History

Steve Baker 1635ba8abe Unmask and enable tmp.mount for overcloud-partition In recent centos 8 images tmp.mount is masked, which causes issues with all defined LVM mounts (/ is readonly, other mounts fail). This change unmasks and enables tmp.mounted so the existing LVM /tmp mounts correctly. It also makes fsck-passno compliant with the documentation[1] so that / has value 1 and all other mounts are set to 2. Blueprint: whole-disk-default [1] https://www.man7.org/linux/man-pages/man5/fstab.5.html Change-Id: Ib517e73845a7698f873a4f3207ffa9c54cdbcbef		2021-06-17 13:52:12 +12:00
..
environment.d	Don't depend on block-device elements	2021-06-17 13:52:12 +12:00
post-install.d	Unmask and enable tmp.mount for overcloud-partition	2021-06-17 13:52:12 +12:00
README.rst	Move partition handling to overcloud-partition / overcloud-partition-uefi	2020-07-21 14:54:50 +00:00
block-device-default.yaml	Unmask and enable tmp.mount for overcloud-partition	2021-06-17 13:52:12 +12:00
element-provides	Don't depend on block-device elements	2021-06-17 13:52:12 +12:00

README.rst

overcloud-partition

overcloud-partition is an element to add extra security hardening features to the tripleo images: partition creation.

It includes the block-device-default definition, that creates independent partitions on the overcloud image, allowing those to accomplish the ANSSI security requirements. Please note that the sizes of the partitions may not be enough for production usage, they will need to be resized properly after deployment depending on the available disk size.