Browse Source

Move global secrets to site

This gives users a straight forward way to update
airship SSH key for deployment (MAAS/divingbell config).

Change-Id: Ib67774fb67daa79e255b32e6a3e98a5bde96af4f
tags/v1.7
Kaspars Skels 7 months ago
parent
commit
e69d1d7252
11 changed files with 115 additions and 2 deletions
  1. +10
    -0
      doc/source/authoring_and_deployment.rst
  2. +1
    -1
      site/aiab/secrets/passphrases/private_docker_key.yaml
  3. +1
    -1
      site/aiab/secrets/publickey/airship_ssh_public_key.yaml
  4. +14
    -0
      site/airskiff-suse/secrets/passphrases/private_docker_key.yaml
  5. +14
    -0
      site/airskiff/secrets/passphrases/private_docker_key.yaml
  6. +14
    -0
      site/airsloop/secrets/passphrases/private_docker_key.yaml
  7. +11
    -0
      site/airsloop/secrets/publickey/airship_ssh_public_key.yaml
  8. +14
    -0
      site/seaworthy-virt/secrets/passphrases/private_docker_key.yaml
  9. +11
    -0
      site/seaworthy-virt/secrets/publickey/airship_ssh_public_key.yaml
  10. +14
    -0
      site/seaworthy/secrets/passphrases/private_docker_key.yaml
  11. +11
    -0
      site/seaworthy/secrets/publickey/airship_ssh_public_key.yaml

+ 10
- 0
doc/source/authoring_and_deployment.rst View File

@@ -318,6 +318,16 @@ Run the following command to get an up-to-date list of required DNS names:
Update Secrets
~~~~~~~~~~~~~~

Replace public SSH key under
``site/${NEW_SITE}/secrets/publickey/airship_ssh_public_key.yaml``
with a lab specific SSH public key. This key is used for MAAS initial
deployment as well as the default user for Divingbell
``site/${NEW_SITE}/software/charts/ucp/divingbell/divingbell.yaml``.

Add additional keys and Divingbell substitutions for any other users
that require SSH access to the deployed servers. See more details at
`<https://airship-divingbell.readthedocs.io/en/latest/>`__.

Replace passphrases under ``site/${NEW_SITE}/secrets/passphrases/``
with random generated ones:



global/secrets/passphrases/private_docker_key.yaml → site/aiab/secrets/passphrases/private_docker_key.yaml View File

@@ -5,7 +5,7 @@ metadata:
name: private_docker_key
layeringDefinition:
abstract: false
layer: global
layer: site
storagePolicy: cleartext
# sample key for potential private docker registry
# see Docker documentation for info on how to generate the key

global/secrets/publickey/airship_ssh_public_key.yaml → site/aiab/secrets/publickey/airship_ssh_public_key.yaml View File

@@ -5,7 +5,7 @@ metadata:
name: airship_ssh_public_key
layeringDefinition:
abstract: false
layer: global
layer: site
storagePolicy: cleartext
data: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyb6CDrai3VcFW1ew5ikf7IDSpqfFyrJNLI1DPyd28vcy6D1oFXdELYK7DsXzVCgV7YNDiKpneXMBTJ/Mr/aZi9K3eVvtRp1HAK3y6ycx9KRfyfMVAU0aT3xMOpE5xS/xTH8HNRbOSszp0woVYKhncpkumHweji7wbLKm/WxsggIoGDjn29KIoRhpo96tWz/DBsoU1pIHTMoZNyHW2aYWEx6kOzTEmhxL0LkKv7+A/2HJuLnqcXoQH9jl3kRQDyikNlSw2T3gQV3I8m0od/lEf98MZb1Yv9GrlDCmnUPXAJ2HQaWaVaPPpGcBW7veOZlLfeulwD4zlo6P6JW1SZaat airship@seaworthy
...

+ 14
- 0
site/airskiff-suse/secrets/passphrases/private_docker_key.yaml View File

@@ -0,0 +1,14 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: private_docker_key
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
# sample key for potential private docker registry
# see Docker documentation for info on how to generate the key
# base64 of password123
data: cGFzc3dvcmQxMjM=
...

+ 14
- 0
site/airskiff/secrets/passphrases/private_docker_key.yaml View File

@@ -0,0 +1,14 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: private_docker_key
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
# sample key for potential private docker registry
# see Docker documentation for info on how to generate the key
# base64 of password123
data: cGFzc3dvcmQxMjM=
...

+ 14
- 0
site/airsloop/secrets/passphrases/private_docker_key.yaml View File

@@ -0,0 +1,14 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: private_docker_key
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
# sample key for potential private docker registry
# see Docker documentation for info on how to generate the key
# base64 of password123
data: cGFzc3dvcmQxMjM=
...

+ 11
- 0
site/airsloop/secrets/publickey/airship_ssh_public_key.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/PublicKey/v1
metadata:
schema: metadata/Document/v1
name: airship_ssh_public_key
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyb6CDrai3VcFW1ew5ikf7IDSpqfFyrJNLI1DPyd28vcy6D1oFXdELYK7DsXzVCgV7YNDiKpneXMBTJ/Mr/aZi9K3eVvtRp1HAK3y6ycx9KRfyfMVAU0aT3xMOpE5xS/xTH8HNRbOSszp0woVYKhncpkumHweji7wbLKm/WxsggIoGDjn29KIoRhpo96tWz/DBsoU1pIHTMoZNyHW2aYWEx6kOzTEmhxL0LkKv7+A/2HJuLnqcXoQH9jl3kRQDyikNlSw2T3gQV3I8m0od/lEf98MZb1Yv9GrlDCmnUPXAJ2HQaWaVaPPpGcBW7veOZlLfeulwD4zlo6P6JW1SZaat airship@seaworthy
...

+ 14
- 0
site/seaworthy-virt/secrets/passphrases/private_docker_key.yaml View File

@@ -0,0 +1,14 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: private_docker_key
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
# sample key for potential private docker registry
# see Docker documentation for info on how to generate the key
# base64 of password123
data: cGFzc3dvcmQxMjM=
...

+ 11
- 0
site/seaworthy-virt/secrets/publickey/airship_ssh_public_key.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/PublicKey/v1
metadata:
schema: metadata/Document/v1
name: airship_ssh_public_key
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyb6CDrai3VcFW1ew5ikf7IDSpqfFyrJNLI1DPyd28vcy6D1oFXdELYK7DsXzVCgV7YNDiKpneXMBTJ/Mr/aZi9K3eVvtRp1HAK3y6ycx9KRfyfMVAU0aT3xMOpE5xS/xTH8HNRbOSszp0woVYKhncpkumHweji7wbLKm/WxsggIoGDjn29KIoRhpo96tWz/DBsoU1pIHTMoZNyHW2aYWEx6kOzTEmhxL0LkKv7+A/2HJuLnqcXoQH9jl3kRQDyikNlSw2T3gQV3I8m0od/lEf98MZb1Yv9GrlDCmnUPXAJ2HQaWaVaPPpGcBW7veOZlLfeulwD4zlo6P6JW1SZaat airship@seaworthy
...

+ 14
- 0
site/seaworthy/secrets/passphrases/private_docker_key.yaml View File

@@ -0,0 +1,14 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: private_docker_key
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
# sample key for potential private docker registry
# see Docker documentation for info on how to generate the key
# base64 of password123
data: cGFzc3dvcmQxMjM=
...

+ 11
- 0
site/seaworthy/secrets/publickey/airship_ssh_public_key.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/PublicKey/v1
metadata:
schema: metadata/Document/v1
name: airship_ssh_public_key
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyb6CDrai3VcFW1ew5ikf7IDSpqfFyrJNLI1DPyd28vcy6D1oFXdELYK7DsXzVCgV7YNDiKpneXMBTJ/Mr/aZi9K3eVvtRp1HAK3y6ycx9KRfyfMVAU0aT3xMOpE5xS/xTH8HNRbOSszp0woVYKhncpkumHweji7wbLKm/WxsggIoGDjn29KIoRhpo96tWz/DBsoU1pIHTMoZNyHW2aYWEx6kOzTEmhxL0LkKv7+A/2HJuLnqcXoQH9jl3kRQDyikNlSw2T3gQV3I8m0od/lEf98MZb1Yv9GrlDCmnUPXAJ2HQaWaVaPPpGcBW7veOZlLfeulwD4zlo6P6JW1SZaat airship@seaworthy
...

Loading…
Cancel
Save