kite 0.0.8 → 0.0.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (50) hide show
  1. checksums.yaml +4 -4
  2. data/.travis.yml +2 -0
  3. data/CHANGELOG.md +28 -1
  4. data/README.md +33 -4
  5. data/kite.gemspec +2 -0
  6. data/lib/kite.rb +1 -0
  7. data/lib/kite/core.rb +2 -40
  8. data/lib/kite/generate.rb +43 -0
  9. data/lib/kite/helpers.rb +27 -0
  10. data/lib/kite/render.rb +23 -11
  11. data/lib/kite/version.rb +1 -1
  12. data/tpl/aws/README.md +21 -21
  13. data/tpl/aws/bin/base/bootstrap.sh +35 -0
  14. data/tpl/aws/bin/base/cleanup.sh.tt +19 -0
  15. data/tpl/aws/{set-env.sh.erb → bin/base/set-env.sh.tt} +0 -0
  16. data/tpl/aws/{setup-tunnel.sh.erb → bin/base/setup-tunnel.sh.tt} +0 -0
  17. data/tpl/aws/{bosh-install.sh.erb → bin/bosh-install.sh.tt} +2 -2
  18. data/tpl/{gcp/concourse-deploy.sh.erb → aws/bin/concourse-deploy.sh.tt} +0 -0
  19. data/tpl/aws/bin/vault-deploy.sh.tt +10 -0
  20. data/tpl/aws/{deployments/bosh/bosh_vars.yml.tt → bosh-vars.yml.erb} +0 -0
  21. data/tpl/aws/deployments/bosh/cloud-config.yml.tt +2 -1
  22. data/tpl/aws/deployments/concourse/{concourse.yml.erb → concourse.yml.tt} +7 -0
  23. data/tpl/aws/deployments/vault/vault.yml.erb +38 -0
  24. data/tpl/aws/docs/bosh.md +31 -0
  25. data/tpl/aws/docs/concourse.md +30 -0
  26. data/tpl/{gcp → aws/docs}/vault.md +13 -6
  27. data/tpl/aws/terraform/{main.tf → main.tf.tt} +1 -2
  28. data/tpl/aws/terraform/{network.tf → network.tf.tt} +40 -23
  29. data/tpl/aws/terraform/{terraform.tfvars.erb → terraform.tfvars.tt} +2 -0
  30. data/tpl/aws/terraform/variables.tf +8 -0
  31. data/tpl/gcp/README.md +10 -31
  32. data/tpl/gcp/bin/base/bootstrap.sh +35 -0
  33. data/tpl/gcp/bin/base/cleanup.sh.tt +20 -0
  34. data/tpl/gcp/{set-env.sh.erb → bin/base/set-env.sh.tt} +3 -1
  35. data/tpl/gcp/{setup-tunnel.sh.erb → bin/base/setup-tunnel.sh.tt} +3 -1
  36. data/tpl/gcp/{bosh-install.sh.erb → bin/bosh-install.sh.tt} +3 -2
  37. data/tpl/gcp/bin/concourse-deploy.sh.tt +11 -0
  38. data/tpl/gcp/{vault-deploy.sh.erb → bin/vault-deploy.sh.tt} +1 -1
  39. data/tpl/gcp/deployments/bosh/cloud-config.yml.tt +3 -2
  40. data/tpl/gcp/deployments/concourse/{concourse.yml.erb → concourse.yml.tt} +8 -0
  41. data/tpl/gcp/deployments/concourse/test/test-credentials.yml +3 -0
  42. data/tpl/gcp/deployments/concourse/test/test-pipeline.yml +24 -0
  43. data/tpl/gcp/deployments/nginx/nginx.yml.erb +62 -0
  44. data/tpl/gcp/deployments/vault/{vault.yml → vault.yml.erb} +1 -1
  45. data/tpl/gcp/docs/bosh.md +31 -0
  46. data/tpl/gcp/docs/concourse.md +30 -0
  47. data/tpl/gcp/docs/vault.md +33 -0
  48. data/tpl/skel/config/cloud.yml +2 -0
  49. metadata +62 -19
  50. data/tpl/aws/concourse-deploy.sh.erb +0 -17
@@ -0,0 +1,20 @@
1
+ #!/usr/bin/env bash
2
+
3
+ # Remove existing BOSH deployments
4
+ bosh -e <%= @values['bosh']['name'] %> -d vault deld
