summaryrefslogtreecommitdiff
path: root/baserock_ostree
diff options
context:
space:
mode:
Diffstat (limited to 'baserock_ostree')
-rw-r--r--baserock_ostree/image-config.yml54
-rw-r--r--baserock_ostree/instance-config.yml41
-rw-r--r--baserock_ostree/keys/baserock-gitlab-ci.key167
-rw-r--r--baserock_ostree/keys/baserock-gitlab-ci.key.pub1
-rw-r--r--baserock_ostree/keys/garyperkins.key.pub1
-rw-r--r--baserock_ostree/keys/pedroalvarez.key.pub1
-rw-r--r--baserock_ostree/keys/samthursfield.key.pub1
-rw-r--r--baserock_ostree/lighttpd.conf12
-rw-r--r--baserock_ostree/ostree-access-config.yml15
9 files changed, 293 insertions, 0 deletions
diff --git a/baserock_ostree/image-config.yml b/baserock_ostree/image-config.yml
new file mode 100644
index 00000000..24e8be9b
--- /dev/null
+++ b/baserock_ostree/image-config.yml
@@ -0,0 +1,54 @@
+# System configuration for Baserock OStree cache server.
+#
+# Tested against Fedora 25 base image.
+---
+- hosts: ostree
+ gather_facts: false
+ sudo: yes
+ tasks:
+ # See: https://fedoramagazine.org/getting-ansible-working-fedora-23/
+ - name: install Python2 and required deps for Ansible modules
+ raw: dnf install -y python2 python2-dnf libselinux-python
+
+ - name: enable persistant journal
+ shell: mkdir /var/log/journal
+ args:
+ creates: /var/log/journal
+
+ - name: ensure system up to date
+ dnf: name=* state=latest
+
+ - name: install lvm2 tools
+ dnf: name=lvm2 state=latest
+
+ - name: lighttpd installed
+ dnf: name=lighttpd state=latest
+
+ - name: ostree installed
+ dnf: name=ostree state=latest
+
+ # We only need BuildStream for the bst-artifact-receive hook, but it's
+ # easiest to install all the deps
+ - name: buildstream dep - bubblewrap
+ dnf: name=bubblewrap state=latest
+ - name: buildstream dep - git
+ dnf: name=git state=latest
+ - name: buildstream dep - python3-gobject
+ dnf: name=python3-gobject state=latest
+ - name: buildstream dep - python3-pip
+ dnf: name=python3-pip state=latest
+
+ - name: buildstream sources
+ git: dest=/home/fedora/buildstream repo=https://gitlab.com/buildstream/buildstream version=dd15b1ba494c4725fd452b6723ff799d1708830c
+
+ - name: buildstream installed
+ command: /usr/bin/pip3 install .
+ args:
+ chdir: /home/fedora/buildstream
+ creates: /usr/bin/bst-artifact-receive
+
+ - name: disable SELinux on subsequent boots
+ selinux: state=disabled
+
+ - name: disable SELinux on current boot
+ command: setenforce 0
diff --git a/baserock_ostree/instance-config.yml b/baserock_ostree/instance-config.yml
new file mode 100644
index 00000000..5286c61b
--- /dev/null
+++ b/baserock_ostree/instance-config.yml
@@ -0,0 +1,41 @@
+# Instance configuration for Baserock OStree cache server.
+#
+# Tested against Fedora 25 base image.
