Go to file

Jesse Pretorius 65293e8002 Update tox configuration

In order to prepare for implementing requirements management by the
OpenStack requirements management process, and to improve the
reliability and effectiveness of test execution, this patch implements
some changes to the tox configuration:

- The minimum tox version is increased in order to be able to use
  constraints for the python packages.
- The OpenStack upper-constraints are used when preparing the test
  venv for the linters checks.
- Any proxy environment variables set on the test host are passed
  into the venv to enable testing from behind a proxy.
- The environment variables used by Ansible tests are moved into
  a new venv called 'ansible' and this environment is inherited
  by all Ansible-related tests.
- The docs test will clean-up an existing build directory before
  executing the docs build.
- The releasenotes build cannot use upper-constraints at this point,
  so it doesn't.
- The Ansible role download will no longer ignore errors so that any
  problems discovered will result in a failed test.
- The human readable logging callback plugin is implemented for
  functional testing.
- The ansible test requirements are moved into tox.ini to ensure
  compliance for requirements.txt/test-requirements.txt for the
  global-requirements management contract.
- The ~/.ansible directory as a whole is not deleted. Instead only
  the plugins and roles folders are deleted to ensure that zuul's
  Ansible artifacts are left in-place.
- The ansible-lint version is updated to support execution against a
  folder, and the test now executes against the entire role to ensure
  that it captures all applicable files for lint testing.

This is a combined port of the following:
- https://review.openstack.org/323507
- https://review.openstack.org/338193
- https://review.openstack.org/332443
- https://review.openstack.org/338193
- https://review.openstack.org/339493

Change-Id: If42e739002e36669044a9396e233dbd382add4c8

2016-07-08 13:08:25 +00:00

defaults

Merge "Implemented: V-38524."

2016-06-07 21:04:21 +00:00

doc

Docs: Add note about RHEL 7 testing

2016-07-07 10:17:03 -05:00

files

Add ability to enable unattended upgrades

2016-04-15 11:58:29 +01:00

handlers

Restart auditd after running augenrules

2016-06-09 15:14:42 -05:00

README.md

openstack-ansible-security

The goal of the openstack-ansible-security role is to improve security within openstack-ansible deployments. The role is based on the Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 6.

Requirements

This role can be used with or without the openstack-ansible role. It requires Ansible 1.8.3 at a minimum.

Role Variables

All of the variables for this role are in defaults/main.yml.

Dependencies

This role has no dependencies.

Example Playbook

Using the role is fairly straightforward:

- hosts: servers
  roles:
     - openstack-ansible-security

Running with Vagrant

This role can be tested easily on multiple platforms using Vagrant.

The Vagrantfile supports testing on:

Ubuntu 14.04
Ubuntu 16.04
CentOS 7

To test on all platforms:

vagrant destroy --force && vagrant up

To test on Ubuntu 14.04 only:

vagrant destroy ubuntu1404 --force && vagrant up ubuntu1404

To test on Ubuntu 16.04 only:

vagrant destroy ubuntu1604 --force && vagrant up ubuntu1604

To test on CentOS 7 only:

vagrant destroy centos7 --force && vagrant up centos7

License

Apache 2.0

Author Information

For more information, join #openstack-ansible on Freenode.