Merge "Add creation of security hardened images"

2017-05-31 14:38:28 +00:00 · 2017-05-31 14:38:28 +00:00 · fa6368db66
commit fa6368db66
parent aea082accb fc07b696ac
3 changed files with 63 additions and 1 deletions
--- a/image-yaml/overcloud-images-centos7.yaml
+++ b/image-yaml/overcloud-images-centos7.yaml
@ -19,4 +19,12 @@ disk_images:
      - selinux-permissive
    packages:
      - yum-plugin-priorities
-
+  -
+    imagename: overcloud-security-hardened-full
+    arch: amd64
+    type: qcow2
+    distro: centos7
+    elements:
+      - selinux-permissive
+    packages:
+      - yum-plugin-priorities
--- a/image-yaml/overcloud-images-rhel7.yaml
+++ b/image-yaml/overcloud-images-rhel7.yaml
@ -11,3 +11,8 @@ disk_images:
    arch: amd64
    type: qcow2
    distro: rhel7
+  -
+    imagename: overcloud-security-hardened-full
+    arch: amd64
+    type: qcow2
+    distro: rhel7
--- a/image-yaml/overcloud-images.yaml
+++ b/image-yaml/overcloud-images.yaml
@ -61,3 +61,52 @@ disk_images:
      - "--min-tmpfs=5"
    environment:
      DIB_PYTHON_VERSION: '2'
+
+  -
+    imagename: overcloud-security-hardened-full
+    arch: amd64
+    type: qcow2
+    elements:
+      - dhcp-all-interfaces
+      - overcloud-agent
+      - overcloud-full
+      - overcloud-controller
+      - overcloud-compute
+      - overcloud-ceph-storage
+      - puppet-modules
+      - hiera
+      - os-net-config
+      - stable-interface-names
+      - bootloader
+      - element-manifest
+      - dynamic-login
+      - iptables
+      - enable-packages-install
+      - pip-and-virtualenv-override
+      - ntp
+      - dracut-regenerate
+      - remove-machine-id
+      - modprobe-blacklist
+      - overcloud-secure
+    packages:
+      - python-psutil
+      - python-debtcollector
+      - plotnetcfg
+      - sos
+      - device-mapper-multipath
+      - python-heat-agent-puppet
+      - python-heat-agent-hiera
+      - python-heat-agent-apply-config
+      - python-heat-agent-ansible
+      - python-heat-agent-docker-cmd
+      - python-heat-agent-json-file
+      - screen
+    options:
+      - "--min-tmpfs 5"
+    environment:
+      DIB_PYTHON_VERSION: '2'
+      DIB_MODPROBE_BLACKLIST: 'usb-storage cramfs freevxfs jffs2 hfs hfsplus squashfs udf vfat bluetooth'
+      DIB_BOOTLOADER_DEFAULT_CMDLINE: 'nofb nomodeset vga=normal console=tty0 console=ttyS0,115200 audit=1 nousb'
+      DIB_IMAGE_SIZE: '20'
+      COMPRESS_IMAGE: '1'
+