+#
+# See also: https://buildstream.gitlab.io/buildstream/artifacts.html
+---
+- hosts: ostree
+ gather_facts: false
+ sudo: yes
+ tasks:
+ - include: ../tasks/create-data-volume.yml lv_name=ostree lv_size=290g mountpoint=/srv
+
+ - name: ostree user
+ user: name=ostree
+
+ - name: data directory
+ file: mode=0755 owner=ostree group=ostree path=/srv/ostree/ state=directory
+
+ - name: cache repository
+ command: ostree init --repo=/srv/ostree/cache --mode=archive-z2
+ sudo_user: ostree
+ args:
+ creates: /srv/ostree/cache/config
+
+ - name: lighttpd configuration
+ copy:
+ src: lighttpd.conf
+ dest: /etc/lighttpd/lighttpd.conf
+
+ - name: restart lighttpd server
+ service: name=lighttpd enabled=yes state=restarted
+
+ - name: sshd configuration for ostree user -- header
+ lineinfile: state="present" line="Match user ostree" path=/etc/ssh/sshd_config
+ - name: sshd configuration for ostree user -- force command
+ lineinfile: state="present" line=" ForceCommand bst-artifact-receive --verbose /srv/ostree/cache" insertafter="Match user ostree" path=/etc/ssh/sshd_config
+ - name: sshd configuration for ostree user -- disable password auth
+ lineinfile: state="present" line=" PasswordAuthentication no" insertafter="Match user ostree" path=/etc/ssh/sshd_config
+
+ - name: restart sshd server
+ service: name=sshd enabled=yes state=restarted
diff --git a/baserock_ostree/keys/baserock-gitlab-ci.key b/baserock_ostree/keys/baserock-gitlab-ci.key
new file mode 100644
index 00000000..389cf291
--- /dev/null
+++ b/baserock_ostree/keys/baserock-gitlab-ci.key
@@ -0,0 +1,167 @@
+$ANSIBLE_VAULT;1.1;AES256
+64633038396266303030646235363938663463316333386561366233323737383930636131656237
+3431333366366433393336363934316432323535353365350a646236656633643234386666303837
+65376238323537323461376136653039363335313832393865643337306630643436326539386534
+6432353138303461310a313334393530356239643131613130616536316534316536376163363264
+39646665316433323966643938383438636434393230356435646563646564393966373163366137
+34373035363864353366336339333935336166386338393833653162653163316664643332366531
+63303630363731346662353138666537646236396266653436343639636430346133396435313536
+36363362636135313338663765326436396537313739663632666630373162396530376433656130
+32623533346530373366313463306663653732613066623433616565343331326431336336373838
+65616235386562633665636563363035326365643339386532336261376162616265656333636536
+65383433626430363230626432376233376164363833653162636236356365386635396530323435
+30383537326434356332363031626664653963636466623337613335313463613231323366393062
+34323763613635336537653136316138316338623534653966333437646462333333633338666234
+63396437346530633162366333373039346161373335653035376339373766386264643862323337
+30343234663862353833666562313263323631386230616233656432306531373738393432336634
+37316234373937313563663365316435366666393133376633656266333435333136643633653762
+66316133366131336364383464623134623331373837383262306138356365643733326665323764
+38386531356234373163313338633561303539633033646463613036383464616662373064333230
+63303939303665323838306234333166396566376130643836646330643739633435616661613938
+61613361643466326538306138393865333964643866643734323733636130313430666162396436
+30636635646261303162393965623864623138353936363233383339333338336333646665373133
+62333566366234306130666365613133653439373237376561383864323666376537376334343539
+32346436623839613936346463306666313662626532623031313735393430336461313735373263
+66626232363435373266323864326565383561316230326365363863373534616461323033643362
+63663133303933376665396164346163383035663235316664646232343239343438613532346439
+36306632326230666165646262636239326261326239333637653163613533363261343336653137
+61646461663433363939386535343538363763306464656132616662333466363262336562393738
