Reviewed: https://review.openstack.org/361239 Committed: https://git.openstack.org/cgit/openstack/openstack-ansible-security/commit/?id=c16d11786a2a95fc5079ae35e0222bf5d49bb3a3 Submitter: Jenkins Branch: stable/mitaka commit c16d11786a2a95fc5079ae35e0222bf5d49bb3a3 Author: Major Hayden <major at mhtx.net> Date: Mon Aug 29 11:11:09 2016 -0500 Ensure AIDE initializes on subsequent runs If a deployer installs AIDE the first time they apply the role without initializing AIDE and they want to initialize it later, the handler that does the initialization never fires. This patch does a few things: - Ensures AIDE initialization if the initialize_aide bool is True - Doesn't intialize the AIDE db if it already exists - Moves the new db into place on Red Hat systems - Moves the AIDE tasks into its own file with tags - Prevents AIDE from trawling through /var Manual backport of two reviews: * https://review.openstack.org/#/c/359554/ * https://review.openstack.org/#/c/361460/ Closes-bug: 1616281 Depends-on: I60aa62ff688d32c14031773d35af29b3cf6b6fd6 Change-Id: I170eb3898b4336333b1fbe663ec4f069823898e0 ** Tags added: in-stable-mitaka -- You received this bug notification because you are a member of OpenStack Security, which is subscribed to OpenStack. https://bugs.launchpad.net/bugs/1616281 Title: Can't initialize AIDE during subsequent playbook runs Status in openstack-ansible: Fix Released Bug description: AIDE isn't initialized by default because it can cause a lot of system load when it does its first check of a new system. If a deployer applies the security hardening role with ``initialize_aide`` set to False (the default), it won't be initialized. However, if they set it to True and re-run the playbook, AIDE is already configured and the handler to initialize AIDE won't execute. To manage notifications about this bug go to: https://bugs.launchpad.net/openstack-ansible/+bug/1616281/+subscriptions