71390fe0cf
Add new relation to support bootstrapping a new deployment of the ceph-mon charm from an existing ceph charm deployment, supporting migration away from the deprecated ceph charm. Each member of the existing ceph application will present the required fsid and monitor-secret values, as well as its public address so that the related ceph-mon units can correctly seed from the exisitng MON cluster. Provide stop hook implementation, which will leaves OSD services running but will remove the ceph.conf provided directly from this charm, falling back to ceph.conf provided by other charms installed on the same machine. MON and MGR services will be shutdown and disabled. Closes-Bug: 1665159 Change-Id: I9bd1d7630a8eff53c65cb0f07d17e095fc7f32a9 Depends-On: Iac34d1bee4b51b55dfb3d14d315aae8526a0893c |
||
---|---|---|
.. | ||
apache | ||
audits | ||
defaults | ||
host | ||
mysql | ||
ssh | ||
README.hardening.md | ||
__init__.py | ||
harden.py | ||
templating.py | ||
utils.py |
README.hardening.md
Juju charm-helpers hardening library
Description
This library provides multiple implementations of system and application hardening that conform to the standards of http://hardening.io/.
Current implementations include:
- OS
- SSH
- MySQL
- Apache
Requirements
- Juju Charms
Usage
-
Synchronise this library into your charm and add the harden() decorator (from contrib.hardening.harden) to any functions or methods you want to use to trigger hardening of your application/system.
-
Add a config option called 'harden' to your charm config.yaml and set it to a space-delimited list of hardening modules you want to run e.g. "os ssh"
-
Override any config defaults (contrib.hardening.defaults) by adding a file called hardening.yaml to your charm root containing the name(s) of the modules whose settings you want override at root level and then any settings with overrides e.g.
os: general: desktop_enable: True
-
Now just run your charm as usual and hardening will be applied each time the hook runs.