안녕하세요, 저는 MacOS의 Docker에서 Vault를 설정하려고 합니다. 하지만 성공적으로 설치한 후에도 HTTP API를 통해 접근할 수 없습니다(https://www.vaultproject.io/intro/getting-started/apis.html).
도커파일:
FROM centos:centos6
ENV VAULT_VERSION=0.3.0
ENV VAULT_SHA256=30b8953e98059d1e8d97f6a164aa574a346a58caf9c5c74a911056f42fbef4d5
RUN yum install -y wget unzip
RUN \
wget http://dl.bintray.com/mitchellh/vault/vault_${VAULT_VERSION}_linux_amd64.zip &&\
echo "${VAULT_SHA256} vault_${VAULT_VERSION}_linux_amd64.zip" | sha256sum -c - &&\
unzip vault_${VAULT_VERSION}_linux_amd64.zip &&\
rm vault_${VAULT_VERSION}_linux_amd64.zip &&\
mv vault /usr/bin
EXPOSE 8200
ENTRYPOINT ["vault"]
CMD ["server", "-dev"]
내가하고있는 것:
$ docker build -t hyzhak/vault-dev .
Sending build context to Docker daemon 2.56 kB
Step 0 : FROM centos:centos6
---> 72703a0520b7
Step 1 : ENV VAULT_VERSION 0.3.0
---> Using cache
---> 3a7cefb4b4aa
Step 2 : ENV VAULT_SHA256 30b8953e98059d1e8d97f6a164aa574a346a58caf9c5c74a911056f42fbef4d5
---> Using cache
---> f2279f3a8d9a
Step 3 : RUN yum install -y wget unzip
---> Running in bf584ef3432f
Loaded plugins: fastestmirror
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package unzip.x86_64 0:6.0-2.el6_6 will be installed
---> Package wget.x86_64 0:1.12-5.el6_6.1 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
unzip x86_64 6.0-2.el6_6 base 149 k
wget x86_64 1.12-5.el6_6.1 base 483 k
Transaction Summary
================================================================================
Install 2 Package(s)
Total download size: 633 k
Installed size: 2.1 M
Downloading Packages:
--------------------------------------------------------------------------------
Total 180 kB/s | 633 kB 00:03
warning: rpmts_HdrFromFdno: Header V3 RSA/SHA1 Signature, key ID c105b9de: NOKEY
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
Importing GPG key 0xC105B9DE:
Userid : CentOS-6 Key (CentOS 6 Official Signing Key) <[email protected]>
Package: centos-release-6-7.el6.centos.12.3.x86_64 (installed)
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : wget-1.12-5.el6_6.1.x86_64 1/2
install-info: No such file or directory for /usr/share/info/wget.info.gz
Installing : unzip-6.0-2.el6_6.x86_64 2/2
Verifying : unzip-6.0-2.el6_6.x86_64 1/2
Verifying : wget-1.12-5.el6_6.1.x86_64 2/2
Installed:
unzip.x86_64 0:6.0-2.el6_6 wget.x86_64 0:1.12-5.el6_6.1
Complete!
---> 39319a2a5d82
Removing intermediate container bf584ef3432f
Step 4 : RUN wget http://dl.bintray.com/mitchellh/vault/vault_${VAULT_VERSION}_linux_amd64.zip && echo "${VAULT_SHA256} vault_${VAULT_VERSION}_linux_amd64.zip" | sha256sum -c - && unzip vault_${VAULT_VERSION}_linux_amd64.zip && rm vault_${VAULT_VERSION}_linux_amd64.zip && mv vault /usr/bin
---> Running in 668009a0a95c
--2015-10-05 09:07:55-- http://dl.bintray.com/mitchellh/vault/vault_0.3.0_linux_amd64.zip
Resolving dl.bintray.com... 5.153.24.114
Connecting to dl.bintray.com|5.153.24.114|:80... connected.
