diff --git a/.gitignore b/.gitignore index c8c1ad7..2c4d7a6 100644 --- a/.gitignore +++ b/.gitignore @@ -8,6 +8,8 @@ examples/agent/vaultron-agent-example custom/consul* custom/vault* data/migration +influxdb.conf +influxdb_data consulc0 consulc1 consulc2 diff --git a/CHANGELOG.md b/CHANGELOG.md index 154f183..c2c7721 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,10 @@ +## NEXT + +- Vault v1.1.4 +- Consul v1.5.3 +- API_ADDR set in config template instead of environment variable +- Add vault_server_log_format and matching TF_VAR for choosing log format + ## v3.0.1 - Consul v1.5.2 diff --git a/README.md b/README.md index bc0c634..0f2d1c6 100644 --- a/README.md +++ b/README.md @@ -32,6 +32,7 @@ Install the following on the system where you will form Vaultron: - [Docker CE for Linux](https://docs.docker.com/v17.12/install/#server) **or** - [Docker Desktop for macOS](https://www.docker.com/products/docker-desktop) + - Tested with version 2.0.0.3 (31259) - [Consul](https://www.consul.io/) - [OSS consul binaries](https://releases.hashicorp.com/consul/1.5.2/) - [Terraform](https://www.terraform.io/) (version 0.12.0+ required) @@ -323,9 +324,16 @@ Vault datacenter name - Default: `1` + +#### TF_VAR_vault_server_log_format (Vault v0.10.0+) + +A valid Vault server log format: _standard_ or _json_ + +- Default: `standard` + #### TF_VAR_vault_server_log_level -A valid Vault log level: _trace_, _debug_, _info_, _warning_, or _error_ +A valid Vault server log level: _trace_, _debug_, _info_, _warning_, or _error_ - Default: `debug` @@ -706,7 +714,7 @@ or this: [e] Vaultron cannot form! Check terraform plan output. ``` -This means that Vaultron had problems durring the `terraform plan` or `terraform apply` steps. You can run those commands manually and inspect their output to troubleshoot the issue. +This means that Vaultron had problems during the `terraform plan` or `terraform apply` steps. You can run those commands manually and inspect their output to troubleshoot the issue. Other red and equally frightening errors could occur, and these are usually accompanied by an explanation from Terraform regarding the nature of the problem. diff --git a/black_lion/main.tf b/black_lion/main.tf index 47e8d4c..8fbee86 100644 --- a/black_lion/main.tf +++ b/black_lion/main.tf @@ -34,6 +34,9 @@ variable "vault_cluster_name" { variable "disable_clustering" { } +variable "vault_server_log_format" { +} + variable "vault_server_log_level" { } @@ -57,7 +60,6 @@ variable "vault_custom_config_template" { variable "statsd_ip" { } -// variable "vault_server_tls_disable" {} variable "vaultron_telemetry_count" { } @@ -136,13 +138,7 @@ resource "docker_container" "vault_oss_server" { name = "vaultron-${format("vault%d", count.index)}" image = docker_image.vault.latest - env = ["SKIP_CHOWN"] - - #env = [ - # "VAULT_API_ADDR=https://${format("10.10.42.20%d", count.index)}:8200", - # "VAULT_REDIRECT_ADDR=https://${format("10.10.42.20%d", count.index)}:8200", - # "VAULT_CLUSTER_ADDR=https://${format("10.10.42.20%d", count.index)}:8201" - #] + env = ["SKIP_CHOWN", "VAULT_LOG_FORMAT=${var.vault_server_log_format}"] command = ["vault", "server", "-log-level=${var.vault_server_log_level}", "-config=/vault/config"] hostname = format("vaults%d", count.index) @@ -274,13 +270,7 @@ resource "docker_container" "vault_custom_server" { name = "vaultron-${format("vault%d", count.index)}" image = docker_image.vault.latest - env = ["SKIP_CHOWN"] - - #env = [ - # "VAULT_API_ADDR=https://${format("10.10.42.20%d", count.index)}:8200", - # "VAULT_REDIRECT_ADDR=https://${format("10.10.42.20%d", count.index)}:8200", - # "VAULT_CLUSTER_ADDR=https://${format("10.10.42.20%d", count.index)}:8201" - #] + env = ["SKIP_CHOWN", "VAULT_LOG_FORMAT=${var.vault_server_log_format}"] command = ["/vault/custom/vault", "server", "-log-level=${var.vault_server_log_level}", "-config=/vault/config"] hostname = format("vaults%d", count.index) diff --git a/black_lion/templates/custom/vault_config_custom.tpl b/black_lion/templates/custom/vault_config_custom.tpl index cbf9ddc..aa016cf 100644 --- a/black_lion/templates/custom/vault_config_custom.tpl +++ b/black_lion/templates/custom/vault_config_custom.tpl @@ -4,7 +4,7 @@ api_addr = "${api_addr}" cluster_addr = "${cluster_addr}" -cluster_name = "${cluster_name}" +# cluster_name = "${cluster_name}" ui = true listener "tcp" { @@ -39,7 +39,7 @@ max_lease_ttl = "50000h" # 2083 days plugin_directory = "/vault/plugins" # ----------------------------------------------------------------------- -# Enable Prometheus metrics by default +# Enable Prometheus metrics by default (eventually) # ----------------------------------------------------------------------- # telemetry { diff --git a/black_lion/templates/oss/vault_config_0.10.0.tpl b/black_lion/templates/oss/vault_config_0.10.0.tpl index 3608d1a..a8a4b43 100644 --- a/black_lion/templates/oss/vault_config_0.10.0.tpl +++ b/black_lion/templates/oss/vault_config_0.10.0.tpl @@ -1,5 +1,6 @@ # Vault OSS v0.10.0 +api_addr = "${api_addr}" cluster_name = "${cluster_name}" ui = true diff --git a/black_lion/templates/oss/vault_config_0.10.1.tpl b/black_lion/templates/oss/vault_config_0.10.1.tpl index 9423095..10146dc 100644 --- a/black_lion/templates/oss/vault_config_0.10.1.tpl +++ b/black_lion/templates/oss/vault_config_0.10.1.tpl @@ -1,5 +1,6 @@ # Vault OSS v0.10.1 +api_addr = "${api_addr}" cluster_name = "${cluster_name}" ui = true diff --git a/black_lion/templates/oss/vault_config_0.10.2.tpl b/black_lion/templates/oss/vault_config_0.10.2.tpl index be4fa76..b9e7be2 100644 --- a/black_lion/templates/oss/vault_config_0.10.2.tpl +++ b/black_lion/templates/oss/vault_config_0.10.2.tpl @@ -1,5 +1,6 @@ # Vault OSS v0.10.2 +api_addr = "${api_addr}" cluster_name = "${cluster_name}" ui = true diff --git a/black_lion/templates/oss/vault_config_0.10.3.tpl b/black_lion/templates/oss/vault_config_0.10.3.tpl index 06b6455..61c81c2 100644 --- a/black_lion/templates/oss/vault_config_0.10.3.tpl +++ b/black_lion/templates/oss/vault_config_0.10.3.tpl @@ -1,5 +1,6 @@ # Vault OSS v0.10.3 +api_addr = "${api_addr}" cluster_name = "${cluster_name}" ui = true diff --git a/black_lion/templates/oss/vault_config_0.10.4.tpl b/black_lion/templates/oss/vault_config_0.10.4.tpl index 6f94170..0d93433 100644 --- a/black_lion/templates/oss/vault_config_0.10.4.tpl +++ b/black_lion/templates/oss/vault_config_0.10.4.tpl @@ -1,5 +1,6 @@ # Vault OSS v0.10.4 +api_addr = "${api_addr}" cluster_name = "${cluster_name}" ui = true diff --git a/black_lion/templates/oss/vault_config_0.11.0.tpl b/black_lion/templates/oss/vault_config_0.11.0.tpl index 9ec2f0a..fae2852 100644 --- a/black_lion/templates/oss/vault_config_0.11.0.tpl +++ b/black_lion/templates/oss/vault_config_0.11.0.tpl @@ -1,5 +1,6 @@ # Vault OSS v0.11.0 +api_addr = "${api_addr}" cluster_name = "${cluster_name}" ui = true diff --git a/black_lion/templates/oss/vault_config_0.11.1.tpl b/black_lion/templates/oss/vault_config_0.11.1.tpl index aba700c..c824d9c 100644 --- a/black_lion/templates/oss/vault_config_0.11.1.tpl +++ b/black_lion/templates/oss/vault_config_0.11.1.tpl @@ -1,5 +1,6 @@ # Vault OSS v0.11.1 +api_addr = "${api_addr}" cluster_name = "${cluster_name}" ui = true diff --git a/black_lion/templates/oss/vault_config_0.11.2.tpl b/black_lion/templates/oss/vault_config_0.11.2.tpl index 451d12e..769f3ca 100644 --- a/black_lion/templates/oss/vault_config_0.11.2.tpl +++ b/black_lion/templates/oss/vault_config_0.11.2.tpl @@ -3,6 +3,7 @@ # Enable reloadable log level log_level = "${log_level}" +api_addr = "${api_addr}" cluster_name = "${cluster_name}" ui = true diff --git a/black_lion/templates/oss/vault_config_0.11.3.tpl b/black_lion/templates/oss/vault_config_0.11.3.tpl index a5ab0a6..4975456 100644 --- a/black_lion/templates/oss/vault_config_0.11.3.tpl +++ b/black_lion/templates/oss/vault_config_0.11.3.tpl @@ -3,6 +3,7 @@ # Enable reloadable log level log_level = "${log_level}" +api_addr = "${api_addr}" cluster_name = "${cluster_name}" ui = true diff --git a/black_lion/templates/oss/vault_config_0.11.4.tpl b/black_lion/templates/oss/vault_config_0.11.4.tpl index ae180c7..eb0c9d4 100644 --- a/black_lion/templates/oss/vault_config_0.11.4.tpl +++ b/black_lion/templates/oss/vault_config_0.11.4.tpl @@ -3,6 +3,7 @@ # Enable reloadable log level log_level = "${log_level}" +api_addr = "${api_addr}" cluster_name = "${cluster_name}" ui = true diff --git a/black_lion/templates/oss/vault_config_0.11.5.tpl b/black_lion/templates/oss/vault_config_0.11.5.tpl index 78681a6..4bf8bca 100644 --- a/black_lion/templates/oss/vault_config_0.11.5.tpl +++ b/black_lion/templates/oss/vault_config_0.11.5.tpl @@ -3,6 +3,7 @@ # Enable reloadable log level log_level = "${log_level}" +api_addr = "${api_addr}" cluster_name = "${cluster_name}" ui = true diff --git a/black_lion/templates/oss/vault_config_0.6.1.tpl b/black_lion/templates/oss/vault_config_0.6.1.tpl index a3ac0d5..1cecd84 100644 --- a/black_lion/templates/oss/vault_config_0.6.1.tpl +++ b/black_lion/templates/oss/vault_config_0.6.1.tpl @@ -1,5 +1,6 @@ # Vault OSS v0.6.1 +api_addr = "${api_addr}" cluster_name = "${cluster_name}" listener "tcp" { diff --git a/black_lion/templates/oss/vault_config_0.6.2.tpl b/black_lion/templates/oss/vault_config_0.6.2.tpl index be1d42a..3de7c4f 100644 --- a/black_lion/templates/oss/vault_config_0.6.2.tpl +++ b/black_lion/templates/oss/vault_config_0.6.2.tpl @@ -1,5 +1,6 @@ # Vault OSS v0.6.2 +api_addr = "${api_addr}" cluster_name = "${cluster_name}" listener "tcp" { diff --git a/black_lion/templates/oss/vault_config_0.6.3.tpl b/black_lion/templates/oss/vault_config_0.6.3.tpl index 0c250bd..bd8c3a3 100644 --- a/black_lion/templates/oss/vault_config_0.6.3.tpl +++ b/black_lion/templates/oss/vault_config_0.6.3.tpl @@ -1,5 +1,6 @@ # Vault OSS v0.6.3 +api_addr = "${api_addr}" cluster_name = "${cluster_name}" listener "tcp" { diff --git a/black_lion/templates/oss/vault_config_0.6.4.tpl b/black_lion/templates/oss/vault_config_0.6.4.tpl index a9f7959..3eddc76 100644 --- a/black_lion/templates/oss/vault_config_0.6.4.tpl +++ b/black_lion/templates/oss/vault_config_0.6.4.tpl @@ -1,5 +1,6 @@ # Vault OSS v0.6.4 +api_addr = "${api_addr}" cluster_name = "${cluster_name}" listener "tcp" { diff --git a/black_lion/templates/oss/vault_config_0.6.5.tpl b/black_lion/templates/oss/vault_config_0.6.5.tpl index 035e154..94e7cfd 100644 --- a/black_lion/templates/oss/vault_config_0.6.5.tpl +++ b/black_lion/templates/oss/vault_config_0.6.5.tpl @@ -1,5 +1,6 @@ # Vault OSS v0.6.5 +api_addr = "${api_addr}" cluster_name = "${cluster_name}" listener "tcp" { diff --git a/black_lion/templates/oss/vault_config_0.7.0.tpl b/black_lion/templates/oss/vault_config_0.7.0.tpl index ecc72f1..3293b8a 100644 --- a/black_lion/templates/oss/vault_config_0.7.0.tpl +++ b/black_lion/templates/oss/vault_config_0.7.0.tpl @@ -1,5 +1,6 @@ # Vault OSS v0.7.0 +api_addr = "${api_addr}" cluster_name = "${cluster_name}" listener "tcp" { diff --git a/black_lion/templates/oss/vault_config_0.7.2.tpl b/black_lion/templates/oss/vault_config_0.7.2.tpl index cef13f3..2ac4ffc 100644 --- a/black_lion/templates/oss/vault_config_0.7.2.tpl +++ b/black_lion/templates/oss/vault_config_0.7.2.tpl @@ -1,5 +1,6 @@ # Vault OSS v0.7.2 +api_addr = "${api_addr}" cluster_name = "${cluster_name}" listener "tcp" { diff --git a/black_lion/templates/oss/vault_config_0.7.3.tpl b/black_lion/templates/oss/vault_config_0.7.3.tpl index e3405d7..1661096 100644 --- a/black_lion/templates/oss/vault_config_0.7.3.tpl +++ b/black_lion/templates/oss/vault_config_0.7.3.tpl @@ -1,5 +1,6 @@ # Vault OSS v0.7.3 +api_addr = "${api_addr}" cluster_name = "${cluster_name}" listener "tcp" { diff --git a/black_lion/templates/oss/vault_config_0.8.0.tpl b/black_lion/templates/oss/vault_config_0.8.0.tpl index 785c1f6..ac5f23a 100644 --- a/black_lion/templates/oss/vault_config_0.8.0.tpl +++ b/black_lion/templates/oss/vault_config_0.8.0.tpl @@ -1,5 +1,6 @@ # Vault OSS v0.8.0 +api_addr = "${api_addr}" cluster_name = "${cluster_name}" listener "tcp" { diff --git a/black_lion/templates/oss/vault_config_0.8.1.tpl b/black_lion/templates/oss/vault_config_0.8.1.tpl index 4763e43..d8cbf15 100644 --- a/black_lion/templates/oss/vault_config_0.8.1.tpl +++ b/black_lion/templates/oss/vault_config_0.8.1.tpl @@ -1,5 +1,6 @@ # Vault OSS v0.8.1 +api_addr = "${api_addr}" cluster_name = "${cluster_name}" listener "tcp" { diff --git a/black_lion/templates/oss/vault_config_0.8.2.tpl b/black_lion/templates/oss/vault_config_0.8.2.tpl index 1c53f4e..f77248a 100644 --- a/black_lion/templates/oss/vault_config_0.8.2.tpl +++ b/black_lion/templates/oss/vault_config_0.8.2.tpl @@ -1,5 +1,6 @@ # Vault OSS v0.8.2 +api_addr = "${api_addr}" cluster_name = "${cluster_name}" listener "tcp" { diff --git a/black_lion/templates/oss/vault_config_0.8.3.tpl b/black_lion/templates/oss/vault_config_0.8.3.tpl index a14383a..f04ce17 100644 --- a/black_lion/templates/oss/vault_config_0.8.3.tpl +++ b/black_lion/templates/oss/vault_config_0.8.3.tpl @@ -1,5 +1,6 @@ # Vault OSS v0.8.3 +api_addr = "${api_addr}" cluster_name = "${cluster_name}" listener "tcp" { diff --git a/black_lion/templates/oss/vault_config_0.9.0.tpl b/black_lion/templates/oss/vault_config_0.9.0.tpl index e4cc393..8e46d93 100644 --- a/black_lion/templates/oss/vault_config_0.9.0.tpl +++ b/black_lion/templates/oss/vault_config_0.9.0.tpl @@ -1,5 +1,6 @@ # Vault OSS v0.9.0 +api_addr = "${api_addr}" cluster_name = "${cluster_name}" listener "tcp" { diff --git a/black_lion/templates/oss/vault_config_0.9.1.tpl