Commit 1eac88ca authored by Victor Penso's avatar Victor Penso
Browse files

still working on remote publishing

parent 34c90543
......@@ -15,7 +15,6 @@
# See the License for the specific language governing permissions and
# limitations under the License.
# The cvmfs user operates all remote actions on the CVMFS servers
user 'cvmfs'
......@@ -33,7 +32,7 @@ node.cvmfs.remote.each_pair do |repo,config|
group maintainer do
members ['cvmfs'] << maintainers
end
directory "/cvmfs/#{repo}" do
group maintainer
mode '0775'
......@@ -44,7 +43,7 @@ node.cvmfs.remote.each_pair do |repo,config|
file rsync_exclude do
mode "0770"
group maintainer
content ".svn/*\n.libs/*\n.deps/*\n*.o"
content ".svn/*\n.libs/*\n.deps/*\n*.o\n"
# The excludes for Rsync will be modified by users eventually
not_if do ::File.exists? rsync_exclude end
end
......@@ -56,9 +55,10 @@ node.cvmfs.remote.each_pair do |repo,config|
'StrictHostKeyChecking' => 'no'
}
sys_sudo repo do
# Allow all maintainers to execute the remote publishing script
sys_sudo maintainer do
users maintainer.upcase => maintainers
rules ["#{maintainer.upcase} #{node.fqdn}=NOPASSWD:/sbin/cvmfs * #{repo}"]
rules ["#{maintainer.upcase} #{node.fqdn}=NOPASSWD:/sbin/cvmfs-remote * #{repo}"]
end
end
......
......@@ -25,6 +25,10 @@ apache_site '000-default' do
enable false
end
user 'cvmfs' do
shell '/bin/bash'
end
# Initialize the repositories unless they exist
node.cvmfs.server.repos.each do |repo|
execute "cvmfs_server mkfs -o root #{repo}" do
......
name "cvmfs_server_test"
description "Use to test the [cvmfs::server] recipe."
run_list(
"recipe[sys::pam]",
"recipe[sys::ssh]",
"recipe[cernvm-fs]"
)
default_attributes(
:sys => {
:ssh => {
:authorize => {
'cvmfs' => {
:keys => [ 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZ33u0CFd+KbcT1agerP3zAbG57iXPKWT8ACznmWidHjAma23O8QvDXc3TuKu7OnsWpV6kCNpOJqw35pf7c6xRK+ZVWk8MnKkEm/Ht2UGukVWsLhlAPczG3Def8bkR0DrzOybR/ytWjnUbxGeg3EyJwgelA76KpNc/qdBeYyZI6/CgH3D0jJKfRdftv+4AC/tBBqHUeUa/RR7vG4yTasQ8HAIvCH4q5E3VO0HsWFZAxwodtOkmqaEmUoKxvXL1jCnttELzte1eQqMCkDtS4LhxfAeFGLwEDUTX+9eXstDkUY9BO0v1xDJnge5d0InVmBony1waXJU3Z7JTQTMj7aZ9' ]
}
}
}
:ssh => { :authorize => { 'cvmfs' => { :keys => [ 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZ33u0CFd+KbcT1agerP3zAbG57iXPKWT8ACznmWidHjAma23O8QvDXc3TuKu7OnsWpV6kCNpOJqw35pf7c6xRK+ZVWk8MnKkEm/Ht2UGukVWsLhlAPczG3Def8bkR0DrzOybR/ytWjnUbxGeg3EyJwgelA76KpNc/qdBeYyZI6/CgH3D0jJKfRdftv+4AC/tBBqHUeUa/RR7vG4yTasQ8HAIvCH4q5E3VO0HsWFZAxwodtOkmqaEmUoKxvXL1jCnttELzte1eQqMCkDtS4LhxfAeFGLwEDUTX+9eXstDkUY9BO0v1xDJnge5d0InVmBony1waXJU3Z7JTQTMj7aZ9' ] } } }
},
:cvmfs => {
:server => {
:repos => [ 'alpha.devops.test' ]
}
}
:cvmfs => { :server => { :repos => [ 'alpha.devops.test' ] } }
)
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment