Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


  • Enables the docker service.
  • Adds vhost_vsock module to the kernel.
  • Installs the votp-taskset with its service.
  • Adds schedrt rules to the kernel.
  • Adds modules to the kernel specified by sriov_driver.
  • Adds sriov and workqueue_cpumask rules to the kernel.
  • Configures GRUB.
  • Configures irqbalance.
  • Configures systemd.
  • Configures slices of systemd.
  • Configures ovs-vswitchd service.
  • Installs ptp_status with its service.

Debian-hardening role

  • Create ansible and privileged group.
  • Configures parameters of the kernel.
  • Updates the coredump, kexec and binfmt_misc rules to the kernel.
  • Installs sysctl-hardening and network-hardening rules to the kernel.
  • Adds nf_conntrack module to the kernel.
  • Installs random-root-passwd service and enable it.
  • Installs mktmpdir and terminal_idle profile for a shell session.
  • Configures the SSH server.
  • Installs ANSI and ceph-osd-smartctl rules to sudo.
  • Adds users to priviliged groups.
  • Configures sudo to be run only users members of privileged group.
  • Configures login.defs.
  • Configures PAM.
  • Configures securetty.
  • Configures some services specified in hardened_services.
  • Uninstalls useless packages.
  • Disable useless services.
  • Sets a password to GRUB.
  • Installs audit configuration.

Corosync role

  • Regenerates the authentication key.
  • Synchronizes the key between the hosts.
  • Generates the configuration of corosync.