Tech:Private Git

From Orain Meta
Revision as of 17:08, 27 March 2015 by imported>Addshore
Jump to navigation Jump to search

Orain's private git repo is stored on prod7 and is read-only by the user 'git' and commit only to the user 'root'.

User 'git'

The git user is used to automatically update /root/private on all Orain servers and the account is authenticated via ssh by a private key stored in the private git repo (along with the public key as well). Ansible uses one of the keypairs from the private repo to authenticate to prod7 in order to download the latest code.

Files stored

The keypairs for the user 'git' are stored in the repo along with Orain's SSL cert and private key. The ansible variable file is also stored in the repo. Any files that should not be public but need to be available for either general or ansible operations can be stored. Only ops can commit to the repo via the root user.

Retrieved from "https://meta.orain.org/wiki/Tech:Private_Git?oldid=13912"