To Reproduce Steps to reproduce the behavior:

1. Follow our documentation to configure aide on overcloud nodes.

Expected behavior

• The "Copy aide db" task is executed always when aide services is enabled.

Screenshots

• N/A

Device Info (please complete the following information):

• N/A

Bug impact

• Our customer can't configure the aide service properly.

Known workaround

• Override the default value of the below heat parameters like below.
  • AideDBPath
  • AideDBTempPath

• resource_registry:
      OS::TripleO::Services::Aide: /usr/share/openstack-tripleo-heat-templates/deployment/aide/aide-baremetal-ansible.yaml
  
  parameter_defaults:
      AideRules:
        'TripleORules':
          content: 'TripleORules = p+sha256'
          order: 1
        'etc':
          content: '/etc/ TripleORules'
          order: 2
        'boot':
          content: '/boot/ TripleORules'
          order: 3
        'sbin':
          content: '/sbin/ TripleORules'
          order: 4
        'var':
          content: '/var/ TripleORules'
          order: 5
        'not var/log':
          content: '!/var/log.*'
          order: 6
        'not var/spool':
          content: '!/var/spool.*'
          order: 7
        'not nova instances':
          content: '!/var/lib/nova/instances.*'
          order: 8
    AideDBPath: /var/lib/aide/aide.db.gz <===================== (*)
    AideDBTempPath: /var/lib/aide/aide.db.new.gz <============= (*)

Additional context

• The task definition from https://github.com/openstack-archive/tripleo-ansible/blob/stable/wallaby/tripleo_ansible/roles/aide/tasks/aide_config.yml#L46-L58

• - name: Check for tmp aide db
    stat:
      path: "{{ aide_db_temp_path }}"
    register: aide_db_temp_path_check
  
  - name: Copy aide db
    copy:
      src: "{{ aide_db_temp_path }}"
      dest: "{{ aide_db_path }}"
      remote_src: true
    when:
      - aide_db_temp_path_check.stat.exists | bool
      - not (aide_db_path_check.stat.exists | bool)

• The default value of `aide_db_path` and `aide_db_temp_path` are configured in `/var/lib/aide/aide.db.new` in https://github.com/openstack-archive/tripleo-heat-templates/blob/stable/wallaby/deployment/aide/aide-baremetal-ansible.yaml#L33-L40
• And the below three lines will be added by tripleo.

• [root@controller-0 ~]# grep -e DBDIR -e "^database" /etc/aide.conf 
  @@define DBDIR /var/lib/aide
  database=file:@@{DBDIR}/aide.db.gz
  database_out=file:@@{DBDIR}/aide.db.new.gz
  database=file:/var/lib/aide/aide.db <================== (*)
  database_out=file:/var/lib/aide/aide.db.new <========== (*)
  database_new=file:/var/lib/aide/aide.db.new <========== (*)

• However, the above `database` and `database_out` which are added by tripleo will be ignored  by aide according to the man of aide.conf.

• CONFIG LINES

         These lines have the format parameter=value. See URLS for a list of valid urls.

   

         database

                The url from which database is read. There can only be one of these lines. If there are multiple database lines then the first is used. The default value is "/usr/etc/aide.db".

   

         database_out

                The  url  to which the new database is written to. There can only be one of these lines. If there are multiple database_out lines then the first is used. The default value is "/usr/etc/aide.db.new".

• It means, the first `database` and `database_out` in the config will be used.
• So I guess the default value of heat parameter should be aligned with the default values by aide.