openstack
/
tripleo-heat-templates
Code Issues Proposed changes

Convert heat template to use aide role 

This change converts the aide heat tempalate to using the aide role
from tripleo-ansible.

Depends-On: I3a34152dd0cd7363a6f138d6e1c6fd0f062a3ac6
Change-Id: I20b5e91c2d5f03b5cfd78b5568ee9b0d8c1f6157
Signed-off-by: Kevin Carter <kecarter@redhat.com>
This commit is contained in:
Kevin Carter 2019-06-12 07:32:26 -05:00 committed by Kevin Carter (cloudnull)
parent d2f86a255a
commit 84b78e8dd2
1 changed files with 1 additions and 113 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

114
deployment/aide/aide-baremetal-ansible.yaml
View File

@ -29,10 +29,6 @@ parameters:
default: {}
description: Dictionary packing service data
type: json
EnablePackageInstall:
default: 'false'
description: Set to true to enable package installation at deploy time
type: boolean
AideConfPath:
description: Aide configuration file
type: string
@ -76,115 +72,8 @@ outputs:
value:
service_name: aide
host_prep_tasks:
- name: Ensure Aide is installed
package:
- include_role:
name: aide
state: present
when:
- EnablePackageInstall | default(false) | bool
- name: Check for aide db
stat:
path: "{{ aide_db_path }}"
register: aide_db_path_check
- name: Ensure aide DB config is set
lineinfile:
path: "{{ aide_conf_path }}"
line: "{{ item.line }}"
create: true
when:
- item.condition | bool
with_items:
- line: "database=file:{{ aide_db_path }}"
condition: true
- line: "database_out=file:{{ aide_db_temp_path }}"
condition: "{{ not (aide_db_path_check.stat.exists | bool) }}"
- line: "database_new=file:{{ aide_db_temp_path }}"
condition: "{{ not (aide_db_path_check.stat.exists | bool) }}"
- name: Initialize aide database
command: >-
/usr/sbin/aide --init --config {{ aide_conf_path }}
no_log: true
args:
creates: "{{ aide_db_path }}"
- name: Check for tmp aide db
stat:
path: "{{ aide_db_temp_path }}"
register: aide_db_temp_path_check
- name: Copy aide db
copy:
src: "{{ aide_db_temp_path }}"
dest: "{{ aide_db_path }}"
remote_src: yes
when:
- aide_db_temp_path_check.stat.exists | bool
- not (aide_db_path_check.stat.exists | bool)
- name: Set aide command fact with email
set_fact:
aide_command: >-
/usr/sbin/aide
--check
--config {{ aide_conf_path }}
| {{ aide_mua_path }}
-s '{{ ansible_fqdn }} - AIDE integrity check' {{ aide_email }}
when:
- aide_email.find("v=" ~ "@") == -1
- name: Email aide block
when:
- aide_email.find("v=" ~ "@") != -1
block:
- name: Ensure audit directory exists
file:
path: "/var/log/audit"
state: directory
- name: Set aide command fact
set_fact:
aide_command: >-
/usr/sbin/aide
--check
--config {{ aide_conf_path }}
> /var/log/audit/aide_$(date +%Y-%m-%d).log
- name: Create aide cron entry
cron:
name: "aide"
job: "{{ aide_command }}"
user: "{{ aide_cron_user }}"
hour: "{{ aide_hour | string }}"
minute: "{{ aide_minute | string }}"
upgrade_tasks:
- name: Ensure Aide is installed and updated
package:
name: aide
state: latest
when:
- EnablePackageInstall | default(false) | bool
- name: Initialize aide database
command: >-
/usr/sbin/aide --init --config {{ aide_conf_path }}
- name: Check for tmp aide db
stat:
path: "{{ aide_db_temp_path }}"
register: aide_db_temp_path_check
- name: Copy new aide db
copy:
src: "{{ aide_db_temp_path }}"
dest: "{{ aide_db_path }}"
remote_src: yes
when:
- aide_db_temp_path_check.stat.exists | bool
ansible_group_vars:
aide_rules: {get_param: AideRules}
aide_conf_path: {get_param: AideConfPath}
@ -195,4 +84,3 @@ outputs:
aide_minute: {get_param: AideMinute}
aide_email: {get_param: AideEmail}
aide_mua_path: {get_param: AideMuaPath}
EnablePackageInstall: {get_param: EnablePackageInstall}