我正在尝试创建一个由 3 个节点的 Consul 集群支持的 Vault 网络。我创建了一个由 3 个 Consul 服务器组成的集群,并且一个 Consul 客户端已连接到该集群。现在我正在尝试将
Vault 服务器连接到 Consul 客户端,但客户端总是拒绝连接。
2021-12-03T12:59:27.578Z [WARN] storage migration check error: error="Get \"http://consul_c1:8501/v1/kv/vault/core/migration\": dial tcp 192.168.48.3:8501: connect: connection refused"
我在 docker compose 中构建了所有内容。这是我的领事服务器配置:
consul_s1.json
{
"server": true,
"node_name": "consul_s1",
"datacenter": "dc1",
"bind_addr": "0.0.0.0",
"client_addr": "0.0.0.0",
"bootstrap_expect": 3,
"data_dir": "/consul/data",
"retry_join": ["consul_s2", "consul_s3"],
"log_level": "DEBUG",
"ui": true
}
consul_s2.json
{
"server": true,
"node_name": "consul_s2",
"datacenter": "dc1",
"bind_addr": "0.0.0.0",
"client_addr": "0.0.0.0",
"bootstrap_expect": 3,
"data_dir": "/consul/data",
"retry_join": ["consul_s1", "consul_s3"],
"log_level": "DEBUG",
"ui": true
}
consul_s3.json
{
"server": true,
"node_name": "consul_s3",
"datacenter": "dc1",
"bind_addr": "0.0.0.0",
"client_addr": "0.0.0.0",
"bootstrap_expect": 3,
"data_dir": "/consul/data",
"retry_join": ["consul_s1", "consul_s2"],
"log_level": "DEBUG",
"ui": true
}
和领事客户端配置是:
consul_c1.json
{
"node_name": "consul_c1",
"datacenter": "dc1",
"bind_addr": "0.0.0.0",
"retry_join": ["consul_s1", "consul_s2", "consul_s3"],
"data_dir": "/consul/data"
}
和保险库的配置:
vault_s1.json
{
"backend": {
"consul": {
"address": "consul_c1:8501",
"path": "vault/"
}
},
"listener": {
"tcp":{
"address": "0.0.0.0:8200",
"tls_disable": 1
}
},
"ui": true
}
这是码头工人撰写文件
version: '3.7'
services:
consul_s1:
image: consul:1.10.4
container_name: consul_s1
restart: always
volumes:
- ./consul/consul_s1/config/consul_s1.json:/consul/config/consul_s1.json:ro
networks:
- consul
ports:
- '8500:8500'
- '8600:8600/tcp'
- '8600:8600/udp'
command: 'agent'
consul_s2:
image: consul:1.10.4
container_name: consul_s2
restart: always
volumes:
- ./consul/consul_s2/config/consul_s2.json:/consul/config/consul_s2.json:ro
networks:
- consul
command: 'agent'
consul_s3:
image: consul:1.10.4
container_name: consul_s3
restart: always
volumes:
- ./consul/consul_s3/config/consul_s3.json:/consul/config/consul_s3.json:ro
networks:
- consul
command: 'agent'
consul_c1:
image: consul:1.10.4
container_name: consul_c1
restart: always
ports:
- 8501:8500
volumes:
- ./consul/consul_c1/config/consul_c1.json:/consul/config/consul_c1.json:ro
networks:
- consul
command: 'agent'
vault:
image: vault:latest
container_name: vault_s1
ports:
- 8200:8200
volumes:
- ./vault/vault_s1/config/vault_s1.json:/vault/config/vault_s1.json
- ./vault/vault_s1/policies:/vault/policies
- ./vault/vault_s1/data:/vault/data
- ./vault/vault_s1/logs:/vault/logs
environment:
- VAULT_ADDR=http://127.0.0.1:8200
networks:
- consul
command: server -config=/vault/config/vault_s1.json
cap_add:
- IPC_LOCK
depends_on:
- consul_s1
networks:
consul:
driver: bridge