From 53ed68a0b2c9aaf40413bfe741b3badc81a32137 Mon Sep 17 00:00:00 2001 From: Abubakr-Sadik Nii Nai Davis Date: Wed, 6 Mar 2019 11:52:13 +0000 Subject: [PATCH] Clean up OCP benchmark config. The OCP benchmarks uses configs for only binary component variable names. This commit cleans up the OCP config by removing all configuration except those component binaries required to run kube-bench on OCP installations and adds missing ones. --- cfg/ocp-3.10/config.yaml | 13 ++++--------- cfg/ocp-3.10/master.yaml | 2 +- 2 files changed, 5 insertions(+), 10 deletions(-) diff --git a/cfg/ocp-3.10/config.yaml b/cfg/ocp-3.10/config.yaml index b3057bf..cfca6b2 100644 --- a/cfg/ocp-3.10/config.yaml +++ b/cfg/ocp-3.10/config.yaml @@ -11,25 +11,20 @@ master: apiserver: bins: - openshift start master api - defaultconf: /etc/origin/master/master-config.yaml scheduler: bins: - openshift start master controllers - defaultconf: /etc/origin/master/master-config.yaml controllermanager: bins: - openshift start master controllers - defaultconf: /etc/origin/master/master-config.yaml - - etcd: - defaultconf: /etc/kubernetes/manifests/etcd.yaml node: kubelet: - defaultconf: /etc/kubernetes/kubelet.conf - defaultsvc: /etc/systemd/system/kubelet.service.d/10-kubeadm.conf + bins: + - openshift start network proxy: - defaultconf: /etc/kubernetes/addons/kube-proxy-daemonset.yaml + bins: + - openshift start network diff --git a/cfg/ocp-3.10/master.yaml b/cfg/ocp-3.10/master.yaml index 9dd4b57..3cb07bf 100644 --- a/cfg/ocp-3.10/master.yaml +++ b/cfg/ocp-3.10/master.yaml @@ -1043,7 +1043,7 @@ groups: remediation: | On the etcd server node, get the etcd data directory, passed as an argument --data-dir , from the below command: - ps -ef | grep $etcdbin + ps -ef | grep etcd Run the below command (based on the etcd data directory found above). For example, chmod 700 /var/lib/etcd scored: true