5
+
6
+ # Destroy BOSH director
7
+ bosh delete-env deployments/bosh/bosh.yml \
8
+ --state=config/state.json \
9
+ --vars-store=config/creds.yml \
10
+ --vars-file=config/bosh-vars.yml \
11
+ --var-file gcp_credentials_json=<%= @values['gcp']['service_account'] %> \
12
+ -v tags='[platform-internal, no-ip]' \
13
+ -o deployments/bosh/cpi.yml \
14
+ -o deployments/bosh/jumpbox-user.yml
15
+
16
+ # Destroy Terraform-generated infrastructure
17
+ pushd terraform && terraform destroy && popd
18
+
19
+ # Remove files generated by kite
20
+ rm -rf terraform deployments config/{creds.yml,bosh_vars.yml,jumpbox.key} bin/*.sh
@@ -1,6 +1,8 @@
1
1
  #!/usr/bin/env bash
2
2
 
3
- BASTION_IP="$(terraform output -state=terraform/terraform.tfstate bastion_ip)"
3
+ pushd terraform
4
+ BASTION_IP="$(terraform output bastion_ip)"
5
+ popd
4
6
 
5
7
  export BASTION_IP
6
8
  export BOSH_ALL_PROXY=socks5://localhost:5000
@@ -1,6 +1,8 @@
1
1
  #!/usr/bin/env bash
2
+ pushd terraform
3
+ BASTION_IP="$(terraform output bastion_ip)"
4
+ popd
2
5
 
3
- BASTION_IP="$(terraform output -state=terraform/terraform.tfstate bastion_ip)"
4
6
  ssh -D 5000 -fNC kite@$BASTION_IP -i <%= @values['kite']['private_key_path'] %>
5
7
 
6
8
  export BOSH_ALL_PROXY=socks5://localhost:5000
@@ -5,7 +5,7 @@ set -xe
5
5
  bosh create-env deployments/bosh/bosh.yml \
6
6
  --state=config/state.json \
7
7
  --vars-store=config/creds.yml \
8
- --vars-file=bosh-vars.yml \
8
+ --vars-file=config/bosh-vars.yml \
9
9
  --var-file gcp_credentials_json=<%= @values['gcp']['service_account'] %> \
10
10
  -v tags='[platform-internal, no-ip]' \
11
11
  -o deployments/bosh/cpi.yml \
@@ -14,4 +14,5 @@ bosh create-env deployments/bosh/bosh.yml \
14
14
  bosh alias-env <%= @values['bosh']['name'] %> -e <%= @values['bosh']['static_ip'] %> --ca-cert \
15
15
  <(bosh int ./config/creds.yml --path /director_ssl/ca)
16
16
 
17
- bosh -e <%= @values['bosh']['name'] %> ucc deployments/bosh/cloud_config.yml
17
+ echo "Please run"
18
+ echo bosh -e <%= @values['bosh']['name'] %> ucc deployments/bosh/cloud-config.yml
@@ -0,0 +1,11 @@
1
+ #!/usr/bin/env bash
2
+
3
+ set -xe
4
+
5
+ # Upload necessary stemcells and releases
6
+ bosh -e <%= @values['bosh']['name'] %> upload-stemcell https://bosh.io/d/stemcells/bosh-google-kvm-ubuntu-trusty-go_agent
7
+ bosh -e <%= @values['bosh']['name'] %> upload-release https://github.com/concourse/concourse/releases/download/v3.4.1/concourse-3.4.1.tgz
8
+ bosh -e <%= @values['bosh']['name'] %> upload-release https://github.com/concourse/concourse/releases/download/v3.4.1/garden-runc-1.6.0.tgz
9
+
10
+ # Deploy Concourse
11
+ bosh -e <%= @values['bosh']['name'] %> -d concourse deploy deployments/concourse/concourse.yml
@@ -3,7 +3,7 @@
3
3
  set -xe
4
4
 
5
5
  # Render Concourse-related files
6
- kite render manifest concourse --cloud aws