HTTP request sent, awaiting response... 302
Location: http://d29vzk4ow07wi7.cloudfront.net/b11b4f3d90450515f9930da49953649fe0848057?response-content-disposition=attachment%3Bfilename%3D%22vault_0.3.0_linux_amd64.zip%22&Policy=eyJTdGF0ZW1lbnQiOiBbeyJSZXNvdXJjZSI6Imh0dHAqOi8vZDI5dnprNG93MDd3aTcuY2xvdWRmcm9udC5uZXQvYjExYjRmM2Q5MDQ1MDUxNWY5OTMwZGE0OTk1MzY0OWZlMDg0ODA1Nz9yZXNwb25zZS1jb250ZW50LWRpc3Bvc2l0aW9uPWF0dGFjaG1lbnQlM0JmaWxlbmFtZSUzRCUyMnZhdWx0XzAuMy4wX2xpbnV4X2FtZDY0LnppcCUyMiIsIkNvbmRpdGlvbiI6eyJEYXRlTGVzc1RoYW4iOnsiQVdTOkVwb2NoVGltZSI6MTQ0NDAzNjc5Nn0sIklwQWRkcmVzcyI6eyJBV1M6U291cmNlSXAiOiIwLjAuMC4wLzAifX19XX0_&Signature=bRNeHgbTenO1ZNzZYTxf6iLvZYJS3YKxbHKH-pIdN0-K59Osn5qtWNbyqLHG~MNMp-4l4tW6tgeW6cZIx9c5ZtOcj8-CfQOpCU8hXhJQ48drj2GlU2DRnWJxER8r3cLkJz75ZLK7KJiB2-XUJxfHufmIhhatpxsnxIjJ~EuPkdj0mBdhoa4MaVa9rOzW~aCjCp980YTkzDXgJmIR0DNs8guQZ5F1tqf4SkxWPKiHvFkHOf0KgY6LVQP9pl8M6XNTYszG1bEyZ7gWvINMcs50Ha3mGIwB714HEjadTUTIMKDGy8ZYOFEym8zRxxZieE67DCcmG2IN-UT2iYEyVWfDdA__&Key-Pair-Id=APKAIFKFWOMXM2UMTSFA [following]
--2015-10-05 09:07:56-- http://d29vzk4ow07wi7.cloudfront.net/b11b4f3d90450515f9930da49953649fe0848057?response-content-disposition=attachment%3Bfilename%3D%22vault_0.3.0_linux_amd64.zip%22&Policy=eyJTdGF0ZW1lbnQiOiBbeyJSZXNvdXJjZSI6Imh0dHAqOi8vZDI5dnprNG93MDd3aTcuY2xvdWRmcm9udC5uZXQvYjExYjRmM2Q5MDQ1MDUxNWY5OTMwZGE0OTk1MzY0OWZlMDg0ODA1Nz9yZXNwb25zZS1jb250ZW50LWRpc3Bvc2l0aW9uPWF0dGFjaG1lbnQlM0JmaWxlbmFtZSUzRCUyMnZhdWx0XzAuMy4wX2xpbnV4X2FtZDY0LnppcCUyMiIsIkNvbmRpdGlvbiI6eyJEYXRlTGVzc1RoYW4iOnsiQVdTOkVwb2NoVGltZSI6MTQ0NDAzNjc5Nn0sIklwQWRkcmVzcyI6eyJBV1M6U291cmNlSXAiOiIwLjAuMC4wLzAifX19XX0_&Signature=bRNeHgbTenO1ZNzZYTxf6iLvZYJS3YKxbHKH-pIdN0-K59Osn5qtWNbyqLHG~MNMp-4l4tW6tgeW6cZIx9c5ZtOcj8-CfQOpCU8hXhJQ48drj2GlU2DRnWJxER8r3cLkJz75ZLK7KJiB2-XUJxfHufmIhhatpxsnxIjJ~EuPkdj0mBdhoa4MaVa9rOzW~aCjCp980YTkzDXgJmIR0DNs8guQZ5F1tqf4SkxWPKiHvFkHOf0KgY6LVQP9pl8M6XNTYszG1bEyZ7gWvINMcs50Ha3mGIwB714HEjadTUTIMKDGy8ZYOFEym8zRxxZieE67DCcmG2IN-UT2iYEyVWfDdA__&Key-Pair-Id=APKAIFKFWOMXM2UMTSFA
Resolving d29vzk4ow07wi7.cloudfront.net... 54.239.168.131, 54.239.168.113, 54.239.168.149, ...
Connecting to d29vzk4ow07wi7.cloudfront.net|54.239.168.131|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 7144775 (6.8M) [application/unknown]
Saving to: `vault_0.3.0_linux_amd64.zip'
0K .......... .......... .......... .......... .......... 0% 245K 28s
50K .......... .......... .......... .......... .......... 1% 536K 20s
6900K .......... .......... .......... .......... .......... 99% 897K 0s
6950K .......... .......... ....... 100% 905K=11s
2015-10-05 09:08:07 (644 KB/s) - `vault_0.3.0_linux_amd64.zip' saved [7144775/7144775]
vault_0.3.0_linux_amd64.zip: OK
Archive: vault_0.3.0_linux_amd64.zip
inflating: vault
---> 4a7ad17d1c3e
Removing intermediate container 668009a0a95c
Step 5 : ENTRYPOINT vault
---> Running in 5d94eea8c63a
---> 615ebbc603eb
Removing intermediate container 5d94eea8c63a
Step 6 : CMD server -dev
---> Running in 534d6b77a08f
---> e4972008c99e
Removing intermediate container 534d6b77a08f
Step 7 : EXPOSE 8200
---> Running in cdaeb80c9f6d
---> 3d102a6ca778
Removing intermediate container cdaeb80c9f6d
Successfully built 3d102a6ca778
이미지 확인
$ docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
hyzhak/vault-dev latest 3d102a6ca778 10 minutes ago 275 MB
start docker
볼트 도커 실행
$ docker run -p 49161:8200 -d hyzhak/vault-dev
31a7925fa08a5483f11a4d307f28813b01c3e4527a6e035c00227ab1aa21df48
지금 작동하는지 확인해보세요
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
344af48eb05b hyzhak/vault-dev "vault server -dev" 25 minutes ago Up 17 minutes 0.0.0.0:49161->8200/tcp admiring_brahmagupta
로그 확인
$ docker logs admiring_brahmagupta
==> WARNING: Dev mode is enabled!
