openstack
/
openstack-ansible-security
Code Issues Proposed changes
RETIRED, Security Role for OpenStack-Ansible
189 Commits 3 Branches 85 Tags 8.2 MiB
Go to file
Matt Thompson d1ca8dbaa7 Add ability to enable unattended upgrades 
This commit adds the ability to enable automatic package upgrades via
openstack-ansible-security.  To enable, add the following variable to
your /etc/openstack_deploy/user_variables.yml file:

unattended_upgrades_enabled: true

To have the unattended upgrades system send e-mail notifications
when packages need updating or errors are encountered, add the
following to user_variables.yml:

unattended_upgrades_notifications: true

As many organisations do not subscribe to auto updates, this
functionality will remain disabled by default.

Note that the first iteration of this change does not allow deep
customisation of unatteded-upgrades.  This means that as it stands
only trusty-security (or $distro-security) updates will be applied.

Closes-Bug: #1568075

Change-Id: I22ba1a02acfbe2befb601af6a4099d53d988d856
 		2016-04-15 11:58:29 +01:00
defaults Add ability to enable unattended upgrades 2016-04-15 11:58:29 +01:00
doc Add ability to enable unattended upgrades 2016-04-15 11:58:29 +01:00
files Add ability to enable unattended upgrades 2016-04-15 11:58:29 +01:00
handlers Skip AIDE initialization by default 2016-01-15 10:30:46 -06:00
meta Bump minimum required version of Ansible 2016-01-13 12:41:02 -08:00
tasks Add ability to enable unattended upgrades 2016-04-15 11:58:29 +01:00
templates Move template that was missed with rename 2015-11-02 10:20:20 -06:00
tests Add ability to enable unattended upgrades 2016-04-15 11:58:29 +01:00
vars Enable role testing and make structure ansible-galaxy compatible 2015-10-09 11:47:23 +00:00
.gitignore Initial import of openstack-ansible-security role 2015-10-07 07:27:39 -05:00
.gitreview Added .gitreview 2015-10-05 17:37:21 +00:00
LICENSE Initial import of openstack-ansible-security role 2015-10-07 07:27:39 -05:00
README.md Merge "Adding Vagrant setup for deploying security-ansible" 2016-02-05 16:12:33 +00:00
README.rst Add new docs URL to README 2015-10-09 08:25:56 -05:00
Vagrantfile Adding Vagrant setup for deploying security-ansible 2016-01-25 08:04:26 -08:00
other-requirements.txt Add curl to bindep requirements 2016-03-04 19:26:02 +00:00
run_tests.sh Merging check/functional jobs into one 2015-12-03 08:58:37 -06:00
setup.cfg Initial import of openstack-ansible-security role 2015-10-07 07:27:39 -05:00
setup.py Initial import of openstack-ansible-security role 2015-10-07 07:27:39 -05:00
test-requirements.txt pin version of ansible-lint we use for testing 2016-03-15 15:46:09 +00:00
tox.ini Security: Disable AppArmor check 2016-03-08 12:47:18 -06:00

README.md

openstack-ansible-security

The goal of the openstack-ansible-security role is to improve security within openstack-ansible deployments. The role is based on the Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 6.

Requirements

This role can be used with or without the openstack-ansible role. It requires Ansible 1.8.3 at a minimum.

Role Variables

All of the variables for this role are in defaults/main.yml.

Dependencies

This role has no dependencies.

Example Playbook

Using the role is fairly straightforward:

- hosts: servers
  roles:
     - openstack-ansible-security

Running with Vagrant

Security Ansible can be easily run for testing using Vagrant.

To do so run: vagrant destroy To destroy any previously created Vagrant setup vagrant up Spin up Ubuntu Trusty VM and run ansible-security against it

License

Apache 2.0

Author Information

For more information, join #openstack-ansible on Freenode.