Skip to content →

Category: Yolanda’s Posts

Build and use security hardened images with TripleO

Starting to apply since Pike Concept of security hardened images Normally the images used for overcloud deployment in TripleO are not security hardened. It means, the images lack all the extra security measures needed to accomplish with ANSSI requirements. These extra measures are needed to deploy TripleO in environments where security is an important feature.The following recommendations are given to accomplish with security guidelines: ensure that /tmp is mounted on a separate volume or partition, and that it is mounted with rw,nosuid,nodev,noexec,relatime flags ensure that /var, /var/log and /var/log/audit are mounted on separates volumes or partitions, and that are mounted…

Continue reading Build and use security hardened images with TripleO

Leave a Comment

TripleO Quickstart deployments on baremetal using TOAD

This article is going to cover how to deploy TripleO Quickstart on baremetal. The undercloud will still be virtualized, but controller and compute will be deployed on baremetal.This post belongs to a serie. In order to get more knowledge about TOAD and tripleo-quickstart, please read http://teknoarticles.blogspot.com/2017/02/automated-osp-deployments-with-tripleo.html and http://teknoarticles.blogspot.com/2017/02/describing-cira-continuous-integration.html Requirements Hardware A baremetal server is needed to act as Jenkins slave + contain virtualized undercloud. A multi-core CPU, 16GB of RAM and 60GB of disk is the recommended setup. One server for each controller/compute that needs to be deployed. They need to have at least 8GB of RAM. Network IPMI access…

Continue reading TripleO Quickstart deployments on baremetal using TOAD

Comments closed

Automated OSP deployments with Tripleo Quickstart

In this article I’m going to show a method for automating OSP (RedHat OpenStack platform) deployments. These automated deployments can be very useful for CI, or simply to experiment and test with the system. Components involved ansible-cira: set of playbooks to deploy Jenkins, jenkins-job-builder and an optional ELK stack. This will install a ready to use system with all the preconfigured jobs (including OSP10 deployments and image building). ansible-cira jenkins-jobs: A set of job templates and macros, using jenkins-job-builder syntax, that get converted into Jenkins jobs for building the OSP base images and for deploying the system. ansible-cira job-configs: A…

Continue reading Automated OSP deployments with Tripleo Quickstart

Comments closed

Describing TOAD – Continuous Integration Rapid Automation

An overview of the TOAD framework and the advantages What is TOAD? Fully automated deployment using Ansible (single command spin up) Main goal: to automate OSP deployments for continuous integration (CI) and development purposes TOAD is a CI framework using off-the-shelf components that many partners are familiar with: Jenkins Jenkins Job Builder (JJB): http://docs.openstack.org/infra/jenkins-job-builder/  TripleO Quickstart (oooq): https://www.rdoproject.org/tripleo/  Optional ELK Stack (ElasticSearch, Logstash, Kibana)  Its core component is TripleO Quickstart, used for TripleO upstream testing Fully customizable with oooq settings; can be extended Deploy environments with one click; trash after finished  Of course itโ€™s open source! ๐Ÿ™‚ https://github.com/redhat-nfvpe/toad https://github.com/redhat-nfvpe/jenkins-jobs  https://github.com/redhat-nfvpe/job-configs…

Continue reading Describing TOAD – Continuous Integration Rapid Automation

Comments closed

Describing TOAD – TripleO automated deployer

An overview of the TOAD framework and the advantages What is TOAD? Fully automated deployment using Ansible (single command spin up) Main goal: to automate OSP deployments for continuous integration (CI) and development purposes TOAD is a CI framework using off-the-shelf components that many partners are familiar with: Jenkins Jenkins Job Builder (JJB): http://docs.openstack.org/infra/jenkins-job-builder/  TripleO Quickstart (oooq): https://www.rdoproject.org/tripleo/  Optional ELK Stack (ElasticSearch, Logstash, Kibana)  Its core component is TripleO Quickstart, used for TripleO upstream testing Fully customizable with oooq settings; can be extended Deploy environments with one click; trash after finished  Of course itโ€™s open source! ๐Ÿ™‚ https://github.com/redhat-nfvpe/toad https://github.com/redhat-nfvpe/jenkins-jobs  https://github.com/redhat-nfvpe/job-configs…