+35613632616666366664363738353937323539343438346662383832666434613465633930663863
+64303730333166323934343034316434366431663563383766646632653038623864346436386265
+64613361306263326533306362383230613562343439353365356566613362666164616465623865
+39333737383764636363633133343032343134613737633265393737353866333734643864303136
+65333836343530353232376231343232386139303162656338333763626131393463383165306666
+30393463643432356233346363376464663966613834326366626437396161313330653863633239
+33376231356237313536373436303032343736393635386265653164346231366331383765633761
+35363733356337616562383663393162366662323937613734663938303734363232356637323564
+38653764633761383536393762313830303338353433396465643133393962623632393435333765
+61613664646466613636326436363162346632323061356562383765363234336432383463313736
+32396562313530663963376237646163303238376339376663323363323130376263363136373466
+31373365356366633331643633383539383035303131393362653437306164643938666562626332
+66363032653935656138623231363536613464303530613463333164636630376432386539366561
+33386230653965376366653765376338623936633937636437343765383466343866383261386166
+31653036623330623665623230316632346237366130376361613131653238336462663331363534
+32613862396461663838633738616139333933313936626334376162643164383535383730613137
+61313664336535323263626535353664373338646333306438653239303232343031323133383732
+31373930316265333866643035313230623039316333653762626630326365346365663165356461
+62333839613161663635336163383337363038646663333332663737623331323561643231343364
+65613833636430613263363631663065663932666631383139343439376134643030313564363266
+33326534336365656331333466646134636264363633393463303738373634346230303434383734
+34373933636134343266356663343039313334393661356561666332633234613763616331383962
+30313466656466646138656439323034366634336533643533326337633265343938326333396264
+32626635313066393333623233316139636538353239393831303963643238396463363066373438
+37356261376365373931663365316563623331326235356262653130613734323537356161373462
+36323261363736306466633230633134613763373065656566383062383666323137303534663038
+32306464333433383535323238333537626664343733666566663032323366386132393466353233
+65303934336361343162623865623630373163316532316563636164663538363339343465343265
+30363664346662363062613062633731396339333639333534666565346234623931633935653432
+39303661383235653366363662373930353034393064343035663064323362643530373861613636
+32393663383337613164353732316131376435343661323665326566363938323933383833343064
+64353739313437613066306664623638326139393831376138346139613831643231613837633939
+33656138346361636363373061663736343664383537353133393961393630663132343663373831
+63393565666237343364643532376166356531353465313339333461303362356561626232356439
+39336465326634613338316365333961633261666364373064363032393531353063333238393262
+30333931343861383331323138643739326436363933376230376535656235353233366664313237
+64323966613031636637353866356265353032666139653230663838396233663035313335346266
+65373337646334353364323834643334613063646334303963393530356232653634323134653435
+31356262396231663335333562336134386462313038626339336664616639333165343664393561
+66616331653737326565376338316636323433333635343263383639333663313166353764346661
+33623061386566303062313030323563653163613931616130373238643938663936316661653639
+37323938383233386532303734646364343362376666636637353532633934323333376136656163
+38643133636232376431343036373237333939303933356339666162366130313736396662393433
+61373632303730353134643765636165356239663765636631393463353737626665333139656532
+33633764373535623539366438376564356235306437663737313335663732653031326462366336
+34366331353939316332323234326632656264633538623133313631306533326265393964343731
+31653339663633376261656266663431393961376533636231643462386230383363643965363464
