出于某些测试目的,我在单个AWS EC2实例上将Consul作为后端安装了Vault。我初始化并成功将其密封。一切正常,我可以进行测试。
但是每当我停止EC2实例并再次启动它时,保管库都不会初始化(命令vault status显示“ Initialised”-“ false”)。结果,我需要再次启动Vault并丢失所有秘密。
在停止EC2实例并再次启动它之后,是否可以使Vault保持初始化?
Vault配置文件:
storage "consul" {
address = "127.0.0.1:8500"
path = "vault/"
}
listener "tcp" {
address = "0.0.0.0:8200"
tls_disable = 1
}
ui = true
[Unit]
Description="Hashicorp Vault - A tool for managing secrets"
Documentation=https://www.vaultproject.io/docs/
ConditionFileNotEmpty=/etc/vault.d/config.hcl
[Service]
ExecStart=/usr/bin/vault server -config=/etc/vault.d/config.hcl
ExecReload=/bin/kill --signal HUP $MAINIP
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
领事配置文件:
datacenter = "dc1"
data_dir = "/tmp/consul"
encrypt = ""
datacenter = "dc1"
data_dir = "/tmp/consul"
encrypt = ""
[Unit]
Description=Consul
Documentation=https://www.consul.io/
[Service]
ExecStart=/usr/bin/consul agent -ui -config-dir=/etc/consul.d/
ExecReload=/bin/kill -HUP $MAINIP
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
将不胜感激。
Vault使用Consul来存储其数据,但是Consul将该数据存储在/tmp中,该目录是易失性目录,并在重新启动后清空。
datacenter = "dc1"
data_dir = "/tmp/consul"
encrypt = ""
尝试将data_dir更改为类似/var/consul的内容>