refactor(zabbix-server): Add zabbix-server example

refactor(remco): Add .gitignore to never commit .env files
feat(remco): Add remco config file
2023-04-26 02:13:42 +02:00 · 2023-04-26 02:13:20 +02:00 · 2023-04-26 02:12:41 +02:00 · 2023-04-26 02:12:02 +02:00
4 changed files with 79 additions and 1 deletions
--- a/README.md
+++ b/README.md
@@ -1,3 +1,52 @@
 # remco-docker-config

-Provides remco configs and resources to easily set up Docker and Docker Compose environment files
+Provides [remco](https://github.com/HeavyHorst/remco) configs and resources to easily set up Docker and Docker Compose environment files with HashiCorp Vault secrets
+
+# How to run
+
+## Set environment variables
+
+Set these mandatory variables, fill in real values
+```
+# Largely static
+export REMCO_DOCKER_CONFIG='/path/to/this/dir'
+export VAULT_ADDR='https://127.0.0.1:8200/'
+export VAULT_TOKEN='hvs.BerthaIsDeNigrAtinGtHEiMP'
+
+# Changes per container and context
+export DOCKER_FQDN='containers-3.example.net'
+export DOCKER_GROUP_NAME='grafana'
+export DOCKER_CTX='bi_shenyang'
+export VAULT_KEY='/kv/data/docker/${DOCKER_GROUP_NAME}/'"${DOCKER_CTX}"
+```
+
+Treat `DOCKER_CTX` as a team name, purpose or scope. If the same Docker application can run multiple times and serve different tenants then `DOCKER_CTX` is what distinguishes one instance from the other. Here `bi_shenyang` indicates for example a Shenyang-based Business Intelligence team.
+
+## Render config files
+Let `remco` generate an environment file
+```
+remco -config config.toml
+```
+
+Output will look somewhat like this (no change needed):
+```
+[INFO]  set backend nodes: backend=vault nodes=["https://127.0.0.1:8200/"] prefix=remco[671145]
+[DEBUG] retrieving keys: backend=vault key_prefix="\"\"" prefix=remco[671145] resource=grafana
+[DEBUG] compiling source template: prefix=remco[671145] resource=grafana template=/tmp/remco-docker-config/templates.d/grafana/fqdn-context.env
+[DEBUG] comparing staged and dest config files: dest=/tmp/remco-docker-config/rendered.d/grafana/containers-3.example.net-bi_shenyang.env prefix=remco[671145] resource=grafana staged=.containers-3.example.net-bi_shenyang.env2016234729
+[DEBUG] target config in sync: config=/tmp/remco-docker-config/rendered.d/grafana/containers-3.example.net-bi_shenyang.env prefix=remco[671145] resource=grafana
+[DEBUG] closing client connection: backend=vault prefix=remco[671145] resource=grafana
+```
+
+Or like this (target file does not have correct content):
+```
+[INFO]  set backend nodes: backend=vault nodes=["https://127.0.0.1:8200/"] prefix=remco[675012]
+[DEBUG] retrieving keys: backend=vault key_prefix="\"\"" prefix=remco[675012] resource=grafana
+[DEBUG] compiling source template: prefix=remco[675012] resource=grafana template=/tmp/remco-docker-config/templates.d/grafana/fqdn-context.env
+[DEBUG] comparing staged and dest config files: dest=/tmp/remco-docker-config/rendered.d/grafana/containers-3.example.net-bi_shenyang.env prefix=remco[675012] resource=grafana staged=.containers-3.example.net-bi_shenyang.env3921647901
+[INFO]  wrong hashsum: config=/tmp/remco-docker-config/rendered.d/grafana/containers-3.example.net-bi_shenyang.env current=da39a3ee5e6b4b0d3255bfef95601890afd80709 new=97aacc05e6ccad77fec95cc5daa4b3cb7ccd03eb prefix=remco[675012] resource=grafana
+[INFO]  target config out of sync: config=/tmp/remco-docker-config/rendered.d/grafana/containers-3.example.net-bi_shenyang.env prefix=remco[675012] resource=grafana
+[DEBUG] overwriting target config: config=/tmp/remco-docker-config/rendered.d/grafana/containers-3.example.net-bi_shenyang.env prefix=remco[675012] resource=grafana
+[INFO]  target config has been updated: config=/tmp/remco-docker-config/rendered.d/grafana/containers-3.example.net-bi_shenyang.env prefix=remco[675012] resource=grafana
+[DEBUG] closing client connection: backend=vault prefix=remco[675012] resource=grafana
+```
--- a/config.toml
+++ b/config.toml
@@ -0,0 +1,18 @@
+log_level = "debug"
+log_format = "text"
+retries = 0
+
+[[resource]]
+name = "${DOCKER_GROUP_NAME}"
+
+[[resource.template]]
+  src = "${REMCO_DOCKER_CONFIG}/templates.d/${DOCKER_GROUP_NAME}/fqdn-context.env"
+  dst = "${REMCO_DOCKER_CONFIG}/rendered.d/${DOCKER_GROUP_NAME}/${DOCKER_FQDN}_${DOCKER_CTX}.env"
+
+  [resource.backend]
+    [resource.backend.vault]
+      node = "${VAULT_ADDR}"
+      auth_type = "token"
+      auth_token = "${VAULT_TOKEN}"
+      onetime = true
+      keys = ["${VAULT_KEY}"]
--- a/rendered.d/zabbixserver/.gitignore
+++ b/rendered.d/zabbixserver/.gitignore
@@ -0,0 +1,2 @@
+!.gitignore
+*.env
--- a/templates.d/zabbixserver/fqdn-context.env
+++ b/templates.d/zabbixserver/fqdn-context.env
@@ -0,0 +1,9 @@
+{% set VAULT_KEY = getenv("VAULT_KEY") %}
+# This file is maintained by remco and populated with data from HashiCorp
+# Vault. Changes not done in Vault will be reverted when file gets rendered.
+
+{% for key in ls(VAULT_KEY|add:"/data") %}
+{{key}}={{ getv(VAULT_KEY|add:"/data/"|add:key) }}
+{% endfor %}
+# When needed for temporary debugging
+# ZBX_DEBUGLEVEL=4
Author	SHA1	Message	Date
hygienic-books	91d7e727c0	refactor(zabbix-server): Add zabbix-server example	2023-04-26 02:13:42 +02:00
hygienic-books	b92ae07769	refactor(remco): Add .gitignore to never commit .env files	2023-04-26 02:13:20 +02:00
hygienic-books	797a010dd0	feat(remco): Add remco config file	2023-04-26 02:12:41 +02:00
hygienic-books	5d11328a5b	feat(docs): Add docs	2023-04-26 02:12:02 +02:00