Docs: Fix rendering of :orphan:

This patch removes the ``:orphan:`` docinfo from the documentation and instead adds the orphaned docs into the ``exclude_pattern`` configuration option. There's a bug that causes the tag to actually get rendered in the docs when those docs are brought in via an include. Backport-of: Iacce8f5bfd9a629117564938bbb376bf5abcec31 Change-Id: I815070d1de924c9c4ec7c21098acb6c52baac3b8
openstack-archive · Jun 27, 2016 · 38b512e · 38b512e
1 parent b79214c
commit 38b512e
Show file tree

Hide file tree

Showing 489 changed files with 7 additions and 980 deletions.
diff --git a/doc/source/conf.py b/doc/source/conf.py
@@ -74,7 +74,10 @@
 
 # List of patterns, relative to source directory, that match files and
 # directories to ignore when looking for source files.
-exclude_patterns = []
+exclude_patterns = [
+    'developer-notes/*.rst',
+    'stig-notes/*.rst'
+]
 
 # The reST default role (used for this markup: `text`) to use for all
 # documents.

diff --git a/doc/source/developer-notes/V-38437.rst b/doc/source/developer-notes/V-38437.rst
@@ -1,5 +1,3 @@
-:orphan:
-
 If ``autofs`` is installed, it will be disabled by Ansible tasks. To opt-out
 of this change, adjust the following variable:
 

diff --git a/doc/source/developer-notes/V-38438.rst b/doc/source/developer-notes/V-38438.rst
@@ -1,5 +1,3 @@
-:orphan:
-
 **Exception**
 
 Adjusting the bootloader configuration can cause issues with reboots and this

diff --git a/doc/source/developer-notes/V-38439.rst b/doc/source/developer-notes/V-38439.rst
@@ -1,5 +1,3 @@
-:orphan:
-
 **Exception**
 
 Although adding centralized authentication and carefully managing user

diff --git a/doc/source/developer-notes/V-38443.rst b/doc/source/developer-notes/V-38443.rst
@@ -1,5 +1,3 @@
-:orphan:
-
 The Ansible tasks will ensure that ``/etc/gshadow`` is owned by root. This is
 the default in Ubuntu 14.04 already, but the tasks will ensure that the
 permissions match the STIG requirements in case they were changed by other

diff --git a/doc/source/developer-notes/V-38444.rst b/doc/source/developer-notes/V-38444.rst
@@ -1,5 +1,3 @@
-:orphan:
-
 **Exception**
 
 See V-38551 for additional details. IPv6 configuration and filtering is left

diff --git a/doc/source/developer-notes/V-38445.rst b/doc/source/developer-notes/V-38445.rst
@@ -1,5 +1,3 @@
-:orphan:
-
 Although audit log files are owned by the root user and group by default
 in Ubuntu 14.04, the Ansible task for V-38445 will ensure that they are
 configured as such.
diff --git a/doc/source/developer-notes/V-38446.rst b/doc/source/developer-notes/V-38446.rst
@@ -1,5 +1,3 @@
-:orphan:
-
 Forwarding root's email to another user is highly recommended, but the Ansible
 tasks won't configure an email address to receive root's email unless that
 email address is configured. Set ``root_forward_email`` to an email address

diff --git a/doc/source/developer-notes/V-38447.rst b/doc/source/developer-notes/V-38447.rst
@@ -1,5 +1,3 @@
-:orphan:
-
 **Exception**
 
 Verifying contents of files installed from packages is more difficult in

diff --git a/doc/source/developer-notes/V-38448.rst b/doc/source/developer-notes/V-38448.rst
@@ -1,4 +1,2 @@
-:orphan:
-
 Although the ``/etc/gshadow`` file is group-owned by root by default, the
 Ansible tasks will ensure that it is configured that way.
diff --git a/doc/source/developer-notes/V-38449.rst b/doc/source/developer-notes/V-38449.rst
@@ -1,4 +1,2 @@
-:orphan:
-
 The ``/etc/gshadow`` file's permissions will be changed to ``0000`` to meet
 the requirements of the STIG.
diff --git a/doc/source/developer-notes/V-38450.rst b/doc/source/developer-notes/V-38450.rst
@@ -1,3 +1 @@
-:orphan:
-
 The ownership of ``/etc/passwd`` will be changed to root.
diff --git a/doc/source/developer-notes/V-38451.rst b/doc/source/developer-notes/V-38451.rst
@@ -1,3 +1 @@
-:orphan:
-
 The group ownership for ``/etc/passwd`` will be set to root.
diff --git a/doc/source/developer-notes/V-38452.rst b/doc/source/developer-notes/V-38452.rst
@@ -1,5 +1,3 @@
-:orphan:
-
 **Exception**
 
