ss-archive / salt-states Goto Github PK
View Code? Open in Web Editor NEWCollection of salt state files for use and testing
Home Page: http://saltstack.org
Collection of salt state files for use and testing
Home Page: http://saltstack.org
state declaration:
iptables.insert:
- table: filter
- chain: INPUT
- position: 1
- protocol: tcp
- dport: 22
- match: state
- connstate: NEW,ESTABLISHED
- jump: ACCEPT
- save: True
Fails with:
Function: iptables.insert
Result: False
Comment: Failed to set iptables rule for openssh.
Attempted rule was iptables -t filter -I INPUT 1 -m state --state NEW,ESTABLISHED --dport 22 --protocol tcp --jump ACCEPT
Changes:
The generated command line should give --protocol before --dport, e.g.
tables -t filter -I INPUT 1 -m state --state NEW,ESTABLISHED --protocol tcp --dport 22 --jump ACCEPT would work.
I tried to install the mongodb-10gen
state for a dev vm, and quickly realized that apt-key retrieves it's keys via port 11371, which was blocked by my corp. proxy.
The work-around was to use hkp://keyserver.ubuntu.com:80
instead of keyserver.ubuntu.com
in the keyserver argument.
There are two references to apt-key in the "small" state:
small/lamp-drupal/init.sls
small/mongodb-10gen/init.sls
I'm not sure what this does in terms of security; but if you don't see any issue with this, I'll submit a pull-request.
Salt version: 0.9.7
After spending a considerable amount of time tonight troubleshooting a file.managed state using the example here as a guide, I finally took a look at the salt-states repo and noticed that the syntax is different.
If you look at the info on RTD, it tells you to define your "context" area like so:
- context:
custom_var: "override"
However, in the LDAP example from salt-states there is a difference. Here, it appears that curly braces and commas are needed, making it more of a python dictionary than actual YAML syntax.
The method from RTD never worked for me, but using the syntax from the salt-states repo did work.
Can anyone else reproduce the issue i am experiencing? In case it matters, the "context" section I was trying to define is within an if / elif jinja block, which itself is within a jinja for loop. I haven't tried it without the loop yet, so I don't know if being two levels deep in jinja flow control statements would have any impact. And it is 4am, so I am barely coherent enough to file this issue right now, let alone test things like this. :)
Will try to reproduce without the loop tomorrow.
I submitted a lamp-stack previously: 66a4c83
But I can't find it now since the recent cleanup that herlo did. Am I missing it somewhere? I looked back through the commits and can't tell where it was even moved or deleted.
Prereq checker fails in 2014.1.5.
I know that this creates a recursion loop, but running this with 'require' instead of 'prereq' fails with a "Recursive requisite found" error, instead of the exception noted below.
$ cat ./dev/scr/init.sls
scratch:
file.directory:
- name: '/scr'
- user: root
- group: psgvb
- mode: 2770
- prereq:
- file: '/scr'
Output from running the state:
$ sudo salt '*' state.sls saltenv=dev scr test=True
pdx-cent6-salt.schrodinger.com:
The minion function caused an exception: Traceback (most recent call last):
File "/usr/lib/python2.6/site-packages/salt/minion.py", line 796, in _thread_return
return_data = func(*args, **kwargs)
File "/usr/lib/python2.6/site-packages/salt/modules/state.py", line 394, in sls
ret = st_.state.call_high(high_)
File "/usr/lib/python2.6/site-packages/salt/state.py", line 1713, in call_high
ret = self.call_chunks(chunks)
File "/usr/lib/python2.6/site-packages/salt/state.py", line 1437, in call_chunks
running = self.call_chunk(low, running, chunks)
File "/usr/lib/python2.6/site-packages/salt/state.py", line 1639, in call_chunk
running = self.call_chunk(chunk, running, chunks)
File "/usr/lib/python2.6/site-packages/salt/state.py", line 1639, in call_chunk
running = self.call_chunk(chunk, running, chunks)
...
