ansible-consul icon indicating copy to clipboard operation
ansible-consul copied to clipboard

Published 20 hours ago verified publisher icon ansible-collections

Vault cannot reach consul clusters nodes

Open mldmld68 opened this issue 4 years ago • 0 comments

Hi We meet an issue We deployed

  • a consul cluster backend with consul server nodes
  • a vault cluster with consul client role for each nodes

Using a gitlabee runner playing consul then vault roles on Google Compute Engines. The ansible user ssh key is deployed at GCP project level, so no need to specify it in inventories

The issue is related to the vault role crash at the last task : TASK [rn_vault_vault : Vault API reachable?] with saying the API returns 411 The cause is the nodes don't have public ip. We declare http_proxy and https_proxy environment at launch of the role to download hashicorp binaries. But in this last step, vault nodes try to reach the API using their IP, but the request is forwarded to the proxy which cannot loop back to the internal IP adresse of a Vault node. Perhaps always keeping 127.0.0.1 could be better for API checking.

Thanks MLD

mldmld68 avatar Nov 19 '19 14:11 mldmld68