Move global secrets to site
This gives users a straight forward way to update airship SSH key for deployment (MAAS/divingbell config). Change-Id: Ib67774fb67daa79e255b32e6a3e98a5bde96af4f
This commit is contained in:
parent
782a3c0c8e
commit
e69d1d7252
@ -318,6 +318,16 @@ Run the following command to get an up-to-date list of required DNS names:
|
|||||||
Update Secrets
|
Update Secrets
|
||||||
~~~~~~~~~~~~~~
|
~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
Replace public SSH key under
|
||||||
|
``site/${NEW_SITE}/secrets/publickey/airship_ssh_public_key.yaml``
|
||||||
|
with a lab specific SSH public key. This key is used for MAAS initial
|
||||||
|
deployment as well as the default user for Divingbell
|
||||||
|
``site/${NEW_SITE}/software/charts/ucp/divingbell/divingbell.yaml``.
|
||||||
|
|
||||||
|
Add additional keys and Divingbell substitutions for any other users
|
||||||
|
that require SSH access to the deployed servers. See more details at
|
||||||
|
`<https://airship-divingbell.readthedocs.io/en/latest/>`__.
|
||||||
|
|
||||||
Replace passphrases under ``site/${NEW_SITE}/secrets/passphrases/``
|
Replace passphrases under ``site/${NEW_SITE}/secrets/passphrases/``
|
||||||
with random generated ones:
|
with random generated ones:
|
||||||
|
|
||||||
|
@ -5,7 +5,7 @@ metadata:
|
|||||||
name: private_docker_key
|
name: private_docker_key
|
||||||
layeringDefinition:
|
layeringDefinition:
|
||||||
abstract: false
|
abstract: false
|
||||||
layer: global
|
layer: site
|
||||||
storagePolicy: cleartext
|
storagePolicy: cleartext
|
||||||
# sample key for potential private docker registry
|
# sample key for potential private docker registry
|
||||||
# see Docker documentation for info on how to generate the key
|
# see Docker documentation for info on how to generate the key
|
@ -5,7 +5,7 @@ metadata:
|
|||||||
name: airship_ssh_public_key
|
name: airship_ssh_public_key
|
||||||
layeringDefinition:
|
layeringDefinition:
|
||||||
abstract: false
|
abstract: false
|
||||||
layer: global
|
layer: site
|
||||||
storagePolicy: cleartext
|
storagePolicy: cleartext
|
||||||
data: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyb6CDrai3VcFW1ew5ikf7IDSpqfFyrJNLI1DPyd28vcy6D1oFXdELYK7DsXzVCgV7YNDiKpneXMBTJ/Mr/aZi9K3eVvtRp1HAK3y6ycx9KRfyfMVAU0aT3xMOpE5xS/xTH8HNRbOSszp0woVYKhncpkumHweji7wbLKm/WxsggIoGDjn29KIoRhpo96tWz/DBsoU1pIHTMoZNyHW2aYWEx6kOzTEmhxL0LkKv7+A/2HJuLnqcXoQH9jl3kRQDyikNlSw2T3gQV3I8m0od/lEf98MZb1Yv9GrlDCmnUPXAJ2HQaWaVaPPpGcBW7veOZlLfeulwD4zlo6P6JW1SZaat airship@seaworthy
|
data: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyb6CDrai3VcFW1ew5ikf7IDSpqfFyrJNLI1DPyd28vcy6D1oFXdELYK7DsXzVCgV7YNDiKpneXMBTJ/Mr/aZi9K3eVvtRp1HAK3y6ycx9KRfyfMVAU0aT3xMOpE5xS/xTH8HNRbOSszp0woVYKhncpkumHweji7wbLKm/WxsggIoGDjn29KIoRhpo96tWz/DBsoU1pIHTMoZNyHW2aYWEx6kOzTEmhxL0LkKv7+A/2HJuLnqcXoQH9jl3kRQDyikNlSw2T3gQV3I8m0od/lEf98MZb1Yv9GrlDCmnUPXAJ2HQaWaVaPPpGcBW7veOZlLfeulwD4zlo6P6JW1SZaat airship@seaworthy
|
||||||
...
|
...
|
@ -0,0 +1,14 @@
|
|||||||
|
---
|
||||||
|
schema: deckhand/Passphrase/v1
|
||||||
|
metadata:
|
||||||
|
schema: metadata/Document/v1
|
||||||
|
name: private_docker_key
|
||||||
|
layeringDefinition:
|
||||||
|
abstract: false
|
||||||
|
layer: site
|
||||||
|
storagePolicy: cleartext
|
||||||
|
# sample key for potential private docker registry
|
||||||
|
# see Docker documentation for info on how to generate the key
|
||||||
|
# base64 of password123
|
||||||
|
data: cGFzc3dvcmQxMjM=
|
||||||
|
...
|
14
site/airskiff/secrets/passphrases/private_docker_key.yaml
Normal file
14
site/airskiff/secrets/passphrases/private_docker_key.yaml
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
---
|
||||||
|
schema: deckhand/Passphrase/v1
|
||||||
|
metadata:
|
||||||
|
schema: metadata/Document/v1
|
||||||
|
name: private_docker_key
|
||||||
|
layeringDefinition:
|
||||||
|
abstract: false
|
||||||
|
layer: site
|
||||||
|
storagePolicy: cleartext
|
||||||
|
# sample key for potential private docker registry
|
||||||
|
# see Docker documentation for info on how to generate the key
|
||||||
|
# base64 of password123
|
||||||
|
data: cGFzc3dvcmQxMjM=
|
||||||
|
...
|
14
site/airsloop/secrets/passphrases/private_docker_key.yaml
Normal file
14
site/airsloop/secrets/passphrases/private_docker_key.yaml
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
---
|
||||||
|
schema: deckhand/Passphrase/v1
|
||||||
|
metadata:
|
||||||
|
schema: metadata/Document/v1
|
||||||
|
name: private_docker_key
|
||||||
|
layeringDefinition:
|
||||||
|
abstract: false
|
||||||
|
layer: site
|
||||||
|
storagePolicy: cleartext
|
||||||
|
# sample key for potential private docker registry
|
||||||
|
# see Docker documentation for info on how to generate the key
|
||||||
|
# base64 of password123
|
||||||
|
data: cGFzc3dvcmQxMjM=
|
||||||
|
...
|
11
site/airsloop/secrets/publickey/airship_ssh_public_key.yaml
Normal file
11
site/airsloop/secrets/publickey/airship_ssh_public_key.yaml
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
---
|
||||||
|
schema: deckhand/PublicKey/v1
|
||||||
|
metadata:
|
||||||
|
schema: metadata/Document/v1
|
||||||
|
name: airship_ssh_public_key
|
||||||
|
layeringDefinition:
|
||||||
|
abstract: false
|
||||||
|
layer: site
|
||||||
|
storagePolicy: cleartext
|
||||||
|
data: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyb6CDrai3VcFW1ew5ikf7IDSpqfFyrJNLI1DPyd28vcy6D1oFXdELYK7DsXzVCgV7YNDiKpneXMBTJ/Mr/aZi9K3eVvtRp1HAK3y6ycx9KRfyfMVAU0aT3xMOpE5xS/xTH8HNRbOSszp0woVYKhncpkumHweji7wbLKm/WxsggIoGDjn29KIoRhpo96tWz/DBsoU1pIHTMoZNyHW2aYWEx6kOzTEmhxL0LkKv7+A/2HJuLnqcXoQH9jl3kRQDyikNlSw2T3gQV3I8m0od/lEf98MZb1Yv9GrlDCmnUPXAJ2HQaWaVaPPpGcBW7veOZlLfeulwD4zlo6P6JW1SZaat airship@seaworthy
|
||||||
|
...
|
@ -0,0 +1,14 @@
|
|||||||
|
---
|
||||||
|
schema: deckhand/Passphrase/v1
|
||||||
|
metadata:
|
||||||
|
schema: metadata/Document/v1
|
||||||
|
name: private_docker_key
|
||||||
|
layeringDefinition:
|
||||||
|
abstract: false
|
||||||
|
layer: site
|
||||||
|
storagePolicy: cleartext
|
||||||
|
# sample key for potential private docker registry
|
||||||
|
# see Docker documentation for info on how to generate the key
|
||||||
|
# base64 of password123
|
||||||
|
data: cGFzc3dvcmQxMjM=
|
||||||
|
...
|
@ -0,0 +1,11 @@
|
|||||||
|
---
|
||||||
|
schema: deckhand/PublicKey/v1
|
||||||
|
metadata:
|
||||||
|
schema: metadata/Document/v1
|
||||||
|
name: airship_ssh_public_key
|
||||||
|
layeringDefinition:
|
||||||
|
abstract: false
|
||||||
|
layer: site
|
||||||
|
storagePolicy: cleartext
|
||||||
|
data: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyb6CDrai3VcFW1ew5ikf7IDSpqfFyrJNLI1DPyd28vcy6D1oFXdELYK7DsXzVCgV7YNDiKpneXMBTJ/Mr/aZi9K3eVvtRp1HAK3y6ycx9KRfyfMVAU0aT3xMOpE5xS/xTH8HNRbOSszp0woVYKhncpkumHweji7wbLKm/WxsggIoGDjn29KIoRhpo96tWz/DBsoU1pIHTMoZNyHW2aYWEx6kOzTEmhxL0LkKv7+A/2HJuLnqcXoQH9jl3kRQDyikNlSw2T3gQV3I8m0od/lEf98MZb1Yv9GrlDCmnUPXAJ2HQaWaVaPPpGcBW7veOZlLfeulwD4zlo6P6JW1SZaat airship@seaworthy
|
||||||
|
...
|
14
site/seaworthy/secrets/passphrases/private_docker_key.yaml
Normal file
14
site/seaworthy/secrets/passphrases/private_docker_key.yaml
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
---
|
||||||
|
schema: deckhand/Passphrase/v1
|
||||||
|
metadata:
|
||||||
|
schema: metadata/Document/v1
|
||||||
|
name: private_docker_key
|
||||||
|
layeringDefinition:
|
||||||
|
abstract: false
|
||||||
|
layer: site
|
||||||
|
storagePolicy: cleartext
|
||||||
|
# sample key for potential private docker registry
|
||||||
|
# see Docker documentation for info on how to generate the key
|
||||||
|
# base64 of password123
|
||||||
|
data: cGFzc3dvcmQxMjM=
|
||||||
|
...
|
11
site/seaworthy/secrets/publickey/airship_ssh_public_key.yaml
Normal file
11
site/seaworthy/secrets/publickey/airship_ssh_public_key.yaml
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
---
|
||||||
|
schema: deckhand/PublicKey/v1
|
||||||
|
metadata:
|
||||||
|
schema: metadata/Document/v1
|
||||||
|
name: airship_ssh_public_key
|
||||||
|
layeringDefinition:
|
||||||
|
abstract: false
|
||||||
|
layer: site
|
||||||
|
storagePolicy: cleartext
|
||||||
|
data: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyb6CDrai3VcFW1ew5ikf7IDSpqfFyrJNLI1DPyd28vcy6D1oFXdELYK7DsXzVCgV7YNDiKpneXMBTJ/Mr/aZi9K3eVvtRp1HAK3y6ycx9KRfyfMVAU0aT3xMOpE5xS/xTH8HNRbOSszp0woVYKhncpkumHweji7wbLKm/WxsggIoGDjn29KIoRhpo96tWz/DBsoU1pIHTMoZNyHW2aYWEx6kOzTEmhxL0LkKv7+A/2HJuLnqcXoQH9jl3kRQDyikNlSw2T3gQV3I8m0od/lEf98MZb1Yv9GrlDCmnUPXAJ2HQaWaVaPPpGcBW7veOZlLfeulwD4zlo6P6JW1SZaat airship@seaworthy
|
||||||
|
...
|
Loading…
Reference in New Issue
Block a user