committing changes in /etc made by "-bash"

Package changes:

.etckeeper

@@ -19,6 +19,7 @@ mkdir -p './chkconfig.d'
 mkdir -p './cl.selector/php.extensions.d'
 mkdir -p './cloud'
 mkdir -p './cron.weekly'
+mkdir -p './crowdsec/acquis.d'
 mkdir -p './crypto-policies/policies/modules'
 mkdir -p './cups'
 mkdir -p './dbus-1/session.d'
@@ -55,6 +56,9 @@ mkdir -p './libpaper.d'
 mkdir -p './libreport/events'
 mkdir -p './libreport/plugins'
 mkdir -p './libreport/workflows.d'
+mkdir -p './lvm/archive'
+mkdir -p './lvm/backup'
+mkdir -p './lvm/cache'
 mkdir -p './mail/spamassassin/.pyzor'
 mkdir -p './mail/spamassassin/sa-update-keys/private-keys-v1.d'
 mkdir -p './modulefiles'
@@ -289,14 +293,10 @@ maybe chmod 0644 'clamav-unofficial-sigs/user.conf'
 maybe chown 'amavis' 'clamd.conf'
 maybe chgrp 'amavis' 'clamd.conf'
 maybe chmod 0640 'clamd.conf'
-maybe chown 'amavis' 'clamd.d'
-maybe chgrp 'amavis' 'clamd.d'
 maybe chmod 0755 'clamd.d'
 maybe chown 'amavis' 'clamd.d/amavisd.conf'
 maybe chgrp 'amavis' 'clamd.d/amavisd.conf'
 maybe chmod 0644 'clamd.d/amavisd.conf'
-maybe chown 'amavis' 'clamd.d/scan.conf'
-maybe chgrp 'amavis' 'clamd.d/scan.conf'
 maybe chmod 0644 'clamd.d/scan.conf'
 maybe chmod 0755 'cloud'
 maybe chmod 0755 'cockpit'
@@ -332,6 +332,7 @@ maybe chmod 0750 'cronitor'
 maybe chmod 0640 'cronitor/cronitor.json'
 maybe chmod 0644 'crontab'
 maybe chmod 0755 'crowdsec'
+maybe chmod 0700 'crowdsec/acquis.d'
 maybe chmod 0644 'crowdsec/acquis.yaml'
 maybe chmod 0755 'crowdsec/collections'
 maybe chmod 0600 'crowdsec/config.yaml'
@@ -410,6 +411,7 @@ maybe chmod 0600 'crowdsec/local_api_credentials.yaml'
 maybe chmod 0755 'crowdsec/notifications'
 maybe chmod 0600 'crowdsec/notifications/email.yaml'
 maybe chmod 0600 'crowdsec/notifications/http.yaml'
+maybe chmod 0600 'crowdsec/notifications/sentinel.yaml'
 maybe chmod 0600 'crowdsec/notifications/slack.yaml'
 maybe chmod 0600 'crowdsec/notifications/splunk.yaml'
 maybe chmod 0600 'crowdsec/online_api_credentials.yaml'
@@ -1016,6 +1018,7 @@ maybe chmod 0644 'httpd/conf.d/perl.conf'
 maybe chmod 0644 'httpd/conf.d/php.conf'
 maybe chmod 0644 'httpd/conf.d/phpmyadmin.conf'
 maybe chmod 0644 'httpd/conf.d/squid.conf'
+maybe chmod 0644 'httpd/conf.d/ssl.conf'
 maybe chmod 0644 'httpd/conf.d/ssl.conf_disabled'
 maybe chmod 0644 'httpd/conf.d/userdir.conf'
 maybe chmod 0644 'httpd/conf.d/welcome.conf'
@@ -3533,6 +3536,21 @@ maybe chmod 0644 'logrotate.d/wtmp'
 maybe chmod 0755 'lsb-release.d'
 maybe chmod 0644 'lsb-release.d/core-4.1-amd64'
 maybe chmod 0644 'lsb-release.d/core-4.1-noarch'
+maybe chmod 0755 'lvm'
+maybe chmod 0700 'lvm/archive'
+maybe chmod 0700 'lvm/backup'
+maybe chmod 0700 'lvm/cache'
+maybe chmod 0644 'lvm/lvm.conf'
+maybe chmod 0644 'lvm/lvmlocal.conf'
+maybe chmod 0755 'lvm/profile'
+maybe chmod 0444 'lvm/profile/cache-mq.profile'
+maybe chmod 0444 'lvm/profile/cache-smq.profile'
+maybe chmod 0444 'lvm/profile/command_profile_template.profile'
+maybe chmod 0444 'lvm/profile/lvmdbusd.profile'
+maybe chmod 0444 'lvm/profile/metadata_profile_template.profile'
+maybe chmod 0444 'lvm/profile/thin-generic.profile'
+maybe chmod 0444 'lvm/profile/thin-performance.profile'
+maybe chmod 0444 'lvm/profile/vdo-small.profile'
 maybe chmod 0755 'lynis'
 maybe chmod 0644 'lynis/default.prf'
 maybe chmod 0644 'lynx-site.cfg'

