diff --git a/docs/modules/ROOT/pages/how-tos/cloudscale/decommission.adoc b/docs/modules/ROOT/pages/how-tos/cloudscale/decommission.adoc index 5a917e2e..a676aa0a 100644 --- a/docs/modules/ROOT/pages/how-tos/cloudscale/decommission.adoc +++ b/docs/modules/ROOT/pages/how-tos/cloudscale/decommission.adoc @@ -101,7 +101,7 @@ curl -i -H "Authorization: Bearer ${CLOUDSCALE_TOKEN}" -X DELETE $(echo $respons ---- # Vault login export VAULT_ADDR=https://vault-prod.syn.vshn.net -vault login -method=ldap username= +vault login -method=oidc # delete token secret vault kv delete clusters/kv/${TENANT_ID}/${CLUSTER_ID}/cloudscale diff --git a/docs/modules/ROOT/pages/how-tos/cloudscale/install.adoc b/docs/modules/ROOT/pages/how-tos/cloudscale/install.adoc index 9bb3a703..c0dc676c 100644 --- a/docs/modules/ROOT/pages/how-tos/cloudscale/install.adoc +++ b/docs/modules/ROOT/pages/how-tos/cloudscale/install.adoc @@ -99,7 +99,7 @@ response=$(curl -sH "Authorization: Bearer ${CLOUDSCALE_TOKEN}" \ + [source,bash] ---- -export REGION=$(curl -sH "Authorization: Bearer ${COMMODORE_API_TOKEN}" ${COMMODORE_API_URL}/clusters/${CLUSTER_ID} | jq -r .facts.region) +export REGION=$(curl -sH "Authorization: Bearer $(commodore fetch-token)" ${COMMODORE_API_URL}/clusters/${CLUSTER_ID} | jq -r .facts.region) mc config host add \ "${CLUSTER_ID}" "https://objects.${REGION}.cloudscale.ch" \ $(echo $response | jq -r '.keys[0].access_key') \ diff --git a/docs/modules/ROOT/pages/how-tos/exoscale/decommission.adoc b/docs/modules/ROOT/pages/how-tos/exoscale/decommission.adoc index bdce74b9..9feb2cee 100644 --- a/docs/modules/ROOT/pages/how-tos/exoscale/decommission.adoc +++ b/docs/modules/ROOT/pages/how-tos/exoscale/decommission.adoc @@ -44,7 +44,6 @@ export GITLAB_USER= # For example: https://api.syn.vshn.net # IMPORTANT: do NOT add a trailing `/`. Commands below will fail. export COMMODORE_API_URL= -export COMMODORE_API_TOKEN= export TF_VAR_lb_exoscale_api_key=irrelevant export TF_VAR_lb_exoscale_api_secret=irrelevant diff --git a/docs/modules/ROOT/pages/how-tos/recover-from-backup.adoc b/docs/modules/ROOT/pages/how-tos/recover-from-backup.adoc index 07056349..a8f71844 100644 --- a/docs/modules/ROOT/pages/how-tos/recover-from-backup.adoc +++ b/docs/modules/ROOT/pages/how-tos/recover-from-backup.adoc @@ -63,7 +63,7 @@ git archive --remote ${REPO_URL} master | tar -xC catalog + [source,console] ---- -vault login -method=ldap username= +vault login -method=oidc ---- 4. Export restic configuration diff --git a/docs/modules/ROOT/partials/commodore-init.adoc b/docs/modules/ROOT/partials/commodore-init.adoc index bfbaefb9..18d6f2ac 100644 --- a/docs/modules/ROOT/partials/commodore-init.adoc +++ b/docs/modules/ROOT/partials/commodore-init.adoc @@ -3,11 +3,10 @@ [source,bash] ---- export COMMODORE_API_URL=https://api.syn.vshn.net <1> -export COMMODORE_API_TOKEN= # Set Project Syn cluster and tenant ID export CLUSTER_ID= # Looks like: c-cluster-id-1234 -export TENANT_ID=$(curl -sH "Authorization: Bearer ${COMMODORE_API_TOKEN}" ${COMMODORE_API_URL}/clusters/${CLUSTER_ID} | jq -r .tenant) +export TENANT_ID=$(curl -sH "Authorization: Bearer $(commodore fetch-token)" ${COMMODORE_API_URL}/clusters/${CLUSTER_ID} | jq -r .tenant) ---- <1> Replace with the API URL of the desired Lieutenant instance. diff --git a/docs/modules/ROOT/partials/connect-to-vault.adoc b/docs/modules/ROOT/partials/connect-to-vault.adoc index 7f9c555e..ea7d790b 100644 --- a/docs/modules/ROOT/partials/connect-to-vault.adoc +++ b/docs/modules/ROOT/partials/connect-to-vault.adoc @@ -2,5 +2,5 @@ [source,bash] ---- export VAULT_ADDR=https://vault-prod.syn.vshn.net -vault login -method=ldap username= +vault login -method=oidc ---- diff --git a/docs/modules/ROOT/partials/install/prepare-commodore.adoc b/docs/modules/ROOT/partials/install/prepare-commodore.adoc index ffac44b1..02177a8f 100644 --- a/docs/modules/ROOT/partials/install/prepare-commodore.adoc +++ b/docs/modules/ROOT/partials/install/prepare-commodore.adoc @@ -12,7 +12,7 @@ Check https://syn.tools/commodore/running-commodore.html[Running Commodore] for [source,bash] ---- mkdir -p inventory/classes/ -git clone $(curl -sH"Authorization: Bearer ${COMMODORE_API_TOKEN}" "${COMMODORE_API_URL}/tenants/${TENANT_ID}" | jq -r '.gitRepo.url') inventory/classes/${TENANT_ID} +git clone $(curl -sH"Authorization: Bearer $(commodore fetch-token)" "${COMMODORE_API_URL}/tenants/${TENANT_ID}" | jq -r '.gitRepo.url') inventory/classes/${TENANT_ID} ---- ==== Cilium Optional: Prepare Cilium Configuration diff --git a/docs/modules/ROOT/partials/install/registry-acl-fix.adoc b/docs/modules/ROOT/partials/install/registry-acl-fix.adoc index a6b0fdfe..a3bbbf9f 100644 --- a/docs/modules/ROOT/partials/install/registry-acl-fix.adoc +++ b/docs/modules/ROOT/partials/install/registry-acl-fix.adoc @@ -23,7 +23,7 @@ pip install awscli ---- export AWS_ACCESS_KEY_ID=$(mc config host ls ${CLUSTER_ID} -json | jq -r .accessKey) export AWS_SECRET_ACCESS_KEY=$(mc config host ls ${CLUSTER_ID} -json | jq -r .secretKey) -export REGION=$(curl -sH "Authorization: Bearer ${COMMODORE_API_TOKEN}" ${COMMODORE_API_URL}/clusters/${CLUSTER_ID} | jq -r .facts.region) +export REGION=$(curl -sH "Authorization: Bearer $(commodore fetch-token)" ${COMMODORE_API_URL}/clusters/${CLUSTER_ID} | jq -r .facts.region) aws --endpoint-url "https://objects.${REGION}.cloudscale.ch" s3api get-public-access-block --bucket "${CLUSTER_ID}-image-registry" ---- + diff --git a/docs/modules/ROOT/partials/recovery/recover-etcd.adoc b/docs/modules/ROOT/partials/recovery/recover-etcd.adoc index 584e46f4..7e62f8b0 100644 --- a/docs/modules/ROOT/partials/recovery/recover-etcd.adoc +++ b/docs/modules/ROOT/partials/recovery/recover-etcd.adoc @@ -50,18 +50,17 @@ The following CLI utilities need to be available locally: # For example: https://api.syn.vshn.net # IMPORTANT: do NOT add a trailing `/`. Commands below will fail. export COMMODORE_API_URL= -export COMMODORE_API_TOKEN= # Set Project Syn cluster and tenant ID export CLUSTER_ID= # Looks like: