From 3917510cf0b3011718b9ce425bd3dfe2295843e6 Mon Sep 17 00:00:00 2001 From: Qin Wang Date: Fri, 16 Sep 2016 14:49:04 +0000 Subject: [PATCH] [install-guide] remove redundant part for security hardening Currently, the contents for security hardening repeat on two pages in the install guide. Change-Id: I4c77f7a0c28564e56930ad9ffc3679b78566a978 closes-bug: #1624411 --- .../app-advanced-config-affinity.rst | 44 ------------------- doc/source/install-guide/installation.rst | 4 +- 2 files changed, 2 insertions(+), 46 deletions(-) diff --git a/doc/source/install-guide/app-advanced-config-affinity.rst b/doc/source/install-guide/app-advanced-config-affinity.rst index 243c02e629..108fd19f4a 100644 --- a/doc/source/install-guide/app-advanced-config-affinity.rst +++ b/doc/source/install-guide/app-advanced-config-affinity.rst @@ -48,47 +48,3 @@ this configuration, your ``openstack_user_config.yml`` would look like this: The configuration above deploys a memcached container and a database container on each host, without the RabbitMQ containers. - -.. _security_hardening: - -Security hardening -~~~~~~~~~~~~~~~~~~ - -OpenStack-Ansible automatically applies host security hardening configurations -using the `openstack-ansible-security`_ role. The role uses a version of the -`Security Technical Implementation Guide (STIG)`_ that has been adapted for -Ubuntu 14.04 and OpenStack. - -The role is applicable to physical hosts within an OpenStack-Ansible deployment -that are operating as any type of node, infrastructure or compute. By -default, the role is enabled. You can disable it by changing a variable -within ``user_variables.yml``: - -.. code-block:: yaml - - apply_security_hardening: false - -When the variable is set to ``true``, the ``setup-hosts.yml`` playbook applies -the role during deployments. - -You can apply security configurations to an existing environment or audit -an environment using a playbook supplied with OpenStack-Ansible: - -.. code-block:: bash - - # Perform a quick audit using Ansible's check mode - openstack-ansible --check security-hardening.yml - - # Apply security hardening configurations - openstack-ansible security-hardening.yml - -For more details on the security configurations that will be applied, refer to -the `openstack-ansible-security`_ documentation. Review the `Configuration`_ -section of the openstack-ansible-security documentation to find out how to -fine-tune certain security configurations. - -.. _openstack-ansible-security: http://docs.openstack.org/developer/openstack-ansible-security/ -.. _Security Technical Implementation Guide (STIG): https://en.wikipedia.org/wiki/Security_Technical_Implementation_Guide -.. _Configuration: http://docs.openstack.org/developer/openstack-ansible-security/configuration.html -.. _Appendix H: ../install-guide/app-custom-layouts.html - diff --git a/doc/source/install-guide/installation.rst b/doc/source/install-guide/installation.rst index 5e82ddd2d0..f0e1cedbdc 100644 --- a/doc/source/install-guide/installation.rst +++ b/doc/source/install-guide/installation.rst @@ -25,7 +25,7 @@ Checking the integrity of your configuration files Before running any playbook, check the integrity of your configuration files. -#. Ensure all files edited in ``/etc/`` are Ansible +#. Ensure all files edited in ``/etc/openstack_deploy`` are Ansible YAML compliant. Guidelines can be found here: ``_ @@ -213,7 +213,7 @@ Verifying the Dashboard (horizon) #. Authenticate using the username ``admin`` and password defined by the ``keystone_auth_admin_password`` option in the - ``/etc/openstack_deploy/user_variables.yml`` file. + ``/etc/openstack_deploy/user_secrets.yml`` file. .. TODO Add troubleshooting information to resolve common installation issues