diff --git a/datacenter-deploy-auto-config/secint/consul/server1.json b/datacenter-deploy-auto-config/secint/consul/server1.json index 72a2ed8..2f54b24 100644 --- a/datacenter-deploy-auto-config/secint/consul/server1.json +++ b/datacenter-deploy-auto-config/secint/consul/server1.json @@ -17,7 +17,7 @@ "default_policy": "deny", "enable_token_persistence": true, "tokens": { - "master": "e95b599e-166e-7d80-08ad-aee76e7ddf19", + "initial_management": "e95b599e-166e-7d80-08ad-aee76e7ddf19", "agent": "e95b599e-166e-7d80-08ad-aee76e7ddf19" } }, @@ -26,7 +26,7 @@ "authorization": { "enabled": true, "static": { - "jwt_validation_pub_keys": ["-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFlUd7FoWSPtRl5maa58XDDjiFplNBxtai41Hq8rnyfQxirYQoLKHKakuZAGpn3PwYewEbYrB+b1f7/P6DzWBRg==\n-----END PUBLIC KEY-----\n"], + "jwt_validation_pub_keys": ["-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFGvHJZCj5SsFlOI48A+Dc4Hezywd\nN8YYjMAQrPTcG6f3jdIEBsh/sVgFTyDYmnwuX6S2ZE3nJ5TtUeJxwwg4EQ==\n-----END PUBLIC KEY-----\n"], "bound_issuer": "secint", "bound_audiences": ["consul-cluster-dc1"], "claim_mappings": { diff --git a/datacenter-deploy-auto-config/secint/consul/server2.json b/datacenter-deploy-auto-config/secint/consul/server2.json index 3eb674a..e5d022e 100644 --- a/datacenter-deploy-auto-config/secint/consul/server2.json +++ b/datacenter-deploy-auto-config/secint/consul/server2.json @@ -17,7 +17,7 @@ "default_policy": "deny", "enable_token_persistence": true, "tokens": { - "master": "e95b599e-166e-7d80-08ad-aee76e7ddf19", + "initial_management": "e95b599e-166e-7d80-08ad-aee76e7ddf19", "agent": "e95b599e-166e-7d80-08ad-aee76e7ddf19" } }, @@ -26,7 +26,7 @@ "authorization": { "enabled": true, "static": { - "jwt_validation_pub_keys": ["-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFlUd7FoWSPtRl5maa58XDDjiFplNBxtai41Hq8rnyfQxirYQoLKHKakuZAGpn3PwYewEbYrB+b1f7/P6DzWBRg==\n-----END PUBLIC KEY-----\n"], + "jwt_validation_pub_keys": ["-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFGvHJZCj5SsFlOI48A+Dc4Hezywd\nN8YYjMAQrPTcG6f3jdIEBsh/sVgFTyDYmnwuX6S2ZE3nJ5TtUeJxwwg4EQ==\n-----END PUBLIC KEY-----\n"], "bound_issuer": "secint", "bound_audiences": ["consul-cluster-dc1"], "claim_mappings": { diff --git a/datacenter-deploy-auto-config/secint/consul/server3.json b/datacenter-deploy-auto-config/secint/consul/server3.json index 31b3303..7a2a332 100644 --- a/datacenter-deploy-auto-config/secint/consul/server3.json +++ b/datacenter-deploy-auto-config/secint/consul/server3.json @@ -17,7 +17,7 @@ "default_policy": "deny", "enable_token_persistence": true, "tokens": { - "master": "e95b599e-166e-7d80-08ad-aee76e7ddf19", + "initial_management": "e95b599e-166e-7d80-08ad-aee76e7ddf19", "agent": "e95b599e-166e-7d80-08ad-aee76e7ddf19" } }, @@ -26,7 +26,7 @@ "authorization": { "enabled": true, "static": { - "jwt_validation_pub_keys": ["-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFlUd7FoWSPtRl5maa58XDDjiFplNBxtai41Hq8rnyfQxirYQoLKHKakuZAGpn3PwYewEbYrB+b1f7/P6DzWBRg==\n-----END PUBLIC KEY-----\n"], + "jwt_validation_pub_keys": ["-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFGvHJZCj5SsFlOI48A+Dc4Hezywd\nN8YYjMAQrPTcG6f3jdIEBsh/sVgFTyDYmnwuX6S2ZE3nJ5TtUeJxwwg4EQ==\n-----END PUBLIC KEY-----\n"], "bound_issuer": "secint", "bound_audiences": ["consul-cluster-dc1"], "claim_mappings": { diff --git a/datacenter-deploy-auto-config/secint/docker-compose.yml b/datacenter-deploy-auto-config/secint/docker-compose.yml index 79ee0e8..af0f582 100644 --- a/datacenter-deploy-auto-config/secint/docker-compose.yml +++ b/datacenter-deploy-auto-config/secint/docker-compose.yml @@ -3,7 +3,7 @@ version: '3.7' services: consul-server1: - image: hashicorp/consul:1.10.1 + image: hashicorp/consul:1.11.2 container_name: consul-server1 hostname: consul-server1 restart: always @@ -19,7 +19,7 @@ services: command: "agent -bootstrap-expect=3" consul-server2: - image: hashicorp/consul:1.10.1 + image: hashicorp/consul:1.11.2 container_name: consul-server2 hostname: consul-server2 restart: always @@ -31,7 +31,7 @@ services: command: "agent -bootstrap-expect=3" consul-server3: - image: hashicorp/consul:1.10.1 + image: hashicorp/consul:1.11.2 container_name: consul-server3 hostname: consul-server3 restart: always diff --git a/datacenter-deploy-auto-config/secint/tokens/jwt b/datacenter-deploy-auto-config/secint/tokens/jwt index ac58ec9..e69de29 100644 --- a/datacenter-deploy-auto-config/secint/tokens/jwt +++ b/datacenter-deploy-auto-config/secint/tokens/jwt @@ -1 +0,0 @@ -eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsiY29uc3VsLWNsdXN0ZXItZGMxIl0sImV4cCI6MTYyOTg3NDIwNywiaXNzIjoic2VjaW50IiwianRpIjoiZmM5OTE2OWYtNmRjOC1lNzQ0LWUyNzUtMGMyODZjMTAyMWI5IiwibmJmIjoxNjI5ODMwOTQ3LCJzdWIiOiJjb25zdWwtY2xpZW50In0.GqlUANGapiZep6-WnCPOXkd3HLuvaYzHHD7fybf1G2abz_HMBPvcHCbwi7wpQsiTmvtiD-Zw1G3JMynUZLNVXQ \ No newline at end of file diff --git a/datacenter-deploy-auto-config/vault/consul/server1.json b/datacenter-deploy-auto-config/vault/consul/server1.json index f3e4c43..e5c1905 100644 --- a/datacenter-deploy-auto-config/vault/consul/server1.json +++ b/datacenter-deploy-auto-config/vault/consul/server1.json @@ -17,7 +17,7 @@ "default_policy": "deny", "enable_token_persistence": true, "tokens": { - "master": "e95b599e-166e-7d80-08ad-aee76e7ddf19", + "initial_management": "e95b599e-166e-7d80-08ad-aee76e7ddf19", "agent": "e95b599e-166e-7d80-08ad-aee76e7ddf19" } }, diff --git a/datacenter-deploy-auto-config/vault/consul/server2.json b/datacenter-deploy-auto-config/vault/consul/server2.json index 0151eff..6dc8622 100644 --- a/datacenter-deploy-auto-config/vault/consul/server2.json +++ b/datacenter-deploy-auto-config/vault/consul/server2.json @@ -17,7 +17,7 @@ "default_policy": "deny", "enable_token_persistence": true, "tokens": { - "master": "e95b599e-166e-7d80-08ad-aee76e7ddf19", + "initial_management": "e95b599e-166e-7d80-08ad-aee76e7ddf19", "agent": "e95b599e-166e-7d80-08ad-aee76e7ddf19" } }, diff --git a/datacenter-deploy-auto-config/vault/consul/server3.json b/datacenter-deploy-auto-config/vault/consul/server3.json index 5a284da..481c938 100644 --- a/datacenter-deploy-auto-config/vault/consul/server3.json +++ b/datacenter-deploy-auto-config/vault/consul/server3.json @@ -17,7 +17,7 @@ "default_policy": "deny", "enable_token_persistence": true, "tokens": { - "master": "e95b599e-166e-7d80-08ad-aee76e7ddf19", + "initial_management": "e95b599e-166e-7d80-08ad-aee76e7ddf19", "agent": "e95b599e-166e-7d80-08ad-aee76e7ddf19" } }, diff --git a/datacenter-deploy-auto-config/vault/consul/test-configs/server1-vault.json b/datacenter-deploy-auto-config/vault/consul/test-configs/server1-vault.json index 16dd048..d9ef883 100644 --- a/datacenter-deploy-auto-config/vault/consul/test-configs/server1-vault.json +++ b/datacenter-deploy-auto-config/vault/consul/test-configs/server1-vault.json @@ -17,7 +17,7 @@ "default_policy": "deny", "enable_token_persistence": true, "tokens": { - "master": "e95b599e-166e-7d80-08ad-aee76e7ddf19", + "initial_management": "e95b599e-166e-7d80-08ad-aee76e7ddf19", "agent": "e95b599e-166e-7d80-08ad-aee76e7ddf19" } }, diff --git a/datacenter-deploy-auto-config/vault/consul/test-configs/server3-secint.json b/datacenter-deploy-auto-config/vault/consul/test-configs/server3-secint.json index aaac98b..05b01c3 100644 --- a/datacenter-deploy-auto-config/vault/consul/test-configs/server3-secint.json +++ b/datacenter-deploy-auto-config/vault/consul/test-configs/server3-secint.json @@ -17,7 +17,7 @@ "default_policy": "deny", "enable_token_persistence": true, "tokens": { - "master": "e95b599e-166e-7d80-08ad-aee76e7ddf19", + "initial_management": "e95b599e-166e-7d80-08ad-aee76e7ddf19", "agent": "e95b599e-166e-7d80-08ad-aee76e7ddf19" } }, diff --git a/datacenter-deploy-auto-config/vault/docker-compose.yml b/datacenter-deploy-auto-config/vault/docker-compose.yml index 76fa80e..1131686 100644 --- a/datacenter-deploy-auto-config/vault/docker-compose.yml +++ b/datacenter-deploy-auto-config/vault/docker-compose.yml @@ -3,7 +3,7 @@ version: '3.7' services: consul-server1: - image: hashicorp/consul:1.10.1 + image: hashicorp/consul:1.11.2 container_name: consul-server1 hostname: consul-server1 depends_on: @@ -21,7 +21,7 @@ services: command: "agent -bootstrap-expect=3" consul-server2: - image: hashicorp/consul:1.10.1 + image: hashicorp/consul:1.11.2 container_name: consul-server2 hostname: consul-server2 depends_on: @@ -35,7 +35,7 @@ services: command: "agent -bootstrap-expect=3" consul-server3: - image: hashicorp/consul:1.10.1 + image: hashicorp/consul:1.11.2 container_name: consul-server3 hostname: consul-server3 depends_on: @@ -49,7 +49,7 @@ services: command: "agent -bootstrap-expect=3" consul-client: - image: hashicorp/consul:1.10.1 + image: hashicorp/consul:1.11.2 container_name: consul-client hostname: consul-client restart: always diff --git a/datacenter-deploy-auto-config/vault/tokens/jwt b/datacenter-deploy-auto-config/vault/tokens/jwt index 4b9a71c..e69de29 100644 --- a/datacenter-deploy-auto-config/vault/tokens/jwt +++ b/datacenter-deploy-auto-config/vault/tokens/jwt @@ -1 +0,0 @@ -eyJhbGciOiJSUzI1NiIsImtpZCI6IjI4YjA2NDlmLTdlNjktMWFhMC03ZmYyLWI4ZDU5NGJhZmE5MCJ9.eyJhdWQiOiJjb25zdWwtY2x1c3Rlci1kYzEiLCJjb25zdWwiOnsiaG9zdG5hbWUiOiJjb25zdWwtY2xpZW50In0sImV4cCI6MTYyOTc5MDc5MywiaWF0IjoxNjI5NzQ3NTkzLCJpc3MiOiJodHRwOi8vdmF1bHQtc2VydmVyOjgyMDAvdjEvaWRlbnRpdHkvb2lkYyIsIm5hbWVzcGFjZSI6InJvb3QiLCJzdWIiOiI4NWE5ZWMxYi1iMTcyLWU1YWEtZmU3Ni0xMzFkOWFjZmVjZTgifQ.LDyLxW0DNEvG208WGRMctjet3oYGZDaJyeJbtzDPwZpzuOL8JErq3rURZDHuMPPtjQGuDZxBWXMtk4MFKU7wl9AXGx3szVe7wks9TJUNxUHIudk6MTLSAnNCVzlPQ2urHXkJd9h-J2eV_0CiR97cSOKtpsid0KKg9bLwCLkTqn9QOtif1dyxIZDNwcyx9aWP0T661sGFO1HfyCIbcdGcPsDVEG01PP4twIGOT0sPVtd3s1U99LTa51zU_BsAU90Or1JIPRw0XStL6m5WHsVOLd1LylZaKR_lMbUPxZz26sbfQ_DBBtEKkPeVbNzEBH7J45JdECggy_1LDtgeBvWl6Q \ No newline at end of file diff --git a/datacenter-deploy-secure/consul-acl.json b/datacenter-deploy-secure/consul-acl.json new file mode 100644 index 0000000..438ab4d --- /dev/null +++ b/datacenter-deploy-secure/consul-acl.json @@ -0,0 +1,9 @@ +{ + "acl": { + "enabled": true, + "default_policy": "deny", + "down_policy": "extend-cache", + "enable_token_persistence": true + } +} + \ No newline at end of file diff --git a/datacenter-deploy-secure/docker-compose.yml b/datacenter-deploy-secure/docker-compose.yml index 591b52d..921cde9 100644 --- a/datacenter-deploy-secure/docker-compose.yml +++ b/datacenter-deploy-secure/docker-compose.yml @@ -3,7 +3,7 @@ version: '3.7' services: consul-server1: - image: hashicorp/consul:1.10.0 + image: hashicorp/consul:1.11.2 container_name: consul-server1 restart: always volumes: @@ -18,7 +18,7 @@ services: command: "agent -bootstrap-expect=3" consul-server2: - image: hashicorp/consul:1.10.0 + image: hashicorp/consul:1.11.2 container_name: consul-server2 restart: always volumes: @@ -29,7 +29,7 @@ services: command: "agent -bootstrap-expect=3" consul-server3: - image: hashicorp/consul:1.10.0 + image: hashicorp/consul:1.11.2 container_name: consul-server3 restart: always volumes: @@ -40,7 +40,7 @@ services: command: "agent -bootstrap-expect=3" consul-client: - image: hashicorp/consul:1.10.0 + image: hashicorp/consul:1.11.2 container_name: consul-client restart: always volumes: