Install and Configure HashiCorp Vault on Linux

2 hours
  • 5 Learning Objectives

About this Hands-on Lab

When using HashiCorp Vault, it is important to know how to perform the installation, configuration, and the initial setup. This lab will demonstrate how to complete these tasks.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Download, Unpack, and Move Consul to the Bin Directory
  • Download Consul.
  • Install unzip and unpack the Consul zip.
  • Move the Consul executable to the bin directory.
  • Test it out!
Create and Configure the Consul systemd Service
  • Create a systemd service file and populate it with the provided code, replacing the IP.ADDRESS.OF.SERVER with the internal IP address of the server.
  • Create a directory for the configuration files.
  • Create a configuration file for the Consul UI and populate it with the provided code.
  • Reload, start, enable, and verify the Consul service.
Download, Unpack, and Move Vault to the Bin Directory
  • Download and unpack Vault.
  • Move the Vault binary to the bin directory.
Create and Configure the Vault systemd Service
  • Create a directory for the configuration files.
  • Create a configuration file for Vault and populate it with the provided code, replacing the Consul.IP.ADDRESS with the internal IP address of the server.
  • Create a systemd service file and populate it with the provided code.
  • Reload, start, enable, and verify the Vault service.
  • Set the Vault address for both the current and future system sessions.
  • Set up autocomplete for Vault commands.
Initialize and Access the Vault

Initialize, unseal, and log in to Vault to verify the previous tasks were completed successfully.

Additional Resources

Scenario:

You are working in a DevOps position and have received a task to install and set up HashiCorp Vault in the company cloud. The manager forgot to inform you in time, so now you have about two hours before the presentation meeting to set this up and make a good impression. Have fun!


Required Code

Use the following code to populate the Consul systemd service file:

[Unit]
Description=Consul
Documentation=https://www.consul.io/

[Service]
ExecStart=/usr/bin/consul agent -server -ui -data-dir=/temp/consul -bootstrap-expect=1 -node=vault -bind=IP.ADDRESS.OF.SERVER -config-dir=/etc/consul.d/
ExecReload=/bin/kill -HUP $MAINPID
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target

Use the following code to populate the Consul configuration file:

{
  "addresses": {
   "http": "0.0.0.0"
   }
}

Use the following code to populate the Vault configuration file:

storage "consul" {
        address = "Consul.IP.ADDRESS:8500"
        path = "vault/"
}
listener "tcp" {
        address = "0.0.0.0:80"
        tls_disable = 1
}
ui = true

Use the following code to populate the Vault systemd service file:

[Unit]
Description=Vault
Documentation=https://www.vault.io/

[Service]
ExecStart=/usr/bin/vault server -config=/etc/vault/config.hcl
ExecReload=/bin/kill -HUP $MAINPID
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target

Use the dig command and the public IP address of the lab server to obtain the fully qualified domain name (FQDN) the lab server to connect to the Vault service:

dig -x <SERVER_PUBLIC_IP>

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?