refactor(zabbix-server): Add zabbix-server example

refactor(remco): Add .gitignore to never commit .env files
feat(remco): Add remco config file
2023-04-26 02:13:42 +02:00 · 2023-04-26 02:13:20 +02:00 · 2023-04-26 02:12:41 +02:00 · 2023-04-26 02:12:02 +02:00
4 changed files with 79 additions and 1 deletions
--- a/README.md
+++ b/README.md
@@ -1,3 +1,52 @@
 # remco-docker-config
-Provides remco configs and resources to easily set up Docker and Docker Compose environment files
+Provides [remco](https://github.com/HeavyHorst/remco) configs and resources to easily set up Docker and Docker Compose environment files with HashiCorp Vault secrets
 # How to run
 ## Set environment variables
 Set these mandatory variables, fill in real values
 ```
 # Largely static
 export REMCO_DOCKER_CONFIG='/path/to/this/dir'
 export VAULT_ADDR='https://127.0.0.1:8200/'
 export VAULT_TOKEN='hvs.BerthaIsDeNigrAtinGtHEiMP'
 # Changes per container and context
 export DOCKER_FQDN='containers-3.example.net'
 export DOCKER_GROUP_NAME='grafana'
 export DOCKER_CTX='bi_shenyang'
 export VAULT_KEY='/kv/data/docker/${DOCKER_GROUP_NAME}/'"${DOCKER_CTX}"
 ```
 Treat `DOCKER_CTX` as a team name, purpose or scope. If the same Docker application can run multiple times and serve different tenants then `DOCKER_CTX` is what distinguishes one instance from the other. Here `bi_shenyang` indicates for example a Shenyang-based Business Intelligence team.
 ## Render config files
 Let `remco` generate an environment file
 ```
 remco -config config.toml
 ```
 Output will look somewhat like this (no change needed):
 ```
 [INFO]  set backend nodes: backend=vault nodes=["https://127.0.0.1:8200/"] prefix=remco[671145]
 [DEBUG] retrieving keys: backend=vault key_prefix="\"\"" prefix=remco[671145] resource=grafana
 [DEBUG] compiling source template: prefix=remco[671145] resource=grafana template=/tmp/remco-docker-config/templates.d/grafana/fqdn-context.env
 [DEBUG] comparing staged and dest config files: dest=/tmp/remco-docker-config/rendered.d/grafana/containers-3.example.net-bi_shenyang.env prefix=remco[671145] resource=grafana staged=.containers-3.example.net-bi_shenyang.env2016234729
 [DEBUG] target config in sync: config=/tmp/remco-docker-config/rendered.d/grafana/containers-3.example.net-bi_shenyang.env prefix=remco[671145] resource=grafana
 [DEBUG] closing client connection: backend=vault prefix=remco[671145] resource=grafana
 ```
 Or like this (target file does not have correct content):
 ```
 [INFO]  set backend nodes: backend=vault nodes=["https://127.0.0.1:8200/"] prefix=remco[675012]
 [DEBUG] retrieving keys: backend=vault key_prefix="\"\"" prefix=remco[675012] resource=grafana
 [DEBUG] compiling source template: prefix=remco[675012] resource=grafana template=/tmp/remco-docker-config/templates.d/grafana/fqdn-context.env
 [DEBUG] comparing staged and dest config files: dest=/tmp/remco-docker-config/rendered.d/grafana/containers-3.example.net-bi_shenyang.env prefix=remco[675012] resource=grafana staged=.containers-3.example.net-bi_shenyang.env3921647901
 [INFO]  wrong hashsum: config=/tmp/remco-docker-config/rendered.d/grafana/containers-3.example.net-bi_shenyang.env current=da39a3ee5e6b4b0d3255bfef95601890afd80709 new=97aacc05e6ccad77fec95cc5daa4b3cb7ccd03eb prefix=remco[675012] resource=grafana
 [INFO]  target config out of sync: config=/tmp/remco-docker-config/rendered.d/grafana/containers-3.example.net-bi_shenyang.env prefix=remco[675012] resource=grafana
 [DEBUG] overwriting target config: config=/tmp/remco-docker-config/rendered.d/grafana/containers-3.example.net-bi_shenyang.env prefix=remco[675012] resource=grafana
 [INFO]  target config has been updated: config=/tmp/remco-docker-config/rendered.d/grafana/containers-3.example.net-bi_shenyang.env prefix=remco[675012] resource=grafana
 [DEBUG] closing client connection: backend=vault prefix=remco[675012] resource=grafana
 ```
--- a/config.toml
+++ b/config.toml
@@ -0,0 +1,18 @@
 log_level = "debug"
 log_format = "text"
 retries = 0
 [[resource]]
 name = "${DOCKER_GROUP_NAME}"
 [[resource.template]]
  src = "${REMCO_DOCKER_CONFIG}/templates.d/${DOCKER_GROUP_NAME}/fqdn-context.env"
  dst = "${REMCO_DOCKER_CONFIG}/rendered.d/${DOCKER_GROUP_NAME}/${DOCKER_FQDN}_${DOCKER_CTX}.env"
  [resource.backend]
    [resource.backend.vault]
      node = "${VAULT_ADDR}"
      auth_type = "token"
      auth_token = "${VAULT_TOKEN}"
      onetime = true
      keys = ["${VAULT_KEY}"]
--- a/rendered.d/zabbixserver/.gitignore
+++ b/rendered.d/zabbixserver/.gitignore
@@ -0,0 +1,2 @@
 !.gitignore
 *.env
--- a/templates.d/zabbixserver/fqdn-context.env
+++ b/templates.d/zabbixserver/fqdn-context.env
@@ -0,0 +1,9 @@
 {% set VAULT_KEY = getenv("VAULT_KEY") %}
 # This file is maintained by remco and populated with data from HashiCorp
 # Vault. Changes not done in Vault will be reverted when file gets rendered.
 {% for key in ls(VAULT_KEY|add:"/data") %}
 {{key}}={{ getv(VAULT_KEY|add:"/data/"|add:key) }}
 {% endfor %}
 # When needed for temporary debugging
 # ZBX_DEBUGLEVEL=4
Author	SHA1	Message	Date
hygienic-books	91d7e727c0	refactor(zabbix-server): Add zabbix-server example	2023-04-26 02:13:42 +02:00
hygienic-books	b92ae07769	refactor(remco): Add .gitignore to never commit .env files	2023-04-26 02:13:20 +02:00
hygienic-books	797a010dd0	feat(remco): Add remco config file	2023-04-26 02:12:41 +02:00
hygienic-books	5d11328a5b	feat(docs): Add docs	2023-04-26 02:12:02 +02:00