diff options
author | Sam Thursfield <sam.thursfield@codethink.co.uk> | 2015-05-12 13:29:04 +0100 |
---|---|---|
committer | Sam Thursfield <sam.thursfield@codethink.co.uk> | 2015-05-12 13:47:02 +0100 |
commit | c368f61b0b460f120634219a5b70186c803d5bed (patch) | |
tree | 18ea76a2cea1d4851e2d9c578b7511fbd445ca57 /README.mdwn | |
parent | ab22c20a82808537c89bbd4e009aae98186e7ade (diff) | |
download | infrastructure-c368f61b0b460f120634219a5b70186c803d5bed.tar.gz |
Ensure Masons can /only/ fetch sources from git.baserock.org
This is done by using 'internal-only' instead of 'default' as the
security group. I've updated the README to note this. To make Mason
work in the absence of DNS we also have to change the 'trove-host'
setting to be the actual IP of git.baserock.org.
The idea is to enforce the policy that the Baserock reference system
definitions can only use 'baserock:' and 'upstream:' keyed URLs.
Change-Id: I114fc89a707f6f626e4b758426558f48e5fafb73
Diffstat (limited to 'README.mdwn')
-rw-r--r-- | README.mdwn | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/README.mdwn b/README.mdwn index 3b2501ff..91d7db72 100644 --- a/README.mdwn +++ b/README.mdwn @@ -451,3 +451,36 @@ To deploy the production version: Storyboard deployment does not yet work fully (you can manually kludge it into working after deploying it, though). + +### Masons + +Mason is the name we use for an automated build and test system used in the +Baserock project. The V2 Mason that runs as <https://mason-x86-32.baserock.org/> +and <https://mason-x86-64.baserock.org/> lives in definitions.git, and is thus +available in infrastructure.git too by default. + +To build mason-x86-64: + + morph init ws; cd ws; morph checkout baserock:baserock/infrastructure master; + cd master/baserock/baserock/infrastructure + + morph build systems/build-system-x86_64.morph + morph deploy baserock_mason_x86_64/mason-x86-64.morph + + nova boot mason-x86-64.baserock.org \ + --key-name $keyname \ + --flavor 'dc1.2x2' \ + --image baserock_mason_x86_64 \ + --nic "net-id=$network_id,v4-fixed-ip=192.168.222.80" \ + --security-groups internal-only,mason-x86 + --user-data baserock-ops-team.cloud-config + +The mason-x86-32 system is the same, just subsitute '64' for '32' in the above +commands. + +Note that the Masons are NOT in the 'default' security group, they are in +'internal-only'. This is a way of enforcing the [policy] that the Baserock +reference system definitions can only use source code hosted on +git.baserock.org, by making it impossible to fetch code from anywhere else. + +[policy]: http://wiki.baserock.org/policies/ |