FAQ
How would I open source a bosh release that uses blobs and an AWS S3 blobstore?

My config/final.yml needs credentials for AWS S3 for both reading (the open source part) and writing (the developers' part). The credentials can be created with AWS IAM to only read/write S3, but still, I don't want to have to check with S3 to ensure that people aren't storing their own stuff in my personal S3 buckets.

Suggestions?

How does the EMC ATMOS storage system & credentials work? Could I use the bosh-sample-release ATMOS credentials and write files to it?

Nic



Dr Nic Williams - VP Developer Evangelism





The Leading Platform as a Service


Mobile: 415 860 2185


Skype: nicwilliams


Twitter: @drnic

Search Discussions

  • Skaar at Jul 22, 2012 at 3:06 am
    Nic,

    check the BOSH manual:


    https://github.com/cloudfoundry/oss-docs/blob/master/bosh/documentation/documentation.md#s3

    you can keep secrets in config/private.yml - and exclude that from your
    repository - we typically just symlink it into our working copies.

    /skaar

    On Sat, Jul 21, 2012 at 7:24 PM, Dr Nic Williams
    wrote:
    How would I open source a bosh release that uses blobs and an AWS S3
    blobstore?

    My config/final.yml needs credentials for AWS S3 for both reading (the
    open source part) and writing (the developers' part). The credentials can
    be created with AWS IAM to only read/write S3, but still, I don't want to
    have to check with S3 to ensure that people aren't storing their own stuff
    in my personal S3 buckets.

    Suggestions?

    How does the EMC ATMOS storage system & credentials work? Could I use the
    bosh-sample-release ATMOS credentials and write files to it?

    Nic


    ------------------------------

    Dr Nic Williams - VP Developer Evangelism

    [image: Engine Yard]

    The Leading Platform as a Service

    Mobile: 415 860 2185

    Skype: nicwilliams

    Twitter: @drnic
    ------------------------------
  • Dr Nic Williams at Jul 22, 2012 at 6:27 am
    But I still need to publish my AWS credentials in my final.yml, so they can be used directly outside of BOSH?

    And some people may accidentally put in their normal AWS credentials which have full API access?

    Perhaps final.yml for "read" API access and private.yml is for write API access?

    Cheers
    Nic


    Dr Nic Williams - VP Developer Evangelism
    Engine Yard
    The Leading Platform as a Service
    Mobile: +1 415 860 2185
    Skype: nicwilliams
    Twitter: @drnic

    On Saturday, July 21, 2012 at 8:06 PM, skaar wrote:

    Nic,

    check the BOSH manual:

    https://github.com/cloudfoundry/oss-docs/blob/master/bosh/documentation/documentation.md#s3

    you can keep secrets in config/private.yml - and exclude that from your repository - we typically just symlink it into our working copies.

    /skaar
    On Sat, Jul 21, 2012 at 7:24 PM, Dr Nic Williams (mailto:nwilliams@engineyard.com)> wrote:
    How would I open source a bosh release that uses blobs and an AWS S3 blobstore?

    My config/final.yml needs credentials for AWS S3 for both reading (the open source part) and writing (the developers' part). The credentials can be created with AWS IAM to only read/write S3, but still, I don't want to have to check with S3 to ensure that people aren't storing their own stuff in my personal S3 buckets.

    Suggestions?

    How does the EMC ATMOS storage system & credentials work? Could I use the bosh-sample-release ATMOS credentials and write files to it?

    Nic



    Dr Nic Williams - VP Developer Evangelism





    The Leading Platform as a Service


    Mobile: 415 860 2185 (tel:415%20860%202185)


    Skype: nicwilliams


    Twitter: @drnic

  • Dr Nic Williams at Jul 22, 2012 at 5:00 pm
    Also, are encryption_key and blobstore_secret just any random string? Or a meaningful string that has been encrypted?

    Cheers
    Nic


    Dr Nic Williams - VP Developer Evangelism
    Engine Yard
    The Leading Platform as a Service
    Mobile: +1 415 860 2185
    Skype: nicwilliams
    Twitter: @drnic

    On Saturday, July 21, 2012 at 8:06 PM, skaar wrote:

    Nic,

    check the BOSH manual:

    https://github.com/cloudfoundry/oss-docs/blob/master/bosh/documentation/documentation.md#s3

    you can keep secrets in config/private.yml - and exclude that from your repository - we typically just symlink it into our working copies.

