Best practices for deploying a secure BOSH director say you should set up a "jumpbox" and restrict access to the director so that only that jumpbox can connect to it.
This repository contains jumpbox
, a utility that will install
all necessary utilities for running BOSH deployments, including:
- rvm - For managing versions of Ruby and the BOSH CLI gems
- ruby - For rendering templates
- bosh - The BOSH CLI itself
- cf - The CF CLI itself
- genesis - For creating multi-tiered deployment repos
- spruce - A YAML multitool for managing BOSH manifests
- safe - An alternate CLI for Hashicorp's Vault
- jq - A JSON query utility
- certstrap - A certificate manager
- sipcalc - An ip subnet calculator
Grab the latest copy from Github and put it in your $PATH
:
sudo curl -o /usr/local/bin/jumpbox \
https://raw.githubusercontent.com/starkandwayne/jumpbox/master/bin/jumpbox
sudo chmod 0755 /usr/local/bin/jumpbox
jumpbox
operates in two modes: system
and user
You only have to run system mode once per box. It installs
global utilities that live outside of individual user home
directories, like spruce
, jq
, etc.
jumpbox system
Every user on the jumpbox needs to run user mode at least once.
jumpbox user
jumpbox
can also create user accounts on the local machine:
jumpbox useradd
Full name: Joe User
Username: juser
Enter the public key for this user's .ssh/authorized_keys file:
ssh-rsa AAAAB3N...
Enter an additional public key for this user (leave blank to continue):
You should run `jumpbox user` now, as juser:
sudo -iu juser
jumpbox user
- Fork it
- Create your feature branch (
git checkout -b my-new-feature
) - Commit your changes (
git commit -am 'Added some feature'
) - Push to the branch (
git push origin my-new-feature
) - Create new Pull Request