Merge "Use new ansible-hardening role"

2017-06-12 21:40:19 +00:00 · 2017-06-12 21:40:19 +00:00 · 3f0d07b53c
commit 3f0d07b53c
parent c1b8393a2f 2798cf403c
7 changed files with 16 additions and 16 deletions
--- a/ansible-role-requirements.yml
+++ b/ansible-role-requirements.yml
@ -1,3 +1,7 @@
 - name: ansible-hardening
  scm: git
  src: https://git.openstack.org/openstack/ansible-hardening
  version: master
 - name: apt_package_pinning
  scm: git
  src: https://git.openstack.org/openstack/openstack-ansible-apt_package_pinning
@ -38,10 +42,6 @@
  scm: git
  src: https://git.openstack.org/openstack/openstack-ansible-memcached_server
  version: master
 - name: openstack-ansible-security
  scm: git
  src: https://git.openstack.org/openstack/openstack-ansible-security
  version: master
 - name: openstack_hosts
  scm: git
  src: https://git.openstack.org/openstack/openstack-ansible-openstack_hosts
--- a/deploy-guide/source/app-advanced-config-security.rst
+++ b/deploy-guide/source/app-advanced-config-security.rst
@ -5,7 +5,7 @@ Security hardening
 ==================
 OpenStack-Ansible automatically applies host security hardening configurations
-by using the `openstack-ansible-security`_ role. The role uses a version of the
+by using the `ansible-hardening`_ role. The role uses a version of the
 `Security Technical Implementation Guide (STIG)`_ that has been adapted for
 Ubuntu 14.04 and OpenStack.
@ -33,6 +33,6 @@ audit an environment by using a playbook supplied with OpenStack-Ansible:
 For more information about the security configurations, see the
 `OpenStack-Ansible host security`_ hardening documentation.
-.. _openstack-ansible-security: http://docs.openstack.org/developer/openstack-ansible-security/
+.. _ansible-hardening: http://docs.openstack.org/developer/ansible-hardening/
 .. _Security Technical Implementation Guide (STIG): https://en.wikipedia.org/wiki/Security_Technical_Implementation_Guide
-.. _OpenStack-Ansible host security: http://docs.openstack.org/developer/openstack-ansible-security/
+.. _OpenStack-Ansible host security: http://docs.openstack.org/developer/ansible-hardening/
--- a/deploy-guide/source/app-security.rst
+++ b/deploy-guide/source/app-security.rst
@ -58,7 +58,7 @@ to all deployments. The role has been carefully designed to perform as follows:
 For more information about configuring the role in OpenStack-Ansible, see
 :ref:`security_hardening`.
-.. _security hardening role: http://docs.openstack.org/developer/openstack-ansible-security/
+.. _security hardening role: http://docs.openstack.org/developer/ansible-hardening/
 .. _Security Technical Implementation Guide: https://en.wikipedia.org/wiki/Security_Technical_Implementation_Guide
 .. _Defense Information Systems Agency: http://www.disa.mil/
 .. _Payment Card Industry Data Security Standard: https://www.pcisecuritystandards.org/pci_security/
--- a/group_vars/all/all.yml
+++ b/group_vars/all/all.yml
@ -94,11 +94,11 @@ openrc_os_domain_name: "Default"
 openrc_region_name: "{{ service_region }}"
 ## Host security hardening
-# The openstack-ansible-security role provides security hardening for hosts
+# The ansible-hardening role provides security hardening for hosts
 # by applying security configurations from the STIG. Hardening is enabled by
 # default, but an option to opt out is available by setting the following
 # variable to 'false'.
-# Docs: http://docs.openstack.org/developer/openstack-ansible-security/
+# Docs: http://docs.openstack.org/developer/ansible-hardening/
 apply_security_hardening: true
 ## Ansible ssh configuration
--- a/group_vars/hosts.yml
+++ b/group_vars/hosts.yml
@ -21,7 +21,7 @@ security_package_state: "{{ package_state }}"
 # Disable /etc/hosts management if unbound DNS resolution containers exist
 openstack_host_manage_hosts_file: "{{ groups['unbound'] is not defined or groups['unbound'] | length < 1 }}"
-# Use the RHEL 7 STIG content from the openstack-ansible-security role
+# Use the RHEL 7 STIG content from the ansible-hardening role
 stig_version: rhel7
 # Temporarily avoid putting SELinux into enforcing mode on CentOS 7 until some
--- a/playbooks/security-hardening.yml
+++ b/playbooks/security-hardening.yml
@ -22,7 +22,7 @@
  gather_facts: "{{ gather_facts | default(True) }}"
  user: root
  roles:
-    - role: "openstack-ansible-security"
+    - role: "ansible-hardening"
      when: apply_security_hardening | bool
  environment: "{{ deployment_environment_variables | default({}) }}"
  tags:
--- a/tests/get-ansible-role-requirements.yml
+++ b/tests/get-ansible-role-requirements.yml
@ -91,11 +91,11 @@
      copy:
        content: |
          clonemap:
-            - name: 'openstack/openstack-ansible-security'
+            - name: 'openstack/ansible-hardening'
-              dest: '{{ role_path_default }}/openstack-ansible-security'
+              dest: '{{ role_path_default }}/ansible-hardening'
-            - name: 'openstack/openstack-ansible-(?!security)(.*)'
+            - name: 'openstack/openstack-ansible-(.*)'
              dest: '{{ role_path_default }}/\1'
-            - name: 'openstack/(?!openstack-ansible)(.*)'
+            - name: 'openstack/(?!(openstack-ansible|ansible-hardening))(.*)'
              dest: '/tmp/openstack/\1'
        dest: "/tmp/zuul-clonemap.yml"
      when: