From: Krisztian Lengyel <krisztian.lengyel@nokia.com>
Date: Tue, 17 Sep 2019 14:19:58 +0000 (-0400)
Subject: Harden the resilience of main system services
X-Git-Url: https://gerrit.akraino.org/r/gitweb?p=ta%2Finfra-ansible.git;a=commitdiff_plain;h=918801bafc111903b7569bd9baa628a4fd2f0684

Harden the resilience of main system services

Change-Id: I0072986e8c697c1ebffaea67a06ba14b68d920b0
Signed-off-by: Krisztian Lengyel <krisztian.lengyel@nokia.com>
---

diff --git a/roles/monitoring/defaults/main.yaml b/roles/monitoring/defaults/main.yaml
index e535511..e6a3677 100644
--- a/roles/monitoring/defaults/main.yaml
+++ b/roles/monitoring/defaults/main.yaml
@@ -15,3 +15,13 @@
 # limitations under the License.
 
 keepalivedmonitor_port : 64000
+
+hardened_services:
+  - docker
+  - haproxy
+  - kubelet
+  - kubelet_healthcheck
+  - mariadb
+  - nginx
+  - ntpd
+  - redis
diff --git a/roles/monitoring/tasks/harden_services.yml b/roles/monitoring/tasks/harden_services.yml
index 243538e..43576ca 100644
--- a/roles/monitoring/tasks/harden_services.yml
+++ b/roles/monitoring/tasks/harden_services.yml
@@ -11,9 +11,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-- name: Define services to be hardened
-  set_fact:
-      hardened_services: [ ntpd ]
 
 - name: Create hardening hooks
   file: