fa2800419e
This patch migrates all of the remaining non-unique variable names in the security role to a pattern that begins with `security_*`. This will reduce potential variable collisions with other roles. This is a breaking change for deployers and users who are moving from the liberty or stable/mitaka branches to master. Release notes are included with additional details to help with the transition. Closes-Bug: 1578326 Change-Id: Ib716e81e6fed971b21dc5579ae1a871736e21189
883 B
Ubuntu's default for security_disk_full_action is
SUSPEND, which actually only suspends audit logging. That
could be a security issue, so SYSLOG is recommended and is
set by default by openstack-ansible-security. If syslog messages are
being sent to remote servers, these log messages should alert an
administrator about the disk being full. There are additional options
available, like EXEC, SINGLE or
HALT.
To configure a different security_disk_full_action, set
the following Ansible variable:
security_disk_full_action: SYSLOGFor details on available settings and what they do, run
man auditd.conf. Some options can cause the host to go
offline until the issue is fixed. Deployers are urged to
carefully read the auditd documentation prior to
changing the security_disk_full_action setting from the
default.