在新机器上安装vault,并设置如下配置:
cluster_addr = "cor-infravault101.test.ag3:8201"
api_addr = "cor-infravault101.test.ag3:8200"
disable_mlock = true
listener "tcp" {
address = "0.0.0.0:8200"
cluster_address = "0.0.0.0:8201"
tls_cert_file = "/opt/vault/tls/server.crt"
tls_key_file = "/opt/vault/tls/server.key"
}
storage "raft" {
path = "/opt/vault/data"
node_id = "1"
retry_join {
leader_api_addr = "https://cor-infravault102.test.ag3:8200"
leader_client_cert_file = "/opt/vault/tls/server.crt"
leader_client_key_file = "/opt/vault/tls/server.key"
leader_ca_cert_file = "/opt/vault/tls/ca.crt"
}
retry_join {
leader_api_addr = "https://cor-infravault103.test.ag3:8200"
leader_client_cert_file = "/opt/vault/tls/server.crt"
leader_client_key_file = "/opt/vault/tls/server.key"
leader_ca_cert_file = "/opt/vault/tls/ca.crt"
}
}
ui = true
"穹窿status"工作很好。但是当我运行"vault operator init"时,我得到了以下错误:
Error initializing: Error making API request.
URL: PUT https://cor-infravault101.test.ag3:8200/v1/sys/init Code: 400. Errors:
* could not start clustered storage: empty address in configuration: {Voter 1 }
怎么了?
修复。因为我使用的是TLS,所以我需要添加"http "在api_addr和cluster_addr值中。它们看起来像这样:
cluster_addr = "https://cor-infravault101.test.ag3:8201"
api_addr = "https://cor-infravault101.test.ag3:8200"
disable_mlock = true
顺便说一句,Hashicorp文档真的很烂。