crowdsec/notifications/sentinel.yaml

@@ -0,0 +1,21 @@
+type: sentinel          # Don't change
+name: sentinel_default  # Must match the registered plugin in the profile
+
+# One of "trace", "debug", "info", "warn", "error", "off"
+log_level: info
+# group_wait:         # Time to wait collecting alerts before relaying a message to this plugin, eg "30s"
+# group_threshold:    # Amount of alerts that triggers a message before <group_wait> has expired, eg "10"
+# max_retry:          # Number of attempts to relay messages to plugins in case of error
+# timeout:            # Time to wait for response from the plugin before considering the attempt a failure, eg "10s"
+
+#-------------------------
+# plugin-specific options
+
+# The following template receives a list of models.Alert objects
+# The output goes in the http request body
+format: |
+  {{.|toJson}}
+
+customer_id: XXX-XXX
+shared_key: XXXXXXX
+log_type: crowdsec

httpd/conf.d/ssl.conf

@@ -0,0 +1,203 @@
+#
+# When we also provide SSL we have to listen to the 
+# standard HTTPS port in addition.
+#
+Listen 443 https
+
+##
+##  SSL Global Context
+##
+##  All SSL configuration in this context applies both to
+##  the main server and all SSL-enabled virtual hosts.
+##
+
+#   Pass Phrase Dialog:
+#   Configure the pass phrase gathering process.
+#   The filtering dialog program (`builtin' is a internal
+#   terminal dialog) has to provide the pass phrase on stdout.
+SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog
+
+#   Inter-Process Session Cache:
+#   Configure the SSL Session Cache: First the mechanism 
+#   to use and second the expiring timeout (in seconds).
+SSLSessionCache         shmcb:/run/httpd/sslcache(512000)
+SSLSessionCacheTimeout  300
+
+#
+# Use "SSLCryptoDevice" to enable any supported hardware
+# accelerators. Use "openssl engine -v" to list supported
+# engine names.  NOTE: If you enable an accelerator and the
+# server does not start, consult the error logs and ensure
+# your accelerator is functioning properly. 
+#
+SSLCryptoDevice builtin
+#SSLCryptoDevice ubsec
+
+##
+## SSL Virtual Host Context
+##
+
+<VirtualHost _default_:443>
+
+# General setup for the virtual host, inherited from global configuration
+#DocumentRoot "/var/www/html"
+#ServerName www.example.com:443
+
+# Use separate log files for the SSL virtual host; note that LogLevel
+# is not inherited from httpd.conf.
+ErrorLog logs/ssl_error_log
+TransferLog logs/ssl_access_log
+LogLevel warn
+
+#   SSL Engine Switch:
+#   Enable/Disable SSL for this virtual host.
+SSLEngine on
+
+#   List the protocol versions which clients are allowed to connect with.
+#   The OpenSSL system profile is used by default.  See
+#   update-crypto-policies(8) for more details.
+#SSLProtocol all -SSLv3
+#SSLProxyProtocol all -SSLv3
+
+#   User agents such as web browsers are not configured for the user's
+#   own preference of either security or performance, therefore this
+#   must be the prerogative of the web server administrator who manages
+#   cpu load versus confidentiality, so enforce the server's cipher order.
+SSLHonorCipherOrder on
+
+#   SSL Cipher Suite:
+#   List the ciphers that the client is permitted to negotiate.
+#   See the mod_ssl documentation for a complete list.
+#   The OpenSSL system profile is configured by default.  See
+#   update-crypto-policies(8) for more details.
+SSLCipherSuite PROFILE=SYSTEM
+SSLProxyCipherSuite PROFILE=SYSTEM
+
+#   Point SSLCertificateFile at a PEM encoded certificate.  If
+#   the certificate is encrypted, then you will be prompted for a
+#   pass phrase.  Note that restarting httpd will prompt again.  Keep
+#   in mind that if you have both an RSA and a DSA certificate you
+#   can configure both in parallel (to also allow the use of DSA
+#   ciphers, etc.)
+#   Some ECC cipher suites (http://www.ietf.org/rfc/rfc4492.txt)
+#   require an ECC certificate which can also be configured in
+#   parallel.
+SSLCertificateFile /etc/pki/tls/certs/localhost.crt
+
+#   Server Private Key:
+#   If the key is not combined with the certificate, use this
+#   directive to point at the key file.  Keep in mind that if
+#   you've both a RSA and a DSA private key you can configure
+#   both in parallel (to also allow the use of DSA ciphers, etc.)
+#   ECC keys, when in use, can also be configured in parallel
+SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
+
+#   Server Certificate Chain:
+#   Point SSLCertificateChainFile at a file containing the
+#   concatenation of PEM encoded CA certificates which form the
+#   certificate chain for the server certificate. Alternatively
+#   the referenced file can be the same as SSLCertificateFile
+#   when the CA certificates are directly appended to the server
+#   certificate for convenience.
+#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
+
+#   Certificate Authority (CA):
+#   Set the CA certificate verification path where to find CA
