Major Hayden 6f6c08f4c3 Enable RHEL 7 STIG tasks as default [+Docs]

This patch enables the RHEL 7 STIG content tasks as the default.
Documentation has also been updated to reflect the change and provide
more concise information about what is available with each release.

The OpenStack-Ansible repo is still set to use the RHEL 6 STIG until
some issues with individual roles are resolved.

Implements: blueprint security-rhel7-stig
Change-Id: Ic72d97b87c0fb16646e5a31030404e1a9ad6a469

2017-01-13 19:06:07 +00:00

1.9 KiB

Raw Blame History

Getting started

The openstack-ansible-security role can be used along with the OpenStack-Ansible project or as a standalone role that can be used along with other Ansible playbooks.

Prepare your system

Start by installing ansible and then install the role itself using ansible-galaxy:

pip install ansible
ansible-galaxy install git+https://git.openstack.org/openstack/openstack-ansible-security

The role will be installed into /etc/ansible/roles/openstack-ansible-security.

Initial configuration

The role's default configuration is suitable for most Linux hosts. Deployers should review the special_notes section to learn more about how to provide custom configuration for the Ansible tasks in the role.

Using as a standalone role

Adding the openstack-ansible-security role to existing playbooks is straightforward. Here is an example of an existing role for deploying web servers with the security hardening role added:

---

- name: Deploy web servers
  hosts: webservers
  become: yes
  roles:
    - common
    - webserver
    - openstack-ansible-security

Using with OpenStack-Ansible

The openstack-ansible-security role is automatically enabled and applied in the Newton release of OpenStack-Ansible. Set the following Ansible variable to enable the role in the Mitaka release of OpenStack-Ansible:

apply_security_hardening: true

For more information, refer to the OpenStack-Ansible documentation on configuring security hardening.

1.9 KiB Raw Blame History