blob: 8085ac8be7e4d42efd309d1228b5ea9765531515 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
|
heat_template_version: ocata
description: >
AuditD configured with Puppet
parameters:
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
AuditdRules:
description: Mapping of auditd rules
type: json
default: {}
outputs:
role_data:
description: Role data for the auditd service
value:
service_name: auditd
config_settings:
auditd::rules: {get_param: AuditdRules}
step_config: |
include ::tripleo::profile::base::auditd
upgrade_tasks:
- name: Check if auditd is deployed
command: systemctl is-enabled auditd
tags: common
ignore_errors: True
register: auditd_enabled
- name: "PreUpgrade step0,validation: Check if auditd is running"
shell: >
/usr/bin/systemctl show 'auditd' --property ActiveState |
grep '\bactive\b'
when: auditd_enabled.rc == 0
tags: step0,validation
- name: Stop auditd service
tags: step2
when: auditd_enabled.rc == 0
service: name=auditd state=stopped
|
