diff options
| -rw-r--r-- | baserock_ostree/etc/systemd/system/ostree-update-summary-cache.service (renamed from baserock_ostree/etc/systemd/system/ostree-cache-update-summary.service) | 2 | ||||
| -rw-r--r-- | baserock_ostree/etc/systemd/system/ostree-update-summary-cache.timer (renamed from baserock_ostree/etc/systemd/system/ostree-cache-update-summary.timer) | 2 | ||||
| -rw-r--r-- | baserock_ostree/etc/systemd/system/ostree-update-summary-releases.service | 11 | ||||
| -rw-r--r-- | baserock_ostree/etc/systemd/system/ostree-update-summary-releases.timer | 8 | ||||
| -rw-r--r-- | baserock_ostree/image-config.yml | 12 | ||||
| -rw-r--r-- | baserock_ostree/instance-config.yml | 32 | ||||
| -rw-r--r-- | baserock_ostree/ostree-access-config.yml | 12 |
7 files changed, 72 insertions, 7 deletions
diff --git a/baserock_ostree/etc/systemd/system/ostree-cache-update-summary.service b/baserock_ostree/etc/systemd/system/ostree-update-summary-cache.service index d070aec8..70f4e708 100644 --- a/baserock_ostree/etc/systemd/system/ostree-cache-update-summary.service +++ b/baserock_ostree/etc/systemd/system/ostree-update-summary-cache.service @@ -1,5 +1,5 @@ [Unit] -Description = Update OSTree summary file for cache +Description = Update OSTree summary files for 'cache' repo [Service] Type = oneshot diff --git a/baserock_ostree/etc/systemd/system/ostree-cache-update-summary.timer b/baserock_ostree/etc/systemd/system/ostree-update-summary-cache.timer index 0be7bc51..3696b028 100644 --- a/baserock_ostree/etc/systemd/system/ostree-cache-update-summary.timer +++ b/baserock_ostree/etc/systemd/system/ostree-update-summary-cache.timer @@ -1,5 +1,5 @@ [Unit] -Description = Update OSTree summary file for cache +Description = Update OSTree summary files for 'cache' repo [Timer] OnUnitActiveSec = 5min diff --git a/baserock_ostree/etc/systemd/system/ostree-update-summary-releases.service b/baserock_ostree/etc/systemd/system/ostree-update-summary-releases.service new file mode 100644 index 00000000..fdb557f1 --- /dev/null +++ b/baserock_ostree/etc/systemd/system/ostree-update-summary-releases.service @@ -0,0 +1,11 @@ +[Unit] +Description = Update OSTree summary files for 'releases' repo + +[Service] +Type = oneshot +ExecStart = /usr/bin/ostree --repo=/srv/ostree/releases/ summary -u +User = ostree-releases +Group = ostree-releases + +[Install] +WantedBy=default.target diff --git a/baserock_ostree/etc/systemd/system/ostree-update-summary-releases.timer b/baserock_ostree/etc/systemd/system/ostree-update-summary-releases.timer new file mode 100644 index 00000000..eea6dd5a --- /dev/null +++ b/baserock_ostree/etc/systemd/system/ostree-update-summary-releases.timer @@ -0,0 +1,8 @@ +[Unit] +Description = Update OSTree summary files for 'releases' repo + +[Timer] +OnUnitActiveSec = 5min + +[Install] +WantedBy = default.target diff --git a/baserock_ostree/image-config.yml b/baserock_ostree/image-config.yml index 1152d846..1bfb90df 100644 --- a/baserock_ostree/image-config.yml +++ b/baserock_ostree/image-config.yml @@ -49,6 +49,18 @@ chdir: /home/fedora/buildstream creates: /usr/bin/bst-artifact-receive + # We also install ostree-push/receive, which is used for pushing to the + # releases/ repo. + - name: ostree-push/receive sources + git: dest=/home/fedora/ostree-push repo=https://github.com/ssssam/ostree-push version=9aa82b67325786a810653155b952a17b7ccc436a + become_user: fedora + + - name: ostree-push/receive installed + command: make PREFIX=/usr/ install + args: + chdir: /home/fedora/ostree-push + creates: /usr/bin/ostree-receive + - name: disable SELinux on subsequent boots selinux: state=disabled diff --git a/baserock_ostree/instance-config.yml b/baserock_ostree/instance-config.yml index 768deb1a..1f218fc0 100644 --- a/baserock_ostree/instance-config.yml +++ b/baserock_ostree/instance-config.yml @@ -11,9 +11,13 @@ tasks: - import_tasks: ../tasks/create-data-volume.yml lv_name=ostree lv_size=290g mountpoint=/srv + # This should perhaps have been called ostree-cache - name: ostree user user: name=ostree + - name: ostree-releases user + user: name=ostree-releases + - name: data directory file: mode=0755 owner=ostree group=ostree path=/srv/ostree/ state=directory @@ -23,6 +27,15 @@ args: creates: /srv/ostree/cache/config + - name: releases directory + file: mode=0755 owner=ostree-releases group=ostree-releases path=/srv/ostree/releases state=directory + + - name: releases repository + command: ostree init --repo=/srv/ostree/releases --mode=archive-z2 + become_user: ostree-releases + args: + creates: /srv/ostree/releases/config + - name: lighttpd configuration copy: src: lighttpd.conf @@ -38,17 +51,28 @@ - name: sshd configuration for ostree user -- disable password auth lineinfile: state="present" line=" PasswordAuthentication no" insertafter="Match user ostree" path=/etc/ssh/sshd_config + - name: sshd configuration for ostree-releases user -- header + lineinfile: state="present" line="Match user ostree-releases" path=/etc/ssh/sshd_config + - name: sshd configuration for ostree-releases user -- force command + lineinfile: state="present" line=" ForceCommand ostree-receive -v --repo /srv/ostree/releases" insertafter="Match user ostree-releases" path=/etc/ssh/sshd_config + - name: sshd configuration for ostree-releases user -- disable password auth + lineinfile: state="present" line=" PasswordAuthentication no" insertafter="Match user ostree-releases" path=/etc/ssh/sshd_config + - name: restart sshd server service: name=sshd enabled=yes state=restarted - name: install systemd units copy: src=./{{item}} dest=/{{item}} with_items: - - etc/systemd/system/ostree-cache-update-summary.service - - etc/systemd/system/ostree-cache-update-summary.timer + - etc/systemd/system/ostree-update-summary-cache.service + - etc/systemd/system/ostree-update-summary-cache.timer + - etc/systemd/system/ostree-update-summary-releases.service + - etc/systemd/system/ostree-update-summary-releases.timer - name: enable systemd units systemd: name={{item}} enabled=yes daemon_reload=yes state=started with_items: - - ostree-cache-update-summary.service - - ostree-cache-update-summary.timer + - ostree-update-summary-cache.service + - ostree-update-summary-cache.timer + - ostree-update-summary-releases.service + - ostree-update-summary-releases.timer diff --git a/baserock_ostree/ostree-access-config.yml b/baserock_ostree/ostree-access-config.yml index ff8c7def..f23cc5f9 100644 --- a/baserock_ostree/ostree-access-config.yml +++ b/baserock_ostree/ostree-access-config.yml @@ -4,7 +4,7 @@ gather_facts: false sudo: yes tasks: - - name: access for Baserock GitLab CI key + - name: authorized SSH keys for ostree (cache) user authorized_key: user: ostree key: '{{ lookup("file", "{{item}}") }}' @@ -14,3 +14,13 @@ - keys/jonathanmaw.key.pub - keys/pedroalvarez.key.pub - keys/samthursfield.key.pub + + - name: authorized SSH keys for ostree-releases user + authorized_key: + user: ostree-releases + key: '{{ lookup("file", "{{item}}") }}' + with_items: + - keys/baserock-gitlab-ci.key.pub + - keys/garyperkins.key.pub + - keys/pedroalvarez.key.pub + - keys/samthursfield.key.pub |