Merge pull request #55 from devopshobbies/transfer-ownership

Transfer ownership to DevOpsHobbies changes

Author: Shayan-Ghani

.github/workflows/ci.yml

@@ -22,7 +22,7 @@ jobs:
         uses: mathieudutour/github-tag-action@a22cf08638b34d5badda920f9daf6e72c477b07b
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
-          default_bump: minor
+          default_bump: patch
 
       - name: Build Changelog
         id: github_release

Contributing.md

@@ -27,9 +27,9 @@ Thank you for considering contributing to the HashiCorp Boundary and Vault Stack
     cd boundary-vault-stack
     ```
 
-3. **Set Up Your Environment**: Ensure you have the necessary dependencies installed as outlined in the [documentation](./artifacts/wiki.md).
+3. **Set Up Your Environment**: Ensure you have the necessary dependencies installed as outlined in the [documentation](https://devopshobbies.github.io/boundary-vault-stack/).
 
-4. **Review the Documentation**: Familiarize yourself with the project by thoroughly reading the [documentation](./artifacts/wiki.md) and reviewing the [automation workflow diagram](https://linktw.in/PloXtt).
+4. **Review the Documentation**: Familiarize yourself with the project by thoroughly reading the [documentation](https://devopshobbies.github.io/boundary-vault-stack/) and reviewing the [automation workflow diagram](https://linktw.in/PloXtt).
 
 ## Types of Contributions
 
@@ -39,7 +39,7 @@ If you encounter any bugs, errors, or have suggestions for improvements:
 
 - **Search Existing Issues**: Before submitting a new issue, check if it has already been reported.
 - **Create a New Issue**: If it’s a new issue, provide detailed information such as steps to reproduce, expected vs. actual results, and any relevant screenshots or logs.
-- **Link to Related Tasks**: If your issue relates to any of the [TODOs](https://github.com/Shayan-Ghani/boundary-vault-stack/tree/main/#to-do), reference the corresponding task.
+- **Link to Related Tasks**: If your issue relates to any of the [TODOs](https://github.com/devopshobbies/boundary-vault-stack/tree/main/#to-do), reference the corresponding task.
 
 ### Commit Messages
 

README.md

@@ -6,9 +6,29 @@ Deploy a Self-Hosted HCP Vault and Boundary stack using end-to-end automation.
 
 This project provides a comprehensive, hands-on experience in Infrastructure as Code (IaC) and Configuration Management. It simulates a real-world infrastructure environment with a focus on end-to-end automation, enabling DevOps engineers to collaboratively deliver a reliable, production-ready stack. Key deliverables include detailed documentation and diagrams.
 
