genvid-bastion¶
In This Section
Manage the local bastion cluster.
The script installs the supervisor services underGENVID_SERVICES_DATADIR
(defaults to ~/.genvid) and sets up a bastion-api service on top of them, using the installation directory.
usage: genvid-bastion [-h] [--loglevel {DEBUG,INFO,WARNING,ERROR}]
[--logformat LOGFORMAT]
{backup,clean,delete-default-terraform-providers,env,get-default-terraform-providers,install,load-bastion-config,log,monitor,open,reinstall,restart,set-default-terraform-providers,setup,setup-vault-engines,start,status,stop,uninstall,update-global-tfvars}
...
Positional Arguments¶
command | Possible choices: backup, clean, delete-default-terraform-providers, env, get-default-terraform-providers, install, load-bastion-config, log, monitor, open, reinstall, restart, set-default-terraform-providers, setup, setup-vault-engines, start, status, stop, uninstall, update-global-tfvars |
Named Arguments¶
--loglevel | Possible choices: DEBUG, INFO, WARNING, ERROR Set the script log level |
--logformat | Set the script log format |
Sub-commands:¶
backup¶
Create a snapshot of the services data and files. Only Consul (including the Vault database in the default configuration), the Vault’s key, and the Terraform “workdir” will be saved. Nomad’s data will not be. Please make sure no terraform operations are running during the process, including updating repository.
The data can be restored when performing an install.
New in version 1.14.0.
genvid-bastion backup [-h]
[--strategies {version,consul,vault,terraform} [{version,consul,vault,terraform} ...]]
zipfile
Positional Arguments¶
zipfile | Archive to save the backup. |
Named Arguments¶
--strategies, -s | |
Possible choices: version, consul, vault, terraform Strategies to apply for the backup. |
delete-default-terraform-providers¶
Delete the global default providers configuration.
genvid-bastion delete-default-terraform-providers [-h]
get-default-terraform-providers¶
Query the global default providers configuration as JSON.
genvid-bastion get-default-terraform-providers [-h]
install¶
Install and set up the services.
Changed in version 1.13.0: The --update-global-tfvars
no longer updates the
toolbox
variable. Instead, it updates the
toolbox_location
variable only if present.
Changed in version 1.14.0: The command now checks if a valid bastion ID is set and
allow you to set it with the --bastionid
parameter.
Changed in version 1.15.0: Added --reconfigure
parameter.
Changed in version 1.20.0: Added --node-id
and --node-name
parameters.
genvid-bastion install [-h] [-b BASTIONID] [-r] [-m] [-l] [-u]
[--backup BACKUP] [--reconfigure] [--node-id NODE_ID]
[--node-name NODE_NAME] [-e SERVICES [SERVICES ...]]
Named Arguments¶
-b, --bastionid | |
Identifier of the bastion. Must be only lowercase, numbers and hyphens and between 3 and 32 characters. | |
-r, --force-rename | |
Force the bastion to be get a new bastion ID if the actual bastion exists with a different ID. Default: False | |
-m, --checkmodules | |
Install the modules and update them Default: False | |
-l, --loadconfig | |
Load the default bastion configuration Default: False | |
-u, --update-global-tfvars | |
Update the global terraform variable values. Default: False | |
--backup | Backup file to use for restoration. Using this option will always stop all services and rename the consul data directory to backup before applying the changes. |
--reconfigure | Reset the configuration of the services. This only resets the configuration files installed by the service. It won’t modify any other files present. Default: False |
--node-id | Enforce the node id to use for Consul. The default is set by Consul and based on the hostname. |
--node-name | Enforce the node name to use for Consul. The default is set by Consul as the machine hostname. |
-e, --excluded-services | |
Exclude services from being installed. |
load-bastion-config¶
Load default bastion config. This includes the jobs and logs
genvid-bastion load-bastion-config [-h]
log¶
Return the specific log for a task.
genvid-bastion log [-h] [-t] [-n LINES] [-f] [log]
Positional Arguments¶
log | The name of the log to fetch. Could be one of the local services (consul, nomad, vault) or one the registered logs. |
Named Arguments¶
-t, --tail | Only show the last line. Default: False |
-n, --lines | The number of lines to tail (10). Default: 10 |
-f, --follow | Wait for additional content at the end of file. Default: False |
open¶
Open a link in a webbrowser or list the link available.
genvid-bastion open [-h] [link]
Positional Arguments¶
link | Name of the link. |
reinstall¶
Stop all services and reinstall them.
