Hashicorp Vault and Consul

Download Consul from here:   https://www.consul.io/downloads.html

root@scw-530499:~# ps -ef |grep -i vault
root      6707  6635  0 02:48 pts/2    00:00:00 grep --color=auto -i vault
root     11881     1  0 Aug07 ?        00:06:36 ./vault server -dev
root@scw-530499:~# kill -9 11881
root@scw-530499:~# ps -ef |grep -i vault
root      6712  6635  0 02:48 pts/2    00:00:00 grep --color=auto -i vault
root@scw-530499:~# kill -9 11881
-bash: kill: (11881) - No such process
root@scw-530499:~# ./vault server -config=example.hcl
==> Vault server configuration:

                     Cgo: disabled
         Cluster Address: https://127.0.0.1:8201
              Listener 1: tcp (addr: "127.0.0.1:8200", cluster address: "127.0.0.1:8201", tls: "disabled")
               Log Level: info
                   Mlock: supported: true, enabled: true
        Redirect Address: http://127.0.0.1:8200
                 Storage: consul (HA available)
                 Version: Vault v0.7.3
             Version Sha: 0b20ae0b9b7a748d607082b1add3663a28e31b68

==> Vault server started! Log data will stream in below:

2017/08/10 02:49:03.942793 [WARN ] physical/consul: appending trailing forward slash to path

2017/08/10 03:04:26.452744 [INFO ] core: security barrier not initialized
2017/08/10 03:04:26.602018 [INFO ] core: security barrier initialized: shares=5 threshold=3
2017/08/10 03:04:27.091059 [INFO ] core: post-unseal setup starting
2017/08/10 03:04:27.334124 [INFO ] core: loaded wrapping token key
2017/08/10 03:04:27.480404 [INFO ] core: successfully mounted backend: type=generic path=secret/
2017/08/10 03:04:27.480680 [INFO ] core: successfully mounted backend: type=cubbyhole path=cubbyhole/
2017/08/10 03:04:27.481651 [INFO ] core: successfully mounted backend: type=system path=sys/
2017/08/10 03:04:27.482469 [INFO ] rollback: starting rollback manager
2017/08/10 03:04:27.790782 [INFO ] expiration: restoring leases
2017/08/10 03:04:27.936069 [INFO ] core: post-unseal setup complete
2017/08/10 03:04:27.936508 [INFO ] core/startClusterListener: starting listener: listener_address=127.0.0.1:8201
2017/08/10 03:04:27.937203 [INFO ] core/startClusterListener: serving cluster requests: cluster_listen_address=127.0.0.1:8201
2017/08/10 03:04:28.065412 [INFO ] core: root token generated
2017/08/10 03:04:28.065618 [INFO ] core: pre-seal teardown starting
2017/08/10 03:04:28.065813 [INFO ] core: stopping cluster listeners
2017/08/10 03:04:28.066600 [INFO ] core: shutting down forwarding rpc listeners
2017/08/10 03:04:28.066822 [INFO ] core: forwarding rpc listeners stopped
2017/08/10 03:04:28.439180 [INFO ] core: rpc listeners successfully shut down
2017/08/10 03:04:28.439283 [INFO ] core: cluster listeners successfully shut down
2017/08/10 03:04:28.439459 [INFO ] rollback: stopping rollback manager
2017/08/10 03:04:28.440071 [INFO ] core: pre-seal teardown complete




