Getting started¶
The ansible-hardening role can be used along with the OpenStack-Ansible project or as a standalone role that can be used along with other Ansible playbooks.
Prepare your system¶
Start by installing ansible and then install the role itself using
ansible-galaxy:
pip install ansible
ansible-galaxy install git+https://git.openstack.org/openstack/ansible-hardening
The role will be installed into
/etc/ansible/roles/ansible-hardening.
Initial configuration¶
The role’s default configuration is suitable for most Linux hosts. Deployers should review the Deviations & Special Notes section to learn more about how to provide custom configuration for the Ansible tasks in the role.
Using as a standalone role¶
Adding the ansible-hardening role to existing playbooks is straightforward. Here is an example of an existing role for deploying web servers with the security hardening role added:
---
- name: Deploy web servers
hosts: webservers
become: yes
roles:
- common
- webserver
- ansible-hardening
Using with OpenStack-Ansible¶
The ansible-hardening role is automatically enabled and applied in the Newton release of OpenStack-Ansible. Set the following Ansible variable to enable the role in the Mitaka release of OpenStack-Ansible:
apply_security_hardening: true
For more information, refer to the OpenStack-Ansible documentation on configuring security hardening.
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.