Day 13. Hashicorp Vault: HA with Integrated Storage

13th鐵人賽

南風~~

2021-09-13 23:21:58

1290 瀏覽

分享至

Hashicorp Vault: HA with Integrated Storage

昨天有提到HA的storage由Consul改為Integrated Storage,Vault資料儲存是儲放在local上，再透過Raft Consensus Algorithm與其他node做溝通。

設定

官方強烈建議設定disable_mlock = true

...

disable_mlock = true  #官方強烈建議
storage "raft" {
  performance_multiplier = 1
  path    = "/vault/data"
  node_id = "vault-01"
  
  retry_join {
    leader_api_addr = "https://10.x.x.1:8200"
    leader_ca_cert_file = "/vault/ssl/ca.cer"
    leader_client_cert_file = "/vault/ssl/cert.crt"
    leader_client_key_file = "/vault/ssl/public.key"
  }
  retry_join {
    leader_api_addr = "https://10.x.x.2:8200"
    leader_ca_cert_file = "/vault/ssl/ca2.cer"
    leader_client_cert_file = "/vault/ssl/cert2.crt"
    leader_client_key_file = "/vault/ssl/public2.key"
  }
  retry_join {
    leader_api_addr = "https://10.x.x.3:8200"
    leader_ca_cert_file = "/vault/ssl/ca3.cer"
    leader_client_cert_file = "/vault/ssl/cert3.crt"
    leader_client_key_file = "/vault/ssl/public3.key"
  }
  
}

...