+#   certificates for client authentication or alternatively one
+#   huge file containing all of them (file must be PEM encoded)
+#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
+
+#   Client Authentication (Type):
+#   Client certificate verification type and depth.  Types are
+#   none, optional, require and optional_no_ca.  Depth is a
+#   number which specifies how deeply to verify the certificate
+#   issuer chain before deciding the certificate is not valid.
+#SSLVerifyClient require
+#SSLVerifyDepth  10
+
+#   Access Control:
+#   With SSLRequire you can do per-directory access control based
+#   on arbitrary complex boolean expressions containing server
+#   variable checks and other lookup directives.  The syntax is a
+#   mixture between C and Perl.  See the mod_ssl documentation
+#   for more details.
+#<Location />
+#SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
+#            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
+#            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
+#            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
+#            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
+#           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
+#</Location>
+
+#   SSL Engine Options:
+#   Set various options for the SSL engine.
+#   o FakeBasicAuth:
+#     Translate the client X.509 into a Basic Authorisation.  This means that
+#     the standard Auth/DBMAuth methods can be used for access control.  The
+#     user name is the `one line' version of the client's X.509 certificate.
+#     Note that no password is obtained from the user. Every entry in the user
+#     file needs this password: `xxj31ZMTZzkVA'.
+#   o ExportCertData:
+#     This exports two additional environment variables: SSL_CLIENT_CERT and
+#     SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
+#     server (always existing) and the client (only existing when client
+#     authentication is used). This can be used to import the certificates
+#     into CGI scripts.
+#   o StdEnvVars:
+#     This exports the standard SSL/TLS related `SSL_*' environment variables.
+#     Per default this exportation is switched off for performance reasons,
+#     because the extraction step is an expensive operation and is usually
+#     useless for serving static content. So one usually enables the
+#     exportation for CGI and SSI requests only.
+#   o StrictRequire:
+#     This denies access when "SSLRequireSSL" or "SSLRequire" applied even
+#     under a "Satisfy any" situation, i.e. when it applies access is denied
+#     and no other module can change it.
+#   o OptRenegotiate:
+#     This enables optimized SSL connection renegotiation handling when SSL
+#     directives are used in per-directory context. 
+#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
+<FilesMatch "\.(cgi|shtml|phtml|php)$">
+    SSLOptions +StdEnvVars
+</FilesMatch>
+<Directory "/var/www/cgi-bin">
+    SSLOptions +StdEnvVars
+</Directory>
+
+#   SSL Protocol Adjustments:
+#   The safe and default but still SSL/TLS standard compliant shutdown
+#   approach is that mod_ssl sends the close notify alert but doesn't wait for
+#   the close notify alert from client. When you need a different shutdown
+#   approach you can use one of the following variables:
+#   o ssl-unclean-shutdown:
+#     This forces an unclean shutdown when the connection is closed, i.e. no
+#     SSL close notify alert is sent or allowed to be received.  This violates
+#     the SSL/TLS standard but is needed for some brain-dead browsers. Use
+#     this when you receive I/O errors because of the standard approach where
+#     mod_ssl sends the close notify alert.
+#   o ssl-accurate-shutdown:
+#     This forces an accurate shutdown when the connection is closed, i.e. a
+#     SSL close notify alert is sent and mod_ssl waits for the close notify
+#     alert of the client. This is 100% SSL/TLS standard compliant, but in
+#     practice often causes hanging connections with brain-dead browsers. Use
+#     this only for browsers where you know that their SSL implementation
+#     works correctly. 
+#   Notice: Most problems of broken clients are also related to the HTTP
+#   keep-alive facility, so you usually additionally want to disable
+#   keep-alive for those clients, too. Use variable "nokeepalive" for this.
+#   Similarly, one has to force some clients to use HTTP/1.0 to workaround
+#   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
+#   "force-response-1.0" for this.
+BrowserMatch "MSIE [2-5]" \
+         nokeepalive ssl-unclean-shutdown \
+         downgrade-1.0 force-response-1.0
+
+#   Per-Server Logging:
+#   The home of a custom SSL log file. Use this when you want a
+#   compact non-error SSL logfile on a virtual host basis.
+CustomLog logs/ssl_request_log \
+          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+
+</VirtualHost>
+

