vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
8404 commits 2 branches 62 tags 205 MiB
Commit graph

42 commits

Author SHA1 Message Date
Joseph Schorr
d323758d95 Fix permissions on disable-aws-metadata script 2018-01-05 13:26:59 -05:00
Joseph Schorr
2ffdfa1434 Add systemd unit to disable the AWS metadata service by routing all requests to 1.1.1.1 
While this isn't strictly a security issue, it *appears* to be and we got audited as such, so just turn it off

Fixes https://jira.coreos.com/browse/QS-83
 2017-12-07 13:29:14 -05:00
Joseph Schorr
86ec24470b Force Docker onto overlay2 
Both btfs and overlay file systems suffer a very strange bug when executing the following Dockerfile:

```
FROM alpine

RUN mkdir lch

COPY . lch/
COPY requirements.txt lch/requirements.txt
COPY ./requirements/ lch/requirements/

ENTRYPOINT ["/docker-entrypoint.sh"]
```

It fails on the last `COPY` line, due to the presence of the `COPY . lch/` call. Unknown as to why, but moving to the new filesystem fixes things.
 2017-11-14 19:23:15 -05:00
EvB
b85a3b47ae chore(buildman): add EvB's ssh key to cloudconfig 
Add ssh public key for new team member, Erica, to cloudconfig.yml.
 2016-12-06 11:18:47 -05:00
Brad Ison
bcdc330b56 Completely disable update-engine on builders 2016-11-23 10:12:55 -05:00
Brad Ison
c4a1c3cfa7 Merge pull request #2123 from coreos-inc/builder-hostnames 
Set builder hostnames to build UUID
 2016-11-16 12:43:06 -08:00
Brad Ison
2c59bd9ee5 Set builder hostnames to build UUID 2016-11-15 12:35:48 -08:00
Charlton Austin
211b3f160c Updating the log-2-logentries to a new repo. 2016-11-15 13:06:00 -05:00
charltonaustin
4368c11f51 Removing my name from public key. 2016-10-04 16:20:33 -04:00
charltonaustin
28e1aec85f Adding in ssh key. 2016-10-04 16:00:42 -04:00
Brad Ison
0fadc745cf Revert "Use Google public DNS in builder VMs" 
This reverts commit a331eecd0f.
 2016-09-20 12:06:19 -04:00
Brad Ison
a331eecd0f Use Google public DNS in builder VMs 2016-09-12 15:05:13 -04:00
Joseph Schorr
9e6e3a6c94 Remove our names from the checked in keys 
This means they won't go out in the QE binary, nor will be viewable on the ephemeral build nodes

Longer term we should probably move these into the config dir
 2016-08-30 18:02:05 -04:00
Brad Ison
d37f32b9c7 Add bison's SSH key to builders 2016-08-15 15:53:26 -04:00
Joseph Schorr
7471d0e35f Small code cleanup before whitelist addition 2016-07-08 15:50:51 -04:00
Colin Hom
bc13333f20 Kubernetes build worker 2016-07-08 15:50:51 -04:00
Jimmy Zelinskie
5298452fa7 builder cloudconfig: shutdown server after 3 hours (#1554) 2016-06-17 16:03:40 -04:00
Joseph Schorr
f9469a84b3 Make the size of the build node HDD configurable 
Fixes #1520
 2016-06-06 11:35:10 -04:00
Jimmy Zelinskie
79aa78906a buildman: refresh and add Evan's key to builders 2016-05-24 14:05:39 -04:00
Jake Moshenko
c4b637521c Remove Matt Jibson's public key 2015-11-23 18:18:42 -05:00
Matt Jibson
2325328bbd Update mjibson ssh key 2015-11-06 15:34:52 -05:00
Jimmy Zelinskie
cb6b6c4091 buildman: add silas keys to builders 2015-09-09 16:53:19 -04:00
Jimmy Zelinskie
0365831015 add barakmich, quentin, mjibson keys to builders 
Fixes coreos-inc/quay-policies#38
 2015-08-27 11:42:53 -04:00
Joseph Schorr
04cc471585 Increase the HD size on the build nodes 
Fixes #228
 2015-07-14 15:20:17 +03:00
Jimmy Zelinskie
db05db6295 cloudconfig: flatten logentries container 2015-05-20 16:34:16 -04:00
Jimmy Zelinskie
86f400fdf5 buildman: fix btrfs mounting in worker cloudconfig 2015-05-13 17:40:35 -04:00
Jimmy Zelinskie
6a5cecebc5 buildman: create and mount btrfs volume for docker 
There are numerous issues with overlayfs that actually aren't present with
btrfs. Btrfs seems to have long-running issues, but our builders are
ephemeral. Example issue: https://github.com/docker/docker/issues/10180
 2015-05-12 17:42:34 -04:00
Jake Moshenko
b10fd4ff22 Tell the journal on the builders to listen on the proper socket. 2015-03-27 16:31:35 -04:00
Jake Moshenko
6eead7c860 Add logentries reporting to the ephemeral builders. 2015-03-27 15:28:08 -04:00
Joseph Schorr
98b4f62ef7 Switch to using a squashed image for the build workers 2015-02-10 15:43:01 -05:00
Jimmy Zelinskie
c7c5377285 Add my key back to the ephemeral builder machines. 2015-02-05 12:51:02 -05:00
Joseph Schorr
5fedd74399 Remove Jake's key 2015-02-04 21:31:26 -05:00
Joseph Schorr
361fb33574 - Add a small build script 
- Take in the build worker branch name from config
- Add additional logging (to be removed after we figure out the problem)
 2015-02-03 12:48:41 -05:00
Jake Moshenko
8e85ff63f1 Add everyones ssh keys to the ephemeral build workers. 2015-01-29 18:40:17 -05:00
Jake Moshenko
0ddfd07749 Use the tiny registry-build-worker image. Bind mount in the root certificates so that Quay SSL certificates can be calidated. 2015-01-27 14:12:47 -05:00
Jake Moshenko
f2471a86f6 Fix the python requirements. Add the ability to map in etcd client certs and ca. 2015-01-22 10:53:23 -05:00
Jake Moshenko
cc70225043 Generalize the ephemeral build managers so that any manager may manage a builder spawned by any other manager. 2014-12-31 11:33:56 -05:00
Jake Moshenko
ccb19571d6 Try lowering the sleep on the shutdown timeout to avoid the service dispatch timeout built into systemd. 2014-12-23 17:42:47 -05:00
Jake Moshenko
1005c29b6b Fix the shutdown command for when the builder terminates itself. 2014-12-23 17:08:16 -05:00
Jake Moshenko
b2d7fad667 Fix a typo with the automatic node shutdown fallback in the ephemeral nodes. 2014-12-23 14:09:24 -05:00
Jake Moshenko
12ee8e0fc0 Switch a few of the buildman methods to coroutines in order to support network calls in methods. Add a test for the ephemeral build manager. 2014-12-22 12:14:16 -05:00
Jake Moshenko
2d7e844753 First implementation of ephemeral build lifecycle manager. 2014-12-16 13:41:30 -05:00