Update Vault paths to reflect new tree structure (elastic#473)

This commit implements the night-rally specific changes
triggered by the new Vault tree structure[1].

[1] elastic/elasticsearch-benchmarks#485

README.md

@@ -239,15 +239,15 @@ The Vagrant workflow retrieves credentials to the metrics store via Vault so ens
     "es_secure": "true"
     }
     ```
-    1.2 Add the key-value pairs to Vault. Please use `/secret/rally/cloud` as path prefix:
+    1.2 Add the key-value pairs to Vault. Please use `/secret/performance/es-perf/cloud` as the path prefix if you want this to be accessible by members of the es-pef team, or `/secret/performance/employees/cloud` if you want it to be readable by all employees:
 
     ```
-    vault write /secret/rally/cloud/your-metrics-cluster-name @cluster-creds.json
+    vault write /secret/performance/es-perf/cloud/your-metrics-cluster-name @cluster-creds.json
     ```
     1.3 Check that the data are present
 
     ```
-    vault read /secret/rally/cloud/your-metrics-cluster-name
+    vault read /secret/performance/es-perf/cloud/your-metrics-cluster-name
     ```
 
     1.4 Delete the cluster properties file
@@ -256,7 +256,7 @@ The Vagrant workflow retrieves credentials to the metrics store via Vault so ens
     rm ~/cluster-creds.json
     ```
 
-2. `export VAULT_NIGHT_RALLY_METRICS_STORE_CREDENTIAL_PATH=/secret/rally/cloud/your-metrics-cluster-name`
+2. `export VAULT_NIGHT_RALLY_METRICS_STORE_CREDENTIAL_PATH=/secret/performance/es-perf/cloud/your-metrics-cluster-name`
 
 Afterwards you can start the Vagrant boxes.
 

night_rally.sh

@@ -24,7 +24,7 @@ while [[ -h $SOURCE ]]; do # resolve $SOURCE until the file is no longer a symli
 done
 NIGHT_RALLY_HOME="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
 
-export RALLY_METRICS_STORE_CREDENTIAL_PATH=${RALLY_METRICS_STORE_CREDENTIAL_PATH:-"/secret/rally/cloud/nightly-rally-metrics"}
+export RALLY_METRICS_STORE_CREDENTIAL_PATH=${RALLY_METRICS_STORE_CREDENTIAL_PATH:-"/secret/performance/employees/cloud/nightly-rally-metrics"}
 
 ANSIBLE_ALL_TAGS=(check-drive-health encryption-at-rest initialize-data-disk trim drop-caches)
 ANSIBLE_SKIP_TAGS=( )

night_rally/fixtures/ansible/Vagrantfile

@@ -109,7 +109,7 @@ def install_rally_ssh_key
   <<~EOF
   set -eo pipefail
   cd /var/lib/jenkins
-  sudo -iu jenkins bash -c "vault read -field=private-key /secret/rally/ssh-keypairs/rally >~/.ssh/id_rsa && chmod 0600 ~/.ssh/id_rsa && ssh-keyscan github.com >> ~/.ssh/known_hosts"
+  sudo -iu jenkins bash -c "vault read -field=private-key /secret/performance/employees/ssh/rally >~/.ssh/id_rsa && chmod 0600 ~/.ssh/id_rsa && ssh-keyscan github.com >> ~/.ssh/known_hosts"
   EOF
 end
 

night_rally/fixtures/ansible/configure.sh

@@ -12,7 +12,7 @@ SCRIPT_HOME="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
 
 cd ${SCRIPT_HOME}
 
-export RALLY_METRICS_STORE_CREDENTIAL_PATH=${RALLY_METRICS_STORE_CREDENTIAL_PATH:-"/secret/rally/cloud/nightly-rally-metrics"}
+export RALLY_METRICS_STORE_CREDENTIAL_PATH=${RALLY_METRICS_STORE_CREDENTIAL_PATH:-"/secret/performance/employees/cloud/nightly-rally-metrics"}
 # attempt to read so we can determine early on whether the user is logged in
 set +e
 vault read ${RALLY_METRICS_STORE_CREDENTIAL_PATH} > /dev/null 2>&1

night_rally/fixtures/ansible/roles/rally-configure/tasks/main.yml

@@ -9,7 +9,7 @@
 
 - block:
     - set_fact:
-        gcs_service_account_contents: "{{ lookup('hashi_vault', 'secret=/secret/rally/cloud/gcs-internal-rally-service-account:contents') }}"
+        gcs_service_account_contents: "{{ lookup('hashi_vault', 'secret=/secret/performance/employees/cloud/buckets/gcs/performance-testing-artifacts') }}"
 
     - name: write gcs service account file
       become: true
@@ -18,4 +18,3 @@
         content: "{{ gcs_service_account_contents }}"
         dest: ~/.gcs-service-account.json
   when: not local_setup | default("false") | bool
-