File "/usr/lib/python2.6/site-packages/salt/state.py", line 1639, in call_chunk
running = self.call_chunk(chunk, running, chunks)
File "/usr/lib/python2.6/site-packages/salt/state.py", line 1564, in call_chunk
status = self.check_requisite(low, running, chunks)
File "/usr/lib/python2.6/site-packages/salt/state.py", line 1482, in check_requisite
req = trim_req(req)
File "/usr/lib/python2.6/site-packages/salt/state.py", line 94, in trim_req
reqfirst = next(iter(req))
RuntimeError: maximum recursion depth exceeded while calling a Python object
The show_sls output:
$ sudo salt '*' state.show_sls saltenv=dev scr test=True
pdx-cent6-salt.schrodinger.com:
----------
scratch:
----------
__env__:
dev
__sls__:
scr
file:
----------
- name:
/scr
----------
- user:
root
----------
- group:
psgvb
----------
- mode:
2770
----------
- prereq:
----------
- file:
/scr
- directory
----------
- order:
10000
This is on AWS using state.highstate on ami-137bcf7a:
State: - pkg
Name: openldap-servers
Function: installed
Result: False
Comment: Package openldap-servers failed to install
Changes:
State: - pkg
Name: openldap-clients
Function: installed
Result: False
Comment: Package openldap-clients failed to install
Changes:
State: - file
Name: /etc/ldap/ldap.conf
Function: managed
Result: False
Comment: One or more requisite failed
Changes:
State: - pkg
Name: openssh
Function: installed
Result: False
Comment: Package openssh failed to install
Changes:
State: - pkg
Name: python-typepad
Function: installed
Result: False
Comment: Package python-typepad failed to install
Changes:
Need to research the correct package names to use for these.
From man salt-cloud:
--raw-out
Print the output from the salt command in raw python form, this is suitable for re-reading the output into an executing python script with eval.
--text-out
Print the output from the salt command in the same form the shell would.
--yaml-out
Print the output from the salt command in yaml.
--json-out
Print the output from the salt command in json.
--no-color
Disable all colored output.
But salt-cloud -Q --json-out fails:
$ salt-cloud -Q --json-out
Usage: salt-cloud
salt-cloud: error: no such option: --json-out
From salt-cloud -h:
Output Options:
Configure your preferred output format
--out=OUTPUT, --output=OUTPUT
Print the output from the 'salt-cloud' command using
the specified outputter. The builtins are 'no_return',
'grains', 'yaml', 'overstatestage', 'json', 'pprint',
'nested', 'raw', 'highstate', 'quiet', 'key', 'txt',
'virt_query'.
--out-indent=OUTPUT_INDENT, --output-indent=OUTPUT_INDENT
Print the output indented by the provided value in
spaces. Negative values disables indentation. Only
applicable in outputters that support indentation.
--no-color, --no-colour
Disable all colored output
--out=json does work.
causes
No matching sls found for 'redhat' in env 'base'
removing this line does fix the problem, obviously.
It's been changed to
http://eu.ceph.com/docs/wip-6919/start/quick-start/
It seems I rushed through committing this one. Some of the package names don't exist.
I'll be updating these soon so that they all work.
Hi,
I would like to get salt events (state executions & their results, module executions, etc..) into getsentry, and see that a returner can be configured for sentry, but fwict it requires that every state run include the option, '--return sentry'. My goal here is to enable our development and operations teams to see what states have run, when, their results regardless of whether it was kicked off by a scheduler, or executed on the command line. I don't want to require '--return sentry' for every command line run. If this isn't possible already, I would like to file it as a feature request.
Thanks in advance!
