ansible-consul
ansible-consul copied to clipboard
Vault cannot reach consul clusters nodes
Hi We meet an issue We deployed
- a consul cluster backend with consul server nodes
- a vault cluster with consul client role for each nodes
Using a gitlabee runner playing consul then vault roles on Google Compute Engines. The ansible user ssh key is deployed at GCP project level, so no need to specify it in inventories
The issue is related to the vault role crash at the last task : TASK [rn_vault_vault : Vault API reachable?] with saying the API returns 411 The cause is the nodes don't have public ip. We declare http_proxy and https_proxy environment at launch of the role to download hashicorp binaries. But in this last step, vault nodes try to reach the API using their IP, but the request is forwarded to the proxy which cannot loop back to the internal IP adresse of a Vault node. Perhaps always keeping 127.0.0.1 could be better for API checking.
Thanks MLD