tripleo-quickstart

ansible-hardening role hook in tripleo quickstart

Registered by Luke Hinds on 2017-06-24

This blueprint seeks to provide a hook to allow the ansible-hardening role [1] to perform systems security hardening in tripleo-quickstart deployments.

This will allow operators to automate systems hardening and reach security compliance for standards such as DISA STIG and the OpenStack Security Guides recommended check lists.

Initial idea is to create new tags such as 'undercloud-hardening' and 'overcloud-hardening' which include the anisble-hardening role.

Also provide a means for performing an audit using checkmode [2]

The ansible-hardening role is an exsiting OpenStack project [1]

[1] https://docs.openstack.org/developer/ansible-hardening/

[2] http://docs.ansible.com/ansible/playbooks_checkmode.html

Blueprint information

Status:: Not started

Approver:: None

Priority:: Undefined

Drafter:: Luke Hinds

Direction:: Needs approval

Assignee:: Luke Hinds

Definition:: Discussion

Series goal:: None

Implementation:: Unknown

Milestone target:: None

Related branches

Related bugs

Sprints

Whiteboard

(?)

Work Items

This blueprint contains Public information

Everyone can see this information.

Subscribers

No subscribers.