Skip to content
This repository was archived by the owner on Nov 1, 2023. It is now read-only.

Commit 663883e

Browse files
tonynvtonynv
committed
Reordered Bootstraping so Consul Client is installed prior to Vault
1 parent 23adf95 commit 663883e

File tree

4 files changed

+36
-44
lines changed

4 files changed

+36
-44
lines changed

scripts/vault-upstart.conf

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
\description "Vault"
1+
description "Vault"
22
start on runlevel [2345]
33
stop on runlevel [!2345]
44

@@ -9,5 +9,5 @@ console log
99
script
1010
# Make sure to use all our CPUs, because Vault can block a scheduler thread
1111
export GOMAXPROCS=`nproc`
12-
vault server -config /etc/vault.d/vault.hcl
12+
exec vault server -config /etc/vault.d/vault.hcl
1313
end script

scripts/vault.hcl

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
backend "consul" {
2-
address = "__CONSULSEED__:8500"
2+
address = "consul.service.consul:8500"
33
path = "vault/"
44
}
55

templates/quickstart-hashicorp-vault-master.template

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
{
22
"AWSTemplateFormatVersion": "2010-09-09",
3-
"Description": "Hashicorp Consul+Vault template seed, License: Apache 2.0 (Please do not remove) Oct,31,2016",
3+
"Description": "Hashicorp Consul+Vault template seed, License: Apache 2.0 (Please do not remove) Nov,3,2016",
44
"Metadata": {
55
"AWS::CloudFormation::Interface": {
66
"ParameterGroups": [{