lvm/lvmlocal.conf

@@ -0,0 +1,57 @@
+# This is a local configuration file template for the LVM2 system
+# which should be installed as /etc/lvm/lvmlocal.conf .
+#
+# Refer to 'man lvm.conf' for information about the file layout.
+#
+# To put this file in a different directory and override
+# /etc/lvm set the environment variable LVM_SYSTEM_DIR before
+# running the tools.
+#
+# The lvmlocal.conf file is normally expected to contain only the
+# "local" section which contains settings that should not be shared or
+# repeated among different hosts.  (But if other sections are present,
+# they *will* get processed.  Settings in this file override equivalent
+# ones in lvm.conf and are in turn overridden by ones in any enabled
+# lvm_<tag>.conf files.)
+#
+# Please take care that each setting only appears once if uncommenting
+# example settings in this file and never copy this file between hosts.
+
+
+# Configuration section local.
+# LVM settings that are specific to the local host.
+local {
+
+	# Configuration option local/system_id.
+	# Defines the local system ID for lvmlocal mode.
+	# This is used when global/system_id_source is set to 'lvmlocal' in the
+	# main configuration file, e.g. lvm.conf. When used, it must be set to
+	# a unique value among all hosts sharing access to the storage,
+	# e.g. a host name.
+	#
+	# Example
+	# Set no system ID:
+	# system_id = ""
+	# Set the system_id to a specific name:
+	# system_id = "host1"
+	#
+	# This configuration option has an automatic default value.
+	# system_id = ""
+
+	# Configuration option local/extra_system_ids.
+	# A list of extra VG system IDs the local host can access.
+	# VGs with the system IDs listed here (in addition to the host's own
+	# system ID) can be fully accessed by the local host. (These are
+	# system IDs that the host sees in VGs, not system IDs that identify
+	# the local host, which is determined by system_id_source.)
+	# Use this only after consulting 'man lvmsystemid' to be certain of
+	# correct usage and possible dangers.
+	# This configuration option does not have a default value defined.
+
+	# Configuration option local/host_id.
+	# The lvmlockd sanlock host_id.
+	# This must be unique among all hosts, and must be between 1 and 2000.
+	# Applicable only if LVM is compiled with lockd support
+	# This configuration option has an automatic default value.
+	# host_id = 0
+}

