jlengrand/moderne-docs
1
0
Fork 0
mirror of https://github.com/jlengrand/moderne-docs.git synced 2026-03-10 08:31:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

GitBook: [#83] No subject

Browse Source
This commit is contained in:
Kevin McCarpenter
2022-07-25 15:32:42 +00:00
committed by gitbook-bot
parent 5c39593494
commit f14140e40b
3 changed files with 15 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
how-to/on-premise-agent/README.md
View File

@@ -10,11 +10,9 @@ The purpose of the Moderne on-premise agent is to encrypt and ship AST artifacts
## Getting Started
### Basic Usage
### Run the agent container
The Moderne on-premise agent is available as an OCI image or as a spring-boot executable jar artifact. Contact Moderne to obtain access. Moderne will provide access details appropriate for your chosen platform. In example commands below we will refer to this as `${MODERNE_AGENT_IMAGE_NAME}.` The latest one will be displayed in the "Agent" section of [the releases page](../releases/releases.md).
The Moderne on-premise agent is available as an OCI image or as a spring-boot executable jar artifact. Contact Moderne to obtain access. Moderne will provide access details appropriate for your chosen platform. In example commands below we will refer to this as `${MODERNE_AGENT_IMAGE_NAME}.` The latest one will be displayed in the "Agent" section of [the releases page](https://docs.moderne.io/releases/releases).
{% tabs %}
{% tab title="OCI Container" %}
@@ -36,11 +34,6 @@ docker run \
-e MODERNE_AGENT_API_GATEWAY_RSOCKET_URI=https://api.tenant.moderne.io/rsocket \
-e MODERNE_AGENT_TOKEN=W43qp4h952T4w2qV \
-e MODERNE_AGENT_CRYPTO_SYMMETRICKEY=546A576E5A7234753778217A25432A462D4A614E645267556B58703273357638 \
-e MODERNE_AGENT_ARTIFACTORY_0_URL=https://myartifactory.example.com/artifactory/ \
-e MODERNE_AGENT_ARTIFACTORY_0_USERNAME=admin \
-e MODERNE_AGENT_ARTIFACTORY_0_PASSWORD=password \
-e MODERNE_AGENT_ARTIFACTORY_0_ASTSQUERYFILTERS_0='{"name":{"$match":"*-ast.jar"}}' \
-e MODERNE_AGENT_ARTIFACTORY_0_ASTSQUERYFILTERS_1='{"repo":{"$eq":"example-maven"}}' \
${MODERNE_AGENT_IMAGE_NAME}
```
{% endtab %}
@@ -52,10 +45,6 @@ The agent application requires several arguments:
* `--moderne.agent.token` - Moderne SaaS agent connection token, provided by Moderne
* `--moderne.agent.crypto.symmetricKey` - 256 bit AES encryption key, hex encoded
* example openssl command to generate: `openssl enc -aes-256-cbc -k secret -P` (use key from the output)
* `--moderne.agent.artifactory[0].url` - Artifactory URL
* `--moderne.agent.artifactory[0].username` - username used to connect to Artifactory, requires permission to run AQL queries
* `--moderne.agent.artifactory[0].password` - password used to connect to Artifactory
* `--moderne.agent.artifactory[0].astQueryFilters[0]` - AQL query fragment used to select AST artifacts to send to Moderne
Note: system properties can be used in place of arguments. As an example, use `-Dmoderne.agent.token={token_value}` as an argument instead of `--moderne.agent.token={token_value}` as an argument.
@@ -65,12 +54,7 @@ Example (note that agent token and symmetric key are random examples)
java -jar moderne-agent-{version}.jar \
--moderne.agent.api-gateway-roscket-uri==https://api.tenant.moderne.io/rsocket \
--moderne.agent.token=W43qp4h952T4w2qV \
--moderne.agent.crypto.symmetricKey=546A576E5A7234753778217A25432A462D4A614E645267556B58703273357638 \
--moderne.agent.artifactory[0].url=https://myartifactory.example.com/artifactory/ \
--moderne.agent.artifactory[0].username=admin \
--moderne.agent.artifactory[0].password=password \
--moderne.agent.artifactory[0].astQueryFilters[0]='{"name":{"$match":"*-ast.jar"}}' \
--moderne.agent.artifactory[0].astQueryFilters[1]='{"repo":{"$eq":"example-maven"}}'
--moderne.agent.crypto.symmetricKey=546A576E5A7234753778217A25432A462D4A614E645267556B58703273357638
```
{% endtab %}
{% endtabs %}
@@ -86,34 +70,3 @@ To upgrade your version of the OCI container, just follow the instructions above
To update your version of the Executable JAR, change the numbered version of {agent} in the instructions above to the latest on [the releases page](../../releases/releases.md).
{% endtab %}
{% endtabs %}
### Advanced Usage
#### Hashicorp Vault
The Moderne agent optionally fetches secret configuration from Vault. It reads from a KV secret engine named "secret", and reads secret keys at path "moderne-agent". To configure the secret key/value pairs, follow the following procedure:
1. In the Vault management web application, go to Secrets. If there's not already a KV engine named "secret", create it.
2. In the "secret" KV secrets engine, create a new secret using "moderne-agent" as the "Path for this secret".
3. Add the following keys to the moderne-agent secret:
* `moderne.agent.token` - Moderne SaaS agent connection token, provided by Moderne
* `moderne.agent.crypto.symmetricKey` - 256 bit AES encryption key, hex encoded
* `moderne.agent.artifactory[0].password` - Artifactory user password
{% tabs %}
{% tab title="OCI Container" %}
To enable vault integration in the agent, omit environment variables that match keys specified in vault, and specify the following additional environment variables for the agent container:
* `SPRING_PROFILES_ACTIVE` - `vault`
* `SPRING_CLOUD_VAULT_URI` - Vault URI used to retrieve the secret configuration properties below
* `SPRING_CLOUD_VAULT_TOKEN` - Vault authentication token
{% endtab %}
{% tab title="Executable JAR" %}
To enable vault integration in the agent, omit arguments that match keys specified in vault, and specify the following additional arguments for the agent application:
* `spring.profiles.active` - vault
* `spring.cloud.vault.uri` `SPRING_CLOUD_VAULT_URI` - Vault URI used to retrieve the secret configuration properties below
* `SPRING_CLOUD_VAULT_TOKEN` - Vault authentication token
{% endtab %}
{% endtabs %}

