This syncs most of the common files with the openstack-tests repository.
This effectively removes the Ubuntu 14.04 support from the Vagrantfile
as well as the RHEL6 STIG V-38496 workaround for it. This also removes
the now unused tests/vagrant.yml file and uses the tests/test.yml like
the upstream OpenStack CI does.
However, it doesn't sync the bindep.txt file since it doesn't quite
match what we have in the openstack-ansible-tests repository so the
shared one needs to be fixed first.
Finally, it adds a new doc/.gitignore file to exclude the generated
documentation file. This is necessary in order for the shared .gitignore
one to be used in the root of the repository.
Change-Id: Ia34979af9029ffb03fb525679356e6d9f3a039a6
This patch gets rid of the old "special notes" section that was a
dead-end in the documentation and replaces it with a brief header
followed by a dynamically-generated list of tag-specific
documentation. All of this sits underneath the "Hardening Domains"
section.
It also splits the "Deviations" documentation into its own section
because it's quite important for a deployer to review.
The patch also includes a link to video/slides from the Boston
Summit, which provided the latest updates for the project and some
background on how everything fits together.
Change-Id: I1a5e78733c301335fe1bcfcee36cc146d690b841
This patch updates the documentation and the sphinx extension to
write the docs for the RHEL 7 STIG content. The RHEL 7 content
is still hidden for now since it will be under active development
for a while.
Special note:
There are some typos in version 0.2 of the XML for the STIG and those
typos exist in the automatically generated documentation, too.
A new version of the STIG XML is due out very soon which should
correct these.
Implements: bp/security-rhel7-stig
Change-Id: I70dcebdd45ca65e5ae7734c19ee8523fba581e18
With the upcoming changes to rebase onto the RHEL 7 STIG controls,
there needs to be a new solution for documentation that is easier
to manage and filter. This patch automates the generation of the STIG
control documentation in the following way:
* A Sphinx extension runs early in the doc build process that writes
all of the individual STIG control docs as well as ToC pages.
* ToC pages are now sorted by severity, tag, and implementation status.
* A giant listing of controls is easier to navigate now.
* Docs are generated from metadata in the /doc/metadata directory. New
documentation only needs to be added there. (Will explain this in
the developer notes in a subsequent patch.)
Implements: blueprint security-rhel7-stig
Change-Id: I455af1121049f52193e98e2c9cb1ba5d4c292386
This role contains around 150 controls from the 270+ controls that exist
in the RHEL 6 STIG. New controls are still being added.
Implements: blueprint security-hardening
Change-Id: I0578f86bf42d55242bc72b97b40a5935a3cb18d6