6
+ kite render manifest vault --cloud gcp
7
7
 
8
8
  # Upload necessary stemcells and releases
9
9
  bosh -e <%= @values['bosh']['name'] %> upload-stemcell https://s3.amazonaws.com/bosh-core-stemcells/google/bosh-stemcell-3445.7-google-kvm-ubuntu-trusty-go_agent.tgz
@@ -39,11 +39,12 @@ networks:
39
39
  - az: z1
40
40
  range: <%= @values['gcp']['subnet_cidr'] %>
41
41
  gateway: <%= @values['gcp']['internal_gw'] %>
42
- reserved: [<%= ip_range(@private_subnet, (1..10)) %>]
42
+ reserved: [<%= ip_range(@private_subnet, (1..10)) %>] # Reserved range for the gateway, BOSH Director etc
43
+ static: [<%= ip_range(@private_subnet, (11..13)) %>] # Static IP range for Vault, Concourse web panel, nginx etc
43
44
  cloud_properties:
44
45
  network_name: <%= @values['gcp']['vpc_name'] %>
45
46
  subnetwork_name: <%= @values['gcp']['subnet_name'] %>
46
- ephemeral_external_ip: true
47
+ ephemeral_external_ip: false
47
48
  tags:
48
49
  - concourse-public
49
50
  - concourse-internal
@@ -15,6 +15,7 @@ instance_groups:
15
15
  stemcell: trusty
16
16
  networks:
17
17
  - name: public
18
+ static_ips: [<%= @private_subnet[12] %>]
18
19
  default: [dns, gateway]
19
20
 
20
21
  jobs:
@@ -27,6 +28,13 @@ instance_groups:
27
28
  basic_auth_password: <%= @values['concourse']['auth_password'] %>
28
29
  publicly_viewable: true
29
30
 
31
+ vault:
32
+ auth:
33
+ backend: token
34
+ client_token: "your Vault root token here"
35
+ path_prefix: /concourse
36
+ url: "http://<%= @private_subnet[11] %>:8200" # expecting Vault to be deployed first
37
+
30
38
  postgresql_database: &atc_db atc
31
39
 
32
40
  - name: tsa
@@ -0,0 +1,3 @@
1
+ dockerhub-email: "vshatravenko@heliostech.fr"
2
+ dockerhub-repo: "valshatravenko/piwik"
3
+ git-source-uri: "https://github.com/vshatravenko/piwik"
@@ -0,0 +1,24 @@
1
+ ---
2
+ resources:
3
+ - name: test-image
4
+ type: docker-image
5
+ source:
6
+ email: {{dockerhub-email}}
7
+ username: ((dockerhub_username))
8
+ password: ((dockerhub_password))
9
+ repository: {{dockerhub-repo}}
10
+ - name: test-src
11
+ type: git
12
+ source:
13
+ uri: {{git-source-uri}}
14
+
15
+ jobs:
16
+ - name: test-publish
17
+ public: true
18
+ serial: true
19
+ plan:
20
+ - get: test-src
21
+ trigger: true
22
+ - put: test-image
23
+ params:
24
+ build: test-src
@@ -0,0 +1,62 @@
1
+ ---
2
+ name: nginx
3
+
4
+ releases:
5
+ - name: nginx
6
+ version: latest
7
+
8
+
9
+ instance_groups:
10
+ - name: nginx
11
+ instances: 1
12
+ vm_type: default
13
+ azs: [z1]
14
+ stemcell: trusty
15
+ networks:
16
+ - name: public
17
+ static_ips: [<%= @private_subnet[13] %>]
18
+ default: [dns, gateway]
19
+
20
+ jobs:
21
+ - name: nginx
22
+ release: nginx
23
+ properties:
24
+ nginx_conf: |
25
+ worker_processes 1;
26
+ error_log /var/vcap/sys/log/nginx/error.log info;
27
+ events {
28
+ worker_connections 1024;
29
+ }
30
+
31