lvm/profile/cache-mq.profile

@@ -0,0 +1,20 @@
+# Demo configuration 'mq' cache policy
+#
+# Note: This policy has been deprecated in favor of the smq policy
+# keyword "default" means, setting is left with kernel defaults.
+#
+
+allocation {
+	cache_pool_chunk_size = 64
+	cache_mode = "writethrough"
+	cache_policy = "mq"
+	cache_settings {
+		mq {
+			sequential_threshold = "default"	#  #nr_sequential_ios
+			random_threshold = "default"		#  #nr_random_ios
+			read_promote_adjustment = "default"
+			write_promote_adjustment = "default"
+			discard_promote_adjustment = "default"
+		}
+	}
+}

lvm/profile/cache-smq.profile

@@ -0,0 +1,14 @@
+# Demo configuration 'smq' cache policy
+#
+# The stochastic multi-queue (smq) policy addresses some of the problems
+# with the multiqueue (mq) policy and uses less memory.
+#
+
+allocation {
+	cache_pool_chunk_size = 64
+	cache_mode = "writethrough"
+	cache_policy = "smq"
+	cache_settings {
+	        # currently no settings for "smq" policy
+	}
+}

lvm/profile/command_profile_template.profile

@@ -0,0 +1,74 @@
+# This is a command profile template for the LVM2 system.
+#
+# It contains all configuration settings that are customizable by command
+# profiles. To create a new command profile, select the settings you want
+# to customize and add them in a new file named <profile_name>.profile.
+# Then install the new profile in a directory as defined by config/profile_dir
+# setting found in /etc/lvm/lvm.conf file.
+#
+# Command profiles can be referenced by using the --commandprofile option then.
+#
+# Refer to 'man lvm.conf' for further information about profiles and
+# general configuration file layout.
+#
+allocation {
+	cache_mode="writethrough"
+	cache_settings {
+	}
+}
+log {
+	report_command_log=0
+	command_log_sort="log_seq_num"
+	command_log_cols="log_seq_num,log_type,log_context,log_object_type,log_object_name,log_object_id,log_object_group,log_object_group_id,log_message,log_errno,log_ret_code"
+	command_log_selection="!(log_type=status && message=success)"
+}
+global {
+	units="h"
+	si_unit_consistency=1
+	suffix=1
+	lvdisplay_shows_full_device_path=0
+}
+report {
+	output_format="basic"
+	compact_output=0
+	compact_output_cols=""
+	aligned=1
+	buffered=1
+	headings=1
+	separator=" "
+	list_item_separator=","
+	prefixes=0
+	quoted=1
+	columns_as_rows=0
+	binary_values_as_numeric=0
+	time_format="%Y-%m-%d %T %z"
+	devtypes_sort="devtype_name"
+	devtypes_cols="devtype_name,devtype_max_partitions,devtype_description"
+	devtypes_cols_verbose="devtype_name,devtype_max_partitions,devtype_description"
+	lvs_sort="vg_name,lv_name"
+	lvs_cols="lv_name,vg_name,lv_attr,lv_size,pool_lv,origin,data_percent,metadata_percent,move_pv,mirror_log,copy_percent,convert_lv"
+	lvs_cols_verbose="lv_name,vg_name,seg_count,lv_attr,lv_size,lv_major,lv_minor,lv_kernel_major,lv_kernel_minor,pool_lv,origin,data_percent,metadata_percent,move_pv,copy_percent,mirror_log,convert_lv,lv_uuid,lv_profile"
+	vgs_sort="vg_name"
+	vgs_cols="vg_name,pv_count,lv_count,snap_count,vg_attr,vg_size,vg_free"
+	vgs_cols_verbose="vg_name,vg_attr,vg_extent_size,pv_count,lv_count,snap_count,vg_size,vg_free,vg_uuid,vg_profile"
+	pvs_sort="pv_name"
+	pvs_cols="pv_name,vg_name,pv_fmt,pv_attr,pv_size,pv_free"
