98aa0d5f2b
There's a lot going on here but conceptually we're just enabling a local helm repo along with a helper script to install helm charts into the repo. The first item is to configure lighttpd to serve up helm charts as static information (so no proxying) at http://127.0.0.1/helm_charts". This is fairly straightforward, but the files are served out of /www which isn't a replicated filesystem and which is owned by the www user. The helm puppet manifest is modified to create the "helm_charts" directory for the webserver, to generate the initial index file, and to tell helm to add the new repo for the "wrsroot" user. The various commands are run as specific users with specific environment variables, this is key to making everything work as planned. To allow the wrsroot user to upload charts into /www the helm-upload script will re-run itself as the www user. /etc/sudoers.d is modified to allow this without asking for a password. The upload script will copy the specified charts in to /www/pages/helm_charts, and will then regenerate the index.yaml file. The upload script will then try to sync the files over to the other node. To enable this without prompting for a password we modify /etc/rsyncd.conf to allow passwordless syncing into /www/helm_charts. In a future commit we'll need to sync charts with the other controller when booting up, and also configure the local starlingx helm repo on the second controller. Change-Id: I86a7795decb7833cb22c04e34e298c8d24ed7fa3 Signed-off-by: David Sullivan <david.sullivan@windriver.com> Story: 2002876 Task: 22831 Depends-On: https://review.openstack.org/596802
58 lines
1.2 KiB
Plaintext
58 lines
1.2 KiB
Plaintext
# /etc/rsyncd.conf
|
|
|
|
# Configuration file for rsync daemon
|
|
# See rsync(1) and rsyncd.conf(5) man pages for help
|
|
|
|
# This file is required by rsync --daemon
|
|
pid file = /var/run/rsyncd.pid
|
|
use chroot = yes
|
|
read only = yes
|
|
|
|
# Simple example for enabling your own local rsync server
|
|
#[everything]
|
|
# path = /
|
|
# comment = Everything except /etc exposed
|
|
# exclude = /etc
|
|
|
|
[patching]
|
|
path = /opt/patching
|
|
comment = Patching filesystem
|
|
uid = root
|
|
read only = no
|
|
|
|
[repo]
|
|
path = /www/pages/updates
|
|
comment = Patching repo
|
|
uid = root
|
|
read only = no
|
|
|
|
[platform]
|
|
path = /etc/platform
|
|
comment = Platform configuration
|
|
uid = root
|
|
read only = no
|
|
|
|
[certificate]
|
|
path = /etc/ssl/private
|
|
comment = SSL certificate
|
|
uid = root
|
|
read only = no
|
|
|
|
[instances]
|
|
path = /etc/nova/instances
|
|
comment = Nova instances data
|
|
uid = root
|
|
read only = no
|
|
|
|
[cacert]
|
|
path = /etc/ssl/certs
|
|
comment = SSL ca certificate
|
|
uid = root
|
|
read only = no
|
|
|
|
[helm_charts]
|
|
path = /www/pages/helm_charts
|
|
comment = Helm chart repo
|
|
uid = root
|
|
read only = no
|