archive auth mirror #9
Description
This charm provides an HTTPS mirror with BasicAuth of an Ubuntu archive.
- Tags:
- application ›
- nginx ›
- security ›
Overview
This charm deploys an application to mirror and periodically sync an Ubuntu archive and expose it through static file serve via Nginx.
Managing basic authentication
Credentials for basic authentication can be created with:
juju run --application archive-auth-mirror '/srv/archive-auth-mirror/bin/manage-user add <user> <pass>'
If the user is already present, their password will be updated.
To remove a user, run
juju run --application archive-auth-mirror '/srv/archive-auth-mirror/bin/manage-user remove <user>'
Configuration
- auth-cache-duration
- (string) Cache duration before expiration, like "15m" or "1h".
- 1h
- auth-cache-enabled
- (boolean) Whether authorization caching is enabled. When enabled, both successful and unauthorized responses from the auth backend are cached. The cache expires or is deleted based on the "auth-cache-duration" and "auth-cache-inactivity" options below. Even when this option is set to true, caching is really only enabled when this application is related to an auth backend, like esm-auth-server.
- auth-cache-inactivity
- (string) Cache inactivity before invalidation, like "15m" or "1h".
- 10m
- extra_packages
- (string) Space separated list of extra deb packages to install.
- host
- (string) listen address
- 127.0.0.1
- install_keys
- (string) List of signing keys for install_sources package sources, per charmhelpers standard format (a yaml list of strings encoded as a string). The keys should be the full ASCII armoured GPG public keys. While GPG key ids are also supported and looked up on a keyserver, operators should be aware that this mechanism is insecure. null can be used if a standard package signing key is used that will already be installed on the machine, and for PPA sources where the package signing key is securely retrieved from Launchpad.
- install_sources
- (string) List of extra apt sources, per charm-helpers standard format (a yaml list of strings encoded as a string). Each source may be either a line that can be added directly to sources.list(5), or in the form ppa:<user>/<ppa-name> for adding Personal Package Archives, or a distribution component to enable.
- mirrors
- (string) A YAML describing one or more repositories to mirror. The YAML is structured as a list of maps, with each map including the "deb-line" and "pub-key" mandatory fields, and the "archs" and "version" optional fields. For instance: - deb-line: http[s]://[<user>:<pass>@]<hostname>/<path> <suite> <components> pub-key: GPG public key for validating the repository archs: source i386 amd64 version: 18.10 suite: xenial-updates - deb-line: ... pub-key: ... The archs field defaults to "source i386 amd64". The version field, if not specified, is omitted. The suite is the local suite, in essence the dists subdirectory where the Release file can be found locally. The suite must uniquely identify a mirror. If not specified, it defaults to the value of the remote suite from the deb-line. In any case, the codename in the Release file is generated from the suite prefix, so that, for instance, "trusty", "trusty-updates" and "trusty-foo-bar" will all have "trusty" as their codename. The charm is blocked until this config value is provided.
- nagios_context
- (string) Used by the nrpe subordinate charms. A string that will be prepended to instance name to set the host name in nagios. So for instance the hostname would be something like: juju-myservice-0 If you're running multiple environments with the same services in them this allows you to differentiate between them.
- juju
- nagios_servicegroups
- (string) A comma-separated list of nagios servicegroups. If left empty, the nagios_context will be used as the servicegroup
- package_status
- (string) The status of service-affecting packages will be set to this value in the dpkg database. Valid values are "install" and "hold".
- install
- packages-require-auth
- (boolean) Whether the Packages-Require-Authorization field must be included in the Release file. This field provides a hint that package downloads will require authorization, hence allowing clients to prevent use of this repository if authorization has not been provided, avoiding problems with failing downloads.
- port
- (int) NGINX listen port
- 80
- repository-origin
- (string) The value of the 'Origin' field of the repository.
- Ubuntu
- resource-name
- (string) The name of the resource associated with this service
- esm
- service-url
- (string) The URL of the service.
- sign-gpg-key
- (string) GPG private key for signing the archive.
- sign-gpg-passphrase
- (string) Passphrase for the sign-gpg-key.