Configure maintenance

Enable maintenance with:

maintenance:
  enabled: True

This enables the rhunter state and is a condition for the below states.

Note

The default in pillar/common.sls is False (disabled).

rkhunter

rkhunter requires configuration to avoid false positives. For example:

maintenance:
  rkhunter_customisation: |
    ALLOWHIDDENDIR=/etc/.java
    ALLOWDEVFILE=/dev/shm/PostgreSQL.*

Patching

Set maintenance.patching to automatic on development servers and manual on production servers.

maintenance:
  patching: manual

Note

The default in pillar/common.sls is automatic.

Hardware sensors

Important

Hardware servers only

After deploying the server:

  1. Connect to the server as the root user

  2. Detect sensors with:

    sensors-detect
    
  3. Update the server’s Pillar file, for example:

    maintenance:
      hardware_sensors: True
      custom_sensors:
        - coretemp
        - nct6775
    
  4. Deploy the server

RAID monitoring

If the server uses a hardware RAID controller:

  1. Install RAID monitoring software

  2. Add a script under salt/maintenance/raid_monitoring/files/

  3. Add to the server’s Pillar file, for example:

    maintenance:
      raid_monitoring_script: adaptec_raidcheck.sh
    

If the server uses a software RAID controller:

  1. Check that mdadm is running:

    $ ps aux | grep mdadm
    root       648  0.0  0.0   7552  1972 ?        Ss   Jul17   0:02 /sbin/mdadm --monitor --scan
    
  2. Check that mdam is configured to send emails to root:

    $ grep MAILADDR /etc/mdadm/mdadm.conf
    MAILADDR root