flywithu/community-catalog
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Latest pull request changes made:

Browse Source 
- refactored the config mechanism to use a template
  - added all supported backend storage engines
  - added a scale option to spin up an entire cluster at once
  - various other typo fixes
This commit is contained in:
Cobb, Randy 2018-04-10 11:41:50 -07:00
parent d1d4152b1b
commit 8a7d4ee092
3 changed files with 33 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
templates/vault/0/README.md
View File

@ -13,23 +13,20 @@ This catalog item uses these two main containers:
## Deployment: ## Deployment:
1. Select the catalog item and choose a version from the drop-down box 1. Select the catalog item and choose a version from the drop-down box
2. Adjust any values on the page to meet your needs. 2. Adjust any values on the page to meet your needs.
3. Make any adjustments to the default config provided, such as: 3. Select a backend type and specify values specific to that type (i.e.: for Consul: "address":"SERVICE:8500","path":"myNewVault"
* A different backend than the Consul server specified. 4. Different ports to listen on (NOTE: Vault ALWAYS listens on port 8200, but you can adjust the LoadBalancer ports to any that are acceptable to your environment; the LoadBalancer handles routing between the port you specify and port 8200 (and 8201) in Vault itself.
* Different ports to listen on (NOTE: Vault ALWAYS listens on port 8200, but you can adjust the LoadBalancer ports to any that are acceptable to your environment; the LoadBalancer handles routing between the port you specify and port 8200 (and 8201) in Vault itself. 5. Specify the Volume Driver for pesistent mounting of Vault's FILE backing store, and CONFIGURATION
4. Specify the Volume Driver for pesistent mounting of Vault's FILE backing store, and CONFIGURATION 6. Specify how many vault servers you want in your cluster (You'll always only get only 1 load balancer)
5. Finally, once the stack is up, you can use your normal Vault process to init, unseal, and more. 6. Finally, once the stack is up, you can use your normal Vault process to init, unseal, and more.
6. Enjoy! 7. Enjoy!
## Backend Configuration ## Backend Configuration
This field is for specifying your backend configuration values. You enter them in a name=value pair format with each separate element being on its own line. For example: This field is for specifying your backend configuration values. You enter them in a name=value pair format just as you would in a Vault configuration file; with each separate element being on its own line. For example:
``` ```
address = "http://locahost:2379" "address": "http://locahost:2379","etcd_api": "v3"
etcd_api = "v3"
``` ```
would be a valid configuration for Etcd and would be a valid configuration for Etcd and
``` ```
access_key = "abcd1234" "access_key": "abcd1234","secret_key": "defg5678","bucket": "my-bucket"
secret_key = "defg5678"
bucket = "my-bucket"
``` ```
would be valid for Amazon S3 buckets. would be valid for Amazon S3 buckets.

