Red Hat SummitCe contenu n'est pas disponible dans la langue sélectionnée.
Chapter 1. Introduction to hardening Ansible Automation Platform
Use the following guidance to improve the security posture (referred to as “hardening”) of your Red Hat Ansible Automation Platform deployment on Red Hat Enterprise Linux.
Hardening guidance for the following deployments is not provided:
- Other deployment targets for Ansible Automation Platform, such as OpenShift.
- Ansible Automation Platform managed services available through cloud service provider marketplaces.
Use the following guidance to harden the Ansible Automation Platform security posture during the planning, architecture, installation, initial configuration, and Day 2 operations phases. When running Ansible Automation Platform on Red Hat Enterprise Linux, you must also apply the relevant Red Hat Enterprise Linux hardening configurations that affect automation platform components. Additional considerations with regards to the DISA STIGs for Red Hat Enterprise Linux are provided for those organizations that integrate the DISA STIGs as a part of their overall security strategy.
These recommendations do not guarantee security or compliance of your deployment of Ansible Automation Platform. You must assess security from the unique requirements of your organization to address specific threats and risks and balance these against implementation factors.
1.1. Audience
Use the following guidance to install, configure, and maintain Ansible Automation Platform 2.6 on Red Hat Enterprise Linux, and to perform related security operations and compliance assessments.
1.2. Overview of Ansible Automation Platform
Ansible is an open source, command-line IT automation software application written in Python. You can use Ansible to configure systems, deploy software, and orchestrate advanced workflows to support application deployment, system updates, and more.
Ansible’s main strengths are simplicity and ease of use. It also has a strong focus on security and reliability, featuring minimal moving parts. It uses secure, well-known communication protocols such SSH, HTTPS, and WinRM for transport and uses a human-readable language that is designed for getting started quickly without extensive training.
Ansible Automation Platform enhances the Ansible language with enterprise-class features, such as Role-Based Access Controls (RBAC), centralized logging and auditing, credential management, job scheduling, and complex automation workflows. With Ansible Automation Platform you get certified content from our robust partner ecosystem; added security; reporting, analytics, and life cycle technical support to scale automation across your organization. Ansible Automation Platform simplifies the development and operation of automation workloads for managing enterprise application infrastructure life cycles. It works across multiple IT domains including operations, networking, security, and development, across diverse hybrid environments.
1.2.1. Red Hat Ansible Automation Platform deployment methods
There are three different installation methods for Ansible Automation Platform:
- RPM-based on Red Hat Enterprise Linux
- Container-based on Red Hat Enterprise Linux
- Operator-based on Red Hat OpenShift Container Platform
Guidance is provided for hardening Ansible Automation Platform when using RPM-based or container-based installation.
Using the container-based installation method for new deployments is recommended, as the RPM-based installation program has been deprecated.
Hardening guidance for operator-based deployments is not provided.
1.2.2. Ansible Automation Platform components
Ansible Automation Platform is a modular platform composed of separate components that can be connected together, including automation controller, platform gateway, automation hub, and Event-Driven Ansible controller.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}