Install Consul/Nomad/Vault on Ubuntu 20.04

By | 2022년 10월 16일
Table of Content

Install Consul/Nomad/Vault on Ubuntu 20.04

개발용 PC 에 Consul/Nomad/Vault 를 설치합니다.

공통

sudo apt update && sudo apt upgrade

wget -O- https://apt.releases.hashicorp.com/gpg | gpg --dearmor | sudo tee /usr/share/keyrings/hashicorp-archive-keyring.gpg

echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list

sudo apt update

Install Consul

sudo apt install consul

consul version
sudo vi /etc/consul.d/consul.hcl
------------------------------------------------
advertise_addr = "127.0.0.1"
bind_addr = "0.0.0.0"
bootstrap_expect = 1
client_addr = "0.0.0.0"
data_dir = "/opt/consul/data"
log_level = "INFO"

server = true
ui_config {
  enabled = true
}

connect {
  enabled = true
}

telemetry {
  prometheus_retention_time = "24h"
}

service {
  name = "consul"
}
------------------------------------------------
sudo systemctl enable consul
sudo systemctl restart consul

http://127.0.0.01:8500

Install Nomad

sudo apt install nomad

nomad version
sudo vi /etc/nomad.d/nomad.hcl
------------------------------------------------
datacenter = "dc1"
data_dir   = "/opt/nomad/data"
bind_addr  = "0.0.0.0"

# advertise {
#   http = "127.0.0.1"
#   rpc  = "127.0.0.1"
#   serf = "127.0.0.1"
# }

server {
  enabled          = true
  bootstrap_expect = 1
}

# log_file = "/var/log/nomad/"
# log_level = "INFO"

client {
  enabled = true

#   host_volume "grafana" {
#     # add directory manually
#     # sudo mkdir -p /opt/nomad-volumes/grafana
#     # sudo chown 472:472 /opt/nomad-volumes/grafana
#     path = "/opt/nomad-volumes/grafana"
#   }
}

# consul {
#   address = "127.0.0.1:8500"
# }

plugin "docker" {
  config {
    volumes {
      enabled = true
    }

    # 실행 실패시 이미지 삭제
    # 디버깅시 false 로 할것
    gc {
      container   = true
    }

#     auth {
#       # Nomad will prepend "docker-credential-" to the helper value and call
#       # that script name.
#       helper = "ecr-login"
#     }
  }
}

telemetry {
  collection_interval = "5s"
  disable_hostname = true
  publish_allocation_metrics = true
  publish_node_metrics       = true
  prometheus_metrics         = true
}
------------------------------------------------
sudo systemctl restart nomad

http://127.0.0.01:4646

Install Vault

기본 설정

sudo apt install vault

vault version
sudo vi /etc/vault.d/vault.hcl
------------------------------------------------
ui = true

storage "file" {
  path = "/opt/vault/data"
}

#storage "consul" {
#  address = "127.0.0.1:8500"
#  path    = "vault"
#}

# HTTPS listener
listener "tcp" {
  address       = "0.0.0.0:8200"
  #tls_cert_file = "/opt/vault/tls/tls.crt"
  #tls_key_file  = "/opt/vault/tls/tls.key"
  tls_disable = 1
}
------------------------------------------------
sudo systemctl restart vault

http://127.0.0.01:8200 에 접속해서 storage 를 초기화할 수 있다.

Key shares, Key threshold 는 편의상 1 로 설정한다.

키 재발급

키를 분실한 경우, storage 를 삭제(모든 Secret 가 삭제된다.)하고 vault 를 재실행해서,
storage 를 초기화할 수 있다.

Consul 연동

sudo vi /etc/vault.d/vault.hcl
------------------------------------------------
ui = true

#storage "file" {
#  path = "/opt/vault/data"
#}

storage "consul" {
  address = "127.0.0.1:8500"
  path    = "vault"
}

# HTTPS listener
listener "tcp" {
  address       = "0.0.0.0:8200"
  #tls_cert_file = "/opt/vault/tls/tls.crt"
  #tls_key_file  = "/opt/vault/tls/tls.key"
  tls_disable = 1
}
------------------------------------------------
sudo systemctl restart vault

답글 남기기