Skip to content →

NFVPE Blog Posts

TripleO Security Hardening

Over this Ocata cycle I have been working on the automation of security
hardening in the TripleO OpenStack Installer and various openstack
puppet-modules. The desired outcome of this work is to assist
operators meet the various compliance standards that exist in the private and
public sectors of IT security, using an automated approach.

Comments closed

How to encrypt your home with guestfs

Continued from http://teknoarticles.blogspot.com.es/2016/12/start-using-whole-disk-images-with.html For security reasons, there may be the need of encrypting several partitions of volumes on your images.And you can have a pre-created image with that encryption on place, instead of having to do manually after boot. This can be done with guestfs and luks. The following script will show how to perform that encryption and mount it automatically: #!/usr/bin/env pythonimport binasciiimport guestfsimport os # remove old generated drivetry:    os.unlink(“/tmp/overcloud-full-partitioned.qcow2”)except:    pass g = guestfs.GuestFS(python_return_dict=True) # import old and new imagesprint(“Creating new repartitioned image”)g.add_drive_opts(“/tmp/overcloud-full.qcow2″, format=”qcow2”, readonly=1)g.disk_create(“/tmp/overcloud-full-partitioned.qcow2”, “qcow2”, 10 * 1024 * 1024 * 1024) #10Gg.add_drive_opts(“/tmp/overcloud-full-partitioned.qcow2″, format=”qcow2”, readonly=0)g.launch() # create…

Comments closed

Start using whole disk images with TripleO

What are the differences between flat partition image and whole disk image? In order to understand this article, you first need to know what a flat partition image and a whole disk image are, and the differences between each other. flat partition image: disk image that just contains all the desired content in a filesystem, but does not carry any information about partitions on it, and it does not include a bootloader. In order to boot from a whole disk image, the kernel and ramdisk images need to be passed independently when booting, relying on an external system to mount.…

Comments closed

Deploy a custom builder image on OpenShift

In the last article on creating custom s2i builder images we created the (intentionally ridiculous) pickle-http sample, and today we’re going to go ahead and deploy it under openshift. It’s the easy part, when it comes down to it. It’s rather fast, and cockpit (the web GUI) provides some nice clean information about the builds, including logs and links to webhooks to trigger builds.

Comments closed

Using OpenShift’s s2i custom builder

Let’s use OpenShift’s s2i custom building functionality to make a custom image build. Wait, what’s s2i? It’s “source-to-image”. The gist here is that you plug into OpenShift’s dashboard a git URL, and it combines it into an image. There’s already “builder images” pre-loaded into OpenShift, and while those are handy… If you’re doing anything more than a bog standard web app – you’re going to need a little more horsepower to put together a custom image. That’s why we’re going to look at the work-flow to create a custom builder image using s2i.

Comments closed

Hello Ansible CIRA!

Today we’re going to look at CIRA. CIRA is a tool to deploy a CI reference architecture to test OpenStack. I’m going to go with the Docker deployment option, as that’s the environment that I tend towards. Today we’ll get it up and running here.

Comments closed