Table of Contents
Install Consul/Nomad/Vault on Ubuntu 20.04
개발용 PC 에 Consul/Nomad/Vault 를 설치합니다.
공통
sudo apt update && sudo apt upgrade
wget -O- https://apt.releases.hashicorp.com/gpg | gpg --dearmor | sudo tee /usr/share/keyrings/hashicorp-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
sudo apt update
Install Consul
sudo apt install consul
consul version
sudo vi /etc/consul.d/consul.hcl
------------------------------------------------
advertise_addr = "127.0.0.1"
bind_addr = "0.0.0.0"
bootstrap_expect = 1
client_addr = "0.0.0.0"
data_dir = "/opt/consul/data"
log_level = "INFO"
server = true
ui_config {
enabled = true
}
connect {
enabled = true
}
telemetry {
prometheus_retention_time = "24h"
}
service {
name = "consul"
}
------------------------------------------------
sudo systemctl enable consul
sudo systemctl restart consul
Install Nomad
sudo apt install nomad
nomad version
sudo vi /etc/nomad.d/nomad.hcl
------------------------------------------------
datacenter = "dc1"
data_dir = "/opt/nomad/data"
bind_addr = "0.0.0.0"
# advertise {
# http = "127.0.0.1"
# rpc = "127.0.0.1"
# serf = "127.0.0.1"
# }
server {
enabled = true
bootstrap_expect = 1
}
# log_file = "/var/log/nomad/"
# log_level = "INFO"
client {
enabled = true
# host_volume "grafana" {
# # add directory manually
# # sudo mkdir -p /opt/nomad-volumes/grafana
# # sudo chown 472:472 /opt/nomad-volumes/grafana
# path = "/opt/nomad-volumes/grafana"
# }
}
# consul {
# address = "127.0.0.1:8500"
# }
plugin "docker" {
config {
volumes {
enabled = true
}
# 실행 실패시 이미지 삭제
# 디버깅시 false 로 할것
gc {
container = true
}
# auth {
# # Nomad will prepend "docker-credential-" to the helper value and call
# # that script name.
# helper = "ecr-login"
# }
}
}
telemetry {
collection_interval = "5s"
disable_hostname = true
publish_allocation_metrics = true
publish_node_metrics = true
prometheus_metrics = true
}
------------------------------------------------
sudo systemctl restart nomad
Install Vault
기본 설정
sudo apt install vault
vault version
sudo vi /etc/vault.d/vault.hcl
------------------------------------------------
ui = true
storage "file" {
path = "/opt/vault/data"
}
#storage "consul" {
# address = "127.0.0.1:8500"
# path = "vault"
#}
# HTTPS listener
listener "tcp" {
address = "0.0.0.0:8200"
#tls_cert_file = "/opt/vault/tls/tls.crt"
#tls_key_file = "/opt/vault/tls/tls.key"
tls_disable = 1
}
------------------------------------------------
sudo systemctl restart vault
http://127.0.0.01:8200 에 접속해서 storage 를 초기화할 수 있다.
Key shares, Key threshold 는 편의상 1 로 설정한다.
키 재발급
키를 분실한 경우, storage 를 삭제(모든 Secret 가 삭제된다.)하고 vault 를 재실행해서,
storage 를 초기화할 수 있다.
Consul 연동
sudo vi /etc/vault.d/vault.hcl
------------------------------------------------
ui = true
#storage "file" {
# path = "/opt/vault/data"
#}
storage "consul" {
address = "127.0.0.1:8500"
path = "vault"
}
# HTTPS listener
listener "tcp" {
address = "0.0.0.0:8200"
#tls_cert_file = "/opt/vault/tls/tls.crt"
#tls_key_file = "/opt/vault/tls/tls.key"
tls_disable = 1
}
------------------------------------------------
sudo systemctl restart vault