b/black_lion/templates/oss/vault_config_0.9.1.tpl index 006fb83..c933d15 100644 --- a/black_lion/templates/oss/vault_config_0.9.1.tpl +++ b/black_lion/templates/oss/vault_config_0.9.1.tpl @@ -1,5 +1,6 @@ # Vault OSS v0.9.1 +api_addr = "${api_addr}" cluster_name = "${cluster_name}" listener "tcp" { diff --git a/black_lion/templates/oss/vault_config_0.9.2.tpl b/black_lion/templates/oss/vault_config_0.9.2.tpl index b0f7ecf..dcd6318 100644 --- a/black_lion/templates/oss/vault_config_0.9.2.tpl +++ b/black_lion/templates/oss/vault_config_0.9.2.tpl @@ -1,5 +1,6 @@ # Vault OSS v0.9.2 +api_addr = "${api_addr}" cluster_name = "${cluster_name}" listener "tcp" { diff --git a/black_lion/templates/oss/vault_config_0.9.3.tpl b/black_lion/templates/oss/vault_config_0.9.3.tpl index f312fd2..ece9b5c 100644 --- a/black_lion/templates/oss/vault_config_0.9.3.tpl +++ b/black_lion/templates/oss/vault_config_0.9.3.tpl @@ -1,5 +1,6 @@ # Vault OSS v0.9.3 +api_addr = "${api_addr}" cluster_name = "${cluster_name}" listener "tcp" { diff --git a/black_lion/templates/oss/vault_config_0.9.4.tpl b/black_lion/templates/oss/vault_config_0.9.4.tpl index aaeb17c..797705b 100644 --- a/black_lion/templates/oss/vault_config_0.9.4.tpl +++ b/black_lion/templates/oss/vault_config_0.9.4.tpl @@ -1,5 +1,6 @@ # Vault OSS v0.9.4 +api_addr = "${api_addr}" cluster_name = "${cluster_name}" listener "tcp" { diff --git a/black_lion/templates/oss/vault_config_0.9.5.tpl b/black_lion/templates/oss/vault_config_0.9.5.tpl index 7aed3c0..b236a65 100644 --- a/black_lion/templates/oss/vault_config_0.9.5.tpl +++ b/black_lion/templates/oss/vault_config_0.9.5.tpl @@ -1,5 +1,6 @@ # Vault OSS v0.9.5 +api_addr = "${api_addr}" cluster_name = "${cluster_name}" listener "tcp" { diff --git a/black_lion/templates/oss/vault_config_0.9.6.tpl b/black_lion/templates/oss/vault_config_0.9.6.tpl index 94fbe05..b56096d 100644 --- a/black_lion/templates/oss/vault_config_0.9.6.tpl +++ b/black_lion/templates/oss/vault_config_0.9.6.tpl @@ -1,5 +1,6 @@ # Vault OSS v0.9.6 +api_addr = "${api_addr}" cluster_name = "${cluster_name}" listener "tcp" { diff --git a/black_lion/templates/oss/vault_config_1.0.0.tpl b/black_lion/templates/oss/vault_config_1.0.0.tpl index bf406e0..d661737 100644 --- a/black_lion/templates/oss/vault_config_1.0.0.tpl +++ b/black_lion/templates/oss/vault_config_1.0.0.tpl @@ -4,6 +4,7 @@ # Global configuration # ----------------------------------------------------------------------- +api_addr = "${api_addr}" cluster_name = "${cluster_name}" cluster_address = "${cluster_address}" log_level = "${log_level}" diff --git a/black_lion/templates/oss/vault_config_1.0.1.tpl b/black_lion/templates/oss/vault_config_1.0.1.tpl index de9489f..2561883 100644 --- a/black_lion/templates/oss/vault_config_1.0.1.tpl +++ b/black_lion/templates/oss/vault_config_1.0.1.tpl @@ -4,6 +4,7 @@ # Global configuration # ----------------------------------------------------------------------- +api_addr = "${api_addr}" cluster_name = "${cluster_name}" cluster_address = "${cluster_address}" log_level = "${log_level}" diff --git a/black_lion/templates/oss/vault_config_1.0.2.tpl b/black_lion/templates/oss/vault_config_1.0.2.tpl index 3cc5def..50ae1e6 100644 --- a/black_lion/templates/oss/vault_config_1.0.2.tpl +++ b/black_lion/templates/oss/vault_config_1.0.2.tpl @@ -4,6 +4,7 @@ # Global configuration # ----------------------------------------------------------------------- +api_addr = "${api_addr}" cluster_name = "${cluster_name}" cluster_address = "${cluster_address}" log_level = "${log_level}" diff --git a/black_lion/templates/oss/vault_config_1.0.3.tpl b/black_lion/templates/oss/vault_config_1.0.3.tpl index 948c087..00f0142 100644 --- a/black_lion/templates/oss/vault_config_1.0.3.tpl +++ b/black_lion/templates/oss/vault_config_1.0.3.tpl @@ -4,6 +4,7 @@ # Global configuration # ----------------------------------------------------------------------- +api_addr = "${api_addr}" cluster_name = "${cluster_name}" cluster_address = "${cluster_address}" log_level = "${log_level}" diff --git a/black_lion/templates/oss/vault_config_1.1.0.tpl b/black_lion/templates/oss/vault_config_1.1.0.tpl index 6006546..190de46 100644 --- a/black_lion/templates/oss/vault_config_1.1.0.tpl +++ b/black_lion/templates/oss/vault_config_1.1.0.tpl @@ -4,6 +4,7 @@ # Global configuration # ----------------------------------------------------------------------- +api_addr = "${api_addr}" cluster_name = "${cluster_name}" cluster_address = "${cluster_address}" log_level = "${log_level}" diff --git a/black_lion/templates/oss/vault_config_1.1.1.tpl b/black_lion/templates/oss/vault_config_1.1.1.tpl index 273bb1b..1873d47 100644 --- a/black_lion/templates/oss/vault_config_1.1.1.tpl +++ b/black_lion/templates/oss/vault_config_1.1.1.tpl @@ -4,6 +4,7 @@ # Global configuration # ----------------------------------------------------------------------- +api_addr = "${api_addr}" cluster_name = "${cluster_name}" cluster_address = "${cluster_address}" log_level = "${log_level}" diff --git a/black_lion/templates/oss/vault_config_1.1.2.tpl b/black_lion/templates/oss/vault_config_1.1.2.tpl index 5ebf4d2..8c1e07e 100644 --- a/black_lion/templates/oss/vault_config_1.1.2.tpl +++ b/black_lion/templates/oss/vault_config_1.1.2.tpl @@ -4,6 +4,7 @@ # Global configuration # ----------------------------------------------------------------------- +api_addr = "${api_addr}" cluster_name = "${cluster_name}" cluster_address = "${cluster_address}" log_level = "${log_level}" diff --git a/black_lion/templates/oss/vault_config_1.1.3.tpl b/black_lion/templates/oss/vault_config_1.1.3.tpl index 779cf0b..224e5b7 100644 --- a/black_lion/templates/oss/vault_config_1.1.3.tpl +++ b/black_lion/templates/oss/vault_config_1.1.3.tpl @@ -4,6 +4,7 @@ # Global configuration # ----------------------------------------------------------------------- +api_addr = "${api_addr}" cluster_name = "${cluster_name}" cluster_address = "${cluster_address}" log_level = "${log_level}" diff --git a/black_lion/templates/oss/vault_config_1.1.4.tpl b/black_lion/templates/oss/vault_config_1.1.4.tpl new file mode 100644 index 0000000..c5bd13d --- /dev/null +++ b/black_lion/templates/oss/vault_config_1.1.4.tpl @@ -0,0 +1,56 @@ +# Vault OSS v1.1.4 + +# ----------------------------------------------------------------------- +# Global configuration +# ----------------------------------------------------------------------- + +api_addr = "${api_addr}" +cluster_name = "${cluster_name}" +cluster_address = "${cluster_address}" +log_level = "${log_level}" +ui = true +plugin_directory = "/vault/plugins" + +# Default TTLs +default_lease_ttl = "50000h" # 2083 days +max_lease_ttl = "50000h" # 2083 days + +# ----------------------------------------------------------------------- +# Listener