Page MenuHomeDevCentral
Differential D4031

Generate secretsmith Vault configuration for routers via Salt
ClosedPublic
Actions

Authored by yousra on Mar 29 2026, 16:41.
Tags
None
Referenced Files
F31601697: D4031.id10534.diff
Wed, Jun 3, 08:24
F31601695: D4031.id10536.diff
Wed, Jun 3, 08:24
F31595921: D4031.diff
Wed, Jun 3, 07:17
F31518367: D4031.diff
Tue, Jun 2, 18:37
Unknown Object (File)
Mon, May 25, 03:00
Unknown Object (File)
Mon, May 25, 01:59
Unknown Object (File)
Sun, May 24, 07:52
Unknown Object (File)
Wed, May 20, 16:15
View All 60 Files
Subscribers
dereckson
Duranzed

Details

Reviewers
dereckson
Duranzed
Maniphest Tasks
T2276: Automate CARP VIP MAC reassignment using devd and OVH API
Commits
rOPSdaf96182f8b6: Generate secretsmith Vault configuration for routers via Salt
Summary

This change adds to the Salt state carp (roles/router/carp/init.sls) a secretsmith configuration file
on routers, allowing the script from T2276 to authenticate to Vault using AppRole.

The configuration file (/usr/local/etc/secrets/carp-secretsmith.yaml) contains:

  • Vault server URL
  • AppRole credentials (role_id and secret_id) retrieved from Vault

Ref T2276

Test Plan
  • Applied state on router-002:

    salt 'router-002' state.apply roles/router test=True

    salt 'router-002' state.apply roles/router
  • Applied state on router-003:

    salt 'router-003' state.apply roles/router test=True

    salt 'router-003' state.apply roles/router

Diff Detail

Repository
rOPS Nasqueron Operations
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Revision Contents
Changeset List

PathSize
roles/
router/
carp/
files/
24 lines
12 lines

Diff 10536

View Options

roles/router/carp/files/secrets.conf

Loading...
View Options

roles/router/carp/init.sls

Loading...
Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator