diff options
author | Sam Thursfield <sam.thursfield@codethink.co.uk> | 2015-05-12 13:29:04 +0100 |
---|---|---|
committer | Sam Thursfield <sam.thursfield@codethink.co.uk> | 2015-05-12 13:47:02 +0100 |
commit | c368f61b0b460f120634219a5b70186c803d5bed (patch) | |
tree | 18ea76a2cea1d4851e2d9c578b7511fbd445ca57 /baserock_mason_x86_32 | |
parent | ab22c20a82808537c89bbd4e009aae98186e7ade (diff) | |
download | infrastructure-c368f61b0b460f120634219a5b70186c803d5bed.tar.gz |
Ensure Masons can /only/ fetch sources from git.baserock.org
This is done by using 'internal-only' instead of 'default' as the
security group. I've updated the README to note this. To make Mason
work in the absence of DNS we also have to change the 'trove-host'
setting to be the actual IP of git.baserock.org.
The idea is to enforce the policy that the Baserock reference system
definitions can only use 'baserock:' and 'upstream:' keyed URLs.
Change-Id: I114fc89a707f6f626e4b758426558f48e5fafb73
Diffstat (limited to 'baserock_mason_x86_32')
-rw-r--r-- | baserock_mason_x86_32/distbuild.conf | 12 | ||||
-rw-r--r-- | baserock_mason_x86_32/mason.conf | 12 |
2 files changed, 22 insertions, 2 deletions
diff --git a/baserock_mason_x86_32/distbuild.conf b/baserock_mason_x86_32/distbuild.conf index a97cc0fd..7c2722d9 100644 --- a/baserock_mason_x86_32/distbuild.conf +++ b/baserock_mason_x86_32/distbuild.conf @@ -1,8 +1,18 @@ +# This machine is not allowed to make outgoing network connections outside +# the local network, so it cannot use DNS. You must use IP addresses instead +# of hostnames in this file. + CONTROLLERHOST: mason-x86-32 + +# This is the IP of cache.baserock.org. Note that the shared-artifact-cache +# secgroup only allows write access with this local IP. ARTIFACT_CACHE_SERVER: 192.168.222.14 + DISTBUILD_CONTROLLER: true DISTBUILD_WORKER: true -TROVE_HOST: git.baserock.org + +# This is the IP of git.baserock.org. +TROVE_HOST: 192.168.222.58 TROVE_ID: baserock WORKERS: mason-x86-32 diff --git a/baserock_mason_x86_32/mason.conf b/baserock_mason_x86_32/mason.conf index 9d373c04..9f643a83 100644 --- a/baserock_mason_x86_32/mason.conf +++ b/baserock_mason_x86_32/mason.conf @@ -1,9 +1,19 @@ +# This machine is not allowed to make outgoing network connections outside +# the local network, so it cannot use DNS. You must use IP addresses instead +# of hostnames in this file. + +# This is the IP of cache.baserock.org. Note that the shared-artifact-cache +# secgroup only allows write access with this local IP. ARTIFACT_CACHE_SERVER: 192.168.222.14 + MASON_CLUSTER_MORPHOLOGY: clusters/ci.morph MASON_DEFINITIONS_REF: master MASON_DISTBUILD_ARCH: x86_32 MASON_TEST_HOST: None -TROVE_HOST: git.baserock.org + +# This is the IP of git.baserock.org. +TROVE_HOST: 192.168.222.58 TROVE_ID: baserock + CONTROLLERHOST: mason-x86-32 TEST_INFRASTRUCTURE_TYPE: none |