| title |
|---|
Vault initialization |
Once the Vagrant setup is done, you must initialize (and unseal Vault servers) in order for Nomad to work as expected.
If you go to http://192.168.60.10:8200 you will see the Vault UI for the server
node on the eu-west-1 datacenter. For our demo, let's configure Vault simply
with:
Copy and paste in your notes the initial root token given as well as the key:
You can now restart the Consul, Nomad, and Vault with the Vault token:
$ VAULT_TOKEN=<token> make syncThis will restart the services and pass the VAULT_TOKEN environment variable
down to the Vagrant boxes. This way, it can be used by Consul and Nomad for
interacting with Vault.
If you access the Consul UI at http://192.168.60.10:8500, you will note that
Vault is still not healthy:
It is because you need to unseal Vault on every nodes. To achieve this, access the Vault UI and unseal Vault on server nodes via:
- http://192.168.60.10:8200 for
eu-west-1 - http://192.168.60.20:8200 for
eu-west-2 - http://192.168.60.30:8200 for
eu-east-1
In Consul, we can see that every health checks are now passing and the service list
looks like this:
Since Vault is heathly, Nomad can interact with it via the root token passed with
VAULT_TOKEN. Let's take a look at Nomad:
Happy hacking!