Page MenuHomeDevCentral

Configure ViperServ eggdrops to use Vault
ClosedPublic

Authored by dereckson on May 12 2022, 22:54.
Tags
None
Referenced Files
F3769835: D2687.id6805.diff
Sat, Nov 23, 17:13
Unknown Object (File)
Fri, Nov 22, 19:33
Unknown Object (File)
Fri, Nov 22, 11:00
Unknown Object (File)
Thu, Nov 21, 07:23
Unknown Object (File)
Thu, Nov 21, 07:22
Unknown Object (File)
Mon, Nov 18, 00:42
Unknown Object (File)
Wed, Nov 13, 06:31
Unknown Object (File)
Wed, Nov 13, 05:54
Subscribers
None

Details

Summary

Eggdrop configuration

Load Vault library and helper script.

Use Vault to connect to MySQL and to fetch nickserv password.

Salt deployment

Provide a policy allowing to read apps/viperserv/

Provision AppRole credentials in .credentials file, and remove
MySQL information placeholder as it's known stored in Vault.

Ref T1733

Test Plan

Launch eggdrop

Diff Detail

Repository
rOPS Nasqueron Operations
Lint
Lint Passed
Unit
No Test Coverage
Branch
arcpatch-D2687
Build Status
Buildable 4270
Build 4534: arc lint + arc unit

Event Timeline

dereckson created this revision.
dereckson added inline comments.
roles/viperserv/eggdrop/config.sls
67

read_secret doesn't implement _are_credentials_hidden()

This revision is now accepted and ready to land.May 29 2022, 12:08

Probably safe to deploy after 7 months in production?

Should have been merged directly in May.

This revision was automatically updated to reflect the committed changes.