6c94ac8515
See https://github.com/ansible/ansible/issues/73654 Change-Id: I06ab9cee6539762d7ba3e25e07b5661a8fa485f3
30 lines
1.2 KiB
YAML
30 lines
1.2 KiB
YAML
---
|
|
# Copyright 2016, Rackspace US, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
# Ensure that the package state matches the global setting
|
|
lxc_hosts_package_state: "{{ package_state }}"
|
|
openstack_hosts_package_state: "{{ package_state }}"
|
|
security_package_state: "{{ package_state }}"
|
|
|
|
# Use the RHEL 7 STIG content from the ansible-hardening role
|
|
stig_version: rhel7
|
|
|
|
# Temporarily avoid putting SELinux into enforcing mode on CentOS until some
|
|
# additional policy is written. See LP Bug 1657517 for more details.
|
|
security_rhel7_enable_linux_security_module: "{{ (ansible_facts['os_family'] == 'RedHat') | ternary(false, true) }}"
|
|
|
|
# All our ansible tasks run as root user, we need to allow direct root login
|
|
security_sshd_permit_root_login: 'without-password'
|