From a807661c4c49c2c47912f3522353843aa30c3474 Mon Sep 17 00:00:00 2001 From: Kevin Carter Date: Tue, 28 May 2019 10:41:06 -0500 Subject: [PATCH] Remove aide puppet manifest The aide puppet manifest is being removed because the heat template which invoked it has been converted to ansible. This change removes the aide manifest and spec files accordingly. Depends-On: I4479de4c157625be50fdbec33cbf43b30dd7558f Change-Id: I9d63a38298311909e615e51e1e46dcc35652b351 Signed-off-by: Kevin Carter --- manifests/profile/base/aide.pp | 79 -------------- manifests/profile/base/aide/cron.pp | 78 -------------- manifests/profile/base/aide/installdb.pp | 56 ---------- manifests/profile/base/aide/rules.pp | 61 ----------- .../notes/aide-removed-14f41082b1424a53.yaml | 4 + .../classes/tripleo_profile_base_aide_spec.rb | 102 ------------------ 6 files changed, 4 insertions(+), 376 deletions(-) delete mode 100644 manifests/profile/base/aide.pp delete mode 100644 manifests/profile/base/aide/cron.pp delete mode 100644 manifests/profile/base/aide/installdb.pp delete mode 100644 manifests/profile/base/aide/rules.pp create mode 100644 releasenotes/notes/aide-removed-14f41082b1424a53.yaml delete mode 100644 spec/classes/tripleo_profile_base_aide_spec.rb diff --git a/manifests/profile/base/aide.pp b/manifests/profile/base/aide.pp deleted file mode 100644 index 44c353b03..000000000 --- a/manifests/profile/base/aide.pp +++ /dev/null @@ -1,79 +0,0 @@ -######################################################################### -# Copyright (C) 2017 Red Hat Inc. -# -# Author: Luke Hinds -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::aide -# -# Aide profile for TripleO -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to hiera('step') -# -# [*aide_conf_path*] -# The aide configuration file to use for rules and db path -# Defaults to hiera('aide_conf_path', '/etc/aide.conf') -# -# [*aide_db_path*] -# (Optional) The location of AIDE's integrity database file -# Defaults to hiera('aide_db_path', '/var/lib/aide/aide.db') -# -# [*aide_db_temp_path*] -# (Optional) The staging location during integrity database creation -# Defaults to hiera('aide_db_temp_path', '/var/lib/aide/aide.db.new') -# -# [*aide_rules*] -# A hiera based hash of aides integrity rules -# Defaults to hiera('rules', {}) -# -class tripleo::profile::base::aide ( - $step = Integer(hiera('step')), - $aide_conf_path = hiera('aide_conf_path', '/etc/aide.conf'), - $aide_db_path = hiera('aide_db_path', '/var/lib/aide/aide.db'), - $aide_db_temp_path = hiera('aide_db_temp_path', '/var/lib/aide/aide.db.new'), - $aide_rules = hiera('aide_rules', {}) -) { - - if $step >=5 { - package { 'aide': - ensure => 'present' - } - - contain ::tripleo::profile::base::aide::installdb - - concat { 'aide.conf': - path => $aide_conf_path, - owner => 'root', - group => 'root', - mode => '0600', - ensure_newline => true, - require => Package['aide'] - } - - concat::fragment { 'aide.conf.header': - target => 'aide.conf', - order => 0, - content => template( 'tripleo/aide/aide.conf.erb') - } - - create_resources('tripleo::profile::base::aide::rules', $aide_rules) - - contain ::tripleo::profile::base::aide::cron - } -} diff --git a/manifests/profile/base/aide/cron.pp b/manifests/profile/base/aide/cron.pp deleted file mode 100644 index b2745f6e8..000000000 --- a/manifests/profile/base/aide/cron.pp +++ /dev/null @@ -1,78 +0,0 @@ -######################################################################### -# Copyright 2017 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::aide::cron -# -# Aide cron profile for tripleo -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to hiera('step') -# -# [*aide_command*] -# Path to aide binary -# -# [*aide_cron_user*] -# User for cron job to run aide -# Defaults to 'root' -# -# [*aide_hour*] -# The hour value used for cron entry -# Defaults to 3 -# -# [*aide_minute*] -# The minute value used for cron entry -# Defaults to 0 -# -# [*aide_email*] -# Send AIDE reports generated with cron job to this email address -# Defaults to undef -# -# [*aide_mua_path*] -# Use the following path to a MUA client to send email -# Defaults to mailx -# -class tripleo::profile::base::aide::cron ( - $step = Integer(hiera('step')), - $aide_command = '/usr/sbin/aide', - $aide_cron_user = hiera('aide_cron_user', 'root'), - $aide_hour = hiera('aide_hour', 3), - $aide_minute = hiera('aide_minute', 0), - $aide_email = hiera('aide_email', undef), - $aide_mua_path = hiera('aide_mua_path', '/bin/mailx') - ) { - - include ::tripleo::profile::base::aide - - if '@' in $aide_email { - $cron_entry = "${aide_command} --check --config ${::tripleo::profile::base::aide::aide_conf_path} | ${aide_mua_path} \ --s \"\$HOSTNAME - AIDE integrity check\" ${aide_email}" - } - else { - $cron_entry = "${aide_command} --check --config ${::tripleo::profile::base::aide::aide_conf_path} \ -> /var/log/audit/aide_`date +%Y-%m-%d`.log" - } - - cron { 'aide': - command => $cron_entry, - user => $aide_cron_user, - hour => $aide_hour, - minute => $aide_minute, - require => [Package['aide'], Exec['install aide db']] - } -} diff --git a/manifests/profile/base/aide/installdb.pp b/manifests/profile/base/aide/installdb.pp deleted file mode 100644 index 050e7c976..000000000 --- a/manifests/profile/base/aide/installdb.pp +++ /dev/null @@ -1,56 +0,0 @@ -######################################################################### -# Copyright 2017 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::aide::installdb -# -# Aide profile for tripleo -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to hiera('step') -# -class tripleo::profile::base::aide::installdb ( - $step = Integer(hiera('step')), - ) { - - include ::tripleo::profile::base::aide - - exec { 'aide init': - path => '/usr/sbin/', - command => "aide --init --config ${::tripleo::profile::base::aide::aide_conf_path}", - user => 'root', - refreshonly => true, - subscribe => Concat['aide.conf'] - } - - exec { 'install aide db': - path => '/bin/', - command => "cp -f ${::tripleo::profile::base::aide::aide_db_temp_path} ${::tripleo::profile::base::aide::aide_db_path}", - user => 'root', - refreshonly => true, - subscribe => Exec['aide init'] - } - - file { $::tripleo::profile::base::aide::aide_db_path: - ensure => present, - owner => root, - group => root, - mode => '0600', - require => Exec['install aide db'] - } -} diff --git a/manifests/profile/base/aide/rules.pp b/manifests/profile/base/aide/rules.pp deleted file mode 100644 index 514773906..000000000 --- a/manifests/profile/base/aide/rules.pp +++ /dev/null @@ -1,61 +0,0 @@ -######################################################################### -# Copyright 2017 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::aide::rules -# -# Aide rules hash profile for tripleo -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to hiera('step') -# -# [*content*] -# Used by concat to populate aide.conf -# -# [*body*] -# Used by concat to populate aide conf file -# -# [*order*] -# Specifies a method for sorting fragments by name within aide conf file -# -define tripleo::profile::base::aide::rules ( - $step = Integer(hiera('step')), - $content = '', - $order = 10, -) { - - include ::tripleo::profile::base::aide - - if $content == '' { - $body = $name - } else { - $body = $content - } - - if (!is_numeric($order) and !is_string($order)) - { - fail('$order must be a string or an integer') - } - validate_legacy(String, 'validate_string', $body) - - concat::fragment{ "aide_fragment_${name}": - target => 'aide.conf', - order => $order, - content => $body, - } -} diff --git a/releasenotes/notes/aide-removed-14f41082b1424a53.yaml b/releasenotes/notes/aide-removed-14f41082b1424a53.yaml new file mode 100644 index 000000000..b652654d9 --- /dev/null +++ b/releasenotes/notes/aide-removed-14f41082b1424a53.yaml @@ -0,0 +1,4 @@ +--- +deprecations: + - The aide puppet manifest for `aide` was removed. The heat template + invoking this manifest has been converted to Ansible. diff --git a/spec/classes/tripleo_profile_base_aide_spec.rb b/spec/classes/tripleo_profile_base_aide_spec.rb deleted file mode 100644 index f63383194..000000000 --- a/spec/classes/tripleo_profile_base_aide_spec.rb +++ /dev/null @@ -1,102 +0,0 @@ -# Copyright (C) 2017 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::aide' do - - shared_examples_for 'tripleo::profile::base::aide' do - before :each do - facts.merge!({ :step => params[:step] }) - end - - context 'with step less than 5' do - let(:params) { { :step => 1 } } - - it 'should do nothing' do - is_expected.to contain_class('tripleo::profile::base::aide') - is_expected.to_not contain_class('tripleo::profile::base::aide::cron') - is_expected.to_not contain_class('tripleo::profile::base::aide::rules') - is_expected.to_not contain_class('tripleo::profile::base::aide::installdb') - end - end - - context 'with step greater of 5' do - let(:params) { { - :step => 5 - } } - - it 'should configure aide' do - is_expected.to contain_class('tripleo::profile::base::aide') - is_expected.to contain_class('tripleo::profile::base::aide::cron') - is_expected.to contain_class('tripleo::profile::base::aide::installdb') - is_expected.to_not contain_class('tripleo::profile::base::aide::rules') - end - - it 'should concat aide.conf' do - is_expected.to contain_concat('aide.conf').with({ - "ensure" => "present", - "ensure_newline" => "true", - "owner"=>"root", - "group"=>"root", - "mode"=>"0600"}) - end - - it 'should concat fragment aide.conf' do - should contain_concat__fragment('aide.conf.header').with({ - :target => 'aide.conf' - }) - end - - it 'should initiate aide database' do - should contain_exec('aide init').with({ - :command => "aide --init --config /etc/aide.conf" - }) - end - - it 'should set new database to main database' do - should contain_exec('install aide db').with({ - :command => "cp -f /var/lib/aide/aide.db.new /var/lib/aide/aide.db" - }) - end - - it 'should contain database file' do - should contain_file('/var/lib/aide/aide.db').with({ - 'ensure' => 'present', - 'owner' => 'root', - 'group' => 'root', - 'mode' => '0600' - }) - end - - it 'should configure cron' do - should contain_cron('aide').with({ - :user => 'root', - :hour => 3, - :minute => 0 - }) - end - end - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let (:facts) { - facts - } - it_behaves_like 'tripleo::profile::base::aide' - end - end -end