sdorsett · December 18, 2017 03:51
diff --git a/vault-a.txt b/vault-a.txt
 yum install -y unzip wget
 wget https://releases.hashicorp.com/vault/0.9.0/vault_0.9.0_linux_amd64.zip
 unzip vault_0.9.0_linux_amd64.zip
 mv vault /usr/local/bin/

 sudo tee /etc/systemd/system/vault.service << 'EOF'
 [Unit]
 Description=Vault service
 Requires=network-online.target
 After=network.target

 [Service]
 User=root
 Group=root
 PIDFile=/run/vault.pid
 Restart=on-failure
 Environment=GOMAXPROCS=2
 ExecStart=/usr/local/bin/vault server -config=/etc/vault.d/config.json
 ExecReload=/bin/kill -s HUP $MAINPID
 KillSignal=SIGINT
 TimeoutStopSec=5

 [Install]
 WantedBy=multi-user.target
 EOF

 vi /etc/vault.d/config.json
 cat /etc/vault.d/config.json 
 {
    "storage": {
        "consul": {
            "address": "[consul_ip_address]:8500",
            "advertise_addr": "http://[local_ip_address]:8200",
            "path": "vault"
        }
    },
    "listener": {
        "tcp": {
            "address": "0.0.0.0:8200",
            "tls_disable": 1
        }
    }
 }

 systemctl enable vault.service
 echo "export VAULT_ADDR=http://0.0.0.0:8200" >> ~/.bash_profile
 source ~/.bash_profile
 systemctl start vault.service

 vault init
 # output like the following. record the keys listed since they will be needed to unseal the vault:
 # $ vault init
 # Key 1: 427cd2c310be3b84fe69372e683a790e01
 # Key 2: 0e2b8f3555b42a232f7ace6fe0e68eaf02
 # Key 3: 37837e5559b322d0585a6e411614695403
 # Key 4: 8dd72fd7d1af254de5f82d1270fd87ab04
 # Key 5: b47fdeb7dda82dbe92d88d3c860f605005
 # Initial Root Token: eaf5cc32-b48f-7785-5c94-90b5ce300e9b
 # 
 # Vault initialized with 5 keys and a key threshold of 3!

 vault unseal # must be performed 3 times with different keys in order to unlock

 # $ vault unseal
 # Key (will be hidden):
 # Sealed: true
 # Key Shares: 5
 # Key Threshold: 3
 # Unseal Progress: 1

 vault status # will show the status of vault

 # $ vault status
 # Type: shamir
 # Sealed: false
 # Key Shares: 5
 # Key Threshold: 3
 # Unseal Progress: 0
 # Unseal Nonce: 
 # Version: 0.9.0
 # Cluster Name: vault-cluster-XXXXXXXX
 # Cluster ID: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
 # 
 # High-Availability Enabled: true
 #         Mode: standby
 #         Leader Cluster Address: https://[local_ip_address]:8201

diff --git a/vault-b.txt b/vault-b.txt
 yum install -y unzip wget
 wget https://releases.hashicorp.com/vault/0.9.0/vault_0.9.0_linux_amd64.zip
 unzip vault_0.9.0_linux_amd64.zip
 mv vault /usr/local/bin/

 sudo tee /etc/systemd/system/vault.service << 'EOF'
 [Unit]
 Description=Vault service
 Requires=network-online.target
 After=network.target

 [Service]
 User=root
 Group=root
 PIDFile=/run/vault.pid
 Restart=on-failure
 Environment=GOMAXPROCS=2
 ExecStart=/usr/local/bin/vault server -config=/etc/vault.d/config.json
 ExecReload=/bin/kill -s HUP $MAINPID
 KillSignal=SIGINT
 TimeoutStopSec=5

 [Install]
 WantedBy=multi-user.target
 EOF

 mkdir /etc/vault.d
 vi /etc/vault.d/config.json
 cat /etc/vault.d/config.json 
 {
    "storage": {
        "consul": {
            "address": "[consul_ip_address]:8500",
            "advertise_addr": "http://[local_ip_address]:8200",
            "path": "vault"
        }
    },
    "listener": {
        "tcp": {
            "address": "0.0.0.0:8200",
            "tls_disable": 1
        }
    }
 }

 systemctl enable vault.service
 echo "export VAULT_ADDR=http://0.0.0.0:8200" >> ~/.bash_profile
 source ~/.bash_profile
 systemctl start vault.service

 vault unseal # must be performed 3 times with different keys, from 'vault init' command run on vault-a, in order to unlock

 # $ vault unseal
 # Key (will be hidden):
 # Sealed: true
 # Key Shares: 5
 # Key Threshold: 3
 # Unseal Progress: 1

 vault status # will show the status of vault

 # $ vault status
 # Type: shamir
 # Sealed: false
 # Key Shares: 5
 # Key Threshold: 3
 # Unseal Progress: 0
 # Unseal Nonce: 
 # Version: 0.9.0
 # Cluster Name: vault-cluster-XXXXXXXX
 # Cluster ID: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
 # 
 # High-Availability Enabled: true
 #         Mode: standby
 #         Leader Cluster Address: https://[local_ip_address]:8201

diff --git a/vault-c.txt b/vault-c.txt
 yum install -y unzip wget
 wget https://releases.hashicorp.com/vault/0.9.0/vault_0.9.0_linux_amd64.zip
 unzip vault_0.9.0_linux_amd64.zip
 mv vault /usr/local/bin/

 sudo tee /etc/systemd/system/vault.service << 'EOF'
 [Unit]
 Description=Vault service
 Requires=network-online.target
 After=network.target

