summaryrefslogtreecommitdiffstats
path: root/ansible/cpu_pin_teardown.yaml
blob: 7647eebdbe78ae0731944baf6b1a1e31f0f6a437 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

---
##############################################################################
# Copyright (c) 2017 Huawei Technologies Co.,Ltd and others.
#
# All rights reserved. This program and the accompanying materials
# are made available under the terms of the Apache License, Version 2.0
# which accompanies this distribution, and is available at
# http://www.apache.org/licenses/LICENSE-2.0
##############################################################################

- hosts: compute
  roles:
      - vcpu_pin_set_reset
      - restart_nova_compute

- hosts: controller
  roles:
      - scheduler_default_filters_reset
      - restart_nova_scheduler

- hosts: localhost
  roles:
      - cpu_pin_local_teardown
Literal.String.Interpol */ .highlight .sx { color: #22bb22; background-color: #f0fff0 } /* Literal.String.Other */ .highlight .sr { color: #008800; background-color: #fff0ff } /* Literal.String.Regex */ .highlight .s1 { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Single */ .highlight .ss { color: #aa6600; background-color: #fff0f0 } /* Literal.String.Symbol */ .highlight .bp { color: #003388 } /* Name.Builtin.Pseudo */ .highlight .fm { color: #0066bb; font-weight: bold } /* Name.Function.Magic */ .highlight .vc { color: #336699 } /* Name.Variable.Class */ .highlight .vg { color: #dd7700 } /* Name.Variable.Global */ .highlight .vi { color: #3333bb } /* Name.Variable.Instance */ .highlight .vm { color: #336699 } /* Name.Variable.Magic */ .highlight .il { color: #0000DD; font-weight: bold } /* Literal.Number.Integer.Long */ } 
Requirements references related to OPNFV Audit

------------------
Source information
------------------

http://www.etsi.org/deliver/etsi_gs/NFV-INF/001_099/003/01.01.01_60/gs_NFV-INF003v010101p.pdf
http://www.etsi.org/deliver/etsi_gs/NFV-INF/001_099/004/01.01.01_60/gs_NFV-INF004v010101p.pdf

* ETSI GS NFV-SEC 003 V1.1.1 (2014-12)

  - Network Functions Virtualisation NFV);
  - NFV Security; Security and Trust Guidance
  - NFV-SEC-003_.


.. _NFV-SEC-003: http://www.etsi.org/deliver/etsi_gs/NFV-SEC/001_099/003/01.01.01_60/gs_NFV-SEC003v010101p.pdf
* ETSI GS NFV 004 V1.1.1 (2013-10)

  - Network Functions Virtualisation (NFV);
  - Virtualisation Requirements
  - NFV-SEC-004_.

.. _NFV-SEC-004: http://www.etsi.org/deliver/etsi_gs/NFV/001_099/004/01.01.01_60/gs_NFV004v010101p.pdf

Requirements on Auditing framework
----------------------------------

Audit records shall be maintained within protected binary logs so that the record of
malicious actions cannot be deleted from the logs.

Necessary auditable events
--------------------------

* access control management

  - Adding a user account
  - Modifying user account
  - Deleting a user account
  - login event
  - logout event
  - IP whitelisting update
  - IP blacklisting update

* VNFC Creation

  - The instantiation of a newly-defined VNFC
  - The instantiation of a VNFC with pre-configured state
  - The cloning of an existing VNFC

* VNFC Deletion

  - The deletion of VNFC and of all of its instances (e.g. snapshots, backups, archives, cloned images)

* Software management

  - patching e.g. opreating system, drivers, VM components
  - dynamic updates to the configuration e.g. DNS, DHCP
  - application software updates
  - software component updates

* Data management

  - Root level access to NFVI file system
  - User level access to NFVI file system
  - Secured wipe, disk and memory
  - Verified destruction
  - Certificate revocation

* VNFC Migration

  - VNFC original host identity
  - VNFC target host identity
  - high availability
  - recovery
  - data-in-motion changes

* Other VNFC Operational State Changes

  - Hibernation, sleep, resumption, abort, restore, suspension
  - Power-on and power-off (either physical or virtual)
  - Integrity verification failure, crash and OS compromise

* VNFC Topology Changes

  - Network IP address and VLAN updates
  - Service chaining
  - Failover and disaster recovery

* traffic inspection

  - enabling virtual port mirroring
  - enabling hypervisor introspection
  - enabling in-line traffic inspection
  - application insertion

* initial provisioning of a public/private key pair

  - Self-generation of key pairs for later validation by an external party:

     - Certificate Authority
     - VNFM

  - Provision by trusted party

     - network
     - storage

  - Injection by hypervisor