This repository is needed to store private credentials. It is recommended that
you store those credentials on a private repo where only allowed people have
-access. Each setting is stored in individual files in the repository:
+access, where access to the repositories can be controlled by SSH keys.
+Each setting is stored in individual files in the repository:
- ssh-pub-key # public key to be used for SSH access into the nodes
- coreos-pull-secret # place the file that you created before
The right path to clone a private repo is: git@github.com:repo_user/repo_name.git
+You also can use a local directory to store secrets in local deployments.
+You should create a directory with a known path, and your directory shall contain the individual files listed before. In that case no SSH key is needed. You can reference you local secrets repo by:
+
+ CREDENTIALS=file://<path_to_secrets_repo>
+
**BASE_REPO: Repository for the base manifests**
This is the repository where the default manifest templates are stored. There is one specific folder for each blueprint and provider: aws/1-node, libvirt/1-node, etc... This can be any repository with the right templates, but for Akraino it currently defaults to github.com/redhat-nfvpe/kni-edge-base.git
log.Println("Download secrets repo")
secretsPath := fmt.Sprintf("%s/secrets", g.buildPath)
- // Retrieve private key and b64encode it
- rsaPrivateLocation := fmt.Sprintf("%s/.ssh/id_rsa", os.Getenv("HOME"))
- priv, _ := ioutil.ReadFile(rsaPrivateLocation)
- sEnc := base64.StdEncoding.EncodeToString(priv)
- finalURL := fmt.Sprintf("%s?sshkey=%s", g.secretsRepo, sEnc)
+ // Retrieve private key and b64encode it, if secrets is not local
+ finalURL := ""
+ if !strings.HasPrefix(g.secretsRepo, "file://") {
+ rsaPrivateLocation := fmt.Sprintf("%s/.ssh/id_rsa", os.Getenv("HOME"))
+ priv, _ := ioutil.ReadFile(rsaPrivateLocation)
+ sEnc := base64.StdEncoding.EncodeToString(priv)
+ finalURL = fmt.Sprintf("%s?sshkey=%s", g.secretsRepo, sEnc)
+ } else {
+ finalURL = g.secretsRepo
+ }
client = &getter.Client{Src: finalURL, Dst: secretsPath, Mode: getter.ClientModeAny}
err = client.Get()
if err != nil {
// Clone the base repository with base manifests
log.Println("Cloning the base repository with base manifests")
baseBuildPath := fmt.Sprintf("%s/base_manifests", g.buildPath)
- log.Println(g.basePath)
client = &getter.Client{Src: g.baseRepo, Dst: baseBuildPath, Mode: getter.ClientModeAny}
err = client.Get()
if err != nil {
parsedSettings := (*siteSettings)["settings"]
// Read secrets
- err = filepath.Walk(fmt.Sprintf("%s/secrets", g.buildPath), g.ReadSecretFiles)
+ secretsPath := fmt.Sprintf("%s/secrets", g.buildPath)
+ ln, err := filepath.EvalSymlinks(secretsPath)
+ if err != nil {
+ log.Fatal(fmt.Sprintf("Error evaluating symlinks: %s", err))
+ os.Exit(1)
+ }
+ if len(ln) > 0 {
+ // we need to traverse that instead of the given path
+ secretsPath = ln
+ }
+ err = filepath.Walk(secretsPath, g.ReadSecretFiles)
// Prepare the final file to write the template
f, err := os.Create(fmt.Sprintf("%s/install-config.yaml", g.buildPath))
Code Review / kni / installer.git / commitdiff