Move partition handling to overcloud-partition / overcloud-partition-uefi
as whole-disk images with kernel-rt would be impossible to create due to
dependencies between kernel-rt and kdump/kexec-tools. We need to be able
to create whole-disk image while some package should not be uninstalled.
Change-Id: I181cf4dc0c0976833e39e4df78a7cff184f0f0b2
Support for security hardened images was delivered in Queens, not as
TechPreview. Removing the section of README that indicates it is
TechPreview.
Change-Id: I579b1fdedcd23f8d004bb9ca6c8fedd29c33ac7c
With the move to containers there has been an increase of
demand on the /var volume. Increase the global size, as well
as give more percentage to /var and reduce /root.
Also fix fsck-passno setting, that was incorrectly set.
Change-Id: I8d820f668ffffe5993d5fef38e0c1e8c5f5862ec
Depends-On: Ib806bac815077c2508060719469b5d0f1acc0f99
When specifying the layout for the hardened image, we need
also to specify the device type, that in our case will be
mbr. So add this as a dependency of overcloud-secure to
properly set the type.
Change-Id: Ic0ad151cc12723e437a1123f90c6663198b9564d
The recent tests showed that we need more space for the /var
partition, and that we need to increase the final size of the
image to 23G to fit the needs. And we need to rebalance the
percentage used by volumes to have similar sizes.
Change-Id: Icf25fc15bd71a50e68038012683e3e56aaa72443
Depends-On: I3885a5c359b56c515dbb9286ded1dee062cdcffc
Instead of relying on fixed partitions, start using volumes
now that diskimage-builder is supporting it. It will give more
flexibility in terms of resizing to use the disk fully.
Change-Id: I88049da2179e2ea984e05648abb60c804a521b70
This element will export all the block device configuration
needed for security images. As the layout to expose is complex,
it won't fit on the environment vars that can be provided on tripleo-common.
So is better to create a new element that exposes all this configuration,
and include it on the security hardened image.
It will also uninstall some packages that need to be removed for
security reasons.
Change-Id: Id6ece1c734d4cbf5adb857f0e627f59543be44ae
Needed-By: I541055fe81900b91e2bf131f1e95ce08c94f2554
Ghanshyam Mann