John Jediny
John Jediny
Cloud.gov is a FEDRAMP moderate Platform-as-a-Service (PaaS). This repository includes a sample manifest.yml.example file ready to be pushed and run the latest version of fleetdm as a container. Make a copy of the example file and update the key values as appropriate.
cp manifest.yml.cloudgov.example manifest.yml
Setup a cloud.gov account - https://cloud.gov/docs/getting-started/accounts/
Install the cf-cli - https://cloud.gov/docs/getting-started/setup/
From your local fleetdm source directory.
git clone https://github.com/fleetdm/fleet
cd fleet
cf login -a api.fr.cloud.gov --sso
# Follow the link to copy the Temporary Authentication Code when prompted
cf target -o sandbox-gsa create-space fleetdm-rename
# Update manifest.yml file to rename application and database key names to match commands below.
cf marketplace
cf create-service aws-rds medium-mysql fleetdm-mysql
cf create-service aws-elasticache-redis redis-dev fleetdm-redis
cf create-service-key fleetdm-db-rename fleetdm-db-test-key
cf push
You will be returned the URL for your new test instance to navigate to.
Note: This is only for demonstration purposes, in order to run a production level federal/FISMA system. You will need to contact the cloud.gov program and consult your organization's security team (for risk assessment and an Authority to Operate).
Cloud foundry injects an environmental variable $VCAP_SERVICES
which is available within the
container. fleetdm uses jq to map service injected credentials to the standard fleetdm environment
variables.
{
"aws-rds": [
{
"label": "aws-rds",
"provider": null,
"plan": "medium-mysql",
"name": "fleetdm-db",
"tags": [
"database",
"RDS"
],
"instance_guid": "guid",
"instance_name": "fleetdm-db",
"binding_guid": "guid",
"binding_name": null,
"credentials": {
"db_name": "db_name",
"host": "host",
"name": "name",
"password": "password",
"port": "3306",
"uri": "mysql://username:password@hostname:port/db_name",
"username": "username"
},
"syslog_drain_url": null,
"volume_mounts": []
}
],
"aws-elasticache-redis": [
{
"label": "aws-elasticache-redis",
"provider": null,
"plan": "redis-dev",
"name": "fleetdm-redis",
"tags": [
"redis",
"Elasticache",
"AWS"
],
"instance_guid": "guid",
"instance_name": "fleetdm-redis",
"binding_guid": "guid",
"binding_name": null,
"credentials": {
"current_redis_engine_version": "version",
"host": "host",
"hostname": "hostname",
"password": "password",
"port": "port",
"uri": "redis://:address:port"
},
"syslog_drain_url": null,
"volume_mounts": []
}
]
}