Where to Install
RichieRogers opened this issue · comments
Hi,
Not an issue, merely a query.
I'm setting up a cluster - three Consul nodes and two Vault nodes.
Does this vault-unseal script have to be on the Vault nodes or can I put it on the three Consul nodes? All instances are running Ubuntu 20.04.
Thanks,
Richie
It could be setup anywhere to be honest, there is no set requirement for its location. Though, I suppose if someone limited API calls (or unseal calls specifically) behind some kind of firewall/WAF, it would need to behind that firewall, but I suspect that's unlikely for most folks.
Hi,
Thanks for confirming.
One thing to note is this needs to have three VAULT nodes to work (I was using a build that had 2x VAULT and 3x Consul nodes, so had to build another vault node).
Thanks,
Richie
I believe it's generally best practice to have an uneven number of nodes (minimum 3 for production), to prevent split-brain situations and allow leader election.