Best practices for deploying a secure BOSH director say you should set up a "jumpbox" and restrict access to the director so that only that jumpbox can connect to it.
This repository contains jumpbox, a utility that will install
all necessary utilities for running BOSH deployments, including:
- rvm - For managing versions of Ruby and the BOSH CLI gems
- ruby - For the BOSH CLI
- bosh-init - Tool for bootstrapping a new BOSH director
- bosh - The BOSH CLI itself
- cf - The CF CLI itself
- genesis - For creating multi-tiered deployment repos
- spruce - A YAML multitool for managing BOSH manifests
- safe - An alternate CLI for Hashicorp's Vault
- jq - A JSON query utility
- certstrap - A certificate manager
- sipcalc - An ip subnet calculator
Grab the latest copy from Github and put it in your $PATH:
sudo curl -o /usr/local/bin/jumpbox \
https://raw.githubusercontent.com/starkandwayne/jumpbox/master/bin/jumpbox
sudo chmod 0755 /usr/local/bin/jumpbox
jumpbox operates in two modes: system and user
You only have to run system mode once per box. It installs
global utilities that live outside of individual user home
directories, like spruce, jq, etc.
jumpbox system
Every user on the jumpbox needs to run user mode at least
once. This will set up rvm, the ruby dependencies and the
bosh CLI utility, inside that user's home directory.
jumpbox user
jumpbox can also create user accounts on the local machine:
jumpbox useradd
Full name: Joe User
Username: juser
sudo] password for ubuntu:
You should run `jumpbox user` now, as juser:
sudo -iu juser
jumpbox user
- Fork it
- Create your feature branch (
git checkout -b my-new-feature) - Commit your changes (
git commit -am 'Added some feature') - Push to the branch (
git push origin my-new-feature) - Create new Pull Request