d1ca8dbaa7
This commit adds the ability to enable automatic package upgrades via openstack-ansible-security. To enable, add the following variable to your /etc/openstack_deploy/user_variables.yml file: unattended_upgrades_enabled: true To have the unattended upgrades system send e-mail notifications when packages need updating or errors are encountered, add the following to user_variables.yml: unattended_upgrades_notifications: true As many organisations do not subscribe to auto updates, this functionality will remain disabled by default. Note that the first iteration of this change does not allow deep customisation of unatteded-upgrades. This means that as it stands only trusty-security (or $distro-security) updates will be applied. Closes-Bug: #1568075 Change-Id: I22ba1a02acfbe2befb601af6a4099d53d988d856
openstack-ansible-security
The goal of the openstack-ansible-security role is to improve security within openstack-ansible deployments. The role is based on the Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 6.
Requirements
This role can be used with or without the openstack-ansible role. It requires Ansible 1.8.3 at a minimum.
Role Variables
All of the variables for this role are in defaults/main.yml.
Dependencies
This role has no dependencies.
Example Playbook
Using the role is fairly straightforward:
- hosts: servers
roles:
- openstack-ansible-security
Running with Vagrant
Security Ansible can be easily run for testing using Vagrant.
To do so run:
vagrant destroy To destroy any previously created Vagrant setup
vagrant up Spin up Ubuntu Trusty VM and run ansible-security against it
License
Apache 2.0
Author Information
For more information, join #openstack-ansible on Freenode.