diff options
| author | Sam Thursfield <sam.thursfield@codethink.co.uk> | 2017-07-12 19:27:50 +0100 |
|---|---|---|
| committer | Sam Thursfield <sam.thursfield@codethink.co.uk> | 2017-07-13 16:57:36 +0100 |
| commit | c87270a48f7fe97bb26b538215e7ad96ffd449e2 (patch) | |
| tree | e007a278e2c124505d6429880266fa45d61d4026 /baserock_frontend | |
| parent | 37d25cfe74687c5529fd43f0010eda8363682cbc (diff) | |
| download | infrastructure-c87270a48f7fe97bb26b538215e7ad96ffd449e2.tar.gz | |
Add ostree.baserock.org system
This is a new instance that can be used as an artifact cache by the
BuildStream build tool. Anyone can download artifacts over HTTPS.
Those given SSH access to the machine can write to the artifact cache
(this will likely be limited to automated build machines).
DNS is now set to point cache.baserock.org and ostree.baserock.org to
the HAProxy frontend.
The SSL certificate for the frontend-haproxy system has been regenerated
to include the cache.baserock.org and ostree.baserock.org domains.
Diffstat (limited to 'baserock_frontend')
| -rw-r--r-- | baserock_frontend/haproxy.cfg | 23 |
1 files changed, 22 insertions, 1 deletions
diff --git a/baserock_frontend/haproxy.cfg b/baserock_frontend/haproxy.cfg index 76494878..f15c9a4d 100644 --- a/baserock_frontend/haproxy.cfg +++ b/baserock_frontend/haproxy.cfg @@ -67,6 +67,10 @@ frontend https-in use_backend baserock_openid_provider_http if { hdr(host) -m beg -i openid } + acl host_ostree hdr(host) -m beg -i ostree + acl host_ostree hdr(host) -m beg -i cache + use_backend baserock_ostree_http if host_ostree + frontend ssh-in: # FIXME: it'd be better if we could limit traffic on port 29418 to # gerrit.baserock.org. There's no way of knowing from an SSH request @@ -78,6 +82,15 @@ frontend ssh-in: bind *:29418 default_backend baserock_gerrit_ssh + # Uploading artifacts can be slow; need a long timeout. + timeout client 12h + + # Similarly, port 22200 on any instance forwards SSH to the ostree + # machine + mode tcp + bind *:22200 + default_backend baserock_ostree_ssh + # It's very annoying for 'gerrit stream-events' to have disconnection # after 50 seconds! timeout client 1h @@ -96,7 +109,6 @@ backend baserock_gerrit_http backend baserock_gerrit_ssh mode tcp server baserock_gerrit 192.168.222.69:29418 - # It's very annoying for 'gerrit stream-events' to have disconnection # after 50 seconds! timeout server 1h @@ -107,5 +119,14 @@ backend baserock_irclogs_http backend baserock_openid_provider_http server baserock_openid_provider 192.168.222.144:80 +backend baserock_ostree_http + server baserock_ostree 192.168.222.153:80 + +backend baserock_ostree_ssh + mode tcp + server baserock_ostree 192.168.222.153:22 + # Uploading artifacts can be slow; need a long timeout. + timeout client 12h + backend baserock_webserver_http server baserock_webserver 192.168.222.127:80 |