6c9eb50fd6
If a deployer installs AIDE the first time they apply the role without initializing AIDE and they want to initialize it later, the handler that does the initialization never fires. This patch does a few things: - Ensures AIDE initialization if the initialize_aide bool is True - Doesn't intialize the AIDE db if it already exists - Moves the new db into place on Red Hat systems - Moves the AIDE tasks into its own file with tags - Prevents AIDE from trawling through /var Manual backport of two reviews: * https://review.openstack.org/#/c/359554/ * https://review.openstack.org/#/c/361460/ Closes-Bug: 1616281 Backport-of: I170eb3898b4336333b1fbe663ec4f069823898e0 Change-Id: Iaedcce1d6416f2224f44376336c23702e6152a00 |
||
|---|---|---|
| defaults | ||
| doc | ||
| files | ||
| handlers | ||
| meta | ||
| releasenotes | ||
| tasks | ||
| templates | ||
| tests | ||
| vars | ||
| .gitignore | ||
| .gitreview | ||
| LICENSE | ||
| README.md | ||
| README.rst | ||
| Vagrantfile | ||
| other-requirements.txt | ||
| run_tests.sh | ||
| setup.cfg | ||
| setup.py | ||
| test-requirements.txt | ||
| tox.ini | ||
README.md
openstack-ansible-security
The goal of the openstack-ansible-security role is to improve security within openstack-ansible deployments. The role is based on the Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 6.
Requirements
This role can be used with or without the openstack-ansible role. It requires Ansible 1.8.3 at a minimum.
Role Variables
All of the variables for this role are in defaults/main.yml.
Dependencies
This role has no dependencies.
Example Playbook
Using the role is fairly straightforward:
- hosts: servers
roles:
- openstack-ansible-security
Running with Vagrant
Security Ansible can be easily run for testing using Vagrant.
To do so run:
vagrant destroy To destroy any previously created Vagrant setup
vagrant up Spin up Ubuntu Trusty VM and run ansible-security against it
License
Apache 2.0
Author Information
For more information, join #openstack-ansible on Freenode.