blob: 89ff4c9453a7511dfd9419a92f3a0e868d9b559b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
|
# Instance configuration for Baserock OStree cache server.
#
# Tested against Fedora 26 base image.
#
# See also: https://buildstream.gitlab.io/buildstream/artifacts.html
---
- hosts: ostree
gather_facts: false
become: yes
become_method: sudo
tasks:
- import_tasks: ../tasks/create-data-volume.yml
vars:
lv_name: ostree
lv_size: 90g
mountpoint: /srv
# This should perhaps have been called ostree-cache
- name: ostree user
user:
name: ostree
- name: ostree-releases user
user:
name: ostree-releases
- name: data directory
file:
mode: 0755
owner: ostree
group: ostree
path: /srv/ostree/
state: directory
- name: cache repository
command: ostree init --repo=/srv/ostree/cache --mode=archive-z2
become_user: ostree
args:
creates: /srv/ostree/cache/config
- name: releases directory
file:
mode: 0755
owner: ostree-releases
group: ostree-releases
path: /srv/ostree/releases
state: directory
- name: releases repository
command: ostree init --repo=/srv/ostree/releases --mode=archive-z2
become_user: ostree-releases
args:
creates: /srv/ostree/releases/config
- name: lighttpd configuration
copy:
src: lighttpd.conf
dest: /etc/lighttpd/lighttpd.conf
- name: restart lighttpd server
service:
name: lighttpd
enabled: yes
state: restarted
- name: sshd configuration for ostree user -- header
lineinfile:
state: "present"
line: "Match user ostree"
path: /etc/ssh/sshd_config
- name: sshd configuration for ostree user -- force command
lineinfile:
state: "present"
line: " ForceCommand bst-artifact-receive --pull-url https://ostree.baserock.org/cache/ --verbose /srv/ostree/cache"
insertafter: "Match user ostree$"
path: /etc/ssh/sshd_config
- name: sshd configuration for ostree user -- disable password auth
lineinfile:
state: "present"
line: " PasswordAuthentication no"
insertafter: "Match user ostree$"
path: /etc/ssh/sshd_config
- name: sshd configuration for ostree-releases user -- header
lineinfile:
state: "present"
line: "Match user ostree-releases"
path: /etc/ssh/sshd_config
- name: sshd configuration for ostree-releases user -- force command
lineinfile:
state: "present"
line: " ForceCommand ostree-receive -v --repo /srv/ostree/releases"
insertafter: "Match user ostree-releases$"
path: /etc/ssh/sshd_config
- name: sshd configuration for ostree-releases user -- disable password auth
lineinfile:
state: "present"
line: " PasswordAuthentication no"
insertafter: "Match user ostree-releases$"
path: /etc/ssh/sshd_config
- name: restart sshd server
service:
name: sshd
enabled: yes
state: restarted
- name: install systemd units
copy:
src: ./{{item}}
dest: /{{item}}
with_items:
- etc/systemd/system/ostree-update-summary-cache.service
- etc/systemd/system/ostree-update-summary-cache.timer
- etc/systemd/system/ostree-update-summary-releases.service
- etc/systemd/system/ostree-update-summary-releases.timer
- name: enable systemd units
systemd:
name: "{{item}}"
enabled: yes
daemon_reload: yes
state: started
with_items:
- ostree-update-summary-cache.service
- ostree-update-summary-cache.timer
- ostree-update-summary-releases.service
- ostree-update-summary-releases.timer
|
