openstack/openstack-ansible
Code Issues Proposed changes
77ac88197c
openstack-ansible/deploy-guide/source/app-advanced-config-security.rst
Jesse Pretorius e4551ef3e2 [DOCS] Move limited connectivity section to Deploy Guide 
The limited connectivity section was temporarily moved into
the developer guide temporarily when re-arranging the deploy
guide, but never moved back.

As this is important information for deployers to see, this
is being moved into the deploy guide appendix, then references
to it are added to the AIO and Deployment Guide in appropriate
places.

The following notes regarding additional changes apply:

- The pip offline install content for the limited connectivity
  page breaks the flow and doesn't really fit in the two models
  proposed. This content should move to the pip install role.

- The reference to the get_url/get_uri bug for Ansible 1.9 no
  longer applies as Newton onwards now uses Ansible 2.1.x and
  above.

- An unused Appendix H reference in the Security Appendix has
  been removed.

- The Appendices have been re-arranged slightly to try to show
  the information in a perceived order of importance.

Change-Id: If4b8a75277374ed7e96a1ce6610ed8a897125693
2017-02-16 11:54:08 +00:00

39 lines
1.5 KiB
ReStructuredText
Raw Blame History

.. _security_hardening:
==================
Security hardening
==================
OpenStack-Ansible automatically applies host security hardening configurations
by using the `openstack-ansible-security`_ role. The role uses a version of the
`Security Technical Implementation Guide (STIG)`_ that has been adapted for
Ubuntu 14.04 and OpenStack.
The role is applicable to physical hosts within an OpenStack-Ansible deployment
that are operating as any type of node, infrastructure or compute. By
default, the role is enabled. You can disable it by changing the value of
the ``apply_security_hardening`` variable in the ``user_variables.yml`` file
to ``false``:
.. code-block:: yaml
apply_security_hardening: false
You can apply security hardening configurations to an existing environment or
audit an environment by using a playbook supplied with OpenStack-Ansible:
.. code-block:: bash
# Apply security hardening configurations
openstack-ansible security-hardening.yml
# Perform a quick audit by using Ansible's check mode
openstack-ansible --check security-hardening.yml
For more information about the security configurations, see the
`OpenStack-Ansible host security`_ hardening documentation.
.. _openstack-ansible-security: http://docs.openstack.org/developer/openstack-ansible-security/
.. _Security Technical Implementation Guide (STIG): https://en.wikipedia.org/wiki/Security_Technical_Implementation_Guide
.. _OpenStack-Ansible host security: http://docs.openstack.org/developer/openstack-ansible-security/
View Git Blame Copy Permalink