28 lines
907 B
ReStructuredText
28 lines
907 B
ReStructuredText
vos release with localauth
|
|
|
|
Install a user and script to do remote ``vos release`` with
|
|
``localauth`` authentication. This can avoid kerberos or AFS
|
|
timeouts.
|
|
|
|
This relies on ``vos_release_keypair`` which is expected to be a
|
|
single keypair set previously by hosts in the "mirror-update" group.
|
|
It will allow that keypair to run ``/usr/local/bin/vos_release.sh``,
|
|
which filters the incoming command. Releases are expected to be
|
|
triggered on the update host with::
|
|
|
|
ssh -i /root/.ssh/id_vos_release afs01.dfw.openstack.org vos release <mirror>.<volume>
|
|
|
|
Future work, if required
|
|
|
|
* Allow multiple hosts to call the release script (i.e. handle
|
|
multiple keys).
|
|
* Implement locking within ``vos_release.sh`` script to prevent too
|
|
many simulatenous releases.
|
|
|
|
**Role Variables**
|
|
|
|
.. zuul:rolevar:: vos_release_keypair
|
|
|
|
The authorized key to allow to run the
|
|
``/usr/local/bin/vos_release.sh`` script
|