diff --git a/CHANGELOG.md b/CHANGELOG.md index 0b1defc..56d3ebc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,9 @@ +## 3.8.0 + +- Vault 1.8.0 +- Consul 1.10.1 +- Update documentation + ## 3.7.5 - Vault v1.7.3 diff --git a/README.md b/README.md index 17f88fa..a24c864 100644 --- a/README.md +++ b/README.md @@ -119,13 +119,13 @@ Install the following on your Docker host where you will form Vaultron. - [Docker CE for Linux](https://docs.docker.com/v17.12/install/#server) **or** - [Docker Desktop for macOS](https://www.docker.com/products/docker-desktop) - - Last tested with version 2.3.0.4 - - Last tested with Engine version: 19.03.12 + - Last tested with version 3.5.2 + - Last tested with Engine version: 20.10.7 - [Consul](https://www.consul.io/) - [OSS consul binaries](https://releases.hashicorp.com/consul) - Vaultron's Docker image uses the latest Consul OSS version by default; you should have the latest `consul` binary installed on your Docker host -- [Terraform](https://www.terraform.io/) (version 0.12.0+ required) - - Last tested with version 0.13.1 +- [Terraform](https://www.terraform.io/) (version 0.13.0+ required) + - Last tested with version 1.0.3 - [OSS terraform binaries](https://releases.hashicorp.com/terraform/) - **NOTE:** macOS Catalina users might need to refer to this [Terraform issue](https://github.com/hashicorp/terraform/issues/23033#issuecomment-542302933) - [Vault](https://www.vaultproject.io/) @@ -133,23 +133,6 @@ Install the following on your Docker host where you will form Vaultron. - [OSS vault binaries](https://releases.hashicorp.com/vault/) - Vaultron's Docker image uses the latest Vault OSS version by default; you should have the latest `vault` binary installed on your Docker host ----- - -> **NOTE TO CURRENT USERS**: If you have already been using the **Vaultron source repository**, please be aware that the project has switched its default branch name to `main`; if you have a local clone and want to update it without cloning anew, use the following commands issued from within the repository directory to update your clone. If you only download zip file releases, then this will not affect you. - ----- - -```shell -$ git checkout master -$ git branch -m master main -$ git fetch -$ git branch --unset-upstream -$ git branch -u origin/main -$ git symbolic-ref refs/remotes/origin/HEAD refs/remotes/origin/main -``` - -If you are not concerned with any content in your existing cloned repository directory, simply remove it and clone the vaultron repository again. - ### Quickest Start (for macOS only) Once you have the prerequisites installed, you can use the following example to form Vaultron and open the the Vault web UI in your browser on macOS. @@ -190,12 +173,12 @@ When Vaultron is successfully formed, the output looks like this example. [vaultron] [+] Created attachable vaultron-network with subnet 10.10.42.0/24 [vaultron] [=] Form Vaultron! [vaultron] [i] Terraform has been successfully initialized! -[vaultron] [i] Vault OSS version: 1.7.3 +[vaultron] [i] Vault OSS version: 1.8.0 [vaultron] [i] Vault flavor: Consul storage backed -[vaultron] [i] Consul OSS version: 1.9.5 +[vaultron] [i] Consul OSS version: 1.10.1 [vaultron] [i] Terraform plan: 14 to add, 0 to change, 0 to destroy. [vaultron] [i] Terraform apply complete! resources: 14 added, 0 changed, 0 destroyed. -[vaultron] [+] Vaultron formed in 14s. +[vaultron] [+] Vaultron