diff options
author | Sam Thursfield <sam.thursfield@codethink.co.uk> | 2017-07-13 13:21:03 +0100 |
---|---|---|
committer | Sam Thursfield <sam.thursfield@codethink.co.uk> | 2017-07-13 16:57:36 +0100 |
commit | 6cd4fe45c028d2fee4253c9a2006184249e824d7 (patch) | |
tree | 9c55be997d52e4c4f156d7438c4cf3c66824109b /baserock_ostree/ostree-access-config.yml | |
parent | 3c981269ffd0796930572f38b2358b13c8243d6b (diff) | |
download | infrastructure-6cd4fe45c028d2fee4253c9a2006184249e824d7.tar.gz |
baserock_ostree: Enable write access
So far this is limited to the existing Baserock ops team, and a new
key that I will try to install into our GitLab CI configuration so
that build runners can push artifacts.
We don't to hand out access too widely because we currently don't do
any verification that the submitted artifacts actually corresponds to
the cache key that it's supposed to. This is fine as long as access
is limited to autobuilders that we control and trusted developers.
Diffstat (limited to 'baserock_ostree/ostree-access-config.yml')
-rw-r--r-- | baserock_ostree/ostree-access-config.yml | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/baserock_ostree/ostree-access-config.yml b/baserock_ostree/ostree-access-config.yml new file mode 100644 index 00000000..92560cb9 --- /dev/null +++ b/baserock_ostree/ostree-access-config.yml @@ -0,0 +1,15 @@ +# Access configuration for Baserock OStree cache server. +--- +- hosts: ostree + gather_facts: false + sudo: yes + tasks: + - name: access for Baserock GitLab CI key + authorized_key: + user: ostree + key: '{{ lookup("file", "{{item}}") }}' + with_items: + - keys/baserock-gitlab-ci.key.pub + - keys/garyperkins.key.pub + - keys/pedroalvarez.key.pub + - keys/samthursfield.key.pub |