OpenStack-Ansible: Host security hardening¶

Abstract¶

The openstack-ansible-security role provides security hardening for OpenStack environments deployed with openstack-ansible. The role has multiple goals:

• Provide additional security in a highly configurable, integrated way without disrupting a production OpenStack environment.
• Make it easier for organizations to meet the requirements of compliance programs, such as Payment Card Industry Data Security Standard (PCI-DSS).
• Document all changes to allow deployers to make educated decisions on which security configuration changes to apply.

At this time, the role follows the requirements of the US Government’s Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 6.

The easiest method for reviewing the STIG configurations and the relevant metadata is through the STIG Viewer service provided by UCF.

Newton: Development¶

The openstack-ansible-security role is currently under development for the Newton release. The Newton release supports the following Linux distributions:

• Ubuntu 14.04
• Ubuntu 16.04
• CentOS 7
• Red Hat Enterprise Linux 7 (partial automated test coverage)

Mitaka: Stable release¶

The Mitaka release of the openstack-ansible-security role was first released with the 13.0.0 tag on April 1st, 2016. Refer to the Mitaka release notes for more details on the improvements and fixes.

Ubuntu 14.04 is supported in the Mitaka release.

• openstack-ansible-security Mitaka Documentation

Liberty: Previous stable release (EOL: 2016-11-17)¶

Refer to the Liberty release notes for more details on the improvements and fixes.

Ubuntu 14.04 is supported in the Liberty release.

• openstack-ansible-security Liberty Documentation