 Verifying permissions of installed packages isn't possible in the current

diff --git a/doc/source/developer-notes/V-38453.rst b/doc/source/developer-notes/V-38453.rst
@@ -1,5 +1,3 @@
-:orphan:
-
 **Exception**
 
 Verifying ownership of installed packages isn't possible in the current

diff --git a/doc/source/developer-notes/V-38454.rst b/doc/source/developer-notes/V-38454.rst
@@ -1,5 +1,3 @@
-:orphan:
-
 **Exception**
 
 Verifying ownership of installed packages isn't possible in the current

diff --git a/doc/source/developer-notes/V-38455.rst b/doc/source/developer-notes/V-38455.rst
@@ -1,5 +1,3 @@
-:orphan:
-
 **Exception**
 
 Configuring another mount for ``/tmp`` can disrupt a running system and this

diff --git a/doc/source/developer-notes/V-38456.rst b/doc/source/developer-notes/V-38456.rst
@@ -1,5 +1,3 @@
-:orphan:
-
 **Exception**
 
 Configuring another mount for ``/var`` can disrupt a running system and this

diff --git a/doc/source/developer-notes/V-38457.rst b/doc/source/developer-notes/V-38457.rst
@@ -1,3 +1 @@
-:orphan:
-
 The permissions for ``/etc/passwd`` will be set to ``0644``.
diff --git a/doc/source/developer-notes/V-38458.rst b/doc/source/developer-notes/V-38458.rst
@@ -1,4 +1,2 @@
-:orphan:
-
 The Ansible task will ensure that the ``/etc/group`` file is owned by the root
 user.
diff --git a/doc/source/developer-notes/V-38459.rst b/doc/source/developer-notes/V-38459.rst
@@ -1,3 +1 @@
-:orphan:
-
-The tasks in file_perms.yml will ensure that "/etc/group" is owned by the root account.
+The tasks in file_perms.yml will ensure that ``/etc/group`` is owned by the root account.
diff --git a/doc/source/developer-notes/V-38460.rst b/doc/source/developer-notes/V-38460.rst
@@ -1,5 +1,3 @@
-:orphan:
-
 The Ansible tasks will check for ``all_squash`` in ``/etc/exports`` (if it is
 present). If found, a warning message will be printed. No configuration
 changes will be made since neither Ubuntu or openstack-ansible configures

diff --git a/doc/source/developer-notes/V-38461.rst b/doc/source/developer-notes/V-38461.rst
@@ -1,4 +1,2 @@
-:orphan:
-
 Ubuntu sets the mode of ``/etc/group`` to ``0644`` by default and the Ansible
 task will ensure that it is current set to those permissions.
diff --git a/doc/source/developer-notes/V-38462.rst b/doc/source/developer-notes/V-38462.rst
@@ -1,5 +1,3 @@
-:orphan:
-
 Ubuntu checks packages against GPG signatures by default.  It can be turned
 off for all package installations by a setting in /etc/apt/apt.conf.d/ and we
 search for that in the Ansible task.  A warning is printed if the

diff --git a/doc/source/developer-notes/V-38463.rst b/doc/source/developer-notes/V-38463.rst
@@ -1,5 +1,3 @@
-:orphan:
-
 **Exception**
 
 Configuring a separate partition for ``/var/log`` is currently left up to the

diff --git a/doc/source/developer-notes/V-38464.rst b/doc/source/developer-notes/V-38464.rst
@@ -1,5 +1,3 @@
-:orphan:
-
 Ubuntu's default for ``disk_error_action`` is ``SUSPEND``, which actually
 only suspends audit logging. That could be a security issue, so ``SYSLOG``
 is recommended and is set by default by openstack-ansible-security.  There

diff --git a/doc/source/developer-notes/V-38465.rst b/doc/source/developer-notes/V-38465.rst
@@ -1,5 +1,3 @@
-:orphan:
-
 **Exception**
 
 Ubuntu 14.04 sets library files to have ``0755`` (or more restrictive)

diff --git a/doc/source/developer-notes/V-38466.rst b/doc/source/developer-notes/V-38466.rst
@@ -1,5 +1,3 @@
-:orphan:
-
 **Exception**
 
 As with V-38465, Ubuntu sets the ownership of library files to root by

diff --git a/doc/source/developer-notes/V-38467.rst b/doc/source/developer-notes/V-38467.rst
@@ -1,5 +1,3 @@
-:orphan:
-
 **Exception**
 
 Storing audit logs on a separate partition is recommended, but this change

diff --git a/doc/source/developer-notes/V-38468.rst b/doc/source/developer-notes/V-38468.rst
@@ -1,5 +1,3 @@
-:orphan:
-
 Ubuntu's default for ``disk_full_action`` is ``SUSPEND``, which actually
 only suspends audit logging. That could be a security issue, so ``SYSLOG``
 is recommended and is set by default by openstack-ansible-security. If syslog

diff --git a/doc/source/developer-notes/V-38469.rst b/doc/source/developer-notes/V-38469.rst
@@ -1,5 +1,3 @@
-:orphan:
-
 **Exception**
 
 Ubuntu sets the permissions for system commands to ``0755`` or less already.

diff --git a/doc/source/developer-notes/V-38470.rst b/doc/source/developer-notes/V-38470.rst
@@ -1,5 +1,3 @@
-:orphan:
-
 Ubuntu's default for ``space_left_action`` is ``SUSPEND``, which actually
 only suspends audit logging. That could be a security issue, so ``SYSLOG``
 is recommended and is set by default by openstack-ansible-security. If syslog

diff --git a/doc/source/developer-notes/V-38471.rst b/doc/source/developer-notes/V-38471.rst
@@ -1,5 +1,3 @@
-:orphan:
-
 An Ansible task will adjust ``active`` from `no` to `yes` in
 ``/etc/audisp/plugins.d/syslog.conf`` so that auditd records are forwarded to
 syslog automatically. The auditd daemon will be restarted if the configuration

diff --git a/doc/source/developer-notes/V-38472.rst b/doc/source/developer-notes/V-38472.rst
@@ -1,5 +1,3 @@
-:orphan:
-
 **Exception**
 
 Ubuntu sets system commands to be owned by root by default  Deployers are

diff --git a/doc/source/developer-notes/V-38473.rst b/doc/source/developer-notes/V-38473.rst
@@ -1,5 +1,3 @@
-:orphan:
-
 **Exception**
 
 Creating ``/home`` on a different partition is highly recommended but it is

diff --git a/doc/source/developer-notes/V-38474.rst b/doc/source/developer-notes/V-38474.rst
@@ -1,5 +1,3 @@
-:orphan:
-
 **Exception**
 
 The openstack-ansible roles don't install X by default, so there is no

diff --git a/doc/source/developer-notes/V-38475.rst b/doc/source/developer-notes/V-38475.rst
@@ -1,5 +1,3 @@
-:orphan:
-
 **Configuration required**
 
 Ubuntu 14.04 does not set a password length requirement by default. The STIG

diff --git a/doc/source/developer-notes/V-38476.rst b/doc/source/developer-notes/V-38476.rst
@@ -1,5 +1,3 @@
-:orphan:
-
 The STIG talks about yum having the RHN GPG keys installed, but this
 requirement has been adapted to check for the Ubuntu signing keys normally
 present in Ubuntu 14.04.

diff --git a/doc/source/developer-notes/V-38477.rst b/doc/source/developer-notes/V-38477.rst
@@ -1,5 +1,3 @@
-:orphan:
-
 **Configuration required**
 
 Ubuntu doesn't set a limitation on how frequently uses can change passwords.

diff --git a/doc/source/developer-notes/V-38478.rst b/doc/source/developer-notes/V-38478.rst
@@ -1,5 +1,3 @@
-:orphan:
-
 **Exception**
 
 Ubuntu doesn't use the Red Hat Network Service, so this requirement doesn't

diff --git a/doc/source/developer-notes/V-38479.rst b/doc/source/developer-notes/V-38479.rst
@@ -1,5 +1,3 @@
-:orphan:
-
 **Configuration required**
 
 Ubuntu doesn't set a limitation on the age of passwords.

diff --git a/doc/source/developer-notes/V-38480.rst b/doc/source/developer-notes/V-38480.rst
@@ -1,5 +1,3 @@
-:orphan:
-
 **Configuration required**
 
 After enabling password age limits in V-38479, be sure to configure

diff --git a/doc/source/developer-notes/V-38481.rst b/doc/source/developer-notes/V-38481.rst
@@ -1,5 +1,3 @@
-:orphan:
-
 **Exception**
 
 Operating system patching is left up to the deployer to configure based on

diff --git a/doc/source/developer-notes/V-38482.rst b/doc/source/developer-notes/V-38482.rst
@@ -1,5 +1,3 @@
-:orphan:
-
 **Exception**
 
 Password complexity requirements are left up to the deployer. Deployers are

diff --git a/doc/source/developer-notes/V-38483.rst b/doc/source/developer-notes/V-38483.rst
@@ -1,5 +1,3 @@
-:orphan:
-
 The Ansible task for V-38462 already checks for apt configurations that would
 disable any GPG checks when installing packages. However, it's possible for
 the root user to override these configurations via command line parameters.
diff --git a/doc/source/developer-notes/V-38484.rst b/doc/source/developer-notes/V-38484.rst
@@ -1,5 +1,3 @@
-:orphan:
-
 Ubuntu 14.04 already enables the display of the last successful login for a
 user immediately after login.  An Ansible task ensures this setting is
 applied and restarts the ssh daemon if necessary.
diff --git a/doc/source/developer-notes/V-38486.rst b/doc/source/developer-notes/V-38486.rst
@@ -1,5 +1,3 @@
-:orphan:
-
 **Exception**
 
 System backups are left to the deployer to configure. Deployers are stringly

diff --git a/doc/source/developer-notes/V-38487.rst b/doc/source/developer-notes/V-38487.rst
@@ -1,5 +1,3 @@
-:orphan:
-
 The Ansible task for V-38462 already checks for apt configurations that would
 disable any GPG checks when installing packages. However, it's possible for
 the root user to override these configurations via command line parameters.
diff --git a/doc/source/developer-notes/V-38488.rst b/doc/source/developer-notes/V-38488.rst
@@ -1,5 +1,3 @@
-:orphan:
-
 **Exception**
 
 System backups are left to the deployer to configure. Deployers are stringly

diff --git a/doc/source/developer-notes/V-38489.rst b/doc/source/developer-notes/V-38489.rst
@@ -1,3 +1 @@
-:orphan:
-
 The ``aide`` package will be installed by Ansible tasks.
diff --git a/doc/source/developer-notes/V-38490.rst b/doc/source/developer-notes/V-38490.rst
@@ -1,5 +1,3 @@
-:orphan:
-
 **Exception**
 
 Disabling the ``usb-storage`` module can add extra security, but it's not

diff --git a/doc/source/developer-notes/V-38491.rst b/doc/source/developer-notes/V-38491.rst
@@ -1,5 +1,3 @@
-:orphan:
-
 The Ansible task will check for the presence of ``/etc/hosts.equiv`` and
 ``/root/.rhosts``.  Both of those files could potentially be used with ``rsh``
 for host access, but ``rshd`` is not installed by default with Ubuntu 14.04

diff --git a/doc/source/developer-notes/V-38492.rst b/doc/source/developer-notes/V-38492.rst
@@ -1,4 +1,2 @@
-:orphan:
-
 The virtual consoles mentioned in V-38492 aren't used in Ubuntu 14.04 by
 default.
diff --git a/doc/source/developer-notes/V-38493.rst b/doc/source/developer-notes/V-38493.rst
@@ -1,5 +1,3 @@
-:orphan:
-
 Ubuntu 14.04 sets the mode of ``/var/log/audit/`` to ``0750`` by default. The
 Ansible task for this requirement ensures that the mode is ``0750`` (which
 is more strict than the STIG requirement).
diff --git a/doc/source/developer-notes/V-38494.rst b/doc/source/developer-notes/V-38494.rst
@@ -1,5 +1,3 @@
-:orphan:
-
 **Exception**
 
