Install Vault cluster

Goals

• Use Scaleway as Cloud Service Provider.

• Deploying a Vault cluster instance.

• Deploy a SRE instance aside for tooling.

Prerequisites

• Install HashiStack.

• Setup your Scaleway credentials.

• Manage a DNS domain ready in your Scaleway account. For our examples, the domain will be scw.wescale.fr.

• Name for your deployment. For the example we will name it epic.

Steps

Initiate an HashiStack instance directory

> ansible-playbook wescale.hashistack.init \
>     -e hs_parent_domain=scw.wescale.fr   \
>     -e hs_workspace=epic
> cd epic

Create Scaleway infrastructure and DNS delegation

> ansible-playbook wescale.hashistack.01_infra

Bootstrap servers to system readiness

> ansible-playbook wescale.hashistack.11_core_bootstrap

Setup DNS authority, LetsEncrypt certificates and reverse-proxy

> ansible-playbook wescale.hashistack.12_core_setup_dns
> ansible-playbook wescale.hashistack.14_core_letsencrypt
> ansible-playbook wescale.hashistack.15_core_rproxy

Install Vault

> ansible-playbook wescale.hashistack.vault

Validate

• Check the following url list (mind about adapting the urls to your domain and instance name):

  • https://vault.epic.scw.wescale.fr

• To log into these web interfaces you need to use the root Vault token.

Achievement Unlocked

You have deployed a Vault HA cluster.

Cleanup

Boy-scout rule

Always clean the campground.

> ansible-playbook wescale.hashistack.01_infra -e tf_action=destroy