How to mount / in read-only mode by default (Stateless Linux) ?

Resolution

• To mount / in readonly mode in RHEL 5/6 refer Is it possible to mount the root filesystem read-only (Stateless Linux)?
• For RHEL 7, follow below steps :

1. Edited below file by changing the parameters as per your requirement. Minimal requirement is to edit READONLY to yes.

   # cat /etc/sysconfig/readonly-root 
   
   # Set to 'yes' to mount the system filesystems read-only.
   READONLY=yes
   # Set to 'yes' to mount various temporary state as either tmpfs
   # or on the block device labelled RW_LABEL. Implied by READONLY
   TEMPORARY_STATE=yes
   # Place to put a tmpfs for temporary scratch writable space
   RW_MOUNT=/var/lib/stateless/writable
   # Label on local filesystem which can be used for temporary scratch space
   RW_LABEL=stateless-rw
   # Options to use for temporary mount
   RW_OPTIONS=
   # Label for partition with persistent data
   STATE_LABEL=stateless-state
   # Where to mount to the persistent data
   STATE_MOUNT=/var/lib/stateless/state
   # Options to use for persistent mount
   STATE_OPTIONS=
   # NFS server to use for persistent data?
   CLIENTSTATE=
   # Use slave bind-mounts
   SLAVE_MOUNTS=yes
   

2. Change fstab entry for / as ro by replacing defaults.

   # cat /etc/fstab | grep root
   /dev/mapper/rhel-root   /    xfs   ro     0 0
   

3. Take a backup of current initramfs (to be on safer side).

   # cp /boot/initramfs-3.10.0-229.el7.x86_64.img /boot/initramfs-3.10.0-229.el7.x86_64.img.bkp 
   

4. Rebuild the initramfs for current kernel version.

   # dracut -f -v
   

5. Perform a reboot.

   # reboot
   

6. Verify if / is mounted in ro mode :

   # cat /proc/mounts | grep root
   rootfs / rootfs rw 0 0
   /dev/mapper/rhel-root / xfs ro,seclabel,relatime,attr2,inode64,noquota 0 0