configuration +# ----------------------------------------------------------------------- + +listener "tcp" { + address = "${address}" + tls_cert_file = "/etc/ssl/certs/vault-server.crt" + tls_key_file = "/etc/ssl/vault-server.key" + tls_disable_client_certs = "true" +} + +# ----------------------------------------------------------------------- +# Storage configuration +# ----------------------------------------------------------------------- + +storage "consul" { + address = "${consul_address}:8500" + scheme = "https" + tls_ca_file = "/etc/ssl/certs/ca.pem" + token = "b4c0ffee-3b77-04af-36d6-738b697872e6" + path = "vault/" + disable_clustering = "${disable_clustering}" + service_tags = "${service_tags}" +} + +# ----------------------------------------------------------------------- +# Optional cloud seal configuration +# ----------------------------------------------------------------------- + +# GCPKMS + +# ----------------------------------------------------------------------- +# Enable Prometheus metrics by default +# ----------------------------------------------------------------------- + +telemetry { + prometheus_retention_time = "30s" + disable_hostname = false +} diff --git a/red_lion/templates/oss/consul_oss_client_config_1.5.3.tpl b/red_lion/templates/oss/consul_oss_client_config_1.5.3.tpl new file mode 100644 index 0000000..7606be6 --- /dev/null +++ b/red_lion/templates/oss/consul_oss_client_config_1.5.3.tpl @@ -0,0 +1,15 @@ +{ + "node_id": "${agent_node_id}", + "raft_protocol": 3, + "acl_datacenter": "arus", + "acl_master_token": "b4c0ffee-3b77-04af-36d6-738b697872e6", + "acl_default_policy": "allow", + "acl_down_policy": "allow", + "cert_file": "/etc/ssl/certs/consul-client.crt", + "key_file": "/etc/ssl/consul-client.key", + "ca_file": "/etc/ssl/certs/ca.pem", + "ports": { + "http": -1, + "https": 8500 + } +} diff --git a/red_lion/templates/oss/consul_oss_server_config_1.5.3.tpl b/red_lion/templates/oss/consul_oss_server_config_1.5.3.tpl new file mode 100644 index 0000000..0631906 --- /dev/null +++ b/red_lion/templates/oss/consul_oss_server_config_1.5.3.tpl @@ -0,0 +1,22 @@ +{ + "bootstrap_expect": 3, + "datacenter": "${datacenter}", + "data_dir": "${data_dir}", + "raft_protocol": 3, + "acl_datacenter": "arus", + "acl_master_token": "b4c0ffee-3b77-04af-36d6-738b697872e6", + "acl_default_policy": "allow", + "acl_down_policy": "allow", + "recursors": [ + "${recursor1}", + "${recursor2}" + ], + "cert_file": "/etc/ssl/certs/consul-server.crt", + "key_file": "/etc/ssl/consul-server.key", + "ca_file": "/etc/ssl/certs/ca.pem", + "ports": { + "http": -1, + "https": 8500 + }, + "ui": true +} diff --git a/vaultron.tf b/vaultron.tf index bea9490..d7f1684 100644 --- a/vaultron.tf +++ b/vaultron.tf @@ -59,6 +59,11 @@ variable "vault_ent_id" { default = "vault:latest" } +# Set TF_VAR_vault_server_log_format to set this +variable "vault_server_log_format" { + default = "standard" +} + # Set TF_VAR_vault_server_log_level to set this variable "vault_server_log_level" { default = "debug" @@ -236,6 +241,7 @@ module "vaultron" { vault_ent_id = var.vault_ent_id vault_oss_instance_count = var.vault_oss_instance_count vault_path = var.vault_path + vault_server_log_format = var.vault_server_log_format vault_server_log_level = var.vault_server_log_level vault_version = var.vault_version vaultron_telemetry_count = var.vaultron_telemetry_count