openstack/openstack-ansible
Code Issues Proposed changes
openstack-ansible/doc/source/install-guide-revised-draft/app-advanced-config-security.rst
daz 5cc9d0b004 [docs] Revise deployment configuration chapter 
Reorganised content based on feedback and IA proposal in
https://etherpad.openstack.org/p/osa-install-guide-IA:

1. Move affinity content to the appendix
2. Move security hardening configuration to the appendix
3. Create an advanced configuration section in the appendix
4. Delete configuring hosts and configuring target host networking information,
and create a configuration file examples section
5. Move glance configuration information to the developer docs
6. Move overridding configuration defaults to the appendix.
7. Move checking configuration file content to the installation chapter

Change-Id: I71efaf2472b1233f1b1a1367fcb00ca598d27ea9
Implements: blueprint osa-install-guide-overhaul
2016-08-03 09:51:57 +00:00

50 lines
1.8 KiB
ReStructuredText
Raw Blame History

`Home <index.html>`_ OpenStack-Ansible Installation Guide
.. _security_hardening:
==================
Security hardening
==================
OpenStack-Ansible automatically applies host security hardening configurations
using the `openstack-ansible-security`_ role. The role uses a version of the
`Security Technical Implementation Guide (STIG)`_ that has been adapted for
Ubuntu 14.04 and OpenStack.
The role is applicable to physical hosts within an OpenStack-Ansible deployment
that are operating as any type of node, infrastructure or compute. By
default, the role is enabled. You can disable it by changing a variable
within ``user_variables.yml``:
.. code-block:: yaml
apply_security_hardening: false
When the variable is set to ``true``, the ``setup-hosts.yml`` playbook applies
the role during deployments.
You can apply security configurations to an existing environment or audit
an environment using a playbook supplied with OpenStack-Ansible:
.. code-block:: bash
# Perform a quick audit using Ansible's check mode
openstack-ansible --check security-hardening.yml
# Apply security hardening configurations
openstack-ansible security-hardening.yml
For more details on the security configurations that will be applied, refer to
the `openstack-ansible-security`_ documentation. Review the `Configuration`_
section of the openstack-ansible-security documentation to find out how to
fine-tune certain security configurations.
.. _openstack-ansible-security: http://docs.openstack.org/developer/openstack-ansible-security/
.. _Security Technical Implementation Guide (STIG): https://en.wikipedia.org/wiki/Security_Technical_Implementation_Guide
.. _Configuration: http://docs.openstack.org/developer/openstack-ansible-security/configuration.html
.. _Appendix H: ../install-guide/app-custom-layouts.html
--------------
.. include:: navigation.txt
View Git Blame Copy Permalink