58ac7a8a7a
This patch adds the bits needed to implement automated syntax/lint role testing. It also moves the role into the base repository so that the role becomes fully compatible with ansible-galaxy to improve the role's consumability. Change-Id: Ia79cd5dedbbe50dfdf46688830a989ff0897832a
95 lines
2.4 KiB
YAML
95 lines
2.4 KiB
YAML
---
|
|
# Copyright 2015, Rackspace US, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
- name: V-38429 - Install AIDE
|
|
apt:
|
|
name: aide
|
|
state: latest
|
|
tags:
|
|
- cat2
|
|
- V-38489
|
|
|
|
- name: Search for .netrc files (for V-38619)
|
|
shell: find /root /home -xdev -name .netrc | wc -l
|
|
register: v38619_result
|
|
changed_when: v38619_result.rc != 0
|
|
failed_when: "'No such file' in v38619_result.stdout"
|
|
tags:
|
|
- cat2
|
|
- V-38619
|
|
|
|
- name: V-38619 - There must be no .netrc files on the system
|
|
debug:
|
|
msg: "FAILED: .netrc files found -- they must be removed"
|
|
when: v38619_result.stdout != '0'
|
|
tags:
|
|
- cat2
|
|
- V-38619
|
|
|
|
- name: V-38620 - Synchronize system clock (installing chrony)
|
|
apt:
|
|
name: chrony
|
|
state: latest
|
|
tags:
|
|
- cat2
|
|
- V-38620
|
|
|
|
- name: V-38620 - Synchronize system clock (enable chrony)
|
|
service:
|
|
name: chrony
|
|
state: started
|
|
enabled: yes
|
|
tags:
|
|
- cat2
|
|
- V-38620
|
|
|
|
- name: V-38620 - Synchronize system clock (configuration file)
|
|
template:
|
|
src: chrony.conf.j2
|
|
dest: /etc/chrony/chrony.conf
|
|
notify:
|
|
- restart chrony
|
|
tags:
|
|
- cat2
|
|
- V-38620
|
|
|
|
# The STIG only requires that logrotate is installed and configured in cron.
|
|
# The openstack-ansible project will configure logs to be rotated weekly and
|
|
# compressed with each run. We won't change the interval here, but we will
|
|
# ensure that logrotate is installed (to meet the STIG requirement).
|
|
- name: V-38624 - System logs must be rotated daily (install logrotate)
|
|
apt:
|
|
name: logrotate
|
|
state: latest
|
|
tags:
|
|
- cat3
|
|
- V-38624
|
|
|
|
- name: Check for logrotate cron job (for V-38624)
|
|
stat:
|
|
path: /etc/cron.daily/logrotate
|
|
register: v38624_result
|
|
tags:
|
|
- cat3
|
|
- V-38624
|
|
|
|
- name: V-38624 - System logs must be rotated daily (verify cron job)
|
|
debug:
|
|
msg: "FAILED: Cron job for logrotate is missing"
|
|
when: v38624_result.stat.exists == False
|
|
tags:
|
|
- cat3
|
|
- V-38624
|