96c6635a15
Replace moved networking-guide with current location. Replace non-existing anchor in https://galeracluster.com with page link. Replace some more moved pages with new location. Fix many places to use https instead of http. Use internal RST link that can be verified instead of external one for /user/security/index.html. Checked with: sphinx-build -a -E -W -d doc/build/doctrees -b linkcheck doc/source doc/build/html Change-Id: I0368e509ba6702e0da1a9c96f7cee76a6d35b3e0
30 lines
1011 B
ReStructuredText
30 lines
1011 B
ReStructuredText
Apply ansible-hardening
|
|
=======================
|
|
|
|
The ``ansible-hardening`` role is applicable to physical hosts within
|
|
an OpenStack-Ansible deployment
|
|
that are operating as any type of node, infrastructure or compute. By
|
|
default, the role is enabled. You can disable it by changing the value of
|
|
the ``apply_security_hardening`` variable in the ``user_variables.yml`` file
|
|
to ``false``:
|
|
|
|
.. code-block:: yaml
|
|
|
|
apply_security_hardening: false
|
|
|
|
You can apply security hardening configurations to an existing environment or
|
|
audit an environment by using a playbook supplied with OpenStack-Ansible:
|
|
|
|
.. code-block:: bash
|
|
|
|
# Apply security hardening configurations
|
|
openstack-ansible security-hardening.yml
|
|
|
|
# Perform a quick audit by using Ansible's check mode
|
|
openstack-ansible --check security-hardening.yml
|
|
|
|
For more information about the security configurations, see the
|
|
`security hardening role`_ documentation.
|
|
|
|
.. _security hardening role: https://docs.openstack.org/ansible-hardening/
|