2798cf403c
The openstack-ansible-security role and repository is being phased out in favor of the ansible-hardening role. This patch adjusts all references of the old role to use the new name. Depends-On: I711aed6daf6391de71d3c2b47fbfc00fe6b66d9f Change-Id: I9cbdddde71fb0d71d8c412d3f62f0b0f6a241aee
39 lines
1.5 KiB
ReStructuredText
39 lines
1.5 KiB
ReStructuredText
.. _security_hardening:
|
|
|
|
==================
|
|
Security hardening
|
|
==================
|
|
|
|
OpenStack-Ansible automatically applies host security hardening configurations
|
|
by using the `ansible-hardening`_ role. The role uses a version of the
|
|
`Security Technical Implementation Guide (STIG)`_ that has been adapted for
|
|
Ubuntu 14.04 and OpenStack.
|
|
|
|
The role is applicable to physical hosts within an OpenStack-Ansible deployment
|
|
that are operating as any type of node, infrastructure or compute. By
|
|
default, the role is enabled. You can disable it by changing the value of
|
|
the ``apply_security_hardening`` variable in the ``user_variables.yml`` file
|
|
to ``false``:
|
|
|
|
.. code-block:: yaml
|
|
|
|
apply_security_hardening: false
|
|
|
|
You can apply security hardening configurations to an existing environment or
|
|
audit an environment by using a playbook supplied with OpenStack-Ansible:
|
|
|
|
.. code-block:: bash
|
|
|
|
# Apply security hardening configurations
|
|
openstack-ansible security-hardening.yml
|
|
|
|
# Perform a quick audit by using Ansible's check mode
|
|
openstack-ansible --check security-hardening.yml
|
|
|
|
For more information about the security configurations, see the
|
|
`OpenStack-Ansible host security`_ hardening documentation.
|
|
|
|
.. _ansible-hardening: http://docs.openstack.org/developer/ansible-hardening/
|
|
.. _Security Technical Implementation Guide (STIG): https://en.wikipedia.org/wiki/Security_Technical_Implementation_Guide
|
|
.. _OpenStack-Ansible host security: http://docs.openstack.org/developer/ansible-hardening/
|