+64633039313336363136333535666262386664333137386633623239616163633735333065363062
+30633762393037653762653435616230343538393439383239626336636333386339666530666262
+31363233323064633539353231613666666461383763366139666138303733366638663635356161
+30376331666364353966663463313161613836303661373633666235333665323038633138633163
+39336136666366326461626164633965336439383963393433376261366136393533343362363462
+61313365656136306338613835353431653433356339323531653461356333396336626134353731
+34633133323536313461363032373265373833656438303537333465636265656664363062373035
+36623739386332333966323837333335366565396437663933313864393838636234663662303236
+30326333646130386262613466363566643661383661643138396561636264363239653961373430
+32386336663138646530336361346431386562373264643936306130343334616164633364313062
+65303937353464653562323663626133356164353835346132356166393963653864643865326439
+31633866313737386261333438383161363266626338366539303762336336613565393663393739
+36623066613164626162653062636563383566386634383037313538396161643737666437666638
+33643239353536393266313333646164323065656236383963383330613133633333306631626366
+32613666353564323139383834316564326432323838636165363838346164393365633233323432
+63393431633764656536356238646333313863623439326233363037626134306663383132643266
+61653134633762333631333836346134613463323530333134386230633039633433623965626135
+34353762326630333966323237626638373039343533633232623035323962323266313139343338
+32393433376331396135336539663366326330636330316563373130326662613737356566356465
+33396230333536333164393537656564386365323364346563326439613831306365383838376635
+35633766623236323766643638616162386365633634323762613638373236643839643636383538
+36353737373961356635313166373034346536636564323638326361663764663837336132333331
+63323230396139346637646439363031396134363735366364326131333662373334653863626539
+31306161363736356332663830656365646530623133653736313866303963653033353838366363
+30613165613238316532383231303433363039326666343237383861393333616562623236616330
+39356562306466333766353363666134326432376534363637656134333134386464313237383131
+34623061303531326432666134656561396335336631643863653439393938356331343139346563
+63613561376339373932613535626233623766623439366332393034376463323536303062303461
+61303766373235633933613365326532666235353231303466633066623932636265343833323631
+39613636316436373236343532626431333865363530383863326236393766313232613636643265
+30363865643231616261333966373938313963643934646131323039346439326139666332356164
+39633166656365303434616130383135343665613130323836643536633164616138396137313935
+62303836666432303434323433336162376664343366306430616661383634336639326332356461
+66616565393061666463326538333864373831653232653437333931653464363439643462383031
+63616432393331623464633438303834663533313238653463363361623037316264646233346631
+34616236363230333435666532623864393735323837656139386561646432663534643832393539
+66663165656539393761306637653564623033393032363665386463303335343066633235343734
+63346139393963643865316232353535373665616333366166363464383466396539663463383430
+38323539666466306333353563323264396534623431333235303865616461333533386666643566
+36323333343335323231373337386366376366363633393839366239653036346663336332646231
+33346663366339393636333265396666363138313239663738326432633737303531613933663763
+65373638613661363761623862636336393532633730333539333465646635333666643638666364
+33663965623733663435623564346132313931333533396437633863323337653866353134363961
+37376237623339666539376266643463653639653739366232393261643861376161323437633963
+30343161383032323339616462323432623465303637353938626461376339316264333336396466
+61656631343466386434353161626239643464373363663565363230393338313237353832316437
