Hi all,
Could someone take a look on my issue please? I am fairly sure that I miss something obvious here.
I have an EC2 box with two containers. A vault and a consul client container that are communicating in host network mode.
I am trying to use consul watch to set up a notification, if a key (or a keyprefix) has changes, in order kick off an ansible pipeline to update passwords on some backends.
I am trying to make the basic example work with a KV version 2 store. I have created a kv/mystuff/foo key to use for the first eyeballing as a basic manual example.
My consul config looks like this:
{
“server”: false,
“leave_on_terminate”: true,
“retry_join”: [“provider=aws tag_key=aws:cloudformation:stack-name tag_value=my-consul”],
“bind_addr”: “{{ GetInterfaceIP "eth0" }}”,
“enable_local_script_checks”: true,
“telemetry”: {
“dogstatsd_addr”: “localhost:8125”,
“disable_hostname”: true
},
“watches”: [{
“type”: “key”,
“key”: “kv/mystuff/foo”,
“handler”: “/tmp/command.sh”
}]
}
The command.sh is a simple echo:
#!/usr/bin/env sh
echo “it was called”
The client itself is happy and working, unlike the watch.
It seems that, if I log in to Vault and change the kv/mystuff/foo, the consul watch does not detect any changes. Could someone do a sanity check please, if this should work?
Thanks,
Peter