-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Adds a small docker compose to spin up a redis cluster along with vault to test bedel
- Loading branch information
Showing
1 changed file
with
45 additions
and
45 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,50 +1,50 @@ | ||
| #!/bin/sh | ||
|
|
||
| set -x | ||
| set -m | ||
|
|
||
| setup_vault(){ | ||
| # Wait for Vault server to be up | ||
| echo "Waiting for Vault to start..." | ||
| while ! nc -z localhost 8200; do | ||
| sleep 1 | ||
| done | ||
|
|
||
| echo "Vault started" | ||
|
|
||
| vault login $VAULT_DEV_ROOT_TOKEN_ID | ||
|
|
||
| # Enable database secret engine | ||
| vault secrets enable database | ||
|
|
||
| sleep 1 | ||
|
|
||
| instances="redis0001 redis0002 redis0003" | ||
| for instance in $instances ; do | ||
| vault write "database/config/${instance}" \ | ||
| plugin_name="redis-database-plugin" \ | ||
| host=$instance \ | ||
| port=6379 \ | ||
| tls=false \ | ||
| username="default" \ | ||
| password="bedel-integration-test" \ | ||
| allowed_roles="*-${instance}" | ||
|
|
||
| vault write "database/roles/admin-${instance}" \ | ||
| db_name=$instance \ | ||
| creation_statements='["+@admin"]' \ | ||
| default_ttl="30m" \ | ||
| max_ttl="1h" | ||
| done | ||
|
|
||
| for i in $(seq 1 10) ; do | ||
| vault read database/creds/admin-redis0001 | ||
| vault read database/creds/admin-redis0002 | ||
| vault read database/creds/admin-redis0003 | ||
| done | ||
| echo "Vault configuration complete" | ||
| } | ||
|
|
||
| setup_vault & | ||
|
|
||
| # start dev vault | ||
| vault server -dev -dev-root-token-id=$VAULT_DEV_ROOT_TOKEN_ID & | ||
|
|
||
| # Wait for Vault server to be up | ||
| echo "Waiting for Vault to start..." | ||
| while ! nc -z localhost 8200; do | ||
| sleep 1 | ||
| done | ||
|
|
||
| echo "Vault started" | ||
|
|
||
| vault login $VAULT_DEV_ROOT_TOKEN_ID | ||
|
|
||
| # Enable database secret engine | ||
| vault secrets enable database | ||
|
|
||
| sleep 1 | ||
|
|
||
| instances="redis0001 redis0002 redis0003" | ||
| for instance in $instances ; do | ||
| vault write "database/config/${instance}" \ | ||
| plugin_name="redis-database-plugin" \ | ||
| host=$instance \ | ||
| port=6379 \ | ||
| tls=false \ | ||
| username="default" \ | ||
| password="bedel-integration-test" \ | ||
| allowed_roles="*-${instance}" | ||
|
|
||
| vault write "database/roles/admin-${instance}" \ | ||
| db_name=$instance \ | ||
| creation_statements='["+@admin"]' \ | ||
| default_ttl="30m" \ | ||
| max_ttl="1h" | ||
| done | ||
|
|
||
| #for i in {1..30} ; do | ||
| # vault read database/creds/admin-master | ||
| # vault read database/creds/admin-slave01 | ||
| # vault read database/creds/admin-slave02 | ||
| #done | ||
|
|
||
| echo "Vault configuration complete" | ||
|
|
||
| fg | ||
| vault server -dev -dev-root-token-id=$VAULT_DEV_ROOT_TOKEN_ID |