openstack/openstack-ansible
Code Issues Proposed changes
3eca1b5b77
openstack-ansible/doc/source/user/security/hardening.rst
Jean-Philippe Evrard 3eca1b5b77 [Docs] Backport Master structure 
This is backport combining the documentation changes applied master
according to the queens blueprint "docs-improvements":

* [Docs] Flatten out monitoring
(cherry picked from commit ebdd5759b1)
* [Docs] Move upgrade guides into ops
(cherry picked from commit 56194bcb5a)
* [Docs] Merge advanced configuration into reference
(cherry picked from commit ba7e064ef9)
* [Docs] Uniform landing text
(cherry picked from commit 134ec81016)
* [Docs] Move AIO to first scenario
(cherry picked from commit dc8d6256ce)
* [Docs] Include test scenario as a new user story
(cherry picked from commit 3d76d5e2e2)
* [Docs] Fix references
(cherry picked from commit 1d47028911)
* [Docs] Move more examples to user guide
(cherry picked from commit 73c45a8108)
* [Docs] Move Ceph example to user guides
(cherry picked from commit d27e329a5a)
* [Docs] Move network architecture into reference
(cherry picked from commit 99ca16e85e)
* [Docs] Centralize Inventory documentation
(cherry picked from commit eb89fa513a)
* [Docs] Move limited connectivity to user guide
(cherry picked from commit b6eb92beca)
* [Docs] Migrate security into user guide
(cherry picked from commit f1a7525570)
* [Docs] Guide users more
(cherry picked from commit 99f4f17751)
* [Docs] Add explicit warnings on common mistake
(cherry picked from commit 41bd98385b)

Change-Id: I4b39f2a9f33eff7d0433a98a085cf4fd05cef75e
2018-03-20 11:47:21 +00:00

1020 B
Raw Blame History

Apply ansible-hardening

The ansible-hardening role is applicable to physical hosts within an OpenStack-Ansible deployment that are operating as any type of node, infrastructure or compute. By default, the role is enabled. You can disable it by changing the value of the apply_security_hardening variable in the user_variables.yml file to false:

apply_security_hardening: false

You can apply security hardening configurations to an existing environment or audit an environment by using a playbook supplied with OpenStack-Ansible:

# Apply security hardening configurations
  openstack-ansible security-hardening.yml

# Perform a quick audit by using Ansible's check mode
  openstack-ansible --check security-hardening.yml

For more information about the security configurations, see the security hardening role documentation.