October 2020 – python design

root@ubunu2004:~/jenkins-docker-groovy# ls build.sh config.xml create-seed-job.groovy Dockerfile plugins.groovy plugins.txt README.md security.groovy seeddsl.groovy root@ubunu2004:~/jenkins-docker-groovy# cat Dockerfile FROM jenkins/jenkins:lts ENV JAVA_OPTS="-Djenkins.install.runSetupWizard=false" COPY security.groovy /usr/share/jenkins/ref/init.groovy.d/security.groovy COPY seeddsl.groovy /usr/share/jenkins/seeddsl.groovy COPY config.xml /usr/share/jenkins/seed-job-config.xml COPY create-seed-job.groovy /usr/share/jenkins/ref/init.groovy.d/create-seed-job.groovy COPY plugins.txt /usr/share/jenkins/ref/plugins.txt RUN /usr/local/bin/install-plugins.sh < /usr/share/jenkins/ref/plugins.txt root@ubunu2004:~/jenkins-docker-groovy# cat build.sh #!/bin/bash docker rm -f `docker ps -a -q` docker build -t local/jenkins . && docker run --name jenkins -d -p 80:8080 -p 50000:50000 local/jenkins && docker logs -f `docker ps -a -q`

create vault keystore

root@ubunu2004:/opt/wildfly/bin# keytool -genseckey -alias busa -storetype jceks -keyalg AES -keysize 256 -storepass union1234 -keypass union1234 -keystore vault.store

setup vault

root@ubunu2004:/opt/wildfly/bin# ./vault.sh --keystore ./vault/vault.store  --keystore-password union1234 --alias busa --vault-block vb --attribute password --sec-attr something --enc-dir ./vault/ --iteration 50 --salt 1234abcd
=========================================================================

  JBoss Vault

  JBOSS_HOME: /opt/wildfly

  JAVA: java

=========================================================================

Oct 08, 2020 9:24:25 AM org.picketbox.plugins.vault.PicketBoxSecurityVault init
INFO: PBOX00361: Default Security Vault Implementation Initialized and Ready
WFLYSEC0047: Secured attribute value has been stored in Vault.
Please make note of the following:
********************************************
Vault Block:vb
Attribute Name:password
Configuration should be done as follows:
VAULT::vb::password::1
********************************************
WFLYSEC0048: Vault Configuration commands in WildFly for CLI:
********************************************
For standalone mode:
/core-service=vault:add(vault-options=[("KEYSTORE_URL" => "./vault/vault.store"),("KEYSTORE_PASSWORD" => "MASK-0FOV91/9idPaMgF3tkR9.V"),("KEYSTORE_ALIAS" => "busa"),("SALT" => "1234abcd"),("ITERATION_COUNT" => "50"),("ENC_FILE_DIR" => "./vault/")])
********************************************
For domain mode:
/host=the_host/core-service=vault:add(vault-options=[("KEYSTORE_URL" => "./vault/vault.store"),("KEYSTORE_PASSWORD" => "MASK-0FOV91/9idPaMgF3tkR9.V"),("KEYSTORE_ALIAS" => "busa"),("SALT" => "1234abcd"),("ITERATION_COUNT" => "50"),("ENC_FILE_DIR" => "./vault/")])
********************************************

run CLI command to add Vault Configuration

root@ubunu2004:/opt/wildfly# ./bin/jboss-cli.sh --connect controller=192.168.0.43:9990
[standalone@192.168.0.43:9990 /] /core-service=vault:add(vault-options=[("KEYSTORE_URL" => "/opt/wildfly/bin/vault/vault.store"),("KEYSTORE_PASSWORD" => "MASK-0FOV91/9idPaMgF3tkR9.V"),("KEYSTORE_ALIAS" => "busa"),("SALT" => "1234abcd"),("ITERATION_COUNT" => "50"),("ENC_FILE_DIR" => "/opt/wildfly/bin/vault/")])
{"outcome" => "success"}

verify the standalone.xml

    <vault>
        <vault-option name="KEYSTORE_URL" value="/opt/wildfly/bin/vault/vault.store"/>
        <vault-option name="KEYSTORE_PASSWORD" value="MASK-0FOV91/9idPaMgF3tkR9.V"/>
        <vault-option name="KEYSTORE_ALIAS" value="busa"/>
        <vault-option name="SALT" value="1234abcd"/>
        <vault-option name="ITERATION_COUNT" value="50"/>
        <vault-option name="ENC_FILE_DIR" value="/opt/wildfly/bin/vault/"/>
    </vault>

Month: October 2020

use groovy for Jenkins job automation

How to enable vault on WildFly