From 2b067617ff44497d4e6020878b7f493342ed1c48 Mon Sep 17 00:00:00 2001 From: Shayan Ghani Date: Mon, 2 Sep 2024 15:30:33 +0330 Subject: [PATCH 1/5] fix(doc) : update all project refrences --- Contributing.md | 6 +++--- README.md | 4 ++-- artifacts/wiki.md | 2 +- artifacts/wiki/index.html | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/Contributing.md b/Contributing.md index 0d70882..e4b1bef 100644 --- a/Contributing.md +++ b/Contributing.md @@ -27,9 +27,9 @@ Thank you for considering contributing to the HashiCorp Boundary and Vault Stack cd boundary-vault-stack ``` -3. **Set Up Your Environment**: Ensure you have the necessary dependencies installed as outlined in the [documentation](./artifacts/wiki.md). +3. **Set Up Your Environment**: Ensure you have the necessary dependencies installed as outlined in the [documentation](https://devopshobbies.github.io/boundary-vault-stack/). -4. **Review the Documentation**: Familiarize yourself with the project by thoroughly reading the [documentation](./artifacts/wiki.md) and reviewing the [automation workflow diagram](https://linktw.in/PloXtt). +4. **Review the Documentation**: Familiarize yourself with the project by thoroughly reading the [documentation](https://devopshobbies.github.io/boundary-vault-stack/) and reviewing the [automation workflow diagram](https://linktw.in/PloXtt). ## Types of Contributions @@ -39,7 +39,7 @@ If you encounter any bugs, errors, or have suggestions for improvements: - **Search Existing Issues**: Before submitting a new issue, check if it has already been reported. - **Create a New Issue**: If it’s a new issue, provide detailed information such as steps to reproduce, expected vs. actual results, and any relevant screenshots or logs. -- **Link to Related Tasks**: If your issue relates to any of the [TODOs](https://github.com/Shayan-Ghani/boundary-vault-stack/tree/main/#to-do), reference the corresponding task. +- **Link to Related Tasks**: If your issue relates to any of the [TODOs](https://github.com/devopshobbies/boundary-vault-stack/tree/main/#to-do), reference the corresponding task. ### Commit Messages diff --git a/README.md b/README.md index 21314d8..b45adc0 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ This project provides a comprehensive, hands-on experience in Infrastructure as ## How to Use -1. **Read the Documentation**: Before getting started, ensure you have thoroughly reviewed the [project documentation](./artifacts/wiki.md) and the [automation workflow diagram](https://linktw.in/nWgoiO). +1. **Read the Documentation**: Before getting started, ensure you have thoroughly reviewed the [project documentation](https://devopshobbies.github.io/boundary-vault-stack/) and the [automation workflow diagram](https://linktw.in/nWgoiO). 2. **Configure Variables**: Create your own `tfvars` file based on the samples provided in the [Boundary](./boundary/terraform/terraform.tfvars.sample) and [Vault](./vault/terraform/terraform.tfvars.sample) directories. Alternatively, you can remove the `.sample` extension from the provided sample files to use the default values. @@ -18,7 +18,7 @@ This project provides a comprehensive, hands-on experience in Infrastructure as ./start.sh -e development ``` - For further assistance on exit/return codes and configurations, refer to the [documentation](./artifacts/wiki.md). + For further assistance on exit/return codes and configurations, refer to the [documentation](https://devopshobbies.github.io/boundary-vault-stack/). 4. **Enter Vault Password**: You will be prompted to enter the Vault password to decrypt Ansible Vault-encrypted files (e.g., `inventory.ini`). diff --git a/artifacts/wiki.md b/artifacts/wiki.md index 759a307..05c1cd7 100644 --- a/artifacts/wiki.md +++ b/artifacts/wiki.md @@ -176,4 +176,4 @@ scripts/init.sh vault ## Still Having Issues? -For further assistance, feel free to open up a new issue on the [GitHub Issues page](https://github.com/Shayan-Ghani/boundary-vault-stack/issues). +For further assistance, feel free to open up a new issue on the [GitHub Issues page](https://github.com/devopshobbies/boundary-vault-stack/issues). diff --git a/artifacts/wiki/index.html b/artifacts/wiki/index.html index a718f5d..06dd83b 100644 --- a/artifacts/wiki/index.html +++ b/artifacts/wiki/index.html @@ -286,7 +286,7 @@

Bear In Mind

Still Having Issues

For further assistance, feel free to open up a new issue on the GitHub Issues page.

+ href="https://github.com/devopshobbies/boundary-vault-stack/issues">GitHub Issues page.

From 4e62058a0e423e321cb5c2974be2f9523c5afb5c Mon Sep 17 00:00:00 2001 From: Shayan Ghani Date: Tue, 3 Sep 2024 13:30:07 +0330 Subject: [PATCH 2/5] doc: update vault diagram --- artifacts/diagrams/vault.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/artifacts/diagrams/vault.py b/artifacts/diagrams/vault.py index 152bfe8..1e96ae2 100644 --- a/artifacts/diagrams/vault.py +++ b/artifacts/diagrams/vault.py @@ -19,11 +19,11 @@ users = Users("\nUsers") # Vault connections - vault_listener - Edge(label="0.0.0.0:8200\nTLS Disabled") >> [storage_raft, vault_ui] + vault_listener - Edge(label="0.0.0.0:8200\nTLS Disabled") >> vault_ui vault_listener >> Edge(label="Max Entry Size\n1MB") >> storage_raft # User Management connections - users >> Edge(label="Lockout Threshold: 3\nLockout Duration: 10m") >> userpass_lockout + users - Edge(label="Lockout Threshold: 3\nLockout Duration: 10m") - userpass_lockout # External connections api_addr = Vault("API Address\nhttp://localhost:8200") From ca46a5ffcb15caac410fc4d5ec9d730274698bdb Mon Sep 17 00:00:00 2001 From: Shayan Ghani Date: Tue, 3 Sep 2024 18:50:10 +0330 Subject: [PATCH 3/5] doc : update README and wiki --- README.md | 34 +++++++++++++++++++++++++++++----- artifacts/wiki/index.html | 8 ++++++++ 2 files changed, 37 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index b45adc0..154b108 100644 --- a/README.md +++ b/README.md @@ -6,9 +6,29 @@ Deploy a Self-Hosted HCP Vault and Boundary stack using end-to-end automation. This project provides a comprehensive, hands-on experience in Infrastructure as Code (IaC) and Configuration Management. It simulates a real-world infrastructure environment with a focus on end-to-end automation, enabling DevOps engineers to collaboratively deliver a reliable, production-ready stack. Key deliverables include detailed documentation and diagrams. -## How to Use +> As of [the latest release](https://github.com/devopshobbies/boundary-vault-stack/releases/latest), BVSTACK covers **steps 0-3** of the [DevOpsHobbies Ultimate Roadmap](https://github.com/devopshobbies/devops-roadmap). + +## 💻 Toolchain +![Vault](https://img.shields.io/badge/vault-%231A1918.svg?style=for-the-badge&logo=vault) +![LINUX](https://img.shields.io/badge/Linux-FCC624?style=for-the-badge&logo=linux&logoColor=black) +![Ansible](https://img.shields.io/badge/ansible-%231A1918.svg?style=for-the-badge&logo=ansible&logoColor=white) +![Terraform](https://img.shields.io/badge/terraform-%235835CC.svg?style=for-the-badge&logo=terraform&logoColor=white) +![Boundary](https://img.shields.io/badge/Boundary-%231A1918.svg?style=for-the-badge&logo=hashicorp&logoColor=red) +![Docker](https://img.shields.io/badge/docker-%230db7ed.svg?style=for-the-badge&logo=docker&logoColor=white) +![Vagrant](https://img.shields.io/badge/vagrant-%231A1918.svg?style=for-the-badge&logo=vagrant&logoColor=blue) +![Postgres](https://img.shields.io/badge/postgres-%23316192.svg?style=for-the-badge&logo=postgresql&logoColor=white) +![Python](https://img.shields.io/badge/python-3670A0?style=for-the-badge&logo=python&logoColor=ffdd54) +[![Bash](https://img.shields.io/badge/Bash-1f425f.svg?style=for-the-badge&logo=image%2Fpng%3Bbase64%2CiVBORw0KGgoAAAANSUhEUgAAABgAAAAYCAYAAADgdz34AAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyZpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw%2FeHBhY2tldCBiZWdpbj0i77u%2FIiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8%2BIDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDUuNi1jMTExIDc5LjE1ODMyNSwgMjAxNS8wOS8xMC0wMToxMDoyMCAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIgeG1sbnM6eG1wPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvIiB4bWxuczp4bXBNTT0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL21tLyIgeG1sbnM6c3RSZWY9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9zVHlwZS9SZXNvdXJjZVJlZiMiIHhtcDpDcmVhdG9yVG9vbD0iQWRvYmUgUGhvdG9zaG9wIENDIDIwMTUgKFdpbmRvd3MpIiB4bXBNTTpJbnN0YW5jZUlEPSJ4bXAuaWlkOkE3MDg2QTAyQUZCMzExRTVBMkQxRDMzMkJDMUQ4RDk3IiB4bXBNTTpEb2N1bWVudElEPSJ4bXAuZGlkOkE3MDg2QTAzQUZCMzExRTVBMkQxRDMzMkJDMUQ4RDk3Ij4gPHhtcE1NOkRlcml2ZWRGcm9tIHN0UmVmOmluc3RhbmNlSUQ9InhtcC5paWQ6QTcwODZBMDBBRkIzMTFFNUEyRDFEMzMyQkMxRDhEOTciIHN0UmVmOmRvY3VtZW50SUQ9InhtcC5kaWQ6QTcwODZBMDFBRkIzMTFFNUEyRDFEMzMyQkMxRDhEOTciLz4gPC9yZGY6RGVzY3JpcHRpb24%2BIDwvcmRmOlJERj4gPC94OnhtcG1ldGE%2BIDw%2FeHBhY2tldCBlbmQ9InIiPz6lm45hAAADkklEQVR42qyVa0yTVxzGn7d9Wy03MS2ii8s%2BeokYNQSVhCzOjXZOFNF4jx%2BMRmPUMEUEqVG36jo2thizLSQSMd4N8ZoQ8RKjJtooaCpK6ZoCtRXKpRempbTv5ey83bhkAUphz8fznvP8znn%2B%2F3NeEEJgNBoRRSmz0ub%2FfuxEacBg%2FDmYtiCjgo5NG2mBXq%2BH5I1ogMRk9Zbd%2BQU2e1ML6VPLOyf5tvBQ8yT1lG10imxsABm7SLs898GTpyYynEzP60hO3trHDKvMigUwdeaceacqzp7nOI4n0SSIIjl36ao4Z356OV07fSQAk6xJ3XGg%2BLCr1d1OYlVHp4eUHPnerU79ZA%2F1kuv1JQMAg%2BE4O2P23EumF3VkvHprsZKMzKwbRUXFEyTvSIEmTVbrysp%2BWr8wfQHGK6WChVa3bKUmdWou%2BjpArdGkzZ41c1zG%2Fu5uGH4swzd561F%2BuhIT4%2BLnSuPsv9%2BJKIpjNr9dXYOyk7%2FBZrcjIT4eCnoKgedJP4BEqhG77E3NKP31FO7cfQA5K0dSYuLgz2TwCWJSOBzG6crzKK%2BohNfni%2Bx6OMUMMNe%2Fgf7ocbw0v0acKg6J8Ql0q%2BT%2FAXR5PNi5dz9c71upuQqCKFAD%2BYhrZLEAmpodaHO3Qy6TI3NhBpbrshGtOWKOSMYwYGQM8nJzoFJNxP2HjyIQho4PewK6hBktoDcUwtIln4PjOWzflQ%2Be5yl0yCCYgYikTclGlxadio%2BBQCSiW1UXoVGrKYwH4RgMrjU1HAB4vR6LzWYfFUCKxfS8Ftk5qxHoCUQAUkRJaSEokkV6Y%2F%2BJUOC4hn6A39NVXVBYeNP8piH6HeA4fPbpdBQV5KOx0QaL1YppX3Jgk0TwH2Vg6S3u%2BdB91%2B%2FpuNYPYFl5uP5V7ZqvsrX7jxqMXR6ff3gCQSTzFI0a1TX3wIs8ul%2Bq4HuWAAiM39vhOuR1O1fQ2gT%2F26Z8Z5vrl2OHi9OXZn995nLV9aFfS6UC9JeJPfuK0NBohWpCHMSAAsFe74WWP%2BvT25wtP9Bpob6uGqqyDnOtaeumjRu%2ByFu36VntK%2FPA5umTJeUtPWZSU9BCgud661odVp3DZtkc7AnYR33RRC708PrVi1larW7XwZIjLnd7R6SgSqWSNjU1B3F72pz5TZbXmX5vV81Yb7Lg7XT%2FUXriu8XLVqw6c6XqWnBKiiYU%2BMt3wWF7u7i91XlSEITwSAZ%2FCzAAHsJVbwXYFFEAAAAASUVORK5CYII%3D)](https://www.gnu.org/software/bash/) + +## Pre-requisites +- [Vagrant](https://developer.hashicorp.com/vagrant/downloads) +- [Virtualbox](https://virtualbox.org/wiki/Linux_Downloads) +- Python => 3.10.12 +- Pip +- venv -1. **Read the Documentation**: Before getting started, ensure you have thoroughly reviewed the [project documentation](https://devopshobbies.github.io/boundary-vault-stack/) and the [automation workflow diagram](https://linktw.in/nWgoiO). +## How to Use +1. **Read the Documentation**: Before getting started, ensure you have thoroughly reviewed the [project documentation](https://devopshobbies.github.io/boundary-vault-stack/), the [automation workflow diagram](https://linktw.in/nWgoiO) and installed the **prerequisites**. 2. **Configure Variables**: Create your own `tfvars` file based on the samples provided in the [Boundary](./boundary/terraform/terraform.tfvars.sample) and [Vault](./vault/terraform/terraform.tfvars.sample) directories. Alternatively, you can remove the `.sample` extension from the provided sample files to use the default values. @@ -18,11 +38,15 @@ This project provides a comprehensive, hands-on experience in Infrastructure as ./start.sh -e development ``` - For further assistance on exit/return codes and configurations, refer to the [documentation](https://devopshobbies.github.io/boundary-vault-stack/). -4. **Enter Vault Password**: You will be prompted to enter the Vault password to decrypt Ansible Vault-encrypted files (e.g., `inventory.ini`). +4. **Enter Vault Password**: You will be prompted to enter the Vault password four times to decrypt Ansible Vault-encrypted files (e.g., `inventory.ini`) unless the related [issue](https://github.com/devopshobbies/boundary-vault-stack/issues/24) is resolved. + +>**Note**: The default `ansible-vault-pass` is `BVSTACK`. This is provided for simplicity in the sample; ensure you use a strong password for your Ansible Vault-encrypted files. + +> **Note** +> The stack assumes that your host machine acts as the Ansible/Terraform controller. If you have the resources, it's recommended to spin up a separate VM to serve as the controller by cloning and running the project on that VM. after that you can export STACK_SERVER environment variable and set it to false this enables you to keep your host machine clean and isolated. Otherwise, don't even bother you won't be losing much. [learn more about STACK_SERVER](https://devopshobbies.github.io/boundary-vault-stack/#environment-variables) - **Note**: The default `ansible-vault-pass` is `BVSTACK`. This is provided for simplicity in the sample; ensure you use a strong password for your Ansible Vault-encrypted files. +For further assistance on exit/return codes and configurations, refer to the [documentation](https://devopshobbies.github.io/boundary-vault-stack/). ## To-Do List diff --git a/artifacts/wiki/index.html b/artifacts/wiki/index.html index 06dd83b..d910167 100644 --- a/artifacts/wiki/index.html +++ b/artifacts/wiki/index.html @@ -136,6 +136,14 @@

