Self explanatory, but a few points:
Our enterprise app solution is already using Fastlane using sigh and cert commands with the certs stored locally on a Jenkins node. We want to migrate to using Match, however I am having a hard time finding good examples of how to accomplish this in an existing project and to be honest it seems a little 'automagical' as I am not a Devops person. We are using Match, Jenkins and AWS S3 & Parameter Store for the certs and creds.
Some curiosities:
Are there any good examples of Match being used with this setup?
How does the Matchfile pull environment variables from a Jenkins pipeline script?
Is Match essentially a replacement for cert storage?
Does the match function in a lane replace sigh and cert functions?
Before someone says, "ShOw YoUr FaStFiLe"; I'm not able to share any code. This is more a question to obtain good resources for implementation of match and to gain a better understanding.
Thanks
Related
I want to do some specific task using sawtooth in combination with ansible. I am using this ansible project https://github.com/hyperledger/sawtooth-ansible. The problem is when I want to run "Configure onchain permissions". The main problem is in configure-onchain-perms role in task Create Transaction Access Policy. Always as a result, I get the time out. Also, I tried to install everything manually, without ansible, but output is the same. The same result is with this simple command sawtooth identity policy create policy_1 "PERMIT_KEY *". Could anyone guide me how to use identity family in right way ?
Is the identity transaction processor, identity-tp running on all nodes?
A quote from:
https://sawtooth.hyperledger.org/docs/core/releases/latest/cli/identity-tp.html
This process is required to apply any changes to on-chain permissions
used by the Sawtooth platform.
There is also an active chat forum for Sawtooth at https://chat.hyperledger.org/channel/sawtooth
I use Microsoft Team Foundation Server (TFS) for most of my software deployments. TFS allows me to dynamically replace text within specific configuration files during the release process to specific environments (dev, test, prod).
The text it replaces are placeholders called "tokens". For instance, during my automated deployments, TFS will allow us to replace tokens found within configuration files with pre-defined values saved in the build administration for each environment. This way, I don't store any real credentials in source control for any environment. I also don't store any script in source that would hold these sensative credentials. The credentials are dynamically inserted over top the tokens during the release, and the credentials are hosted/saved/configured inside of the release system (not in a script).
For example, I have a configuration file (web.config) that has tokens. A token looks something like this:
MySettingName=${MYSETTINGVALUE}
During the release to DEV, I want the text ${MYSETTINGVALUE} replaced with the word TEN. During the release to PROD, I want that same ${MYSETTINGVALUE} text replaced with the word ORANGE. And I want to store those two values (TEN and ORANGE) in the release administration system, and not in a script.
How do I configure Jenkins to do this same thing?
I have searched up-and-down for this specific answer. While many blogs, articles, documentation exist, none of them speak directly to this issue.
I would prefer NOT to use some additional 3rd party software to do
this.
I would prefer NOT to kick off some manual build and supply these
values each and every time.
I would also prefer NOT to use an Operating System level system
variable (aka evironment variable). In case that server dies, I
would rather not have to remember to setup those OS environment
varialbles on the next server.
Jenkins has a built-in credentials plugin for handling secrets in builds.
See this article on how to use them: https://support.cloudbees.com/hc/en-us/articles/203802500-Injecting-Secrets-into-Jenkins-Build-Jobs
Basically it stores credentials securely and injects them into your jobs as variables which can then be used like any other.
I have reached the point where I have to get my Service Fabric Cluster deployed to Azure :) Besides the the stateful/stateless services I have 2 MVC applications. I currently have a few settings in the web.config files (mostly connection strings).
I plan to configure continuous build / deploy using Visual Studio Online, but have not dogged into to doing that yet.
Where are the recommended place to store the configuration settings. I will need settings for 3 different environments (dev/test/prod).
I found a reference, at some point, to store the settings on the build definition which sounds like a better place to store production credentials than in config files that are being part of the source code for the applications. I need to limit access to values for the production environment and having them in the config files that all developers has access to does not sound like the best way to do this.
Any white papers or best practices regarding this I should be aware of?
You can use de publish profiles and application parameters of the service fabric project to store your settings for each environment.
In my case i have a dev, a homolog and a production environment with different database connection strings, so i created publish profiles named Cloud.Homolog.xml, Cloud.Production.xml and for dev environment i'm still using Local.5Node.xml.
Then, when i want to deploy in some of this environments i choose the correct publish profile.
Here is the documentation for multiple environment management:
Link
First of all my apologies that the question is under stackoverflow not stack exchange, I don't have enough points to ask it there.
I've created a packer template in which creates my image(the image includes the code for my application, nginx, php-fpm and ...)
If you have used packer before, you will know that at the end of the process it will give you the image_id, I need to use this image id in order to update the template for my cloudformation on aws,
the cloud formation template will create an launch configuration based on the image_id from the packer. later on the launch configuration will be used to create an autoscaling group,which is connected to an ELB(The ELB is not under cloudformation).
Here are my questions:
1-whats the best way to automate the process of getting the id from packer and updating the cloudformation template?(To elaborate more, i need to get the id somehow, for now the only thing that I can think of is a bash command, but this cause an issue if I want to use jenkins later on.what are other alternatives?)
2-Lets say I managed to get the id, now whats the best policy to update the cloudformation template?(Currently aws CLI is my only option any better solution)?
2-How to automate these whole process using jenkins?
I would put a wrapper Python/Ruby script that would run packer, then call cloudformation reading from the packer output.
I have a Rails application that connects to Facebook using OAuth. I'm looking for is a full description of how to handle the OAuth key and secret I get from facebook.
Where to store them?
How to store them there? I saw an answer saying it should be an env variable, but I'm looking for specifics: How do add them to env? manually? script? what script? where should it be? what about source control? what about production?
Any other details that I should know in order to implement the solution in dev, test and production.
I've seen some variants of this question, but never with a complete and detailed answer.
I'm really looking for the overall flow, but also need all the small details that may look trivial but are important to understand this.
You'll want to store your secret keys and environment-specific configuration outside of your code. You should store these in a way that would allow you to publish your source code in a public repository on, say github, without ignoring any files in source control. This is a principle of the Twelve-Factor Methodology.
Anyway, to answer your question, you could add these keys as shell variables. This assumes you are developing on *nix.
$ echo "export OAUTH_SECRET='kie92j8fKEHHE92Va1njk3'" >> ~/.bash_profile
Now in your Rails code, you have access to all your environment variables:
ENV["OAUTH_SECRET"]
These environment variables can be set in a deploy script that prompts you for them on the command line. This also allows each developer on your team to have his or her own keys.
Most of the people create their own config.yml. It is very easy to do. Here is a detailed description for creating config.yml