Adds service for managing securetty
This adds the ability to manage the securetty file. By allowing management of securetty, operators can limit root console access and improve security through hardening. Change-Id: I0767c9529b40a721ebce1eadc2dea263e0a5d4d7 Partial-Bug: #1665042 Depends-On: Ic4647fb823bd112648c5b8d102913baa8b4dac1cchanges/53/449153/7
parent
cd6128d0a5
commit
9945538069
@ -0,0 +1,12 @@
|
||||
resource_registry:
|
||||
OS::TripleO::Services::Securetty: ../puppet/services/securetty.yaml
|
||||
|
||||
parameter_defaults:
|
||||
TtyValues:
|
||||
- console
|
||||
- tty1
|
||||
- tty2
|
||||
- tty3
|
||||
- tty4
|
||||
- tty5
|
||||
- tty6
|
@ -0,0 +1,36 @@
|
||||
heat_template_version: ocata
|
||||
|
||||
description: >
|
||||
Configure securetty values
|
||||
|
||||
parameters:
|
||||
ServiceNetMap:
|
||||
default: {}
|
||||
description: Mapping of service_name -> network name. Typically set
|
||||
via parameter_defaults in the resource registry. This
|
||||
mapping overrides those in ServiceNetMapDefaults.
|
||||
type: json
|
||||
DefaultPasswords:
|
||||
default: {}
|
||||
type: json
|
||||
EndpointMap:
|
||||
default: {}
|
||||
description: Mapping of service endpoint -> protocol. Typically set
|
||||
via parameter_defaults in the resource registry.
|
||||
type: json
|
||||
TtyValues:
|
||||
default: {}
|
||||
description: Configures console values in securetty
|
||||
type: json
|
||||
constraints:
|
||||
- length: { min: 1}
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
description: Console data for the securetty
|
||||
value:
|
||||
service_name: securetty
|
||||
config_settings:
|
||||
tripleo::profile::base::securetty::tty_list: {get_param: TtyValues}
|
||||
step_config: |
|
||||
include ::tripleo::profile::base::securetty
|
Loading…
Reference in New Issue