openstack/ansible-hardening

Stars
632
Rank 71,124 (Top 2 %)
Language Jinja
License
Apache License 2.0
Created over 7 years ago
Updated over 1 year ago

openstack/ansible-hardening

openstack

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Ansible role for security hardening. Mirror of code maintained at opendev.org.

ansible-hardening

The ansible-hardening role applies security hardening configurations from the Security Technical Implementation Guide (STIG) to systems running the following distributions:

CentOS 8
Debian Buster
Ubuntu Bionic
Ubuntu Focal

For more details, review the ansible-hardening documentation.

Release notes for the project can be found at: https://docs.openstack.org/releasenotes/ansible-hardening

Requirements

This role can be used with or without OpenStack-Ansible. It requires Ansible 2.3 or later.

Role Variables

All of the variables for this role are in defaults/main.yml.

Dependencies

This role has no dependencies.

Example Playbook

Using the role is fairly straightforward:

- hosts: servers
  roles:
     - ansible-hardening

Running with Vagrant

This role can be tested easily on multiple platforms using Vagrant.

The Vagrantfile supports testing on:

Ubuntu 16.04
CentOS 7

To test on all platforms:

vagrant destroy --force && vagrant up

To test on Ubuntu 14.04 only:

vagrant destroy ubuntu1404 --force && vagrant up ubuntu1404

To test on Ubuntu 16.04 only:

vagrant destroy ubuntu1604 --force && vagrant up ubuntu1604

To test on CentOS 7 only:

vagrant destroy centos7 --force && vagrant up centos7

License

Apache 2.0

Author Information

For more information, join #openstack-ansible on OFTC.

openstack

Repository tracking all OpenStack repositories as submodules. Mirror of code maintained at opendev.org.

nova

OpenStack Compute (Nova). Mirror of code maintained at opendev.org.

swift

OpenStack Storage (Swift). Mirror of code maintained at opendev.org.

devstack

System for quickly installing an OpenStack cloud from upstream git for testing and development. Mirror of code maintained at opendev.org.

openstack-ansible

Ansible playbooks for deploying OpenStack. Mirror of code maintained at opendev.org.

neutron

OpenStack Networking (Neutron). Mirror of code maintained at opendev.org.

horizon

OpenStack Dashboard (Horizon). Mirror of code maintained at opendev.org.

kolla

Kolla provides production-ready containers and deployment tools for operating OpenStack clouds. Mirror of code maintained at opendev.org.

keystone

OpenStack Identity (Keystone). Mirror of code maintained at opendev.org.

cinder

OpenStack Block Storage (Cinder). Mirror of code maintained at opendev.org.

kolla-ansible

Ansible deployment of the Kolla containers. Mirror of code maintained at opendev.org.

glance

OpenStack Image Management (Glance). Mirror of code maintained at opendev.org.

ironic

A service for managing and provisioning Bare Metal servers. Mirror of code maintained at opendev.org.

openstack-manuals

OpenStack Manuals. Mirror of code maintained at opendev.org.

openstack-helm

Helm charts for deploying OpenStack on Kubernetes. Mirror of code maintained at opendev.org.

heat

OpenStack Orchestration (Heat). Mirror of code maintained at opendev.org.

heat-templates

OpenStack Orchestration (Heat) Templates. Mirror of code maintained at opendev.org.

python-novaclient

OpenStack Compute (Nova) Client. Mirror of code maintained at opendev.org.

tempest

OpenStack Testing (Tempest) of an existing cloud. Mirror of code maintained at opendev.org.

taskflow

A library to complete workflows/tasks in HA manner. Mirror of code maintained at opendev.org.

diskimage-builder

Image building tools for OpenStack. Mirror of code maintained at opendev.org.

python-swiftclient

OpenStack Storage (Swift) Client. Mirror of code maintained at opendev.org.

rally

Rally provides a framework for performance analysis and benchmarking of individual OpenStack components as well as full production OpenStack cloud deployments. Mirror of code maintained at opendev.org.

