Vault
- Vault charmers
- Security
Channel | Revision | Published | Runs on |
---|---|---|---|
latest/edge | 383 | 23 Aug 2024 | |
latest/edge | 367 | 25 Jul 2024 | |
latest/edge | 364 | 23 Jul 2024 | |
latest/edge | 363 | 23 Jul 2024 | |
latest/edge | 336 | 20 Jun 2024 | |
latest/edge | 335 | 20 Jun 2024 | |
latest/edge | 334 | 20 Jun 2024 | |
latest/edge | 333 | 20 Jun 2024 | |
latest/edge | 332 | 20 Jun 2024 | |
latest/edge | 331 | 20 Jun 2024 | |
latest/edge | 330 | 20 Jun 2024 | |
latest/edge | 329 | 20 Jun 2024 | |
latest/edge | 220 | 20 Jan 2024 | |
latest/edge | 216 | 19 Jan 2024 | |
latest/edge | 214 | 19 Jan 2024 | |
latest/edge | 213 | 19 Jan 2024 | |
latest/edge | 109 | 18 Apr 2023 | |
latest/edge | 79 | 02 Aug 2022 | |
1.16/stable | 387 | 12 Sep 2024 | |
1.16/candidate | 387 | 12 Sep 2024 | |
1.16/beta | 387 | 12 Sep 2024 | |
1.16/edge | 393 | Today | |
1.15/stable | 357 | 24 Jul 2024 | |
1.15/candidate | 357 | 24 Jul 2024 | |
1.15/beta | 357 | 24 Jul 2024 | |
1.15/edge | 376 | 31 Jul 2024 | |
1.8/stable | 372 | 26 Jul 2024 | |
1.8/edge | 164 | 09 Aug 2023 | |
1.8/edge | 162 | 09 Aug 2023 | |
1.8/edge | 161 | 09 Aug 2023 | |
1.8/edge | 159 | 09 Aug 2023 | |
1.8/edge | 157 | 09 Aug 2023 | |
1.8/edge | 156 | 09 Aug 2023 | |
1.8/edge | 155 | 09 Aug 2023 | |
1.8/edge | 154 | 09 Aug 2023 | |
1.8/edge | 140 | 07 Aug 2023 | |
1.8/edge | 138 | 04 Aug 2023 | |
1.8/edge | 135 | 04 Aug 2023 | |
1.8/edge | 131 | 04 Aug 2023 | |
1.7/stable | 371 | 26 Jul 2024 | |
1.6/stable | 369 | 26 Jul 2024 | |
1.5/stable | 370 | 26 Jul 2024 |
juju deploy vault --channel 1.15/beta
Deploy universal operators easily with Juju, the Universal Operator Lifecycle Manager.
Platform:
24.04
23.10
23.04
22.10
22.04
20.04
18.04
Scale
The Vault charm uses the raft backend to scale. This guide walks you through scaling Vault.
Pre-requisites:
- Vault is initialised and unseal
- The Vault charm is authorised
1. Validate that Vault is an active state
Run juju status
:
Model Controller Cloud/Region Version SLA Timestamp
demo localhost-localhost localhost/localhost 3.4.0 unsupported 12:11:19-04:00
App Version Status Scale Charm Channel Rev Exposed Message
vault active 1 vault 1.15/beta 257 no
Unit Workload Agent Machine Public address Ports Message
vault/0* active idle 0 10.191.126.116
Machine State Address Inst id Base AZ Message
0 started 10.191.126.116 juju-b8368f-0 ubuntu@22.04 Running
2. Scale Vault to 3 units
Add 2 more units:
juju add-unit vault -n 2
The new units will be sealed:
Model Controller Cloud/Region Version SLA Timestamp
demo localhost-localhost localhost/localhost 3.4.0 unsupported 12:19:14-04:00
App Version Status Scale Charm Channel Rev Exposed Message
vault blocked 3 vault 1.15/beta 257 no Waiting for Vault to be unsealed
Unit Workload Agent Machine Public address Ports Message
vault/0* active idle 0 10.191.126.116
vault/1 blocked idle 1 10.191.126.151 Waiting for Vault to be unsealed
vault/2 blocked idle 2 10.191.126.90 Waiting for Vault to be unsealed
Machine State Address Inst id Base AZ Message
0 started 10.191.126.116 juju-b8368f-0 ubuntu@22.04 Running
1 started 10.191.126.151 juju-b8368f-1 ubuntu@22.04 Running
2 started 10.191.126.90 juju-b8368f-2 ubuntu@22.04 Running
Set the VAULT_ADDR
variable to the vault/1
unit:
export VAULT_ADDR=https://$(juju status vault/1 --format=yaml | awk '/public-address/ { print $2 }'):8200; echo $VAULT_ADDR
Unseal the the vault/1
unit using the same unseal keys as received during the initialization of the Vault leader:
vault operator unseal EJoB62t286mjUpSQYZg3mOla3lz/bbElVL5OLnj+rpE=
And complete the same operations for the vault/2
unit:
export VAULT_ADDR=https://$(juju status vault/2 --format=yaml | awk '/public-address/ { print $2 }'):8200; echo $VAULT_ADDR
vault operator unseal EJoB62t286mjUpSQYZg3mOla3lz/bbElVL5OLnj+rpE=
3. Validate that all units are part of the cluster
All units should go to the Active/Idle
Juju status:
$ juju status
Model Controller Cloud/Region Version SLA Timestamp
demo localhost-localhost localhost/localhost 3.4.0 unsupported 12:24:32-04:00
App Version Status Scale Charm Channel Rev Exposed Message
vault active 3 vault 1.15/beta 257 no
Unit Workload Agent Machine Public address Ports Message
vault/0* active idle 0 10.191.126.116
vault/1 active idle 1 10.191.126.151
vault/2 active idle 2 10.191.126.90
Machine State Address Inst id Base AZ Message
0 started 10.191.126.116 juju-b8368f-0 ubuntu@22.04 Running
1 started 10.191.126.151 juju-b8368f-1 ubuntu@22.04 Running
2 started 10.191.126.90 juju-b8368f-2 ubuntu@22.04 Running
And they should all be part of the raft cluster:
$ vault operator raft list-peers
Node Address State Voter
---- ------- ----- -----
demo-vault/0 10.191.126.116:8201 leader true
demo-vault/1 10.191.126.151:8201 follower true
demo-vault/2 10.191.126.90:8201 follower true