Skip to content

Instantly share code, notes, and snippets.

@vishalnayak

vishalnayak/1.3.7Vault_1.2.3Consul.sh

Last active August 26, 2020 17:06
Show Gist options
  • Save vishalnayak/15a6a082f92674ec961cb84e8291a245 to your computer and use it in GitHub Desktop.
Save vishalnayak/15a6a082f92674ec961cb84e8291a245 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
1.3.7Vault_1.2.3Consul.sh
#!/bin/bash
set -ax
sudo ifconfig lo0 alias 127.0.0.2
pkill -9 consul || true
pkill -9 vault || true
sleep 2s
rm -rf /tmp/consuldata
cat > /tmp/consulconfig.json -<<EOF
{
"datacenter": "east-aws",
"data_dir": "/tmp/consuldata",
"log_level": "TRACE",
"node_name": "node1",
"server": true,
"master_token": "test",
"bootstrap": true
}
EOF
consul agent -ui -config-file /tmp/consulconfig.json > /tmp/consul.log 2>&1 &
sleep 10s
vault12() {
VAULT_ADDR=http://127.0.0.1:8210 vault $@
}
vault13() {
VAULT_ADDR=http://127.0.0.1:8220 vault $@
}
vault2() {
VAULT_ADDR=http://127.0.0.2:8200 VAULT_TOKEN=$rootToken2 vault $@
}
vault22() {
VAULT_ADDR=http://127.0.0.2:8210 VAULT_TOKEN=$rootToken2 vault $@
}
vault23() {
VAULT_ADDR=http://127.0.0.2:8220 VAULT_TOKEN=$rootToken2 vault $@
}
consul agent -dev > /tmp/consul.log 2>&1 &
cat > /tmp/configprimary1.hcl -<<EOF
storage "consul" {
path = "vaultprimary"
address = "127.0.0.1:8500"
scheme = "http"
token = "test"
}
listener "tcp" {
address = "127.0.0.1:8200"
tls_disable = true
}
api_addr = "http://127.0.0.1:8200"
default_lease_ttl = "300h"
max_lease_ttl = "500h"
EOF
cat > /tmp/configprimary2.hcl -<<EOF
storage "consul" {
path = "vaultprimary"
address = "127.0.0.1:8500"
scheme = "http"
token = "test"
}
listener "tcp" {
address = "127.0.0.1:8210"
tls_disable = true
}
api_addr = "http://127.0.0.1:8210"
default_lease_ttl = "300h"
max_lease_ttl = "500h"
EOF
cat > /tmp/configprimary3.hcl -<<EOF
storage "consul" {
path = "vaultprimary"
address = "127.0.0.1:8500"
scheme = "http"
token = "test"
}
listener "tcp" {
address = "127.0.0.1:8220"
tls_disable = true
}
api_addr = "http://127.0.0.1:8220"
default_lease_ttl = "300h"
max_lease_ttl = "500h"
EOF
vault server -config /tmp/configprimary1.hcl -log-level trace > /tmp/primary1.log 2>&1 &
sleep 5s
vault server -config /tmp/configprimary2.hcl -log-level trace > /tmp/primary2.log 2>&1 &
sleep 5s
vault server -config /tmp/configprimary3.hcl -log-level trace > /tmp/primary3.log 2>&1 &
sleep 5s
initResult=$(vault operator init -format json -key-shares 1 -key-threshold 1)
unsealKey1=$(echo -n $initResult | jq -r '.unseal_keys_b64[0]')
rootToken1=$(echo -n $initResult | jq -r '.root_token')
vault operator unseal $unsealKey1
sleep 5s
vault login $rootToken1
vault12 operator unseal $unsealKey1
vault13 operator unseal $unsealKey1
cat > /tmp/configsecondary1.hcl -<<EOF
storage "consul" {
path = "vaultsecondary"
address = "127.0.0.1:8500"
scheme = "http"
token = "test"
}
listener "tcp" {
address = "127.0.0.2:8200"
tls_disable = true
}
api_addr = "http://127.0.0.2:8200"
default_lease_ttl = "300h"
max_lease_ttl = "500h"
EOF
cat > /tmp/configsecondary2.hcl -<<EOF
storage "consul" {
path = "vaultsecondary"
address = "127.0.0.1:8500"
scheme = "http"
token = "test"
}
listener "tcp" {
address = "127.0.0.2:8210"
tls_disable = true
}
api_addr = "http://127.0.0.2:8210"
default_lease_ttl = "300h"
max_lease_ttl = "500h"
EOF
cat > /tmp/configsecondary3.hcl -<<EOF
storage "consul" {
path = "vaultsecondary"
address = "127.0.0.1:8500"
scheme = "http"
token = "test"
}
listener "tcp" {
address = "127.0.0.2:8220"
tls_disable = true
}
api_addr = "http://127.0.0.2:8220"
default_lease_ttl = "300h"
max_lease_ttl = "500h"
EOF
vault server -config /tmp/configsecondary1.hcl -log-level trace > /tmp/secondary1.log 2>&1 &
sleep 5s
vault server -config /tmp/configsecondary2.hcl -log-level trace > /tmp/secondary2.log 2>&1 &
sleep 5s
vault server -config /tmp/configsecondary3.hcl -log-level trace > /tmp/secondary3.log 2>&1 &
sleep 5s
initResult=$(vault2 operator init -format json -key-shares 1 -key-threshold 1)
unsealKey2=$(echo -n $initResult | jq -r '.unseal_keys_b64[0]')
rootToken2=$(echo -n $initResult | jq -r '.root_token')
vault2 operator unseal $unsealKey2
vault22 operator unseal $unsealKey2
vault23 operator unseal $unsealKey2
vault write -f sys/replication/primary/enable
secondaryToken=$(vault write -field wrapping_token sys/replication/primary/secondary-token id=asdf)
vault2 write sys/replication/secondary/enable token=$secondaryToken
sleep 10s
grResult=$(vault2 operator generate-root -format json -init)
grNonce=$(echo -n $grResult | jq -r '.nonce')
grOTP=$(echo -n $grResult | jq -r '.otp')
grResult=$(vault2 operator generate-root -nonce $grNonce -format json $unsealKey1)
eToken=$(echo -n $grResult | jq -r '.encoded_token')
rootToken2=$(vault2 operator generate-root -format json -decode $eToken -otp $grOTP)
#rootToken2=$(vault2 operator generate-root -format json -decode $eToken -otp $grOTP | jq -r .token)
vault22 operator unseal $unsealKey1
vault23 operator unseal $unsealKey1
sleep 5s
vault secrets enable -path=test kv
#vault write sys/replication/performance/primary/paths-filter/asdf mode="deny" paths="test"
vault write sys/replication/performance/primary/mount-filter/asdf mode="blacklist" paths="test"
vault secrets disable test
vault read sys/replication/performance/status
vault12 read sys/replication/performance/status
vault13 read sys/replication/performance/status
vault2 read sys/replication/performance/status
vault22 read sys/replication/performance/status
vault23 read sys/replication/performance/status
vault version
consul version
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment