summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorYifei Xue <xueyifei@huawei.com>2017-12-22 09:57:50 +0800
committerYifei Xue <xueyifei@huawei.com>2017-12-22 10:01:58 +0800
commit8025799fe68370cab9bb5c20a5baaf1cf5ff8996 (patch)
treedc7ae3446c9d432f707da94bdfdd64ba28bf2712
parent04365d3ec1e03edc8895058f776385afcd57d2ef (diff)
Fix the path of chrony.keys
The path of chrony.keys on CentOS is different from the one on Ubuntu. So change the definition of keyfile to use variable defined in vars. Change-Id: Ibb54318d5fff452857d917e3b13af6bae26a1b55 Signed-off-by: Yifei Xue <xueyifei@huawei.com>
Notes
Notes (review): Code-Review+2: Andy McCrae <andy.mccrae@googlemail.com> Code-Review+2: Markos Chandras (hwoarang) <mchandras@suse.de> Workflow+1: Markos Chandras (hwoarang) <mchandras@suse.de> Verified+2: Zuul Submitted-by: Zuul Submitted-at: Tue, 02 Jan 2018 15:20:16 +0000 Reviewed-on: https://review.openstack.org/529728 Project: openstack/ansible-hardening Branch: refs/heads/master
-rw-r--r--templates/chrony.conf.j22
-rw-r--r--vars/debian.yml1
-rw-r--r--vars/redhat.yml1
-rw-r--r--vars/suse.yml1
4 files changed, 4 insertions, 1 deletions
diff --git a/templates/chrony.conf.j2 b/templates/chrony.conf.j2
index 968abfb..d7a6c8f 100644
--- a/templates/chrony.conf.j2
+++ b/templates/chrony.conf.j2
@@ -27,7 +27,7 @@ server {{ ntp_server }} offline maxpoll 10 minpoll 8
27# password is generated by a random process at install time. You may 27# password is generated by a random process at install time. You may
28# change it if you wish. 28# change it if you wish.
29 29
30keyfile /etc/chrony/chrony.keys 30keyfile {{ chrony_key_file }}
31 31
32# Set runtime command key. Note that if you change the key (not the 32# Set runtime command key. Note that if you change the key (not the
33# password) to anything other than 1 you will need to edit 33# password) to anything other than 1 you will need to edit
diff --git a/vars/debian.yml b/vars/debian.yml
index e89dffc..1c5f189 100644
--- a/vars/debian.yml
+++ b/vars/debian.yml
@@ -34,6 +34,7 @@ aide_cron_job_path: /etc/cron.daily/aide
34aide_database_file: /var/lib/aide/aide.db 34aide_database_file: /var/lib/aide/aide.db
35aide_database_out_file: /var/lib/aide/aide.db.new 35aide_database_out_file: /var/lib/aide/aide.db.new
36chrony_conf_file: /etc/chrony/chrony.conf 36chrony_conf_file: /etc/chrony/chrony.conf
37chrony_key_file: /etc/chrony/chrony.keys
37daemon_init_params_file: /etc/init.d/rc 38daemon_init_params_file: /etc/init.d/rc
38 39
39# Service name 40# Service name
diff --git a/vars/redhat.yml b/vars/redhat.yml
index 9949e87..8831b76 100644
--- a/vars/redhat.yml
+++ b/vars/redhat.yml
@@ -30,6 +30,7 @@ aide_cron_job_path: /etc/cron.d/aide
30aide_database_file: /var/lib/aide/aide.db.gz 30aide_database_file: /var/lib/aide/aide.db.gz
31aide_database_out_file: /var/lib/aide/aide.db.new.gz 31aide_database_out_file: /var/lib/aide/aide.db.new.gz
32chrony_conf_file: /etc/chrony.conf 32chrony_conf_file: /etc/chrony.conf
33chrony_key_file: /etc/chrony.keys
33daemon_init_params_file: /etc/init.d/functions 34daemon_init_params_file: /etc/init.d/functions
34pkg_mgr_config: "{{ (ansible_pkg_mgr == 'yum') | ternary('/etc/yum.conf', '/etc/dnf/dnf.conf') }}" 35pkg_mgr_config: "{{ (ansible_pkg_mgr == 'yum') | ternary('/etc/yum.conf', '/etc/dnf/dnf.conf') }}"
35 36
diff --git a/vars/suse.yml b/vars/suse.yml
index f9ec6f3..6a7203d 100644
--- a/vars/suse.yml
+++ b/vars/suse.yml
@@ -32,6 +32,7 @@ aide_cron_job_path: /etc/cron.daily/aide
32aide_database_file: /var/lib/aide/aide.db 32aide_database_file: /var/lib/aide/aide.db
33aide_database_out_file: /var/lib/aide/aide.db.new 33aide_database_out_file: /var/lib/aide/aide.db.new
34chrony_conf_file: /etc/chrony.conf 34chrony_conf_file: /etc/chrony.conf
35chrony_key_file: /etc/chrony.keys
35daemon_init_params_file: /etc/rc.status 36daemon_init_params_file: /etc/rc.status
36pkg_mgr_config: /etc/zypp/zypp.conf 37pkg_mgr_config: /etc/zypp/zypp.conf
37 38