tripleo-heat-templates/puppet/services/auditd.yaml

66 lines
1.8 KiB
YAML

heat_template_version: queens
description: >
AuditD configured with Puppet
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
AuditdRules:
description: Mapping of auditd rules
type: json
default: {}
outputs:
role_data:
description: Role data for the auditd service
value:
service_name: auditd
config_settings:
auditd::rules: {get_param: AuditdRules}
step_config: |
include ::tripleo::profile::base::auditd
upgrade_tasks:
- name: Check if auditd is deployed
command: systemctl is-enabled auditd
tags: common
ignore_errors: True
register: auditd_enabled
- name: "PreUpgrade step0,validation: Check if auditd is running"
shell: >
/usr/bin/systemctl show 'auditd' --property ActiveState |
grep '\bactive\b'
when:
- step|int == 0
- auditd_enabled.rc == 0
tags: validation
- name: Stop auditd service
when:
- step|int == 2
- auditd_enabled.rc == 0
service: name=auditd state=stopped