+ http {
32
+ include /var/vcap/packages/nginx/conf/mime.types;
33
+ default_type application/octet-stream;
34
+ sendfile on;
35
+ keepalive_timeout 65;
36
+ server_names_hash_bucket_size 64;
37
+ server {
38
+ server_name kite-nginx;
39
+
40
+ location / {
41
+ proxy_pass http://<%= @private_subnet[13] %>; # Concourse web panel IP
42
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
43
+ proxy_set_header Host $http_host;
44
+ proxy_redirect off;
45
+ }
46
+
47
+ access_log /var/vcap/sys/log/nginx/kite-access.log;
48
+ error_log /var/vcap/sys/log/nginx/kite-error.log;
49
+ }
50
+ }
51
+
52
+ stemcells:
53
+ - alias: trusty
54
+ os: ubuntu-trusty
55
+ version: latest
56
+
57
+ update:
58
+ canaries: 1
59
+ max_in_flight: 1
60
+ serial: false
61
+ canary_watch_time: 1000-60000
62
+ update_watch_time: 1000-60000
@@ -13,7 +13,7 @@ instance_groups:
13
13
  stemcell: trusty
14
14
  networks:
15
15
  - name: public
16
-
16
+ static_ips: [<%= @private_subnet[11] %>]
17
17
  jobs:
18
18
  - name: vault
19
19
  release: vault
@@ -0,0 +1,31 @@
1
+ #### [Back](../README.md)
2
+
3
+ ## BOSH
4
+
5
+ ### Prerequisites
6
+
7
+ - Terraform IaC applied
8
+ - [BOSH CLI v2](https://bosh.io/docs/cli-v2.html#install) installed
9
+
10
+ ### Setup
11
+
12
+ Render bosh deployment
13
+ ```
14
+ kite render manifest bosh --cloud=gcp
15
+ ```
16
+
17
+ Setup tunnel
18
+ ```
19
+ . bin/setup-tunnel.sh
20
+ ```
21
+
22
+ Install BOSH
23
+ ```
24
+ ./bin/bosh-install.sh
25
+ ```
26
+
27
+ Connect to the Director
28
+ ```
29
+ . bin/set-env.sh
30
+
31
+ ```
@@ -0,0 +1,30 @@
1
+ #### [Back](../README.md)
2
+
3
+ ## Concourse
4
+
5
+ ### Prerequisites
6
+
7
+ - Vault [deployed and initialized](vault.md)
8
+
9
+ ### Setup
10
+
11
+ Fill out the "token" field in `deployments/concourse/concourse.yml` with root token received from `vault init`.
12
+
13
+ Deploy Concourse
14
+ ```
15
+ ./bin/concourse-deploy.sh
16
+ ```
17
+
18
+ ### Test
19
+
20
+ To run a test Concourse job:
21
+
22
+ - Go to test folder: `cd deployments/concourse/test`
23
+ - Fill out `test-credentials.yml`
24
+ - Add necessary secrets to your Vault(see [docs/vault.md](docs/vault.md))
25
+ - Download the `fly` client from Concourse web panel and add it to your PATH: `mv *path_to_fly* /usr/local/bin`
26
+ - Login to Concourse using the `fly` client: `fly -t ci --concourse-url *concourse-url*`
27
+ - Create a test pipeline with `fly set-pipeline -t ci -c test-pipeline.yml -p test --load-vars-from test-credentials.yml -n`
28
+ - Unpause pipeline: `fly unpause-pipeline -t ci -p test`
29
+ - Trigger and unpause the test job: `fly trigger-job -t ci -j test/test-publish`
30
+ - See the results on Concourse web panel or use: `fly watch -p test -j test/test-publish`
@@ -0,0 +1,33 @@
1
+ #### [Back](../README.md)
2
+
3
+ ## Vault
4
+
5
+ ### Prerequisites
6
+
7
