3 node vault docker container cluster & backend as consul. Using supervisor instead of dumb init process !

--- Before we start, please make sure consul cluster is ready ---

Below are the steps for vault :

Steps to install vault:( as root users on physical machine or VM ) Download binary file Download binary files for your system based on your operating system type from download link

we are downloading vault for Linux 64 bit operating system

$ wget https://releases.hashicorp.com/vault/0.7.3/vault_0.7.3_linux_amd64.zip

Saving to: ‘vault_0.7.3_linux_amd64.zip’

Unzip vault file $ unzip vault_0.7.3_linux_amd64.zip

$ unzip vault_0.7.3_linux_amd64.zip Archive: vault_0.7.3_linux_amd64.zip inflating: vault Copy vault binary file PATH location or /usr/local/bin $ sudo cp –avr vault /usr/local/bin

$ sudo cp -avr vault /usr/local/bin ‘vault’ -> ‘/usr/local/bin/vault’ Verify vault installation by using below command $ vault version

$ vault version Vault v0.7.3 ('0b20ae0b9b7a748d607082b1add3663a28e31b68')

$yum update -y && yum install docker* ( For CE )

Next setp would be vault start & initialization,as per below. $vault server -config=/etc/vault.json & OR you can create the bash shell script for starting and stopping i.e deamon $vault init

Once, you execute above command it will generate unseal key and root token. Take it in notepad and kill the vault process $kill %1 OR vault process id

Create the docker file, supervisor and vault config file, you can take the reference from existing files.

e.g $ls [root@chefclient1 ubuntu]# ls -lhtr total 12K -rw-r--r--. 1 root root 620 Jan 17 16:43 dockerfile -rw-r--r--. 1 root root 202 Jan 23 16:11 vaultconfig.hcl -rw-r--r--. 1 root root 543 Jan 23 16:19 supervisord.conf

$docker build -t prodvault:1 .

$docker run -d -p 8200:8200 --name=<> <>

$docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 0e8bc825f2e2 2fb86aedc172 "/bin/sh -c 'supervis" 29 minutes ago Up 29 minutes 0.0.0.0:8200->8200/tcp prodvault9425343

[root@0e8bc825f2e2 /]# vault status Sealed: false Key Shares: 5 Key Threshold: 3 Unseal Progress: 0 Unseal Nonce: Version: 0.7.3 Cluster Name: vault-cluster-853fbc39 Cluster ID: 4d7a74b6-1662-c36e-9d25-c82046b8b19f

High-Availability Enabled: true Mode: active Leader: http://192.168.56.101:8200

[root@0e8bc825f2e2 /]# vault write secret/artificial value="example" Success! Data written to: secret/artificial [root@0e8bc825f2e2 /]# vault read secret/artificial Key Value

refresh_interval 768h0m0s value example

artificial satish

It looks good for first docker container ( Active ), follow the same for remaing docker container and see the status ( i.e standby )

Enjoy !!