Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[DO NOT MERGE] Senario with Consul 1.14 and new TLS config #12

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[DO NOT MERGE] Senario with Consul 1.14 and new TLS config #12

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions datacenter-deploy-secure-auto_encrypt/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
## Tutorial URL

https://learn.hashicorp.com/tutorials/consul/docker-compose-datacenter
5 changes: 5 additions & 0 deletions datacenter-deploy-secure-auto_encrypt/certs/consul-agent-ca-key.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIGAr7PBGzNzcz4dYtRDoa+eMc79lxOSxDCZMdkOUBDcZoAoGCCqGSM49
AwEHoUQDQgAEchBXs6484r99s6qdn0LFohhw8LCK4aIhdNyJ8FOQRcgOpbEk+hRS
+4AoE50i8JdMF7NvSN+Vz7NrXQ+UtjgWBw==
-----END EC PRIVATE KEY-----
18 changes: 18 additions & 0 deletions datacenter-deploy-secure-auto_encrypt/certs/consul-agent-ca.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
-----BEGIN CERTIFICATE-----
MIIC7TCCApOgAwIBAgIQWawP5QPjUL03fdVIJBCZsDAKBggqhkjOPQQDAjCBuTEL
MAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv
MRowGAYDVQQJExExMDEgU2Vjb25kIFN0cmVldDEOMAwGA1UEERMFOTQxMDUxFzAV
BgNVBAoTDkhhc2hpQ29ycCBJbmMuMUAwPgYDVQQDEzdDb25zdWwgQWdlbnQgQ0Eg
MTE5MTk0Njg5MDY1MTIyMDM2MDUyNDA0MTQzOTQ1NDU5NzM0OTYwMB4XDTIyMDgw
MjE1MjkyNVoXDTI1MDgwMTE1MjkyNVowgbkxCzAJBgNVBAYTAlVTMQswCQYDVQQI
EwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEaMBgGA1UECRMRMTAxIFNlY29u
ZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcwFQYDVQQKEw5IYXNoaUNvcnAgSW5j
LjFAMD4GA1UEAxM3Q29uc3VsIEFnZW50IENBIDExOTE5NDY4OTA2NTEyMjAzNjA1
MjQwNDE0Mzk0NTQ1OTczNDk2MDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABHIQ
V7OuPOK/fbOqnZ9CxaIYcPCwiuGiIXTcifBTkEXIDqWxJPoUUvuAKBOdIvCXTBez
b0jflc+za10PlLY4FgejezB5MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD
AQH/MCkGA1UdDgQiBCA7njEdiBtNpBtHIPtzRx3Zo6u+D6PJ15hFZI3HBSU1sTAr
BgNVHSMEJDAigCA7njEdiBtNpBtHIPtzRx3Zo6u+D6PJ15hFZI3HBSU1sTAKBggq
hkjOPQQDAgNIADBFAiEA3Zv6j6Gu75SeTpoQSVoj7QEDbSiBoxn3Hobs1BM5v5UC
IH8OJjm2xU5hlnUQ3OAysPR34Y6YKYhGk7Zq6Lou0ykO
-----END CERTIFICATE-----
5 changes: 5 additions & 0 deletions datacenter-deploy-secure-auto_encrypt/certs/dc1-server-consul-0-key.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEINeksduKNCRqxY9BBmMrns5TXNY7VpkQ6vWPupMtFaMpoAoGCCqGSM49
AwEHoUQDQgAEH6mHO6VgbHd9RnMiYLLY7JJsDcsPsKVK1OBnhw1QhrDtvYwsNYoH
RetYAUI367IxJCgL1e/cA/zHi3YCry348Q==
-----END EC PRIVATE KEY-----
17 changes: 17 additions & 0 deletions datacenter-deploy-secure-auto_encrypt/certs/dc1-server-consul-0.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
-----BEGIN CERTIFICATE-----
MIICnTCCAkKgAwIBAgIQHrdj7+qoJ98tRDWigbKc/TAKBggqhkjOPQQDAjCBuTEL
MAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv
MRowGAYDVQQJExExMDEgU2Vjb25kIFN0cmVldDEOMAwGA1UEERMFOTQxMDUxFzAV
BgNVBAoTDkhhc2hpQ29ycCBJbmMuMUAwPgYDVQQDEzdDb25zdWwgQWdlbnQgQ0Eg
MTE5MTk0Njg5MDY1MTIyMDM2MDUyNDA0MTQzOTQ1NDU5NzM0OTYwMB4XDTIyMDgw
MjE1MjkzMVoXDTI1MDgwMTE1MjkzMVowHDEaMBgGA1UEAxMRc2VydmVyLmRjMS5j
b25zdWwwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQfqYc7pWBsd31GcyJgstjs
kmwNyw+wpUrU4GeHDVCGsO29jCw1igdF61gBQjfrsjEkKAvV79wD/MeLdgKvLfjx
o4HHMIHEMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB
BQUHAwIwDAYDVR0TAQH/BAIwADApBgNVHQ4EIgQgST91pQU5cCcGpHvM8Q62AfLN
DXZxUrXfVtFaqQAr3K0wKwYDVR0jBCQwIoAgO54xHYgbTaQbRyD7c0cd2aOrvg+j
ydeYRWSNxwUlNbEwLQYDVR0RBCYwJIIRc2VydmVyLmRjMS5jb25zdWyCCWxvY2Fs
aG9zdIcEfwAAATAKBggqhkjOPQQDAgNJADBGAiEA+1jEcho9qVPMiw+SK5EbYS9z
+ez0lBz6WGsGqsYymrwCIQCqDgPzmBgXRCqR/p18aq4gYhEb6St4k9GRMoJHCI/p
sA==
-----END CERTIFICATE-----
28 changes: 28 additions & 0 deletions datacenter-deploy-secure-auto_encrypt/client.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
{
"node_name": "consul-client",
"data_dir": "/consul/data",
"retry_join":[
"consul-server1",
"consul-server2",
"consul-server3"
],
"encrypt": "aPuGh+5UDskRAbkLaXRzFoSOcSM+5vAK+NEYOWHJH7w=",

