iT邦幫忙

2021 iThome 鐵人賽
DAY 25
0
DevOps

Hashicorp Jot Notes系列 第 25

Day 25. Hashicorp Vault: Diagnose Vault server

13th鐵人賽 hashicorp vault
930 瀏覽

Hashicorp Vault: Diagnose Vault server

這是Vault 1.8 的新功能,能幫助在Vault server啟動前先診斷狀況,例如: OS open file limit, OS disk usage, Vault server configuration等等,診斷狀態分為三種:
success: 檢查成功。
warning: 檢查通過,但有潛在的問題需要排除。
failure: 檢查失敗。

用法

$ vault operator diagnose -config vault-server.hcl

Vault v1.8.2 (4eg99f1rthet5467i9a356uyk43yjutyfg456)

Results:
[ warning ] Vault Diagnose
  [ warning ] Check Operating System
    [ success ] Check Open File Limits: Open file limits are set to 655350.
    [ success ] Check Disk Usage: / usage ok.
    [ warning ] Check Disk Usage: /dev is %!d(float64=100) percent full.
      It is recommended to have more than five percent of the partition free.
    [ success ] Check Disk Usage: /System/Volumes/VM usage ok.
    [ success ] Check Disk Usage: /System/Volumes/Preboot usage ok.
    [ success ] Check Disk Usage: /System/Volumes/Update usage ok.
    [ success ] Check Disk Usage: /System/Volumes/Data usage ok.
    [ warning ] Check Disk Usage: /System/Volumes/Data/home has %d bytes full.
      It is recommended to have at least 1 GB of space free per partition.
  [ success ] Parse Configuration
  [ success ] Check Storage
    [ success ] Create Storage Backend
    [ success ] Check Storage Access
  [ skipped ] Check Service Discovery: No service registration configured.
  [ success ] Create Vault Server Configuration Seals
  [ skipped ] Check Transit Seal TLS: No transit seal found in seal configuration.
  [ success ] Create Core Configuration
    [ success ] Initialize Randomness for Core
  [ success ] HA Storage
    [ success ] Create HA Storage Backend
    [ skipped ] Check HA Consul Direct Storage Access: No HA storage stanza is configured.
  [ success ] Determine Redirect Address
  [ success ] Check Cluster Address: Cluster address is logically valid and can be found.
  [ success ] Check Core Creation
  [ skipped ] Check For Autoloaded License: License check will not run on OSS Vault.
  [ warning ] Start Listeners
    [ warning ] Check Listener TLS: Listener at address 10.x.x.x:8200: TLS is disabled in a listener config stanza.
    [ success ] Create Listeners
  [ skipped ] Check Autounseal Encryption: Skipping barrier encryption test. Only supported for auto-unseal.
  [ success ] Check Server Before Runtime
  [ success ] Finalize Shamir Seal

上一篇
Day 24. Hashicorp Vault: PKI issue limit
下一篇
Day 26. Hashicorp Vault: Rate Limit
系列文
Hashicorp Jot Notes30
  1. 26
    Day 26. Hashicorp Vault: Rate Limit
  2. 27
    Day 27. Hashicorp Vault: Install Vault on Kubernetes
  3. 28
    Day 28. Hachicorp Consul: Server configuration for production
  4. 29
    Day 29. Hashicorp Consul: Upgrade
  5. 30
    Day 30. 參賽心得
完整目錄
圖片
  直播研討會
圖片
{{ item.channelVendor }} {{ item.webinarstarted }} |
{{ formatDate(item.duration) }}
直播中

尚未有邦友留言

立即登入留言
iThome鐵人賽
參賽組數
1123
團體組數
52
累計文章數
23096
完賽人數
656
iT+看影片追技術 看影片追技術 看更多
熱門tag 看更多
15th鐵人賽 13th鐵人賽 14th鐵人賽 12th鐵人賽 11th鐵人賽 鐵人賽 2019鐵人賽 2018鐵人賽 javascript 2017鐵人賽 python windows php c# windows server linux css react 程式設計 vue.js
熱門問題
熱門回答
熱門文章
IT邦幫忙