SSH_INJECTION (optional)

default : false

+

STACK_SERVER (optional)

+

If set to false, vagrant and virtualbox won't be used to spin up BVSTACK. Instead you must create both Controller, BVSTACK and Client machines manually using your prefered method; ensure to address them in the inventory file accordingly.

+
    +
  • true
  • +
  • false
  • +
+

default : true

+
From e0e864990d43710e162dc68b4f58d51e02c7eaeb Mon Sep 17 00:00:00 2001 From: Shayan Ghani Date: Tue, 3 Sep 2024 18:51:45 +0330 Subject: [PATCH 4/5] fix(bash): add vagrant and py linter +STACK_SERVER checking --- scripts/linter.sh | 25 ++++++++++++++++++++++++- start.sh | 30 +++++++++++++++++++++++++----- 2 files changed, 49 insertions(+), 6 deletions(-) diff --git a/scripts/linter.sh b/scripts/linter.sh index a623c1c..93dedb4 100644 --- a/scripts/linter.sh +++ b/scripts/linter.sh @@ -47,6 +47,29 @@ function lint_docker () { } +function lint_vagrant(){ + if ! command -v vagrant &> /dev/null; then + echo -e "ERROR: Vagrant is not installed!" >&2 + echo -e "Please install Vagrant from https://developer.hashicorp.com/vagrant/downloads" >&2 + return 1 + fi + + if ! command -v VBoxManage &> /dev/null; then + echo -e "ERROR: VirtualBox is not installed \nVagrant uses Virtualbox to provision vms." >&2 + echo -e "Please install VirtualBox from https://virtualbox.org/wiki/Linux_Downloads" >&2 + return 1 + fi + return 0 +} + +function lint_py(){ + if ! command -v python3 && ! command -v python ; then + echo "Error: Python Is Not Installed." >&2 + return 1 + fi + return 0 +} + function lint_ansible () { cd ../ansible || { echo "Failed to change directory to ansible"; return 1; } @@ -62,6 +85,6 @@ function lint_ansible () { return 0 } -if [ $1 == "ansible" ]; then +if [[ $1 == "ansible" ]]; then lint_ansible fi \ No newline at end of file diff --git a/start.sh b/start.sh index a3fd7a4..8fa6d7f 100755 --- a/start.sh +++ b/start.sh @@ -64,22 +64,42 @@ if [ $# -ne 2 ]; then fi -echo "***Running Boundary Vault Stack on ${STACK_ENV} Mode.****" +echo -e "***Running Boundary Vault Stack on ${STACK_ENV} Mode.****\n" ## create ignored dirs in git for confidential data mkdir -p logs/ logs/docker logs/terraform secrets/ +source ./scripts/linter.sh +if [[ ! -d "venv/" ]]; then + echo -e "\nInstalling Virtual Env and dependencies." + + py_cmd=$(lint_py) + $py_cmd -m venv venv + source venv/bin/activate + pip install -U pip + pip install -r ./requirements.txt +else + source venv/bin/activate + pip install -r ./requirements.txt +fi + ## install required collections ansible-galaxy collection install -r requirements.yml -ansible-playbook -i ansible/inventory/inventory.ini ansible/playbook.yml +## provision the server +if [ -z "$STACK_SERVER"]; then + lint_vagrant + vagrant up +fi + +ansible-playbook -i ansible/inventory/inventory.ini ansible/playbook.yml --ask-vault-pass echo "****** Applying Vault changes ******" sleep 10 -ansible-playbook -i ansible/inventory/inventory.ini ansible/terraform.yml +ansible-playbook -i ansible/inventory/inventory.ini ansible/terraform.yml --ask-vault-pass echo "********* Applying terraform provisioning ******* " sleep 5 -ansible-playbook -i ansible/inventory/inventory.ini ansible/boundary.yml +ansible-playbook -i ansible/inventory/inventory.ini ansible/boundary.yml --ask-vault-pass echo "***** Performing Stack Cleanup *******" -ansible-playbook -i ansible/inventory/inventory.ini ansible/cleanup.yml \ No newline at end of file +ansible-playbook -i ansible/inventory/inventory.ini ansible/cleanup.yml --ask-vault-pass \ No newline at end of file From 26c4929a9bc4a6a8b33b08656893adf9daa11a8b Mon Sep 17 00:00:00 2001 From: Shayan Ghani Date: Tue, 3 Sep 2024 18:53:28 +0330 Subject: [PATCH 5/5] fix(ci): change default bump to patch --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 3cbf545..97d8ce8 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -22,7 +22,7 @@ jobs: uses: mathieudutour/github-tag-action@a22cf08638b34d5badda920f9daf6e72c477b07b with: github_token: ${{ secrets.GITHUB_TOKEN }} - default_bump: minor + default_bump: patch - name: Build Changelog id: github_release