serial vault #43

  • By rmescandon
  • Latest version (#43)
  • xenial
  • Unpublished

Description

Serial Vault that signs serial assertions from Ubuntu devices using pre-defined
GPG signing keys. The Serial Vault holds a list of approved device models and
signs the serial assertion for the models.


About

This charm installs a Serial Vault service, https://github.com/CanonicalLtd/serial-vault

Install

After bootstrapping a juju environment, run:

juju deploy postgresql

juju deploy cs:~canonical-solutions/serial-vault-charm serial-vault         # The signing service
juju add-relation serial-vault:database postgresql:db-admin

juju deploy cs:~canonical-solutions/serial-vault-charm serial-vault-admin   # The admin service
juju add-relation serial-vault-admin:database postgresql:db-admin
juju config serial-vault-admin service_type=admin

# Optionally, deploy the system-user service (v1.5 snap onwards)
juju deploy cs:~canonical-solutions/serial-vault-charm serial-vault-user   # The system-user service
juju add-relation serial-vault-user:database postgresql:db-admin
juju config serial-vault-user service_type=system-user

# Expose the services
juju expose serial-vault         # port 8080
juju expose serial-vault-admin   # port 8081
juju expose serial-vault-user    # port 8082

Note: the db-admin relation is needed for the PostgreSQL service currently to avoid object ownership issues.

Configuration

jwt_secret
(string) 64 bytes long key to digitally sign exchanged info with USSO
kich9KamaigeiQuiZee9uogeojahRe9Noh8aemu6Noh7chie6ool5umo6iki0Phe
nagios_check_http_params
(string) The parameters to pass to the nrpe plugin check_http.
enable_user_auth
(boolean) Enable user authentication using Ubuntu SSO
True
nagios_servicegroups
(string) A comma-separated list of nagios servicegroups. If left empty, the nagios_context will be used as the servicegroup
nagios_context
(string) Used by the nrpe-external-master subordinate charm. A string that will be prepended to instance name to set the host name in nagios. So for instance the hostname would be something like: juju-postgresql-0 If you're running multiple environments with the same services in them this allows you to differentiate between them.
juju
service_type
(string) Which service to run - signing or admin or system-user
signing
keystore_secret
(string) Secret code to encrypt the auth-key hash
abcdefg1234567890
proxy
(string) Proxy server for accessing the Snap Store
environment_variables
(string) Blank separated key=value strings representing env vars
url_host
(string) Return URL of the service (needed for OpenID) without the protocol schema
serial-vault:443
csrf_auth_key
(string) 64 bytes long, base64 encoded key to protect server from cross site request forgery attacks
2E6ZYnVYUfDLRLV/ne8M6v1jyB/376BL9ORnN3Kgb04uSFalr2ygReVsOt0PaGEIRuID10TePBje5xdjIOEjQQ==
payload
(string) Swift container object. This is the tgz file holding binaries and service configuration
swift_container
(string) Swift container from where download the service payload
serial-vault.canonical.com