f74d72e85e
This patch updates the openstack-ansible-security documentation to match the documentation provided with OpenStack-Ansible. Closes-bug: 1538557 Change-Id: I63dc6a3836b7ffa35886253606b63d3aa34d0c2f
2.2 KiB
Home Security hardening for OpenStack-Ansible
Getting started
The openstack-ansible-security role can be used along with the OpenStack-Ansible project or as a standalone role that can be used along with other Ansible playbooks.
Using with OpenStack-Ansible
Starting with the Mitaka release, OpenStack-Ansible installs the openstack-ansible-security role automatically. It's disabled by default for deployments and can be enabled with an Ansible variable:
apply_security_hardening: trueIf the variable is set, the security hardening configurations will be
applied automatically on new builds that use the
scripts/run_playbooks.sh script provided with
OpenStack-Ansible. However, the role can be applied anytime by using the
playbook provided with OpenStack-Ansible:
cd /opt/openstack-ansible/playbooks/
openstack-ansible -e "apply_security_hardening=true" security-hardening.ymlFor more information, refer to the OpenStack-Ansible documentation on configuring security hardening.
Using as a standalone role
There are several options for using openstack-ansible-security as a standalone role or along with another existing project. Here are two fairly easy methods:
- Add openstack-ansible-security as a git submodule in the roles directory of an existing Ansible project
- Clone the role into
/etc/ansible/roles/on any system and write a custom playbook and hosts inventory file
The playbook for openstack-ansible-security can be fairly simple, depending on the configuration of the systems:
---
- name: Run openstack-ansible-security
hosts: webservers
user: root
roles:
- openstack-ansible-securityThis playbook will run the tasks in the openstack-ansible-security
role against all hosts in the webservers group (as defined
in an inventory file).