# Common

Re-ops uses re-ops.edn and secrets.edn for its configuration, example templates can be found under re-core/resources folder:

cp resources/re-ops.edn ~/.re-ops.edn
cp resources/secrets.edn /tmp/re-ops.edn

Aero (opens new window) is used as the base library for managing secrets references and getting access to environment from re-ops.edn.

The configuration file is divided to the following sections:

  • Re-core section which includes the Hypervisors used, Elasticsearch index, Queue folder and logging paths.
  • Re-mote section (currently includes only the Elasticsearch index used for publishing metrics)
  • Shared settings which are common to both Re-core and Re-mote including: Elasticsearch settings SSH settings and pgp.
  • Riemann setting (for publishing metrics into Riemann).

Any configuration change made in the file can be made available by running:

(reset)

# Secret management

The secrets.edn includes passwords and tokens which are kept in a pgp encrypted file, once copied into /tmp we can add the information matching the hypervisors we use.

We will now encrypt the file by first generating the pgp password protected keypair :

# Generate a keyring and keys
gpg --no-default-keyring --keyring trustedkeys.gpg --fingerprint
gpg --no-default-keyring --keyring trustedkeys.gpg --gen-key
# A public and private keyrings exported
gpg --no-default-keyring --keyring trustedkeys.gpg --export >> keys/public.gpg
gpg --no-default-keyring --keyring trustedkeys.gpg --export-secret-keys >> keys/secret.gpg

Once the keys are ready we can encrypte our secrets file:

(require '[re-share.config.secret :refer (save-secrets)])
; create a secrets file under the re-core project folder
(save-secrets "/tmp/secrets.edn" "secrets" "keys/public.gpg")

When launching re-core a Tmux window pane will open into which we should enter our keypair password.

# Shared

The shared configuration options include parts which are common to both Re-mote and Re-core:

{
 :shared {
    :elasticsearch {
      :host "localhost"
      :port 9200
      :user "elastic"
      :pass #ref [:secrets :elasticsearch :pass]
    }

    :ssh {
      :private-key-path "/home/foo/.ssh/id_rsa"
    }
   
    :pgp {
      :public "keys/public.gpg"
      :private "keys/secret.gpg"
      :pass #ref [:secrets :pgp :pass]
    }
  }
}
Table 1. Shared Settings
Section Property Description Comments

elasticsearch

host

The host Elasticsearch is running on

port

http API port (9200 by default)

user

Elasticsearch user name

pass

Elasticsearch password

ssh

private-key-path

Private ssh key path

Used to perform remote tasks over ssh

pgp

public

public pgp key

private

private pgp key

pass

private key password

keeps the password available between reset operations.

Re-core