44ef2a3ec1
The new master branch should point now to rocky. So, HOT templates should specify that they might contain features for rocky release [1] Also, this submission updates the yaml validation to use only latest heat_version alias. There are cases in which we will need to set the version for specific templates i.e. mixed versions, so there is added a variable to assign specific templates to specific heat_version aliases, avoiding the introductions of error by bulk replacing the the old version in new releases. [1]: https://docs.openstack.org/heat/latest/template_guide/hot_spec.html#rocky Change-Id: Ib17526d9cc453516d99d4659ee5fa51a5aa7fb4b
66 lines
1.8 KiB
YAML
66 lines
1.8 KiB
YAML
heat_template_version: rocky
|
|
|
|
description: >
|
|
AuditD configured with Puppet
|
|
|
|
parameters:
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
AuditdRules:
|
|
description: Mapping of auditd rules
|
|
type: json
|
|
default: {}
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the auditd service
|
|
value:
|
|
service_name: auditd
|
|
config_settings:
|
|
auditd::rules: {get_param: AuditdRules}
|
|
step_config: |
|
|
include ::tripleo::profile::base::auditd
|
|
upgrade_tasks:
|
|
- name: Check if auditd is deployed
|
|
command: systemctl is-enabled auditd
|
|
tags: common
|
|
ignore_errors: True
|
|
register: auditd_enabled
|
|
- name: "PreUpgrade step0,validation: Check if auditd is running"
|
|
shell: >
|
|
/usr/bin/systemctl show 'auditd' --property ActiveState |
|
|
grep '\bactive\b'
|
|
when:
|
|
- step|int == 0
|
|
- auditd_enabled.rc == 0
|
|
tags: validation
|
|
- name: Stop auditd service
|
|
when:
|
|
- step|int == 2
|
|
- auditd_enabled.rc == 0
|
|
service: name=auditd state=stopped
|