ca1e4cccd9
Also removes old install guide in favor of the commited deploy guide TODO: Link for the deploy guide to be commited Change-Id: I72c1d344a4cc8df4d92ff296200704639771eb88
40 lines
1.6 KiB
ReStructuredText
40 lines
1.6 KiB
ReStructuredText
.. _security_hardening:
|
|
|
|
==================
|
|
Security hardening
|
|
==================
|
|
|
|
OpenStack-Ansible automatically applies host security hardening configurations
|
|
by using the `openstack-ansible-security`_ role. The role uses a version of the
|
|
`Security Technical Implementation Guide (STIG)`_ that has been adapted for
|
|
Ubuntu 14.04 and OpenStack.
|
|
|
|
The role is applicable to physical hosts within an OpenStack-Ansible deployment
|
|
that are operating as any type of node, infrastructure or compute. By
|
|
default, the role is enabled. You can disable it by changing the value of
|
|
the ``apply_security_hardening`` variable in the ``user_variables.yml`` file
|
|
to ``false``:
|
|
|
|
.. code-block:: yaml
|
|
|
|
apply_security_hardening: false
|
|
|
|
You can apply security hardening configurations to an existing environment or
|
|
audit an environment by using a playbook supplied with OpenStack-Ansible:
|
|
|
|
.. code-block:: bash
|
|
|
|
# Apply security hardening configurations
|
|
openstack-ansible security-hardening.yml
|
|
|
|
# Perform a quick audit by using Ansible's check mode
|
|
openstack-ansible --check security-hardening.yml
|
|
|
|
For more information about the security configurations, see the
|
|
`OpenStack-Ansible host security`_ hardening documentation.
|
|
|
|
.. _openstack-ansible-security: http://docs.openstack.org/developer/openstack-ansible-security/
|
|
.. _Security Technical Implementation Guide (STIG): https://en.wikipedia.org/wiki/Security_Technical_Implementation_Guide
|
|
.. _OpenStack-Ansible host security: http://docs.openstack.org/developer/openstack-ansible-security/
|
|
.. _Appendix H: ../install-guide/app-custom-layouts.html
|