Page MenuHomeDevCentral
Files F25133664

D4031.diff
No OneTemporary
Actions

D4031.diff
View Options

diff --git a/roles/router/carp/files/secrets.conf b/roles/router/carp/files/secrets.conf
new file mode 100644
--- /dev/null
+++ b/roles/router/carp/files/secrets.conf
@@ -0,0 +1,24 @@
+# -------------------------------------------------------------
+# Router :: Vault configuration
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: BSD-2-Clause
+# Source file: roles/router/carp/files/secrets.conf
+# Format: secretsmith
+# -------------------------------------------------------------
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+
+vault:
+ server:
+ url: {{ vault.addr }}
+ verify: /usr/local/share/certs/nasqueron-vault-ca.crt
+
+ auth:
+ method: approle
+ role_id: {{ vault.approle.role_id }}
+ secret_id: {{ vault.approle.secret_id }}
diff --git a/roles/router/carp/init.sls b/roles/router/carp/init.sls
--- a/roles/router/carp/init.sls
+++ b/roles/router/carp/init.sls
@@ -28,3 +28,15 @@
cmd.run:
- name: python3 -m pip install ovh secretsmith
- creates: {{ salt['python.get_site_packages_directory']() }}/secretsmith
+
+/usr/local/etc/secrets/carp-secretsmith.yaml:
+ file.managed:
+ - source: salt://roles/router/carp/files/secrets.conf
+ - mode: 400
+ - makedirs: True
+ - show_changes: False
+ - template: jinja
+ - context:
+ vault:
+ approle: {{ salt["credentials.read_secret"]("network/router/vault") }}
+ addr: {{ pillar["nasqueron_services"]["vault_url"] }}

File Metadata

Mime Type
text/plain
Expires
Thu, Apr 2, 00:43 (20 h, 47 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
3585725
Default Alt Text
D4031.diff (1 KB)

Event Timeline

Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator