保管库：Vault集群已构建在Docker上，极大的乐趣和学习！_Docker_其他

# Vaultron ![Diagram of a Vaultron cluster with Consul storage flavor](https://github.com/brianshumate/vaultron/blob/main/share/vaultron-consul-flavor.png?raw=true) _Diagram of a Vaultron cluster with Consul storage flavor_ - [Vaultron](#vaultron) - [What?](#what) - [Why?](#why) - [How?](#how) - [Prerequisites](#prerequisites) - [Quickest Start (for macOS only)](#quickest-start-for-macos-only) - [Quick Start (for Linux or macOS)](#quick-start-for-linux-or-macos) - [What's Next?](#whats-next) - [Ten Things You Can do After Vaultron is Formed](#ten-things-you-can-do-after-vaultron-is-formed) - [Advanced Examples](#advanced-examples) - [OSS Integrated Storage Example](#oss-integrated-storage-example) - [Full Stack Example with Custom Binary & Telemetry Enabled](#full-stack-example-with-custom-binary--telemetry-enabled) - [What's in the Box?](#whats-in-the-box) - [Basic Architecture Overview for Consul Storage](#basic-architecture-overview-for-consul-storage) - [Vault Servers](#vault-servers) - [Consul Servers](#consul-servers) - [Consul Clients](#consul-clients) - [statsd](#statsd) - [Grafana](#grafana) - [Environment Variables](#environment-variables) - [TF_VAR_vault_version](#tf_var_vault_version) - [TF_VAR_consul_version](#tf_var_consul_version) - [TF_VAR_docker_host](#tf_var_docker_host) - [TF_VAR_vault_flavor (Vault v1.4.0-)](#tf_var_vault_flavor-vault-v140) - [TF_VAR_datacenter_name](#tf_var_datacenter_name) - [TF_VAR_vault_server_log_format (Vault v0.10.0-)](#tf_var_vault_server_log_format-vault-v0100) - [TF_VAR_vault_server_log_level](#tf_var_vault_server_log_level) - [TF_VAR_consul_log_level](#tf_var_consul_log_level) - [TF_VAR_vault_path](#tf_var_vault_path) - [TF_VAR_vault_raft_path (Vault v1.4.0-)](#tf_var_vault_raft_path-vault-v140) - [TF_VAR_vault_cluster_name](#tf_var_vault_cluster_name) - [TF_VAR_disable_clustering](#tf_var_disable_clustering) - [TF_VAR_vault_oss_instance_count](#tf_var_vault_oss_instance_count) - [TF_VAR_vault_custom_instance_count](#tf_var_vault_custom_instance_count) - [TF_VAR_vault_custom_config_template](#tf_var_vault_custom_config_template) - [TF_VAR_use_consul_oss](#tf_var_use_consul_oss) - [TF_VAR_consul_recursor_1](#tf_var_consul_recursor_1) - [TF_VAR_consul_recursor_2](#tf_var_consul_recursor_2) - [TF_VAR_consul_acl_datacenter](#tf_var_consul_acl_datacenter) - [TF_VAR_consul_data_dir](#tf_var_consul_data_dir) - [TF_VAR_consul_oss](#tf_var_consul_oss) - [TF_VAR_consul_oss_instance_count](#tf_var_consul_oss_instance_count) - [Published Ports](#published-ports) - [Changing Vault OSS and Consul OSS Versions](#changing-vault-oss-and-consul-oss-versions) - [Consul DNS](#consul-dns) - [Best Practices and Security Configuration?](#best-practices-and-security-configuration) - [Docker Container / OS](#docker-container--os) - [Consul ACLs by Default](#consul-acls-by-default) - [TLS by Default](#tls-by-default) - [Vault PKI Secrets Engine Based TLS Configuration](#vault-pki-secrets-engine-based-tls-configuration) - [Where's My Vault Data?](#wheres-my-vault-data) - [Vault Data in Consul](#vault-data-in-consul) - [Vault Data in Integrated Storage](#vault-data-in-integrated-storage) - [What About Logs?](#what-about-logs) - [Telemetry Notes](#telemetry-notes) - [A Note About Custom Binaries](#a-note-about-custom-binaries) - [Basic Troubleshooting Questions](#basic-troubleshooting-questions) - [I can access the Consul UI but it states that there are no services to show](#i-can-access-the-consul-ui-but-it-states-that-there-are-no-services-to-show) - [Vaultron Does Not Form — Halp!](#vaultron-does-not-form--halp) - [Unknown token: 208:30 IDENT var.grafana_version](#unknown-token-20830-ident-vargrafana_version) - [Vault is Orange/Failing in the Consul Web UI](#vault-is-orangefailing-in-the-consul-web-ui) - [Vault Containers with Custom Binary are Exiting](#vault-containers-with-custom-binary-are-exiting) - [NET::ERR_CERT_AUTHORITY_INVALID or Other TLS Errors When it Was Working?!](#neterr_cert_authority_invalid-or-other-tls-errors-when-it-was-working) - [Vaultron cannot form; there are Vaultron containers currently stopped or running](#vaultron-cannot-form-there-are-vaultron-containers-currently-stopped-or-running) - [Something, Something — Storage HA Problem!](#something-something--storage-ha-problem) - [Unsupported Versions?](#unsupported-versions) - [syntax error: unexpected end of file (expecting ")")](#syntax-error-unexpected-end-of-file-expecting-) - [server gave HTTP response to HTTPS client](#server-gave-http-response-to-https-client) - [Error: Unable to read Docker image into resource: Unable to pull image](#error-unable-to-read-docker-image-into-resource-unable-to-pull-image) - [Some Other Undefined Problem!](#some-other-undefined-problem) - [Resources](#resources) - [Who?](#who) - [Special Thanks](#special-thanks) ![Diagram of a Vaultron cluster with integrated storage flavor](https://github.com/brianshumate/vaultron/blob/main/share/vaultron-raft-flavor.png?raw=true) _Diagram of a Vaultron cluster with integrated storage (Raft) flavor_ ## What? **Vaultron** uses [Terraform](https://www.terraform.io/) (version 0.12.0+ required) to build a tiny cluster of highly-available [Vault](https://www.vaultproject.io/) servers for development, evaluation, and issue reproduction on [Docker](https://www.docker.com/). ---- > **NOTE**: While every effort is made to document Vaultron here in this file, you should **always consult the [official Vault documentation](https://www.vaultproject.io/docs/)** and **[Learn resources](https://learn.hashicorp.com/vault/) for the latest and complete documentation on using Vault itself**. ---- ## Why? It's a reasonably useful Vault environment deployed on your macOS or Linux computer _in a about 1 minute_. Some of the more popular uses of Vaultron are: - Getting acquainted with Vault - Evaluating specific Vault features - Issue reproduction and troubleshooting - Testing - ‼️ **NOT PRODUCTION** ‼️ ## How? Terraform assembles individual pieces to form Vaultron from the official [Vault Docker image](https://hub.docker.com/_/vault/) and [Consul Docker image](https://hub.docker.com/_/consul/). Consul is used for storage by default, but there is also an integrated storage formula for [Raft storage](https://www.vaultproject.io/docs/configuration/storage/raft) as well. Consult the [Advanced Examples](#Advanced-Examples) section for more details on using the Raft storage flavor. ### Prerequisites > **NOTE**: **Vaultron only supports Terraform version 0.12.0 and beyond** and is incompatible with previous Terraform versions. Install the following on your Docker host where you will form Vaultron. - [Docker CE for Linux](https://docs.docker.com/v17.12/install/#server) **or** - [Docker Desktop for macOS](https://www.docker.com/products/docker-desktop) - Last tested with version 2.3.0.4 - Last tested with Engine version: 19.03.12 - [Consul](https://www.consul.io/) - [OSS consul binaries](https://releases.hashicorp.com/consul) - Vaultron's Docker image uses the latest Consul OSS version by default; you should have the latest `consul` binary installed on your Docker host - [Terraform](https://www.terraform.io/) (version 0.12.0+ required) - Last tested with version 0.13.1 - [OSS terraform binaries](https://releases.hashicorp.com/terraform/) - **NOTE:** macOS Catalina users might need to refer to this [Terraform issue](https://github.com/hashicorp/terraform/issues/23033#issuecomment-542302933) - [Vault](https://www.vaultproject.io/) - [Install Vault](https://learn.hashicorp.com/vault/getting-started/install) - [OSS vault binarie