heat_template_version: queens
description: >
  Aide service configured with Puppet

parameters:
  ServiceNetMap:
    default: {}
    description: Mapping of service_name -> network name. Typically set
                 via parameter_defaults in the resource registry.  This
                 mapping overrides those in ServiceNetMapDefaults.
    type: json
  DefaultPasswords:
    default: {}
    type: json
  RoleName:
    default: ''
    description: Role name on which the service is applied
    type: string
  RoleParameters:
    default: {}
    description: Parameters specific to the role
    type: json
  EndpointMap:
    default: {}
    description: Mapping of service endpoint -> protocol. Typically set
                 via parameter_defaults in the resource registry.
    type: json
  ServiceData:
    default: {}
    description: Dictionary packing service data
    type: json
  AideConfPath:
    description: Aide configuration file
    type: string
    default: '/etc/aide.conf'
  AideDBPath:
    description: Aide integrity database location
    type: string
    default: '/var/lib/aide/aide.db'
  AideDBTempPath:
    description: Aide integrity database temp location
    type: string
    default: '/var/lib/aide/aide.db.new'
  AideHour:
    description: Hour value for Cron Job
    type: number
    default: 11
  AideCronUser:
    description: User which creates and runs the cron job for aide
    type: string
    default: 'root'
  AideMinute:
    description: Minute value for Cron Job
    type: number
    default: 30
  AideEmail:
    description: Email address to send reports on Cron Job
    type: string
    default: ''
  AideMuaPath:
    description: Full POSIX path to mail binary
    type: string
    default: '/bin/mail'
  AideRules:
    description: A hash of Aide rules
    type: json
    default: {}

outputs:
  role_data:
    description: Role data for the aide service
    value:
      service_name: aide
      config_settings:
        tripleo::profile::base::aide::aide_rules: {get_param: AideRules}
        tripleo::profile::base::aide::aide_conf_path: {get_param: AideConfPath}
        tripleo::profile::base::aide::aide_db_path: {get_param: AideDBPath}
        tripleo::profile::base::aide::aide_db_temp_path: {get_param: AideDBTempPath}
        tripleo::profile::base::aide::cron::aide_cron_user: {get_param: AideCronUser}
        tripleo::profile::base::aide::cron::aide_hour: {get_param: AideHour}
        tripleo::profile::base::aide::cron::aide_minute: {get_param: AideMinute}
        tripleo::profile::base::aide::cron::aide_email: {get_param: AideEmail}
        tripleo::profile::base::aide::cron::aide_mua_path: {get_param: AideMuaPath}
      step_config: |
        include ::tripleo::profile::base::aide
      upgrade_tasks:
       - name: Ensure Aide is installed
         when: step|int == 4
         yum: name=aide state=latest
       - name: re-init database
         when: step|int == 5
         shell: aide --init --config $(hiera tripleo::profile::base::aide::aide_conf_path)
       - name: cp-new-aide-db
         when: step|int == 5
         shell: /bin/cp -f $(hiera tripleo::profile::base::aide::aide_db_temp_path) $(hiera tripleo::profile::base::aide::aide_db_path)