Skip to content

MOV-AI/ansible-collection-security

BranchesTags

Repository files navigation

movai.security

This collection contains a set of roles and playbooks to secure a fleet of machines organized as managers and workers.

Table of contents

Roles:

  • config_default_umask
  • config_kernel_params
  • firewall

Playbooks:

  • apply_hardening

Collections used:

  • devsec.hardening: OS and SSH hardening

Usage

Ansible version requires at least Python 3.9

Take great attention at the version of python and ansible used and follow the installation instructions below.

Installing this collection from the GIT repository

You can install the movai.security collection with the Ansible Galaxy CLI:

ansible-galaxy collection install [email protected]:MOV-AI/ansible-collection-security.git

You can also include it in a requirements.yml file and install it with ansible-galaxy collection install -r requirements.yml, using the format:

collections:
  - name: [email protected]:MOV-AI/ansible-collection-security.git
    type: git
    version: "1.0.1"

The python module dependencies are not installed by ansible-galaxy. They can be manually installed using pip:

pip install -r requirements.txt

Using the playbooks

Apply the hardening playbook to secure your machines:

ansible-playbook -i inventory.yml movai.security.apply_hardening.yml

Using the roles

You can use the roles in your own playbooks:

- hosts: all
  roles:
    - role: movai.security.config_default_umask
    - role: movai.security.config_kernel_params
    - role: movai.security.firewall

Inventory file format

Respect the format given in the example below:

fleet:
  children:
    managers:
      hosts:
        manager:
          ansible_host: <MANAGER_IP>
      vars:
        ansible_user: <MANAGER_USER>
        ansible_ssh_private_key_file: <MANAGERS_SSH_KEY_PATH>
    workers:
      hosts:
        member0:
          ansible_host: <MEMBER0_IP>
        member1:
          ansible_host: <MEMBER1_IP>
      vars:
        ansible_user: <MEMBERS_USER>
        ansible_ssh_private_key_file: <WORKERS_SSH_KEY_PATH>

Development

Installing the collection from source

To install the collection from source locally, use the following command:

ansible-galaxy collection build
ansible-galaxy collection install movai-security-1.0.1.tar.gz

Running the tests

To run the tests, use the following command:

python3.9 -m venv molecule-venv
source molecule-venv/bin/activate
pip install -r requirements.txt
molecule converge

See detailed instructions

devsec.hardening collection

This repository uses the devsec.hardening collection to apply security configurations to the fleet. The collection is installed with the requirements.yml file. 2 roles are used from the collection:

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 2

1.0.0-0 Latest
Aug 14, 2024
+ 1 release

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages