hoeghh / hashistack Goto Github PK
View Code? Open in Web Editor NEWFrom terraform to Nomad with Consul and Vault
License: MIT License
From terraform to Nomad with Consul and Vault
License: MIT License
Sometimes its nice to force something to run on eg. servers. This could be eg. an ingress controller.
So, we need to add a meta to each VM, given its role ["server", "client"]
We still need Vault in the stack, and we need to figure out if it should be installed on the hosts, or via Nomad.
We would love for Nomad and Vault to integrate. Getting secrets from Vault when deploying a job in Nomad
We need to add some documentation on how this thing works. Like how you get the libvirt plugin ready, setting variables and running it.
Currently everyone can open Consul and peek around.
We would like to have some Access control on Consul.
We should not merge anything to master that terraform doesnt approve. So a github action that checks the code would be great.
Currently everyone can open Nomad and start jobs in the cluster.
We would like to enable Access Control, in an automated way.
Consul should use certificates when running and comminucating. The dummy certificates exist in the certificate folder, but are not used yet. We need to carrie them to the servers, and specify them in the consul configuration. Also, we need to make it easy for people to create their own set of certificates and use those instead.
We need to make a clear warning on the front page, that dummy certificates provided here, should not be used in production or any site that is used. These are intended to be used only to test that this works.
We should add a code of conduct document / link to the project. The CNCF might be a fine fit.
One way we could do it, was to use the http provider to call the vault api
curl --request PUT -k -d '{"secret_shares": 10, "secret_threshold": 5}' https://10.18.3.12:8200/v1/sys/init
{
"keys": [
"7cee5c863cdc806407760655337fd8a01ae9157f4accd16ab54975b4ccf8f6b793",
"7a1be29df49eb5b5ce59bf5638dae7bb3ab38db0b0a2752aeed1433a7ad9805502",
"b65ffc6c0e10623942b94ab0b2b01db692fd4246371478a02320b467fab4d42cdd",
"0ac8af82956a11c0e0040774c2ba437cd24dfcde2c51fdd21e68aa6a9aa7284892",
"6cb7b8a1063be24d1b1ac3dce921ef434f28695a440666cf644cecab0183e3be6c",
"351096581567bdf07acbad41437252469c7867f47da2c9317bdd0d120a87f88e31",
"c8ed982b82e6c2c74391be888e58f863a759201a063ff37ee798dc1c542cae74f7",
"683f89eb3b47a852e27e1753ce17e2c54b5af75cb287db9d422a54b653339cc0d0",
"d4afea4635b8599a9c6e9fad123fd1041d1e42d532d4d40b0856a7288604119fc4",
"94c89a33e8fb0d3d381dc285c6752214c8b34d39e4e9ef9d187b51299e8768b164"
],
"keys_base64": [
"fO5chjzcgGQHdgZVM3/YoBrpFX9KzNFqtUl1tMz49reT",
"ehvinfSetbXOWb9WONrnuzqzjbCwonUq7tFDOnrZgFUC",
"tl/8bA4QYjlCuUqwsrAdtpL9QkY3FHigIyC0Z/q01Czd",
"CsivgpVqEcDgBAd0wrpDfNJN/N4sUf3SHmiqapqnKEiS",
"bLe4oQY74k0bGsPc6SHvQ08oaVpEBmbPZEzsqwGD475s",
"NRCWWBVnvfB6y61BQ3JSRpx4Z/R9oskxe90NEgqH+I4x",
"yO2YK4LmwsdDkb6Ijlj4Y6dZIBoGP/N+55jcHFQsrnT3",
"aD+J6ztHqFLifhdTzhfixUta91yyh9udQipUtlMznMDQ",
"1K/qRjW4WZqcbp+tEj/RBB0eQtUy1NQLCFanKIYEEZ/E",
"lMiaM+j7DT04HcKFxnUiFMizTTnk6e+dGHtRKZ6HaLFk"
],
"root_token": "s.a0EOeHaeXCxrsUZztaWEmFor"
}
So we would run one init, and then x (number of servers) unseal.
Links :
https://www.vaultproject.io/api/system/init
https://www.vaultproject.io/api-docs/system/unseal
https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.