Running a high state
ID: vm.swappiness
Function: sysctl.present
Result: True
Comment: Updated sysctl value vm.swappiness = 20
Changes:
----------
vm.swappiness:
20
ID: net.ipv4.conf.all.log_martians
Function: sysctl.present
Result: True
Comment: Updated sysctl value net.ipv4.conf.all.log_martians = 1
Changes:
----------
net.ipv4.conf.all.log_martians:
1
ID: net.ipv4.conf.default.log_martians
Function: sysctl.present
Result: True
Comment: Updated sysctl value net.ipv4.conf.default.log_martians = 1
Changes:
----------
net.ipv4.conf.default.log_martians:
1
ID: net.ipv4.ip_forward
Function: sysctl.present
Result: True
Comment: Sysctl value net.ipv4.ip_forward = 0 is already set
Changes:
ID: net.ipv4.route.flush
Function: sysctl.present
Result: True
Comment: Updated sysctl value net.ipv4.route.flush = 1
Changes:
----------
net.ipv4.route.flush:
1
ID: net.ipv4.conf.all.send_redirects
Function: sysctl.present
Result: True
Comment: Updated sysctl value net.ipv4.conf.all.send_redirects = 0
Changes:
----------
net.ipv4.conf.all.send_redirects:
0
ID: net.ipv4.conf.default.send_redirects
Function: sysctl.present
Result: True
Comment: Updated sysctl value net.ipv4.conf.default.send_redirects = 0
Changes:
----------
net.ipv4.conf.default.send_redirects:
0
ID: net.ipv4.conf.all.accept_source_route
Function: sysctl.present
Result: True
Comment: Updated sysctl value net.ipv4.conf.all.accept_source_route = 0
Changes:
----------
net.ipv4.conf.all.accept_source_route:
0
ID: net.ipv4.conf.default.accept_source_route
Function: sysctl.present
Result: True
Comment: Sysctl value net.ipv4.conf.default.accept_source_route = 0 is already set
Changes:
ID: net.ipv4.conf.all.secure_redirects
Function: sysctl.present
Result: True
Comment: Updated sysctl value net.ipv4.conf.all.secure_redirects = 0
Changes:
----------
net.ipv4.conf.all.secure_redirects:
0
ID: net.ipv4.conf.default.secure_redirects
Function: sysctl.present
Result: True
Comment: Updated sysctl value net.ipv4.conf.default.secure_redirects = 0
Changes:
----------
net.ipv4.conf.default.secure_redirects:
0
ID: net.ipv4.icmp_echo_ignore_broadcasts
Function: sysctl.present
Result: True
Comment: Updated sysctl value net.ipv4.icmp_echo_ignore_broadcasts = 1
Changes:
----------
net.ipv4.icmp_echo_ignore_broadcasts:
1
ID: net.ipv4.icmp_ignore_bogus_error_responses
Function: sysctl.present
Result: True
Comment: Updated sysctl value net.ipv4.icmp_ignore_bogus_error_responses = 1
Changes:
----------
net.ipv4.icmp_ignore_bogus_error_responses:
1
ID: net.ipv4.conf.all.rp_filter
Function: sysctl.present
Result: True
Comment: Updated sysctl value net.ipv4.conf.all.rp_filter = 1
Changes:
----------
net.ipv4.conf.all.rp_filter:
1
ID: net.ipv4.conf.default.rp_filter
Function: sysctl.present
Result: True
Comment: Sysctl value net.ipv4.conf.default.rp_filter = 1 is already set
Changes:
ID: net.ipv4.tcp_syncookies
Function: sysctl.present
Result: True
Comment: Sysctl value net.ipv4.tcp_syncookies = 1 is already set
Changes:
ID: net.ipv6.conf.all.accept_ra
Function: sysctl.present
Result: False
Comment: An exception occurred in this state: Traceback (most recent call last):
File "/usr/lib/python2.6/site-packages/salt/state.py", line 1379, in call
**cdata['kwargs'])
File "/usr/lib/python2.6/site-packages/salt/states/sysctl.py", line 72, in present
update = __salt__['sysctl.persist'](name, value, config)
File "/usr/lib/python2.6/site-packages/salt/modules/linux_sysctl.py", line 226, in persist
assign(name, value)
File "/usr/lib/python2.6/site-packages/salt/modules/linux_sysctl.py", line 118, in assign
raise CommandExecutionError('sysctl {0} does not exist'.format(name))
CommandExecutionError: sysctl net.ipv6.conf.all.accept_ra does not exist
Changes:
ID: net.ipv6.conf.default.accept_ra
Function: sysctl.present
Result: False
Comment: An exception occurred in this state: Traceback (most recent call last):
File "/usr/lib/python2.6/site-packages/salt/state.py", line 1379, in call
**cdata['kwargs'])
File "/usr/lib/python2.6/site-packages/salt/states/sysctl.py", line 72, in present
update = __salt__['sysctl.persist'](name, value, config)
File "/usr/lib/python2.6/site-packages/salt/modules/linux_sysctl.py", line 226, in persist