18
templates/vault/0/docker-compose.yml.tpl
View File

@ -11,25 +11,25 @@ services:
- ${VAULT_LISTEN_PORT}:8200/tcp - ${VAULT_LISTEN_PORT}:8200/tcp
- ${VAULT_CLUSTER_PORT}:8201/tcp - ${VAULT_CLUSTER_PORT}:8201/tcp
labels: labels:
{{- if .Values.HOST_LABEL }}
io.rancher.scheduler.affinity:host_label: ${HOST_LABEL}
{{- end }}
io.rancher.container.agent.role: environmentAdmin,agent io.rancher.container.agent.role: environmentAdmin,agent
io.rancher.container.agent_service.drain_provider: 'true' io.rancher.container.agent_service.drain_provider: 'true'
io.rancher.container.create_agent: 'true' io.rancher.container.create_agent: 'true'
{{- if .Values.HOST_LABEL }}
io.rancher.scheduler.affinity:host_label: ${HOST_LABEL}
{{- end }}
vault: vault:
image: vault:0.9.6
cap_add: cap_add:
- IPC_LOCK - IPC_LOCK
image: vault:0.9.6 {{- if .Values.VAULT_BACKEND }}
external_links:
- ${BACKEND_SERVICE}:SERVICE
{{- end }}
environment: environment:
VAULT_REDIRECT_INTERFACE: "eth0" VAULT_REDIRECT_INTERFACE: "eth0"
VAULT_CLUSTER_INTERFACE: "eth0" VAULT_CLUSTER_INTERFACE: "eth0"
VAULT_LOCAL_CONFIG: | VAULT_LOCAL_CONFIG: |
{ "backend": "{{.Values.VAULT_BACKEND}}": { {{.Values.BACKEND_CONFIGURATION}} },"listener":{"tcp":{"address":"0.0.0.0:8200","tls_disable":1}}, "cluster_name":"{{.Values.VAULT_CLUSTER_NAME}}" } { "storage":{"{{.Values.VAULT_BACKEND}}":{ {{.Values.BACKEND_CONFIGURATION}} }},"listener":{"tcp":{"address":"0.0.0.0:8200","tls_disable":1}},"cluster_name":"{{.Values.VAULT_CLUSTER_NAME}}"}
{{- if .Values.VAULT_BACKEND }}
external_links:
- ${VAULT_BACKEND}:SERVICE
{{- end }}
volumes: volumes:
- vault-file:/vault/file - vault-file:/vault/file
- vault-config:/vault/config - vault-config:/vault/config

26
templates/vault/0/rancher-compose.yml
View File

@ -13,10 +13,6 @@ catalog:
type: string type: string
default: myCluster default: myCluster
required: true required: true
- variable: VAULT_BACKEND
label: Backend for Vault
description: |
Provide the backend engine for Vault (i.e., Consul, File, etc.)
- variable: VAULT_LISTEN_PORT - variable: VAULT_LISTEN_PORT
label: Vault Listen Port label: Vault Listen Port
description: | description: |
@ -45,7 +41,7 @@ catalog:
- couchdb - couchdb
- dynamodb - dynamodb
- etcd - etcd
- filesystem - file
- gcs - gcs
- inmem - inmem
- manta - manta
@ -59,22 +55,30 @@ catalog:
- variable: BACKEND_SERVICE - variable: BACKEND_SERVICE
label: Specify the Backend service to connect to label: Specify the Backend service to connect to
description: | description: |
The pre-installed Backend server to back to. To reference, you can use the memory variable "$SERVICE" in your URLs. For example: "consul://$SERVICE:8500" The pre-installed Backend server to back to. To reference, you can use the memory variable "SERVICE" in your URLs. For example: "consul://SERVICE:8500"
default: "select" default: "select"
type: service type: service
- variable: BACKEND_CONFIGURATION - variable: BACKEND_CONFIGURATION
label: Specify the backend configuration in name=value format label: Specify the backend configuration in valid JSON format
default: "path=\"/mnt/vault/data\"" default: |
"path":"/mnt/vault/data"
required: true required: true
description: | description: |
Enter the configuration block for the backend (Refer to Vault documentation for valid backend configuration elements) put each item on a separate line Enter the configuration block for the backend (Refer to Vault documentation for valid backend configuration elements) in JSON format
type: multiline type: string
- variable: HOST_LABEL - variable: HOST_LABEL
label: Optional Host label to bind LoadBalancer to label: Optional Host label to bind LoadBalancer to
description: | description: |
If you wish to bind your LoadBalancer to a specific host node, you can specify the label and value here in name=value pair format If you wish to bind your LoadBalancer to a specific host node, you can specify the label and value here in name=value pair format
default: "lbhost=true" default: "lbhost=true"
type: string type: string
- variable: CLUSTER_SCALE
label: How many Vault servers do you want in your cluster?
description: |
Select the number of VAULT servers you want to set up in your cluster
default: 1
type: int
required: true
- variable: VOLUME_DRIVER - variable: VOLUME_DRIVER
label: Driver for volumes label: Driver for volumes
description: | description: |
@ -112,5 +116,5 @@ services:
interval: 2000 interval: 2000
reinitializing_timeout: 60000 reinitializing_timeout: 60000
vault: vault:
scale: 1 scale: ${CLUSTER_SCALE}
start_on_create: true start_on_create: true