2798cf403c
The openstack-ansible-security role and repository is being phased out in favor of the ansible-hardening role. This patch adjusts all references of the old role to use the new name. Depends-On: I711aed6daf6391de71d3c2b47fbfc00fe6b66d9f Change-Id: I9cbdddde71fb0d71d8c412d3f62f0b0f6a241aee
1.5 KiB
Security hardening
OpenStack-Ansible automatically applies host security hardening configurations by using the ansible-hardening role. The role uses a version of the Security Technical Implementation Guide (STIG) that has been adapted for Ubuntu 14.04 and OpenStack.
The role is applicable to physical hosts within an OpenStack-Ansible
deployment that are operating as any type of node, infrastructure or
compute. By default, the role is enabled. You can disable it by changing
the value of the apply_security_hardening variable in the
user_variables.yml file to false:
apply_security_hardening: falseYou can apply security hardening configurations to an existing environment or audit an environment by using a playbook supplied with OpenStack-Ansible:
# Apply security hardening configurations
openstack-ansible security-hardening.yml
# Perform a quick audit by using Ansible's check mode
openstack-ansible --check security-hardening.ymlFor more information about the security configurations, see the OpenStack-Ansible host security hardening documentation.