-## How to Use
+> As of [the latest release](https://github.com/devopshobbies/boundary-vault-stack/releases/latest), BVSTACK covers **steps 0-3** of the [DevOpsHobbies Ultimate Roadmap](https://github.com/devopshobbies/devops-roadmap).
+
+## 💻 Toolchain
+![Vault](https://img.shields.io/badge/vault-%231A1918.svg?style=for-the-badge&logo=vault)
+![LINUX](https://img.shields.io/badge/Linux-FCC624?style=for-the-badge&logo=linux&logoColor=black)
+![Ansible](https://img.shields.io/badge/ansible-%231A1918.svg?style=for-the-badge&logo=ansible&logoColor=white)
+![Terraform](https://img.shields.io/badge/terraform-%235835CC.svg?style=for-the-badge&logo=terraform&logoColor=white)
+![Boundary](https://img.shields.io/badge/Boundary-%231A1918.svg?style=for-the-badge&logo=hashicorp&logoColor=red)
+![Docker](https://img.shields.io/badge/docker-%230db7ed.svg?style=for-the-badge&logo=docker&logoColor=white)
+![Vagrant](https://img.shields.io/badge/vagrant-%231A1918.svg?style=for-the-badge&logo=vagrant&logoColor=blue)
+![Postgres](https://img.shields.io/badge/postgres-%23316192.svg?style=for-the-badge&logo=postgresql&logoColor=white)
+![Python](https://img.shields.io/badge/python-3670A0?style=for-the-badge&logo=python&logoColor=ffdd54)
+[![Bash](https://img.shields.io/badge/Bash-1f425f.svg?style=for-the-badge&logo=image%2Fpng%3Bbase64%2CiVBORw0KGgoAAAANSUhEUgAAABgAAAAYCAYAAADgdz34AAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyZpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw%2FeHBhY2tldCBiZWdpbj0i77u%2FIiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8%2BIDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDUuNi1jMTExIDc5LjE1ODMyNSwgMjAxNS8wOS8xMC0wMToxMDoyMCAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIgeG1sbnM6eG1wPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvIiB4bWxuczp4bXBNTT0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL21tLyIgeG1sbnM6c3RSZWY9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9zVHlwZS9SZXNvdXJjZVJlZiMiIHhtcDpDcmVhdG9yVG9vbD0iQWRvYmUgUGhvdG9zaG9wIENDIDIwMTUgKFdpbmRvd3MpIiB4bXBNTTpJbnN0YW5jZUlEPSJ4bXAuaWlkOkE3MDg2QTAyQUZCMzExRTVBMkQxRDMzMkJDMUQ4RDk3IiB4bXBNTTpEb2N1bWVudElEPSJ4bXAuZGlkOkE3MDg2QTAzQUZCMzExRTVBMkQxRDMzMkJDMUQ4RDk3Ij4gPHhtcE1NOkRlcml2ZWRGcm9tIHN0UmVmOmluc3RhbmNlSUQ9InhtcC5paWQ6QTcwODZBMDBBRkIzMTFFNUEyRDFEMzMyQkMxRDhEOTciIHN0UmVmOmRvY3VtZW50SUQ9InhtcC5kaWQ6QTcwODZBMDFBRkIzMTFFNUEyRDFEMzMyQkMxRDhEOTciLz4gPC9yZGY6RGVzY3JpcHRpb24%2BIDwvcmRmOlJERj4gPC94OnhtcG1ldGE%2BIDw%2FeHBhY2tldCBlbmQ9InIiPz6lm45hAAADkklEQVR42qyVa0yTVxzGn7d9Wy03MS2ii8s%2BeokYNQSVhCzOjXZOFNF4jx%2BMRmPUMEUEqVG36jo2thizLSQSMd4N8ZoQ8RKjJtooaCpK6ZoCtRXKpRempbTv5ey83bhkAUphz8fznvP8znn%2B%2F3NeEEJgNBoRRSmz0ub%2FfuxEacBg%2FDmYtiCjgo5NG2mBXq%2BH5I1ogMRk9Zbd%2BQU2e1ML6VPLOyf5tvBQ8yT1lG10imxsABm7SLs898GTpyYynEzP60hO3trHDKvMigUwdeaceacqzp7nOI4n0SSIIjl36ao4Z356OV07fSQAk6xJ3XGg%2BLCr1d1OYlVHp4eUHPnerU79ZA%2F1kuv1JQMAg%2BE4O2P23EumF3VkvHprsZKMzKwbRUXFEyTvSIEmTVbrysp%2BWr8wfQHGK6WChVa3bKUmdWou%2BjpArdGkzZ41c1zG%2Fu5uGH4swzd561F%2BuhIT4%2BLnSuPsv9%2BJKIpjNr9dXYOyk7%2FBZrcjIT4eCnoKgedJP4BEqhG77E3NKP31FO7cfQA5K0dSYuLgz2TwCWJSOBzG6crzKK%2BohNfni%2Bx6OMUMMNe%2Fgf7ocbw0v0acKg6J8Ql0q%2BT%2FAXR5PNi5dz9c71upuQqCKFAD%2BYhrZLEAmpodaHO3Qy6TI3NhBpbrshGtOWKOSMYwYGQM8nJzoFJNxP2HjyIQho4PewK6hBktoDcUwtIln4PjOWzflQ%2Be5yl0yCCYgYikTclGlxadio%2BBQCSiW1UXoVGrKYwH4RgMrjU1HAB4vR6LzWYfFUCKxfS8Ftk5qxHoCUQAUkRJaSEokkV6Y%2F%2BJUOC4hn6A39NVXVBYeNP8piH6HeA4fPbpdBQV5KOx0QaL1YppX3Jgk0TwH2Vg6S3u%2BdB91%2B%2FpuNYPYFl5uP5V7ZqvsrX7jxqMXR6ff3gCQSTzFI0a1TX3wIs8ul%2Bq4HuWAAiM39vhOuR1O1fQ2gT%2F26Z8Z5vrl2OHi9OXZn995nLV9aFfS6UC9JeJPfuK0NBohWpCHMSAAsFe74WWP%2BvT25wtP9Bpob6uGqqyDnOtaeumjRu%2ByFu36VntK%2FPA5umTJeUtPWZSU9BCgud661odVp3DZtkc7AnYR33RRC708PrVi1larW7XwZIjLnd7R6SgSqWSNjU1B3F72pz5TZbXmX5vV81Yb7Lg7XT%2FUXriu8XLVqw6c6XqWnBKiiYU%2BMt3wWF7u7i91XlSEITwSAZ%2FCzAAHsJVbwXYFFEAAAAASUVORK5CYII%3D)](https://www.gnu.org/software/bash/)
+
+## Pre-requisites
+- [Vagrant](https://developer.hashicorp.com/vagrant/downloads)
+- [Virtualbox](https://virtualbox.org/wiki/Linux_Downloads)
+- Python => 3.10.12
+- Pip
+- venv
 
