heat_template_version: pike description: > AuditD configured with Puppet parameters: ServiceData: default: {} description: Dictionary packing service data type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set via parameter_defaults in the resource registry. This mapping overrides those in ServiceNetMapDefaults. type: json DefaultPasswords: default: {} type: json RoleName: default: '' description: Role name on which the service is applied type: string RoleParameters: default: {} description: Parameters specific to the role type: json EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json AuditdRules: description: Mapping of auditd rules type: json default: {} outputs: role_data: description: Role data for the auditd service value: service_name: auditd config_settings: auditd::rules: {get_param: AuditdRules} step_config: | include ::tripleo::profile::base::auditd upgrade_tasks: - name: Check if auditd is deployed command: systemctl is-enabled auditd tags: common ignore_errors: True register: auditd_enabled - name: "PreUpgrade step0,validation: Check if auditd is running" shell: > /usr/bin/systemctl show 'auditd' --property ActiveState | grep '\bactive\b' when: auditd_enabled.rc == 0 tags: step0,validation - name: Stop auditd service tags: step2 when: auditd_enabled.rc == 0 service: name=auditd state=stopped