+ Before using Vault, you should have the client installed:
8
+
9
+ - Download the binary for your OS
10
+ - Unzip it and run `chmod +x vault && sudo mv vault /usr/local/bin/vault`
11
+ - Check if the Vault is installed by running `vault -v`
12
+
13
+ ### Deployment
14
+
15
+ To deploy Vault, use `./bin/vault-deploy.sh`
16
+
17
+ ### Connection
18
+
19
+ - Export your Vault's IP using `export VAULT_ADDR=*vault_ip*`
20
+ - Run `vault init` to initialize the vault
21
+ - Store the keys displayed after init
22
+ - Unseal the vault by running `vault unseal` three times using three keys from the previous step
23
+ - Authenticate to the vault with `vault auth` using the root token you got from `vault init`
24
+
25
+ [Optional]
26
+ - Try to store a dummy secret: `vault write secret/handshake knock=knock`
27
+ - Read it: `vault read secret/handshake`
28
+
29
+ ### Usage with Concourse
30
+
31
+ Before using Vault with Concourse you should mount a secrets backend with `vault mount -path=concourse kv`
32
+
33
+ To add new secrets accessible for Concourse use `vault write concourse/main/*secret_name* value="*secret_value*"`
@@ -11,9 +11,11 @@ aws:
11
11
  zone: "eu-central-1a"
12
12
  vpc_name: "platform-tools"
13
13
  vpc_cidr_block: "10.0.0.0/16"
14
+ vpc_id: "" # submit vpc id if you want to use an existing vpc
14
15
  public_subnet:
15
16
  name: "platform-dmz"
16
17
  network: "10.0.10.0/26"
18
+ id: "" # submit id if you want to use an existing public subnet
17
19
  private_subnet:
18
20
  name: "platform-net"
19
21
  gateway: "10.0.20.1"
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: kite
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.8
4
+ version: 0.0.9
5
5
  platform: ruby
6
6
  authors:
7
7
  - Louis Bellet
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-09-22 00:00:00.000000000 Z
11
+ date: 2017-09-29 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: thor
@@ -66,6 +66,34 @@ dependencies:
66
66
  - - "~>"
67
67
  - !ruby/object:Gem::Version
68
68
  version: '3.0'
69
+ - !ruby/object:Gem::Dependency
70
+ name: simplecov
71
+ requirement: !ruby/object:Gem::Requirement
72
+ requirements:
73
+ - - ">="
74
+ - !ruby/object:Gem::Version
75
+ version: '0'
76
+ type: :development
77
+ prerelease: false
78
+ version_requirements: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - ">="
81
+ - !ruby/object:Gem::Version
82
+ version: '0'
83
+ - !ruby/object:Gem::Dependency
84
+ name: codecov
85
+ requirement: !ruby/object:Gem::Requirement
86
+ requirements:
87
+ - - ">="
88
+ - !ruby/object:Gem::Version
89
+ version: '0'
90
+ type: :development
91
+ prerelease: false
92
+ version_requirements: !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - - ">="
95
+ - !ruby/object:Gem::Version
96
+ version: '0'
69
97
  description: Kite is a bootstraping tool for your cloud provider and long term administration.
