From 99d1bc39acfa8fb9fe24c85456969a9e7fb73154 Mon Sep 17 00:00:00 2001
From: Major Hayden <major@mhtx.net>
Date: Fri, 15 Jan 2016 10:30:43 -0600
Subject: [PATCH] Skip AIDE initialization by default

The AIDE database initialization consumes a lot of CPU time and I/O resources.
We shouldn't initialize the database by default, but this should be
configurable by the deployer.

Closes-bug: 1534658

Change-Id: If680000619c35914e58ed8b7883c7eaa7928cec4
---
 defaults/main.yml            |  6 ++++++
 doc/source/configuration.rst | 11 +++++++++++
 handlers/main.yml            |  1 +
 3 files changed, 18 insertions(+)

diff --git a/defaults/main.yml b/defaults/main.yml
index 0d24092c..a41eee21 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -31,6 +31,12 @@ aide_exclude_dirs:
   - /var/lib/lxc
   - /openstack
   - /opt
+#
+# By default, the AIDE database won't be initialized immediately since it can
+# consume plenty of CPU and I/O resources while it runs. To initialize the
+# AIDE database immediately when the playbook finishes, set the following
+# variable to 'true':
+initialize_aide: false
 
 ## Audit daemon
 # The following booleans control the rule sets added to auditd's default
diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst
index cfe0ed25..66029a6e 100644
--- a/doc/source/configuration.rst
+++ b/doc/source/configuration.rst
@@ -32,6 +32,17 @@ long time indexing the disk.  Additional directories can be added to the
 exclusion list, but the directories currenty listed **should not be removed**.
 Deployers can add directories to ``aide_exlude_dirs``.
 
+The first AIDE database initialization can consume lots of CPU time and I/O
+resources. By default, the role won't run the database initialization after
+the role is applied to avoid causing performance degradation. The database will
+be initialized automatically when the AIDE cron job runs the next day. To force
+the initialization to run as soon as the role finishes running, change the
+the following variable to ``true``:
+
+.. code-block:: yaml
+
+    initialize_aide: true
+
 Audit daemon
 ------------
 
diff --git a/handlers/main.yml b/handlers/main.yml
index 25c1fbff..ed5c88f5 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -62,6 +62,7 @@
 # the background so it doesn't hold up the whole playbook.
 - name: initialize AIDE
   shell: "aideinit -b"
+  when: initialize_aide | bool
 
 - name: rehash aliases
   command: newaliases