...
- Installs
python3-setup-ovs
(sources here) with its servicevotp-config_ovs
and enables it. - Installs
vm_manager
(sources here). - Installs
backup-restore
(sources here). - Installs script to get a console of a virtual machine.
- Configures
vim
. - Installs a SEAPATH resource agent
- Configures
syslog-ng
. If specified, installs certificates, keys and CA. - Configures the
libvirtd
andpacemaker
services. - Sets the
UID
andGID
to902
for the SNMP user. - Configures SNMP daemon and service. Installs scripts to get back the machine's status.
- Remove the
virtu
user if needed. - Installs sudo's fragment for the SNMP user.
- Configures the systemd's journal.
- Configures an admin user with its group and sudo's fragment.
- Adds a live-migration user.
- Configures Adds
panicreboot
andbridge_nf_call
rules to the kernel. - Adds
br_netfilter
andraid6_pq
modules to the kernel. - Configures
AppArmor
. - Configures the network with systemd.
- Configures the environment and the hosts.
- Configures the
hddtemp
. - Configures the package manager.
- Configures
libvirtd
. - Configures
GRUB
.
Hypervisor role
- Enables the
docker
service. - Adds
vhost_vsock
module to the kernel. - Installs the
votp-taskset
with its service. - Adds
schedrt
rules to the kernel. - Adds modules to the kernel specified by
sriov_driver
. - Adds
sriov
rule to the kernel. - Configures
GRUB
. - Configures
tuned
. - Configures
systemd
. - Configures
slices
ofsystemd
. - Configures
ovs-vswitchd
service. - Installs
ptp_status
with its service.
Debian-hardening role
- Create
ansible
andprivileged
group. - Configures parameters of the kernel.
- Updates the
coredump
,kexec
andbinfmt_misc
rules to the kernel. - Installs
sysctl-hardening
andnetwork-hardening
rules to the kernel. - Adds
nf_conntrack
module to the kernel. - Installs
random-root-passwd
service and enable it. - Installs
mktmpdir
andterminal_idle
profile for a shell session. - Configures the SSH server.
- Installs ANSI and
ceph-osd-smartctl
rules tosudo
. - Adds users to
priviliged
groups. - Configures
sudo
to be run only users members ofprivileged
group. - Configures
login.defs
. - Configures PAM.
- Configures
securetty
. - Configures some services specified in
hardened_services
. - Uninstalls useless packages.
- Disable useless services.
- Sets a password to
GRUB
. - Installs
audit
configuration.
Corosync role
- Regenerates the authentication key.
- Synchronizes the key between the hosts.
- Generates the configuration of
corosync
.