I'm trying to set up Consul with Vault for secrets management for Postgres with Docker. Here is my configuration
Dokcerfile:
FROM python:3.6-slim
ENV VAULT_VERSION 0.11.1
ENV CONSUL_VERSION 1.2.3
RUN apt-get update \
&& apt-get install -y \
build-essential \
git \
curl \
wget \
vim \
net-tools \
iputils-ping \
dnsutils \
zip \
unzip \
&& wget -O /tmp/vault.zip "https://releases.hashicorp.com/vault/${VAULT_VERSION}/vault_${VAULT_VERSION}_linux_amd64.zip" \
&& unzip -d /bin /tmp/vault.zip \
&& chmod 755 /bin/vault \
&& rm /tmp/vault.zip \
&& wget -O /tmp/consul.zip "https://releases.hashicorp.com/consul/${CONSUL_VERSION}/consul_${CONSUL_VERSION}_linux_amd64.zip" \
&& unzip -d /bin /tmp/consul.zip \
&& chmod 755 /bin/consul \
&& rm /tmp/consul.zip \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
docker-compose.yml:
version: '3.6'
services:
consul:
container_name: consul.server
command: agent -server -bind 0.0.0.0 -client 0.0.0.0 -bootstrap-expect=1
image: consul:latest
volumes:
- ./config/consul/config:/consul/config
ports:
- "9300:9300"
- "9500:9500"
- "9600:9600/udp"
networks:
- consul_network
vault:
container_name: vault.server
image: vault
ports:
- "9200:8200"
cap_add:
- IPC_LOCK
depends_on:
- consul
environment:
- VAULT_LOCAL_CONFIG={"backend":{"consul":{"address":"${LOCAL_IP}:9500","advertise_addr":"http://${LOCAL_IP}", "path":"vault/"}},"listener":{"tcp":{"address":"0.0.0.0:8200","tls_disable":1}}}
command: server
networks:
- consul_network
db:
image: postgres:10.5-alpine
volumes:
- postgres_data:/var/lib/postgresql/data/
environment:
- CONSUL_HTTP_ADDR=${LOCAL_IP}:9500
- VAULT_ADDR=http://${LOCAL_IP}:9200
networks:
- consul_network
- database_network
networks:
consul_network:
driver: bridge
database_network:
driver: bridge
volumes:
postgres_data:
And also I'm keeping LOCAL_IP in .env file:
LOCAL_IP=10.0.2.15
(I'm developing on Vagrant machine hence the address). I was following this tutorial and I assume db container should have access to both consule.server and vault.server from but it doesn't. (?)
Secondly, I've connected into vault.server and tried to get vault status which responded with
Error checking seal status: Get https://127.0.0.1:8200/v1/sys/seal-status: http: server gave HTTP response to HTTPS client
I have just started learning about Docker and frankly I don't even know where to begin looking for some answers so if anyone could give me direction I'd be more than grateful.
Cheers.