Skip to main content

Posts

Showing posts from November, 2017

Automated TripleO upgrades

Upgrading TripleO can be a hard task. While there are instructions on how to do it manually, having a set of playbooks that automate this task can help.
With this purpose, I've created the TripleO upgrade automation playbooks (https://github.com/redhat-nfvpe/tripleo-upgrade-automation).
Those are a set of playbooks that allow to upgrade an existing TripleO deployment, specially focused on versions from 8 to 10, and integrated with local mirrors (https://github.com/redhat-nfvpe/rhel-local-mirrors)

In case you want to know more, please visit the tripleo-upgrade-automation project on github, and you'll get instructions on how to properly use this repo to automate your upgrades.

Security hardened images with volumes

Starting to apply since QueensThis article is a continuation of http://teknoarticles.blogspot.com.es/2017/07/build-and-use-security-hardened-images.html How to build the security hardened image with volumes Starting since Queens, security hardened images can be built using volumes. This will have the advantage of more flexibility when resizing the different filesystems.

The process of building the security hardened image is the same as in the previous blogpost. But there have been a change in how the partitions, volumes and filesystems are defined. Now there is a pre-defined partition of 20G, and then volumes are created under it. Volume sizes are created on percentages, not in absolute size,:
/              -> 30% (over 6G)/tmp           -> 5% (over 1G)/var           -> 35% (over 7G)/var/log       -> 25% (over 5G)/var/log/audit -> 4% (over 0.8G)/home          -> 1% (over 0.2G) With that new layout based on volumes, you have now two options for resizing, to use all th…