Page MenuHomeDevCentral
Create Task
Maniphest T1411

Deploy Zemke-Rhyne on PaaS Docker
Closed, ResolvedPublic
Actions

Description

Pending Vault deployment, we can request Salt to use Zemke-Rhyne to fetch credentials.

An example is at D1677:

{% set db_username = salt['cmd.run']('ssh -4 -i /etc/zr/id_zr zr@ysul.nasqueron.org getcredentials 47 username') %}
{% set db_password = salt['cmd.run']('ssh -4 -i /etc/zr/id_zr zr@ysul.nasqueron.org getcredentials 47') %}

Plan:

  • create the /etc/zr/id_zr key
  • provide a zr wrapper to run zr getcredentials... instead of the ssh call

Nice to have but not in plan as long as we don't use ZR on a lot of servers:

  • upload /etc/zr/id_zr key to DevCentral (needs an arc command for that)
  • make zR data/servers.json a templated file to add our servers block and keys

Revisions and Commits

rOPS Nasqueron Operations
D1680rOPS1cd25fd990ea Provide a zr wrapper around the SSH command invocation
D1679rOPSe41e9df45cfa Provision Zemke Rhyne key on Docker servers
D1678rOPS886eef9b8caf Create zemke-rhyne directory on Docker servers

Related Objects

Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator