system-config/playbooks/roles/vos-release
Jeremy Stanley f2cf00dc89 Add missing newline in vos_release.sudo
The sudoers parser really, really, *really* doesn't like it when the
last line of data in your file lacks a trailing newline. Add one so
sudo will work again on these servers.

Change-Id: I40fbb535faf5b41cc56c56f09f248eea398df4e0
2019-11-21 19:08:30 +00:00
..
files Add missing newline in vos_release.sudo 2019-11-21 19:08:30 +00:00
tasks vos-release: fix sudo 2019-11-21 17:51:18 +11:00
README.rst vos-release: fix key sourcing; disable exclusive key 2019-11-21 07:28:49 +11:00

vos release with localauth

Install a user and script to do remote vos release with localauth authentication. This can avoid kerberos or AFS timeouts.

This relies on vos_release_keypair which is expected to be a single keypair set previously by hosts in the "mirror-update" group. It will allow that keypair to run /usr/local/bin/vos_release.sh, which filters the incoming command. Releases are expected to be triggered on the update host with:

ssh -i /root/.ssh/id_vos_release afs01.dfw.openstack.org vos release <mirror>.<volume>

Future work, if required

  • Allow multiple hosts to call the release script (i.e. handle multiple keys).
  • Implement locking within vos_release.sh script to prevent too many simulatenous releases.

Role Variables

The authorized key to allow to run the /usr/local/bin/vos_release.sh script