I’m trying to create a Vault network backed by Consul cluster of 3 nodes. I have created a cluster of 3 Consul servers and a Consul client has been connected to the cluster. Now I’m trying to connect
a Vault server to Consul client but client always refuse connection.
2021-12-03T12:59:27.578Z [WARN] storage migration check error: error="Get \"http://consul_c1:8501/v1/kv/vault/core/migration\": dial tcp 192.168.48.3:8501: connect: connection refused"
I built all in docker compose. here are my consul server configs:
consul_s1.json
{
"server": true,
"node_name": "consul_s1",
"datacenter": "dc1",
"bind_addr": "0.0.0.0",
"client_addr": "0.0.0.0",
"bootstrap_expect": 3,
"data_dir": "/consul/data",
"retry_join": ["consul_s2", "consul_s3"],
"log_level": "DEBUG",
"ui": true
}
consul_s2.json
{
"server": true,
"node_name": "consul_s2",
"datacenter": "dc1",
"bind_addr": "0.0.0.0",
"client_addr": "0.0.0.0",
"bootstrap_expect": 3,
"data_dir": "/consul/data",
"retry_join": ["consul_s1", "consul_s3"],
"log_level": "DEBUG",
"ui": true
}
consul_s3.json
{
"server": true,
"node_name": "consul_s3",
"datacenter": "dc1",
"bind_addr": "0.0.0.0",
"client_addr": "0.0.0.0",
"bootstrap_expect": 3,
"data_dir": "/consul/data",
"retry_join": ["consul_s1", "consul_s2"],
"log_level": "DEBUG",
"ui": true
}
and consul client config is:
consul_c1.json
{
"node_name": "consul_c1",
"datacenter": "dc1",
"bind_addr": "0.0.0.0",
"retry_join": ["consul_s1", "consul_s2", "consul_s3"],
"data_dir": "/consul/data"
}
and configs for vault:
vault_s1.json
{
"backend": {
"consul": {
"address": "consul_c1:8501",
"path": "vault/"
}
},
"listener": {
"tcp":{
"address": "0.0.0.0:8200",
"tls_disable": 1
}
},
"ui": true
}
and here is the docker compose file
version: '3.7'
services:
consul_s1:
image: consul:1.10.4
container_name: consul_s1
restart: always
volumes:
- ./consul/consul_s1/config/consul_s1.json:/consul/config/consul_s1.json:ro
networks:
- consul
ports:
- '8500:8500'
- '8600:8600/tcp'
- '8600:8600/udp'
command: 'agent'
consul_s2:
image: consul:1.10.4
container_name: consul_s2
restart: always
volumes:
- ./consul/consul_s2/config/consul_s2.json:/consul/config/consul_s2.json:ro
networks:
- consul
command: 'agent'
consul_s3:
image: consul:1.10.4
container_name: consul_s3
restart: always
volumes:
- ./consul/consul_s3/config/consul_s3.json:/consul/config/consul_s3.json:ro
networks:
- consul
command: 'agent'
consul_c1:
image: consul:1.10.4
container_name: consul_c1
restart: always
ports:
- 8501:8500
volumes:
- ./consul/consul_c1/config/consul_c1.json:/consul/config/consul_c1.json:ro
networks:
- consul
command: 'agent'
vault:
image: vault:latest
container_name: vault_s1
ports:
- 8200:8200
volumes:
- ./vault/vault_s1/config/vault_s1.json:/vault/config/vault_s1.json
- ./vault/vault_s1/policies:/vault/policies
- ./vault/vault_s1/data:/vault/data
- ./vault/vault_s1/logs:/vault/logs
environment:
- VAULT_ADDR=http://127.0.0.1:8200
networks:
- consul
command: server -config=/vault/config/vault_s1.json
cap_add:
- IPC_LOCK
depends_on:
- consul_s1
networks:
consul:
driver: bridge