Browse Source
Move global secrets to site
This gives users a straight forward way to update airship SSH key for deployment (MAAS/divingbell config). Change-Id: Ib67774fb67daa79e255b32e6a3e98a5bde96af4ftags/v1.7
Kaspars Skels
1 month ago
11 changed files with 115 additions and 2 deletions
+ 10
- 0
doc/source/authoring_and_deployment.rst
View File
| @@ -318,6 +318,16 @@ Run the following command to get an up-to-date list of required DNS names: | |||
| Update Secrets | |||
| ~~~~~~~~~~~~~~ | |||
| Replace public SSH key under | |||
| ``site/${NEW_SITE}/secrets/publickey/airship_ssh_public_key.yaml`` | |||
| with a lab specific SSH public key. This key is used for MAAS initial | |||
| deployment as well as the default user for Divingbell | |||
| ``site/${NEW_SITE}/software/charts/ucp/divingbell/divingbell.yaml``. | |||
| Add additional keys and Divingbell substitutions for any other users | |||
| that require SSH access to the deployed servers. See more details at | |||
| `<https://airship-divingbell.readthedocs.io/en/latest/>`__. | |||
| Replace passphrases under ``site/${NEW_SITE}/secrets/passphrases/`` | |||
| with random generated ones: | |||
global/secrets/passphrases/private_docker_key.yaml → site/aiab/secrets/passphrases/private_docker_key.yaml
View File
| @@ -5,7 +5,7 @@ metadata: | |||
| name: private_docker_key | |||
| layeringDefinition: | |||
| abstract: false | |||
| layer: global | |||
| layer: site | |||
| storagePolicy: cleartext | |||
| # sample key for potential private docker registry | |||
| # see Docker documentation for info on how to generate the key | |||
global/secrets/publickey/airship_ssh_public_key.yaml → site/aiab/secrets/publickey/airship_ssh_public_key.yaml
View File
| @@ -5,7 +5,7 @@ metadata: | |||
| name: airship_ssh_public_key | |||
| layeringDefinition: | |||
| abstract: false | |||
| layer: global | |||
| layer: site | |||
| storagePolicy: cleartext | |||
| data: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyb6CDrai3VcFW1ew5ikf7IDSpqfFyrJNLI1DPyd28vcy6D1oFXdELYK7DsXzVCgV7YNDiKpneXMBTJ/Mr/aZi9K3eVvtRp1HAK3y6ycx9KRfyfMVAU0aT3xMOpE5xS/xTH8HNRbOSszp0woVYKhncpkumHweji7wbLKm/WxsggIoGDjn29KIoRhpo96tWz/DBsoU1pIHTMoZNyHW2aYWEx6kOzTEmhxL0LkKv7+A/2HJuLnqcXoQH9jl3kRQDyikNlSw2T3gQV3I8m0od/lEf98MZb1Yv9GrlDCmnUPXAJ2HQaWaVaPPpGcBW7veOZlLfeulwD4zlo6P6JW1SZaat airship@seaworthy | |||
| ... | |||
+ 14
- 0
site/airskiff-suse/secrets/passphrases/private_docker_key.yaml
View File
| @@ -0,0 +1,14 @@ | |||
| --- | |||
| schema: deckhand/Passphrase/v1 | |||
| metadata: | |||
| schema: metadata/Document/v1 | |||
| name: private_docker_key | |||
| layeringDefinition: | |||
| abstract: false | |||
| layer: site | |||
| storagePolicy: cleartext | |||
| # sample key for potential private docker registry | |||
| # see Docker documentation for info on how to generate the key | |||
| # base64 of password123 | |||
| data: cGFzc3dvcmQxMjM= | |||
| ... | |||
+ 14
- 0
site/airskiff/secrets/passphrases/private_docker_key.yaml
View File
| @@ -0,0 +1,14 @@ | |||
| --- | |||
| schema: deckhand/Passphrase/v1 | |||
| metadata: | |||
| schema: metadata/Document/v1 | |||
| name: private_docker_key | |||
| layeringDefinition: | |||
| abstract: false | |||
| layer: site | |||
| storagePolicy: cleartext | |||
| # sample key for potential private docker registry | |||
| # see Docker documentation for info on how to generate the key | |||
| # base64 of password123 | |||
| data: cGFzc3dvcmQxMjM= | |||
| ... | |||
+ 14
- 0
site/airsloop/secrets/passphrases/private_docker_key.yaml
View File
| @@ -0,0 +1,14 @@ | |||
| --- | |||
| schema: deckhand/Passphrase/v1 | |||
| metadata: | |||
| schema: metadata/Document/v1 | |||
| name: private_docker_key | |||
| layeringDefinition: | |||
| abstract: false | |||
