openstack/tripleo-quickstart-extras
Code Issues Proposed changes
fc222b3963
tripleo-quickstart-extras/roles/build-images/README.md
Yolanda Robla 1eac9d8f04 Add documentation on how to build a hardened image 
We can build security hardened images just updating the list
of files on the role. So document properly in order to show
how to do it.

Change-Id: Ie3207c07bfdedebd609501bb9d55166e56e6ad98
2017-06-06 14:58:00 +02:00

77 lines
3.2 KiB
Markdown
Raw Blame History

build-images
============
An Ansible role for building TripleO undercloud and overcloud images. The role
can either operate directly against a host (direct) or setup a build
environment inside of a libvirt guest using libguestfs-tools (isolated).
It starts by creating the overcloud images from the provided yaml files. It
then uses the convert-image role from tripleo-quickstart to turn the
overcloud-full.qcow2 image into an undercloud image. Finally, it injects the
previously created overcloud-full and ironic-python-agent images into this
new undercloud image.
Requirements
------------
* [convert-image](https://git.openstack.org/cgit/openstack/tripleo-quickstart/tree/roles/convert-image) role from tripleo-quickstart (if building an undercloud image)
* [fetch-images](https://git.openstack.org/cgit/openstack/tripleo-quickstart/tree/roles/fetch-images) role from tripleo-quickstart (if using isolated build)
* [modify-image](https://git.openstack.org/cgit/openstack/tripleo-quickstart-extras/tree/roles/modify-image) role from tripleo-quickstart-extras
* [repo-setup](https://git.openstack.org/cgit/openstack/tripleo-quickstart-extras/tree/roles/repo-setup) role from tripleo-quickstart-extras
Role Variables
--------------
* `images_working_dir` -- Directory on the host where images and logs will be
placed
* `images_destroy_working_dir` -- Whether to destroy the previous image
directory before starting. (Default true)
* `overcloud_image_build_script` -- Template used for the overcloud image build
* `overcloud_image_build_log` -- Log file for output from the image build
script.
* `build_image_isolated` -- Whether to use libguestfs to create an isolated
build environment. (Default true)
* `build_isolation_image_url` -- URL for image to use as the isolated build
environment. (Currently requires an .md5 file in the same location because
the fetch-images role from quickstart is used to get the image)
* `build_undercloud` -- Whether to build an undercloud image. (Default true)
* `package_images` -- Whether to create tarballs and md5s for all of the
produced images. (Default true)
* `overcloud_repo_paths` -- List of repo paths that will be passed to DIB for
package installs in the overcloud images. These repos will also be copied on
to the undercloud image.
* `image_build_yaml_paths` -- List of yaml files to be passed to the overcloud
image build. (Defaults to yamls packaged in tripleo-common. In order to
produce security hardened images, the alternate overcloud-hardened-images
need to be used instead of the overcloud-images ones).
* `image_build_extract_list` -- List of artifacts to extract from the isolated
build environment after building.
* `inject_images` -- List of artifacts to inject into the undercloud image
* `skip_build_images` -- skip building images if there present or cached
(default: true), setting it to false will add '--no-skip' option to openstack
image build command.
Example Usage
-------------
```yaml
---
- name: Build images using an isolated build environment
hosts: virthost
roles:
- build-images
- name: Build images with repos directly installed on the host
hosts: virthost
vars:
build_image_isolated: false
roles:
- build-images
```
License
-------
Apache
View Git Blame Copy Permalink