This repository contains all setup and configuration code for the infrastructure required for the HashiConf 2024 Escape room challenge. This is a mono-repository with multiple Terraform workspaces for each domain area. For more information, please speak to Rosemary or Rob.
- Infrastructure lifecycle management (ILM) - puzzles use Waypoint, Terraform, Nomad, and Packer
- Security lifecycle management (SLM) - puzzles use Vault, Consul, and Boundary
- Form
- Scan badge.
- ILM/SLM sticker
These are the official puzzles for ILM/SLM:
Version 2 of the tracks in case the puzzles are compromised:
- If Instruqt, HCP, or AWS goes down, switch to backup slides with clues and video playback
- If Nomad, Waypoint, Packer goes down, let staff outside know we are only running SLM.
- If HCP Vault, Boundary, or Consul goes down, let staff outside know we are only running ILM.
All products use HCP except Nomad. Nomad runs on AWS EC2 instances.
The clients and workers all run on AWS in us-east-2.
If any of the endpoints change, you will need to re-run workspaces in HCP Terraform. The workspaces require the following order:
hcp-infrastructurenomad-infrastructurenomad-node-poolsclueswaypointapplicationsvault-configconsul-configboundary-config
Other technicalities:
-
HCP Terraform uses dynamic credentials for AWS. Review
hcp-infrastructurefor configuration. -
Images get pushed to HCP Packer with a GitHub Actions workflow. GitHub Actions also uses dynamic credentials, review
hcp-infrastructurefor configuration. -
Secrets get synchronized from various resources to GitHub Actions using HCP Vault Secrets. Check out
hcp-infrastructure/hvs.tffor a list of secrets. NOTE: The sync is manually configured in HCP Vault Secrets!
In order for changes to propagate across tools, you need to change clues in a few places.
A complete list of valid clues can be found at clues/README.md.
There are two places to update clues for infrastructure lifecycle management puzzles.
- Waypoint and Nomad
- Go to
clues/. - Update
terraform.auto.tfvars. - Push.
- This will run the
cluesworkspace in HCP Terraform. - Run workspaces corresponding to each application.
- Go to
- Packer
- Go to
.github/workflows/packer. - Update the
HCP_PACKER_BUILD_DETAILSfor each job.
- Go to
TODO