Page MenuHomeDevCentral
Differential D4031

Generate secretsmith Vault configuration for routers via Salt
ClosedPublic
Actions

Authored by yousra on Sun, Mar 29, 16:41.

Details

Reviewers
dereckson
Duranzed
Maniphest Tasks
T2276: Automate CARP VIP MAC reassignment using devd and OVH API
Commits
rOPSdaf96182f8b6: Generate secretsmith Vault configuration for routers via Salt
Summary

This change adds to the Salt state carp (roles/router/carp/init.sls) a secretsmith configuration file
on routers, allowing the script from T2276 to authenticate to Vault using AppRole.

The configuration file (/usr/local/etc/secrets/carp-secretsmith.yaml) contains:

  • Vault server URL
  • AppRole credentials (role_id and secret_id) retrieved from Vault

Ref T2276

Test Plan
  • Applied state on router-002:

    salt 'router-002' state.apply roles/router test=True

    salt 'router-002' state.apply roles/router
  • Applied state on router-003:

    salt 'router-003' state.apply roles/router test=True

    salt 'router-003' state.apply roles/router

Diff Detail

Repository
rOPS Nasqueron Operations
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Revision Contents
Changeset List

PathSize
roles/
router/
carp/
files/
24 lines
12 lines

Diff 10536

View Options

roles/router/carp/files/secrets.conf

Loading...
View Options

roles/router/carp/init.sls

Loading...
Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator