openstack/openstack-ansible-ops
Code Issues Proposed changes

Remove hardening from leap upgrades

Browse Source 
In order to reduce time to run and avoid complexities
from older environments that may have specific
requirements or devations from recommended practices,
disable the hardening play during the leap upgrades.

If security-hardening is desired, the recommendation for operators
is to run hardening after the upgrade has completed.

Change-Id: I85865a39e84e65ac211c1077f484bf008673c840
This commit is contained in:
Antony Messerli 2018-08-06 15:07:14 -05:00
parent ca23f9a987
commit 852e0329a7
1 changed files with 0 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
leap-upgrades/re-deploy.sh
View File

@ -52,13 +52,6 @@ fi
# Setup Hosts
RUN_TASKS+=("openstack-hosts-setup.yml -e redeploy_rerun=true")
# Run the security-hardening playbook in redeployment
if [[ -n "${SKIP_HARDENING_TAGS}" ]]; then
RUN_TASKS+=("security-hardening.yml --skip-tags=${SKIP_HARDENING_TAGS}")
else
RUN_TASKS+=("security-hardening.yml")
fi
# Ensure the same pip everywhere, even if requirement met or above
RUN_TASKS+=("${UPGRADE_UTILS}/pip-unify.yml -e release_version=\"${NEWTON_RELEASE}\"")