3.3 KiB
OpenStack-Ansible: Host security hardening
Abstract
The openstack-ansible-security role provides security hardening for OpenStack environments deployed with openstack-ansible. The role has multiple goals:
- Provide additional security in a highly configurable, integrated way without disrupting a production OpenStack environment.
- Make it easier for organizations to meet the requirements of compliance programs, such as Payment Card Industry Data Security Standard (PCI-DSS).
- Document all changes to allow deployers to make educated decisions on which security configuration changes to apply.
At this time, the role follows the requirements of the US Government's Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 6.
The easiest method for reviewing the STIG configurations and the relevant metadata is through the STIG Viewer service provided by UCF.
Ocata: Development
The openstack-ansible-security role is currently under development for the Ocata release.
benefits.rst getting-started.rst special-notes.rst controls.rst developer-guide.rst
Newton: Latest stable release
The openstack-ansible-security role was first released with the 14.0.0 tag on October 20th, 2016. Refer to the Newton release notes for more details on the improvements and fixes.
The Newton release supports Ubuntu 14.04, Ubuntu 16.04, CentOS 7, and Red Hat Enterprise Linux 7 (partial automated test coverage).
Mitaka
The Mitaka release of the openstack-ansible-security role was first released with the 13.0.0 tag on April 1st, 2016. Refer to the Mitaka release notes for more details on the improvements and fixes.
Ubuntu 14.04 is supported in the Mitaka release.
Liberty
Refer to the Liberty release notes for more details on the improvements and fixes. The Libery release will reach EOL on November 17th, 2016.
Ubuntu 14.04 is supported in the Liberty release.