DEV Community

Thiago Laurito
Thiago Laurito

Posted on

Lab HashStack - Part 1

In this post the idea would be to set up a Lab for studies using Hashicorp solutions, such as Terraform, Vault and Consul in the construction of Stack.
We will use Consul with the Service Discovery feature and will also strengthen the security of our stack by using Acl's by restricting any attempts to access services below it without a valid token.
The vault's role is to provide the login security of our Cassandra DB and Rabbitmq with the dynamic secrets feature.
Traefik we will use to do load balancing between servers.
The terraform remote state will be using Terraform Cloud.

Requirements:

  • Terraform 11.4
  • Vault
  • Consul
  • Docker

Step 1:

Create Account Terraform Cloud.
https://www.terraform.io/docs/cloud/free/index.html

Generate your Token:
https://app.terraform.io/app/settings/tokens

Add on the home directory a file terraformrc with credentials:

cat <<EOF >~/.terraformrc
credentials "app.terraform.io" {
  token = "REPLACE_ME WITH TOKEN GENERATE"
}
EOF
Enter fullscreen mode Exit fullscreen mode

Step 2

Download the repository on github
https://github.com/laund/redstack_terraform_public

Step 3 - Deploy Stack

terraform apply -target=module.network

terraform apply -target=module.traefik
Enter fullscreen mode Exit fullscreen mode

Access url http://traefik.redstack.local:8081 in your browser for validate.

Alt Text

After validation we follow with the deployment of Consul.

terraform apply -target=module.consul_cluster

docker exec -it consul-server-1 /bin/sh

consul acl bootstrap

export CONSUL_HTTP_TOKEN=<SecretID>

exit
Enter fullscreen mode Exit fullscreen mode

In the file variables.tf add your "SecretID".

variable "consul_token" {
  default     = "<SecretID>"
  description = "Secret ID"
}
Enter fullscreen mode Exit fullscreen mode

In the next step, configure Acl's for the services that will be part of Consul Server.

terraform apply -target=module.consul_runtime
Enter fullscreen mode Exit fullscreen mode

Access url http://consul.redstack.local:8500 in your browser and insert SecretID.

Alt Text

In the ACL menu you can view the Acl's created with terraform.

Alt Text

Access the container again and run the following command:

docker exec -it consul-server-1 /bin/sh

export CONSUL_HTTP_TOKEN=<SecretID>

consul acl set-agent-token default "<Agent Consul Token>"
Enter fullscreen mode Exit fullscreen mode

First part completed, in the next article we will continue to deploy the rest of the services :)

Top comments (0)