+34306230323139616634383930326365663130626165313433313331653061353130386330633039
+39393235316665393630613731356362333834363137356330316163326664616336376565396331
+61363739633062326564353862653164376538656363396164346532336666623965306662313836
+39373836613031343735386564313966666234366337313337363965306235303334366335663562
+65346137353831646466623532383430376632303433633331386637646530633561313337653037
+65326163393163383162643564633534383066363338333661313765393334333461653432623063
+64656635613366336634393835326431633538633230613662616532616164333939626433383537
+38316435656136323962623133343636303264323235313736366637316263616130663564666563
+36363333383062616662643736653930346435366537626335393936376239363666643736393262
+32333335643733373036613637306435356365386232643364313165626339336662633330646265
+34336330666232626431383761303739303138343637366338643761376634326136393331356638
+31323032653838313134366262376362356662633930313331626636316662386231643430346663
+65373636613461366237313231633738313838393766346239376131346661323136336132323034
+39346666373839613563626536313334353331613862653865376636663162383635656631336636
+36363865336166373839316333353035316132306264303335616135636536323363663538353561
+66303032373830333438373362366333633435333337376335633561643265653731376536306430
+31633765316565363537316661393164393438326635636433666633636161306530336436303235
+66346337656638373238323061666536613339306362616361306439306336326530326138326137
+66373232326539363335643062343031626538393634316338363135643438646531373962633764
+31373434313335333434333937373736396231393538643938616431643031636661663135316637
+62353032663731336134616262623865316463636564376633653730343230656234386630626536
+36303639663437396663653632383062663131626466306466633830373266346232336230626530
+37316331656564653937396138326430363137336266616462373636353131623363373038343637
+39326334653061623139323831323964626330666139343965323839393939353533353736346236
+63383963343435356130303830326535656434323266646639616164323163363433353334626538
+64393938623835366261643862623634613466343934636532326431666538646665356339346232
+38353533303732636135633539343732373635626438323461363961323638336331383562366461
+39656131376338636531363963633531623632653262663834383938333365333838656264386336
+64313361303261393133303866626435626335343965646466363134666335633735373633383061
+36363061373761356536643061366561326634323364363065343730366439666564326666616431
+32613566363330333236363034636231623461303633393830636638643562336238643831303039
+65313735303066653336613132353435616266666231643736613863316334363338663563633761
+38306539643238623461373234643635366332666561353665316333316137316539663766336464
+65353733383332303135346332643433636130613065366132616466313066306164306364363137
+62666639343238373464666365363139333237303837656135373439303036366466356465393564
+62363630663538326264633836383961343731373964383339373361363634643264663437316163
+37333461313335323235613264313665396531623363333664323565343531623437343439303463
+61313031663633383033393131653265663133616361626237623535383138313230306233636434
+32366265643734343539666538333936303731666366663634303439646531316662383335306232
+63356233656639333462333233343965366332643435393061663230343434393232613363666232
+33313136613435653032353466323339623662653765303065653338643031623937356265633664
+61623766346664383764336263326432356530613938623034653139613830323961336462373336
+63306235663038646364383732343335386134306265366664303664386665626538663531643965
+66396661663238623136353766356337363438623631393663383939386530346336613466346435
+65336164393764353361333334636335636132633030396538316432383939393630393165393166
+6330393165653032616466633334653636323065313635613834
diff --git a/baserock_ostree/keys/baserock-gitlab-ci.key.pub b/baserock_ostree/keys/baserock-gitlab-ci.key.pub
