cf-deployment requires the certstrap utility.

Hi S&W folks!

This looks like good stuff that we'd potentially use, but my only concern is lack of license. Can this project adopt a license (ideally something like MIT)?

Thanks,
Glenn

should upgrade to the new vault once the vault release is upgraded

Should we continue to maintain this script, since we have the jumpbox-boshrelease? I would be in favor of deprecating this repo and urging people to go use the BOSH release.

I got the following warning when using the jumpbox script.

ruby-2.2.4 - #adjusting #shebangs for (gem irb erb ri rdoc testrb rake).
Install of ruby-2.2.4 - #complete
Please be aware that you just installed a ruby that requires 1 patches just to be compiled on an up to date linux system.
This may have known and unaccounted for security vulnerabilities.
Please consider upgrading to ruby-2.3.0 which will have all of the latest security patches.
Ruby was built without documentation, to build it run: rvm docs generate-ri
installed (ruby 2.2.4p230 (2015-12-16 revision 53155) [x86_64-linux])

Should the jumpbox script build and install the latest stable version automatically?

It's annoying to not have password-less sudo

We should make sure that git, curl, and vim (vim-nox if available) are installed on jumpboxes

After I run jumpbox useradd, it outputs the following

You should run `jumpbox user` now, as xj:
  su - xj
  jumpbox user

If I run su - xj without sudo, it will ask me to input password,which I do not have, but I still tried ubuntu, password and blank, as expected the passwords I tried did not work.

So I just run sudo su -xj or sudo -iu xj and both of them work

The jumpbox script fails on (at least Ubuntu Bionic) Windows Subsystem for Linux.

Issue 1: install_core_packages()

• line 107: fails due to permission issues related to subsystem and lxrun AppData icalc permissions; a check needed for WSL as step can be bypassed when running a WSL container

Issue 2: Curl Request

• WSL lacks the cert bundles defaulted in most "standard installations" requiring the "--insecure" flag for curl request
• Application installs are copied across multiple functions when essentially performing the same steps, an enumeration list should be calling a singular function which would allow for additional checks to be performed on against the target system.

It's important to note genesis ping as well as other functions will execute successfully for a "system" instantiation after running once, then commenting out lines 100 - 124, adding the "--insecure" flag to curl request and running again.

Because networking is hard.

$ sipcalc 192.168.0.0/24
-[ipv4 : 192.168.0.0/24] - 0

[CIDR]
Host address        - 192.168.0.0
Host address (decimal)  - 3232235520
Host address (hex)  - C0A80000
Network address     - 192.168.0.0
Network mask        - 255.255.255.0
Network mask (bits) - 24
Network mask (hex)  - FFFFFF00
Broadcast address   - 192.168.0.255
Cisco wildcard      - 0.0.0.255
Addresses in network    - 256
Network range       - 192.168.0.0 - 192.168.0.255
Usable range        - 192.168.0.1 - 192.168.0.254

-

If you don't run jumpbox user at least once, you don't get make, and you can't compile the Google CPI (and, I suspect, many others).

This should be done in a jumpbox system, probably by installing the build-essentials package (if that's still a thing)

Two things have changed since we adopted RVM:

• Most CLIs are written in Go now, and packaged as standalone, static executables
• The distributions have caught up with modernity in the Ruby world (Ubu 18.04 LTS has ruby-2.5)

Change over to use the system package.

The cf command seems to be installed each time you run "jumpbox user" command instead of figuring out it was installed already.

The custom image did have the latest jumpbox release v49.

23 gems installed
installed BOSH CLI (BOSH 1.3184.1.0)
>> Installing cf
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
100 6389k 100 6389k 0 0 3733k 0 0:00:01 0:00:01 --:--:-- 8129k
installed CF CLI (cf version 6.21.1+6fd3c9f-2016-08-10)
Your Full Name (for git): Norman Abramovitz
Your Email Address (for git): [email protected]
git is configured

ALL DONE
Norman@bastion:~$ exit
logout
Connection to 104.198.142.25 closed.
Normans-MacBook-Pro:codex-google Norman$ gcloud compute ssh bastion --zone us-central1-a
Welcome to Ubuntu 16.04.1 LTS (GNU/Linux 4.4.0-36-generic x86_64)

• Documentation: https://help.ubuntu.com

• Management: https://landscape.canonical.com

• Support: https://ubuntu.com/advantage

  Get cloud support with Ubuntu Advantage Cloud Guest:
  http://www.ubuntu.com/business/services/cloud

0 packages can be updated.
0 updates are security updates.

Last login: Tue Sep 13 14:25:04 2016 from 99.90.69.58
Norman@bastion:~$ jumpbox user

Installing rvm
RVM is already installed (rvm 1.27.0 (latest) by Wayne E. Seguin [email protected], Michal Papis [email protected] [https://rvm.io/])
Checking for ruby v2.2.4
ruby is already installed (ruby 2.2.4p230 (2015-12-16 revision 53155) [x86_64-linux])
Checking for bosh v1.3184.1.0
bosh is already installed (BOSH 1.3184.1.0)
>> Installing cf
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
100 6389k 100 6389k 0 0 2305k 0 0:00:02 0:00:02 --:--:-- 4388k

installed CF CLI (cf version 6.21.1+6fd3c9f-2016-08-10)

Git username is already set to 'Norman Abramovitz'
Git email address is already set to '[email protected]'
git is configured

ALL DONE

Norman@bastion:~$ exit
logout
Connection to 104.198.142.25 closed.
Normans-MacBook-Pro:codex-google Norman$ gcloud compute ssh bastion --zone us-central1-a
Welcome to Ubuntu 16.04.1 LTS (GNU/Linux 4.4.0-36-generic x86_64)

• Documentation: https://help.ubuntu.com

• Management: https://landscape.canonical.com

• Support: https://ubuntu.com/advantage

  Get cloud support with Ubuntu Advantage Cloud Guest:
  http://www.ubuntu.com/business/services/cloud

0 packages can be updated.
0 updates are security updates.

