blob: 317f29aed8c8ce80f64f591cb36aa925d166d853 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
|
---
# The purpose of this file is to define the drydock Region, which in turn drives
# the MaaS region.
schema: 'drydock/Region/v1'
metadata:
schema: 'metadata/Document/v1'
# NEWSITE-CHANGEME: Replace with the site name
name: intel-pod17
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
substitutions:
- dest:
path: .repositories.main_archive
src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .packages.repositories.main_archive
# NEWSITE-CHANGEME: Substitutions from deckhand SSH public keys into the
# list of authorized keys which MaaS will register for the build-in "ubuntu"
# account during the PXE process. Create a substitution rule for each SSH
# key that should have access to the "ubuntu" account (useful for trouble-
# shooting problems before UAM or UAM-lite is operational). SSH keys are
# stored as secrets in site/seaworthy/secrets.
- dest:
# Add/replace the item in the list
path: .authorized_keys[0]
src:
schema: deckhand/PublicKey/v1
# This should match the "name" metadata of the SSH key which will be
# substituted, located in site/intel-pod17/secrets folder.
name: grego_ssh_public_key
path: .
- dest:
# Increment the list index
path: .authorized_keys[1]
src:
schema: deckhand/PublicKey/v1
# your ssh key
name: kasparss_ssh_public_key
path: .
data:
tag_definitions: []
# This is the list of SSH keys which MaaS will register for the built-in
# "ubuntu" account during the PXE process. This list is populated by
# substitution, so the same SSH keys do not need to be repeated in multiple
# manifests.
authorized_keys: []
repositories:
remove_unlisted: true
...
|