[openstack-dev] [openstack-ansible][security] Next steps: openstack-ansible-security

Major Hayden major at mhtx.net
Fri Nov 6 21:51:17 UTC 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello there,

At this moment, openstack-ansible-security[1] is feature complete and all of the Ansible tasks and documentation for the STIGs are merged.  Exciting!

I've done lots of work to ensure that the role uses sane defaults so that it can be applied to the majority of OpenStack deployments without disrupting services.  It only supports Ubuntu 14.04 for now, but that's openstack-ansible's supported platform as well.

I'd like to start by adding it to the gate-check-commit.sh script so that the security configurations are applied prior to running tempest.  This should hopefully catch any defaults that could be disruptive in an openstack-ansible environment.  If that works, I'd like to add it to the run-playbooks.sh script so that it runs for all deployments (toggled via a configuration option, of course).

Does that seem like a decent plan?  Let me know if that makes sense and I'll get to work.

[1] http://docs.openstack.org/developer/openstack-ansible-security/

- --
Major Hayden
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJWPSDTAAoJEHNwUeDBAR+x0/sP/iOO29N5wqLmbI/LU5FlGK6l
RMnFLDmzw5bMYOHW8xeh8E689CIEnV2caew65raSKWxH5321hQfCkvxabR5UKEaE
H4w/QUkHRCQz1UMYxL8/QuOqrluCf1T9pkVvOIcw3o1AKKAMMTVvB73ZP9HGkMEL
y9zRtMby8Q99bRImTXvC9UDZGLhA3eK22jEQlwNxrbotTm2Ydz5jnxn1tFoEXUK1
n52skdokchjxn59U0VE+ITWCF9u05xy3oyT2ihoSRSGj5vTNf7u/wHHZr9330Wn6
VZ5JwqcOTmlp8svhiouTUTw7hBhM9gJ1f5BuuIxz7rcFgCwrUFwVfAyte+wG0S0B
0kH5F0jdsNy7AoQ/C6L+xq2Y4P9z6c3qGUvJY1EsYpTz8RjMNFCdyLwZyks2IiCG
S+XCZGBWIIFjtl0MVBdMG42toak1e8fll+Lc5N5Pto1ru3a6b8LxuaXBts5kEXh9
dzu7XFaNU5GxIAWZWcMnjG0OvYXqPC4tMjT9eNp/fWEbezVlLPEvwESLgGjy6+Bg
C7RAw599NEgfvkkWG9nS9AvRCdJVgTS7GsQHbHNxacwjApRkG4meMcrykW/vHBks
wY9kII932CTbv1sfsunGkm4+sh8/z39eCS6Ny+NDoW/Bqig0unUjZHm4WkvNHYFS
lrdlLLaolbSwY7UTFsBb
=fPim
-----END PGP SIGNATURE-----



More information about the OpenStack-dev mailing list