Add overcloud-secure element

This element will export all the block device configuration
needed for security images. As the layout to expose is complex,
it won't fit on the environment vars that can be provided on tripleo-common.
So is better to create a new element that exposes all this configuration,
and include it on the security hardened image.
It will also uninstall some packages that need to be removed for
security reasons.

Change-Id: Id6ece1c734d4cbf5adb857f0e627f59543be44ae
Needed-By: I541055fe81900b91e2bf131f1e95ce08c94f2554

elements/overcloud-secure/README.rst

@@ -0,0 +1,15 @@
+overcloud-secure
+================
+
+CAUTION: This element is part of the security hardened images feature, that
+is delivered in this release as tech preview. The following element is not
+intended for production usage.
+
+overcloud-secure is an element to add extra security hardening features to
+the tripleo images: partition creation and unsafe package uninstall.
+
+It includes the block-device-default definition, that creates independent
+partitions on the overcloud image, allowing those to accomplish the ANSSI
+security requirements. Please note that the sizes of the partitions may not
+be enough for production usage, they will need to be resized properly after
+deployment depending on the available disk size.

elements/overcloud-secure/block-device-default.yaml

@@ -0,0 +1,58 @@
+- local_loop:
+    name: image0
+- partitioning:
+    base: image0
+    label: mbr
+    partitions:
+      - name: root
+        flags: [ boot,primary ]
+        size: 6G
+        mkfs:
+            type: xfs
+            label: "img-rootfs"
+            mount:
+                mount_point: /
+                fstab:
+                    options: "rw,relatime"
+                    fck-passno: 1
+      - name: tmp
+        size: 1G
+        mkfs:
+            type: xfs
+            mount:
+                mount_point: /tmp
+                fstab:
+                    options: "rw,nosuid,nodev,noexec,relatime"
+      - name: var
+        size: 7G
+        mkfs:
+            type: xfs
+            mount:
+                mount_point: /var
+                fstab:
+                    options: "rw,relatime"
+      - name: log
+        size: 5G
+        mkfs:
+            type: xfs
+            mount:
+                mount_point: /var/log
+                fstab:
+                    options: "rw,relatime"
+      - name: audit
+        size: 900M
+        mkfs:
+            type: xfs
+            mount:
+                mount_point: /var/log/audit
+                fstab:
+                    options: "rw,relatime"
+      - name: home
+        size: 100M
+        mkfs:
+            type: xfs
+            mount:
+                mount_point: /home
+                fstab:
+                    options: "rw,nodev,relatime"
+

elements/overcloud-secure/element-deps

@@ -0,0 +1 @@
+package-installs

elements/overcloud-secure/package-installs.yaml

@@ -0,0 +1,4 @@
+kexec-tools:
+  uninstall: True
+telnet:
+  uninstall: True