Hashicorp Vault 在重启后停止初始化
Hashicorp Vault stops being initialised after reboot
出于某些测试目的,我在单个 AWS EC2 实例上安装了带有 Consul 的 Vault 作为后端。我成功地初始化并解封了它。一切正常,我可以进行测试。
但是每次我停止 EC2 实例并再次启动它时,Vault 都没有初始化(命令 vault status 显示 "Initialised" - "false")。结果我需要再次初始化 Vault 并丢失我所有的秘密。
有没有办法在停止 EC2 实例并重新启动后保持 Vault 被初始化?
保管库配置文件:
- config.hcl
storage "consul" {
address = "127.0.0.1:8500"
path = "vault/"
}
listener "tcp" {
address = "0.0.0.0:8200"
tls_disable = 1
}
ui = true
- vault.service
[Unit]
Description="Hashicorp Vault - A tool for managing secrets"
Documentation=https://www.vaultproject.io/docs/
ConditionFileNotEmpty=/etc/vault.d/config.hcl
[Service]
ExecStart=/usr/bin/vault server -config=/etc/vault.d/config.hcl
ExecReload=/bin/kill --signal HUP $MAINIP
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
领事配置文件:
- consul.hcl
datacenter = "dc1"
data_dir = "/tmp/consul"
encrypt = ""
- server.hcl
datacenter = "dc1"
data_dir = "/tmp/consul"
encrypt = ""
- consul.service
[Unit]
Description=Consul
Documentation=https://www.consul.io/
[Service]
ExecStart=/usr/bin/consul agent -ui -config-dir=/etc/consul.d/
ExecReload=/bin/kill -HUP $MAINIP
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
如有任何想法,我们将不胜感激。
Vault 正在利用 Consul 来存储其数据,但是您让 Consul 将该数据存储在 /tmp 中,这是一个易变的目录,在重新启动时会被清空。
datacenter = "dc1"
data_dir = "/tmp/consul"
encrypt = ""
尝试将 data_dir 更改为 /var/consul
出于某些测试目的,我在单个 AWS EC2 实例上安装了带有 Consul 的 Vault 作为后端。我成功地初始化并解封了它。一切正常,我可以进行测试。
但是每次我停止 EC2 实例并再次启动它时,Vault 都没有初始化(命令 vault status 显示 "Initialised" - "false")。结果我需要再次初始化 Vault 并丢失我所有的秘密。
有没有办法在停止 EC2 实例并重新启动后保持 Vault 被初始化?
保管库配置文件:
- config.hcl
storage "consul" {
address = "127.0.0.1:8500"
path = "vault/"
}
listener "tcp" {
address = "0.0.0.0:8200"
tls_disable = 1
}
ui = true
- vault.service
[Unit]
Description="Hashicorp Vault - A tool for managing secrets"
Documentation=https://www.vaultproject.io/docs/
ConditionFileNotEmpty=/etc/vault.d/config.hcl
[Service]
ExecStart=/usr/bin/vault server -config=/etc/vault.d/config.hcl
ExecReload=/bin/kill --signal HUP $MAINIP
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
领事配置文件:
- consul.hcl
datacenter = "dc1"
data_dir = "/tmp/consul"
encrypt = ""
- server.hcl
datacenter = "dc1"
data_dir = "/tmp/consul"
encrypt = ""
- consul.service
[Unit]
Description=Consul
Documentation=https://www.consul.io/
[Service]
ExecStart=/usr/bin/consul agent -ui -config-dir=/etc/consul.d/
ExecReload=/bin/kill -HUP $MAINIP
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
如有任何想法,我们将不胜感激。
Vault 正在利用 Consul 来存储其数据,但是您让 Consul 将该数据存储在 /tmp 中,这是一个易变的目录,在重新启动时会被清空。
datacenter = "dc1"
data_dir = "/tmp/consul"
encrypt = ""
尝试将 data_dir 更改为 /var/consul