Skip to content
Snippets Groups Projects
Commit c770bbf2 authored by František Dvořák's avatar František Dvořák
Browse files

Switch vault to vault.services.fedcloud.eu

parent 440973ab
No related branches found
No related tags found
No related merge requests found
...@@ -9,18 +9,20 @@ Notebooks. ...@@ -9,18 +9,20 @@ Notebooks.
Prepare environment for interrating with Hashicorp Vault: Prepare environment for interrating with Hashicorp Vault:
export VAULT_ADDR=https://vault.egi.zcu.cz:8200 export VAULT_ADDR=https://vault.services.fedcloud.eu:8200
# replace $LOGIN for real user name in vault Login:
vault login -method=userpass username=$LOGIN
Check environment: # get the service token
read OIDC_ACCESS_TOKEN
vault kv get -mount=eosc/dev -field 'data' -format=json test # login to vault
export VAULT_TOKEN=$(vault write auth/jwt/login jwt=$OIDC_ACCESS_TOKEN | grep -Po 'token\s+\K[^\s]+$')
Note: values were created as admin by commands (replace $SECRET\_NAME and $VALUE): Note: values were created as admin by commands (replace $SECRET\_NAME and $VALUE):
vault kv put -mount=eosc/dev $SECRET_NAME value=$VALUE prefix=/users/e1662e20-e34b-468c-b0ce-d899bc878364@egi.eu/eosc-dev
vault kv put -mount=secret vault kv put -mount secrets $prefix/nexus_admin_password/$SECRET_NAME value=$VALUE
## Sites ## Sites
......
...@@ -10,7 +10,7 @@ all: ...@@ -10,7 +10,7 @@ all:
ansible_user: egi ansible_user: egi
site_name: cesnet-central site_name: cesnet-central
vault_mount_point: eosc/dev vault_mount_point: secrets/users/e1662e20-e34b-468c-b0ce-d899bc878364@egi.eu/eosc-dev
binder_hostname: replay.eosc.zcu.cz binder_hostname: replay.eosc.zcu.cz
old_binder_hostname: binder.eosc.zcu.cz old_binder_hostname: binder.eosc.zcu.cz
......
...@@ -3,11 +3,11 @@ ...@@ -3,11 +3,11 @@
hosts: master hosts: master
vars: vars:
nexus_url: "https://{{ nexus_hostname }}/service/rest/v1" nexus_url: "https://{{ nexus_hostname }}/service/rest/v1"
nexus_admin_password: "{{ lookup('community.hashi_vault.hashi_vault', vault_mount_point + '/data/nexus_admin_password:value', token_validate=false) }}" nexus_admin_password: "{{ lookup('community.hashi_vault.hashi_vault', vault_mount_point + '/nexus_admin_password:value', token_validate=false) }}"
nexus_binder_password: "{{ lookup('community.hashi_vault.hashi_vault', vault_mount_point + '/data/nexus_binder_password:value', token_validate=false) }}" nexus_binder_password: "{{ lookup('community.hashi_vault.hashi_vault', vault_mount_point + '/nexus_binder_password:value', token_validate=false) }}"
nexus_notebooks_password: "{{ lookup('community.hashi_vault.hashi_vault', vault_mount_point + '/data/nexus_notebooks_password:value', nexus_notebooks_password: "{{ lookup('community.hashi_vault.hashi_vault', vault_mount_point + '/nexus_notebooks_password:value',
token_validate=false) }}" token_validate=false) }}"
nexus_writer_password: "{{ lookup('community.hashi_vault.hashi_vault', vault_mount_point + '/data/nexus_writer_password:value', token_validate=false) }}" nexus_writer_password: "{{ lookup('community.hashi_vault.hashi_vault', vault_mount_point + '/nexus_writer_password:value', token_validate=false) }}"
nexus_blobstore_name: default nexus_blobstore_name: default
nexus_blobstore_type: file nexus_blobstore_type: file
nexus_repository_name: container-notebooks nexus_repository_name: container-notebooks
......
...@@ -11,7 +11,7 @@ all: ...@@ -11,7 +11,7 @@ all:
ansible_become: yes ansible_become: yes
ansible_user: egi ansible_user: egi
site_name: cesnet-mcc site_name: cesnet-mcc
vault_mount_point: eosc/dev vault_mount_point: secrets/users/e1662e20-e34b-468c-b0ce-d899bc878364@egi.eu/eosc-dev
gateway_hostname: gateway-cesnet.eosc.zcu.cz gateway_hostname: gateway-cesnet.eosc.zcu.cz
grafana_hostname: grafana-cesnet.eosc.zcu.cz grafana_hostname: grafana-cesnet.eosc.zcu.cz
...@@ -11,7 +11,7 @@ ...@@ -11,7 +11,7 @@
dest: /tmp/gateway.yaml dest: /tmp/gateway.yaml
mode: 0640 mode: 0640
content: | content: |
authToken: "{{ lookup('community.hashi_vault.hashi_vault', vault_mount_point + '/data/gateway_authtoken:value', token_validate=true) }}" authToken: "{{ lookup('community.hashi_vault.hashi_vault', vault_mount_point + '/gateway_authtoken:value', token_validate=true) }}"
global: global:
rbac: true rbac: true
deployment: deployment:
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment