Added default whitelist

Change-Id: I32318739661629d733fde4fb0c168108cf490eb5
This commit is contained in:
Dmitry Nikishov 2016-11-17 08:22:28 +00:00
parent 5d697ffbab
commit a2bd542d26
3 changed files with 62 additions and 1 deletions

View File

@ -180,5 +180,12 @@ Example YAML file with whitelist rules:
rule: Service[nova-compute]/ensure
```
The default whitelist can be loaded with following command
```
fuel2 audit whitelist load fromfile <env-id> /usr/lib/python2.7/site-packages/fuel_external_git/default_whitelist.yaml
```
Note: this whitelist is not complete as it has been put together on following configuration:
MOS 9.1, Ubuntu, 1 controller, 1 compute+cinder lvm, Neutron GRE.
### REST API
API documentation can be found [here](./doc/api.md)

View File

@ -0,0 +1,54 @@
- fuel_task: netconfig
rule: 'Service[irqbalance]/ensure'
- fuel_task: netconfig
rule: 'Notify[SDN]'
- fuel_task: netconfig
rule: 'Disable_hotplug[global]'
- fuel_task: netconfig
rule: 'L23_stored_config'
- fuel_task: netconfig
rule: 'vendor_specific'
- fuel_task: netconfig
rule: 'external_ids'
- fuel_task: netconfig
rule: 'L3_clear_route[default]'
- fuel_task: netconfig
rule: 'br-floating'
- fuel_task: netconfig
rule: 'Exec[wait-for-interfaces]'
- fuel_task: configuration_symlink
rule: 'Exec[configuration_symlink_shell]'
- fuel_task: sync_time
rule: 'Exec[sync_time_shell]'
- fuel_task: generate_keys
rule: 'Exec[generate_keys_shell]'
- fuel_task: sriov_iommu_check
rule: 'Exec[sriov_iommu_check]'
- fuel_task: primary-database
rule: 'Mysql::Server::Root_password/File[/root/.my.cnf]/target'
- fuel_task: openstack-network-common-config
rule: 'Sysctl_runtime[net.ipv4.neigh.default.gc_thresh1]/val'
- fuel_task: openstack-network-common-config
rule: 'Sysctl_runtime[net.ipv4.neigh.default.gc_thresh2]/val'
- fuel_task: openstack-network-common-config
rule: 'Sysctl_runtime[net.ipv4.neigh.default.gc_thresh3]/val'
- fuel_task: top-role-compute
rule: 'Notify[Module openstack_tasks cannot notify service nova-compute on packages update]'
- fuel_task: top-role-compute
rule: 'Nova/Nova_config[cinder/os_region_name]/ensure'
- fuel_task: top-role-compute
rule: 'Nova::Deps/Anchor[nova::config::end]'
- fuel_task: top-role-compute
rule: 'Nova::Deps/Anchor[nova::service::begin]'
- fuel_task: top-role-compute
rule: 'Nova::Deps/Anchor[nova::service::end]'
- fuel_task: top-role-compute
rule: 'Nova::Compute/Nova::Generic_service[compute]/Service[nova-compute]'
- fuel_task: top-role-cinder
rule: 'Cinder::Volume/Service[cinder-volume]/ensure'
- fuel_task: workloads_collector_add
rule: 'Openstack::Workloads_collector/Keystone_tenant[services]/description'
- fuel_task: generate_keys_ceph
rule: 'Main/Exec[generate_keys_ceph_shell]/returns'
- fuel_task: openrc-delete
rule: 'Openstack_tasks::Keystone::Openrc_delete/File[/root/openrc]/ensure'

View File

@ -93,7 +93,7 @@ class Audit(lister.Lister, command.Command):
changes = filter(lambda c:
len(filter(lambda w: w['rule'] in c['resource'] and
(w['fuel_task'] == c['task_id'] or
w['fuel_task'] == ''), wl) == 0),
w['fuel_task'] == ''), wl)) == 0,
changes)
return changes