openstack
/
openstack-ansible-security
Code Issues Proposed changes
RETIRED, Security Role for OpenStack-Ansible
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
348 Commits
3 Branches
85 Tags
8.2 MiB
master
stable/newton
stable/ocata
14.2.8
14.2.7
mitaka-eol
14.2.6
15.1.5
14.2.5
16.0.0.0b2
14.2.4
15.1.4
15.1.3
14.2.3
15.1.2
14.2.2
13.3.18
14.2.1
15.1.1
16.0.0.0b1
13.3.17
14.2.0
15.1.0
13.3.16
14.1.1
15.0.0
15.0.0.0rc2
13.3.15
14.1.0
14.0.8
13.3.14
14.0.7
15.0.0.0rc1
13.3.13
15.0.0.0b3
14.0.6
13.3.12
14.0.5
13.3.11
14.0.4
13.3.10
15.0.0.0b2
liberty-eol
13.3.9
14.0.3
12.2.8
14.0.2
13.3.8
15.0.0.0b1
12.2.7
14.0.1
13.3.7
12.2.6
13.3.6
14.0.0
14.0.0.0rc4
12.2.5
13.3.5
14.0.0.0rc3
12.2.4
13.3.4
14.0.0.0rc2
14.0.0.0rc1
12.2.3
13.3.3
14.0.0.0b3
12.2.2
13.3.2
12.2.1
13.3.1
12.2.0
13.3.0
14.0.0.0b2
12.1.0
13.2.0
12.0.16
13.1.4
12.0.15
13.1.3
14.0.0.0b1
12.0.14
13.1.2
13.1.1
12.0.13
13.1.0
13.0.1
12.0.0
13.0.0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '79eeaa43fb'
${ noResults }
Go to file
OpenStack Proposal Bot 79eeaa43fb Updated from global requirements 
Change-Id: I6c9ee96343840ffd315d531d13579ef6eeedc749
 		7 years ago
defaults Merge "Adding V-38438 (auditd during boot)" 7 years ago
doc Automate the STIG documentation 7 years ago
files Add ability to enable unattended upgrades 7 years ago
handlers Adding V-38438 (auditd during boot) 7 years ago
meta Add CentOS 7 and Ubuntu 16.04 support 7 years ago
releasenotes Merge "Adding V-38438 (auditd during boot)" 7 years ago
tasks Adding V-38438 (auditd during boot) 7 years ago
templates Disable DAC change auditing 7 years ago
tests Restore logrotate cron job in CI 7 years ago
vars Adding V-38438 (auditd during boot) 7 years ago
.gitignore Automate the STIG documentation 7 years ago
.gitreview Added .gitreview 8 years ago
LICENSE Initial import of openstack-ansible-security role 8 years ago
README.md Add support for Xenial and CentOS 7 to the Vagrantfile 7 years ago
README.rst Add a note to the README file where to report bugs 7 years ago
Vagrantfile Add support for Xenial and CentOS 7 to the Vagrantfile 7 years ago
bindep.txt Rename collected logs for easier CI viewing 7 years ago
run_tests.sh Added SNI support for os_security role via OS packages 7 years ago
setup.cfg Automate the STIG documentation 7 years ago
setup.py Updated from global requirements 7 years ago
test-requirements.txt Updated from global requirements 7 years ago
tox.ini Automate the STIG documentation 7 years ago

README.md

openstack-ansible-security

The goal of the openstack-ansible-security role is to improve security within openstack-ansible deployments. The role is based on the Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 6.

Requirements

This role can be used with or without the openstack-ansible role. It requires Ansible 1.8.3 at a minimum.

Role Variables

All of the variables for this role are in defaults/main.yml.

Dependencies

This role has no dependencies.

Example Playbook

Using the role is fairly straightforward:

- hosts: servers
  roles:
     - openstack-ansible-security

Running with Vagrant

This role can be tested easily on multiple platforms using Vagrant.

The Vagrantfile supports testing on:

  • Ubuntu 14.04
  • Ubuntu 16.04
  • CentOS 7

To test on all platforms:

vagrant destroy --force && vagrant up

To test on Ubuntu 14.04 only:

vagrant destroy ubuntu1404 --force && vagrant up ubuntu1404

To test on Ubuntu 16.04 only:

vagrant destroy ubuntu1604 --force && vagrant up ubuntu1604

To test on CentOS 7 only:

vagrant destroy centos7 --force && vagrant up centos7

License

Apache 2.0

Author Information

For more information, join #openstack-ansible on Freenode.