Last login: Tue Sep 13 14:32:56 2016 from 99.90.69.58
Norman@bastion:~$ jumpbox user

Installing rvm
RVM is already installed (rvm 1.27.0 (latest) by Wayne E. Seguin [email protected], Michal Papis [email protected] [https://rvm.io/])
Checking for ruby v2.2.4
ruby is already installed (ruby 2.2.4p230 (2015-12-16 revision 53155) [x86_64-linux])
Checking for bosh v1.3184.1.0
bosh is already installed (BOSH 1.3184.1.0)
Installing cf
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
100 6389k 100 6389k 0 0 3188k 0 0:00:02 0:00:02 --:--:-- 8993k
installed CF CLI (cf version 6.21.1+6fd3c9f-2016-08-10)
Git username is already set to 'Norman Abramovitz'
Git email address is already set to '[email protected]'
git is configured

ALL DONE

If you'd like to simplify the bin/jumpbox script, remove the two pre-compiled binaries from this repo, at the cost of being debian/ubuntu specific (are there examples of us using non-ubuntu jumpbox machines?), then we could move to using the apt-get install packages from https://apt.starkandwayne.com/

Latest list:

+ deb-s3 list -b apt.starkandwayne.com
gotcha       0.2.0   amd64
safe         0.2.1   amd64
shield       0.10.9  amd64
spruce       1.11.0  amd64
vault        0.7.3   amd64
genesis      2.0.7   amd64
certstrap    1.0.1   amd64
credhub-cli  1.4.0   amd64
sipcalc      1.1.6   amd64
jq           1.5     amd64
cf-cli       6.29.0  amd64
bosh-cli     2.0.29  amd64

Update: If we want to support centos/rhel jumpboxes, then with https://github.com/jordansissel/fpm + https://github.com/crohr/rpm-s3 we could probably create a https://yum.starkandwayne.com too

We like bash, damnit.

as root:

echo "dash dash/sh boolean false" | debconf-set-selections
DEBIAN_FRONTEND=noninteractive dpkg-reconfigure dash

Put that in the jumpbox system action, and make sure it sticks

Hi team,

After adding 2 users successfully on jumpbox, now when I'm adding next user, and running jumpbox user getting following errors:

ubuntu@ip-10-0-0-250:~$ su - pp
Password:
pp@ip-10-0-0-250:~$ jumpbox user
                   _.-+.
              _.-""     '.
          +:""            '.
          J \               '.
           L \             _.-+
           |  '.       _.-"   |
           J    \  _.-"       L
            L    +"          J
            +    |           |     (( jumpbox ))
             \   |          .+
              \  |       .-'
               \ |    .-'
                \| .-'
                 +

>> Installing rvm
   RVM is already installed (rvm 1.29.3 (latest) by Michal Papis, Piotr Kuczynski, Wayne E. Seguin [https://rvm.io])
>> Checking for ruby v2.3.1
   ruby is already installed (ruby 2.3.1p112 (2016-04-26) [x86_64-linux-gnu])
>> Checking for bosh v1.3262.4.0
>> Installing bosh v1.3262.4.0
Fetching: semi_semantic-1.2.0.gem (100%)
ERROR:  While executing gem ... (Gem::FilePermissionError)
    You don't have write permissions for the /var/lib/gems/2.3.0 directory.

Instead of installing local rvm for user its using system one.

We tried that with same clean EC2 and it works :(
Don't want to delete my existing machine, Can you suggest something.

thanks,
Mandar K

when we deploy bosh kit 1.2.1, we have saw the following error when installing ruly packagge.

+ ruby setup.rb --no-ri --no-rdocsdu
 /home/tpoland/.bosh/installations/5b8aeef1-b248-49af-6f90-adc3a440b754/tmp/bosh-release-pkg344846561/rubygems-2.7.6/lib/rubygems/core_ext/kernel_require.rb:59:in `require': cannot load such file -- zlib (LoadError)

Running command: '/home/tpoland/.bosh/installations/5b8aeef1-b248-49af-6f90-adc3a440b754/jobs/aws_cpi/bin/cpi', stdout: 'bundler: failed to load command: /home/tpoland/.bosh/installations/5b8aeef1-b248-49af-6f90-adc3a440b754/packages/bosh_aws_cpi/bin/aws_cpi (/home/tpoland/.bosh/installations/5b8aeef1-b248-49af-6f90-adc3a440b754/packages/bosh_aws_cpi/bin/aws_cpi)
', stderr: 'LoadError: cannot load such file -- openssl

some packages are missing

https://www.vaultproject.io/downloads.html

I ran the jumpbox useradd command and it prompted me for a public key. I believe it was asking me for a public key which I thought was my personal public key. It then prompted me for the bastion host account password. That did not make sense since that account only had ssh keys. I then killed script.

I then figured out where to get the bastion host keys from and ran the jumpbox useradd with the same input parameters.

I got the following response:

Full name: Norman Abramovitz
Username: normdev
useradd: user 'normdev' already exists

I am wondering if jumpbox useradd should undo it changes if the command fails execute completely or at least state to use userdel to clean things up.