Use new ansible-hardening role

The openstack-ansible-security role and repository is being phased out in favor of the ansible-hardening role. This patch adjusts all references of the old role to use the new name. Depends-On: I711aed6daf6391de71d3c2b47fbfc00fe6b66d9f Change-Id: I9cbdddde71fb0d71d8c412d3f62f0b0f6a241aee
2017-06-12 10:49:04 -05:00 · 2017-06-12 10:49:04 -05:00 · 2798cf403c
parent 0a0fc96583
commit 2798cf403c
7 changed files with 16 additions and 16 deletions
--- a/ansible-role-requirements.yml
+++ b/ansible-role-requirements.yml
@ -1,3 +1,7 @@
+- name: ansible-hardening
+  scm: git
+  src: https://git.openstack.org/openstack/ansible-hardening
+  version: master
 - name: apt_package_pinning
  scm: git
  src: https://git.openstack.org/openstack/openstack-ansible-apt_package_pinning
@ -38,10 +42,6 @@
  scm: git
  src: https://git.openstack.org/openstack/openstack-ansible-memcached_server
  version: master
- name: openstack-ansible-security
-  scm: git
-  src: https://git.openstack.org/openstack/openstack-ansible-security
-  version: master
 - name: openstack_hosts
  scm: git
  src: https://git.openstack.org/openstack/openstack-ansible-openstack_hosts
--- a/deploy-guide/source/app-advanced-config-security.rst
+++ b/deploy-guide/source/app-advanced-config-security.rst
@ -5,7 +5,7 @@ Security hardening
 ==================

 OpenStack-Ansible automatically applies host security hardening configurations
-by using the `openstack-ansible-security`_ role. The role uses a version of the
+by using the `ansible-hardening`_ role. The role uses a version of the
 `Security Technical Implementation Guide (STIG)`_ that has been adapted for
 Ubuntu 14.04 and OpenStack.

@ -33,6 +33,6 @@ audit an environment by using a playbook supplied with OpenStack-Ansible:
 For more information about the security configurations, see the
 `OpenStack-Ansible host security`_ hardening documentation.

-.. _openstack-ansible-security: http://docs.openstack.org/developer/openstack-ansible-security/
+.. _ansible-hardening: http://docs.openstack.org/developer/ansible-hardening/
 .. _Security Technical Implementation Guide (STIG): https://en.wikipedia.org/wiki/Security_Technical_Implementation_Guide
-.. _OpenStack-Ansible host security: http://docs.openstack.org/developer/openstack-ansible-security/
+.. _OpenStack-Ansible host security: http://docs.openstack.org/developer/ansible-hardening/
--- a/deploy-guide/source/app-security.rst
+++ b/deploy-guide/source/app-security.rst
@ -58,7 +58,7 @@ to all deployments. The role has been carefully designed to perform as follows:
 For more information about configuring the role in OpenStack-Ansible, see
 :ref:`security_hardening`.

-.. _security hardening role: http://docs.openstack.org/developer/openstack-ansible-security/
+.. _security hardening role: http://docs.openstack.org/developer/ansible-hardening/
 .. _Security Technical Implementation Guide: https://en.wikipedia.org/wiki/Security_Technical_Implementation_Guide
 .. _Defense Information Systems Agency: http://www.disa.mil/
 .. _Payment Card Industry Data Security Standard: https://www.pcisecuritystandards.org/pci_security/
--- a/group_vars/all/all.yml
+++ b/group_vars/all/all.yml
@ -94,11 +94,11 @@ openrc_os_domain_name: "Default"
 openrc_region_name: "{{ service_region }}"

 ## Host security hardening
-# The openstack-ansible-security role provides security hardening for hosts
+# The ansible-hardening role provides security hardening for hosts
 # by applying security configurations from the STIG. Hardening is enabled by
 # default, but an option to opt out is available by setting the following
 # variable to 'false'.
-# Docs: http://docs.openstack.org/developer/openstack-ansible-security/
+# Docs: http://docs.openstack.org/developer/ansible-hardening/
 apply_security_hardening: true

 ## Ansible ssh configuration
--- a/group_vars/hosts.yml
+++ b/group_vars/hosts.yml
@ -21,7 +21,7 @@ security_package_state: "{{ package_state }}"
 # Disable /etc/hosts management if unbound DNS resolution containers exist
 openstack_host_manage_hosts_file: "{{ groups['unbound'] is not defined or groups['unbound'] | length < 1 }}"

-# Use the RHEL 7 STIG content from the openstack-ansible-security role
+# Use the RHEL 7 STIG content from the ansible-hardening role
 stig_version: rhel7

 # Temporarily avoid putting SELinux into enforcing mode on CentOS 7 until some
--- a/playbooks/security-hardening.yml
+++ b/playbooks/security-hardening.yml
@ -22,7 +22,7 @@
  gather_facts: "{{ gather_facts | default(True) }}"
  user: root
  roles:
-    - role: "openstack-ansible-security"
+    - role: "ansible-hardening"
      when: apply_security_hardening | bool
  environment: "{{ deployment_environment_variables | default({}) }}"
  tags:
--- a/tests/get-ansible-role-requirements.yml
+++ b/tests/get-ansible-role-requirements.yml
@ -91,11 +91,11 @@
      copy:
        content: |
          clonemap:
-            - name: 'openstack/openstack-ansible-security'
-              dest: '{{ role_path_default }}/openstack-ansible-security'
-            - name: 'openstack/openstack-ansible-(?!security)(.*)'
+            - name: 'openstack/ansible-hardening'
+              dest: '{{ role_path_default }}/ansible-hardening'
+            - name: 'openstack/openstack-ansible-(.*)'
              dest: '{{ role_path_default }}/\1'
-            - name: 'openstack/(?!openstack-ansible)(.*)'
+            - name: 'openstack/(?!(openstack-ansible|ansible-hardening))(.*)'
              dest: '/tmp/openstack/\1'
        dest: "/tmp/zuul-clonemap.yml"
      when: