-
Notifications
You must be signed in to change notification settings - Fork 23
Enable CIS benchmark hardening in AIO and Multinode #1104
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Changes from 3 commits
Commits
Show all changes
12 commits
Select commit
Hold shift + click to select a range
1c3090f
Enable CIS benchmark hardening in AIO and Multinode
jovial 4ded47e
Support extending default hardening group
jovial fd2efb3
Fix hook
jovial ac8d884
Merge branch 'stackhpc/2023.1' into feature/2023.1/cis
jovial ee35591
Update name of variable
jovial 4bfa617
Add note about needing to reboot
jovial 10cca92
Add cis tag
jovial 6308f6c
Ensure we have an IP on breth1
jovial 425a0ac
Only run configure-aio-resources again on upgrade
jovial 3346b3e
Merge branch 'stackhpc/2023.1' into feature/2023.1/cis
jovial 70fad7b
Move CIS group_vars to cis-hardening group
jovial 3763af7
Update docs for group_vars change of location
jovial File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
| --- | ||
|
|
||
| stackhpc_enable_cis_benchmark_hardening: true |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
| --- | ||
|
|
||
| stackhpc_enable_cis_benchmark_hardening: true |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,4 @@ | ||
| --- | ||
|
|
||
| - import_playbook: ../../../ansible/cis.yml | ||
| when: stackhpc_enable_cis_benchmark_hardening | bool | ||
markgoddard marked this conversation as resolved.
Show resolved
Hide resolved
markgoddard marked this conversation as resolved.
Show resolved
Hide resolved
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,6 @@ | ||
| --- | ||
| ############################################################################### | ||
| # Feature flags | ||
|
|
||
| # Whether or not to run CIS benchmark hardening playbooks. Default is false. | ||
| stackhpc_enable_cis_benchmark_hardening: false |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| --- | ||
| features: | ||
| - | | ||
| Adds a hook to automatically run the CIS benchmark hardening playbooks as | ||
| part of host configure. This is guarded by the | ||
| ``stackhpc_enable_cis_benchmark_hardening`` configuration option and is | ||
| disabled by default. |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.