assign(name, value)
File "/usr/lib/python2.6/site-packages/salt/modules/linux_sysctl.py", line 118, in assign
raise CommandExecutionError('sysctl {0} does not exist'.format(name))
CommandExecutionError: sysctl net.ipv6.conf.default.accept_ra does not exist
Changes:
ID: net.ipv6.conf.default.accept_redirects
Function: sysctl.present
Result: False
Comment: An exception occurred in this state: Traceback (most recent call last):
File "/usr/lib/python2.6/site-packages/salt/state.py", line 1379, in call
**cdata['kwargs'])
File "/usr/lib/python2.6/site-packages/salt/states/sysctl.py", line 72, in present
update = __salt__['sysctl.persist'](name, value, config)
File "/usr/lib/python2.6/site-packages/salt/modules/linux_sysctl.py", line 226, in persist
assign(name, value)
File "/usr/lib/python2.6/site-packages/salt/modules/linux_sysctl.py", line 118, in assign
raise CommandExecutionError('sysctl {0} does not exist'.format(name))
CommandExecutionError: sysctl net.ipv6.conf.default.accept_redirects does not exist
Changes:
ID: net.ipv6.conf.all.accept_redirects
Function: sysctl.present
Result: False
Comment: An exception occurred in this state: Traceback (most recent call last):
File "/usr/lib/python2.6/site-packages/salt/state.py", line 1379, in call
**cdata['kwargs'])
File "/usr/lib/python2.6/site-packages/salt/states/sysctl.py", line 72, in present
update = __salt__['sysctl.persist'](name, value, config)
File "/usr/lib/python2.6/site-packages/salt/modules/linux_sysctl.py", line 226, in persist
assign(name, value)
File "/usr/lib/python2.6/site-packages/salt/modules/linux_sysctl.py", line 118, in assign
raise CommandExecutionError('sysctl {0} does not exist'.format(name))
CommandExecutionError: sysctl net.ipv6.conf.all.accept_redirects does not exist
Changes:
ID: fs.suid_dumpable
Function: sysctl.present
Result: True
Comment: Updated sysctl value fs.suid_dumpable = 0
Changes:
----------
fs.suid_dumpable:
0
ID: kernel.exec-shield
Function: sysctl.present
Result: True
Comment: Updated sysctl value kernel.exec-shield = 1
Changes:
----------
kernel.exec-shield:
1
ID: kernel.randomize_va_space
Function: sysctl.present
Result: True
Comment: Updated sysctl value kernel.randomize_va_space = 2
Changes:
----------
kernel.randomize_va_space:
2
ID: ipv6_setup
Function: cmd.script
Result: True
Comment: Command 'ipv6_setup' run
Changes:
----------
pid:
26704
retcode:
0
stderr:
stdout:
ID: semanage
Function: pkg.installed
Result: True
Comment: All specified packages are already installed.
Changes:
ID: ssh_setup
Function: cmd.script
Result: True
Comment: Command 'ssh_setup' run
Changes:
----------
pid:
26728
retcode:
0
stderr:
stdout:
Stopping sshd: [ OK ]
Starting sshd: [ OK ]
ID: ssh-semanage
Function: cmd.run
Name: semanage port -a -t ssh_port_t -p tcp 10
Result: False
Comment: Command "semanage port -a -t ssh_port_t -p tcp 10" run
Changes:
----------
pid:
26761
retcode:
1
stderr:
/usr/sbin/semanage: Port tcp/10 already defined
stdout:
ID: /etc/rsyslog.conf
Function: file.managed
Result: True
Comment: File /etc/rsyslog.conf updated
Changes:
----------
diff:
---
+++
@@ -76,7 +76,6 @@
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
#*.* @@remote-host:514
# ### end of the forwarding rule ###
-*.* @130.195.85.202
#2012-04-27-AS
local3.* /var/log/rhn/jabberd.log
ID: rsyslog-restart
Function: cmd.run
Name: service rsyslog restart
Result: True
Comment: Command "service rsyslog restart" run
Changes:
----------
pid:
26772
retcode:
0
stderr:
stdout:
Shutting down system logger: [ OK ]
Starting system logger: [ OK ]
ID: sudo_ipa_setup
Function: cmd.script
Result: True
Comment: Command 'sudo_ipa_setup' run
Changes:
----------
pid:
26810
retcode:
0
stderr:
stdout:
ID: /etc/sudo-ldap.conf
Function: file.managed
Result: True
Comment: File /etc/sudo-ldap.conf updated
Changes:
----------
diff:
---
+++
@@ -1,86 +1,12 @@
-## BINDDN DN
-## The BINDDN parameter specifies the identity, in the form of a Dis‐
-## tinguished Name (DN), to use when performing LDAP operations. If
-## not specified, LDAP operations are performed with an anonymous
-## identity. By default, most LDAP servers will allow anonymous
-## access.
-##
-#binddn uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com
+uri ldap://vuwunicoipam001.ods.vuw.ac.nz ldap://vuwunicoipam002.ods.vuw.ac.nz ldap://vuwunicoipam003.ods.vuw.ac.nz
+ldap_version 3
+sudoers_base ou=SUDOers,dc=ods,dc=vuw,dc=ac,dc=nz
+binddn uid=sudo,cn=sysaccounts,cn=etc,dc=ods,dc=vuw,dc=ac,dc=nz
+bindpw www.apac.c0m
+bind_timelimit 5000
+timelimt 15
+ssl start_tls
+tls_checkpeer (yes)
+tls_cacertfile /etc/ipa/ca.crt
+sudoers_debug 2
-## BINDPW secret
-## The BINDPW parameter specifies the password to use when performing
-## LDAP operations. This is typically used in conjunction with the
-## BINDDN parameter.
-##
-#bindpw secret
-
-## SSL start_tls
-## If the SSL parameter is set to start_tls, the LDAP server connec‐
-## tion is initiated normally and TLS encryption is begun before the
-## bind credentials are sent. This has the advantage of not requiring
-## a dedicated port for encrypted communications. This parameter is
-## only supported by LDAP servers that honor the start_tls extension,
-## such as the OpenLDAP and Tivoli Directory servers.
-##
-#ssl start_tls
-
-## TLS_CACERTFILE file name
-## The path to a certificate authority bundle which contains the cer‐
-## tificates for all the Certificate Authorities the client knows to
-## be valid, e.g. /etc/ssl/ca-bundle.pem. This option is only sup‐
-## ported by the OpenLDAP libraries. Netscape-derived LDAP libraries
-## use the same certificate database for CA and client certificates
-## (see TLS_CERT).
-##
-#tls_cacertfile /path/to/CA.crt
-
-## TLS_CHECKPEER on/true/yes/off/false/no
-## If enabled, TLS_CHECKPEER will cause the LDAP server's TLS certifi‐
-## cated to be verified. If the server's TLS certificate cannot be
-## verified (usually because it is signed by an unknown certificate
-## authority), sudo will be unable to connect to it. If TLS_CHECKPEER
-## is disabled, no check is made. Note that disabling the check cre‐
-## ates an opportunity for man-in-the-middle attacks since the
-## server's identity will not be authenticated. If possible, the CA's
-## certificate should be installed locally so it can be verified.
-## This option is not supported by the Tivoli Directory Server LDAP
-## libraries.
-#tls_checkpeer yes
-
-##
-## URI ldap[s]://[hostname[:port]] ...
-## Specifies a whitespace-delimited list of one or more
-## URIs describing the LDAP server(s) to connect to.
-##
-#uri ldap://ldapserver
-
-##
-## SUDOERS_BASE base
-## The base DN to use when performing sudo LDAP queries.
-## Multiple SUDOERS_BASE lines may be specified, in which
-## case they are queried in the order specified.
-##
-#sudoers_base ou=SUDOers,dc=example,dc=com
-
-##
-## BIND_TIMELIMIT seconds
-## The BIND_TIMELIMIT parameter specifies the amount of
-## time to wait while trying to connect to an LDAP server.
-##
-#bind_timelimit 30
-
-##
-## TIMELIMIT seconds
-## The TIMELIMIT parameter specifies the amount of time
-## to wait for a response to an LDAP query.
-##
-#timelimit 30
-
-##
-## SUDOERS_DEBUG debug_level
-## This sets the debug level for sudo LDAP queries. Debugging
-## information is printed to the standard error. A value of 1
-## results in a moderate amount of debugging information.
-## A value of 2 shows the results of the matches themselves.
