Harden the resilience of main system services

author Krisztian Lengyel <krisztian.lengyel@nokia.com>

Tue, 17 Sep 2019 14:19:58 +0000 (10:19 -0400)

committer Krisztian Lengyel <krisztian.lengyel@nokia.com>

Tue, 17 Sep 2019 14:35:27 +0000 (10:35 -0400)
author Krisztian Lengyel <krisztian.lengyel@nokia.com>
Tue, 17 Sep 2019 14:19:58 +0000 (10:19 -0400)
committer Krisztian Lengyel <krisztian.lengyel@nokia.com>
Tue, 17 Sep 2019 14:35:27 +0000 (10:35 -0400)
diff --git a/roles/monitoring/defaults/main.yaml b/roles/monitoring/defaults/main.yaml

index e535511..e6a3677 100644 (file)
--- a/roles/monitoring/defaults/main.yaml
+++ b/roles/monitoring/defaults/main.yaml
@@ -15,3 +15,13 @@
  # limitations under the License.
  
  keepalivedmonitor_port : 64000
+
+hardened_services:
+  - docker
+  - haproxy
+  - kubelet
+  - kubelet_healthcheck
+  - mariadb
+  - nginx
+  - ntpd
+  - redis
diff --git a/roles/monitoring/tasks/harden_services.yml b/roles/monitoring/tasks/harden_services.yml

index 243538e..43576ca 100644 (file)
--- a/roles/monitoring/tasks/harden_services.yml
+++ b/roles/monitoring/tasks/harden_services.yml
@@ -11,9 +11,6 @@
  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  # See the License for the specific language governing permissions and
  # limitations under the License.
-- name: Define services to be hardened
-  set_fact:
-      hardened_services: [ ntpd ]
  
  - name: Create hardening hooks
    file:
author	Krisztian Lengyel <krisztian.lengyel@nokia.com>
	Tue, 17 Sep 2019 14:19:58 +0000 (10:19 -0400)
committer	Krisztian Lengyel <krisztian.lengyel@nokia.com>
	Tue, 17 Sep 2019 14:35:27 +0000 (10:35 -0400)
roles/monitoring/defaults/main.yaml		patch \| blob \| history
roles/monitoring/tasks/harden_services.yml		patch \| blob \| history