templates/quickstart-hashicorp-vault.template

Lines changed: 32 additions & 40 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
{
22
"AWSTemplateFormatVersion": "2010-09-09",
3-
"Description": "QS(0037) HashiCorp Consul License: Apache 2.0 (Please do not remove) Oct,31,2016",
3+
"Description": "QS(0037) HashiCorp Consul License: Apache 2.0 (Please do not remove) Nov,3,2016",
44
"Parameters": {
55
"KeyPair": {
66
"Description": "Name of an existing EC2 KeyPair to enable SSH access to the instances",
@@ -349,11 +349,12 @@
349349
"owner": "root",
350350
"group": "root"
351351
},
352-
"/etc/init/vault-upstart.conf": {
352+
"/etc/init/vault.conf": {
353353
"source": "https://s3.amazonaws.com/quickstart-reference/hashicorp/vault/latest/scripts/vault-upstart.conf",
354354
"mode": "000700",
355355
"owner": "root",
356-
"group": "root"
356+
"group": "root",
357+
"command": "echo 'export VAULT_ADDR=http://127.0.0.1:8200' > /etc/profile.d/vault.sh"
357358
}
358359
},
359360
"commands": {
@@ -365,10 +366,7 @@
365366
"run_vault": {
366367
"commands": {
367368
"01_register_vault_binary": {
368-
"command": "chmod 755 vault",
369-
"command": "update-rc.d vault defaults",
370-
"command": "update-rc.d vault enable",
371-
"cwd": "/etc/init.d/"
369+
"command": "start vault",
372370
}
373371
}
374372
}
@@ -411,12 +409,18 @@
411409
"Fn::Join": [
412410
"", [
413411
"#!/bin/bash -x\n",
414-
"mkdir -p /opt/vault/policies/ /opt/vault/scripts/ /etc/vault.d/\n",
415412
"apt-get -y update\n",
416-
"#install the cfn-init tools\n",
417-
"apt-get -y install python-pip\n",
418-
"pip install pyOpenSSL ndg-httpsclient pyasn1\n",
413+
"apt-get -y install python-setuptools\n",
419414
"easy_install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz\n",
415+
"mkdir -p /opt/vault/policies/ /opt/vault/scripts/ /etc/vault.d/\n",
416+
"SEEDIP=\"",
417+
{
418+
"Ref": "ConsulSeedPrivateIP"
419+
},"\"\n",
420+
"wget https://s3.amazonaws.com/quickstart-reference/hashicorp/consul/latest/scripts/consul_client_bootstrap.sh\n",
421+
"chmod 755 ./consul_client_bootstrap.sh\n",
422+
"./consul_client_bootstrap.sh --s3url https://s3.amazonaws.com --s3bucket quickstart-reference --s3prefix hashicorp/consul/latest --seedip ${SEEDIP}",
423+
"\n",
420424
"/usr/local/bin/cfn-init",
421425
" --verbose ",
422426
" --stack ", {
@@ -427,15 +431,6 @@
427431
" --region ", {
428432
"Ref": "AWS::Region"
429433
}, "\n",
430-
"CONSULSEED=\"",
431-
{
432-
"Ref": "ConsulSeedPrivateIP"
433-
},"\"\n",
434-
"sed -i -e s/__CONSULSEED__/${CONSULSEED}/ /etc/vault.d/vault.hcl",
435-
"\n",
436-
"echo \"Starting Vault Server \" \n",
437-
"vault server -config /etc/vault.d/vault.hcl",
438-
"\n",
439434
"/usr/local/bin/cfn-signal -e $? ",
440435
" --stack ", {
441436
"Ref": "AWS::StackName"
@@ -531,7 +526,7 @@
531526
"commands": {
532527
"01_run_awslogs_agent_setup.py": {
533528
"command": {
534-
"Fn::Sub": ["python /usr/local/awslogs-agent-setup.py -n -r ${Region} -c https://s3.amazonaws.com/quickstart-reference/hashicorp/vault/latest/scripts/vault/awslogs-config-file", {
529+
"Fn::Sub": ["python /usr/local/awslogs-agent-setup.py -n -r ${Region} -c https://s3.amazonaws.com/quickstart-reference/hashicorp/vault/latest/scripts/awslogs-config-file", {
535530
"Region": {
536531
"Ref": "AWS::Region"
537532
}
@@ -549,16 +544,17 @@
549544
},
550545
"files": {
551546
"/etc/vault.d/vault.hcl": {
552-
"source": "https://s3.amazonaws.com/quickstart-reference/hashicorp/vault/latest/scripts/vault/vault.hcl",
547+
"source": "https://s3.amazonaws.com/quickstart-reference/hashicorp/vault/latest/scripts/vault.hcl",
553548
"mode": "000700",
554549
"owner": "root",
555550
"group": "root"
556551
},
557-
"/etc/init/vault-upstart.conf": {
558-
"source": "https://s3.amazonaws.com/quickstart-reference/hashicorp/vault/latest/scripts/vault/vault-upstart.conf",
552+
"/etc/init/vault.conf": {
553+
"source": "https://s3.amazonaws.com/quickstart-reference/hashicorp/vault/latest/scripts/vault-upstart.conf",
559554
"mode": "000700",
560555
"owner": "root",
561-
"group": "root"
556+
"group": "root",
557+
"command": "echo 'export VAULT_ADDR=http://127.0.0.1:8200' > /etc/profile.d/vault.sh"
562558
}
563559
},
564560
"commands": {
@@ -570,10 +566,8 @@
570566
"run_vault": {
571567
"commands": {
572568
"01_register_vault_binary": {
573-
"command": "chmod 755 vault",
574-
"command": "update-rc.d vault defaults",
575-
"command": "update-rc.d vault enable",
576-
"cwd": "/etc/init.d/" }
569+
"command": "start vault",
570+
}
577571
}
578572
}
579573
}
@@ -618,9 +612,16 @@
618612
"mkdir -p /opt/vault/policies/ /opt/vault/scripts/ /etc/vault.d/\n",
619613
"apt-get -y update\n",
620614
"#install the cfn-init tools\n",
621-
"apt-get -y install python-pip\n",
622-
"pip install pyOpenSSL ndg-httpsclient pyasn1\n",
615+
"apt-get install python-setuptools\n",
623616
"easy_install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz\n",
617+
"SEEDIP=\"",
618+
{
619+
"Ref": "ConsulSeedPrivateIP"
620+
},"\"\n",
621+
"wget https://s3.amazonaws.com/quickstart-reference/hashicorp/consul/latest/scripts/consul_client_bootstrap.sh\n",
622+
"chmod 755 ./consul_client_bootstrap.sh\n",
623+
"./consul_client_bootstrap.sh --s3url https://s3.amazonaws.com --s3bucket quickstart-reference --s3prefix hashicorp/consul/latest --seedip ${SEEDIP}",
624+
"\n",
624625
"/usr/local/bin/cfn-init",
625626
" --verbose ",
626627
" --stack ", {
@@ -631,15 +632,6 @@
631632
" --region ", {
632633
"Ref": "AWS::Region"
633634
}, "\n",
634-
"CONSULSEED\"=",
635-
{
636-
"Ref": "ConsulSeedPrivateIP"
637-
},"\"\n",
638-
"sed -i -e s/__CONSULSEED__/${CONSULSEED}/ /etc/vault.d/vault.hcl",
639-
"\n",
640-
"echo \"Starting Vault Server \" \n",
641-
"vault server -config /etc/vault.d/vault.hcl",
642-
"\n",
643635
"/usr/local/bin/cfn-signal -e $? ",
644636
" --stack ", {
645637
"Ref": "AWS::StackName"

0 commit comments

Comments
 (0)