70
98
  email:
71
99
  - lbellet@heliostech.fr
@@ -94,45 +122,60 @@ files:
94
122
  - lib/kite/cloud.rb
95
123
  - lib/kite/core.rb
96
124
  - lib/kite/error.rb
125
+ - lib/kite/generate.rb
97
126
  - lib/kite/helpers.rb
98
127
  - lib/kite/render.rb
99
128
  - lib/kite/version.rb
100
129
  - tpl/aws/README.md
101
- - tpl/aws/bosh-install.sh.erb
102
- - tpl/aws/concourse-deploy.sh.erb
130
+ - tpl/aws/bin/base/bootstrap.sh
131
+ - tpl/aws/bin/base/cleanup.sh.tt
132
+ - tpl/aws/bin/base/set-env.sh.tt
133
+ - tpl/aws/bin/base/setup-tunnel.sh.tt
134
+ - tpl/aws/bin/bosh-install.sh.tt
135
+ - tpl/aws/bin/concourse-deploy.sh.tt
136
+ - tpl/aws/bin/vault-deploy.sh.tt
137
+ - tpl/aws/bosh-vars.yml.erb
103
138
  - tpl/aws/deployments/bosh/bosh.yml
104
- - tpl/aws/deployments/bosh/bosh_vars.yml.tt
105
139
  - tpl/aws/deployments/bosh/cloud-config.yml.tt
106
140
  - tpl/aws/deployments/bosh/cpi.yml
107
141
  - tpl/aws/deployments/bosh/jumpbox-user.yml
108
- - tpl/aws/deployments/concourse/concourse.yml.erb
109
- - tpl/aws/set-env.sh.erb
110
- - tpl/aws/setup-tunnel.sh.erb
111
- - tpl/aws/terraform/main.tf
112
- - tpl/aws/terraform/network.tf
142
+ - tpl/aws/deployments/concourse/concourse.yml.tt
143
+ - tpl/aws/deployments/vault/vault.yml.erb
144
+ - tpl/aws/docs/bosh.md
145
+ - tpl/aws/docs/concourse.md
146
+ - tpl/aws/docs/vault.md
147
+ - tpl/aws/terraform/main.tf.tt
148
+ - tpl/aws/terraform/network.tf.tt
113
149
  - tpl/aws/terraform/outputs.tf
114
- - tpl/aws/terraform/terraform.tfvars.erb
150
+ - tpl/aws/terraform/terraform.tfvars.tt
115
151
  - tpl/aws/terraform/variables.tf
116
152
  - tpl/gcp/README.md
117
- - tpl/gcp/bosh-install.sh.erb
153
+ - tpl/gcp/bin/base/bootstrap.sh
154
+ - tpl/gcp/bin/base/cleanup.sh.tt
155
+ - tpl/gcp/bin/base/set-env.sh.tt
156
+ - tpl/gcp/bin/base/setup-tunnel.sh.tt
157
+ - tpl/gcp/bin/bosh-install.sh.tt
158
+ - tpl/gcp/bin/concourse-deploy.sh.tt
159
+ - tpl/gcp/bin/vault-deploy.sh.tt
118
160
  - tpl/gcp/bosh-vars.yml.erb
119
- - tpl/gcp/concourse-deploy.sh.erb
120
161
  - tpl/gcp/deployments/bosh/bosh.yml
121
162
  - tpl/gcp/deployments/bosh/cloud-config.yml.tt
122
163
  - tpl/gcp/deployments/bosh/cpi.yml
123
164
  - tpl/gcp/deployments/bosh/jumpbox-user.yml
124
- - tpl/gcp/deployments/concourse/concourse.yml.erb
125
- - tpl/gcp/deployments/vault/vault.yml
126
- - tpl/gcp/set-env.sh.erb
127
- - tpl/gcp/setup-tunnel.sh.erb
165
+ - tpl/gcp/deployments/concourse/concourse.yml.tt
166
+ - tpl/gcp/deployments/concourse/test/test-credentials.yml
167
+ - tpl/gcp/deployments/concourse/test/test-pipeline.yml
168
+ - tpl/gcp/deployments/nginx/nginx.yml.erb
169
+ - tpl/gcp/deployments/vault/vault.yml.erb
170
+ - tpl/gcp/docs/bosh.md
171
+ - tpl/gcp/docs/concourse.md
172
+ - tpl/gcp/docs/vault.md
128
173
  - tpl/gcp/terraform/gcs.tf.tt
129
174
  - tpl/gcp/terraform/main.tf
130
175
  - tpl/gcp/terraform/network.tf
131
176
  - tpl/gcp/terraform/outputs.tf
132
177
  - tpl/gcp/terraform/terraform.tfvars.tt
133
178
  - tpl/gcp/terraform/variables.tf
134
- - tpl/gcp/vault-deploy.sh.erb
135
- - tpl/gcp/vault.md
136
179
  - tpl/skel/Gemfile.tt
137
180
  - tpl/skel/README.md.tt
138
181
  - tpl/skel/bin/kite