ansible-hardening role hook in tripleo quickstart

Registered by Luke Hinds on 2017-06-24

This blueprint seeks to provide a hook to allow the ansible-hardening role [1] to perform systems security hardening in tripleo-quickstart deployments.

This will allow operators to automate systems hardening and reach security compliance for standards such as DISA STIG and the OpenStack Security Guides recommended check lists.

Initial idea is to create new tags such as 'undercloud-hardening' and 'overcloud-hardening' which include the anisble-hardening role.

Also provide a means for performing an audit using checkmode [2]

The ansible-hardening role is an exsiting OpenStack project [1]

[1] https://docs.openstack.org/developer/ansible-hardening/

[2] http://docs.ansible.com/ansible/playbooks_checkmode.html

Blueprint information

Status:
Not started
Approver:
None
Priority:
Undefined
Drafter:
Luke Hinds
Direction:
Needs approval
Assignee:
Luke Hinds
Definition:
Discussion
Series goal:
None
Implementation:
Unknown
Milestone target:
None

Related branches

Sprints

Whiteboard

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.

Subscribers

No subscribers.