Page MenuHomeDevCentral
Differential D4031

Generate secretsmith Vault configuration for routers via Salt
ClosedPublic
Actions

Authored by yousra on Sun, Mar 29, 16:41.
Tags
None
Referenced Files
F25541506: D4031.id10536.diff
Thu, Apr 16, 10:14
Unknown Object (File)
Wed, Apr 15, 20:17
Unknown Object (File)
Mon, Apr 13, 21:39
Unknown Object (File)
Mon, Apr 13, 08:53
Unknown Object (File)
Mon, Apr 13, 06:39
Unknown Object (File)
Sat, Apr 11, 14:15
Unknown Object (File)
Sat, Apr 11, 14:11
Unknown Object (File)
Sat, Apr 11, 02:17
View All 42 Files
Subscribers
dereckson
Duranzed

Details

Reviewers
dereckson
Duranzed
Maniphest Tasks
T2276: Automate CARP VIP MAC reassignment using devd and OVH API
Commits
rOPSdaf96182f8b6: Generate secretsmith Vault configuration for routers via Salt
Summary

This change adds to the Salt state carp (roles/router/carp/init.sls) a secretsmith configuration file
on routers, allowing the script from T2276 to authenticate to Vault using AppRole.

The configuration file (/usr/local/etc/secrets/carp-secretsmith.yaml) contains:

  • Vault server URL
  • AppRole credentials (role_id and secret_id) retrieved from Vault

Ref T2276

Test Plan
  • Applied state on router-002:

    salt 'router-002' state.apply roles/router test=True

    salt 'router-002' state.apply roles/router
  • Applied state on router-003:

    salt 'router-003' state.apply roles/router test=True

    salt 'router-003' state.apply roles/router

Diff Detail

Repository
rOPS Nasqueron Operations
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Revision Contents
Changeset List

PathSize
roles/
router/
carp/
files/
24 lines
12 lines

Diff 10536

View Options

roles/router/carp/files/secrets.conf

Loading...
View Options

roles/router/carp/init.sls

Loading...
Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator