如何连接到远程 hashicorp vault 服务器 [英] How to connect to remote hashicorp vault server

问题描述

让我在这里解释一下我的用例，

Let me explain my use-case here,

我想尝试在本地进行保管，因此我将 VAULT_ADDR 配置为:

I wanted to give a try to vault in my local, so I configured VAULT_ADDR as:

$ echo $VAULT_ADDR 
http://127.0.0.1:8200

然后我在开发模式下启动了 vault (vault server -dev)，一切正常，我能够连接到服务器.

then I started vault in dev mode (vault server -dev) and everything was ok, I was able to connect to the server.

然后我写了一个非常简单的配置文件:

Then I wrote a really simple config file:

$ cat vault.config 
backend "inmem" {}

listener "tcp" {
  address = "127.0.0.1:8200"
  tls_disable = 1
}

disable_mlock = true

然后我用 vault server -config=vault.config 重新启动了服务器，这也很好用.

and I restarted the server with vault server -config=vault.config, This too worked fine.

现在我想使用部署在远程服务器(aws ec2 实例)中的 vault 服务器.我已将配置文件的内容更改为以下

Now I want to use vault server which is deployed in remote server (aws ec2 instance). I have changed content my config file to below

backend "inmem" {}

listener "tcp" {
  address = "123.456.789.1:8200" (aws ec2 public ip)
  tls_disable = 1
}

disable_mlock = true

现在这是抛出错误

'检查密封状态时出错:获取http://123.456.789.1:8200/v1/sys/seal-status":拨号 tcp 123.456.789.1:8200:连接:连接被拒绝'

'Error checking seal status: Get "http://123.456.789.1:8200/v1/sys/seal-status": dial tcp 123.456.789.1:8200: connect: connection refused'

当我尝试使用 telnet 命令检查连接时，也失败了.

when i am trying to check connectivity using telnet command, that too failed.

  telnet 123.456.789.1 8200

'telnet:无法连接到远程主机:连接被拒绝'

'telnet: Unable to connect to remote host: Connection refused'

我在 aws 的安全组中打开了 8200 端口，并且两个实例都在同一个 vpc 中.我在这里缺少什么?有什么帮助吗?

I have opened 8200 port in security group of aws, and both instances are in same vpc. What I am missing here? Any help?

推荐答案

我能够找出上述问题的解决方案.基本上我执行了以下步骤.

I was able to figure out solution for above issue. Basically I executed below steps.

首先我通过下面的命令在上面的机器('123.456.XXX.X')上启动了Vault服务器

First I started vault server in above machine ( '123.456.XXX.X' ) by below command

vault server -dev -dev-listen-address="123.456.789.1:8200"

这里是 123.456.789.1 -->这是我的 ec2 实例的私有 IP，我的保管库服务器在其中运行.

here 123.456.789.1 --> This is private IP of my ec2 instance, where my vault server is running.

接下来，在我的源机器(我在 123.456.XXX.X 中调用 vault 服务器的机器)中，我设置了以下参数

Next, In my source machine (the one from which i am invoking vault server in 123.456.XXX.X ), I set below parameters

export VAULT_ADDR='http://123.456.789.1:8200'
export VAULT_TOKEN='*****************'

现在，当我尝试对 123.456.XXX.X 服务器执行 telnet 时，它按预期工作

Now when I am trying to do telnet to 123.456.XXX.X server, it is working as expected

telnet 123.456.789.1 8200

输出

Trying 123.456.789.1...
Connected to 123.456.789.1.
Escape character is '^]'.

这篇关于如何连接到远程 hashicorp vault 服务器的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！