[release-announce] [openstackansible] openstack-ansible-security 15.1.0 (ocata)

no-reply at openstack.org no-reply at openstack.org
Mon Apr 3 14:02:33 UTC 2017


We jubilantly announce the release of:

openstack-ansible-security 15.1.0: OpenStack-Ansible: Host security
hardening

This release is part of the ocata stable release series.

Download the package from:

    https://tarballs.openstack.org/openstack-ansible-security/

For more details, please see below.

15.1.0
^^^^^^

Security Issues

* The security role will no longer fix file permissions and
  ownership based on the contents of the RPM database by default.
  Deployers can opt in for these changes by setting
  "security_reset_perm_ownership" to "yes".

* The tasks that search for ".shosts" and "shosts.equiv" files (STIG
  ID: RHEL-07-040330) are now skipped by default. The search takes a
  long time to complete on systems with lots of files and it also
  causes a significant amount of disk I/O while it runs.

Changes in openstack-ansible-security 15.0.0..15.1.0
----------------------------------------------------

032d98f Rename vars/common.yml to vars/main.yml
e7dc4ee Enable ntp client functionality with chronyd
160cb80 Make .shosts search/removal opt in
3bc5432 Disable file perm/ownership reset


Diffstat (except docs and test files)
-------------------------------------

defaults/main.yml                                  |   4 +-
...-rpm-perms-fix-by-default-b164e39717f0ada7.yaml |   6 +
...shosts-file-search-opt-in-887f600a79eef07e.yaml |   7 +
tasks/main.yml                                     |   5 -
templates/chrony.conf.j2                           |   5 +-
vars/common.yml                                    | 337 ---------------------
vars/main.yml                                      | 331 +++++++++++++++++++-
10 files changed, 354 insertions(+), 364 deletions(-)






More information about the Release-announce mailing list