airship/airshipctl
Code Issues Proposed changes

Add secrets generator phase

Browse Source 
This phase builded on top of generic executor container.
It uses kustomize generator to generate secrets
and SOPS function to encrypt secrets.

Usage:
    1. `curl -fsSL -o key.asc https://raw.githubusercontent.com/mozilla/sops/master/pgp/sops_functional_tests_key.asc`
       Copy existing key from sops project
    2. `export SOPS_IMPORT_PGP="$(cat key.asc)" && export SOPS_PGP_FP="FBC7B9E2A4F9289AC0C1D4843D16CEE4A27381B4"`
    3. `airshipctl phase run secret-generate`
        It will generate and encrypt secret in
        manifests/site/test-site/target/generator/results/generated/
    4. `KUSTOMIZE_PLUGIN_HOME=$(pwd)/manifests SOPS_IMPORT_PGP=$(cat key.asc) kustomize build --enable_alpha_plugins
        manifests/site/test-site/target/catalogues/ > output.txt`
	It will decrypt encrypted secret

Co-authored-by: Alexey Odinokov <aodinokov@mirantis.com>
Change-Id: I1682d71b7805eb36c407e712dcb747de799bc8bb
Relates-To: #379
This commit is contained in:
Vladislav Kuzmin
2020-12-09 17:58:02 +04:00
committed by Kostyantyn Kalynovskyi
parent 2e66fc59f6
commit 8dba799c18
17 changed files with 271 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
playbooks/get-vm-config.yaml
View File

@@ -21,6 +21,7 @@
environment:
KUSTOMIZE_PLUGIN_HOME: "/tmp"
KUSTOMIZE_ENABLE_ALPHA_COMMANDS: "true"
SOPS_IMPORT_PGP: "{{ airship_config_pgp }}"
- set_fact:
bmh: "{{ bmh_command.stdout | from_yaml_all | list }}"
@@ -36,6 +37,7 @@
environment:
KUSTOMIZE_PLUGIN_HOME: "/tmp"
KUSTOMIZE_ENABLE_ALPHA_COMMANDS: "true"
SOPS_IMPORT_PGP: "{{ airship_config_pgp }}"
with_items: "{{ bmh }}"
- name: get links from network data per BareMetalHost object