Add UEFI support for hardened images

This is not a cherry-pick, but a new commit, because the patch does not apply cleanly. It follows same structure but it is adapted to respect the elements and packages needed for queens version. Change-Id: I2cff0d6b195fcae07fba8b39552149b845f2e1c0
2018-10-31 10:54:57 +01:00 · 2018-10-31 10:54:57 +01:00 · 20ca41a739
parent 814bd2cf4b
commit 20ca41a739
3 changed files with 64 additions and 0 deletions
--- a/image-yaml/overcloud-hardened-images-uefi-centos7.yaml
+++ b/image-yaml/overcloud-hardened-images-uefi-centos7.yaml
@ -0,0 +1,9 @@
+disk_images:
+  -
+    imagename: overcloud-hardened-uefi-full
+    type: qcow2
+    distro: centos7
+    elements:
+      - selinux-permissive
+    packages:
+      - yum-plugin-priorities
--- a/image-yaml/overcloud-hardened-images-uefi-rhel7.yaml
+++ b/image-yaml/overcloud-hardened-images-uefi-rhel7.yaml
@ -0,0 +1,5 @@
+disk_images:
+  -
+    imagename: overcloud-hardened-uefi-full
+    type: qcow2
+    distro: rhel7
--- a/image-yaml/overcloud-hardened-images-uefi.yaml
+++ b/image-yaml/overcloud-hardened-images-uefi.yaml
@ -0,0 +1,50 @@
+disk_images:
+  -
+    imagename: overcloud-hardened-uefi-full
+    type: qcow2
+    elements:
+      - dhcp-all-interfaces
+      - openvswitch
+      - overcloud-agent
+      - overcloud-full
+      - overcloud-controller
+      - overcloud-compute
+      - overcloud-ceph-storage
+      - puppet-modules
+      - stable-interface-names
+      - bootloader
+      - element-manifest
+      - dynamic-login
+      - iptables
+      - enable-packages-install
+      - pip-and-virtualenv-override
+      - dracut-regenerate
+      - remove-machine-id
+      - remove-resolvconf
+      - modprobe-blacklist
+      - overcloud-secure-uefi
+    packages:
+      - ntp
+      - python-psutil
+      - python-debtcollector
+      - plotnetcfg
+      - sos
+      - device-mapper-multipath
+      - python-heat-agent-puppet
+      - python-heat-agent-hiera
+      - python-heat-agent-apply-config
+      - python-heat-agent-ansible
+      - python-heat-agent-docker-cmd
+      - python-heat-agent-json-file
+      - screen
+      - os-net-config
+      - jq
+    options:
+      - "--min-tmpfs=7"
+    environment:
+      DIB_PYTHON_VERSION: '2'
+      DIB_MODPROBE_BLACKLIST: 'usb-storage cramfs freevxfs jffs2 hfs hfsplus squashfs udf bluetooth'
+      DIB_BOOTLOADER_DEFAULT_CMDLINE: 'nofb nomodeset vga=normal console=tty0 console=ttyS0,115200 audit=1 nousb'
+      DIB_IMAGE_SIZE: '23'
+      COMPRESS_IMAGE: '1'
+      DIB_BLOCK_DEVICE: 'efi'