:
1.690-1
old:
1.580-1
ID: /etc/snmp/snmpd.conf
Function: file.managed
Result: True
Comment: File /etc/snmp/snmpd.conf updated
Changes:
----------
diff:
---
+++
@@ -38,7 +38,10 @@
# First, map the community name "public" into a "security name"
# sec.name source community
-com2sec notConfigUser default public
+#com2sec notConfigUser default public
+com2sec notConfigUser 10.120.100.10/32 m0n1t0r
+access notConfigGroup "" any noauth exact all all none
+view all included .1
####
# Second, map the security name into a group name:
@@ -321,6 +324,9 @@
# Check the / partition and make sure it contains at least 10 megs.
#disk / 10000
+disk /var 10%
+disk /var/log 10%
+disk /oracle 10%
# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.9
# enterprises.ucdavis.diskTable.dskEntry.diskIndex.1 = 0
@@ -350,6 +356,7 @@
# Check for loads:
#load 12 14 14
+load
# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.10
# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.1 = 1
mode:
0400
ID: snmpd
Function: service.running
Result: True
Comment: Service snmpd has been enabled, and is running
Changes:
----------
snmpd:
True
Summary
Succeeded: 68
Failed: 5
Total: 73
-bash-4.1# ls -l
Perfect run
-bash-4.1# salt -l debug -t 3600 vuwunicoojst002.ods.vuw.ac.nz state.sls sysctl
[DEBUG ] Reading configuration from /etc/salt/master
[DEBUG ] Missing configuration file: /root/.saltrc
[DEBUG ] Configuration file path: /etc/salt/master
[DEBUG ] Reading configuration from /etc/salt/master
[DEBUG ] Missing configuration file: /root/.saltrc
[DEBUG ] LocalClientEvent PUB socket URI: ipc:///var/run/salt/master/master_event_pub.ipc
[DEBUG ] LocalClientEvent PULL socket URI: ipc:///var/run/salt/master/master_event_pull.ipc
[DEBUG ] Loaded no_out as virtual quiet
[DEBUG ] Loaded json_out as virtual json
[DEBUG ] Loaded yaml_out as virtual yaml
[DEBUG ] Loaded pprint_out as virtual pprint
vuwunicoojst002.ods.vuw.ac.nz:
ID: vm.swappiness
Function: sysctl.present
Result: True
Comment: Sysctl value vm.swappiness = 20 is already set
Changes:
ID: net.ipv4.conf.all.log_martians
Function: sysctl.present
Result: True
Comment: Sysctl value net.ipv4.conf.all.log_martians = 1 is already set
Changes:
ID: net.ipv4.conf.default.log_martians
Function: sysctl.present
Result: True
Comment: Sysctl value net.ipv4.conf.default.log_martians = 1 is already set
Changes:
ID: net.ipv4.ip_forward
Function: sysctl.present
Result: True
Comment: Sysctl value net.ipv4.ip_forward = 0 is already set
Changes:
ID: net.ipv4.route.flush
Function: sysctl.present
Result: True
Comment: Sysctl value net.ipv4.route.flush = 1 is already set
Changes:
ID: net.ipv4.conf.all.send_redirects
Function: sysctl.present
Result: True
Comment: Sysctl value net.ipv4.conf.all.send_redirects = 0 is already set
Changes:
ID: net.ipv4.conf.default.send_redirects
Function: sysctl.present
Result: True
Comment: Sysctl value net.ipv4.conf.default.send_redirects = 0 is already set
Changes:
ID: net.ipv4.conf.all.accept_source_route
Function: sysctl.present
Result: True
Comment: Sysctl value net.ipv4.conf.all.accept_source_route = 0 is already set
Changes:
ID: net.ipv4.conf.default.accept_source_route
Function: sysctl.present
Result: True
Comment: Sysctl value net.ipv4.conf.default.accept_source_route = 0 is already set
Changes:
ID: net.ipv4.conf.all.secure_redirects
Function: sysctl.present
Result: True
Comment: Sysctl value net.ipv4.conf.all.secure_redirects = 0 is already set
Changes:
ID: net.ipv4.conf.default.secure_redirects
Function: sysctl.present
Result: True
Comment: Sysctl value net.ipv4.conf.default.secure_redirects = 0 is already set
Changes:
ID: net.ipv4.icmp_echo_ignore_broadcasts
Function: sysctl.present
Result: True
Comment: Sysctl value net.ipv4.icmp_echo_ignore_broadcasts = 1 is already set
Changes:
ID: net.ipv4.icmp_ignore_bogus_error_responses
Function: sysctl.present
Result: True
Comment: Sysctl value net.ipv4.icmp_ignore_bogus_error_responses = 1 is already set
Changes:
ID: net.ipv4.conf.all.rp_filter
Function: sysctl.present
Result: True
Comment: Sysctl value net.ipv4.conf.all.rp_filter = 1 is already set
Changes:
ID: net.ipv4.conf.default.rp_filter
Function: sysctl.present
Result: True
Comment: Sysctl value net.ipv4.conf.default.rp_filter = 1 is already set
Changes:
ID: net.ipv4.tcp_syncookies
Function: sysctl.present
Result: True
Comment: Sysctl value net.ipv4.tcp_syncookies = 1 is already set
Changes:
ID: net.ipv6.conf.all.accept_ra
Function: sysctl.present
Result: True
Comment: Sysctl value net.ipv6.conf.all.accept_ra = 0 is already set
Changes:
ID: net.ipv6.conf.default.accept_ra
Function: sysctl.present
Result: True
Comment: Sysctl value net.ipv6.conf.default.accept_ra = 0 is already set
Changes:
ID: net.ipv6.conf.default.accept_redirects
Function: sysctl.present
Result: True
Comment: Sysctl value net.ipv6.conf.default.accept_redirects = 0 is already set
Changes:
ID: net.ipv6.conf.all.accept_redirects
Function: sysctl.present
Result: True
Comment: Sysctl value net.ipv6.conf.all.accept_redirects = 0 is already set
Changes:
ID: fs.suid_dumpable
Function: sysctl.present
Result: True
Comment: Sysctl value fs.suid_dumpable = 0 is already set
Changes:
ID: kernel.exec-shield
Function: sysctl.present
Result: True
Comment: Sysctl value kernel.exec-shield = 1 is already set
Changes:
ID: kernel.randomize_va_space
Function: sysctl.present
Result: True
Comment: Sysctl value kernel.randomize_va_space = 2 is already set
Changes:
Summary
Succeeded: 23
Failed: 0
Total: 23
-bash-4.1#
Salt master and minion are EPEL rpms from RHEL6 64 bit,
eg
salt-minion-2014.1.10-4.el6.noarch
I never saw these failures on earlier rpm versions eg 2014.1.7.x or 2014.1.5.x
vim state only addresses RedHat and Debian, not Ubuntu (or anyone else)
vim:
pkg.installed:
{% if grains['os_family'] == 'RedHat' %}
- name: vim-enhanced
{% elif grains['os'] == 'Debian' %}
- name: vim-rt
{% endif %}
Because there is no fallback default for anything else, other distros will get an error that looks like:
local:
Data failed to compile:
The state "vim" in sls vim is not formed as a list
Packages which do not install on Ubuntu
This is on AWS using state.highstate on ami-137bcf7a:
State: - pkg
Name: openldap-servers
Function: installed
Result: False
Comment: Package openldap-servers failed to install
Changes:
State: - pkg
Name: openldap-clients
Function: installed
Result: False
Comment: Package openldap-clients failed to install
Changes:
State: - file
Name: /etc/ldap/ldap.conf
Function: managed
Result: False
Comment: One or more requisite failed
Changes:
State: - pkg
Name: openssh
Function: installed
Result: False
Comment: Package openssh failed to install
Changes:
State: - pkg
Name: python-typepad
Function: installed
Result: False
Comment: Package python-typepad failed to install
Changes:
Need to research the correct package names to use for these.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.