openstack
/
openstack-ansible-security
Code Issues Proposed changes
RETIRED, Security Role for OpenStack-Ansible
226 Commits 3 Branches 85 Tags 8.2 MiB
Go to file
Major Hayden d57be75535 Skip V-38620 (chrony) in gate 
The OpenStack CI runs ntpd in the gate images and this causes chrony
to fail on startup. This patch skips V-38620 so that chrony won't
cause gate failures.

Closes-Bug: 1629936
Manual backport of: I0c67241c0725621715877e728a6c6c17d771a596
Change-Id: I1420049f7146382261712328fb55ac10274aef11
 		2016-10-03 12:30:06 -05:00
defaults Disable DAC change auditing 2016-09-07 15:36:45 +00:00
doc Fix a minor documentation typo. 2016-09-20 14:07:27 -05:00
files V-38682: Disable bluetooth modules 2015-10-14 21:23:11 -05:00
handlers Ensure AIDE initializes on subsequent runs 2016-08-29 11:11:09 -05:00
meta Bump minimum required version of Ansible 2016-01-13 12:41:02 -08:00
releasenotes Disable DAC change auditing 2016-09-07 15:36:45 +00:00
tasks Disable martian logging by default 2016-09-06 10:24:58 -05:00
templates Disable DAC change auditing 2016-09-07 15:36:45 +00:00
tests Add check/audit to gate testing 2016-06-13 13:37:04 +00:00
vars Enable role testing and make structure ansible-galaxy compatible 2015-10-09 11:47:23 +00:00
.gitignore Add .swp files to .gitignore 2016-05-04 14:13:33 +00:00
.gitreview Update .gitreview for stable/mitaka 2016-04-02 14:46:00 -04:00
LICENSE Initial import of openstack-ansible-security role 2015-10-07 07:27:39 -05:00
README.md Merge "Adding Vagrant setup for deploying security-ansible" 2016-02-05 16:12:33 +00:00
README.rst Add a note to the README file where to report bugs 2016-06-22 19:38:02 +00:00
Vagrantfile Adding Vagrant setup for deploying security-ansible 2016-01-25 08:04:26 -08:00
other-requirements.txt Add dependencies for paramiko 2.0 2016-05-03 21:00:42 +00:00
run_tests.sh Add dependencies for paramiko 2.0 2016-05-03 21:00:42 +00:00
setup.cfg Initial import of openstack-ansible-security role 2015-10-07 07:27:39 -05:00
setup.py Initial import of openstack-ansible-security role 2015-10-07 07:27:39 -05:00
test-requirements.txt Update tox configuration 2016-07-08 17:14:04 +01:00
tox.ini Skip V-38620 (chrony) in gate 2016-10-03 12:30:06 -05:00

README.md

openstack-ansible-security

The goal of the openstack-ansible-security role is to improve security within openstack-ansible deployments. The role is based on the Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 6.

Requirements

This role can be used with or without the openstack-ansible role. It requires Ansible 1.8.3 at a minimum.

Role Variables

All of the variables for this role are in defaults/main.yml.

Dependencies

This role has no dependencies.

Example Playbook

Using the role is fairly straightforward:

- hosts: servers
  roles:
     - openstack-ansible-security

Running with Vagrant

Security Ansible can be easily run for testing using Vagrant.

To do so run: vagrant destroy To destroy any previously created Vagrant setup vagrant up Spin up Ubuntu Trusty VM and run ansible-security against it

License

Apache 2.0

Author Information

For more information, join #openstack-ansible on Freenode.