Merge branch 'devel'

brianshumate · Jul 30, 2021 · 63f9c18 · 63f9c18
2 parents 8be3813 + 94b7830
commit 63f9c18
Show file tree

Hide file tree

Showing 13 changed files with 179 additions and 51 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,9 @@
+## 3.8.0
+
+- Vault 1.8.0
+- Consul 1.10.1
+- Update documentation
+
 ## 3.7.5
 
 - Vault v1.7.3

diff --git a/README.md b/README.md
@@ -119,37 +119,20 @@ Install the following on your Docker host where you will form Vaultron.
 
 - [Docker CE for Linux](https://docs.docker.com/v17.12/install/#server) **or**
 - [Docker Desktop for macOS](https://www.docker.com/products/docker-desktop)
-  - Last tested with version 2.3.0.4
-  - Last tested with Engine version: 19.03.12
+  - Last tested with version 3.5.2
+  - Last tested with Engine version: 20.10.7
 - [Consul](https://www.consul.io/)
   - [OSS consul binaries](https://releases.hashicorp.com/consul)
   - Vaultron's Docker image uses the latest Consul OSS version by default; you should have the latest `consul` binary installed on your Docker host
-- [Terraform](https://www.terraform.io/) (version 0.12.0+ required)
-  - Last tested with version 0.13.1
+- [Terraform](https://www.terraform.io/) (version 0.13.0+ required)
+  - Last tested with version 1.0.3
   - [OSS terraform binaries](https://releases.hashicorp.com/terraform/)
   - **NOTE:** macOS Catalina users might need to refer to this [Terraform issue](https://github.com/hashicorp/terraform/issues/23033#issuecomment-542302933)
 - [Vault](https://www.vaultproject.io/)
   - [Install Vault](https://learn.hashicorp.com/vault/getting-started/install)
   - [OSS vault binaries](https://releases.hashicorp.com/vault/)
   - Vaultron's Docker image uses the latest Vault OSS version by default; you should have the latest `vault` binary installed on your Docker host
 
-----
-
-> **NOTE TO CURRENT USERS**: If you have already been using the **Vaultron source repository**, please be aware that the project has switched its default branch name to `main`; if you have a local clone and want to update it without cloning anew, use the following commands issued from within the repository directory to update your clone. If you only download zip file releases, then this will not affect you.
-
-----
-
-```shell
-$ git checkout master
-$ git branch -m master main
-$ git fetch
-$ git branch --unset-upstream
-$ git branch -u origin/main
-$ git symbolic-ref refs/remotes/origin/HEAD refs/remotes/origin/main
-```
-
-If you are not concerned with any content in your existing cloned repository directory, simply remove it and clone the vaultron repository again.
-
 ### Quickest Start (for macOS only)
 
 Once you have the prerequisites installed, you can use the following example to form Vaultron and open the the Vault web UI in your browser on macOS.
@@ -190,12 +173,12 @@ When Vaultron is successfully formed, the output looks like this example.
 [vaultron] [+] Created attachable vaultron-network with subnet 10.10.42.0/24
 [vaultron] [=] Form Vaultron!
 [vaultron] [i] Terraform has been successfully initialized!
-[vaultron] [i] Vault OSS version: 1.7.3
+[vaultron] [i] Vault OSS version: 1.8.0
 [vaultron] [i] Vault flavor: Consul storage backed
-[vaultron] [i] Consul OSS version: 1.9.5
+[vaultron] [i] Consul OSS version: 1.10.1
 [vaultron] [i] Terraform plan: 14 to add, 0 to change, 0 to destroy.
 [vaultron] [i] Terraform apply complete! resources: 14 added, 0 changed, 0 destroyed.
-[vaultron] [+] Vaultron formed in 14s.
+[vaultron] [+] Vaultron formed in 19s.
 ```
 
 Now you can visit the Vault web UI at [https://localhost:8200](https://localhost:8200) or visit the Consul web UI at [https://localhost:8500](https://localhost:8500).
@@ -233,7 +216,7 @@ Take a moment to verify that all of the Vaultron Docker containers are up:
 $ docker ps -f name=vaultron --format "table {{.Names}}\t{{.Status}}"
 ```
 
-The output should look something like this example.
+The output should resemble this example.
 
 ```plaintext
 NAMES               STATUS
@@ -330,13 +313,13 @@ It is worth noting that when you `form` Vaultron, output will resemble this exam
 $ ./form
 [vaultron] [?] vaultron-network not present; creating ...
 [vaultron] [+] Created attachable vaultron-network with subnet 10.10.42.0/24
-[vaultron] [=] Form Vaultron! 
-[vaultron] [i] Terraform has been successfully initialized! 
-[vaultron] [i] Vault OSS version: 1.7.3 
-[vaultron] [i] Vault flavor: Integrated storage backed 
-[vaultron] [i] Terraform plan: 6 to add, 0 to change, 0 to destroy. 
-[vaultron] [i] Terraform apply complete! resources: 6 added, 0 changed, 0 destroyed. 
-[vaultron] [+] Vaultron formed in 31s.
+[vaultron] [=] Form Vaultron!
+[vaultron] [i] Terraform has been successfully initialized!
+[vaultron] [i] Vault OSS version: 1.8.0
+[vaultron] [i] Vault flavor: Integrated storage backed
+[vaultron] [i] Terraform plan: 6 to add, 0 to change, 0 to destroy.
+[vaultron] [i] Terraform apply complete! resources: 6 added, 0 changed, 0 destroyed.
+[vaultron] [+] Vaultron formed in 8s.
 ```
 
 Note the **Vault flavor: Integrated storage backed** part.

diff --git a/black_lion/templates/oss/vault_config_1.8.0.hcl b/black_lion/templates/oss/vault_config_1.8.0.hcl
@@ -0,0 +1,32 @@
+# Vault OSS v1.7.0
+
+# -----------------------------------------------------------------------
+# Global configuration
+# -----------------------------------------------------------------------
+
+api_addr         = "${api_addr}"
+cluster_name     = "${cluster_name}"
+cluster_address  = "${cluster_address}"
+disable_mlock    = "${disable_mlock}"
+log_level        = "${log_level}"
+ui               = true
+plugin_directory = "/vault/plugins"
+
+# -----------------------------------------------------------------------
+# Listener configuration
+# -----------------------------------------------------------------------
+
+listener "tcp" {
+  address       = "${address}"
+  tls_cert_file = "/etc/ssl/certs/vault-server.crt"
+  tls_key_file  = "/etc/ssl/vault-server.key"
+}
+
+# -----------------------------------------------------------------------
+# Enable Prometheus metrics by default
+# -----------------------------------------------------------------------
+
+telemetry {
+  prometheus_retention_time = "30s"
+  disable_hostname          = false
+}
diff --git a/flavors/consul/vaultron.tf b/flavors/consul/vaultron.tf
@@ -12,12 +12,12 @@ terraform {
 
 # Set TF_VAR_vault_version to override this
 variable "vault_version" {
-  default = "1.7.3"
+  default = "1.8.0"
 }
 
 # Set TF_VAR_consul_version to override this
 variable "consul_version" {
-  default = "1.9.7"
+  default = "1.10.1"
 }
 
 # -----------------------------------------------------------------------
@@ -59,6 +59,11 @@ provider "docker" {
 # Vault variables
 # -----------------------------------------------------------------------
 
+# Set TF_VAR_vault_license to override this
+variable "vault_license" {
+  default = ""
+}
+
 # Set TF_VAR_vault_flavor to override this
 variable "vault_flavor" {
   default = "consul"
@@ -260,6 +265,7 @@ module "vaultron" {
   vault_custom_instance_count  = var.vault_custom_instance_count
   vault_disable_mlock          = var.vault_disable_mlock
   vault_ent_id                 = var.vault_ent_id
+  vault_license                = var.vault_license
   vault_oss_instance_count     = var.vault_oss_instance_count
   vault_path                   = var.vault_path
   vault_raft_path              = var.vault_raft_path

diff --git a/flavors/raft/vaultron.tf b/flavors/raft/vaultron.tf
@@ -12,7 +12,7 @@ terraform {
 
 # Set TF_VAR_vault_version to override this
 variable "vault_version" {
-  default = "1.7.3"
+  default = "1.8.0"
 }
 
 # -----------------------------------------------------------------------

diff --git a/form b/form
@@ -192,6 +192,11 @@ check_custom_binary() {
               msg alert "Vaultron cannot form- custom binary specified, but ./custom/$1 was not found!"
               exit 1
           fi
+          if [ -z "$TF_VAR_vault_license" ]
+            then
+              msg notice "Custom binary specified but no Vault license set"
+              msg info "Set license string as value of TF_VAR_vault_license environment variable if you are using an Enterprise binary."
+          fi
       fi
   fi
 }
@@ -255,20 +260,6 @@ check_raft_version() {
   fi
 }
 
-check_vault_license() {
-  if [ -n "$TF_VAR_vault_custom_instance_count" ]
-    then
-      if [ "$TF_VAR_vault_custom_instance_count" -gt 0 ]
-        then
-          if [ -z "$TF_VAR_vault_license" ]
-            then
-              msg notice "Custom binary specified but no Vault license set"
-              msg info "Set license string as value of TF_VAR_vault_license environment variable if you are using an Enterprise binary."
-          fi
-      fi
-  fi
-}
-
 # -----------------------------------------------------------------------
 # Preflight checks
 # -----------------------------------------------------------------------
@@ -284,7 +275,6 @@ if [ "$(check_katacoda)" = "0" ]
 fi
 check_and_create_vaultron_private_network
 check_custom_binary vault
-check_vault_license
 check_required_binaries
 check_existing_vaultron_containers
 check_existing_vault

