Use kv2 for node configs (#602)

aeternity · Feb 12, 2024 · a30ccc2 · a30ccc2
1 parent b43d755
commit a30ccc2
Show file tree

Hide file tree

Showing 6 changed files with 10 additions and 10 deletions.
diff --git a/Makefile b/Makefile
@@ -7,7 +7,7 @@ ENV = envdir $(SECRETS_OUTPUT_DIR)
 VAULT_ADDR ?= $(AE_VAULT_ADDR)
 TF_COMMON_PARAMS = -var vault_addr=$(VAULT_ADDR) -lock-timeout=$(TF_LOCK_TIMEOUT) -parallelism=20
 CONFIG_OUTPUT_DIR ?= /tmp/config
-VAULT_CONFIG_ROOT ?= secret/aenode/config
+VAULT_CONFIG_ROOT ?= secret2/aenode/config
 VAULT_CONFIG_FIELD ?= ansible_vars
 LIST_CONFIG_KEYS := $(ENV) vault list $(VAULT_CONFIG_ROOT) | tail -n +3
 
@@ -190,12 +190,12 @@ vault-config-% : $(CONFIG_OUTPUT_DIR)/%.yml ;
 vault-config-update-%: vault-config-%
 	sed -i "s|^package:.*|package: $(call require_env,PACKAGE)|g" $(CONFIG_OUTPUT_DIR)/$*.yml
 	sed -i "s|^db_version:.*|db_version: $(call require_env,DEPLOY_DB_VERSION)|g" $(CONFIG_OUTPUT_DIR)/$*.yml
-	cat $(CONFIG_OUTPUT_DIR)/$*.yml | $(ENV) vault write $(VAULT_CONFIG_ROOT)/$* $(VAULT_CONFIG_FIELD)=-
+	cat $(CONFIG_OUTPUT_DIR)/$*.yml | $(ENV) vault kv patch $(VAULT_CONFIG_ROOT)/$* $(VAULT_CONFIG_FIELD)=-
 
 .PRECIOUS: $(CONFIG_OUTPUT_DIR)/%.yml
 $(CONFIG_OUTPUT_DIR)/%.yml: YML=$(CONFIG_OUTPUT_DIR)/$*.yml
 $(CONFIG_OUTPUT_DIR)/%.yml: secrets $(CONFIG_OUTPUT_DIR)
-	@($(ENV) vault read -field=$(VAULT_CONFIG_FIELD) $(VAULT_CONFIG_ROOT)/$* > $(YML) && echo $(YML) ) || rm $(YML)
+	@($(ENV) vault kv get -field=$(VAULT_CONFIG_FIELD) $(VAULT_CONFIG_ROOT)/$* > $(YML) && echo $(YML) ) || rm $(YML)
 
 # List of all available targets
 .PHONY help:

diff --git a/README.md b/README.md
@@ -258,7 +258,7 @@ The playbook does:
 ### Vault node ansible configuration
 
 Node configurations are stored in YAML format by the Vault's KV store named 'secret'
-under path `secret/aenode/config/<ENV_TAG>` as field `node_config`
+under path `secret2/aenode/config/<ENV_TAG>` as field `node_config`
 
 `<ENV_TAG>` should be considered to be a node's "configuration" environment. 
 For instance 'terraform' setups certain nodes to look for `<env@region>`, e.g. `main_mon@us-west-1`. 
@@ -307,7 +307,7 @@ cat `make -s vault-config-test`
 
 ENV vars can control the defaults:
 - `CONFIG_OUTPUT_DIR` - To override the output path where configs are dumped (default: `/tmp/config`)
-- `VAULT_CONFIG_ROOT` - Vault root path where config envs are stored (default: `secret/aenode/config`)
+- `VAULT_CONFIG_ROOT` - Vault root path where config envs are stored (default: `secret2/aenode/config`)
 - `VAULT_CONFIG_FIELD` - Name of the field where the configuration YAML is stored (default: `node_config`)
 
 Example:

diff --git a/ansible/deploy-aemdw.yml b/ansible/deploy-aemdw.yml
@@ -98,7 +98,7 @@
 
       - name: Update configuration files
         copy:
-          content: "{{ lookup('hashi_vault', 'secret=secret/aenode/config/{{ vault_config_key }}:{{ item.key }}') }}"
+          content: "{{ lookup('hashi_vault', 'secret=secret2/data/aenode/config/{{ vault_config_key }}:{{ item.key }}') }}"
           dest: "{{ aemdw_project_root }}/{{ item.value }}"
           mode: '0600'
         loop: "{{ files | dict2items }}"

diff --git a/ansible/deploy.yml b/ansible/deploy.yml
@@ -187,7 +187,7 @@
 
       - name: Update configuration files
         copy:
-          content: "{{ lookup('hashi_vault', 'secret=secret/aenode/config/{{ vault_config_key }}:{{ item.key }}') }}"
+          content: "{{ lookup('hashi_vault', 'secret=secret2/data/aenode/config/{{ vault_config_key }}:{{ item.key }}') }}"
           dest: "{{ project_root }}/{{ item.value }}"
           mode: '0600'
         loop: "{{ files | dict2items }}"

diff --git a/scripts/vault-config.sh b/scripts/vault-config.sh
@@ -3,7 +3,7 @@
 set -eo pipefail
 
 CONFIG_OUTPUT_DIR=${CONFIG_OUTPUT_DIR:-/tmp/config}
-CONFIG_ROOT=${CONFIG_ROOT:-secret/aenode/config}
+CONFIG_ROOT=${CONFIG_ROOT:-secret2/aenode/config}
 CONFIG_FIELD=${CONFIG_FIELD:-ansible_vars}
 DEFAULT_FIELD_FILE_SUFFIX=${DEFAULT_FIELD_FILE_SUFFIX:-".yml"}
 DRY_RUN=${DRY_RUN:-""}

diff --git a/test/terraform/test.tf b/test/terraform/test.tf
@@ -44,7 +44,7 @@ module "test-aenode-2204" {
     vault_addr        = var.vault_addr
     vault_role        = "ae-node"
     bootstrap_version = var.bootstrap_version
-    bootstrap_config  = "secret/aenode/config/${var.env_name}"
+    bootstrap_config  = "secret2/aenode/config/${var.env_name}"
   }
 
   providers = {
@@ -79,7 +79,7 @@ module "test-aemdw-2204" {
     vault_addr        = var.vault_addr
     vault_role        = "ae-node"
     bootstrap_version = var.bootstrap_version
-    bootstrap_config  = "secret/aenode/config/${var.env_name}"
+    bootstrap_config  = "secret2/aenode/config/${var.env_name}"
   }
 
   providers = {