| layer: site | |||
| storagePolicy: cleartext | |||
| # sample key for potential private docker registry | |||
| # see Docker documentation for info on how to generate the key | |||
| # base64 of password123 | |||
| data: cGFzc3dvcmQxMjM= | |||
| ... | |||
+ 11
- 0
site/airsloop/secrets/publickey/airship_ssh_public_key.yaml
View File
| @@ -0,0 +1,11 @@ | |||
| --- | |||
| schema: deckhand/PublicKey/v1 | |||
| metadata: | |||
| schema: metadata/Document/v1 | |||
| name: airship_ssh_public_key | |||
| layeringDefinition: | |||
| abstract: false | |||
| layer: site | |||
| storagePolicy: cleartext | |||
| data: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyb6CDrai3VcFW1ew5ikf7IDSpqfFyrJNLI1DPyd28vcy6D1oFXdELYK7DsXzVCgV7YNDiKpneXMBTJ/Mr/aZi9K3eVvtRp1HAK3y6ycx9KRfyfMVAU0aT3xMOpE5xS/xTH8HNRbOSszp0woVYKhncpkumHweji7wbLKm/WxsggIoGDjn29KIoRhpo96tWz/DBsoU1pIHTMoZNyHW2aYWEx6kOzTEmhxL0LkKv7+A/2HJuLnqcXoQH9jl3kRQDyikNlSw2T3gQV3I8m0od/lEf98MZb1Yv9GrlDCmnUPXAJ2HQaWaVaPPpGcBW7veOZlLfeulwD4zlo6P6JW1SZaat airship@seaworthy | |||
| ... | |||
+ 14
- 0
site/seaworthy-virt/secrets/passphrases/private_docker_key.yaml
View File
| @@ -0,0 +1,14 @@ | |||
| --- | |||
| schema: deckhand/Passphrase/v1 | |||
| metadata: | |||
| schema: metadata/Document/v1 | |||
| name: private_docker_key | |||
| layeringDefinition: | |||
| abstract: false | |||
| layer: site | |||
| storagePolicy: cleartext | |||
| # sample key for potential private docker registry | |||
| # see Docker documentation for info on how to generate the key | |||
| # base64 of password123 | |||
| data: cGFzc3dvcmQxMjM= | |||
| ... | |||
+ 11
- 0
site/seaworthy-virt/secrets/publickey/airship_ssh_public_key.yaml
View File
| @@ -0,0 +1,11 @@ | |||
| --- | |||
| schema: deckhand/PublicKey/v1 | |||
| metadata: | |||
| schema: metadata/Document/v1 | |||
| name: airship_ssh_public_key | |||
| layeringDefinition: | |||
| abstract: false | |||
| layer: site | |||
| storagePolicy: cleartext | |||
| data: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyb6CDrai3VcFW1ew5ikf7IDSpqfFyrJNLI1DPyd28vcy6D1oFXdELYK7DsXzVCgV7YNDiKpneXMBTJ/Mr/aZi9K3eVvtRp1HAK3y6ycx9KRfyfMVAU0aT3xMOpE5xS/xTH8HNRbOSszp0woVYKhncpkumHweji7wbLKm/WxsggIoGDjn29KIoRhpo96tWz/DBsoU1pIHTMoZNyHW2aYWEx6kOzTEmhxL0LkKv7+A/2HJuLnqcXoQH9jl3kRQDyikNlSw2T3gQV3I8m0od/lEf98MZb1Yv9GrlDCmnUPXAJ2HQaWaVaPPpGcBW7veOZlLfeulwD4zlo6P6JW1SZaat airship@seaworthy | |||
| ... | |||
+ 14
- 0
site/seaworthy/secrets/passphrases/private_docker_key.yaml
View File
| @@ -0,0 +1,14 @@ | |||
| --- | |||
| schema: deckhand/Passphrase/v1 | |||
| metadata: | |||
| schema: metadata/Document/v1 | |||
| name: private_docker_key | |||
| layeringDefinition: | |||
| abstract: false | |||
| layer: site | |||
| storagePolicy: cleartext | |||
| # sample key for potential private docker registry | |||
| # see Docker documentation for info on how to generate the key | |||
| # base64 of password123 | |||
| data: cGFzc3dvcmQxMjM= | |||
| ... | |||
+ 11
- 0
site/seaworthy/secrets/publickey/airship_ssh_public_key.yaml
View File
| @@ -0,0 +1,11 @@ | |||
| --- | |||
| schema: deckhand/PublicKey/v1 | |||
| metadata: | |||
| schema: metadata/Document/v1 | |||
| name: airship_ssh_public_key | |||
| layeringDefinition: | |||
| abstract: false | |||
| layer: site | |||
| storagePolicy: cleartext | |||
| data: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyb6CDrai3VcFW1ew5ikf7IDSpqfFyrJNLI1DPyd28vcy6D1oFXdELYK7DsXzVCgV7YNDiKpneXMBTJ/Mr/aZi9K3eVvtRp1HAK3y6ycx9KRfyfMVAU0aT3xMOpE5xS/xTH8HNRbOSszp0woVYKhncpkumHweji7wbLKm/WxsggIoGDjn29KIoRhpo96tWz/DBsoU1pIHTMoZNyHW2aYWEx6kOzTEmhxL0LkKv7+A/2HJuLnqcXoQH9jl3kRQDyikNlSw2T3gQV3I8m0od/lEf98MZb1Yv9GrlDCmnUPXAJ2HQaWaVaPPpGcBW7veOZlLfeulwD4zlo6P6JW1SZaat airship@seaworthy | |||
| ... | |||
Loading…