"tls": {
"defaults": {
"ca_file" : "/consul/config/certs/consul-agent-ca.pem",
"verify_outgoing" : true,
"verify_incoming" : true
},
"https": {
"verify_incoming" : false
},
"internal_rpc": {
"verify_server_hostname" : true
}
},

"auto_encrypt": {
"tls" : true
}
}
9 changes: 9 additions & 0 deletions datacenter-deploy-secure-auto_encrypt/consul-acl.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
{
"acl": {
"enabled": true,
"default_policy": "deny",
"down_policy": "extend-cache",
"enable_token_persistence": true
}
}

56 changes: 56 additions & 0 deletions datacenter-deploy-secure-auto_encrypt/docker-compose.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
version: '3.7'

services:

consul-server1:
image: hashicorp/consul:1.14.0
container_name: consul-server1
restart: always
volumes:
- ./server1.json:/consul/config/server1.json
- ./certs/:/consul/config/certs/
networks:
- consul
ports:
- "8500:8500"
- "8600:8600/tcp"
- "8600:8600/udp"
command: "agent -bootstrap-expect=3"

consul-server2:
image: hashicorp/consul:1.14.0
container_name: consul-server2
restart: always
volumes:
- ./server2.json:/consul/config/server2.json
- ./certs/:/consul/config/certs/
networks:
- consul
command: "agent -bootstrap-expect=3"

consul-server3:
image: hashicorp/consul:1.14.0
container_name: consul-server3
restart: always
volumes:
- ./server3.json:/consul/config/server3.json
- ./certs/:/consul/config/certs/
networks:
- consul
command: "agent -bootstrap-expect=3"

consul-client:
image: hashicorp/consul:1.14.0
container_name: consul-client
restart: always
volumes:
- ./client.json:/consul/config/client.json
- ./certs/:/consul/config/certs/
networks:
- consul
command: "agent"

networks:
consul:
driver: bridge

39 changes: 39 additions & 0 deletions datacenter-deploy-secure-auto_encrypt/server1.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
{
"node_name": "consul-server1",
"server": true,
"ui_config": {
"enabled" : true
},
"data_dir": "/consul/data",
"addresses": {
"http" : "0.0.0.0"
},
"retry_join":[
"consul-server2",
"consul-server3"
],

"encrypt": "aPuGh+5UDskRAbkLaXRzFoSOcSM+5vAK+NEYOWHJH7w=",

"tls": {
"defaults": {
"ca_file" : "/consul/config/certs/consul-agent-ca.pem",
"cert_file" : "/consul/config/certs/dc1-server-consul-0.pem",
"key_file" : "/consul/config/certs/dc1-server-consul-0-key.pem",

"verify_outgoing" : true,
"verify_incoming" : true
},

"https": {
"verify_incoming" : false
},
"internal_rpc": {
"verify_server_hostname" : true
}
},

"auto_encrypt": {
"allow_tls" : true
}
}
22 changes: 22 additions & 0 deletions datacenter-deploy-secure-auto_encrypt/server1_old.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
{
"node_name": "consul-server1",
"server": true,
"ui_config": {
"enabled" : true
},
"data_dir": "/consul/data",
"addresses": {
"http" : "0.0.0.0"
},
"retry_join":[
"consul-server2",
"consul-server3"
],
"encrypt": "aPuGh+5UDskRAbkLaXRzFoSOcSM+5vAK+NEYOWHJH7w=",
"verify_incoming": true,
"verify_outgoing": true,
"verify_server_hostname": true,
"ca_file": "/consul/config/certs/consul-agent-ca.pem",
"cert_file": "/consul/config/certs/dc1-server-consul-0.pem",
"key_file": "/consul/config/certs/dc1-server-consul-0-key.pem"
}
38 changes: 38 additions & 0 deletions datacenter-deploy-secure-auto_encrypt/server2.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
{
"node_name": "consul-server2",
"server": true,
"ui_config": {
"enabled" : true
},
"data_dir": "/consul/data",
"addresses": {
"http" : "0.0.0.0"
},
"retry_join":[
"consul-server1",
"consul-server3"
],
"encrypt": "aPuGh+5UDskRAbkLaXRzFoSOcSM+5vAK+NEYOWHJH7w=",

"tls": {
"defaults": {
"ca_file" : "/consul/config/certs/consul-agent-ca.pem",
"cert_file" : "/consul/config/certs/dc1-server-consul-0.pem",
"key_file" : "/consul/config/certs/dc1-server-consul-0-key.pem",

"verify_outgoing" : true,
"verify_incoming" : true
},

"https": {
"verify_incoming" : false
},
"internal_rpc": {
"verify_server_hostname" : true
}
},

"auto_encrypt": {
"allow_tls" : true
}
}
38 changes: 38 additions & 0 deletions datacenter-deploy-secure-auto_encrypt/server3.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
{
"node_name": "consul-server3",
"server": true,
"ui_config": {
"enabled" : true
},
"data_dir": "/consul/data",
"addresses": {
"http" : "0.0.0.0"
},
"retry_join":[
"consul-server1",
"consul-server2"
],
"encrypt": "aPuGh+5UDskRAbkLaXRzFoSOcSM+5vAK+NEYOWHJH7w=",

"tls": {
"defaults": {
"ca_file" : "/consul/config/certs/consul-agent-ca.pem",
"cert_file" : "/consul/config/certs/dc1-server-consul-0.pem",
"key_file" : "/consul/config/certs/dc1-server-consul-0-key.pem",

"verify_outgoing" : true,
"verify_incoming" : true
},

"https": {
"verify_incoming" : false
},
"internal_rpc": {
"verify_server_hostname" : true
}
},

"auto_encrypt": {
"allow_tls" : true
}
}