new file mode 100644
index 00000000..8b1da165
--- /dev/null
+++ b/baserock_ostree/keys/baserock-gitlab-ci.key.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDbOQYG8xCjqv+1FptkXQLd6SwNam8zT/PsIQBa+Dgdu0z2Bbd96HUKqmWB/QJv5pp2HaDDIW6Q9bU5PCCu5gfmJhO0/fG7T6Wp0UMElMNxKQCE65gdrN7m3aMJkHwdj26JpRl0YsymgPggD+iQ8mGgNsEjTxuSyFRMYt82SB0fAhFvjIPEQOVqwoqnNj/TOnj3t8xwlSwhyuZXtt+v92KikS/kcNldsHulG6hde9AuK9o1+KfwFDbC6auLnJEO6mOC1FmQRsEROyG0I9gK5N/ngRc9RIRLWEQ9e3Dpgn8sjCGH8gXoskJvtg8MMcIEe1HA0II9IiFMtentHrxvhzasedveSf5IsKMveOcX0w8pB4jjFN+Fy/XP2zGskR9AYVGMMYf1aX5/z9haoK8+/gG5+At7SfP3QtPJdRG9CJxFYuQxbkgyyfzJCkfzf45XnZjdr3UR+yKP5t7zUlnlVEIDK5PvwDu0V5NxN0Irf0Q+SspG2lluBDgOw++xAaUTrGuS3rgAQ/Xlr2s3kesxF5bx1d7Xpv8XuGCiqzIK/2Wk5FGPXZ3iQjdb2FbKxvCO+9bDeEyzj4NG/rALRvj+4PbmSKpITf7VFJoUHd5VccGnugex0cusQXSIuUFwzvVrNAkHl5TcCRHWS+tbvqLPrLmI75fgw1MixfZTr7v8C6guQw== baserock-gitlab-ci
diff --git a/baserock_ostree/keys/garyperkins.key.pub b/baserock_ostree/keys/garyperkins.key.pub
new file mode 100644
index 00000000..978d3d70
--- /dev/null
+++ b/baserock_ostree/keys/garyperkins.key.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQvRqmYpSVpff0MJq9aigjNQX22PdMkDiXpcV7EbDWdE3QLk7D818dljMKy2SvmgiEO7e/5jn8K7b9Dr88GF4dM/Oxc2k2yP9fzMoW+cE/drHBH+zDb9Zw1xa+t1AcMtl0XAEZft/hvpgx+Tp2XaEv6t7O9Ogxw1ahKtbkgDprhrnC9cVctu3VJhu8amY4BYZC9hRZUa02pCQl1i0klYq7E61zF8I25hS6HP0fbD/O+hAt5N3VqmkN+4QmCP8kkXSmyjKOurnXcGKPWonpOyB3cwVk3DO7krsw2qIIVoe/9PIK112oHNJxM01UUF+ZiPGEWawQfHRNG8Y03KQJanaf gary@garyp
diff --git a/baserock_ostree/keys/pedroalvarez.key.pub b/baserock_ostree/keys/pedroalvarez.key.pub
new file mode 100644
index 00000000..dfa0bfdb
--- /dev/null
+++ b/baserock_ostree/keys/pedroalvarez.key.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPuirtOH8D/6iNAb3DE079FcTmDlDgusVBJ2FC0O/FHSxwAgNwHhUbCxHAcO/N+HICSvDmjp16Ki0ti2ZxfworG88shPiMOGQfuJaRv1X15AV7NsO80Llsqy/x8X+WdA5iwpUyKM011vv/pS/DhSCHJFJ/vQFgox12HQSKZuzGIOupCiZfHES5t5oEPAcoQYCC0hO4ZevyeO0ZixrOGf/iyXHyb2BoQJAehixt28YOfdaW7Z29SssCGf7QvtADYg+vF5Tazln51vp1M+fo1oF0aa/VLN3gYuf+BI6x6sEc4N/ZQaCR5+oBP3/gIVlIwOOftzC9G+l6PBOS4368nZTv pedro.alvarez@codethink.co.uk
diff --git a/baserock_ostree/keys/samthursfield.key.pub b/baserock_ostree/keys/samthursfield.key.pub
new file mode 100644
index 00000000..d1146790
--- /dev/null
+++ b/baserock_ostree/keys/samthursfield.key.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAxgvojf+FclsNxUAcyEqwxle4KQEvtg+9GFz0NMtmIUJpN/O9ZXIMn5HwZGoitLa4VcwYk2CgXk6Iu5S9hwJrKk1WqHsJNoUXBfrNikb0UBAFChS6VyzoZANj6YPs8pb+zrtuok3xVgdEr8kufVvALQj1Wn5DtebkzfQzmeNW1Ym2HCyjD8Pc2sCcfV6o0Mj970cD7rGxaWA/mx/za6sdPkQI3m7bKClGh9k04HwzuIwHzA8s2OpccSd0xYOhoH7BrwyS9AEtzHJdlzSMDsmcehaz7WFE0oRAX+n/C5imtN0Zw7LRY/tJ8CcDGE9G2F8PATMu3LnFMNQYgwESZM3W8w== sam@candylion
diff --git a/baserock_ostree/lighttpd.conf b/baserock_ostree/lighttpd.conf
new file mode 100644
index 00000000..0126c723
--- /dev/null
+++ b/baserock_ostree/lighttpd.conf
@@ -0,0 +1,12 @@
+server.document-root = "/srv/ostree/"
+
+server.modules += (
+ "mod_access",
+ "mod_accesslog",
+ "mod_dirlisting",
+)
+
+server.errorlog = "/var/log/lighttpd/error.log"
+accesslog.filename = "/var/log/lighttpd/access.log"
+
+server.dir-listing = "enable"
diff --git a/baserock_ostree/ostree-access-config.yml b/baserock_ostree/ostree-access-config.yml
new file mode 100644
index 00000000..92560cb9
--- /dev/null
+++ b/baserock_ostree/ostree-access-config.yml
@@ -0,0 +1,15 @@
+# Access configuration for Baserock OStree cache server.
+---
+- hosts: ostree
+ gather_facts: false
+ sudo: yes
+ tasks:
+ - name: access for Baserock GitLab CI key
+ authorized_key:
+ user: ostree
+ key: '{{ lookup("file", "{{item}}") }}'
+ with_items:
+ - keys/baserock-gitlab-ci.key.pub
+ - keys/garyperkins.key.pub
+ - keys/pedroalvarez.key.pub
+ - keys/samthursfield.key.pub
View Lorry Controller Status