DEV Community

Thiago Laurito
Thiago Laurito

Posted on

Lab HashStack - Part 2

Let's prepare our environment with Vault and RabbitMQ.

The Vault will do the Vault function and also provide Dynamic Secrets for both our RabbitMQ stack and our Cassandra DB stack.

Alt Text

We will add the generated token in Consul to the Vault in 3 files:

modules/vault/vault.tf -> Add token in "CONSUL_HTTP_TOKEN"

Later add some token in:

data/vault-server-01/config/vault-config.json

data/vault-server-02/config/vault-config.json

Both "Parameter Token".

After that we will execute the module called vault cluster.

terraform apply -target=module.vault_cluster
Enter fullscreen mode Exit fullscreen mode

See that it already appears registered at the Consul but with "Sealed" status.

Alt Text

Let's go to the Unseal process on Vault Server 1:

docker exec -it vault-server-1 /bin/sh

vault operator init

vault operator unseal

vault status
Key             Value
---             -----
Seal Type       shamir
Initialized     true
Sealed          false
Total Shares    5
Threshold       3
Version         1.3.2
Cluster Name    vault-cluster-9be77481
Cluster ID      684b9232-19b4-9fb9-1b2e-8fd1ad08fdb7
HA Enabled      true
HA Cluster      https://10.5.0.2:8201
HA Mode         active
Enter fullscreen mode Exit fullscreen mode

Now let's run the Unseal process on Vault Server 2

docker exec -it vault-server-2 /bin/sh

vault operator unseal

vault status
Key                    Value
---                    -----
Seal Type              shamir
Initialized            true
Sealed                 false
Total Shares           5
Threshold              3
Version                1.3.2
Cluster Name           vault-cluster-9be77481
Cluster ID             684b9232-19b4-9fb9-1b2e-8fd1ad08fdb7
HA Enabled             true
HA Cluster             https://10.5.0.2:8201
HA Mode                standby
Active Node Address    http://10.5.0.2:8200
Enter fullscreen mode Exit fullscreen mode

Now we will prepare the image of rabbitmq in the docker with the acl generated in the Consul and then execute the build.

cd /redstack_terraform_public/docker-images/rabbitmq

vim config/rabbitmq.conf 

docker build -t rabbimq .

cd ../../redstack

vim modules/rabbitmq/rabbitmq.tf
Enter fullscreen mode Exit fullscreen mode

Add ACL Token "CONSUL_HTTP_TOKEN"

After completing the build of the Docker image we will run the rabbitmq_cluster module.

terraform apply -target=module.rabbitmq_cluster

We can already see the Rabbitmq stack, our Queue manager at Consul.

Alt Text

The rabbitmq_runtime module has the function of creating an example queue called "hello" an administrator user to access RabbitMQ's Web management.

It should be executed after deploying the rabbitmq_cluster module

terraform apply -target=module.rabbitmq_runtime
Enter fullscreen mode Exit fullscreen mode

Now let's run the vault_rabbitmq_runtime module.

The function of this module is to create on the Vault Server the feature Dynamic Secrets for random user on Rabbitmq.

terraform apply -target=module.vault_rabbitmq_runtime
Enter fullscreen mode Exit fullscreen mode

After applying the vault_rabbitmq_runtime module we will test the feature.

docker exec -it vault-server-1 /bin/sh

vault read rabbitmq/creds/rabbitmq_access_role
Key                Value
---                -----
lease_id           rabbitmq/creds/rabbitmq_access_role/Ff0fZcIj1SRAWeoQNHX21RzF
lease_duration     768h
lease_renewable    true
password           ea070a9f-9306-9f82-9cad-c42ab7553d02
username           root-bd54ff95-eec1-d07c-c966-6ad02ee725b4
Enter fullscreen mode Exit fullscreen mode

See that the vault creates a username and password so that you can authenticate with Rabbitmq.

And it has an expiration time that can be set according to your business.

In the next Post we will deploy the Cassandra DB Stack with dynamic Secret active in the Vault and using the Consul as a Discovery service :)

Top comments (0)