Repository to collect Disk Encryption Experience (DEE) Host Management Service (HMS) backend deployment. The current status of the code is beta, as this is intended to show a Proof of Concept (PoC) about how NBDE works in ConsoleDOT environment.
Content of this repository can be deployed through bonfire and Ephemeral Environments.
In particular, to deploy this application, you can:
- Create a file under ~/.config/bonfire/config.yaml
- Include, in previous file, next configuration:
# Bonfire deployment configuration
apps:
- name: tang
components:
- name: service
host: github
repo: dee-hms/dee-hms-deployment
path: deploy/clowdapp.yaml- Deploy previous configuration with next command:
bonfire deploy --source=local tangApart from deployment configuration files, this repository holds some useful tools that allow automating some of the tasks required for the PoC
v3_deployment_config tool allows deploying some of the required information to tang-proxy / socat-tang-filter tools. It parses a CSV file, and configures:
- tang proxy database
- socat tang filter configuration file
Usage of the tool is as follows:
$ .//v3_deployment_config.sh -h
./v3_deployment_config.sh -c <configFile>
[-d database_file (/var/lib/sqlite/tang_bindings.db)]
[-p tang_iam_proxy (will be guessed if not provided)]
[-t tang_podname (will be guessed if not provided)]
[-k k8s_client (oc by default)] [-h] [-v]Mandatory parameters:
-d databaseInfo: This parameter will hold the database configuration (host, user, password). An example: localhost:root:redhat123
Optional parameters are:
-d databaseFile: This parameter will specify the database file in iam proxy. Default: /var/lib/sqlite/tang_bindings.db
-p tangProxy: The name of the Tang IAM proxy pod where to configure.
If not provided, this script will try to guess it, searching for pods starting with tang-iam-proxy prefix
-t tangServerPodname: The name of the Tang pod where to configure.
If not provided, this script will try to guess it, searching for pods starting with tang-server prefix
-k k8sClient: This parameter allows providing the K8S/OpenShift client to use.
If not provided, this script will use oc by default
-v: To execute in verbose mode
-h: To show command help
An example on how to execute the tool could be next:
$ ./tools/v3_deployment/v3_deployment_config.sh -c ./tools/v3_deployment/v3_deployment_config.csvAn example on how to execute the tool in verbose mode could be next:
$ ./tools/v3_deployment/v3_deployment_config.sh -c ./tools/v3_deployment/v3_deployment_config.csv -v
-------------------------------------------------------------------
configuration_file:[./tools/v3_deployment/v3_deployment_config.csv]
database_file:/var/lib/sqlite/tang_bindings.db
tang_podname:tang-server-deployment-1234567890-allh3r3
tang_iam_proxy_podname:tang-server-deployment-0987654321-nob33f
-------------------------------------------------------------------