Where to Install

Question

Where to Install

RichieRogers opened this issue 3 years ago · comments

Hi,
Not an issue, merely a query.
I'm setting up a cluster - three Consul nodes and two Vault nodes.
Does this vault-unseal script have to be on the Vault nodes or can I put it on the three Consul nodes? All instances are running Ubuntu 20.04.

Thanks,
Richie

Liam Stanley · Answer 1 · Tue Jan 04 2022 00:45:06 GMT+0800 (China Standard Time)

It could be setup anywhere to be honest, there is no set requirement for its location. Though, I suppose if someone limited API calls (or unseal calls specifically) behind some kind of firewall/WAF, it would need to behind that firewall, but I suspect that's unlikely for most folks.

Richard Rogers · Answer 2 · Tue Jan 04 2022 06:01:59 GMT+0800 (China Standard Time)

Hi,
Thanks for confirming.
One thing to note is this needs to have three VAULT nodes to work (I was using a build that had 2x VAULT and 3x Consul nodes, so had to build another vault node).

Thanks,
Richie

Liam Stanley · Answer 3 · Thu Jan 06 2022 22:56:24 GMT+0800 (China Standard Time)

I believe it's generally best practice to have an uneven number of nodes (minimum 3 for production), to prevent split-brain situations and allow leader election.