Changed in version 1.13.0: The --update-global-tfvars
no longer updates the
toolbox
variable. Instead, it updates the
toolbox_location
variable only if present.
Changed in version 1.14.0: Added --bastionid
parameter to set or change the
bastion ID, and --backup
parameter to restore from
a previous version of bastion.
Changed in version 1.15.0: Added --reconfigure
parameter.
Changed in version 1.20.0: Added --node-id
and --node-name
parameters.
genvid-bastion reinstall [-h] [-c] [-f] [-d] [-b BASTIONID] [-r] [-m] [-l]
[-u] [--backup BACKUP] [--reconfigure]
[--node-id NODE_ID] [--node-name NODE_NAME]
[-e SERVICES [SERVICES ...]]
Named Arguments¶
-c, --clean | Clean the installation. Default: False |
-f, --force | Force deinstallation. Default: False |
-d, --destroy | Destroy existing clusters. Default: False |
-b, --bastionid | |
Identifier of the bastion. Must be only lowercase, numbers and hyphens and between 3 and 32 characters. | |
-r, --force-rename | |
Force the bastion to be get a new bastion ID if the actual bastion exists with a different ID. Default: False | |
-m, --checkmodules | |
Install the modules and update them Default: False | |
-l, --loadconfig | |
Load the default bastion configuration Default: False | |
-u, --update-global-tfvars | |
Update the global terraform variable values. Default: False | |
--backup | Backup file to use for restoration. Using this option will always stop all services and rename the consul data directory to backup before applying the changes. |
--reconfigure | Reset the configuration of the services. This only resets the configuration files installed by the service. It won’t modify any other files present. Default: False |
--node-id | Enforce the node id to use for Consul. The default is set by Consul and based on the hostname. |
--node-name | Enforce the node name to use for Consul. The default is set by Consul as the machine hostname. |
-e, --excluded-services | |
Exclude services from being installed. |
restart¶
Restart the services.
Changed in version 1.13.0: The --jobs-only
option restarts only the jobs.
genvid-bastion restart [-h] [-j] [jobs [jobs ...]]
Positional Arguments¶
jobs |
Named Arguments¶
-j, --jobs-only | |
Only stops the jobs. Default: False |
set-default-terraform-providers¶
Customize the global default providers configuration with the content of a JSON-formatted file.
genvid-bastion set-default-terraform-providers [-h] providers_file
Positional Arguments¶
providers_file | JSON-formatted file containing the new providers configuraiton. |
setup-vault-engines¶
Set up the vault secret engines and load its roles. The roles are defined in a folder specified in environment variable GENVID_VAULT_TOKEN_ROLES_FOLDER. The json files are expected to be put in subfolders with subfolder names corresonding to the role types - ‘token’ and ‘pki’. The json files at the root of the folder are treated as ‘token’ role type for backwards compatibility. Json files contain role settings. The name of the role is taken from the ‘name’ setting in the json file. If that setting is not present, than the name of the file is used.
genvid-bastion setup-vault-engines [-h] [-f VAULT_ROLES_FOLDER]
Named Arguments¶
-f, --vault-roles-folder | |
Folder that contains roles definition. By default, uses the value of GENVID_VAULT_TOKEN_ROLES_FOLDER environment variable. |
start¶
Start the services.
Changed in version 1.13.0: The --jobs-only
option starts only the jobs.
genvid-bastion start [-h] [-j] [jobs [jobs ...]]
Positional Arguments¶
jobs |
Named Arguments¶
-j, --jobs-only | |
Only stops the jobs. Default: False |
stop¶
Stop the services.
Changed in version 1.13.0: The --jobs-only
option stops only the jobs.
genvid-bastion stop [-h] [-j] [jobs [jobs ...]]
Positional Arguments¶
jobs |
Named Arguments¶
-j, --jobs-only | |
Only stops the jobs. Default: False |
uninstall¶
Stop and uninstall the services.
genvid-bastion uninstall [-h] [-c] [-f] [-d]
Named Arguments¶
-c, --clean | Clean the installation. Default: False |
-f, --force | Force deinstallation. Default: False |
-d, --destroy | Destroy existing clusters. Default: False |
update-global-tfvars¶
Update the global variables with your current settings.
This update the Global TFVars with your current external IP and the current toolbox.
Changed in version 1.13.0: The toolbox
variable is no longer updated. It is replaced
by a toolbox_location
variable that is updated only if
present.
genvid-bastion update-global-tfvars [-h]