 [Service]
 User=root
 Group=root
 PIDFile=/run/vault.pid
 Restart=on-failure
 Environment=GOMAXPROCS=2
 ExecStart=/usr/local/bin/vault server -config=/etc/vault.d/config.json
 ExecReload=/bin/kill -s HUP $MAINPID
 KillSignal=SIGINT
 TimeoutStopSec=5

 [Install]
 WantedBy=multi-user.target
 EOF

 mkdir /etc/vault.d
 vi /etc/vault.d/config.json
 cat /etc/vault.d/config.json 
 {
    "storage": {
        "consul": {
            "address": "[consul_ip_address]:8500",
            "advertise_addr": "http://[local_ip_address]:8200",
            "path": "vault"
        }
    },
    "listener": {
        "tcp": {
            "address": "0.0.0.0:8200",
            "tls_disable": 1
        }
    }
 }

 systemctl enable vault.service
 echo "export VAULT_ADDR=http://0.0.0.0:8200" >> ~/.bash_profile
 source ~/.bash_profile
 systemctl start vault.service

 vault unseal # must be performed 3 times with different keys, from 'vault init' command run on vault-a, in order to unlock

 # $ vault unseal
 # Key (will be hidden):
 # Sealed: true
 # Key Shares: 5
 # Key Threshold: 3
 # Unseal Progress: 1

 vault status # will show the status of vault

 # $ vault status
 # Type: shamir
 # Sealed: false
 # Key Shares: 5
 # Key Threshold: 3
 # Unseal Progress: 0
 # Unseal Nonce: 
 # Version: 0.9.0
 # Cluster Name: vault-cluster-XXXXXXXX
 # Cluster ID: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
 # 
 # High-Availability Enabled: true
 #         Mode: standby
 #         Leader Cluster Address: https://[local_ip_address]:8201
	yum install -y unzip wget
	wget https://releases.hashicorp.com/vault/0.9.0/vault_0.9.0_linux_amd64.zip
	unzip vault_0.9.0_linux_amd64.zip
	mv vault /usr/local/bin/

	sudo tee /etc/systemd/system/vault.service << 'EOF'
	[Unit]
	Description=Vault service
	Requires=network-online.target
	After=network.target

	[Service]
	User=root
	Group=root
	PIDFile=/run/vault.pid
	Restart=on-failure
	Environment=GOMAXPROCS=2
	ExecStart=/usr/local/bin/vault server -config=/etc/vault.d/config.json
	ExecReload=/bin/kill -s HUP $MAINPID
	KillSignal=SIGINT
	TimeoutStopSec=5

	[Install]
	WantedBy=multi-user.target
	EOF

	vi /etc/vault.d/config.json
	cat /etc/vault.d/config.json
	{
	"storage": {
	"consul": {
	"address": "[consul_ip_address]:8500",
	"advertise_addr": "http://[local_ip_address]:8200",
	"path": "vault"
	}
	},
	"listener": {
	"tcp": {
	"address": "0.0.0.0:8200",
	"tls_disable": 1
	}
	}
	}

	systemctl enable vault.service
	echo "export VAULT_ADDR=http://0.0.0.0:8200" >> ~/.bash_profile
	source ~/.bash_profile
	systemctl start vault.service

	vault init
	# output like the following. record the keys listed since they will be needed to unseal the vault:
	# $ vault init
	# Key 1: 427cd2c310be3b84fe69372e683a790e01
	# Key 2: 0e2b8f3555b42a232f7ace6fe0e68eaf02
	# Key 3: 37837e5559b322d0585a6e411614695403
	# Key 4: 8dd72fd7d1af254de5f82d1270fd87ab04
	# Key 5: b47fdeb7dda82dbe92d88d3c860f605005
	# Initial Root Token: eaf5cc32-b48f-7785-5c94-90b5ce300e9b
	#
	# Vault initialized with 5 keys and a key threshold of 3!

	vault unseal # must be performed 3 times with different keys in order to unlock

	# $ vault unseal
	# Key (will be hidden):
	# Sealed: true
	# Key Shares: 5
	# Key Threshold: 3
	# Unseal Progress: 1

	vault status # will show the status of vault

	# $ vault status
	# Type: shamir
	# Sealed: false
	# Key Shares: 5
	# Key Threshold: 3
	# Unseal Progress: 0
	# Unseal Nonce:
	# Version: 0.9.0
	# Cluster Name: vault-cluster-XXXXXXXX
	# Cluster ID: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
	#
	# High-Availability Enabled: true
	# Mode: standby
	# Leader Cluster Address: https://[local_ip_address]:8201