e4551ef3e2
The limited connectivity section was temporarily moved into the developer guide temporarily when re-arranging the deploy guide, but never moved back. As this is important information for deployers to see, this is being moved into the deploy guide appendix, then references to it are added to the AIO and Deployment Guide in appropriate places. The following notes regarding additional changes apply: - The pip offline install content for the limited connectivity page breaks the flow and doesn't really fit in the two models proposed. This content should move to the pip install role. - The reference to the get_url/get_uri bug for Ansible 1.9 no longer applies as Newton onwards now uses Ansible 2.1.x and above. - An unused Appendix H reference in the Security Appendix has been removed. - The Appendices have been re-arranged slightly to try to show the information in a perceived order of importance. Change-Id: If4b8a75277374ed7e96a1ce6610ed8a897125693
1.5 KiB
Security hardening
OpenStack-Ansible automatically applies host security hardening configurations by using the openstack-ansible-security role. The role uses a version of the Security Technical Implementation Guide (STIG) that has been adapted for Ubuntu 14.04 and OpenStack.
The role is applicable to physical hosts within an OpenStack-Ansible
deployment that are operating as any type of node, infrastructure or
compute. By default, the role is enabled. You can disable it by changing
the value of the apply_security_hardening variable in the
user_variables.yml file to false:
apply_security_hardening: falseYou can apply security hardening configurations to an existing environment or audit an environment by using a playbook supplied with OpenStack-Ansible:
# Apply security hardening configurations
openstack-ansible security-hardening.yml
# Perform a quick audit by using Ansible's check mode
openstack-ansible --check security-hardening.ymlFor more information about the security configurations, see the OpenStack-Ansible host security hardening documentation.