summaryrefslogtreecommitdiffstats
path: root/site/intel-pod17/profiles/region.yaml
blob: 317f29aed8c8ce80f64f591cb36aa925d166d853 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
---
# The purpose of this file is to define the drydock Region, which in turn drives
# the MaaS region.
schema: 'drydock/Region/v1'
metadata:
  schema: 'metadata/Document/v1'
  # NEWSITE-CHANGEME: Replace with the site name
  name: intel-pod17
  layeringDefinition:
    abstract: false
    layer: site
  storagePolicy: cleartext
  substitutions:
    - dest:
        path: .repositories.main_archive
      src:
        schema: pegleg/SoftwareVersions/v1
        name: software-versions
        path: .packages.repositories.main_archive
    # NEWSITE-CHANGEME: Substitutions from deckhand SSH public keys into the
    # list of authorized keys which MaaS will register for the build-in "ubuntu"
    # account during the PXE process. Create a substitution rule for each SSH
    # key that should have access to the "ubuntu" account (useful for trouble-
    # shooting problems before UAM or UAM-lite is operational). SSH keys are
    # stored as secrets in site/seaworthy/secrets.
    - dest:
        # Add/replace the item in the list
        path: .authorized_keys[0]
      src:
        schema: deckhand/PublicKey/v1
        # This should match the "name" metadata of the SSH key which will be
        # substituted, located in site/intel-pod17/secrets folder.
        name: grego_ssh_public_key
        path: .
    - dest:
        # Increment the list index
        path: .authorized_keys[1]
      src:
        schema: deckhand/PublicKey/v1
        # your ssh key
        name: kasparss_ssh_public_key
        path: .
data:
  tag_definitions: []
  # This is the list of SSH keys which MaaS will register for the built-in
  # "ubuntu" account during the PXE process. This list is populated by
  # substitution, so the same SSH keys do not need to be repeated in multiple
  # manifests.
  authorized_keys: []
  repositories:
    remove_unlisted: true
...