Merge "Use new ansible-hardening role" into stable/ocata

openstack · Jun 19, 2017 · b409c00 · b409c00
2 parents ac7b481 + 8b6cc5f
commit b409c00
Show file tree

Hide file tree

Showing 5 changed files with 10 additions and 10 deletions.
diff --git a/ansible-role-requirements.yml b/ansible-role-requirements.yml
@@ -1,3 +1,7 @@
+- name: ansible-hardening
+  scm: git
+  src: https://git.openstack.org/openstack/ansible-hardening
+  version: f215c22768248021d38d121a86721d842f419031
 - name: apt_package_pinning
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-apt_package_pinning
@@ -38,10 +42,6 @@
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-memcached_server
   version: 5363432f58334823f7e6c6c88617bb908ca48359
-- name: openstack-ansible-security
-  scm: git
-  src: https://git.openstack.org/openstack/openstack-ansible-security
-  version: 428bce5c4d3fc88cd1e257753923d589f89ff6c7
 - name: openstack_hosts
   scm: git
   src: https://git.openstack.org/openstack/openstack-ansible-openstack_hosts

diff --git a/deploy-guide/source/app-advanced-config-security.rst b/deploy-guide/source/app-advanced-config-security.rst
@@ -5,7 +5,7 @@ Security hardening
 ==================
 
 OpenStack-Ansible automatically applies host security hardening configurations
-by using the `openstack-ansible-security`_ role. The role uses a version of the
+by using the `ansible-hardening`_ role. The role uses a version of the
 `Security Technical Implementation Guide (STIG)`_ that has been adapted for
 Ubuntu 14.04 and OpenStack.
 
@@ -33,6 +33,6 @@ audit an environment by using a playbook supplied with OpenStack-Ansible:
 For more information about the security configurations, see the
 `OpenStack-Ansible host security`_ hardening documentation.
 
-.. _openstack-ansible-security: http://docs.openstack.org/developer/openstack-ansible-security/
+.. _ansible-hardening: http://docs.openstack.org/developer/ansible-hardening/
 .. _Security Technical Implementation Guide (STIG): https://en.wikipedia.org/wiki/Security_Technical_Implementation_Guide
-.. _OpenStack-Ansible host security: http://docs.openstack.org/developer/openstack-ansible-security/
+.. _OpenStack-Ansible host security: http://docs.openstack.org/developer/ansible-hardening/
diff --git a/deploy-guide/source/app-security.rst b/deploy-guide/source/app-security.rst
@@ -58,7 +58,7 @@ to all deployments. The role has been carefully designed to perform as follows:
 For more information about configuring the role in OpenStack-Ansible, see
 :ref:`security_hardening`.
 
-.. _security hardening role: http://docs.openstack.org/developer/openstack-ansible-security/
+.. _security hardening role: http://docs.openstack.org/developer/ansible-hardening/
 .. _Security Technical Implementation Guide: https://en.wikipedia.org/wiki/Security_Technical_Implementation_Guide
 .. _Defense Information Systems Agency: http://www.disa.mil/
 .. _Payment Card Industry Data Security Standard: https://www.pcisecuritystandards.org/pci_security/

diff --git a/playbooks/inventory/group_vars/hosts.yml b/playbooks/inventory/group_vars/hosts.yml
@@ -21,7 +21,7 @@ security_package_state: "{{ package_state }}"
 # Disable /etc/hosts management if unbound DNS resolution containers exist
 openstack_host_manage_hosts_file: "{{ groups['unbound'] is not defined or groups['unbound'] | length < 1 }}"
 
-# Use the RHEL 7 STIG content from the openstack-ansible-security role
+# Use the RHEL 7 STIG content from the ansible-hardening role
 stig_version: rhel7
 
 # Temporarily avoid putting SELinux into enforcing mode on CentOS 7 until some

diff --git a/playbooks/security-hardening.yml b/playbooks/security-hardening.yml
@@ -22,7 +22,7 @@
   gather_facts: "{{ gather_facts | default(True) }}"
   user: root
   roles:
-    - role: "openstack-ansible-security"
+    - role: "ansible-hardening"
       when: apply_security_hardening | bool
   environment: "{{ deployment_environment_variables | default({}) }}"
   tags: