Diffusion Nasqueron Operations daf96182f8b6

Generate secretsmith Vault configuration for routers via Salt
daf96182f8b6
Actions

Description

Generate secretsmith Vault configuration for routers via Salt

Summary:
This change adds to the Salt state carp (roles/router/carp/init.sls) a secretsmith configuration file
on routers, allowing the script from T2276 to authenticate to Vault using AppRole.

The configuration file (/usr/local/etc/secrets/carp-secretsmith.yaml) contains:

Vault server URL
AppRole credentials (role_id and secret_id) retrieved from Vault

Ref T2276

Test Plan:

Applied state on router-002:

salt 'router-002' state.apply roles/router test=True

salt 'router-002' state.apply roles/router

Applied state on router-003:

salt 'router-003' state.apply roles/router test=True

salt 'router-003' state.apply roles/router

Reviewers: dereckson, Duranzed

Reviewed By: dereckson

Subscribers: Duranzed, dereckson

Maniphest Tasks: T2276

Differential Revision: https://devcentral.nasqueron.org/D4031

Details

Provenance

yousra	Authored on Mon, Mar 30, 07:16
yousra	Pushed on Mon, Mar 30, 07:22

Reviewer

dereckson

Differential Revision

D4031: Generate secretsmith Vault configuration for routers via Salt

Parents

rOPS88bee5959739: Sort more DevCentral projects in Notifications Center

Branches

Unknown

Tags

Unknown

References

HEAD -> main

Tasks

T2276: Automate CARP VIP MAC reassignment using devd and OVH API

Event Timeline

yousra committed rOPSdaf96182f8b6: Generate secretsmith Vault configuration for routers via Salt (authored by yousra).Mon, Mar 30, 07:22

yousra added a task: T2276: Automate CARP VIP MAC reassignment using devd and OVH API.

yousra added an edge: D4031: Generate secretsmith Vault configuration for routers via Salt.

Changes (2)

Path

Size

roles/

	router/	carp/	files/
	reports/	rhyne-wyse/	files/

secrets.conf

router/

carp/

init.sls

rOPSdaf96182f8b6

View Options

roles/router/carp/files/secrets.conf