diff options
-rw-r--r-- | capabilities-map.yaml | 5 | ||||
-rw-r--r-- | ci/environments/scenario001-multinode.yaml | 9 | ||||
-rw-r--r-- | environments/hyperconverged-ceph.yaml | 1 | ||||
-rw-r--r-- | environments/securetty.yaml | 12 | ||||
-rw-r--r-- | overcloud-resource-registry-puppet.j2.yaml | 1 | ||||
-rw-r--r-- | puppet/services/securetty.yaml | 36 | ||||
-rw-r--r-- | roles_data.yaml | 5 |
7 files changed, 69 insertions, 0 deletions
diff --git a/capabilities-map.yaml b/capabilities-map.yaml index 85c327c1..947ba8b6 100644 --- a/capabilities-map.yaml +++ b/capabilities-map.yaml @@ -597,3 +597,8 @@ topics: environments: - file: environments/cadf.yaml title: Keystone CADF auditing + - title: SecureTTY Values + description: Set values within /etc/securetty + environments: + - file: environments/securetty.yaml + title: SecureTTY Values diff --git a/ci/environments/scenario001-multinode.yaml b/ci/environments/scenario001-multinode.yaml index 63e51e29..5dd1f0f6 100644 --- a/ci/environments/scenario001-multinode.yaml +++ b/ci/environments/scenario001-multinode.yaml @@ -51,6 +51,7 @@ parameter_defaults: - OS::TripleO::Services::Ntp - OS::TripleO::Services::Snmp - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Securetty - OS::TripleO::Services::Timezone - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaLibvirt @@ -124,3 +125,11 @@ parameter_defaults: MonitoringRabbitHost: 127.0.0.1 MonitoringRabbitPort: 5676 MonitoringRabbitPassword: sensu + TtyValues: + - console + - tty1 + - tty2 + - tty3 + - tty4 + - tty5 + - tty6 diff --git a/environments/hyperconverged-ceph.yaml b/environments/hyperconverged-ceph.yaml index 8f74ec35..7b778aad 100644 --- a/environments/hyperconverged-ceph.yaml +++ b/environments/hyperconverged-ceph.yaml @@ -13,6 +13,7 @@ parameter_defaults: - OS::TripleO::Services::Ntp - OS::TripleO::Services::Snmp - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Securetty - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaLibvirt - OS::TripleO::Services::Kernel diff --git a/environments/securetty.yaml b/environments/securetty.yaml new file mode 100644 index 00000000..cdadf376 --- /dev/null +++ b/environments/securetty.yaml @@ -0,0 +1,12 @@ +resource_registry: + OS::TripleO::Services::Securetty: ../puppet/services/securetty.yaml + +parameter_defaults: + TtyValues: + - console + - tty1 + - tty2 + - tty3 + - tty4 + - tty5 + - tty6 diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml index a7c9b0a6..a97ae296 100644 --- a/overcloud-resource-registry-puppet.j2.yaml +++ b/overcloud-resource-registry-puppet.j2.yaml @@ -178,6 +178,7 @@ resource_registry: OS::TripleO::Services::SaharaApi: OS::Heat::None OS::TripleO::Services::SaharaEngine: OS::Heat::None OS::TripleO::Services::Sshd: OS::Heat::None + OS::TripleO::Services::Securetty: OS::Heat::None OS::TripleO::Services::Redis: puppet/services/database/redis.yaml OS::TripleO::Services::NovaConductor: puppet/services/nova-conductor.yaml OS::TripleO::Services::MongoDb: puppet/services/database/mongodb.yaml diff --git a/puppet/services/securetty.yaml b/puppet/services/securetty.yaml new file mode 100644 index 00000000..6d32fe82 --- /dev/null +++ b/puppet/services/securetty.yaml @@ -0,0 +1,36 @@ +heat_template_version: ocata + +description: > + Configure securetty values + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + TtyValues: + default: {} + description: Configures console values in securetty + type: json + constraints: + - length: { min: 1} + +outputs: + role_data: + description: Console data for the securetty + value: + service_name: securetty + config_settings: + tripleo::profile::base::securetty::tty_list: {get_param: TtyValues} + step_config: | + include ::tripleo::profile::base::securetty diff --git a/roles_data.yaml b/roles_data.yaml index 32bb393a..7ddb2ee0 100644 --- a/roles_data.yaml +++ b/roles_data.yaml @@ -82,6 +82,7 @@ - OS::TripleO::Services::SwiftRingBuilder - OS::TripleO::Services::Snmp - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Securetty - OS::TripleO::Services::Timezone - OS::TripleO::Services::CeilometerCollector - OS::TripleO::Services::CeilometerExpirer @@ -143,6 +144,7 @@ - OS::TripleO::Services::Ntp - OS::TripleO::Services::Snmp - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Securetty - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaLibvirt - OS::TripleO::Services::Kernel @@ -172,6 +174,7 @@ - OS::TripleO::Services::Timezone - OS::TripleO::Services::Snmp - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Securetty - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::SensuClient @@ -191,6 +194,7 @@ - OS::TripleO::Services::SwiftRingBuilder - OS::TripleO::Services::Snmp - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Securetty - OS::TripleO::Services::Timezone - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::TripleoFirewall @@ -209,6 +213,7 @@ - OS::TripleO::Services::Ntp - OS::TripleO::Services::Snmp - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Securetty - OS::TripleO::Services::Timezone - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::TripleoFirewall |