openstack
/
ansible-hardening
Code Issues Proposed changes
Ansible role for security hardening
298 Commits 10 Branches 140 Tags 5.4 MiB
Jinja 44.5%
Python 41.2%
Shell 14.3%
Go to file
Jean-Philippe Evrard c458db68fa Include ansible commands for ansible linting 
The plugin repo needs to be cloned for ansible-lint to
understand ansible plugins. The commands currently
reside in tox.ini under the ansible section and are not
currently included. This commit fixes that error.

Change-Id: I499f5807afcf3c8e94d571eb7975d7f198b72538
 		2016-08-11 18:12:17 +01:00
defaults Add ability to change apt/yum package state 2016-08-02 16:01:01 +01:00
doc Ensure that doc linting is included in the linters test 2016-07-25 10:45:11 -05:00
files Add ability to enable unattended upgrades 2016-04-15 11:58:29 +01:00
handlers Restart auditd after running augenrules 2016-06-09 15:14:42 -05:00
meta Add CentOS 7 and Ubuntu 16.04 support 2016-05-13 14:57:28 -05:00
releasenotes Add ability to change apt/yum package state 2016-08-02 16:01:01 +01:00
tasks Merge "Correct tags attribute typo" 2016-08-06 14:45:38 +00:00
templates Add audit rules to support ppc64le architecture. 2016-07-25 04:23:01 -05:00
tests Add check/audit to gate testing 2016-06-07 13:22:12 +00:00
vars Fix chrony daemon name for rh derivatives 2016-07-19 15:45:48 +01:00
.gitignore Add support for Xenial and CentOS 7 to the Vagrantfile 2016-06-14 16:18:22 -04:00
.gitreview Added .gitreview 2015-10-05 17:37:21 +00:00
LICENSE Initial import of openstack-ansible-security role 2015-10-07 07:27:39 -05:00
README.md Add support for Xenial and CentOS 7 to the Vagrantfile 2016-06-14 16:18:22 -04:00
README.rst Add a note to the README file where to report bugs 2016-05-27 17:06:40 +02:00
Vagrantfile Add support for Xenial and CentOS 7 to the Vagrantfile 2016-06-14 16:18:22 -04:00
other-requirements.txt Add CentOS 7 and Ubuntu 16.04 support 2016-05-13 14:57:28 -05:00
run_tests.sh Docs: Add developer guide for security role 2016-06-08 13:07:06 -05:00
setup.cfg Initial import of openstack-ansible-security role 2015-10-07 07:27:39 -05:00
setup.py Updated from global requirements 2016-07-15 11:26:50 +00:00
test-requirements.txt Updated from global requirements 2016-07-21 13:42:33 +00:00
tox.ini Include ansible commands for ansible linting 2016-08-11 18:12:17 +01:00

README.md

openstack-ansible-security

The goal of the openstack-ansible-security role is to improve security within openstack-ansible deployments. The role is based on the Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 6.

Requirements

This role can be used with or without the openstack-ansible role. It requires Ansible 1.8.3 at a minimum.

Role Variables

All of the variables for this role are in defaults/main.yml.

Dependencies

This role has no dependencies.

Example Playbook

Using the role is fairly straightforward:

- hosts: servers
  roles:
     - openstack-ansible-security

Running with Vagrant

This role can be tested easily on multiple platforms using Vagrant.

The Vagrantfile supports testing on:

  • Ubuntu 14.04
  • Ubuntu 16.04
  • CentOS 7

To test on all platforms:

vagrant destroy --force && vagrant up

To test on Ubuntu 14.04 only:

vagrant destroy ubuntu1404 --force && vagrant up ubuntu1404

To test on Ubuntu 16.04 only:

vagrant destroy ubuntu1604 --force && vagrant up ubuntu1604

To test on CentOS 7 only:

vagrant destroy centos7 --force && vagrant up centos7

License

Apache 2.0

Author Information

For more information, join #openstack-ansible on Freenode.