Wouldn’t it be nice to have a jumpbox available for your users without needing to maintain a list of users?
Well, we did it again! And made it happen…
It’s called oauth-jumpbox
First, you need a working BUCC
git clone https://github.com/starkandwayne/bucc cd bucc bucc up
Upload a cloud-config
cp src/bosh-deployment/warden/cloud-config.yml .
Add another static IP that we are going to use for the oauth-jumpbox
change line 21 in cloud-config.yml
static: - 10.244.0.34 - 10.244.0.3
Upload our edited cloud-config
bosh update-cloud-config cloud-config.yml
Let’s get the latest manifest that is already configured to use the BUCC-UAA
Upload the lastest stemcell for warden see
bosh deploy oauth-jumpbox.yml -d oauth-jumpbox
If the deployment succeeded, we can retrieve the generated password from CredHub that we need to use when creating the client in the UAA.
credhub get -n /bucc/oauth-jumpbox/client_secret
Take a note of the value and replace
We can now create a client in the UAA.
bucc uaac uaac client add jumpbox \ --name jumpbox \ --scope openid \ --autoapprove true \ --authorized_grant_types password,refresh_token \ --secret "MY_SECRET"
Create a user in the UAA.
bucc uaac uaac user add [email protected] -p test
Set up routes on your local machines.
ssh "[email protected]"@10.244.0.3
And now you are logged in via the UAA in a busybox container.
We are really exited to hear your opinions or PR’s.