From 918801bafc111903b7569bd9baa628a4fd2f0684 Mon Sep 17 00:00:00 2001
From: Krisztian Lengyel <krisztian.lengyel@nokia.com>
Date: Tue, 17 Sep 2019 10:19:58 -0400
Subject: [PATCH] Harden the resilience of main system services

Change-Id: I0072986e8c697c1ebffaea67a06ba14b68d920b0
Signed-off-by: Krisztian Lengyel <krisztian.lengyel@nokia.com>
---
 roles/monitoring/defaults/main.yaml        | 10 ++++++++++
 roles/monitoring/tasks/harden_services.yml |  3 ---
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/roles/monitoring/defaults/main.yaml b/roles/monitoring/defaults/main.yaml
index e535511..e6a3677 100644
--- a/roles/monitoring/defaults/main.yaml
+++ b/roles/monitoring/defaults/main.yaml
@@ -15,3 +15,13 @@
 # limitations under the License.
 
 keepalivedmonitor_port : 64000
+
+hardened_services:
+  - docker
+  - haproxy
+  - kubelet
+  - kubelet_healthcheck
+  - mariadb
+  - nginx
+  - ntpd
+  - redis
diff --git a/roles/monitoring/tasks/harden_services.yml b/roles/monitoring/tasks/harden_services.yml
index 243538e..43576ca 100644
--- a/roles/monitoring/tasks/harden_services.yml
+++ b/roles/monitoring/tasks/harden_services.yml
@@ -11,9 +11,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-- name: Define services to be hardened
-  set_fact:
-      hardened_services: [ ntpd ]
 
 - name: Create hardening hooks
   file:
-- 
2.16.6