diff --git a/tests/roles/bootstrap-host/tasks/prepare_aio_config.yml b/tests/roles/bootstrap-host/tasks/prepare_aio_config.yml
index c9f721556b..a2810a42d3 100644
--- a/tests/roles/bootstrap-host/tasks/prepare_aio_config.yml
+++ b/tests/roles/bootstrap-host/tasks/prepare_aio_config.yml
@@ -188,6 +188,9 @@
     - src: user_variables_horizon.yml.j2
       dest: user_variables_horizon.yml
       condition: "{{ 'horizon' in bootstrap_host_scenarios }}"
+    - src: user_variables_hardening.yml.j2
+      dest: user_variables_hardening.yml
+      condition: "{{ 'hardening' in bootstrap_host_scenarios_expanded }}"
 
 - name: Copy modified cinder-volume env.d file for ceph scenario
   copy:
diff --git a/tests/roles/bootstrap-host/templates/user_variables_hardening.yml.j2 b/tests/roles/bootstrap-host/templates/user_variables_hardening.yml.j2
new file mode 100644
index 0000000000..afdd37e458
--- /dev/null
+++ b/tests/roles/bootstrap-host/templates/user_variables_hardening.yml.j2
@@ -0,0 +1,29 @@
+---
+
+security_disable_account_if_password_expires: yes
+security_enable_firewalld: yes
+security_pwquality_apply_rules: yes
+security_enable_pwquality_password_set: yes
+security_lock_session: yes
+security_pwquality_require_minimum_password_length: yes
+security_package_clean_on_remove: yes
+security_pam_faillock_enable: yes
+security_password_remember_password: 5
+security_reset_perm_ownership: yes
+security_require_grub_authentication: yes
+security_rhel7_automatic_package_updates: yes
+security_rhel7_initialize_aide: yes
+security_rhel7_remove_shosts_files: yes
+security_search_for_invalid_owner: yes
+security_search_for_invalid_group_owner: yes
+security_set_home_directory_permissions_and_owners: yes
+security_set_minimum_password_lifetime: yes
+security_unattended_upgrades_enabled: yes
+security_unattended_upgrades_notifications: yes
+# NOTE(mhayden): clamav is only available if EPEL is installed. There needs
+# to be some work done to figure out how to install EPEL for use with
+# this role without causing disruptions on the system.
+security_enable_virus_scanner: no
+security_run_virus_scanner_update: no
+# Enable the contrib tasks.
+security_contrib_enabled: yes
diff --git a/zuul.d/playbooks/pre-gate-scenario.yml b/zuul.d/playbooks/pre-gate-scenario.yml
index 4dcb2e49fc..f3ba8901f8 100644
--- a/zuul.d/playbooks/pre-gate-scenario.yml
+++ b/zuul.d/playbooks/pre-gate-scenario.yml
@@ -41,6 +41,14 @@
           {%     set role_service_name = zuul.project.short_name |
                                        regex_replace('^openstack-ansible-os_(.*)$', '\\1')
           %}
+          {%   elif zuul.project.short_name is match('^ansible-role-(.*)$') %}
+          {%     set role_service_name = zuul.project.short_name |
+                                       regex_replace('^ansible-role-(.*)$', '\\1')
+          %}
+          {%   elif zuul.project.short_name == 'ansible-hardening' %}
+          {%     set role_service_name = 'hardening' %}
+          {%   endif %}
+          {%   if role_service_name is defined %}
           {%     set _ = _scenario.append(role_service_name) %}
           {#     Add special scenarios based on the project name #}
           {%     if role_service_name in scenario_map %}
@@ -58,6 +66,10 @@
           %}
           {%     endif%}
           {%   endfor %}
+          {# Hardening role is special as our regular filters don't work for it #}
+          {%   if zuul.project.short_name == 'ansible-hardening' %}
+          {%     set _ = _scenario.append('hardening') %}
+          {%   endif %}
           {% endif %}
           {{ _scenario | join('_') }}
       when: