Use new ansible-hardening role
The openstack-ansible-security role and repository is being phased out in favor of the ansible-hardening role. This patch adjusts all references of the old role to use the new name. Manual backport of I9cbdddde71fb0d71d8c412d3f62f0b0f6a241aee due to merge conflicts in ansible-role-requirements.yml. Change-Id: Iab2f2480dc1d66f250ffbc83ae735fecd32ecdd6
This commit is contained in:
parent
c66391662c
commit
8b6cc5fde3
|
@ -1,3 +1,7 @@
|
|||
- name: ansible-hardening
|
||||
scm: git
|
||||
src: https://git.openstack.org/openstack/ansible-hardening
|
||||
version: f215c22768248021d38d121a86721d842f419031
|
||||
- name: apt_package_pinning
|
||||
scm: git
|
||||
src: https://git.openstack.org/openstack/openstack-ansible-apt_package_pinning
|
||||
|
@ -38,10 +42,6 @@
|
|||
scm: git
|
||||
src: https://git.openstack.org/openstack/openstack-ansible-memcached_server
|
||||
version: 5363432f58334823f7e6c6c88617bb908ca48359
|
||||
- name: openstack-ansible-security
|
||||
scm: git
|
||||
src: https://git.openstack.org/openstack/openstack-ansible-security
|
||||
version: 428bce5c4d3fc88cd1e257753923d589f89ff6c7
|
||||
- name: openstack_hosts
|
||||
scm: git
|
||||
src: https://git.openstack.org/openstack/openstack-ansible-openstack_hosts
|
||||
|
|
|
@ -5,7 +5,7 @@ Security hardening
|
|||
==================
|
||||
|
||||
OpenStack-Ansible automatically applies host security hardening configurations
|
||||
by using the `openstack-ansible-security`_ role. The role uses a version of the
|
||||
by using the `ansible-hardening`_ role. The role uses a version of the
|
||||
`Security Technical Implementation Guide (STIG)`_ that has been adapted for
|
||||
Ubuntu 14.04 and OpenStack.
|
||||
|
||||
|
@ -33,6 +33,6 @@ audit an environment by using a playbook supplied with OpenStack-Ansible:
|
|||
For more information about the security configurations, see the
|
||||
`OpenStack-Ansible host security`_ hardening documentation.
|
||||
|
||||
.. _openstack-ansible-security: http://docs.openstack.org/developer/openstack-ansible-security/
|
||||
.. _ansible-hardening: http://docs.openstack.org/developer/ansible-hardening/
|
||||
.. _Security Technical Implementation Guide (STIG): https://en.wikipedia.org/wiki/Security_Technical_Implementation_Guide
|
||||
.. _OpenStack-Ansible host security: http://docs.openstack.org/developer/openstack-ansible-security/
|
||||
.. _OpenStack-Ansible host security: http://docs.openstack.org/developer/ansible-hardening/
|
||||
|
|
|
@ -58,7 +58,7 @@ to all deployments. The role has been carefully designed to perform as follows:
|
|||
For more information about configuring the role in OpenStack-Ansible, see
|
||||
:ref:`security_hardening`.
|
||||
|
||||
.. _security hardening role: http://docs.openstack.org/developer/openstack-ansible-security/
|
||||
.. _security hardening role: http://docs.openstack.org/developer/ansible-hardening/
|
||||
.. _Security Technical Implementation Guide: https://en.wikipedia.org/wiki/Security_Technical_Implementation_Guide
|
||||
.. _Defense Information Systems Agency: http://www.disa.mil/
|
||||
.. _Payment Card Industry Data Security Standard: https://www.pcisecuritystandards.org/pci_security/
|
||||
|
|
|
@ -21,7 +21,7 @@ security_package_state: "{{ package_state }}"
|
|||
# Disable /etc/hosts management if unbound DNS resolution containers exist
|
||||
openstack_host_manage_hosts_file: "{{ groups['unbound'] is not defined or groups['unbound'] | length < 1 }}"
|
||||
|
||||
# Use the RHEL 7 STIG content from the openstack-ansible-security role
|
||||
# Use the RHEL 7 STIG content from the ansible-hardening role
|
||||
stig_version: rhel7
|
||||
|
||||
# Temporarily avoid putting SELinux into enforcing mode on CentOS 7 until some
|
||||
|
|
|
@ -22,7 +22,7 @@
|
|||
gather_facts: "{{ gather_facts | default(True) }}"
|
||||
user: root
|
||||
roles:
|
||||
- role: "openstack-ansible-security"
|
||||
- role: "ansible-hardening"
|
||||
when: apply_security_hardening | bool
|
||||
environment: "{{ deployment_environment_variables | default({}) }}"
|
||||
tags:
|
||||
|
|
Loading…
Reference in New Issue