root@scw-530499:~# ll
total 123420
drwx------  5 root root     4096 Aug 10 02:39 ./
drwxr-xr-x 21 root root     4096 Jan  5  2017 ../
-rw-------  1 root root     2000 Aug  8 18:36 .bash_history
-rw-r--r--  1 root root     3106 Oct 22  2015 .bashrc
drwx------  2 root root     4096 Aug  7 19:54 .cache/
-rwxr-xr-x  1 root root 37552009 Aug 10 02:40 consul*
-rw-r--r--  1 root root      133 Aug 10 02:33 example.hcl
drwx------  2 root root     4096 Aug  7 21:16 .gnupg/
-rw-------  1 root root     6091 Aug  7 21:31 nohup.out
-rw-r--r--  1 root root      148 Aug 17  2015 .profile
-rwx------  1 root root       13 Aug  7 19:29 .pw*
-rw-r--r--  1 root root     1240 Jan  5  2017 .s3cfg.sample
drwx------  2 root root     4096 Aug  7 19:30 .ssh/
-rwxr-xr-x  1 root root 52055778 Jun  7 19:43 vault*
-rw-r--r--  1 root root  8966609 Aug  7 21:21 vault_0.5.2_linux_amd64.zip
-rw-r--r--  1 root root     1411 Aug  7 21:20 vault_0.5.2_SHA256SUMS
-rw-r--r--  1 root root      287 Aug  7 21:20 vault_0.5.2_SHA256SUMS.sig
-rw-r--r--  1 root root 14293493 Aug  7 21:03 vault_0.7.3_linux_amd64.zip
-rw-r--r--  1 root root 13434793 Aug  7 21:27 vault_0.7.3_linux_arm.zip
-rw-------  1 root root       36 Aug  7 21:36 .vault-token
-rw-------  1 root root      633 Aug 10 02:33 .viminfo
-rw-r--r--  1 root root      176 Aug  7 20:58 .wget-hsts
root@scw-530499:~# consul agent -server -bootstrap-expect 1 -data-dir /tmp/consul -bind 127.0.0.1
-bash: consul: command not found
root@scw-530499:~# ./consul agent -server -bootstrap-expect 1 -data-dir /tmp/consul -bind 127.0.0.1
==> WARNING: BootstrapExpect Mode is specified as 1; this is the same as Bootstrap mode.
==> WARNING: Bootstrap mode enabled! Do not enable unless necessary
==> Starting Consul agent...
==> Consul agent running!
           Version: 'v0.9.2'
           Node ID: '7d7dc603-f654-dff1-f0da-31ac8ba0d362'
         Node name: 'scw-530499'
        Datacenter: 'dc1'
            Server: true (bootstrap: true)
       Client Addr: 127.0.0.1 (HTTP: 8500, HTTPS: -1, DNS: 8600)
      Cluster Addr: 127.0.0.1 (LAN: 8301, WAN: 8302)
    Gossip encrypt: false, RPC-TLS: false, TLS-Incoming: false

==> Log data will now stream in as it occurs:

    2017/08/10 02:40:36 [INFO] raft: Initial configuration (index=1): [{Suffrage:Voter ID:127.0.0.1:8300 Address:127.0.0.1:8300}]
    2017/08/10 02:40:36 [INFO] raft: Node at 127.0.0.1:8300 [Follower] entering Follower state (Leader: "")
    2017/08/10 02:40:36 [INFO] serf: EventMemberJoin: scw-530499.dc1 127.0.0.1
    2017/08/10 02:40:36 [INFO] serf: EventMemberJoin: scw-530499 127.0.0.1
    2017/08/10 02:40:36 [INFO] agent: Started DNS server 127.0.0.1:8600 (udp)
    2017/08/10 02:40:36 [INFO] consul: Adding LAN server scw-530499 (Addr: tcp/127.0.0.1:8300) (DC: dc1)
    2017/08/10 02:40:36 [INFO] agent: Started DNS server 127.0.0.1:8600 (tcp)
    2017/08/10 02:40:36 [INFO] consul: Handled member-join event for server "scw-530499.dc1" in area "wan"
    2017/08/10 02:40:36 [INFO] agent: Started HTTP server on 127.0.0.1:8500
    2017/08/10 02:40:43 [ERR] agent: failed to sync remote state: No cluster leader
    2017/08/10 02:40:45 [WARN] raft: Heartbeat timeout from "" reached, starting election
    2017/08/10 02:40:45 [INFO] raft: Node at 127.0.0.1:8300 [Candidate] entering Candidate state in term 2
    2017/08/10 02:40:45 [INFO] raft: Election won. Tally: 1
    2017/08/10 02:40:45 [INFO] raft: Node at 127.0.0.1:8300 [Leader] entering Leader state
    2017/08/10 02:40:45 [INFO] consul: cluster leadership acquired
    2017/08/10 02:40:45 [INFO] consul: New leader elected: scw-530499
    2017/08/10 02:40:45 [INFO] consul: member 'scw-530499' joined, marking health alive
    2017/08/10 02:40:45 [INFO] agent: Synced node info
    2017/08/10 02:49:04 [INFO] agent: Synced service 'vault:127.0.0.1:8200'
    2017/08/10 02:49:04 [INFO] agent: Synced check 'vault:127.0.0.1:8200:vault-sealed-check'
    2017/08/10 02:49:29 [INFO] agent: Synced check 'vault:127.0.0.1:8200:vault-sealed-check'
    2017/08/10 02:51:21 [INFO] agent: Synced check 'vault:127.0.0.1:8200:vault-sealed-check'
    2017/08/10 02:52:45 [INFO] agent: Synced check 'vault:127.0.0.1:8200:vault-sealed-check'
    2017/08/10 02:54:41 [INFO] agent: Synced check 'vault:127.0.0.1:8200:vault-sealed-check'
    2017/08/10 02:56:00 [INFO] agent: Synced check 'vault:127.0.0.1:8200:vault-sealed-check'
    2017/08/10 02:57:52 [INFO] agent: Synced check 'vault:127.0.0.1:8200:vault-sealed-check'
    2017/08/10 02:58:58 [INFO] agent: Synced check 'vault:127.0.0.1:8200:vault-sealed-check'
    2017/08/10 03:00:18 [INFO] agent: Synced check 'vault:127.0.0.1:8200:vault-sealed-check'
    2017/08/10 03:01:29 [INFO] agent: Synced check 'vault:127.0.0.1:8200:vault-sealed-check'
    2017/08/10 03:03:03 [INFO] agent: Synced check 'vault:127.0.0.1:8200:vault-sealed-check'
    2017/08/10 03:04:26 [INFO] agent: Synced check 'vault:127.0.0.1:8200:vault-sealed-check'






root@scw-530499:~# env |grep vault
root@scw-530499:~# export VAULT_ADDR=http://0.0.0.0:8200
root@scw-530499:~# env |grep vault
root@scw-530499:~# env |grep -i vault
VAULT_ADDR=http://0.0.0.0:8200
root@scw-530499:~# ./vault init
Unseal Key 1: gEHnDyI/BErHQXMZ+to1/U9ifhmQMOAgZiRHWeR1iJES
Unseal Key 2: ayfnMZqkdZIpvI2vtC0EBR5PJPdgB53lwGZgwogrk/dq
Unseal Key 3: JzR8w3AcGqmHhkEj3Df7r1Ktoxwgy9Gu23eTu+EKCNsN
Unseal Key 4: hWw7e5wp3QbDWv4Ax7nUZ64laLDMGR+scGIBzuw2pahU
Unseal Key 5: n6gT30iqP9Dsmr/kGXcquHswwUkArL2eMVyDxYazkRzH
Initial Root Token: 090b5f3c-13fe-32c1-ffa9-234c1b087461

Vault initialized with 5 keys and a key threshold of 3. Please
securely distribute the above keys. When the vault is re-sealed,
restarted, or stopped, you must provide at least 3 of these keys
to unseal it again.

Vault does not store the master key. Without at least 3 keys,
your vault will remain permanently sealed.
root@scw-530499:~#

1 comment:

satheesh said...

./vault
Common commands:
delete Delete operation on secrets in Vault
path-help Look up the help for a path
read Read data or secrets from Vault
renew Renew the lease of a secret
revoke Revoke a secret.
server Start a Vault server
status Outputs status of whether Vault is sealed and if HA mode is enabled
unwrap Unwrap a wrapped secret
write Write secrets or configuration into Vault

All other commands:
audit-disable Disable an audit backend
audit-enable Enable an audit backend
audit-list Lists enabled audit backends in Vault
auth Prints information about how to authenticate with Vault
auth-disable Disable an auth provider
auth-enable Enable a new auth provider
capabilities Fetch the capabilities of a token on a given path
generate-root Generates a new root token
init Initialize a new Vault server
key-status Provides information about the active encryption key
list List data or secrets in Vault
mount Mount a logical backend
mount-tune Tune mount configuration parameters
mounts Lists mounted backends in Vault
policies List the policies on the server
policy-delete Delete a policy from the server
policy-write Write a policy to the server
rekey Rekeys Vault to generate new unseal keys
remount Remount a secret backend to a new path
rotate Rotates the backend encryption key used to persist data
seal Seals the Vault server
ssh Initiate an SSH session
step-down Force the Vault node to give up active duty
token-create Create a new auth token
token-lookup Display information about the specified token
token-renew Renew an auth token if there is an associated lease
token-revoke Revoke one or more auth tokens
unmount Unmount a secret backend
unseal Unseals the Vault server
version Prints the Vault version

Installing Ingress Controller - Kubernetes

Installing the Ingress Controller Prerequisites Make sure you have access to the Ingress controller image: For NGINX Ingress controll...