    /skaar
    On Sat, Jul 21, 2012 at 7:24 PM, Dr Nic Williams (mailto:nwilliams@engineyard.com)> wrote:
    How would I open source a bosh release that uses blobs and an AWS S3 blobstore?

    My config/final.yml needs credentials for AWS S3 for both reading (the open source part) and writing (the developers' part). The credentials can be created with AWS IAM to only read/write S3, but still, I don't want to have to check with S3 to ensure that people aren't storing their own stuff in my personal S3 buckets.

    Suggestions?

    How does the EMC ATMOS storage system & credentials work? Could I use the bosh-sample-release ATMOS credentials and write files to it?

    Nic



    Dr Nic Williams - VP Developer Evangelism





    The Leading Platform as a Service


    Mobile: 415 860 2185 (tel:415%20860%202185)


    Skype: nicwilliams


    Twitter: @drnic

  • Dr Nic Williams at Jul 24, 2012 at 10:54 pm
    Bump.

    I'd like to share some boshreleases but I'm not sure how to do so without including read/write AWS credentials.

    Dr Nic Williams - VP Developer Evangelism
    Engine Yard
    The Leading Platform as a Service
    Mobile: +1 415 860 2185
    Skype: nicwilliams
    Twitter: @drnic

    On Sunday, July 22, 2012 at 10:00 AM, Dr Nic Williams wrote:

    Also, are encryption_key and blobstore_secret just any random string? Or a meaningful string that has been encrypted?

    Cheers
    Nic


    Dr Nic Williams - VP Developer Evangelism
    Engine Yard
    The Leading Platform as a Service
    Mobile: +1 415 860 2185
    Skype: nicwilliams
    Twitter: @drnic

    On Saturday, July 21, 2012 at 8:06 PM, skaar wrote:

    Nic,

    check the BOSH manual:

    https://github.com/cloudfoundry/oss-docs/blob/master/bosh/documentation/documentation.md#s3

    you can keep secrets in config/private.yml - and exclude that from your repository - we typically just symlink it into our working copies.

    /skaar
    On Sat, Jul 21, 2012 at 7:24 PM, Dr Nic Williams (mailto:nwilliams@engineyard.com)> wrote:
    How would I open source a bosh release that uses blobs and an AWS S3 blobstore?

    My config/final.yml needs credentials for AWS S3 for both reading (the open source part) and writing (the developers' part). The credentials can be created with AWS IAM to only read/write S3, but still, I don't want to have to check with S3 to ensure that people aren't storing their own stuff in my personal S3 buckets.

    Suggestions?

    How does the EMC ATMOS storage system & credentials work? Could I use the bosh-sample-release ATMOS credentials and write files to it?

    Nic



    Dr Nic Williams - VP Developer Evangelism





    The Leading Platform as a Service


    Mobile: 415 860 2185 (tel:415%20860%202185)


    Skype: nicwilliams


    Twitter: @drnic

  • Skaar at Jul 25, 2012 at 8:51 pm
    Hi Nic,

    short of it is that our documentation is incorrect and that we currently
    _don't_ have support for private/public access to blobs in S3 - I believe
    it would only be a CLI change, but currently the only data we read from
    private.yml is 'blobstore_secret' used by the Atmos plugin.

    /skaar
    On Tue, Jul 24, 2012 at 3:54 PM, Dr Nic Williams wrote:

    Bump.

    I'd like to share some boshreleases but I'm not sure how to do so without
    including read/write AWS credentials.

    Dr Nic Williams - VP Developer Evangelism
    Engine Yard
    The Leading Platform as a Service
    Mobile: +1 415 860 2185
    Skype: nicwilliams
    Twitter: @drnic

    On Sunday, July 22, 2012 at 10:00 AM, Dr Nic Williams wrote:

    Also, are encryption_key and blobstore_secret just any random string? Or
    a meaningful string that has been encrypted?

