openstack-ansible/doc/source/install-guide/app-advanced-config-security.rst
Alexandra Settle f4fa8a947d [DOCS] Edits to appendix F
Change-Id: If4da02742286987382290d497d397af50270d77d
Partial-bug: 1629798
2016-10-05 16:23:16 +00:00

1.6 KiB

Security hardening

OpenStack-Ansible automatically applies host security hardening configurations by using the openstack-ansible-security role. The role uses a version of the Security Technical Implementation Guide (STIG) that has been adapted for Ubuntu 14.04 and OpenStack.

The role is applicable to physical hosts within an OpenStack-Ansible deployment that are operating as any type of node, infrastructure or compute. By default, the role is enabled. You can disable it by changing the value of the apply_security_hardening variable in the user_variables.yml file to false:

apply_security_hardening: false

You can apply security hardening configurations to an existing environment or audit an environment by using a playbook supplied with OpenStack-Ansible:

# Apply security hardening configurations
  openstack-ansible security-hardening.yml

# Perform a quick audit by using Ansible's check mode
  openstack-ansible --check security-hardening.yml

For more information about the security configurations, see the OpenStack-Ansible host security hardening documentation.