fa2800419e
This patch migrates all of the remaining non-unique variable names in the security role to a pattern that begins with `security_*`. This will reduce potential variable collisions with other roles. This is a breaking change for deployers and users who are moving from the liberty or stable/mitaka branches to master. Release notes are included with additional details to help with the transition. Closes-Bug: 1578326 Change-Id: Ib716e81e6fed971b21dc5579ae1a871736e21189
640 B
640 B
Although the STIG recommends disabling root logins via ssh, the default in this role is to allow it. The openstack-ansible deployment uses the root user by default at this time, but that may change later and allow for this configuration to be set.
To disallow root logins via ssh, simply adjust this configuration variable:
security_ssh_permit_root_login: 'no'NOTE: The quotes around 'no' or
'yes' are very important. Ansible will treat
no and yes as booleans by default and that
will cause a True to land in your sshd configuration file.
This will causes errors during sshd's startup.