 Removing serial consoles from ``/etc/securetty`` can make troubleshooting

diff --git a/doc/source/developer-notes/V-38495.rst b/doc/source/developer-notes/V-38495.rst
@@ -1,4 +1,2 @@
-:orphan:
-
 The Ansible tasks will ensure that files in ``/var/log/audit`` are owned
 by the root user.
diff --git a/doc/source/developer-notes/V-38496.rst b/doc/source/developer-notes/V-38496.rst
@@ -1,5 +1,3 @@
-:orphan:
-
 **Exception**
 
 The Ansible tasks will check for default system accounts (other than root)

diff --git a/doc/source/developer-notes/V-38497.rst b/doc/source/developer-notes/V-38497.rst
@@ -1,5 +1,3 @@
-:orphan:
-
 Ubuntu 14.04 allows accounts with null passwords to authenticate via PAM by
 default. This STIG requires that those login attempts are blocked.
 

diff --git a/doc/source/developer-notes/V-38498.rst b/doc/source/developer-notes/V-38498.rst
@@ -1,5 +1,3 @@
-:orphan:
-
 Ubuntu and CentOS set the current audit log (the one that is actively being
 written to) to ``0600`` so that only the root user can read and write to it.
 The older, rotated logs are set to ``0400`` since they should not receive

diff --git a/doc/source/developer-notes/V-38499.rst b/doc/source/developer-notes/V-38499.rst
@@ -1,4 +1,2 @@
-:orphan:
-
 The Ansible task will search for password hashes in ``/etc/passwd`` using
 awk and report a failure if any are found.
diff --git a/doc/source/developer-notes/V-38500.rst b/doc/source/developer-notes/V-38500.rst
@@ -1,5 +1,3 @@
-:orphan:
-
 The Ansible tasks will search for accounts in ``/etc/passwd`` that have UID 0
 that aren't the normal root account. If any matching accounts are found, a
 warning is printed to stdout and the Ansible play will fail.

diff --git a/doc/source/developer-notes/V-38501.rst b/doc/source/developer-notes/V-38501.rst
@@ -1,5 +1,3 @@
-:orphan:
-
 **Exception and opt-in alternative**
 
 Adjusting PAM configurations is very risky since it affects how all users

diff --git a/doc/source/developer-notes/V-38502.rst b/doc/source/developer-notes/V-38502.rst
@@ -1,4 +1,2 @@
-:orphan:
-
 Ubuntu 14.04 sets the user and group ownership of ``/etc/passwd`` to root by
 default. The Ansible task will ensure that the default is maintained.
diff --git a/doc/source/developer-notes/V-38503.rst b/doc/source/developer-notes/V-38503.rst
@@ -1,4 +1,2 @@
-:orphan:
-
 Ubuntu 14.04 sets the user and group ownership of ``/etc/passwd`` to root by
 default. The Ansible task will ensure that the default is maintained.
diff --git a/doc/source/developer-notes/V-38504.rst b/doc/source/developer-notes/V-38504.rst
@@ -1,5 +1,3 @@
-:orphan:
-
 Although Ubuntu 14.04's default for ``/etc/shadow`` is ``0640``, the STIG
 requires a mode of ``0000``. This doesn't affect how the system operates since
 root is the only user that should be able to read from and write to

diff --git a/doc/source/developer-notes/V-38511.rst b/doc/source/developer-notes/V-38511.rst
@@ -1,5 +1,3 @@
-:orphan:
-
 **Special Case**
 
 Running virtual infrastructure requires IP forwarding to be enabled on various

diff --git a/doc/source/developer-notes/V-38512.rst b/doc/source/developer-notes/V-38512.rst
@@ -1,5 +1,3 @@
-:orphan:
-
 **Exception**
 
 Although a minimal set of iptables rules are configured on openstack-ansible

diff --git a/doc/source/developer-notes/V-38514.rst b/doc/source/developer-notes/V-38514.rst
@@ -1,5 +1,3 @@
-:orphan:
-
 The Datagram Congestion Control Protocol (DCCP) must be disabled if it's not
 needed. Neither Ubuntu 14.04 or openstack-ansible utilizes this kernel
 module and the Ansible tasks will disable it by default.