From be85c6e135071a2489bd0f735e4743dbe4b41bc5 Mon Sep 17 00:00:00 2001 From: Kevin Carter Date: Tue, 11 Jun 2019 21:27:58 -0500 Subject: [PATCH] Create an aide role This change imports the aide content from the tripleo-heat-templates project and creates a role which can be used throughout the tripleo project ecosystem. The role will test in docker containers running both fedora28 and centos7. Change-Id: I3a34152dd0cd7363a6f138d6e1c6fd0f062a3ac6 Signed-off-by: Kevin Carter Signed-off-by: Kevin Carter --- doc/source/roles/role-aide.rst | 23 +++++ tox.ini | 6 ++ tripleo_ansible/roles/aide/README.md | 4 + tripleo_ansible/roles/aide/defaults/main.yml | 52 ++++++++++ tripleo_ansible/roles/aide/files/.gitkeep | 0 tripleo_ansible/roles/aide/handlers/main.yml | 15 +++ tripleo_ansible/roles/aide/meta/main.yml | 44 +++++++++ .../roles/aide/molecule/default/Dockerfile | 37 ++++++++ .../roles/aide/molecule/default/molecule.yml | 48 ++++++++++ .../roles/aide/molecule/default/playbook.yml | 24 +++++ .../roles/aide/molecule/default/prepare.yml | 26 +++++ .../roles/aide/molecule/default/verify.yml | 15 +++ .../roles/aide/tasks/aide_config.yml | 94 +++++++++++++++++++ .../roles/aide/tasks/aide_install.yml | 23 +++++ .../roles/aide/tasks/aide_upgrade.yml | 40 ++++++++ tripleo_ansible/roles/aide/tasks/main.yml | 45 +++++++++ tripleo_ansible/roles/aide/vars/main.yml | 22 +++++ tripleo_ansible/roles/aide/vars/redhat.yml | 18 ++++ zuul.d/jobs.yaml | 8 ++ zuul.d/layout.yaml | 1 + 20 files changed, 545 insertions(+) create mode 100644 doc/source/roles/role-aide.rst create mode 100644 tripleo_ansible/roles/aide/README.md create mode 100644 tripleo_ansible/roles/aide/defaults/main.yml create mode 100644 tripleo_ansible/roles/aide/files/.gitkeep create mode 100644 tripleo_ansible/roles/aide/handlers/main.yml create mode 100644 tripleo_ansible/roles/aide/meta/main.yml create mode 100644 tripleo_ansible/roles/aide/molecule/default/Dockerfile create mode 100644 tripleo_ansible/roles/aide/molecule/default/molecule.yml create mode 100644 tripleo_ansible/roles/aide/molecule/default/playbook.yml create mode 100644 tripleo_ansible/roles/aide/molecule/default/prepare.yml create mode 100644 tripleo_ansible/roles/aide/molecule/default/verify.yml create mode 100644 tripleo_ansible/roles/aide/tasks/aide_config.yml create mode 100644 tripleo_ansible/roles/aide/tasks/aide_install.yml create mode 100644 tripleo_ansible/roles/aide/tasks/aide_upgrade.yml create mode 100644 tripleo_ansible/roles/aide/tasks/main.yml create mode 100644 tripleo_ansible/roles/aide/vars/main.yml create mode 100644 tripleo_ansible/roles/aide/vars/redhat.yml diff --git a/doc/source/roles/role-aide.rst b/doc/source/roles/role-aide.rst new file mode 100644 index 000000000..13427c0d0 --- /dev/null +++ b/doc/source/roles/role-aide.rst @@ -0,0 +1,23 @@ +=========================== +TripleO-Ansible Role - aide +=========================== + +This role provides for the following services: + + * aide + + +Default variables +~~~~~~~~~~~~~~~~~ + +.. literalinclude:: ../../../tripleo_ansible/roles/aide/defaults/main.yml + :language: yaml + :start-after: under the License. + + +Example playbook +~~~~~~~~~~~~~~~~ + +.. literalinclude:: ../../../tripleo_ansible/roles/aide/molecule/default/playbook.yml + :language: yaml + :start-after: under the License. diff --git a/tox.ini b/tox.ini index 5ebb26783..22478c95f 100644 --- a/tox.ini +++ b/tox.ini @@ -119,6 +119,12 @@ deps = molecule>=2.22rc1 selinux +[testenv:mol-aide] +basepython = {[testenv:mol]basepython} +deps = {[testenv:mol]deps} +changedir = {toxinidir}/tripleo_ansible/roles/aide +commands = python -m pytest --color=yes --html={envlogdir}/reports.html --self-contained-html {tty:-s} {toxinidir}/tests/test_molecule.py + [testenv:mol-test_deps] basepython={[testenv:mol]basepython} deps={[testenv:mol]deps} diff --git a/tripleo_ansible/roles/aide/README.md b/tripleo_ansible/roles/aide/README.md new file mode 100644 index 000000000..c56df68a6 --- /dev/null +++ b/tripleo_ansible/roles/aide/README.md @@ -0,0 +1,4 @@ +Aide +==== + +Ansible role to install and configure aide diff --git a/tripleo_ansible/roles/aide/defaults/main.yml b/tripleo_ansible/roles/aide/defaults/main.yml new file mode 100644 index 000000000..97c33343c --- /dev/null +++ b/tripleo_ansible/roles/aide/defaults/main.yml @@ -0,0 +1,52 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +# All variables intended for modification should place placed in this file. + +# All variables within this role should have a prefix of "aide" +aide_debug: false + +# Packages installed on the local system. Allows user to define this list +# otherwise it will inherit from the OS specific variable file(s). +aide_system_packages: "{{ _aide_system_packages | default([]) }}" + +# A hash of Aide rules +aide_rules: {} + +# Aide configuration file +aide_conf_path: /etc/aide.conf + +# Aide integrity database location +aide_db_path: /var/lib/aide/aide.db + +# Aide integrity database temp location +aide_db_temp_path: /var/lib/aide/aide.db.new + +# User which creates and runs the cron job for aide +aide_cron_user: root + +# Hour value for Cron Job +aide_hour: 11 + +# Minute value for Cron Job +aide_minute: 30 + +# Email address to send reports on Cron Job +aide_email: '' + +# Full POSIX path to mail binary +aide_mua_path: /bin/mail diff --git a/tripleo_ansible/roles/aide/files/.gitkeep b/tripleo_ansible/roles/aide/files/.gitkeep new file mode 100644 index 000000000..e69de29bb diff --git a/tripleo_ansible/roles/aide/handlers/main.yml b/tripleo_ansible/roles/aide/handlers/main.yml new file mode 100644 index 000000000..dfd4c7352 --- /dev/null +++ b/tripleo_ansible/roles/aide/handlers/main.yml @@ -0,0 +1,15 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. diff --git a/tripleo_ansible/roles/aide/meta/main.yml b/tripleo_ansible/roles/aide/meta/main.yml new file mode 100644 index 000000000..311ceddf7 --- /dev/null +++ b/tripleo_ansible/roles/aide/meta/main.yml @@ -0,0 +1,44 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +galaxy_info: + author: OpenStack + description: TripleO OpenStack Role -- aide + company: Red Hat + license: Apache-2.0 + min_ansible_version: 2.7 + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + platforms: + - name: Fedora + versions: + - 28 + - name: CentOS + versions: + - 7 + + galaxy_tags: + - tripleo + + +# List your role dependencies here, one per line. Be sure to remove the '[]' above, +# if you add dependencies to this list. +dependencies: [] diff --git a/tripleo_ansible/roles/aide/molecule/default/Dockerfile b/tripleo_ansible/roles/aide/molecule/default/Dockerfile new file mode 100644 index 000000000..fcdbd2990 --- /dev/null +++ b/tripleo_ansible/roles/aide/molecule/default/Dockerfile @@ -0,0 +1,37 @@ +# Molecule managed +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} + +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash {{ item.pkg_extras | default('') }} && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl python-setuptools bash {{ item.pkg_extras | default('') }} && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml {{ item.pkg_extras | default('') }} && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates {{ item.pkg_extras | default('') }}; \ + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates {{ item.pkg_extras | default('') }} && xbps-remove -O; fi + +{% for pkg in item.easy_install | default([]) %} +# install pip for centos where there is no python-pip rpm in default repos +RUN easy_install {{ pkg }} +{% endfor %} + + +CMD ["sh", "-c", "while true; do sleep 10000; done"] \ No newline at end of file diff --git a/tripleo_ansible/roles/aide/molecule/default/molecule.yml b/tripleo_ansible/roles/aide/molecule/default/molecule.yml new file mode 100644 index 000000000..3a32890d4 --- /dev/null +++ b/tripleo_ansible/roles/aide/molecule/default/molecule.yml @@ -0,0 +1,48 @@ +--- +driver: + name: docker + +log: true + +platforms: + - name: centos7 + hostname: centos7 + image: centos:7 + dockerfile: Dockerfile + pkg_extras: python-setuptools + easy_install: + - pip + environment: &env + http_proxy: "{{ lookup('env', 'http_proxy') }}" + https_proxy: "{{ lookup('env', 'https_proxy') }}" + + - name: fedora28 + hostname: fedora28 + image: fedora:28 + dockerfile: Dockerfile + pkg_extras: python*-setuptools + environment: + <<: *env + +provisioner: + name: ansible + log: true + env: + ANSIBLE_STDOUT_CALLBACK: yaml + +scenario: + test_sequence: + - destroy + - create + - prepare + - converge + - verify + - destroy + +lint: + enabled: false + +verifier: + name: testinfra + lint: + name: flake8 diff --git a/tripleo_ansible/roles/aide/molecule/default/playbook.yml b/tripleo_ansible/roles/aide/molecule/default/playbook.yml new file mode 100644 index 000000000..22cf4717b --- /dev/null +++ b/tripleo_ansible/roles/aide/molecule/default/playbook.yml @@ -0,0 +1,24 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: Converge + hosts: all + roles: + - role: "aide" + post_tasks: + - include_role: + name: aide # Role is include as a post task to test upgrade logic diff --git a/tripleo_ansible/roles/aide/molecule/default/prepare.yml b/tripleo_ansible/roles/aide/molecule/default/prepare.yml new file mode 100644 index 000000000..6f160cdbb --- /dev/null +++ b/tripleo_ansible/roles/aide/molecule/default/prepare.yml @@ -0,0 +1,26 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: Prepare + hosts: all + roles: + - role: test_deps + post_tasks: + - name: Ensure cronie is installed + package: + name: cronie + state: present diff --git a/tripleo_ansible/roles/aide/molecule/default/verify.yml b/tripleo_ansible/roles/aide/molecule/default/verify.yml new file mode 100644 index 000000000..dfd4c7352 --- /dev/null +++ b/tripleo_ansible/roles/aide/molecule/default/verify.yml @@ -0,0 +1,15 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. diff --git a/tripleo_ansible/roles/aide/tasks/aide_config.yml b/tripleo_ansible/roles/aide/tasks/aide_config.yml new file mode 100644 index 000000000..dbb0dfaa3 --- /dev/null +++ b/tripleo_ansible/roles/aide/tasks/aide_config.yml @@ -0,0 +1,94 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: Check for aide db + stat: + path: "{{ aide_db_path }}" + register: aide_db_path_check + +- name: Ensure aide DB config is set + lineinfile: + path: "{{ aide_conf_path }}" + line: "{{ item.line }}" + create: true + when: + - item.condition | bool + with_items: + - line: "database=file:{{ aide_db_path }}" + condition: true + - line: "database_out=file:{{ aide_db_temp_path }}" + condition: "{{ not (aide_db_path_check.stat.exists | bool) }}" + - line: "database_new=file:{{ aide_db_temp_path }}" + condition: "{{ not (aide_db_path_check.stat.exists | bool) }}" + +- name: Initialize aide database + command: >- + /usr/sbin/aide --init --config {{ aide_conf_path }} + changed_when: false + no_log: true + args: + creates: "{{ aide_db_path }}" + +- name: Check for tmp aide db + stat: + path: "{{ aide_db_temp_path }}" + register: aide_db_temp_path_check + +- name: Copy aide db + copy: + src: "{{ aide_db_temp_path }}" + dest: "{{ aide_db_path }}" + remote_src: true + when: + - aide_db_temp_path_check.stat.exists | bool + - not (aide_db_path_check.stat.exists | bool) + +- name: Set aide command fact with email + set_fact: + aide_command: >- + /usr/sbin/aide + --check + --config {{ aide_conf_path }} + | {{ aide_mua_path }} + -s '{{ ansible_fqdn }} - AIDE integrity check' {{ aide_email }} + when: + - aide_email.find("v=" ~ "@") == -1 + +- name: Email aide block + when: + - aide_email.find("v=" ~ "@") != -1 + block: + - name: Ensure audit directory exists + file: + path: "/var/log/audit" + state: directory + + - name: Set aide command fact + set_fact: + aide_command: >- + /usr/sbin/aide + --check + --config {{ aide_conf_path }} + > /var/log/audit/aide_$(date +%Y-%m-%d).log + +- name: Create aide cron entry + cron: + name: "aide" + job: "{{ aide_command }}" + user: "{{ aide_cron_user }}" + hour: "{{ aide_hour | string }}" + minute: "{{ aide_minute | string }}" diff --git a/tripleo_ansible/roles/aide/tasks/aide_install.yml b/tripleo_ansible/roles/aide/tasks/aide_install.yml new file mode 100644 index 000000000..83b207af9 --- /dev/null +++ b/tripleo_ansible/roles/aide/tasks/aide_install.yml @@ -0,0 +1,23 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: Ensure Aide is installed + package: + name: "{{ aide_system_packages }}" + state: present + +- include_tasks: aide_config.yml diff --git a/tripleo_ansible/roles/aide/tasks/aide_upgrade.yml b/tripleo_ansible/roles/aide/tasks/aide_upgrade.yml new file mode 100644 index 000000000..9ff0384a8 --- /dev/null +++ b/tripleo_ansible/roles/aide/tasks/aide_upgrade.yml @@ -0,0 +1,40 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: Ensure Aide is installed and updated + package: + name: "{{ aide_system_packages }}" + state: latest + +- name: Initialize aide database + command: >- + /usr/sbin/aide --init --config {{ aide_conf_path }} + changed_when: false + no_log: true + +- name: Check for tmp aide db + stat: + path: "{{ aide_db_temp_path }}" + register: aide_db_temp_path_check + +- name: Copy new aide db + copy: + src: "{{ aide_db_temp_path }}" + dest: "{{ aide_db_path }}" + remote_src: true + when: + - aide_db_temp_path_check.stat.exists | bool diff --git a/tripleo_ansible/roles/aide/tasks/main.yml b/tripleo_ansible/roles/aide/tasks/main.yml new file mode 100644 index 000000000..0566fe298 --- /dev/null +++ b/tripleo_ansible/roles/aide/tasks/main.yml @@ -0,0 +1,45 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +# "aide" will search for and load any operating system variable file +# found within the "vars/" path. If no OS files are found the task will skip. +- name: Gather variables for each operating system + include_vars: "{{ item }}" + with_first_found: + - skip: true + files: + - "{{ ansible_distribution | lower }}-{{ ansible_distribution_version | lower }}.yml" + - "{{ ansible_distribution | lower }}-{{ ansible_distribution_major_version | lower }}.yml" + - "{{ ansible_os_family | lower }}-{{ ansible_distribution_major_version | lower }}.yml" + - "{{ ansible_distribution | lower }}.yml" + - "{{ ansible_os_family | lower }}-{{ ansible_distribution_version.split('.')[0] }}.yml" + - "{{ ansible_os_family | lower }}.yml" + tags: + - always + +- name: Check for aide + stat: + path: "/usr/sbin/aide" + register: aide_path_check + +- include_tasks: "aide_install.yml" + when: + - not (aide_path_check.stat.exists | bool) + +- include_tasks: "aide_upgrade.yml" + when: + - aide_path_check.stat.exists | bool diff --git a/tripleo_ansible/roles/aide/vars/main.yml b/tripleo_ansible/roles/aide/vars/main.yml new file mode 100644 index 000000000..d4719abd0 --- /dev/null +++ b/tripleo_ansible/roles/aide/vars/main.yml @@ -0,0 +1,22 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +# While options found within the vars/ path can be overridden using extra +# vars, items within this path are considered part of the role and not +# intended to be modified. + +# All variables within this role should have a prefix of "{{ role_name }}" diff --git a/tripleo_ansible/roles/aide/vars/redhat.yml b/tripleo_ansible/roles/aide/vars/redhat.yml new file mode 100644 index 000000000..f18c17fd8 --- /dev/null +++ b/tripleo_ansible/roles/aide/vars/redhat.yml @@ -0,0 +1,18 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +_aide_system_packages: + - aide diff --git a/zuul.d/jobs.yaml b/zuul.d/jobs.yaml index 86fc8417c..299d23b98 100644 --- a/zuul.d/jobs.yaml +++ b/zuul.d/jobs.yaml @@ -14,6 +14,14 @@ - ^tripleo_ansible/doc/.* - ^tripleo_ansible/README.rst +- job: + name: tripleo-ansible-centos-7-molecule-aide + parent: tripleo-ansible-centos + files: + - ^tripleo_ansible/roles/aide/.* + vars: + tox_envlist: mol-aide + - job: name: tripleo-ansible-centos-7-molecule-test_deps parent: tripleo-ansible-centos diff --git a/zuul.d/layout.yaml b/zuul.d/layout.yaml index 817c2a9a5..7860b789e 100644 --- a/zuul.d/layout.yaml +++ b/zuul.d/layout.yaml @@ -3,6 +3,7 @@ check: jobs: - openstack-tox-linters + - tripleo-ansible-centos-7-molecule-aide - tripleo-ansible-centos-7-molecule-test_deps - tripleo-ansible-centos-7-molecule-test_json_error_callback - tripleo-ansible-centos-7-molecule-test_package_action