Renew CAs
Finish initial v2 feature parity work
Fix some cert paths in fabio job
This repository contains the tools and utilities used to run my personal Hashistack cluster, which includes Consul, Nomad, and Vault provisioned with Terraform and running on Linode with openSUSE.
artifacts
: Miscellaneous runtime artifacts, intended to be accessible via Minio, S3, or similarcerts
: Consul, Nomad, and Vault all communicate over SSL with their own
certificate authorities, whose certificates are defined here.config
: Various configuration files, mostly for Consul, Nomad, and Vault.firewall
: firewalld service and zone definitions.jobs
: Nomad job definitions.packer
: Packer image file. Not used, but maybe at some point.policies
: Vault policy definitions.scripts
: Scripts to be provisioned on cluster members.services
: systemd service definitions for Consul, Nomad, and Vault.stackscripts
: Linode stackscripts; only one currently, used for the firstsupport
: Helpful files to be provisioned on the support box
step of provisioning new members.terraform
: Terraform definition files, used for provisioning.tools
: Scripts to be used on a support box.In order to view the UIs for Consul, Nomad, and Vault, you need to generate a certificate bundle with the CA's private key for each one, then scp
it to your desktop and import it into your browser. In Firefox, you can go to Preferences -> Privacy & Security -> Certificates -> View Certificates and then import client certificates from the "Your Certificates" pane.
For example, to generate a bundle suitable for use with Nomad, run:
$ generate-client-cert-bundle nomad
OpenSSL will prompt you for a passphrase, and then you should see nomad.p12
in the current directory. This is the file that should be imported to Firefox.
Use the issue-cert
script from tools.
Since Consul is configured to listen for API requests over a Unix socket, you can use a command like this on a Consul node to query its HTTP API:
$ curl --unix-socket /var/run/consul/consul_https.sock http:///api/v1/agent/checks
Use this command to find the largest installed RPM packages, normally used when setting up the Packer build to remove large unneeded packages:
rpm -qa --queryformat '%10{size} - %-25{name} \t %{version}\n' | sort -n
secret/
policies