consulconsul server to coordinate discovery and provide a backend for vaultvault0vault servervault1a second vault server to demonstrate how HA worksmysqla mysql-server for the todo service to utilize. credentials are managed by vaulttodo0the demo service to see everything come togethertodo1a second demo service for HA
For vault to be secure, the bootstrapping process for a new vault server must be done out of band. Key shards must be provided to unseal the vault, and these should be entrusted to trusted people (by entrusting them to an automated process, you haven't secured anything - just added another turtle to the stack).
That said, for this POC we are automating it (but keeping the work separate from the normal automation to illustrate the separation). So that's what all the bash scripts coming up are all about.
Install puppet deps:
./puppet-deps.sh
Bring up the infrastructure:
vagrant up consul vault0 vault1 mysql
Initialize, Unseal, and configure Vault:
./01-init.sh
./02-unseal.sh
./03-configure.sh
Stand up the todo instances:
./04-provision-todo.sh
Verify everything came up correctly:
curl -X POST http://172.20.20.14:8080/todo -d '{"status": "new", "content": "Hello World"}'
curl http://172.20.20.14:8080/todo/1