This repository contains the tools and utilities used to run my personal Hashistack cluster, which includes Consul, Nomad, and Vault provisioned with Terraform and running on Linode with openSUSE.
artifacts
: Miscellaneous runtime artifacts, intended to be accessible via Minio, S3, or similarcerts
: Consul, Nomad, and Vault all communicate over SSL with their own
certificate authorities, whose certificates are defined here.config
: Various configuration files, mostly for Consul, Nomad, and Vault.firewall
: firewalld service and zone definitions.jobs
: Nomad job definitions.packer
: Packer image file. Not used, but maybe at some point.policies
: Vault policy definitions.scripts
: Scripts to be provisioned on cluster members.services
: systemd service definitions for Consul, Nomad, and Vault.stackscripts
: Linode stackscripts; only one currently, used for the firstsupport
: Helpful files to be provisioned on the support box
step of provisioning new members.terraform
: Terraform definition files, used for provisioning.tools
: Scripts to be used on a support box.In order to view the UIs for Consul, Nomad, and Vault, you need to generate a certificate bundle with the CA's private key for each one, then scp
it to your desktop and import it into your browser. In Firefox, you can go to Preferences -> Privacy & Security -> Certificates -> View Certificates and then import client certificates from the "Your Certificates" pane.
For example, to generate a bundle suitable for use with Nomad, run:
$ generate-client-cert-bundle nomad
OpenSSL will prompt you for a passphrase, and then you should see nomad.p12
in the current directory. This is the file that should be imported to Firefox.
Use the issue-cert
script from tools.
Since Consul is configured to listen for API requests over a Unix socket, you can use a command like this on a Consul node to query its HTTP API:
$ curl --unix-socket /var/run/consul/consul_https.sock http:///api/v1/agent/checks
Use this command to find the largest installed RPM packages, normally used when setting up the Packer build to remove large unneeded packages:
rpm -qa --queryformat '%10{size} - %-25{name} \t %{version}\n' | sort -n
secret/
policies