Consul Client refuses connection to Vault server

Vault
1

I’m trying to create a Vault network backed by Consul cluster of 3 nodes. I have created a cluster of 3 Consul servers and a Consul client has been connected to the cluster. Now I’m trying to connect
a Vault server to Consul client but client always refuse connection.

2021-12-03T12:59:27.578Z [WARN] storage migration check error: error="Get \"http://consul_c1:8501/v1/kv/vault/core/migration\": dial tcp 192.168.48.3:8501: connect: connection refused"

I built all in docker compose. here are my consul server configs:

consul_s1.json
{
  "server": true,
  "node_name": "consul_s1",
  "datacenter": "dc1",
  "bind_addr": "0.0.0.0",
  "client_addr": "0.0.0.0",
  "bootstrap_expect": 3,
  "data_dir": "/consul/data",
  "retry_join": ["consul_s2", "consul_s3"],
  "log_level": "DEBUG",
  "ui": true
}

consul_s2.json
{
  "server": true,
  "node_name": "consul_s2",
  "datacenter": "dc1",
  "bind_addr": "0.0.0.0",
  "client_addr": "0.0.0.0",
  "bootstrap_expect": 3,
  "data_dir": "/consul/data",
  "retry_join": ["consul_s1", "consul_s3"],
  "log_level": "DEBUG",
  "ui": true
}

consul_s3.json
{
  "server": true,
  "node_name": "consul_s3",
  "datacenter": "dc1",
  "bind_addr": "0.0.0.0",
  "client_addr": "0.0.0.0",
  "bootstrap_expect": 3,
  "data_dir": "/consul/data",
  "retry_join": ["consul_s1", "consul_s2"],
  "log_level": "DEBUG",
  "ui": true
}

and consul client config is:

consul_c1.json
{
  "node_name": "consul_c1",
  "datacenter": "dc1",
  "bind_addr": "0.0.0.0",
  "retry_join": ["consul_s1", "consul_s2", "consul_s3"],
  "data_dir": "/consul/data"
}

and configs for vault:

vault_s1.json
{
  "backend": {
    "consul": {
      "address": "consul_c1:8501",
      "path": "vault/"
    }
  },
  "listener": {
    "tcp":{
      "address": "0.0.0.0:8200",
      "tls_disable": 1
    }
  },
  "ui": true
}

and here is the docker compose file

version: '3.7'

services:
  consul_s1:
    image: consul:1.10.4
    container_name: consul_s1
    restart: always
    volumes:
      - ./consul/consul_s1/config/consul_s1.json:/consul/config/consul_s1.json:ro
    networks:
      - consul
    ports:
      - '8500:8500'
      - '8600:8600/tcp'
      - '8600:8600/udp'
    command: 'agent'

  consul_s2:
    image: consul:1.10.4
    container_name: consul_s2
    restart: always
    volumes:
      - ./consul/consul_s2/config/consul_s2.json:/consul/config/consul_s2.json:ro
    networks:
      - consul
    command: 'agent'

  consul_s3:
    image: consul:1.10.4
    container_name: consul_s3
    restart: always
    volumes:
      - ./consul/consul_s3/config/consul_s3.json:/consul/config/consul_s3.json:ro
    networks:
      - consul
    command: 'agent'

  consul_c1:
    image: consul:1.10.4
    container_name: consul_c1
    restart: always
    ports:
      - 8501:8500
    volumes:
      - ./consul/consul_c1/config/consul_c1.json:/consul/config/consul_c1.json:ro
    networks:
      - consul
    command: 'agent'

  vault:
    image: vault:latest
    container_name: vault_s1
    ports:
      - 8200:8200
    volumes:
      - ./vault/vault_s1/config/vault_s1.json:/vault/config/vault_s1.json
      - ./vault/vault_s1/policies:/vault/policies
      - ./vault/vault_s1/data:/vault/data
      - ./vault/vault_s1/logs:/vault/logs
    environment:
      - VAULT_ADDR=http://127.0.0.1:8200
    networks:
      - consul
    command: server -config=/vault/config/vault_s1.json
    cap_add:
      - IPC_LOCK
    depends_on:
      - consul_s1

networks:
  consul:
    driver: bridge
2

I’d check your consul logs. I believe your cluster is not getting bootstrapped, because you are not specifying the consul config-file/folder in the compose-file.

3

you’re right. however I passed config-file and it still does not work and connection refused. I checked from consul UI and there it shows all consul nodes, servers and client and marked consul server leader as well.

4

address": "consul_c1:8501

Use port 8500 (since its using bridge network for connection)