Name: bosh-manifest-generator
Owner: hybris GmbH
Description: Generator for bosh manifests including vault passwords.
Created: 2015-09-15 13:49:13.0
Updated: 2016-12-19 14:53:22.0
Pushed: 2017-01-10 09:48:58.0
Homepage: null
Size: 25
Language: Ruby
GitHub Committers
| User | Most Recent Commit | # Commits |
|---|
Other Committers
| User | Most Recent Commit | # Commits |
|---|
The manifest generator scripts are used to download manifests and merge them with passwords stored in vault.
Clone the repo and run:
le install
build bosh_manifest_generator.gemspec
install bosh_manifest_generator-0.0.1.gem
Make sure that you configure the following environment variables:
rt VAULT_ADDR='https://localhost:8200'
rt VAULT_SSL_VERIFY=false
Store credentials in vault:
le exec put_credentials <deployment_name> <environment> <passwords_file>
The script will store all values in the password file (yaml) in vault. It will return the keys used.
Generate credentials file:
le exec pull_credentials <deployment_name> <environment> <passwords_template> <out_file>
The command will read a yaml erb template and fill in passwords stored in vault. To get a password out of vault call the ´´´p´´´ function.
The `build_template` command is used as a more generic template generator not related to bosh at all.
rt VAULT_PREFIX=secret/foo/bar
d_template <passwords_templates> <out_folder>
Generate manifest file for existing deployment:
le exec generate_manifest <working_dir> <password_erb_template>
f merge <manifest_template> <working_dir>/metadata.yml <working_dir>/passwords.yml > <working_dir>/manifest.yml
The script is expecting a metadata.yml file including the AWS account id inside the `working_dir`.
Generate and upload passwords to vault:
le exec store_passwords <aws_account_id> <vaultdeployment> <aws_secret_key> <aws_key_id> <password_erb_template>
Upload ssh key to vault:
le exec ruby store-passwords.rb <account_id> <vaultdeployment> <pem_file>