From 6e1c39237a6b1beca6bf35f2467a14035e7f69eb Mon Sep 17 00:00:00 2001
From: Mateus Caruccio <mateus.caruccio@getupcloud.com>
Date: Mon, 9 Dec 2019 11:07:44 -0300
Subject: [PATCH] Openshift configs (#526)

* Adds openshift to autodetect node type

* detect okd node units
---
 cfg/config.yaml        | 5 ++++-
 cfg/rh-0.7/config.yaml | 3 +++
 cfg/rh-0.7/node.yaml   | 8 ++++----
 3 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/cfg/config.yaml b/cfg/config.yaml
index 71699ca..71f1e45 100644
--- a/cfg/config.yaml
+++ b/cfg/config.yaml
@@ -25,6 +25,7 @@ master:
       - "hyperkube apiserver"
       - "hyperkube kube-apiserver"
       - "apiserver"
+      - "openshift start master api"
     confs:
       - /etc/kubernetes/manifests/kube-apiserver.yaml
       - /etc/kubernetes/manifests/kube-apiserver.manifest
@@ -37,6 +38,7 @@ master:
       - "hyperkube scheduler"
       - "hyperkube kube-scheduler"
       - "scheduler"
+      - "openshift start master controllers"
     confs:
       - /etc/kubernetes/manifests/kube-scheduler.yaml
       - /etc/kubernetes/manifests/kube-scheduler.manifest
@@ -50,6 +52,7 @@ master:
       - "hyperkube controller-manager"
       - "hyperkube kube-controller-manager"
       - "controller-manager"
+      - "openshift start master controllers"
     confs:
       - /etc/kubernetes/manifests/kube-controller-manager.yaml
       - /etc/kubernetes/manifests/kube-controller-manager.manifest
@@ -172,4 +175,4 @@ version_mapping:
   "1.16": "cis-1.5"
   "1.17": "cis-1.5"
   "ocp-3.10": "rh-0.7"
-  "ocp-3.11": "rh-0.7"
\ No newline at end of file
+  "ocp-3.11": "rh-0.7"
diff --git a/cfg/rh-0.7/config.yaml b/cfg/rh-0.7/config.yaml
index df15172..b76332d 100644
--- a/cfg/rh-0.7/config.yaml
+++ b/cfg/rh-0.7/config.yaml
@@ -22,6 +22,9 @@ master:
       - openshift start etcd
 
 node:
+  svcs:
+    - /etc/systemd/system/atomic-openshift-node.service
+    - /etc/systemd/system/origin-node.service
   proxy:
     bins:
       - openshift start network
diff --git a/cfg/rh-0.7/node.yaml b/cfg/rh-0.7/node.yaml
index 7fcd8ec..996965d 100644
--- a/cfg/rh-0.7/node.yaml
+++ b/cfg/rh-0.7/node.yaml
@@ -254,7 +254,7 @@ groups:
 
   - id: 8.3
     text: "Verify the kubelet service file permissions of 644"
-    audit: "stat -c %a /etc/systemd/system/atomic-openshift-node.service"
+    audit: "stat -c %a $nodesvc"
     tests:
       bin_op: or
       test_items:
@@ -275,12 +275,12 @@ groups:
           set: true
     remediation: |
       Run the below command on each worker node.
-      chmod 644 /etc/systemd/system/atomic-openshift-node.service
+      chmod 644 $nodesvc
     scored: true
 
   - id: 8.4
     text: "Verify the kubelet service file ownership of root:root"
-    audit: "stat -c %U:%G /etc/systemd/system/atomic-openshift-node.service"
+    audit: "stat -c %U:%G $nodesvc"
     tests:
       test_items:
         - flag: "root:root"
@@ -290,7 +290,7 @@ groups:
           set: true
       remediation: |
         Run the below command on each worker node.
-        chown root:root /etc/systemd/system/atomic-openshift-node.service
+        chown root:root $nodesvc
       scored: true
 
   - id: 8.5
-- 
GitLab