c- -export TENANT_ID=$(curl -sH "Authorization: Bearer ${COMMODORE_API_TOKEN}" ${COMMODORE_API_URL}/clusters/${CLUSTER_ID} | jq -r .tenant) +export TENANT_ID=$(curl -sH "Authorization: Bearer $(commodore fetch-token)" ${COMMODORE_API_URL}/clusters/${CLUSTER_ID} | jq -r .tenant) ---- .Fetch backup url from cluster repo [source,bash] ---- -GIT_REPO=$(curl -sH "Authorization: Bearer ${COMMODORE_API_TOKEN}" ${COMMODORE_API_URL}/clusters/${CLUSTER_ID} | jq -r .gitRepo.url) +GIT_REPO=$(curl -sH "Authorization: Bearer $(commodore fetch-token)" ${COMMODORE_API_URL}/clusters/${CLUSTER_ID} | jq -r .gitRepo.url) git clone --depth 1 $GIT_REPO cluster-repo RESTIC_ENDPOINT=$(find cluster-repo/manifests/cluster-backup -name '*.yaml' -exec yq eval-all 'select(.kind == "Schedule" and .metadata.name == "etcd" ) | .spec.backend.s3.endpoint' {} \;) RESTIC_BUCKET=$(find cluster-repo/manifests/cluster-backup -name '*.yaml' -exec yq eval-all 'select(.kind == "Schedule" and .metadata.name == "etcd" ) | .spec.backend.s3.bucket' {} \;) diff --git a/docs/modules/ROOT/partials/setup_terraform.adoc b/docs/modules/ROOT/partials/setup_terraform.adoc index ddeedbf5..156ea6f6 100644 --- a/docs/modules/ROOT/partials/setup_terraform.adoc +++ b/docs/modules/ROOT/partials/setup_terraform.adoc @@ -21,7 +21,7 @@ alias terraform='docker run -it --rm \ --ulimit memlock=-1 \ "${tf_image}:${tf_tag}" /tf/terraform.sh' -export GITLAB_REPOSITORY_URL=$(curl -sH "Authorization: Bearer ${COMMODORE_API_TOKEN}" ${COMMODORE_API_URL}/clusters/${CLUSTER_ID} | jq -r '.gitRepo.url' | sed 's|ssh://||; s|/|:|') +export GITLAB_REPOSITORY_URL=$(curl -sH "Authorization: Bearer $(commodore fetch-token)" ${COMMODORE_API_URL}/clusters/${CLUSTER_ID} | jq -r '.gitRepo.url' | sed 's|ssh://||; s|/|:|') export GITLAB_REPOSITORY_NAME=${GITLAB_REPOSITORY_URL##*/} export GITLAB_CATALOG_PROJECT_ID=$(curl -sH "Authorization: Bearer ${GITLAB_TOKEN}" "https://git.vshn.net/api/v4/projects?simple=true&search=${GITLAB_REPOSITORY_NAME/.git}" | jq -r ".[] | select(.ssh_url_to_repo == \"${GITLAB_REPOSITORY_URL}\") | .id") export GITLAB_STATE_URL="https://git.vshn.net/api/v4/projects/${GITLAB_CATALOG_PROJECT_ID}/terraform/state/cluster" diff --git a/docs/modules/ROOT/partials/vshn-input.adoc b/docs/modules/ROOT/partials/vshn-input.adoc index 3efe70b0..2d4d61d4 100644 --- a/docs/modules/ROOT/partials/vshn-input.adoc +++ b/docs/modules/ROOT/partials/vshn-input.adoc @@ -8,11 +8,10 @@ export GITLAB_USER= # For example: https://api.syn.vshn.net # IMPORTANT: do NOT add a trailing `/`. Commands below will fail. export COMMODORE_API_URL= -export COMMODORE_API_TOKEN= # Set Project Syn cluster and tenant ID export CLUSTER_ID= # Looks like: c- -export TENANT_ID=$(curl -sH "Authorization: Bearer ${COMMODORE_API_TOKEN}" ${COMMODORE_API_URL}/clusters/${CLUSTER_ID} | jq -r .tenant) +export TENANT_ID=$(curl -sH "Authorization: Bearer $(commodore fetch-token)" ${COMMODORE_API_URL}/clusters/${CLUSTER_ID} | jq -r .tenant) ---- ifeval::["{needs_hieradata_edit}" == "yes"]