In this post the idea would be to set up a Lab for studies using Hashicorp solutions, such as Terraform, Vault and Consul in the construction of Stack.
We will use Consul with the Service Discovery feature and will also strengthen the security of our stack by using Acl's by restricting any attempts to access services below it without a valid token.
The vault's role is to provide the login security of our Cassandra DB and Rabbitmq with the dynamic secrets feature.
Traefik we will use to do load balancing between servers.
The terraform remote state will be using Terraform Cloud.
Requirements:
- Terraform 11.4
- Vault
- Consul
- Docker
Step 1:
Create Account Terraform Cloud.
https://www.terraform.io/docs/cloud/free/index.html
Generate your Token:
https://app.terraform.io/app/settings/tokens
Add on the home directory a file terraformrc with credentials:
cat <<EOF >~/.terraformrc
credentials "app.terraform.io" {
token = "REPLACE_ME WITH TOKEN GENERATE"
}
EOF
Step 2
Download the repository on github
https://github.com/laund/redstack_terraform_public
Step 3 - Deploy Stack
terraform apply -target=module.network
terraform apply -target=module.traefik
Access url http://traefik.redstack.local:8081 in your browser for validate.
After validation we follow with the deployment of Consul.
terraform apply -target=module.consul_cluster
docker exec -it consul-server-1 /bin/sh
consul acl bootstrap
export CONSUL_HTTP_TOKEN=<SecretID>
exit
In the file variables.tf add your "SecretID".
variable "consul_token" {
default = "<SecretID>"
description = "Secret ID"
}
In the next step, configure Acl's for the services that will be part of Consul Server.
terraform apply -target=module.consul_runtime
Access url http://consul.redstack.local:8500 in your browser and insert SecretID.
In the ACL menu you can view the Acl's created with terraform.
Access the container again and run the following command:
docker exec -it consul-server-1 /bin/sh
export CONSUL_HTTP_TOKEN=<SecretID>
consul acl set-agent-token default "<Agent Consul Token>"
First part completed, in the next article we will continue to deploy the rest of the services :)
Top comments (0)