summaryrefslogtreecommitdiff
path: root/baserock_ostree/ostree-access-config.yml
diff options
context:
space:
mode:
authorSam Thursfield <sam.thursfield@codethink.co.uk>2017-07-13 13:21:03 +0100
committerSam Thursfield <sam.thursfield@codethink.co.uk>2017-07-13 16:57:36 +0100
commit6cd4fe45c028d2fee4253c9a2006184249e824d7 (patch)
tree9c55be997d52e4c4f156d7438c4cf3c66824109b /baserock_ostree/ostree-access-config.yml
parent3c981269ffd0796930572f38b2358b13c8243d6b (diff)
downloadinfrastructure-6cd4fe45c028d2fee4253c9a2006184249e824d7.tar.gz
baserock_ostree: Enable write access
So far this is limited to the existing Baserock ops team, and a new key that I will try to install into our GitLab CI configuration so that build runners can push artifacts. We don't to hand out access too widely because we currently don't do any verification that the submitted artifacts actually corresponds to the cache key that it's supposed to. This is fine as long as access is limited to autobuilders that we control and trusted developers.
Diffstat (limited to 'baserock_ostree/ostree-access-config.yml')
-rw-r--r--baserock_ostree/ostree-access-config.yml15
1 files changed, 15 insertions, 0 deletions
diff --git a/baserock_ostree/ostree-access-config.yml b/baserock_ostree/ostree-access-config.yml
new file mode 100644
index 00000000..92560cb9
--- /dev/null
+++ b/baserock_ostree/ostree-access-config.yml
@@ -0,0 +1,15 @@
+# Access configuration for Baserock OStree cache server.
+---
+- hosts: ostree
+ gather_facts: false
+ sudo: yes
+ tasks:
+ - name: access for Baserock GitLab CI key
+ authorized_key:
+ user: ostree
+ key: '{{ lookup("file", "{{item}}") }}'
+ with_items:
+ - keys/baserock-gitlab-ci.key.pub
+ - keys/garyperkins.key.pub
+ - keys/pedroalvarez.key.pub
+ - keys/samthursfield.key.pub