192efa5d63
Change-Id: I25df03899c3052e86cce8cb3797f605993c25a37 Implements: blueprint osa-install-guide-overhaul
1.8 KiB
Security hardening
OpenStack-Ansible automatically applies host security hardening configurations using the openstack-ansible-security role. The role uses a version of the Security Technical Implementation Guide (STIG) that has been adapted for Ubuntu 14.04 and OpenStack.
The role is applicable to physical hosts within an OpenStack-Ansible
deployment that are operating as any type of node, infrastructure or
compute. By default, the role is enabled. You can disable it by changing
a variable within user_variables.yml:
apply_security_hardening: falseWhen the variable is set to true, the
setup-hosts.yml playbook applies the role during
deployments.
You can apply security configurations to an existing environment or audit an environment using a playbook supplied with OpenStack-Ansible:
# Perform a quick audit using Ansible's check mode
openstack-ansible --check security-hardening.yml
# Apply security hardening configurations
openstack-ansible security-hardening.ymlRefer to the openstack-ansible-security documentation for more details on the security configurations. Review the Configuration section of the openstack-ansible-security documentation to find out how to fine-tune certain security configurations.