Add creation of security hardened images
Those images won't use baremetal element, but will use bootloader instead. That image also comes with pre-created volumes with the right security flags, as well as enabling some extra flags on grub, and blacklisting some modules. Implements: blueprint whole-disk-images Change-Id: I541055fe81900b91e2bf131f1e95ce08c94f2554 Depends-On: I292fb70cde41ee6053b7b81a67931bcdaaa6d664 Depends-On: I153f979722eaec49eab93d7cd398c5589b9bfc44 Depends-On: Id6ece1c734d4cbf5adb857f0e627f59543be44ae
This commit is contained in:
parent
4a84166ca7
commit
fc07b696ac
|
@ -19,4 +19,12 @@ disk_images:
|
|||
- selinux-permissive
|
||||
packages:
|
||||
- yum-plugin-priorities
|
||||
|
||||
-
|
||||
imagename: overcloud-security-hardened-full
|
||||
arch: amd64
|
||||
type: qcow2
|
||||
distro: centos7
|
||||
elements:
|
||||
- selinux-permissive
|
||||
packages:
|
||||
- yum-plugin-priorities
|
||||
|
|
|
@ -11,3 +11,8 @@ disk_images:
|
|||
arch: amd64
|
||||
type: qcow2
|
||||
distro: rhel7
|
||||
-
|
||||
imagename: overcloud-security-hardened-full
|
||||
arch: amd64
|
||||
type: qcow2
|
||||
distro: rhel7
|
||||
|
|
|
@ -61,3 +61,52 @@ disk_images:
|
|||
- "--min-tmpfs=5"
|
||||
environment:
|
||||
DIB_PYTHON_VERSION: '2'
|
||||
|
||||
-
|
||||
imagename: overcloud-security-hardened-full
|
||||
arch: amd64
|
||||
type: qcow2
|
||||
elements:
|
||||
- dhcp-all-interfaces
|
||||
- overcloud-agent
|
||||
- overcloud-full
|
||||
- overcloud-controller
|
||||
- overcloud-compute
|
||||
- overcloud-ceph-storage
|
||||
- puppet-modules
|
||||
- hiera
|
||||
- os-net-config
|
||||
- stable-interface-names
|
||||
- bootloader
|
||||
- element-manifest
|
||||
- dynamic-login
|
||||
- iptables
|
||||
- enable-packages-install
|
||||
- pip-and-virtualenv-override
|
||||
- ntp
|
||||
- dracut-regenerate
|
||||
- remove-machine-id
|
||||
- modprobe-blacklist
|
||||
- overcloud-secure
|
||||
packages:
|
||||
- python-psutil
|
||||
- python-debtcollector
|
||||
- plotnetcfg
|
||||
- sos
|
||||
- device-mapper-multipath
|
||||
- python-heat-agent-puppet
|
||||
- python-heat-agent-hiera
|
||||
- python-heat-agent-apply-config
|
||||
- python-heat-agent-ansible
|
||||
- python-heat-agent-docker-cmd
|
||||
- python-heat-agent-json-file
|
||||
- screen
|
||||
options:
|
||||
- "--min-tmpfs 5"
|
||||
environment:
|
||||
DIB_PYTHON_VERSION: '2'
|
||||
DIB_MODPROBE_BLACKLIST: 'usb-storage cramfs freevxfs jffs2 hfs hfsplus squashfs udf vfat bluetooth'
|
||||
DIB_BOOTLOADER_DEFAULT_CMDLINE: 'nofb nomodeset vga=normal console=tty0 console=ttyS0,115200 audit=1 nousb'
|
||||
DIB_IMAGE_SIZE: '20'
|
||||
COMPRESS_IMAGE: '1'
|
||||
|
||||
|
|
Loading…
Reference in New Issue