Home » Security hardening for openstack-ansible
The OpenStack gate runs the tox tests found within tox.ini. Developers should use these tox tests to verify that their changes will work when the gate jobs run. Some systems may need additional packages for these tests to run properly.
To install all of the prerequisites and run the functional tests, use the run_tests.sh script:
./run_tests.sh
Note
This script will apply the default security hardening configurations to the local host. Avoid running this script on production servers which have not been properly tested with the security role.
Each security configuration has corresponding documentation found in docs/source/developer-notes. The documentation should be brief, but it must answer a few critical questions:
Each developer note is stored with the configuration number as its filename. For example, the documentation for V-38476 is stored in doc/source/developer-notes/V-38476.rst. If the developer notes for several security configurations are identical, symbolic links can be used to avoid repeating information.
Adding release notes helps deployers and other developers discover the new additions to the role in a concise format. Release notes should be added to incoming patches if they would change something noticeable in the role, such as bug fixes, new functionality, or variable name changes.
To add a release note, use reno:
reno new i-made-a-new-feature-that-does-something-awesome
Once you run the reno new command with a release note slug, a new file appears in releasenotes/notes. Edit that file and adjust the relevant section to explain the changes found within your patch. Delete any unused sections and submit the release note with your patch.
For more details, refer to the documentation on release notes found in the OpenStack-Ansible developer documentation