summaryrefslogtreecommitdiff
path: root/README.mdwn
diff options
context:
space:
mode:
authorSam Thursfield <sam.thursfield@codethink.co.uk>2017-07-12 19:27:50 +0100
committerSam Thursfield <sam.thursfield@codethink.co.uk>2017-07-13 16:57:36 +0100
commitc87270a48f7fe97bb26b538215e7ad96ffd449e2 (patch)
treee007a278e2c124505d6429880266fa45d61d4026 /README.mdwn
parent37d25cfe74687c5529fd43f0010eda8363682cbc (diff)
downloadinfrastructure-c87270a48f7fe97bb26b538215e7ad96ffd449e2.tar.gz
Add ostree.baserock.org system
This is a new instance that can be used as an artifact cache by the BuildStream build tool. Anyone can download artifacts over HTTPS. Those given SSH access to the machine can write to the artifact cache (this will likely be limited to automated build machines). DNS is now set to point cache.baserock.org and ostree.baserock.org to the HAProxy frontend. The SSL certificate for the frontend-haproxy system has been regenerated to include the cache.baserock.org and ostree.baserock.org domains.
Diffstat (limited to 'README.mdwn')
-rw-r--r--README.mdwn39
1 files changed, 30 insertions, 9 deletions
diff --git a/README.mdwn b/README.mdwn
index 8841e255..aba8f036 100644
--- a/README.mdwn
+++ b/README.mdwn
@@ -341,7 +341,7 @@ To deploy this system:
--flavor=dc1.1x0 \
--image=$fedora_image_id \
--nic="net-id=$network_id" \
- --security-groups default,gerrit,web-server \
+ --security-groups default,gerrit,shared-artifact-cache,web-server \
--user-data ./baserock-ops-team.cloud-config
ansible-playbook -i hosts baserock_frontend/image-config.yml
ansible-playbook -i hosts baserock_frontend/instance-config.yml
@@ -726,6 +726,28 @@ or 'build' system.
ansible-playbook -i hosts baserock_trove/configure-trove.yml
+### OSTree artifact cache
+
+To deploy this system to production:
+
+ nova volume-create \
+ --display-name ostree-volume \
+ --display-description 'OSTree cache volume' \
+ --volume-type Ceph \
+ 300
+
+ nova boot ostree.baserock.org \
+ --key-name $keyname \
+ --flavor dc1.2x8.40 \
+ --image $fedora_image_id \
+ --nic "net-id=$network_id,v4-fixed-ip=192.168.222.153" \
+ --security-groups default,web-server \
+ --user-data ./baserock-ops-team.cloud-config
+
+ nova volume-attach ostree.baserock.org <volume-id> /dev/vdb
+
+ ansible-playbook -i hosts baserock_ostree/image-config.yml
+ ansible-playbook -i hosts baserock_ostree/instance-config.yml
Creating new repos
------------------
@@ -787,7 +809,7 @@ of the subdomains:
cd letsencrypt.sh
cat >domains.txt <<'EOF'
baserock.org
- irclogs.baserock.org download.baserock.org openid.baserock.org gerrit.baserock.org paste.baserock.org spec.baserock.org docs.baserock.org
+ cache.baserock.org docs.baserock.org download.baserock.org gerrit.baserock.org irclogs.baserock.org openid.baserock.org ostree.baserock.org paste.baserock.org spec.baserock.org
storyboard.baserock.org
git.baserock.org
EOF
@@ -806,7 +828,6 @@ decrypted. To show the contents of this file, run the following in a
ansible-vault view private/dnsapi.config.txt
-
Now, to generate the certs, run:
./dehydrated -c
@@ -822,11 +843,11 @@ certificates that are present in `certs` and `private` you will have to:
# Create some full certs including key for some services that need it this way
cat git.baserock.org/cert.csr git.baserock.org/cert.pem git.baserock.org/chain.pem git.baserock.org/privkey.pem > tmp/private/git-with-key.pem
- cat irclogs.baserock.org/cert.csr irclogs.baserock.org/cert.pem irclogs.baserock.org/chain.pem irclogs.baserock.org/privkey.pem > tmp/private/frontend-with-key.pem
+ cat cache.baserock.org/cert.csr cache.baserock.org/cert.pem cache.baserock.org/chain.pem cache.baserock.org/privkey.pem > tmp/private/frontend-with-key.pem
# Copy key files
cp git.baserock.org/privkey.pem tmp/private/git.pem
- cp irclogs.baserock.org/privkey.pem tmp/private/frontend.pem
+ cp cache.baserock.org/privkey.pem tmp/private/frontend.pem
cp storyboard.baserock.org/privkey.pem tmp/private/storyboard.pem
@@ -834,16 +855,16 @@ certificates that are present in `certs` and `private` you will have to:
cp git.baserock.org/cert.csr tmp/certs/git.csr
cp git.baserock.org/cert.pem tmp/certs/git.pem
cp git.baserock.org/chain.pem tmp/certs/git-chain.pem
- cp irclogs.baserock.org/cert.csr tmp/certs/frontend.csr
- cp irclogs.baserock.org/cert.pem tmp/certs/frontend.pem
- cp irclogs.baserock.org/chain.pem tmp/certs/frontend-chain.pem
+ cp cache.baserock.org/cert.csr tmp/certs/frontend.csr
+ cp cache.baserock.org/cert.pem tmp/certs/frontend.pem
+ cp cache.baserock.org/chain.pem tmp/certs/frontend-chain.pem
cp storyboard.baserock.org/cert.csr tmp/certs/storyboard.csr
cp storyboard.baserock.org/cert.pem tmp/certs/storyboard.pem
cp storyboard.baserock.org/chain.pem tmp/certs/storyboard-chain.pem
# Create full certs without keys
cat git.baserock.org/cert.csr git.baserock.org/cert.pem chain.pem > tmp/certs/git-full.pem
- cat irclogs.baserock.org/cert.csr irclogs.baserock.org/cert.pem irclogs.baserock.org/chain.pem > tmp/certs/frontend-full.pem
+ cat cache.baserock.org/cert.csr cache.baserock.org/cert.pem cache.baserock.org/chain.pem > tmp/certs/frontend-full.pem
cat storyboard.baserock.org/cert.csr storyboard.baserock.org/cert.pem storyboard.baserock.org/chain.pem > tmp/certs/storyboard-full.pem
Before replacing the current ones, make sure you **encrypt** the ones that contain
View Lorry Controller Status