Wouldn’t it be nice to have a jumpbox available for your users without needing to maintain a list of users?
Well, we did it again! And made it happen…
It’s called oauth-jumpbox
So let’s get you up and running…
We are going to use the UAA from BUCC in this example;
if you are not familiar with BUCC check out our blog post here
First, you need a working BUCC
git clone https://github.com/starkandwayne/bucc
cd bucc
bucc up
Upload a cloud-config
cp src/bosh-deployment/warden/cloud-config.yml .
Add another static IP that we are going to use for the oauth-jumpbox
change line 21 in cloud-config.yml
From
static: [10.244.0.34]
To
static:
- 10.244.0.34
- 10.244.0.3
Upload our edited cloud-config
bosh update-cloud-config cloud-config.yml
Let’s get the latest manifest that is already configured to use the BUCC-UAA
wget https://raw.githubusercontent.com/cloudfoundry-community/oauth-jumpbox-boshrelease/master/manifests/oauth-jumpbox.yml
Upload the lastest stemcell for warden see
https://bosh.io/stemcells/bosh-warden-boshlite-ubuntu-trusty-go_agent
bosh deploy oauth-jumpbox.yml -d oauth-jumpbox
If the deployment succeeded, we can retrieve the generated password from CredHub that we need to use when creating the client in the UAA.
credhub get -n /bucc/oauth-jumpbox/client_secret
Take a note of the value and replace MY_SECRET below.
We can now create a client in the UAA.
bucc uaac
uaac client add jumpbox \
--name jumpbox \
--scope openid \
--autoapprove true \
--authorized_grant_types password,refresh_token \
--secret "MY_SECRET"
Create a user in the UAA.
bucc uaac
uaac user add [email protected] -p test
Set up routes on your local machines.
bucc routes
Let’s login.
ssh "[email protected]"@10.244.0.3
And now you are logged in via the UAA in a busybox container.
We are really exited to hear your opinions or PR’s.
Spread the word
