Deploy a Self-Hosted HCP Vault and Boundary stack using end-to-end automation.
This project provides a comprehensive, hands-on experience in Infrastructure as Code (IaC) and Configuration Management. It simulates a real-world infrastructure environment with a focus on end-to-end automation, enabling DevOps engineers to collaboratively deliver a reliable, production-ready stack. Key deliverables include detailed documentation and diagrams.
As of the latest release, BVSTACK covers steps 0-3 of the DevOpsHobbies Ultimate Roadmap.
Read the Documentation: Before getting started, ensure you have thoroughly reviewed the project documentation, the automation workflow diagram and installed the prerequisites.
Configure Variables: Create your own tfvars
file based on the samples provided in the Boundary and Vault directories. Alternatively, you can remove the .sample
extension from the provided sample files to use the default values.
Run the Start Script: Begin the setup by running the start.sh
script in your desired environment:
# Run in development:
./start.sh -e development
you'll be prompted to choose which NIC you want to bridge to by Vagrant.
inventory.ini
) unless the related issue is resolved.Note: The default
ansible-vault-pass
isBVSTACK
. This is provided for simplicity in the sample; ensure you use a strong password for your Ansible Vault-encrypted files.
Note The stack assumes that your host machine acts as the Ansible/Terraform controller. If you have the resources, it's recommended to spin up a separate VM to serve as the controller by cloning and running the project on that VM. after that you can export STACK_SERVER environment variable and set it to false this enables you to keep your host machine clean and isolated. Otherwise, don't even bother you won't be losing much. learn more about STACK_SERVER
For further assistance on exit/return codes and configurations, refer to the documentation.
prepare_env
role.prepare_env
role.tfvars
files to handle specific variables for both Boundary and Vault Terraform providers.environment
attribute instead of inline definitions in the shell
module.serve
directory (tool optional).boundary.yml
to use environment variables instead of hardcoding, then manage the export of these variables with Ansible.community.docker.docker_container
collection as an optional deployment method.log
directory).case
statements instead of if
for argument handling in init.sh
.start.sh
to prompt for the Ansible Vault password once and use it for all operations.start.sh
with the appropriate Ansible wait_for
modules.cleanup
script.All contributions are welcome! Please read the Contributing Guidelines for more information.
Copyright © 2024 Shayan Ghani - [email protected]