Miscellaneous files and tools for my personal infrastructure.
Finish initial v2 feature parity work
Fix some cert paths in fabio job


browse  log 



You can also use your local clone with git send-email.

#My Infrastructure

This repository contains the tools and utilities used to run my personal Hashistack cluster, which includes Consul, Nomad, and Vault provisioned with Terraform and running on Linode with openSUSE.

#Folder overview

  • artifacts: Miscellaneous runtime artifacts, intended to be accessible via Minio, S3, or similar
  • certs: Consul, Nomad, and Vault all communicate over SSL with their own certificate authorities, whose certificates are defined here.
  • config: Various configuration files, mostly for Consul, Nomad, and Vault.
  • firewall: firewalld service and zone definitions.
  • jobs: Nomad job definitions.
  • packer: Packer image file. Not used, but maybe at some point.
  • policies: Vault policy definitions.
  • scripts: Scripts to be provisioned on cluster members.
  • services: systemd service definitions for Consul, Nomad, and Vault.
  • stackscripts: Linode stackscripts; only one currently, used for the first
  • support: Helpful files to be provisioned on the support box step of provisioning new members.
  • terraform: Terraform definition files, used for provisioning.
  • tools: Scripts to be used on a support box.

#Viewing the UIs

In order to view the UIs for Consul, Nomad, and Vault, you need to generate a certificate bundle with the CA's private key for each one, then scp it to your desktop and import it into your browser. In Firefox, you can go to Preferences -> Privacy & Security -> Certificates -> View Certificates and then import client certificates from the "Your Certificates" pane.

For example, to generate a bundle suitable for use with Nomad, run:

$ generate-client-cert-bundle nomad

OpenSSL will prompt you for a passphrase, and then you should see nomad.p12 in the current directory. This is the file that should be imported to Firefox.


#Issuing Certificates

Use the issue-cert script from tools.

#Querying the raw Consul API

Since Consul is configured to listen for API requests over a Unix socket, you can use a command like this on a Consul node to query its HTTP API:

$ curl --unix-socket /var/run/consul/consul_https.sock http:///api/v1/agent/checks

#Finding largest packages

Use this command to find the largest installed RPM packages, normally used when setting up the Packer build to remove large unneeded packages:

rpm -qa --queryformat '%10{size} - %-25{name} \t %{version}\n' | sort -n

#Vault Cluster Setup

  1. Initialize and unseal the vault
  2. Mount a K/V v2 engine at secret/
  3. Write the policies defined in policies