0

I'm trying to set up Consul with Vault for secrets management for Postgres with Docker. Here is my configuration

Dokcerfile:

FROM python:3.6-slim

ENV VAULT_VERSION 0.11.1
ENV CONSUL_VERSION 1.2.3

RUN apt-get update \
  && apt-get install -y \
     build-essential \
     git \
     curl \
     wget \
     vim \
     net-tools \
     iputils-ping \
     dnsutils \
     zip \
     unzip \
  && wget -O /tmp/vault.zip "https://releases.hashicorp.com/vault/${VAULT_VERSION}/vault_${VAULT_VERSION}_linux_amd64.zip" \
  && unzip -d /bin /tmp/vault.zip \
  && chmod 755 /bin/vault \
  && rm /tmp/vault.zip \
  && wget -O /tmp/consul.zip "https://releases.hashicorp.com/consul/${CONSUL_VERSION}/consul_${CONSUL_VERSION}_linux_amd64.zip" \
  && unzip -d /bin /tmp/consul.zip \
  && chmod 755 /bin/consul \
  && rm /tmp/consul.zip \
  && apt-get clean \
  && rm -rf /var/lib/apt/lists/*

docker-compose.yml:

version: '3.6'

services:
  consul:
  container_name: consul.server
  command: agent -server -bind 0.0.0.0 -client 0.0.0.0 -bootstrap-expect=1
  image: consul:latest
  volumes:
    - ./config/consul/config:/consul/config
  ports:
    - "9300:9300"
    - "9500:9500"
    - "9600:9600/udp"
  networks:
    - consul_network

vault:
  container_name: vault.server
  image: vault
  ports:
    - "9200:8200"
  cap_add:
    - IPC_LOCK
  depends_on:
    - consul
  environment:
    - VAULT_LOCAL_CONFIG={"backend":{"consul":{"address":"${LOCAL_IP}:9500","advertise_addr":"http://${LOCAL_IP}", "path":"vault/"}},"listener":{"tcp":{"address":"0.0.0.0:8200","tls_disable":1}}}
  command: server
  networks:
    - consul_network

db:
  image: postgres:10.5-alpine
  volumes:
    - postgres_data:/var/lib/postgresql/data/
  environment:
    - CONSUL_HTTP_ADDR=${LOCAL_IP}:9500
    - VAULT_ADDR=http://${LOCAL_IP}:9200
  networks:
    - consul_network
    - database_network

networks:
  consul_network:
    driver: bridge
  database_network:
    driver: bridge

volumes:
  postgres_data:

And also I'm keeping LOCAL_IP in .env file:

LOCAL_IP=10.0.2.15

(I'm developing on Vagrant machine hence the address). I was following this tutorial and I assume db container should have access to both consule.server and vault.server from but it doesn't. (?)

Secondly, I've connected into vault.server and tried to get vault status which responded with 

Error checking seal status: Get https://127.0.0.1:8200/v1/sys/seal-status: http: server gave HTTP response to HTTPS client

I have just started learning about Docker and frankly I don't even know where to begin looking for some answers so if anyone could give me direction I'd be more than grateful.

Cheers.

kebie
  • 141
  • 1
  • 1
  • 6

1 Answers1

1

The VAULT_ADDR environment variable needs to be set to http://127.0.0.1:8200

When normally starting the vault server you'd see this in the output when running with TLS disabled:

You may need to set the following environment variable:

    $ export VAULT_ADDR='http://127.0.0.1:8200'
OverlordQ
  • 31
  • 2
  • Thanks for the answer, but it seems that it's changed nothing. Should I replace all of {LOCAL_IP} with 127.0.0.1? And if so could you explain why? – kebie Oct 02 '18 at 16:06