magnum

Container Infrastructure Management Service for OpenStack. Mirror of code maintained at opendev.org.

python-openstackclient

Client for OpenStack services. Mirror of code maintained at opendev.org.

ceilometer

OpenStack Telemetry (Ceilometer). Mirror of code maintained at opendev.org.

bashate

Code style enforcement for bash programs. Mirror of code maintained at opendev.org.

trove

OpenStack Database As A Service (Trove). Mirror of code maintained at opendev.org.

mistral

Workflow Service for OpenStack. Mirror of code maintained at opendev.org.

openstacksdk

Unified SDK for OpenStack. Mirror of code maintained at opendev.org.

hacking

OpenStack Hacking Style Checks. Mirror of code maintained at opendev.org.

barbican

Barbican is a ReST API designed for the secure storage, provisioning and management of secrets, including in OpenStack environments. Mirror of code maintained at opendev.org.

cliff

Command Line Interface Formulation Framework. Mirror of code maintained at opendev.org.

devstack-vagrant

Vagrant configuration for building DevStack environments. Mirror of code maintained at opendev.org.

pbr

Python Build Reasonableness. Mirror of code maintained at opendev.org.

python-keystoneclient

OpenStack Identity (Keystone) Client. Mirror of code maintained at opendev.org.

stevedore

Manage dynamic plugins for Python applications. Mirror of code maintained at opendev.org.

sahara

Sahara provides a scalable data processing stack and associated management interfaces. Mirror of code maintained at opendev.org.

kuryr

Bridge between container framework networking and storage models to OpenStack networking and storage abstractions. Mirror of code maintained at opendev.org.

python-neutronclient

OpenStack Networking (Neutron) Client. Mirror of code maintained at opendev.org.

tripleo-heat-templates

Heat templates for deploying OpenStack. Mirror of code maintained at opendev.org.

octavia

Load Balancing as a Service (LBaaS) for OpenStack. Mirror of code maintained at opendev.org.

designate

OpenStack DNS As A Service (Designate). Mirror of code maintained at opendev.org.

oslo.messaging

OpenStack library for messaging. Mirror of code maintained at opendev.org.

manila

Shared filesystem management project for OpenStack. Mirror of code maintained at opendev.org.

kuryr-kubernetes

Kubernetes integration with OpenStack networking. Mirror of code maintained at opendev.org.

virtualbmc

A virtual BMC for controlling virtual machines using IPMI commands. Mirror of code maintained at opendev.org.

cloudkitty

Rating service for OpenStack. Mirror of code maintained at opendev.org.

zaqar

OpenStack Messaging (Zaqar). Mirror of code maintained at opendev.org.

openstack-chef-repo

Examples and references to use Chef for OpenStack projects. Mirror of code maintained at opendev.org.

oslo.config

OpenStack library for config. Mirror of code maintained at opendev.org.

yaql

Yet another query language. Mirror of code maintained at opendev.org.

requirements

Global requirements for OpenStack. Mirror of code maintained at opendev.org.

tacker

Tacker: ETSI MANO NFV Orchestrator / VNF Manager. See https://wiki.openstack.org/wiki/Tacker. Mirror of code maintained at opendev.org.

openstack-helm-infra

Repository for OpenStack Helm infrastructure-related code. Mirror of code maintained at opendev.org.

tripleo-quickstart

Ansible based project for setting up TripleO virtual environments. Mirror of code maintained at opendev.org.

tooz

Coordinate distributed systems. Mirror of code maintained at opendev.org.

liberasurecode

Erasure Code API library written in C with pluggable Erasure Code backends. Mirror of code maintained at opendev.org.

puppet-ceph

Ceph Puppet Module. Mirror of code maintained at opendev.org.

project-config

Configuration files for project CI systems. Mirror of code maintained at opendev.org.

murano

Application Catalog for OpenStack. Mirror of code maintained at opendev.org.

python-glanceclient

OpenStack Image Management (Glance) Client. Mirror of code maintained at opendev.org.

ironic-python-agent

A Python agent for provisioning and deprovisioning Bare Metal servers. Mirror of code maintained at opendev.org.

osprofiler

OpenStack cross service/project profiler. Mirror of code maintained at opendev.org.

solum

An OpenStack project designed to make cloud services easier to consume and integrate into your application development process. See: https://wiki.openstack.org/wiki/Solum. Mirror of code maintained at opendev.org.

ec2-api

AWS EC2 and VPC API support in standalone service for OpenStack. Mirror of code maintained at opendev.org.

python-cinderclient

OpenStack Block Storage (Cinder) Client. Mirror of code maintained at opendev.org.

bifrost

Ansible roles and playbooks to enable a standalone Ironic install. Mirror of code maintained at opendev.org.

python-heatclient

OpenStack Orchestration (Heat) Client. Mirror of code maintained at opendev.org.

networking-ovn

DEPRECATED, Neutron integration with OVN. Mirror of code maintained at opendev.org.

monasca-agent

Agent for Monasca. Mirror of code maintained at opendev.org.

tosca-parser

Parser for TOSCA Simple Profile in YAML. Mirror of code maintained at opendev.org.

vitrage

OpenStack RCA (Root Cause Analysis) Engine. Mirror of code maintained at opendev.org.

training-guides

Community created, open source training guides for OpenStack. Mirror of code maintained at opendev.org.

oslo.db

OpenStack Common DB Code. Mirror of code maintained at opendev.org.

heat-translator

Translate non-heat templates to Heat Orchestration Template. Mirror of code maintained at opendev.org.

monasca-api

Monasca REST API. Mirror of code maintained at opendev.org.

zun

Containers Service for OpenStack. Mirror of code maintained at opendev.org.

shade

Client library for OpenStack containing Infra business logic. Mirror of code maintained at opendev.org.

oslo.utils

OpenStack library utils. Mirror of code maintained at opendev.org.

api-site

OpenStack API site. Mirror of code maintained at opendev.org.

cookiecutter

Cookiecutter Template for new OpenStack projects. Mirror of code maintained at opendev.org.

tripleo-image-elements

Disk image elements for deployment images of OpenStack. Mirror of code maintained at opendev.org.

networking-odl

Neutron drivers for OpenDaylight. Mirror of code maintained at opendev.org.

murano-apps

Examples and reference implementation of Murano application packages. Mirror of code maintained at opendev.org.

openstack-ansible-ops

Operations-related content for OpenStack-Ansible. Mirror of code maintained at opendev.org.

governance

OpenStack Technical Committee Decisions. Mirror of code maintained at opendev.org.

xstatic-jsencrypt

JSEncrypt JavaScript library packaged as XStatic. Mirror of code maintained at opendev.org.

puppet-nova

OpenStack Nova Puppet Module. Mirror of code maintained at opendev.org.

python-troveclient

OpenStack Database as a Service (Trove) Client. Mirror of code maintained at opendev.org.

puppet-keystone

OpenStack Keystone Puppet Module. Mirror of code maintained at opendev.org.

oslo.concurrency

OpenStack library for all concurrency-related code. Mirror of code maintained at opendev.org.

puppet-openstack-integration

Collection of scripts and manifests for module testing. Mirror of code maintained at opendev.org.

watcher

Resource optimization service for OpenStack. Mirror of code maintained at opendev.org.

operations-guide

OpenStack Operations Guide. Mirror of code maintained at opendev.org.

nova-specs

OpenStack Compute (Nova) Specifications. Mirror of code maintained at opendev.org.

openstack-doc-tools

Tools used by OpenStack Documentation. Mirror of code maintained at opendev.org.

glance_store

Glance stores library. Mirror of code maintained at opendev.org.

keystonemiddleware

OpenStack Identity (Keystone) Middleware. Mirror of code maintained at opendev.org.

neutron-fwaas

Firewall services for OpenStack Neutron. Mirror of code maintained at opendev.org.