Now that the cluster is active, I’m having trouble figuring out who isn’t doing their job. The load balancer is up, but if I ping or browse to the DNS or IP of the ELB, it just spins. The ELB shows that all the nodes are failing their health checks, however if I browse to one of the Vault servers directly and tack on the health check string, I at least get a response:
I think I’m confused on how to customize the domain name being used if you don’t want to point your users to vault.service.consul (or am I confused on that point? Is that just for the backend, and the ELB config is separate?). Our domain is (EDIT)NOT managed in AWS, so I had our sysadmin point a CNAME record for vault.company.com to the ELB DNS name. As such, I didn’t enable the create_dns_entry option to do anything in Route53. What is the proper configuration to use here?