0

我正在尝试创建一个由 3 个节点的 Consul 集群支持的 Vault 网络。我创建了一个由 3 个 Consul 服务器组成的集群,并且一个 Consul 客户端已连接到该集群。现在我正在尝试将
Vault 服务器连接到 Consul 客户端,但客户端总是拒绝连接。

2021-12-03T12:59:27.578Z [WARN] storage migration check error: error="Get \"http://consul_c1:8501/v1/kv/vault/core/migration\": dial tcp 192.168.48.3:8501: connect: connection refused"

我在 docker compose 中构建了所有内容。这是我的领事服务器配置:

consul_s1.json
{
  "server": true,
  "node_name": "consul_s1",
  "datacenter": "dc1",
  "bind_addr": "0.0.0.0",
  "client_addr": "0.0.0.0",
  "bootstrap_expect": 3,
  "data_dir": "/consul/data",
  "retry_join": ["consul_s2", "consul_s3"],
  "log_level": "DEBUG",
  "ui": true
}

consul_s2.json
{
  "server": true,
  "node_name": "consul_s2",
  "datacenter": "dc1",
  "bind_addr": "0.0.0.0",
  "client_addr": "0.0.0.0",
  "bootstrap_expect": 3,
  "data_dir": "/consul/data",
  "retry_join": ["consul_s1", "consul_s3"],
  "log_level": "DEBUG",
  "ui": true
}

consul_s3.json
{
  "server": true,
  "node_name": "consul_s3",
  "datacenter": "dc1",
  "bind_addr": "0.0.0.0",
  "client_addr": "0.0.0.0",
  "bootstrap_expect": 3,
  "data_dir": "/consul/data",
  "retry_join": ["consul_s1", "consul_s2"],
  "log_level": "DEBUG",
  "ui": true
}

和领事客户端配置是:

consul_c1.json
{
  "node_name": "consul_c1",
  "datacenter": "dc1",
  "bind_addr": "0.0.0.0",
  "retry_join": ["consul_s1", "consul_s2", "consul_s3"],
  "data_dir": "/consul/data"
}

和保险库的配置:

vault_s1.json
{
  "backend": {
    "consul": {
      "address": "consul_c1:8501",
      "path": "vault/"
    }
  },
  "listener": {
    "tcp":{
      "address": "0.0.0.0:8200",
      "tls_disable": 1
    }
  },
  "ui": true
}

这是码头工人撰写文件

version: '3.7'

services:
  consul_s1:
    image: consul:1.10.4
    container_name: consul_s1
    restart: always
    volumes:
      - ./consul/consul_s1/config/consul_s1.json:/consul/config/consul_s1.json:ro
    networks:
      - consul
    ports:
      - '8500:8500'
      - '8600:8600/tcp'
      - '8600:8600/udp'
    command: 'agent'

  consul_s2:
    image: consul:1.10.4
    container_name: consul_s2
    restart: always
    volumes:
      - ./consul/consul_s2/config/consul_s2.json:/consul/config/consul_s2.json:ro
    networks:
      - consul
    command: 'agent'

  consul_s3:
    image: consul:1.10.4
    container_name: consul_s3
    restart: always
    volumes:
      - ./consul/consul_s3/config/consul_s3.json:/consul/config/consul_s3.json:ro
    networks:
      - consul
    command: 'agent'

  consul_c1:
    image: consul:1.10.4
    container_name: consul_c1
    restart: always
    ports:
      - 8501:8500
    volumes:
      - ./consul/consul_c1/config/consul_c1.json:/consul/config/consul_c1.json:ro
    networks:
      - consul
    command: 'agent'

  vault:
    image: vault:latest
    container_name: vault_s1
    ports:
      - 8200:8200
    volumes:
      - ./vault/vault_s1/config/vault_s1.json:/vault/config/vault_s1.json
      - ./vault/vault_s1/policies:/vault/policies
      - ./vault/vault_s1/data:/vault/data
      - ./vault/vault_s1/logs:/vault/logs
    environment:
      - VAULT_ADDR=http://127.0.0.1:8200
    networks:
      - consul
    command: server -config=/vault/config/vault_s1.json
    cap_add:
      - IPC_LOCK
    depends_on:
      - consul_s1

networks:
  consul:
    driver: bridge
4

1 回答 1

0

尝试在 Consul 客户端上设置“client_addr”配置。默认情况下它是本地主机。HTTP 接口将使用此地址,如果它仅在 localhost 上侦听,则 Vault 可能无法与客户端通信,因为您已将 Vault 配置为在不同的网络接口上访问它。

https://www.consul.io/docs/agent/options#_client

于 2021-12-03T14:22:18.210 回答