Add ostree.baserock.org system

This is a new instance that can be used as an artifact cache by the
BuildStream build tool. Anyone can download artifacts over HTTPS.
Those given SSH access to the machine can write to the artifact cache
(this will likely be limited to automated build machines).

DNS is now set to point cache.baserock.org and ostree.baserock.org to
the HAProxy frontend.

The SSL certificate for the frontend-haproxy system has been regenerated
to include the cache.baserock.org and ostree.baserock.org domains.

1 files changed, 26 insertions, 0 deletions

diff --git a/baserock_ostree/instance-config.yml b/baserock_ostree/instance-config.yml
new file mode 100644
index 00000000..6afe49f5
--- /dev/null
+++ b/baserock_ostree/instance-config.yml
@@ -0,0 +1,26 @@
+# Instance configuration for Baserock OStree cache server.
+#
+# Tested against Fedora 25 base image.
+---
+- hosts: ostree
+  gather_facts: false
+  sudo: yes
+  tasks:
+  - include: ../tasks/create-data-volume.yml lv_name=ostree lv_size=290g mountpoint=/srv
+
+  - name: data directory
+    file: mode=0755 owner=lighttpd group=lighttpd path=/srv/ostree/ state=directory
+
+  - name: cache repository
+    command: ostree init --repo=/srv/ostree/cache --mode=archive-z2
+    sudo_user: lighttpd
+    args:
+      creates: /srv/ostree/cache/config
+
+  - name: lighttpd configuration
+    copy:
+      src: lighttpd.conf
+      dest: /etc/lighttpd/lighttpd.conf
+
+  - name: restart lighttpd server
+    service: name=lighttpd enabled=yes state=restarted