-1. **Read the Documentation**: Before getting started, ensure you have thoroughly reviewed the [project documentation](./artifacts/wiki.md) and the [automation workflow diagram](https://linktw.in/nWgoiO).
+## How to Use
+1. **Read the Documentation**: Before getting started, ensure you have thoroughly reviewed the [project documentation](https://devopshobbies.github.io/boundary-vault-stack/), the [automation workflow diagram](https://linktw.in/nWgoiO) and installed the **prerequisites**.
 
 2. **Configure Variables**: Create your own `tfvars` file based on the samples provided in the [Boundary](./boundary/terraform/terraform.tfvars.sample) and [Vault](./vault/terraform/terraform.tfvars.sample) directories. Alternatively, you can remove the `.sample` extension from the provided sample files to use the default values.
 
@@ -18,11 +38,15 @@ This project provides a comprehensive, hands-on experience in Infrastructure as
     ./start.sh -e development
     ```
 
-    For further assistance on exit/return codes and configurations, refer to the [documentation](./artifacts/wiki.md).
 
-4. **Enter Vault Password**: You will be prompted to enter the Vault password to decrypt Ansible Vault-encrypted files (e.g., `inventory.ini`).
+4. **Enter Vault Password**: You will be prompted to enter the Vault password four times to decrypt Ansible Vault-encrypted files (e.g., `inventory.ini`) unless the related [issue](https://github.com/devopshobbies/boundary-vault-stack/issues/24) is resolved.
+
+>**Note**: The default `ansible-vault-pass` is `BVSTACK`. This is provided for simplicity in the sample; ensure you use a strong password for your Ansible Vault-encrypted files.
+
+> **Note**  
+> The stack assumes that your host machine acts as the Ansible/Terraform controller. If you have the resources, it's recommended to spin up a separate VM to serve as the controller by cloning and running the project on that VM. after that you can export STACK_SERVER environment variable and set it to false this enables you to keep your host machine clean and isolated. Otherwise, don't even bother you won't be losing much. [learn more about STACK_SERVER](https://devopshobbies.github.io/boundary-vault-stack/#environment-variables)
 
-    **Note**: The default `ansible-vault-pass` is `BVSTACK`. This is provided for simplicity in the sample; ensure you use a strong password for your Ansible Vault-encrypted files.
+For further assistance on exit/return codes and configurations, refer to the [documentation](https://devopshobbies.github.io/boundary-vault-stack/).
 
 ## To-Do List
 

artifacts/diagrams/vault.py

@@ -19,11 +19,11 @@
         users = Users("\nUsers")
 
     # Vault connections
-    vault_listener - Edge(label="0.0.0.0:8200\nTLS Disabled") >> [storage_raft, vault_ui]
+    vault_listener - Edge(label="0.0.0.0:8200\nTLS Disabled") >> vault_ui
     vault_listener >> Edge(label="Max Entry Size\n1MB") >> storage_raft
 
     # User Management connections
-    users >> Edge(label="Lockout Threshold: 3\nLockout Duration: 10m") >> userpass_lockout
+    users - Edge(label="Lockout Threshold: 3\nLockout Duration: 10m") - userpass_lockout
 
     # External connections
     api_addr = Vault("API Address\nhttp://localhost:8200")

artifacts/wiki.md

@@ -176,4 +176,4 @@ scripts/init.sh vault
 
 ## Still Having Issues?
 
-For further assistance, feel free to open up a new issue on the [GitHub Issues page](https://github.com/Shayan-Ghani/boundary-vault-stack/issues).
+For further assistance, feel free to open up a new issue on the [GitHub Issues page](https://github.com/devopshobbies/boundary-vault-stack/issues).

artifacts/wiki/index.html

@@ -136,6 +136,14 @@ <h4>SSH_INJECTION (optional)</h4>
                 </ul>
                 <p class="default">default : false</p>
 
+                <h4>STACK_SERVER (optional)</h4>
+                <p>If set to false, vagrant and virtualbox won't be used to spin up BVSTACK. Instead you must create both Controller, BVSTACK and Client machines <span class="bold">manually</span> using your prefered method; ensure to address them in the inventory file accordingly.</p>
+                <ul class="options">
+                    <li>true</li>
+                    <li>false</li>
+                </ul>
+                <p class="default">default : true</p>
+
             </div>
 
             <div class="rc section">
@@ -286,7 +294,7 @@ <h2 id="bear-in-mind">Bear In Mind</h2>
             <div class="issues section">
                 <h2 id="still-having-issues" class="section-header">Still Having Issues</h2>
                 <p>For further assistance, feel free to open up a new issue on the <a
-                        href="https://github.com/Shayan-Ghani/boundary-vault-stack/issues">GitHub Issues page.</a></p>
+                        href="https://github.com/devopshobbies/boundary-vault-stack/issues">GitHub Issues page.</a></p>
             </div>
 
         </div>

scripts/linter.sh

@@ -47,6 +47,29 @@ function lint_docker () {
 
 }
 
+function lint_vagrant(){
+  if ! command -v vagrant &> /dev/null; then
+    echo -e "ERROR: Vagrant is not installed!" >&2
+    echo -e "Please install Vagrant from https://developer.hashicorp.com/vagrant/downloads" >&2
+    return 1
+  fi
+
+  if ! command -v VBoxManage &> /dev/null; then
+    echo -e "ERROR: VirtualBox is not installed \nVagrant uses Virtualbox to provision vms." >&2
+    echo -e "Please install VirtualBox from https://virtualbox.org/wiki/Linux_Downloads" >&2
+    return 1
+  fi
+  return 0
+}
+
+function lint_py(){
+  if ! command -v python3 && ! command -v python ; then
+    echo "Error: Python Is Not Installed." >&2
+    return 1
+  fi
+  return 0
+}
+
 function lint_ansible () {
 
   cd ../ansible || { echo "Failed to change directory to ansible"; return 1; }
@@ -62,6 +85,6 @@ function lint_ansible () {
     return 0
 }
 
-if [ $1 == "ansible" ]; then
+if [[ $1 == "ansible" ]]; then
   lint_ansible
 fi

start.sh

@@ -64,22 +64,42 @@ if [ $# -ne 2 ]; then
 fi
 
 
-echo "***Running Boundary Vault Stack on ${STACK_ENV} Mode.****"
+echo -e "***Running Boundary Vault Stack on ${STACK_ENV} Mode.****\n"
 
 
 ## create ignored dirs in git for confidential data
 mkdir -p logs/ logs/docker logs/terraform secrets/
 
+source ./scripts/linter.sh
+if [[ ! -d "venv/" ]]; then
+  echo -e "\nInstalling Virtual Env and dependencies."
+
+  py_cmd=$(lint_py)
+  $py_cmd -m venv venv
+  source venv/bin/activate
+  pip install -U pip 
+  pip install -r ./requirements.txt
+else 
+  source venv/bin/activate
+  pip install -r ./requirements.txt
+fi
+
 ## install required collections
 ansible-galaxy collection install -r requirements.yml
 
-ansible-playbook -i ansible/inventory/inventory.ini ansible/playbook.yml
+## provision the server
+if [ -z "$STACK_SERVER"]; then
+  lint_vagrant
+  vagrant up
+fi
+
+ansible-playbook -i ansible/inventory/inventory.ini ansible/playbook.yml --ask-vault-pass
 echo "****** Applying Vault changes ******"
 sleep 10
-ansible-playbook -i ansible/inventory/inventory.ini ansible/terraform.yml 
+ansible-playbook -i ansible/inventory/inventory.ini ansible/terraform.yml --ask-vault-pass
 echo "********* Applying terraform provisioning ******* "
 sleep 5
-ansible-playbook -i ansible/inventory/inventory.ini ansible/boundary.yml
+ansible-playbook -i ansible/inventory/inventory.ini ansible/boundary.yml --ask-vault-pass
 
 echo "***** Performing Stack Cleanup *******"
-ansible-playbook -i ansible/inventory/inventory.ini ansible/cleanup.yml
+ansible-playbook -i ansible/inventory/inventory.ini ansible/cleanup.yml --ask-vault-pass