diff --git a/red_lion/templates/oss/consul_oss_client_config_1.10.0.hcl b/red_lion/templates/oss/consul_oss_client_config_1.10.0.hcl
@@ -0,0 +1,15 @@
+{
+  "node_id": "${agent_node_id}",
+  "raft_protocol": 3,
+  "acl_datacenter": "arus",
+  "acl_master_token": "b4c0ffee-3b77-04af-36d6-738b697872e6",
+  "acl_default_policy": "allow",
+  "acl_down_policy": "allow",
+  "cert_file": "/etc/ssl/certs/consul-client.crt",
+  "key_file": "/etc/ssl/consul-client.key",
+  "ca_file": "/etc/ssl/certs/ca.pem",
+  "ports": {
+    "http": -1,
+    "https": 8500
+  }
+}
diff --git a/red_lion/templates/oss/consul_oss_client_config_1.10.1.hcl b/red_lion/templates/oss/consul_oss_client_config_1.10.1.hcl
@@ -0,0 +1,15 @@
+{
+  "node_id": "${agent_node_id}",
+  "raft_protocol": 3,
+  "acl_datacenter": "arus",
+  "acl_master_token": "b4c0ffee-3b77-04af-36d6-738b697872e6",
+  "acl_default_policy": "allow",
+  "acl_down_policy": "allow",
+  "cert_file": "/etc/ssl/certs/consul-client.crt",
+  "key_file": "/etc/ssl/consul-client.key",
+  "ca_file": "/etc/ssl/certs/ca.pem",
+  "ports": {
+    "http": -1,
+    "https": 8500
+  }
+}
diff --git a/red_lion/templates/oss/consul_oss_client_config_1.9.8.hcl b/red_lion/templates/oss/consul_oss_client_config_1.9.8.hcl
@@ -0,0 +1,15 @@
+{
+  "node_id": "${agent_node_id}",
+  "raft_protocol": 3,
+  "acl_datacenter": "arus",
+  "acl_master_token": "b4c0ffee-3b77-04af-36d6-738b697872e6",
+  "acl_default_policy": "allow",
+  "acl_down_policy": "allow",
+  "cert_file": "/etc/ssl/certs/consul-client.crt",
+  "key_file": "/etc/ssl/consul-client.key",
+  "ca_file": "/etc/ssl/certs/ca.pem",
+  "ports": {
+    "http": -1,
+    "https": 8500
+  }
+}
diff --git a/red_lion/templates/oss/consul_oss_server_config_1.10.0.hcl b/red_lion/templates/oss/consul_oss_server_config_1.10.0.hcl
@@ -0,0 +1,22 @@
+{
+  "bootstrap_expect": 3,
+  "datacenter": "${datacenter}",
+  "data_dir": "${data_dir}",
+  "raft_protocol": 3,
+  "acl_datacenter": "arus",
+  "acl_master_token": "b4c0ffee-3b77-04af-36d6-738b697872e6",
+  "acl_default_policy": "allow",
+  "acl_down_policy": "allow",
+  "recursors": [
+    "${recursor1}",
+    "${recursor2}"
+  ],
+  "cert_file": "/etc/ssl/certs/consul-server.crt",
+  "key_file": "/etc/ssl/consul-server.key",
+  "ca_file": "/etc/ssl/certs/ca.pem",
+  "ports": {
+    "http": -1,
+    "https": 8500
+  },
+  "ui": true
+}
diff --git a/red_lion/templates/oss/consul_oss_server_config_1.10.1.hcl b/red_lion/templates/oss/consul_oss_server_config_1.10.1.hcl
@@ -0,0 +1,22 @@
+{
+  "bootstrap_expect": 3,
+  "datacenter": "${datacenter}",
+  "data_dir": "${data_dir}",
+  "raft_protocol": 3,
+  "acl_datacenter": "arus",
+  "acl_master_token": "b4c0ffee-3b77-04af-36d6-738b697872e6",
+  "acl_default_policy": "allow",
+  "acl_down_policy": "allow",
+  "recursors": [
+    "${recursor1}",
+    "${recursor2}"
+  ],
+  "cert_file": "/etc/ssl/certs/consul-server.crt",
+  "key_file": "/etc/ssl/consul-server.key",
+  "ca_file": "/etc/ssl/certs/ca.pem",
+  "ports": {
+    "http": -1,
+    "https": 8500
+  },
+  "ui": true
+}
diff --git a/red_lion/templates/oss/consul_oss_server_config_1.9.8.hcl b/red_lion/templates/oss/consul_oss_server_config_1.9.8.hcl
@@ -0,0 +1,22 @@
+{
+  "bootstrap_expect": 3,
+  "datacenter": "${datacenter}",
+  "data_dir": "${data_dir}",
+  "raft_protocol": 3,
+  "acl_datacenter": "arus",
+  "acl_master_token": "b4c0ffee-3b77-04af-36d6-738b697872e6",
+  "acl_default_policy": "allow",
+  "acl_down_policy": "allow",
+  "recursors": [
+    "${recursor1}",
+    "${recursor2}"
+  ],
+  "cert_file": "/etc/ssl/certs/consul-server.crt",
+  "key_file": "/etc/ssl/consul-server.key",
+  "ca_file": "/etc/ssl/certs/ca.pem",
+  "ports": {
+    "http": -1,
+    "https": 8500
+  },
+  "ui": true
+}
diff --git a/version.txt b/version.txt
@@ -1 +1 @@
-3.7.5
+3.8.0