-
Notifications
You must be signed in to change notification settings - Fork 465
Vault-auto-unseal example, client not set up to talk to server #165
Comments
For clarity, the "client" that i'm referring to is the client on the server itself when logged into the server via ssh. |
@Etiene When you're back from vacation, could you look into this? |
Forgive me if I'm missing something, but it seems like the step missing is to tell the vault client what token to use.
It's correct that you do not need to
Edit: corrected |
I am also finding that when I apply the auto unseal example that I cannot use the vault commands. If I don't use the unseal example, the deployment is fine though. It's possible that it is just my own unfamiliarity, but I'm not sure what the next steps would be. I decided to create a fork to implement a turn key example in cloud9 with auto unseal, and share any challenges along the way (I'll submit a PR with my results). https://github.com/firehawkvfx/firehawk-main I created a tag to demonstrate the problem which you can replicate with This is an example of the implementation, presently using a fork of this submodule. The long term goal of this fork is to eventually provide a best practices vault with HA and auto unsealing deployed from cloud9 to help with the secret 0 problem and avoid handling of AWS Secret Keys. I believe auto unseal and HA are both open source in the latest versions of Vault (docs say it is enterprise only).
Is it possible these issues would go away if I updated vault? Cloning this repo uses the variable
I also tried to not use https:
Setting |
I fixed the connection issues by building AMI's with the provided packer template example, and updating consul and vault to the latest versions. |
I used the vault-auto-unseal example to set up a cluster based off the ami created by the vault-consul-ami option example.
It appears that the documentation for the vault-cluster module may be incorrect (unless it's a bug), as the vault client is not set up to talk to the server locally.
I was able to do
vault status
, confirm it was sealed,do
vault operator init
, which unsealed the vault and provided tokens,then, as per the documentation, do
vault read secret/foo
, and got the following error:As per normal procedure, i did NOT do vault login, as the docs indicated that I didn't need to.
The text was updated successfully, but these errors were encountered: