jasima/majuna
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

docs: add gitlab and ovh

Browse source
This commit is contained in:
Iain Learmonth 2022-05-01 15:35:34 +01:00
parent 3c2c4ef96d
commit 7a1161f233
3 changed files with 86 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

3
app/terraform/bridge/ovh.py
View file

@ -10,7 +10,6 @@ class BridgeOvhAutomation(BridgeAutomation):
"ovh_cloud_application_key", "ovh_cloud_application_key",
"ovh_cloud_application_secret", "ovh_cloud_application_secret",
"ovh_cloud_consumer_key", "ovh_cloud_consumer_key",
"ovh_cloud_project_service",
"ovh_openstack_user", "ovh_openstack_user",
"ovh_openstack_password", "ovh_openstack_password",
"ovh_openstack_tenant_id", "ovh_openstack_tenant_id",
@ -55,7 +54,7 @@ class BridgeOvhAutomation(BridgeAutomation):
} }
data "ovh_cloud_project_regions" "regions" { data "ovh_cloud_project_regions" "regions" {
service_name = "{{ ovh_cloud_project_service }}" service_name = "{{ ovh_openstack_tenant_id }}"
has_services_up = ["instance"] has_services_up = ["instance"]
} }

10
config.yaml.example
View file

@ -45,16 +45,20 @@ TERRAFORM_DIRECTORY: /home/bc/terraform
#GITHUB_ACTIVATED: true #GITHUB_ACTIVATED: true
#GITHUB_API_KEY: #GITHUB_API_KEY:
## GitLab
#GITLAB_ACTIVATED: true
#GITLAB_TOKEN:
## Hetzner Cloud ## Hetzner Cloud
#HCLOUD_ACTIVATED: true #HCLOUD_ACTIVATED: true
#HCLOUD_TOKEN: #HCLOUD_TOKEN:
## OVH Cloud ## OVH Cloud
#OVH_ACTIVATED: true #OVH_ACTIVATED: true
#OVH_OPENSTACK_USER:
#OVH_OPENSTACK_PASSWORD:
#OVH_OPENSTACK_TENANT_ID:
#OVH_CLOUD_APPLICATION_KEY: #OVH_CLOUD_APPLICATION_KEY:
#OVH_CLOUD_APPLICATION_SECRET: #OVH_CLOUD_APPLICATION_SECRET:
#OVH_CLOUD_CONSUMER_KEY: #OVH_CLOUD_CONSUMER_KEY:
#OVH_CLOUD_PROJECT_SERVICE: #OVH_CLOUD_PROJECT_SERVICE:
#OVH_OPENSTACK_USER:
#OVH_OPENSTACK_PASSWORD:
#OVH_OPENSTACK_TENANT_ID:

78
docs/admin/external.rst
View file

@ -38,6 +38,9 @@ GitHub will
`send an email warning <https://github.blog/changelog/2021-07-26-expiration-options-for-personal-access-tokens/>`_ `send an email warning <https://github.blog/changelog/2021-07-26-expiration-options-for-personal-access-tokens/>`_
before the token expires allowing you to generate a new token and update your configuration. before the token expires allowing you to generate a new token and update your configuration.
Your access token will need the "repo" OAuth scope. If you are only using public repos, you could limit the token
to use the "public_repo" scope.
Once you've generated your token, you can add it to your ``config.yaml``: Once you've generated your token, you can add it to your ``config.yaml``:
.. code-block:: yaml .. code-block:: yaml
@ -48,3 +51,78 @@ Once you've generated your token, you can add it to your ``config.yaml``:
The organisation, repository, filename and formats are all configured via the portal interface under The organisation, repository, filename and formats are all configured via the portal interface under
:doc:`mirror lists <../user/lists>`. :doc:`mirror lists <../user/lists>`.
GitLab
------
To configure GitLab, you will need an access token.
GitLab has a variety of scoped access tokens, including
`personal <https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html>`_,
`group <https://docs.gitlab.com/ee/user/group/settings/group_access_tokens.html>`_
and
`project <https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html>`_
access tokens.
Create the type of token that is suitable according to your threat model.
Add a name so that you will be reminded of the purpose of this token when you go
to look at it later.
The expiry can be set according to your threat model.
GitLab will send an email warning to token owners 7 days before expiry
allowing you to generate a new token and update your configuration.
Your access token will need the "read_repository" and "write_repository" scopes.
Once you've generated your token, you can add it to your ``config.yaml``:
.. code-block:: yaml
# GitLab
GITLAB_ACTIVATED: true
GITLAB_TOKEN: glpat-keiyahtuup7oewee7Bie
The organisation, repository, filename and formats are all configured via the portal interface under
:doc:`mirror lists <../user/lists>`.
OVH
---
OVH requires two different sets of credentials.
The first is for the OpenStack Horizon API, and the second for the OVH API.
OVH provides documentation on creating the OpenStack Horizon user
`here <https://docs.ovh.com/gb/en/public-cloud/creation-and-deletion-of-openstack-user/#creating-an-openstack-user>`_.
As the portal will manage all resources within your OVH project, it is fine to
allow for the user to have "Administrator" access.
Once you have the username and password, you can complete the first fields of the
configuration:
.. code-block:: yaml
# OVH Cloud
OVH_ACTIVATED: true
OVH_OPENSTACK_USER: user-TUNqsurjzZq8
OVH_OPENSTACK_PASSWORD: Dq8t7fDNY2JaT8qKnQG25fQGKPfTf4ef
You can find the tenant ID in the top-left corner of the OVH cloud dashboard, or in the
`OpenStack RC file <https://docs.ovh.com/gb/en/public-cloud/set-openstack-environment-variables/>`_
available for download in the Horizon interface.
.. code-block:: yaml
OVH_OPENSTACK_TENANT_ID: 813a2746edfa22856f002bc40191e340
Finally, you'll need to create credentials for the OVH API.
Go to the `key creation page <https://eu.api.ovh.com/createToken/>_` and add an
application name and description to remind you later what the token is for.
Set a validity (expiry) according to your threat model.
This token is only used for read-only access, so it is sufficient to allow only
GET requests.
Place an asterisk (*) in the text box to the right of GET so that
API paths are allowed.
.. code-block:: yaml
OVH_CLOUD_APPLICATION_KEY: 86597b977f13f9cf
OVH_CLOUD_APPLICATION_SECRET: 351596d82649ffdbcfa55ea93208e358
OVH_CLOUD_CONSUMER_KEY: 07d8da20bca15481d23ce7f3f5fbe80b