Hashicorp Vault在重新启动后停止初始化

问题描述 投票:0回答:1

出于某些测试目的,我在单个AWS EC2实例上将Consul作为后端安装了Vault。我初始化并成功将其密封。一切正常,我可以进行测试。

但是每当我停止EC2实例并再次启动它时,保管库都不会初始化(命令vault status显示“ Initialised”-“ false”)。结果,我需要再次启动Vault并丢失所有秘密。

在停止EC2实例并再次启动它之后,是否可以使Vault保持初始化?

Vault配置文件:

  • config.hcl
storage "consul" {
    address = "127.0.0.1:8500"
    path    = "vault/"
}

listener "tcp" {
    address  = "0.0.0.0:8200"
    tls_disable = 1
}

ui = true
  • vault.service
[Unit]
Description="Hashicorp Vault - A tool for managing secrets"
Documentation=https://www.vaultproject.io/docs/
ConditionFileNotEmpty=/etc/vault.d/config.hcl

[Service]
ExecStart=/usr/bin/vault server -config=/etc/vault.d/config.hcl
ExecReload=/bin/kill --signal HUP $MAINIP
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target

领事配置文件:

  • consul.hcl
datacenter = "dc1"
data_dir = "/tmp/consul"
encrypt = ""
  • server.hcl
datacenter = "dc1"
data_dir = "/tmp/consul"
encrypt = ""
  • 咨询服务
[Unit]
Description=Consul
Documentation=https://www.consul.io/

[Service]
ExecStart=/usr/bin/consul agent -ui -config-dir=/etc/consul.d/
ExecReload=/bin/kill -HUP $MAINIP
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target

将不胜感激。

configuration consul hashicorp-vault
1个回答
0
投票

Vault使用Consul来存储其数据,但是Consul将该数据存储在/tmp中,该目录是易失性目录,并在重新启动后清空。

datacenter = "dc1"
data_dir = "/tmp/consul"
encrypt = ""

尝试将data_dir更改为类似/var/consul的内容>

© www.soinside.com 2019 - 2024. All rights reserved.