Continue reading Describing TOAD – TripleO automated deployer

Comments closed

Describing CIRA – Continuous Integration Rapid Automation

An overview of the CIRA framework and the advantages What is CIRA? Fully automated deployment using Ansible (single command spin up) Main goal: to automate OSP deployments for continuous integration (CI) and development purposes CIRA is a CI framework using off-the-shelf components that many partners are familiar with: Jenkins Jenkins Job Builder (JJB): http://docs.openstack.org/infra/jenkins-job-builder/  TripleO Quickstart (oooq): https://www.rdoproject.org/tripleo/  Optional ELK Stack (ElasticSearch, Logstash, Kibana)  Its core component is TripleO Quickstart, used for TripleO upstream testing Fully customizable with oooq settings; can be extended Deploy environments with one click; trash after finished  Of course itโ€™s open source! ๐Ÿ™‚ https://github.com/redhat-nfvpe/ansible-cira  https://github.com/redhat-nfvpe/jenkins-jobs  https://github.com/redhat-nfvpe/job-configs…

Continue reading Describing CIRA – Continuous Integration Rapid Automation

Comments closed

How to encrypt your home with guestfs

Continued from http://teknoarticles.blogspot.com.es/2016/12/start-using-whole-disk-images-with.html For security reasons, there may be the need of encrypting several partitions of volumes on your images.And you can have a pre-created image with that encryption on place, instead of having to do manually after boot. This can be done with guestfs and luks. The following script will show how to perform that encryption and mount it automatically: #!/usr/bin/env pythonimport binasciiimport guestfsimport os # remove old generated drivetry:    os.unlink(“/tmp/overcloud-full-partitioned.qcow2”)except:    pass g = guestfs.GuestFS(python_return_dict=True) # import old and new imagesprint(“Creating new repartitioned image”)g.add_drive_opts(“/tmp/overcloud-full.qcow2″, format=”qcow2”, readonly=1)g.disk_create(“/tmp/overcloud-full-partitioned.qcow2”, “qcow2”, 10 * 1024 * 1024 * 1024) #10Gg.add_drive_opts(“/tmp/overcloud-full-partitioned.qcow2″, format=”qcow2”, readonly=0)g.launch() # create…

Continue reading How to encrypt your home with guestfs

Comments closed

Start using whole disk images with TripleO

What are the differences between flat partition image and whole disk image? In order to understand this article, you first need to know what a flat partition image and a whole disk image are, and the differences between each other. flat partition image: disk image that just contains all the desired content in a filesystem, but does not carry any information about partitions on it, and it does not include a bootloader. In order to boot from a whole disk image, the kernel and ramdisk images need to be passed independently when booting, relying on an external system to mount.…

Continue reading Start using whole disk images with TripleO

Comments closed

Generate Fedora Atomic images using diskimage-builder

About Atomic project – http://www.projectatomic.io Atomic is a lightweight operating system, assembled from RPM content. It is mainly designed to run applications in Docker containers. Hosts based on RHEL, Fedora and CentOS are available with Atomic.Project Atomic includes the following components: Docker, Kubernetes, rpm-ostree, systemd What are the advantages of Atomic? Using Atomic distributions limits the patch frequency for administrators. The usage of Docker containers offers a clear path to deliver consistent and fully tested stacks. Containers secured with Linux namespaces, cGroups, and SELinux give isolation close to that of a VM, with much greater flexibility and efficiency. About diskimage-builder…

Continue reading Generate Fedora Atomic images using diskimage-builder

Comments closed