14
how-to/on-premise-agent/configure-an-agent-with-github.md
View File

@@ -33,9 +33,9 @@ This guide will walk you through configuring a new OAuth Application in GitHub
{% tab title="OCI Container" %}
The following arguments must be provided in addition to the arguments provided in [.](./ "mention"). You can configure multiple GitHub OAuth Apps by including multiple entries with different indices. The Client ID and secret of each index must match up with the host for that index.
* `moderne_agent_github[{index}]_oauth_clientId` - Client id configured in the previous step
* `moderne_agent_github[{index}]_oauth_clientSecret` - Client secret configured in the previous step
* `moderne_agent_github[{index}]_url` - fully-qualified hostname of running GitHub instance
* `MODERNE_AGENT_GITHUB_{index}_OAUTH_CLIENTID` - Client id configured in the previous step
* `MODERNE_AGENT_GITHUB_{index}_OAUTH_CLIENTSECRET` - Client secret configured in the previous step
* `MODERNE_AGENT_GITHUB_{index}_URL` - fully-qualified hostname of running GitHub instance
By default, the OAuth app will only have access to public repositories within your organization(s). To provide the OAuth app access to private repositories, you can include the following optional configuration:
@@ -48,10 +48,10 @@ Example (note that host, client id, and client secret are fake):
```
docker run \
...
-e moderne_agent_github_0_oauth_clientId=ABCDE\
-e moderne_agent_github_0_oauth_clientSecret=d70a0527 \
-e moderne_agent_github_0_oauth_includePrivateRepos=true \
-e moderne_agent_github_0_url=https://myorg.github.com \
-e MODERNE_AGENT_GITHUB_0_OAUTH_CLIENTID=ABCDE\
-e MODERNE_AGENT_GITHUB_0_OAUTH_CLIENTSECRET=d70a0527 \
-e MODERNE_AGENT_GITHUB_0_OAUTH_INCLUDEPRIVATEREPOS=true \
-e MODERNE_AGENT_GITHUB_0_URL=https://myorg.github.com \
...
```
{% endtab %}

12
how-to/on-premise-agent/configure-bitbucket-to-agent.md
View File

@@ -72,18 +72,18 @@ Quickly get a single-line instance of your private key with the key header/foote
{% tab title="OCI Container" %}
The following arguments must be provided in addition to the arguments provided in [.](./ "mention"). You can configure multiple bitbuckets by including multiple entries with different indices. The private key of each index must match up with the host for that index.
* `moderne_agent_bitbucket_{index}_private-key` - Private key configured in previous step
* `moderne_agent_bitbucket_{index}_url` - fully-qualified URL of running bitbucket instance. example: `https://bitbucket.org`
* `MODERNE_AGENT_BITBUCKET_{index}_PRIVATE_KEY` - Private key configured in previous step
* `MODERNE_AGENT_BITBUCKET_{index}_URL` - fully-qualified URL of running bitbucket instance. example: `https://bitbucket.org`
Example using Docker (note that host and private-key are fake):
```
docker run \
...
-e moderne_agent_bitbucket_0_private-key=ABCDE \
-e moderne_agent_bitbucket_0_url=https://bitbucket.myorg.com \
-e moderne_agent_bitbucket_1_private-key=FGHIJ \
-e moderne_agent_bitbucket_1_url=http://bitbucket2.myorg.com \
-e MODERNE_AGENT_BITBUCKET_0_PRIVATE_KEY=ABCDE \
-e MODERNE_AGENT_BITBUCKET_0_URL=https://bitbucket.myorg.com \
-e MODERNE_AGENT_BITBUCKET_1_PRIVATE_KEY=FGHIJ \
-e MODERNE_AGENT_BITBUCKET_1_URL=http://bitbucket2.myorg.com \
...
```
{% endtab %}