+	pvs_cols_verbose="pv_name,vg_name,pv_fmt,pv_attr,pv_size,pv_free,dev_size,pv_uuid"
+	segs_sort="vg_name,lv_name,seg_start"
+	segs_cols="lv_name,vg_name,lv_attr,stripes,segtype,seg_size"
+	segs_cols_verbose="lv_name,vg_name,lv_attr,seg_start,seg_size,stripes,segtype,stripesize,chunksize"
+	pvsegs_sort="pv_name,pvseg_start"
+	pvsegs_cols="pv_name,vg_name,pv_fmt,pv_attr,pv_size,pv_free,pvseg_start,pvseg_size"
+	pvsegs_cols_verbose="pv_name,vg_name,pv_fmt,pv_attr,pv_size,pv_free,pvseg_start,pvseg_size,lv_name,seg_start_pe,segtype,seg_pe_ranges"
+	vgs_cols_full="vg_all"
+	pvs_cols_full="pv_all"
+	lvs_cols_full="lv_all"
+	pvsegs_cols_full="pvseg_all,pv_uuid,lv_uuid"
+	segs_cols_full="seg_all,lv_uuid"
+	vgs_sort_full="vg_name"
+	pvs_sort_full="pv_name"
+	lvs_sort_full="vg_name,lv_name"
+	pvsegs_sort_full="pv_uuid,pvseg_start"
+	segs_sort_full="lv_uuid,seg_start"
+	mark_hidden_devices=1
+}

lvm/profile/lvmdbusd.profile

@@ -0,0 +1,50 @@
+#
+# DO NOT EDIT THIS FILE!
+#
+# LVM configuration profile used by lvmdbusd daemon.
+#
+# This sets up LVM to produce output in the most suitable format for processing
+# by lvmdbusd daemon which utilizes LVM shell to execute LVM commands.
+#
+# Do not edit this file in any way. This profile is distributed together with
+# lvmdbusd and it contains configuration that is important for lvmdbusd to
+# cooperate and interface with LVM correctly.
+#
+
+global {
+	# use bytes for expected and deterministic output
+	units=b
+	# no need for suffix if we have units set
+	suffix=0
+}
+
+report {
+	compact_output=0
+	compact_output_cols=""
+	binary_values_as_numeric=0
+	# time in number of seconds since the Epoch
+	time_format="%s"
+	mark_hidden_devices=1
+	# lvmdbusd expects JSON output
+	output_format=json
+	# *_cols_full for lvm fullreport's fields which lvmdbusd relies on to update its state
+	vgs_cols_full="vg_name,vg_uuid,vg_fmt,vg_size,vg_free,vg_sysid,vg_extent_size,vg_extent_count,vg_free_count,vg_profile,max_lv,max_pv,pv_count,lv_count,snap_count,vg_seqno,vg_mda_count,vg_mda_free,vg_mda_size,vg_mda_used_count,vg_attr,vg_tags"
+	pvs_cols_full="pv_name,pv_uuid,pv_fmt,pv_size,pv_free,pv_used,dev_size,pv_mda_size,pv_mda_free,pv_ba_start,pv_ba_size,pe_start,pv_pe_count,pv_pe_alloc_count,pv_attr,pv_tags,vg_name,vg_uuid"
+	lvs_cols_full="lv_uuid,lv_name,lv_path,lv_size,vg_name,pool_lv_uuid,pool_lv,origin_uuid,origin,data_percent,lv_attr,lv_tags,vg_uuid,lv_active,data_lv,metadata_lv,lv_parent,lv_role,lv_layout"
+	pvsegs_cols_full="pvseg_start,pvseg_size,segtype,pv_uuid,lv_uuid,pv_name"
+	segs_cols_full="seg_pe_ranges,segtype,lv_uuid"
+	vgs_sort_full="vg_name"
+	pvs_sort_full="pv_name"
+	lvs_sort_full="vg_name,lv_name"
+	pvsegs_sort_full="pv_uuid,pvseg_start"
+	segs_sort_full="lv_uuid,seg_start"
+}
+
+log {
+	# lvmdbusd relies on command log report to inspect LVM command's execution status
+	report_command_log=1
+	# display only outermost LVM shell-related log that lvmdbusd inspects first after LVM command execution (it calls 'lastlog' for more detailed log afterwards if needed)
+	command_log_selection="log_context=shell"
+	command_log_cols="log_seq_num,log_type,log_context,log_object_type,log_object_name,log_object_id,log_object_group,log_object_group_id,log_message,log_errno,log_ret_code"
+	command_log_sort="log_seq_num"
+}

