Closed dlapiduz closed 8 years ago
Can you groom this one a bit so I know what to do with it?
copied from #57
@sharms didn't you say at stand-up today that you were working on this? If so can you put it In Progress
?
Related :eyes: https://github.com/18F/cg-deploy-bosh/pull/9
@rogeruiz let me know when you're online. I'd like to work with you on this.
Roger's update in Slack today:
finishing up cg-atlas-62 with PRs for updated secretes on
cg-deploy-docker-swarm
andcg-deploy-bosh
. Once the scripts are updated in s3 and Concourse, I’ll refly the necessary pipelines in concourse, and the PRs should trigger a build once they’re merged in
There will be a somewhat intermediate problem as we currently rely on DNS resolution for the riemann/collectd server instance. This DNS resolution is provided by BOSH itself for all it's deployments, so anything deployed with staging BOSH knows about 0.monitoring.monitoring.monitoring-staging.bosh
. Staging BOSH itself will not know anything about this, since it's own DNS is pointed to tooling BOSH. This means that riemann would have to exist in tooling VPC (see #116). The bigger problem then is tooling BOSH, since it is deployed with master BOSH, and then again master BOSH itself. Neither will know how to resolve the tooling riemann server. Workaround for now could be to use hardcoded IPs.
Currently blocked on #116 #117 #118
We're now provisioning a tooling riemann in deploy-monitoring
and uploading hardening releases to master-bosh in deploy-bosh
. I think this should be unblocked now.
@rogeruiz can you give us an idea of what state this one is in?
@mogul Sorry about that, I was out yesterday. This just needs updated secrets uploaded with the riemann server URL for staging / master / tooling and then work that @sharms 18F/cg-deploy-bosh#9 did should be good to be merged in.
Docker swarm may be missing releases. need to verify.
In order to meet requirements for both GSA and FedRAMP, we want the scanning agent to be deployed on every VM that Bosh deploys.
Acceptance Criteria
The following VMs are shown to be running the host scanning jobs (fisma, tripwire, awslogs, nessus-agent, and newrelic) in staging and production
tooling( see #116 , #117 )staging( see tooling )production( see tooling )master( see #118 )