formed in 19s. ``` Now you can visit the Vault web UI at [https://localhost:8200](https://localhost:8200) or visit the Consul web UI at [https://localhost:8500](https://localhost:8500). @@ -233,7 +216,7 @@ Take a moment to verify that all of the Vaultron Docker containers are up: $ docker ps -f name=vaultron --format "table {{.Names}}\t{{.Status}}" ``` -The output should look something like this example. +The output should resemble this example. ```plaintext NAMES STATUS @@ -330,13 +313,13 @@ It is worth noting that when you `form` Vaultron, output will resemble this exam $ ./form [vaultron] [?] vaultron-network not present; creating ... [vaultron] [+] Created attachable vaultron-network with subnet 10.10.42.0/24 -[vaultron] [=] Form Vaultron! -[vaultron] [i] Terraform has been successfully initialized! -[vaultron] [i] Vault OSS version: 1.7.3 -[vaultron] [i] Vault flavor: Integrated storage backed -[vaultron] [i] Terraform plan: 6 to add, 0 to change, 0 to destroy. -[vaultron] [i] Terraform apply complete! resources: 6 added, 0 changed, 0 destroyed. -[vaultron] [+] Vaultron formed in 31s. +[vaultron] [=] Form Vaultron! +[vaultron] [i] Terraform has been successfully initialized! +[vaultron] [i] Vault OSS version: 1.8.0 +[vaultron] [i] Vault flavor: Integrated storage backed +[vaultron] [i] Terraform plan: 6 to add, 0 to change, 0 to destroy. +[vaultron] [i] Terraform apply complete! resources: 6 added, 0 changed, 0 destroyed. +[vaultron] [+] Vaultron formed in 8s. ``` Note the **Vault flavor: Integrated storage backed** part. diff --git a/black_lion/templates/oss/vault_config_1.8.0.hcl b/black_lion/templates/oss/vault_config_1.8.0.hcl new file mode 100644 index 0000000..1cad3b5 --- /dev/null +++ b/black_lion/templates/oss/vault_config_1.8.0.hcl @@ -0,0 +1,32 @@ +# Vault OSS v1.7.0 + +# ----------------------------------------------------------------------- +# Global configuration +# ----------------------------------------------------------------------- + +api_addr = "${api_addr}" +cluster_name = "${cluster_name}" +cluster_address = "${cluster_address}" +disable_mlock = "${disable_mlock}" +log_level = "${log_level}" +ui = true +plugin_directory = "/vault/plugins" + +# ----------------------------------------------------------------------- +# Listener configuration +# ----------------------------------------------------------------------- + +listener "tcp" { + address = "${address}" + tls_cert_file = "/etc/ssl/certs/vault-server.crt" + tls_key_file = "/etc/ssl/vault-server.key" +} + +# ----------------------------------------------------------------------- +# Enable Prometheus metrics by default +# ----------------------------------------------------------------------- + +telemetry { + prometheus_retention_time = "30s" + disable_hostname = false +} diff --git a/flavors/consul/vaultron.tf b/flavors/consul/vaultron.tf index 07ec107..54c17d6 100644 --- a/flavors/consul/vaultron.tf +++ b/flavors/consul/vaultron.tf @@ -12,12 +12,12 @@ terraform { # Set TF_VAR_vault_version to override this variable "vault_version" { - default = "1.7.3" + default = "1.8.0" } # Set TF_VAR_consul_version to override this variable "consul_version" { - default = "1.9.7" + default = "1.10.1" } # ----------------------------------------------------------------------- @@ -59,6 +59,11 @@ provider "docker" { # Vault variables # ----------------------------------------------------------------------- +# Set TF_VAR_vault_license to override this +variable "vault_license" { + default = "" +} + # Set TF_VAR_vault_flavor to override this variable "vault_flavor" { default = "consul" @@ -260,6 +265,7 @@ module "vaultron" { vault_custom_instance_count = var.vault_custom_instance_count vault_disable_mlock = var.vault_disable_mlock vault_ent_id = var.vault_ent_id + vault_license = var.vault_license vault_oss_instance_count = var.vault_oss_instance_count vault_path = var.vault_path vault_raft_path = var.vault_raft_path diff --git a/flavors/raft/vaultron.tf b/flavors/raft/vaultron.tf index ac80cb9..ba24ef2 100644 --- a/flavors/raft/vaultron.tf +++ b/flavors/raft/vaultron.tf @@ -12,7 +12,7 @@ terraform { # Set TF_VAR_vault_version to override this variable "vault_version" { - default = "1.7.3" + default = "1.8.0" } # ----------------------------------------------------------------------- diff --git a/form b/form index a197441..810061a 100755 --- a/form +++ b/form @@ -192,6 +192,11 @@ check_custom_binary() { msg alert "Vaultron cannot form- custom binary specified, but ./custom/$1 was not found!" exit 1 fi + if [ -z "$TF_VAR_vault_license" ] + then + msg notice "Custom binary specified but no Vault license set" + msg info "Set license string as value of TF_VAR_vault_license environment variable if you are using an Enterprise binary." + fi fi fi } @@ -255,20 +260,6 @@ check_raft_version() { fi } -check_vault_license() { - if [ -n "$TF_VAR_vault_custom_instance_count" ] - then - if [ "$TF_VAR_vault_custom_instance_count" -gt 0 ] - then - if [ -z "$TF_VAR_vault_license" ] - then - msg notice "Custom binary specified but no Vault license set" - msg info "Set license string as value of TF_VAR_vault_license environment variable if you are using an Enterprise binary." - fi - fi - fi -} - # ----------------------------------------------------------------------- # Preflight checks # ----------------------------------------------------------------------- @@ -284,7 +275,6 @@ if [ "$(check_katacoda)" = "0" ] fi check_and_create_vaultron_private_network check_custom_binary vault -check_vault_license check_required_binaries check_existing_vaultron_containers check_existing_vault diff --git a/red_lion/templates/oss/consul_oss_client_config_1.10.0.hcl b/red_lion/templates/oss/consul_oss_client_config_1.10.0.hcl new file mode 100644 index 0000000..082767f --- /dev/null +++ b/red_lion/templates/oss/consul_oss_client_config_1.10.0.hcl @@ -0,0 +1,15 @@ +{ + "node_id": "${agent_node_id}", + "raft_protocol": 3, + "acl_datacenter": "arus", + "acl_master_token": "b4c0ffee-3b77-04af-36d6-738b697872e6", + "acl_default_policy": "allow", + "acl_down_policy": "allow", + "cert_file": "/etc/ssl/certs/consul-client.crt", + "key_file": "/etc/ssl/consul-client.key", + "ca_file": "/etc/ssl/certs/ca.pem", + "ports": { + "http": -1, + "https": 8500 + } +} \ No newline at end of file diff --git a/red_lion/templates/oss/consul_oss_client_config_1.10.1.hcl b/red_lion/templates/oss/consul_oss_client_config_1.10.1.hcl new file mode 100644 index 0000000..082767f --- /dev/null +++ b/red_lion/templates/oss/consul_oss_client_config_1.10.1.hcl @@ -0,0 +1,15 @@ +{ + "node_id": "${agent_node_id}", + "raft_protocol": 3, + "acl_datacenter": "arus", + "acl_master_token": "b4c0ffee-3b77-04af-36d6-738b697872e6", + "acl_default_policy": "allow", + "acl_down_policy": "allow", + "cert_file": "/etc/ssl/certs/consul-client.crt", + "key_file": "/etc/ssl/consul-client.key", + "ca_file": "/etc/ssl/certs/ca.pem", + "ports": { + "http": -1, + "https": 8500 + } +} \ No newline at end of file diff --git a/red_lion/templates/oss/consul_oss_client_config_1.9.8.hcl b/red_lion/templates/oss/consul_oss_client_config_1.9.8.hcl new file mode 100644 index 0000000..082767f --- /dev/null +++ b/red_lion/templates/oss/consul_oss_client_config_1.9.8.hcl @@ -0,0 +1,15 @@ +{ + "node_id": "${agent_node_id}", + "raft_protocol": 3, + "acl_datacenter": "arus", + "acl_master_token": "b4c0ffee-3b77-04af-36d6-738b697872e6", + "acl_default_policy": "allow", + "acl_down_policy": "allow", + "cert_file": "/etc/ssl/certs/consul-client.crt", + "key_file": "/etc/ssl/consul-client.key", + "ca_file": "/etc/ssl/certs/ca.pem", + "ports": { + "http": -1, + "https": 8500 + } +} \ No newline at end of file diff --git a/red_lion/templates/oss/consul_oss_server_config_1.10.0.hcl b/red_lion/templates/oss/consul_oss_server_config_1.10.0.hcl new file mode 100644 index 0000000..0631906 --- /dev/null +++ b/red_lion/templates/oss/consul_oss_server_config_1.10.0.hcl @@ -0,0 +1,22 @@ +{ + "bootstrap_expect": 3, + "datacenter": "${datacenter}", + "data_dir": "${data_dir}", + "raft_protocol": 3, + "acl_datacenter": "arus", + "acl_master_token": "b4c0ffee-3b77-04af-36d6-738b697872e6", + "acl_default_policy": "allow", + "acl_down_policy": "allow", + "recursors": [ + "${recursor1}", + "${recursor2}" + ], + "cert_file": "/etc/ssl/certs/consul-server.crt", + "key_file": "/etc/ssl/consul-server.key", + "ca_file": "/etc/ssl/certs/ca.pem", + "ports": { + "http": -1, + "https": 8500 + }, + "ui": true +} diff --git a/red_lion/templates/oss/consul_oss_server_config_1.10.1.hcl b/red_lion/templates/oss/consul_oss_server_config_1.10.1.hcl new file mode 100644 index 0000000..0631906 --- /dev/null +++ b/red_lion/templates/oss/consul_oss_server_config_1.10.1.hcl @@ -0,0 +1,22 @@ +{ + "bootstrap_expect": 3, + "datacenter": "${datacenter}", + "data_dir": "${data_dir}", + "raft_protocol": 3, + "acl_datacenter": "arus", + "acl_master_token": "b4c0ffee-3b77-04af-36d6-738b697872e6", + "acl_default_policy": "allow", + "acl_down_policy": "allow", + "recursors": [ + "${recursor1}", + "${recursor2}" + ], + "cert_file": "/etc/ssl/certs/consul-server.crt", + "key_file": "/etc/ssl/consul-server.key", + "ca_file": "/etc/ssl/certs/ca.pem", + "ports": { + "http": -1, + "https": 8500 + }, + "ui": true +} diff --git a/red_lion/templates/oss/consul_oss_server_config_1.9.8.hcl b/red_lion/templates/oss/consul_oss_server_config_1.9.8.hcl new file mode 100644 index 0000000..0631906 --- /dev/null +++ b/red_lion/templates/oss/consul_oss_server_config_1.9.8.hcl @@ -0,0 +1,22 @@ +{ + "bootstrap_expect": 3, + "datacenter": "${datacenter}", + "data_dir": "${data_dir}", + "raft_protocol": 3, + "acl_datacenter": "arus", + "acl_master_token": "b4c0ffee-3b77-04af-36d6-738b697872e6", + "acl_default_policy": "allow", + "acl_down_policy": "allow", + "recursors": [ + "${recursor1}", + "${recursor2}" + ], + "cert_file": "/etc/ssl/certs/consul-server.crt", + "key_file": "/etc/ssl/consul-server.key", + "ca_file": "/etc/ssl/certs/ca.pem", + "ports": { + "http": -1, + "https": 8500 + }, + "ui": true +} diff --git a/version.txt b/version.txt index aaf18d2..1981190 100644 --- a/version.txt +++ b/version.txt @@ -1 +1 @@ -3.7.5 +3.8.0