Choosing Nucleator Stacksets

Choose Sources

The nucleator init command creates a file named sources.yml in your .nucleator directory. This is a YAML-formatted file that defines which Stacksets and commands should be installed in your Nucleator instance. When you run nucleator update all of the Stacksets listed in sources.yml will installed or updated in your local .nucleator/contrib directory. You can add sections to sources.yml to use more Stacksets by providing a Git URL, name and optional branch name for each desired additional Stackset.

Each Stackset is represented in sources.yml with an entry like this:

  # Differentiated Additional Nucleator Stackset
  - src: git+ssh://git@projectname-private.repo.com/prj/nucleator-contrib-whizbang.git
    # version: master
    name: whizbang

Whenever you update sources.yml be sure to run nucleator update to have Nucleator update all Stacksets, pulling each one from its source repository and placing it in your local .nucleator/contrib directory.

Establish Distribution Keys

If Stacksets included in sources.yml are housed in non-public repositories, you will need to establish distribution keys (sometimes also called access keys) to enable git checkout from those repositories.  Because Nucleator accesses these repositories on your behalf, it needs to know which distribution key to use for which repository, and it needs to be able to find the distribution keys.  Nucleator leverages standard ssh configuration methods to use the right key for the right git repository.  Repositories that require private distribution keys are specified in the distkeys.yml file in your .nucleator directory.

Each such repository is represented in distkeys.yml with an entry in the distribution_keys dictionary as shown below.  The name of the private distribution key file to use when accessing this repository is maintained in private_keyfile for the repository.

Nucleator expects to find each of the private distribution keys that are specified in this way in a directory accessible via ~/.nucleator/distkeys/.  For convenience, nucleator init creates a symbolic link at this path that refers to ~/.ssh/distkeys.  You should therefore mkdir ~/.ssh/distkeys and place each private_keyfile specified in distkeys.yml in that directory.  You will need to obtain each such private_keyfile from the administrator of the private repository that you are accessing.
 

distribution_keys:
 
  # Private Enterprise Repository
  - hostname: projectname-private.repo.com # name of host to access
    ssh_config_host: private.repo.com # accessed via this name in ssh config
    private_keyfile: projectname.distkey.private.repo.com.id_rsa # private distribution key

You can avoid man-in-the-middle attacks by also specifying the hashed server identity for each host from which you are consuming Nucleator Stacksets under the known_hosts dictionary, like this:

  "github.com": '|1|Lx5Iv3vYeHWPC8Jfm0GETrsa5Bg=|nOZBHiuMqeA9T24WylPcTsBZ3Tk= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ=='

Update Stacksets 

nucleator update

This updates the Nucleator installation with any new Stacksets as specified in sources.yml.  This command may be run multiple times during the lifetime of the project.

Stacksets are localized on the Nucleator instance in ~/.nucleator/contrib.  To avoid inadvertent loss of local edits, Nucleator never deletes the contents of contrib.  Because the contents of contrib will be updated from source repositories, whenever nucleator update occurs, Nucleator moves the prior contrib directory and its contents into a uniquely named child of ~/.nucleator/contrib.bak

When Stacksets are in place, continue to Sign Up for New AWS Account using Nucleator Naming Conventions