-##
-#sudoers_debug 1
mode:
0440
ID: nis_ipa_setup
Function: cmd.script
Result: True
Comment: Command 'nis_ipa_setup' run
Changes:
----------
pid:
26841
retcode:
0
stderr:
stdout:
ID: /etc/rc.d/rc.local
Function: file.managed
Result: True
Comment: File /etc/rc.d/rc.local is in the correct state
Changes:
ID: iptables
Function: service.dead
Result: True
Comment: Service iptables has been disabled, and is dead
Changes:
----------
iptables:
True
ID: snmp
Function: pkg.installed
Result: True
Comment: The following packages were installed/updated: net-snmp.
Changes:
----------
net-snmp:
----------
new:
5.5-49.el6_5.1
old:
webmin:
----------
new:
1.690-1
old:
1.580-1
ID: /etc/snmp/snmpd.conf
Function: file.managed
Result: True
Comment: File /etc/snmp/snmpd.conf updated
Changes:
----------
diff:
---
+++
@@ -38,7 +38,10 @@
# First, map the community name "public" into a "security name"
# sec.name source community
-com2sec notConfigUser default public
+#com2sec notConfigUser default public
+com2sec notConfigUser 10.120.100.10/32 m0n1t0r
+access notConfigGroup "" any noauth exact all all none
+view all included .1
####
# Second, map the security name into a group name:
@@ -321,6 +324,9 @@
# Check the / partition and make sure it contains at least 10 megs.
#disk / 10000
+disk /var 10%
+disk /var/log 10%
+disk /oracle 10%
# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.9
# enterprises.ucdavis.diskTable.dskEntry.diskIndex.1 = 0
@@ -350,6 +356,7 @@
# Check for loads:
#load 12 14 14
+load
# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.10
# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.1 = 1
mode:
0400
ID: snmpd
Function: service.running
Result: True
Comment: Service snmpd has been enabled, and is running
Changes:
----------
snmpd:
True
Succeeded: 68
Total: 73
-bash-4.1# salt -l debug -t 3600 vuwunicoojst002.ods.vuw.ac.nz state.sls sysctl
[DEBUG ] Reading configuration from /etc/salt/master
[DEBUG ] Missing configuration file: /root/.saltrc
[DEBUG ] Configuration file path: /etc/salt/master
[DEBUG ] Reading configuration from /etc/salt/master
[DEBUG ] Missing configuration file: /root/.saltrc
[DEBUG ] LocalClientEvent PUB socket URI: ipc:///var/run/salt/master/master_event_pub.ipc
[DEBUG ] LocalClientEvent PULL socket URI: ipc:///var/run/salt/master/master_event_pull.ipc
[DEBUG ] Loaded no_out as virtual quiet
[DEBUG ] Loaded json_out as virtual json
[DEBUG ] Loaded yaml_out as virtual yaml
[DEBUG ] Loaded pprint_out as virtual pprint
ID: vm.swappiness
Function: sysctl.present
Result: True
Comment: Sysctl value vm.swappiness = 20 is already set
Changes:
ID: net.ipv4.conf.all.log_martians
Function: sysctl.present
Result: True
Comment: Sysctl value net.ipv4.conf.all.log_martians = 1 is already set
Changes:
ID: net.ipv4.conf.default.log_martians
Function: sysctl.present
Result: True
Comment: Sysctl value net.ipv4.conf.default.log_martians = 1 is already set
Changes:
ID: net.ipv4.ip_forward
Function: sysctl.present
Result: True
Comment: Sysctl value net.ipv4.ip_forward = 0 is already set
Changes:
ID: net.ipv4.route.flush
Function: sysctl.present
Result: True
Comment: Sysctl value net.ipv4.route.flush = 1 is already set
Changes:
ID: net.ipv4.conf.all.send_redirects
Function: sysctl.present
Result: True
Comment: Sysctl value net.ipv4.conf.all.send_redirects = 0 is already set
Changes:
ID: net.ipv4.conf.default.send_redirects
Function: sysctl.present
Result: True
Comment: Sysctl value net.ipv4.conf.default.send_redirects = 0 is already set
Changes:
ID: net.ipv4.conf.all.accept_source_route
Function: sysctl.present
Result: True
Comment: Sysctl value net.ipv4.conf.all.accept_source_route = 0 is already set
