search

shieldproject / shield-boshrelease

BOSH Release for shield
MIT License
11 stars 17 forks source link

Unable to render templates for job 'shield-agent' #178

Closed mmavrudiev closed 4 years ago

mmavrudiev commented 4 years ago

Hi all,

I am trying to implement the shield-agent in a BOSH instance group for a database but getting the following error:

   L Error: Unable to render instance groups for deployment. Errors are:
  - Unable to render jobs for instance group 'postgres_db'. Errors are:
    - Unable to render templates for job 'shield-agent'. Errors are:
      - Error filling in template 'shield-agent' (line 10: Can't find property '["agent.key"]')
      - Error filling in template 'agent.conf' (line 25: Can't find property '["agent.key"]')
      - Error filling in template 'shield.ca' (line 2: Can't find property '["core.ca"]')
Task 633946 | 07:44:37 | Error: Unable to render instance groups for deployment. Errors are:
  - Unable to render jobs for instance group 'postgres_db'. Errors are:
    - Unable to render templates for job 'shield-agent'. Errors are:
      - Error filling in template 'shield-agent' (line 10: Can't find property '["agent.key"]')
      - Error filling in template 'agent.conf' (line 25: Can't find property '["agent.key"]')
      - Error filling in template 'shield.ca' (line 2: Can't find property '["core.ca"]')

What I have as an ops file is the following:

- type: replace
  path: /releases/-
  value:
    name:    shield
    version: 8.6.3
    url:     https://github.com/shieldproject/shield-boshrelease/releases/download/v8.6.3/shield-8.6.3.tgz
    sha1:    1dabacb2243a139c02ba92b08aebcd7c5d463c42

- type: replace
  path: /instance_groups/name=postgres_db/jobs/-
  value:
    release: shield
    name: shield-agent
    templates:
       bin/shield-agent: bin/shield-agent
       config/agent.conf: config/agent.conf
       config/agent.key: config/agent.key
       config/tls/shield.ca: config/tls/shield.ca
    properties:
       name: postgres-db-shield-agent
       shield-url: https://shield.external.address/
       require-shield-core: true
       agent.key: "ssh-rsa AAAA...<cutted>"
       core.ca: | <cutted>

Can you advise please what is missing here?

At the end I have the following changes:

  instance_groups:
  - name: postgres_db
    jobs:
+   - name: shield-agent
+     properties:
+       agent.key: "<redacted>"
+       core.ca: "<redacted>"
+       name: "<redacted>"
+       require-shield-core: "<redacted>"
+       shield-url: "<redacted>"
+     release: shield
+     templates:
+       bin/shield-agent: bin/shield-agent
+       config/agent.conf: config/agent.conf
+       config/agent.key: config/agent.key
+       config/tls/shield.ca: config/tls/shield.ca`

In the manifest, we have several instance groups but above I am trying to put shield-agent on the one which is related to the database so that should be ok per the docs.

Many thanks,

mmavrudiev commented 4 years ago

Anyone?

jhunt commented 4 years ago

You appear to be putting parts of a BOSH release spec into a BOSH deployment manifest. Namely, templates is not a thing you should put in your manifest. You shouldn't even need to be aware of that. Also, your properties are dotted, and they shouldn't be.

Try this:

instance_groups:
  - name: postgres_db
    jobs:
      - name: shield-agent
        release: shield
        properties:
          name: ...
          require-shield-core: ...
          shield-uri: ...
          agent:
            key: ...
          core:
            ca: ...
mmavrudiev commented 4 years ago

Thank you Mr. Hunt! All is properly working now! Appreciate your help!