lvm/profile/metadata_profile_template.profile

@@ -0,0 +1,24 @@
+# This is a metadata profile template for the LVM2 system.
+#
+# It contains all configuration settings that are customizable by metadata
+# profiles. To create a new metadata profile, select the settings you want
+# to customize and add them in a new file named <profile_name>.profile.
+# Then install the new profile in a directory as defined by config/profile_dir
+# setting found in /etc/lvm/lvm.conf file.
+#
+# Metadata profiles can be referenced by using the --metadataprofile LVM2
+# command line option.
+#
+# Refer to 'man lvm.conf' for further information about profiles and
+# general configuration file layout.
+#
+allocation {
+	thin_pool_zero=1
+	thin_pool_discards="passdown"
+	thin_pool_chunk_size_policy="generic"
+#	thin_pool_chunk_size=128
+}
+activation {
+	thin_pool_autoextend_threshold=100
+	thin_pool_autoextend_percent=20
+}

lvm/profile/thin-generic.profile

@@ -0,0 +1,4 @@
+allocation {
+	thin_pool_chunk_size_policy = "generic"
+	thin_pool_zero = 1
+}

lvm/profile/thin-performance.profile

@@ -0,0 +1,4 @@
+allocation {
+	thin_pool_chunk_size_policy = "performance"
+	thin_pool_zero = 0
+}

lvm/profile/vdo-small.profile

@@ -0,0 +1,24 @@
+# Demo configuration for 'VDO' using less memory.
+# ~lvmconfig --type full | grep vdo
+
+allocation {
+	vdo_use_compression=1
+	vdo_use_deduplication=1
+	vdo_use_metadata_hints=1
+	vdo_minimum_io_size=4096
+	vdo_block_map_cache_size_mb=128
+	vdo_block_map_period=16380
+	vdo_check_point_frequency=0
+	vdo_use_sparse_index=0
+	vdo_index_memory_size_mb=256
+	vdo_slab_size_mb=2048
+	vdo_ack_threads=1
+	vdo_bio_threads=1
+	vdo_bio_rotation=64
+	vdo_cpu_threads=2
+	vdo_hash_zone_threads=1
+	vdo_logical_threads=1
+	vdo_physical_threads=1
+	vdo_write_policy="auto"
+	vdo_max_discard=1
+}

systemd/system/sockets.target.wants/dm-event.socket

@@ -0,0 +1 @@
+/usr/lib/systemd/system/dm-event.socket

systemd/system/sysinit.target.wants/lvm2-lvmpolld.socket

@@ -0,0 +1 @@
+/usr/lib/systemd/system/lvm2-lvmpolld.socket

systemd/system/sysinit.target.wants/lvm2-monitor.service

@@ -0,0 +1 @@
+/usr/lib/systemd/system/lvm2-monitor.service