Changes:
ID: net.ipv4.conf.default.accept_source_route
Function: sysctl.present
Result: True
Comment: Sysctl value net.ipv4.conf.default.accept_source_route = 0 is already set
Changes:
ID: net.ipv4.conf.all.secure_redirects
Function: sysctl.present
Result: True
Comment: Sysctl value net.ipv4.conf.all.secure_redirects = 0 is already set
Changes:
ID: net.ipv4.conf.default.secure_redirects
Function: sysctl.present
Result: True
Comment: Sysctl value net.ipv4.conf.default.secure_redirects = 0 is already set
Changes:
ID: net.ipv4.icmp_echo_ignore_broadcasts
Function: sysctl.present
Result: True
Comment: Sysctl value net.ipv4.icmp_echo_ignore_broadcasts = 1 is already set
Changes:
ID: net.ipv4.icmp_ignore_bogus_error_responses
Function: sysctl.present
Result: True
Comment: Sysctl value net.ipv4.icmp_ignore_bogus_error_responses = 1 is already set
Changes:
ID: net.ipv4.conf.all.rp_filter
Function: sysctl.present
Result: True
Comment: Sysctl value net.ipv4.conf.all.rp_filter = 1 is already set
Changes:
ID: net.ipv4.conf.default.rp_filter
Function: sysctl.present
Result: True
Comment: Sysctl value net.ipv4.conf.default.rp_filter = 1 is already set
Changes:
ID: net.ipv4.tcp_syncookies
Function: sysctl.present
Result: True
Comment: Sysctl value net.ipv4.tcp_syncookies = 1 is already set
Changes:
ID: net.ipv6.conf.all.accept_ra
Function: sysctl.present
Result: True
Comment: Sysctl value net.ipv6.conf.all.accept_ra = 0 is already set
Changes:
ID: net.ipv6.conf.default.accept_ra
Function: sysctl.present
Result: True
Comment: Sysctl value net.ipv6.conf.default.accept_ra = 0 is already set
Changes:
ID: net.ipv6.conf.default.accept_redirects
Function: sysctl.present
Result: True
Comment: Sysctl value net.ipv6.conf.default.accept_redirects = 0 is already set
Changes:
ID: net.ipv6.conf.all.accept_redirects
Function: sysctl.present
Result: True
Comment: Sysctl value net.ipv6.conf.all.accept_redirects = 0 is already set
Changes:
ID: fs.suid_dumpable
Function: sysctl.present
Result: True
Comment: Sysctl value fs.suid_dumpable = 0 is already set
Changes:
ID: kernel.exec-shield
Function: sysctl.present
Result: True
Comment: Sysctl value kernel.exec-shield = 1 is already set
Changes:
ID: kernel.randomize_va_space
Function: sysctl.present
Result: True
Comment: Sysctl value kernel.randomize_va_space = 2 is already set
Changes:
Succeeded: 23
Total: 23
-bash-4.1#
Salt master and minion are EPEL rpms from RHEL6 64 bit,
eg
salt-minion-2014.1.10-4.el6.noarch
I never saw these failures on earlier rpm versions eg 2014.1.7.x or 2014.1.5.x
vim:
pkg.installed:
{% if grains['os_family'] == 'RedHat' %}
- name: vim-enhanced
{% elif grains['os'] == 'Debian' %}
- name: vim-rt
{% endif %}
Because there is no fallback default for anything else, other distros will get an error that looks like:
local:
The state "vim" in sls vim is not formed as a list
This is on AWS using state.highstate on ami-137bcf7a:
State: - pkg
Name: openldap-servers
Function: installed
Result: False
Comment: Package openldap-servers failed to install
Changes:
State: - pkg
Name: openldap-clients
Function: installed
Result: False
Comment: Package openldap-clients failed to install
Changes:
State: - file
Name: /etc/ldap/ldap.conf
Function: managed
Result: False
Comment: One or more requisite failed
Changes:
State: - pkg
Name: openssh
Function: installed
Result: False
Comment: Package openssh failed to install
Changes:
State: - pkg
Name: python-typepad
Function: installed
Result: False
Comment: Package python-typepad failed to install
Changes:
Need to research the correct package names to use for these.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.