diff options
author | Sam Thursfield <sam.thursfield@codethink.co.uk> | 2017-08-30 17:20:40 +0100 |
---|---|---|
committer | Sam Thursfield <sam.thursfield@codethink.co.uk> | 2017-10-27 15:17:25 +0100 |
commit | b76058177d73b2973c29dcfecfabd8fe1ab9a6d2 (patch) | |
tree | 1486f4c713eaf9bdc5a8201d2eb231d6a4241f3d /baserock_ostree/instance-config.yml | |
parent | 6e96e97a39880e07f90eea44e6a0562b20cf802e (diff) | |
download | infrastructure-b76058177d73b2973c29dcfecfabd8fe1ab9a6d2.tar.gz |
baserock_ostree: Add 'releases' repo
This is different from the existing 'cache' repo in that we should
be careful what we push to it, and we should never delete things
from it once they have been made public.
Pushing to the releases repo should be done with ostree-push/receive
rather than BuildStream. I've set up the receive hook on the server.
The upstream repo of ostree-push/receive seems abandoned so I have
been using a fork: https://github.com/ssssam/ostree-push
See also:
https://listmaster.pepperfish.net/pipermail/baserock-dev-baserock.org/2017-September/013811.html
https://gitlab.com/baserock/definitions/merge_requests/58
Diffstat (limited to 'baserock_ostree/instance-config.yml')
-rw-r--r-- | baserock_ostree/instance-config.yml | 32 |
1 files changed, 28 insertions, 4 deletions
diff --git a/baserock_ostree/instance-config.yml b/baserock_ostree/instance-config.yml index 768deb1a..1f218fc0 100644 --- a/baserock_ostree/instance-config.yml +++ b/baserock_ostree/instance-config.yml @@ -11,9 +11,13 @@ tasks: - import_tasks: ../tasks/create-data-volume.yml lv_name=ostree lv_size=290g mountpoint=/srv + # This should perhaps have been called ostree-cache - name: ostree user user: name=ostree + - name: ostree-releases user + user: name=ostree-releases + - name: data directory file: mode=0755 owner=ostree group=ostree path=/srv/ostree/ state=directory @@ -23,6 +27,15 @@ args: creates: /srv/ostree/cache/config + - name: releases directory + file: mode=0755 owner=ostree-releases group=ostree-releases path=/srv/ostree/releases state=directory + + - name: releases repository + command: ostree init --repo=/srv/ostree/releases --mode=archive-z2 + become_user: ostree-releases + args: + creates: /srv/ostree/releases/config + - name: lighttpd configuration copy: src: lighttpd.conf @@ -38,17 +51,28 @@ - name: sshd configuration for ostree user -- disable password auth lineinfile: state="present" line=" PasswordAuthentication no" insertafter="Match user ostree" path=/etc/ssh/sshd_config + - name: sshd configuration for ostree-releases user -- header + lineinfile: state="present" line="Match user ostree-releases" path=/etc/ssh/sshd_config + - name: sshd configuration for ostree-releases user -- force command + lineinfile: state="present" line=" ForceCommand ostree-receive -v --repo /srv/ostree/releases" insertafter="Match user ostree-releases" path=/etc/ssh/sshd_config + - name: sshd configuration for ostree-releases user -- disable password auth + lineinfile: state="present" line=" PasswordAuthentication no" insertafter="Match user ostree-releases" path=/etc/ssh/sshd_config + - name: restart sshd server service: name=sshd enabled=yes state=restarted - name: install systemd units copy: src=./{{item}} dest=/{{item}} with_items: - - etc/systemd/system/ostree-cache-update-summary.service - - etc/systemd/system/ostree-cache-update-summary.timer + - etc/systemd/system/ostree-update-summary-cache.service + - etc/systemd/system/ostree-update-summary-cache.timer + - etc/systemd/system/ostree-update-summary-releases.service + - etc/systemd/system/ostree-update-summary-releases.timer - name: enable systemd units systemd: name={{item}} enabled=yes daemon_reload=yes state=started with_items: - - ostree-cache-update-summary.service - - ostree-cache-update-summary.timer + - ostree-update-summary-cache.service + - ostree-update-summary-cache.timer + - ostree-update-summary-releases.service + - ostree-update-summary-releases.timer |