From c87270a48f7fe97bb26b538215e7ad96ffd449e2 Mon Sep 17 00:00:00 2001 From: Sam Thursfield Date: Wed, 12 Jul 2017 19:27:50 +0100 Subject: Add ostree.baserock.org system This is a new instance that can be used as an artifact cache by the BuildStream build tool. Anyone can download artifacts over HTTPS. Those given SSH access to the machine can write to the artifact cache (this will likely be limited to automated build machines). DNS is now set to point cache.baserock.org and ostree.baserock.org to the HAProxy frontend. The SSL certificate for the frontend-haproxy system has been regenerated to include the cache.baserock.org and ostree.baserock.org domains. --- README.mdwn | 39 ++++++++++++++++++++++++++++++--------- 1 file changed, 30 insertions(+), 9 deletions(-) (limited to 'README.mdwn') diff --git a/README.mdwn b/README.mdwn index 8841e255..aba8f036 100644 --- a/README.mdwn +++ b/README.mdwn @@ -341,7 +341,7 @@ To deploy this system: --flavor=dc1.1x0 \ --image=$fedora_image_id \ --nic="net-id=$network_id" \ - --security-groups default,gerrit,web-server \ + --security-groups default,gerrit,shared-artifact-cache,web-server \ --user-data ./baserock-ops-team.cloud-config ansible-playbook -i hosts baserock_frontend/image-config.yml ansible-playbook -i hosts baserock_frontend/instance-config.yml @@ -726,6 +726,28 @@ or 'build' system. ansible-playbook -i hosts baserock_trove/configure-trove.yml +### OSTree artifact cache + +To deploy this system to production: + + nova volume-create \ + --display-name ostree-volume \ + --display-description 'OSTree cache volume' \ + --volume-type Ceph \ + 300 + + nova boot ostree.baserock.org \ + --key-name $keyname \ + --flavor dc1.2x8.40 \ + --image $fedora_image_id \ + --nic "net-id=$network_id,v4-fixed-ip=192.168.222.153" \ + --security-groups default,web-server \ + --user-data ./baserock-ops-team.cloud-config + + nova volume-attach ostree.baserock.org /dev/vdb + + ansible-playbook -i hosts baserock_ostree/image-config.yml + ansible-playbook -i hosts baserock_ostree/instance-config.yml Creating new repos ------------------ @@ -787,7 +809,7 @@ of the subdomains: cd letsencrypt.sh cat >domains.txt <<'EOF' baserock.org - irclogs.baserock.org download.baserock.org openid.baserock.org gerrit.baserock.org paste.baserock.org spec.baserock.org docs.baserock.org + cache.baserock.org docs.baserock.org download.baserock.org gerrit.baserock.org irclogs.baserock.org openid.baserock.org ostree.baserock.org paste.baserock.org spec.baserock.org storyboard.baserock.org git.baserock.org EOF @@ -806,7 +828,6 @@ decrypted. To show the contents of this file, run the following in a ansible-vault view private/dnsapi.config.txt - Now, to generate the certs, run: ./dehydrated -c @@ -822,11 +843,11 @@ certificates that are present in `certs` and `private` you will have to: # Create some full certs including key for some services that need it this way cat git.baserock.org/cert.csr git.baserock.org/cert.pem git.baserock.org/chain.pem git.baserock.org/privkey.pem > tmp/private/git-with-key.pem - cat irclogs.baserock.org/cert.csr irclogs.baserock.org/cert.pem irclogs.baserock.org/chain.pem irclogs.baserock.org/privkey.pem > tmp/private/frontend-with-key.pem + cat cache.baserock.org/cert.csr cache.baserock.org/cert.pem cache.baserock.org/chain.pem cache.baserock.org/privkey.pem > tmp/private/frontend-with-key.pem # Copy key files cp git.baserock.org/privkey.pem tmp/private/git.pem - cp irclogs.baserock.org/privkey.pem tmp/private/frontend.pem + cp cache.baserock.org/privkey.pem tmp/private/frontend.pem cp storyboard.baserock.org/privkey.pem tmp/private/storyboard.pem @@ -834,16 +855,16 @@ certificates that are present in `certs` and `private` you will have to: cp git.baserock.org/cert.csr tmp/certs/git.csr cp git.baserock.org/cert.pem tmp/certs/git.pem cp git.baserock.org/chain.pem tmp/certs/git-chain.pem - cp irclogs.baserock.org/cert.csr tmp/certs/frontend.csr - cp irclogs.baserock.org/cert.pem tmp/certs/frontend.pem - cp irclogs.baserock.org/chain.pem tmp/certs/frontend-chain.pem + cp cache.baserock.org/cert.csr tmp/certs/frontend.csr + cp cache.baserock.org/cert.pem tmp/certs/frontend.pem + cp cache.baserock.org/chain.pem tmp/certs/frontend-chain.pem cp storyboard.baserock.org/cert.csr tmp/certs/storyboard.csr cp storyboard.baserock.org/cert.pem tmp/certs/storyboard.pem cp storyboard.baserock.org/chain.pem tmp/certs/storyboard-chain.pem # Create full certs without keys cat git.baserock.org/cert.csr git.baserock.org/cert.pem chain.pem > tmp/certs/git-full.pem - cat irclogs.baserock.org/cert.csr irclogs.baserock.org/cert.pem irclogs.baserock.org/chain.pem > tmp/certs/frontend-full.pem + cat cache.baserock.org/cert.csr cache.baserock.org/cert.pem cache.baserock.org/chain.pem > tmp/certs/frontend-full.pem cat storyboard.baserock.org/cert.csr storyboard.baserock.org/cert.pem storyboard.baserock.org/chain.pem > tmp/certs/storyboard-full.pem Before replacing the current ones, make sure you **encrypt** the ones that contain -- cgit v1.2.1