This project is designed to demo the capabilities of the new Connect feature in HashiCorp Consul. Connect replaces IP-based firewalls with service-level security based around the concept of intentions.
This demo showcases the following features of the Hashi stack:
- Consul and Consul Connect
- Consul Templates to dynamically generate configuration files
- Vault for secret storage
- Vagrant to run multiple VM's on a single host
-
Install either VirtualBox or Parallels Desktop.
-
Install Vagrant.
-
Download the latest binaries for Consul, Vault, and Consul-Template. Place them in the root folder of the project, but leave them zipped up. You'll have something like this:
consul-template_0.19.4_linux_amd64.zip consul_1.2.0-beta3_linux_amd64.zip vault_0.10.2_linux_amd64.zip
Open a shell prompt and run vagrant up. It should take a while, but
eventually you'll have six boxes running:
consul0- Consul and Vault servermysql- Database serveradmin- Broadleaf Commerce admin serversite0andsite1- Broadleaf Commerce app serversproxy- Nginx proxy server
Consul-Template doesn't support Connect yet, so although there is a template
to dynamically generate the nginx.conf, it isn't used right now.