…The language is C like, with flavorings of Python
Continue ReadingHashicorp
Nebula-in-a-Box POC Completed…
Nebula-in-a-Box actually works now. The latest problems were in ssl certificates, vault, consul, DNS, internal addressing, tuning consul to run as basically a single master instance (not designed for that). The Nebula-in-a-Box orion instance comes up now with consul fully functioning as service discovery and DNS. It registers and interacts with the local vault. The…
Continue ReadingVault and Self-signed Certs
In a distributed AWS cloud environment, SSL certs live on the ELB instances and are signed by known CA’s. Backend encryption using self-signed certs is seamless. As soon as Jenkins, consul+vault and the nebula utilities API are brought together onto the same box (Nebula-in-a-Box), and are moved to using consul service discovery, SSL naming and…
Continue ReadingShip Inside of a Bottle, Repeat
…in other words, DevOps. Github sends a notifyCommit message to Jenkins. That message passes through the Jenkins git plugin, which triggers a job if (1) there is a job configured with a git url matching the notifyCommit git url, and (2) there is a change to the code. If the job does not already exist…
Continue ReadingDeleting the Hashicorp Whitelist Entry…
In working with Hashicorp vault I used an AWS role to automagically enable an instance to communicate with vault. That worked really well. But in developing and testing sometimes I needed that AWS instance to be reverted in vault – to no longer be registered. That required tracing down where and how that auth happens…
Continue Reading