RETIRED, Security Role for OpenStack-Ansible
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Go to file
OpenDev Sysadmins 9c473a90ef
OpenDev Migration Patch
4 years ago
defaults Fix security role gate 6 years ago
doc Add retirement warnings to security role 6 years ago
files Configure AIDE before initial run 6 years ago
handlers Do not update grub if grub not used 6 years ago
library Verify password age limits [+Docs] 6 years ago
meta Add CentOS 7 and Ubuntu 16.04 support 7 years ago
releasenotes Make .shosts search/removal opt in 6 years ago
tasks Add retirement warnings to security role 6 years ago
templates Enable ntp client functionality with chronyd 6 years ago
test_plugins Move test plugins into security role 6 years ago
tests Remove 'physical_host' from test inventory 6 years ago
vars Do not update grub if grub not used 6 years ago
.gitignore Initial docs scaffolding for RHEL 7 STIG 6 years ago
.gitreview OpenDev Migration Patch 4 years ago
LICENSE Initial import of openstack-ansible-security role 7 years ago Add retirement warnings to security role 6 years ago
README.rst Add retirement warnings to security role 6 years ago
Vagrantfile Add support for Xenial and CentOS 7 to the Vagrantfile 7 years ago
bindep.txt Install python2-pyOpenSSL package on CentOS 6 years ago
manual-test.rc Use centralised test scripts 6 years ago Fix pip check in 6 years ago
setup.cfg Automate the STIG documentation 6 years ago Updated from global requirements 7 years ago
test-requirements.txt Updated from global requirements 6 years ago
tox.ini Fix security role gate 6 years ago


DEPRECATION NOTICE: The openstack-ansible-security role is deprecated and will be retired soon. Consumers of this role should use the ansible-hardening role instead.


The openstack-ansible security role applies security hardening configurations from the Security Technical Implementation Guide(STIG) to systems running Ubuntu 14.04, Ubuntu 16.04, CentOS 7, and Red Hat Enterprise Linux 7.

The role is part of the OpenStack-Ansible project, which deploys enterprise-grade OpenStack clouds using Ansible. However, the role can easily be used outside of an OpenStack environment to secure hosts, virtual machines, and containers.

For more details, review the openstack-ansible-security documentation.


This role can be used with or without the OpenStack-Ansible role. It requires Ansible 1.9.1 or later.

Role Variables

All of the variables for this role are in defaults/main.yml.


This role has no dependencies.

Example Playbook

Using the role is fairly straightforward:

- hosts: servers
     - openstack-ansible-security

Running with Vagrant

This role can be tested easily on multiple platforms using Vagrant.

The Vagrantfile supports testing on:

  • Ubuntu 14.04
  • Ubuntu 16.04
  • CentOS 7

To test on all platforms:

vagrant destroy --force && vagrant up

To test on Ubuntu 14.04 only:

vagrant destroy ubuntu1404 --force && vagrant up ubuntu1404

To test on Ubuntu 16.04 only:

vagrant destroy ubuntu1604 --force && vagrant up ubuntu1604

To test on CentOS 7 only:

vagrant destroy centos7 --force && vagrant up centos7


Apache 2.0

Author Information

For more information, join #openstack-ansible on Freenode.