In this mode, Vault is completely in-memory and unsealed.
Vault is configured to only have a single unseal key. The root
token has already been authenticated with the CLI, so you can
immediately begin using the Vault CLI.
The only step you need to take is to set the following
environment variables:
export VAULT_ADDR='http://127.0.0.1:8200'
The unseal key and root token are reproduced below in case you
want to seal/unseal the Vault or play with authentication.
Unseal Key: ab8f054f17c20954ab4bb319ebd9547a8e270b23f3cce7ab84a170eba37c1a6d
Root Token: 6ae939f8-0cb0-fcb4-82f4-07fdeef289a7
==> Vault server configuration:
Log Level: info
Mlock: supported: true, enabled: false
Backend: inmem
Listener 1: tcp (addr: "127.0.0.1:8200", tls: "disabled")
==> Vault server started! Log data will stream in below:
2015/10/05 09:11:53 [INFO] core: security barrier initialized (shares: 1, threshold 1)
2015/10/05 09:11:53 [INFO] core: post-unseal setup starting
2015/10/05 09:11:53 [INFO] core: mounted backend of type generic at logical/19fa5174-70fa-90ed-fa4f-ef08040bbe6e/
2015/10/05 09:11:53 [INFO] core: mounted backend of type cubbyhole at logical/a00018a6-ce98-3df4-28af-955e2f572f8d/
2015/10/05 09:11:53 [INFO] core: mounted backend of type system at sys/
2015/10/05 09:11:53 [INFO] core: post-unseal setup complete
2015/10/05 09:11:53 [INFO] core: root token generated
2015/10/05 09:11:53 [INFO] core: pre-seal teardown starting
2015/10/05 09:11:53 [INFO] rollback: starting rollback manager
2015/10/05 09:11:53 [INFO] rollback: stopping rollback manager
2015/10/05 09:11:53 [INFO] core: pre-seal teardown complete
2015/10/05 09:11:53 [INFO] core: vault is unsealed
2015/10/05 09:11:53 [INFO] core: post-unseal setup starting
2015/10/05 09:11:53 [INFO] core: mounted backend of type generic at logical/19fa5174-70fa-90ed-fa4f-ef08040bbe6e/
2015/10/05 09:11:53 [INFO] core: mounted backend of type cubbyhole at logical/a00018a6-ce98-3df4-28af-955e2f572f8d/
2015/10/05 09:11:53 [INFO] core: mounted backend of type system at sys/
2015/10/05 09:11:53 [INFO] core: post-unseal setup complete
2015/10/05 09:11:53 [INFO] rollback: starting rollback manager
CLI에서 잘 작동합니다
$ alias vault='docker exec -it admiring_brahmagupta vault "$@"'
$ vault --version
Vault v0.3.0
도커의 IP를 얻으십시오
$ docker-machine ip default
192.168.99.100
Vault에 연결을 시도합니다. (이것은 작동하지 않습니다!)
$ curl -i http://192.168.99.100:49161/v1/sys/init
curl: (7) Failed to connect to 192.168.99.100 port 49161: Connection refused
어떤 경우에도 동일한 결과http://192.168.99.100:49161/. 동시에 예제의 Node.jshttps://docs.docker.com/examples/nodejs_web_app/아무 문제 없이 8080을 노출시킵니다. 그래서 나는 내 도커 파일을 기반으로했습니다.https://docs.docker.com/examples/nodejs_web_app/하지만 운이 없군요. 또한 나는 준비된 도커 파일을 만들려고 노력했습니다.https://hub.docker.com/r/voxxit/vault/그리고 허브의 다른 사람들. 동일한 결과를 제공합니다.
왜마디8080은 문제없이 노출되지만둥근 천장작동하지 않습니까? 그리고 그것을 고치는 방법은 무엇입니까?
답변1
Vault의 "dev" 모드는 기본적으로 안전하지 않은 특성으로 인해 루프백(127.0.0.1)에 바인딩됩니다. 0.0.0.0:8200동일한 네트워크 네임스페이스 외부에서 액세스하려는 경우 대신 수신할 구성을 제공해야 합니다 .