5cc9d0b004
Reorganised content based on feedback and IA proposal in https://etherpad.openstack.org/p/osa-install-guide-IA: 1. Move affinity content to the appendix 2. Move security hardening configuration to the appendix 3. Create an advanced configuration section in the appendix 4. Delete configuring hosts and configuring target host networking information, and create a configuration file examples section 5. Move glance configuration information to the developer docs 6. Move overridding configuration defaults to the appendix. 7. Move checking configuration file content to the installation chapter Change-Id: I71efaf2472b1233f1b1a1367fcb00ca598d27ea9 Implements: blueprint osa-install-guide-overhaul
1.8 KiB
Home OpenStack-Ansible Installation Guide
Security hardening
OpenStack-Ansible automatically applies host security hardening configurations using the openstack-ansible-security role. The role uses a version of the Security Technical Implementation Guide (STIG) that has been adapted for Ubuntu 14.04 and OpenStack.
The role is applicable to physical hosts within an OpenStack-Ansible
deployment that are operating as any type of node, infrastructure or
compute. By default, the role is enabled. You can disable it by changing
a variable within user_variables.yml:
apply_security_hardening: falseWhen the variable is set to true, the
setup-hosts.yml playbook applies the role during
deployments.
You can apply security configurations to an existing environment or audit an environment using a playbook supplied with OpenStack-Ansible:
# Perform a quick audit using Ansible's check mode
openstack-ansible --check security-hardening.yml
# Apply security hardening configurations
openstack-ansible security-hardening.ymlFor more details on the security configurations that will be applied, refer to the openstack-ansible-security documentation. Review the Configuration section of the openstack-ansible-security documentation to find out how to fine-tune certain security configurations.