Hey Major, This sounds like a great next step. It might also be cool to set up Vagrant to pull Ubuntu 14.04, grab Ansible, and run the scripts on it. I'll carve out a few hours early next week and have a crack at it.
-Travis On 11/6/15, 10:59 PM, Major Hayden wrote: >Hello there, > >At this moment, openstack-ansible-security[1] is feature complete and >all of the Ansible tasks and documentation for the STIGs are merged. >Exciting! > >I've done lots of work to ensure that the role uses sane defaults so >that it can be applied to the majority of OpenStack deployments without >disrupting services. It only supports Ubuntu 14.04 for now, but that's >openstack-ansible's supported platform as well. > >I'd like to start by adding it to the gate-check-commit.sh script so >that the security configurations are applied prior to running tempest. >This should hopefully catch any defaults that could be disruptive in an >openstack-ansible environment. If that works, I'd like to add it to >the run-playbooks.sh script so that it runs for all deployments >(toggled via a configuration option, of course). > >Does that seem like a decent plan? Let me know if that makes sense >and I'll get to work.
smime.p7s
Description: S/MIME cryptographic signature
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev