Catwalk Configuration

Now you're set up and have an understanding of where you'll be working, let's take a look at configuring your Catwalk.

Most of our configuration for the Catwalks takes place in backend. There's a project.yml under config/ inside each of your Project folders. These are used to set configurations on a per-project-basis. This project.yml is the base configuration, which can be overwritten on a per-environment basis. For example, you could overwrite the access credentials for your different connected APIs on development and on staging environment.

In order to do so, add a  project.yml.dev and/or project.yml.staging to the directory config/ with the needed overwrites.

Securing Production Configs

As the production access tokens and configuration of the connected APIs shouldn't be publicly available to everybody on the Project, it's recommended to encrypt these configurations if necessary.

The API tokens will of course not be publicly accessible in general, but as they normally lie inside our  project.yml in the config/ folder and therefore inside the repository, they would be available to everyone who has access to that private repository!

Adding Encrypted Project Configurations

We have introduced a way to add another ansible-vault for encrypted project configurations. This vault should be just an encrypted version of the  project.yml with the necessary overwrites and should be named accordingly: * project.yml.crypt for Production project.yml * project.yml.staging.crypt for Staging project.yml.staging

These files will then get decrypted on our servers to make them available there.

Sourcing Hierarchy

The files are sourced in the following hierarchy and values from top are overwritten the way down:

Production 1. project.yml 2. project.yml.crypt

Stage 1. project.yml 2. project.yml.staging 3. project.yml.staging.crypt

Development 1. project.yml 2. project.yml.dev

Creating the Ansible-Vault

In order to create a vault you could follow the documentation of ansible here: https://docs.ansible.com/ansible/latest/user_guide/vault.html#creating-encrypted-files

Basically, you'll need to run the following command on your shell inside the Project's config directory:

# cd to project's config directory, where $PROJECT is something like "demo_de" 
cd $PROJECT/config
# create the ansible vault there with an vault-id that equals your customer's name, e.g. "demo" 
# Keep in mind that it should be a unique password that needs to be known by Frontastic as well, so please don't 
# reuse a password here! 
ansible-vault create --vault-id $CUSTOMER@prompt project.yml.crypt

The password you choose here needs to be known by Frontastic, so that it could be configured on our Servers properly. Don't reuse another password here!

Choose any new password you like and get in touch with one of the Frontastic team, so that they could configure the servers properly to use the password you've used so that it gets decrypted on the production and staging machines.

Please don't forget to check in the generated encrypted vault file into the Git.

Editing the Ansible-Vault

You could edit the vault by running the following command:

ansible-vault edit --vault-id $CUSTOMER@prompt project.yml.crypt

For further details, see the Ansible documentation: https://docs.ansible.com/ansible/latest/user_guide/vault.html#editing-encrypted-files

Now you're ready to start using Frontastic!


‹ Back to Article List

Next Article ›

API Documentation

Still need help? Contact Us Contact Us