    Cheers
    Nic


    Dr Nic Williams - VP Developer Evangelism
    Engine Yard
    The Leading Platform as a Service
    Mobile: +1 415 860 2185
    Skype: nicwilliams
    Twitter: @drnic

    On Saturday, July 21, 2012 at 8:06 PM, skaar wrote:

    Nic,

    check the BOSH manual:


    https://github.com/cloudfoundry/oss-docs/blob/master/bosh/documentation/documentation.md#s3

    you can keep secrets in config/private.yml - and exclude that from your
    repository - we typically just symlink it into our working copies.

    /skaar

    On Sat, Jul 21, 2012 at 7:24 PM, Dr Nic Williams <nwilliams@engineyard.com
    wrote:
    How would I open source a bosh release that uses blobs and an AWS S3
    blobstore?

    My config/final.yml needs credentials for AWS S3 for both reading (the
    open source part) and writing (the developers' part). The credentials can
    be created with AWS IAM to only read/write S3, but still, I don't want to
    have to check with S3 to ensure that people aren't storing their own stuff
    in my personal S3 buckets.

    Suggestions?

    How does the EMC ATMOS storage system & credentials work? Could I use the
    bosh-sample-release ATMOS credentials and write files to it?

    Nic


    ------------------------------

    Dr Nic Williams - VP Developer Evangelism

    [image: Engine Yard]

    The Leading Platform as a Service

    Mobile: 415 860 2185

    Skype: nicwilliams

    Twitter: @drnic
    ------------------------------



  • Dr Nic Williams at Jul 25, 2012 at 8:33 pm
    I'll create a ticket for it to track it.

    Dr Nic Williams - VP Developer Evangelism
    Engine Yard
    The Leading Platform as a Service
    Mobile: +1 415 860 2185
    Skype: nicwilliams
    Twitter: @drnic

    On Wednesday, July 25, 2012 at 1:21 PM, skaar wrote:

    Hi Nic,

    short of it is that our documentation is incorrect and that we currently _don't_ have support for private/public access to blobs in S3 - I believe it would only be a CLI change, but currently the only data we read from private.yml is 'blobstore_secret' used by the Atmos plugin.

    /skaar
    On Tue, Jul 24, 2012 at 3:54 PM, Dr Nic Williams (mailto:drnicwilliams@gmail.com)> wrote:
    Bump.

    I'd like to share some boshreleases but I'm not sure how to do so without including read/write AWS credentials.

    Dr Nic Williams - VP Developer Evangelism
    Engine Yard
    The Leading Platform as a Service
    Mobile: +1 415 860 2185 (tel:%2B1%20415%20860%202185)
    Skype: nicwilliams
    Twitter: @drnic

    On Sunday, July 22, 2012 at 10:00 AM, Dr Nic Williams wrote:

    Also, are encryption_key and blobstore_secret just any random string? Or a meaningful string that has been encrypted?

    Cheers
    Nic


    Dr Nic Williams - VP Developer Evangelism
    Engine Yard
    The Leading Platform as a Service
    Mobile: +1 415 860 2185 (tel:%2B1%20415%20860%202185)
    Skype: nicwilliams
    Twitter: @drnic

    On Saturday, July 21, 2012 at 8:06 PM, skaar wrote:

    Nic,

    check the BOSH manual:

    https://github.com/cloudfoundry/oss-docs/blob/master/bosh/documentation/documentation.md#s3

    you can keep secrets in config/private.yml - and exclude that from your repository - we typically just symlink it into our working copies.

    /skaar
    On Sat, Jul 21, 2012 at 7:24 PM, Dr Nic Williams (mailto:nwilliams@engineyard.com)> wrote:
    How would I open source a bosh release that uses blobs and an AWS S3 blobstore?

    My config/final.yml needs credentials for AWS S3 for both reading (the open source part) and writing (the developers' part). The credentials can be created with AWS IAM to only read/write S3, but still, I don't want to have to check with S3 to ensure that people aren't storing their own stuff in my personal S3 buckets.

    Suggestions?

    How does the EMC ATMOS storage system & credentials work? Could I use the bosh-sample-release ATMOS credentials and write files to it?

    Nic



    Dr Nic Williams - VP Developer Evangelism





    The Leading Platform as a Service


    Mobile: 415 860 2185 (tel:415%20860%202185)


    Skype: nicwilliams


    Twitter: @drnic

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupbosh-users @
postedJul 22, '12 at 2:24a
activeJul 25, '12 at 8:51p
posts7
users3

People

Translate

site design / logo © 2021 Grokbase