harald/teepot
1
0
Fork 0
mirror of https://github.com/matter-labs/teepot.git synced 2025-07-21 15:13:56 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
teepot/packages/container-vault-start-config/config.hcl
Harald Hoyer 6be0ac561e
fix: use performance_multiplier 
The vault instances lose the raft leader status, while loading
the `vault-auth-tee` plugin, because the gramine enviroment slows
down the `execve` significantly.

Using `performance_multiplier` relaxes the timeouts for the raft protocol.

see also: https://github.com/hashicorp/vault/issues/28009

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
2024-08-07 15:54:22 +02:00

56 lines
1.8 KiB
HCL
Raw Blame History

# Parameter needed because of slow plugin loading
# may be relaxed for faster machines
#http_read_header_timeout = 0
#http_read_timeout = 300
disable_mlock = true
ui = false
listener "tcp" {
address = "0.0.0.0:8210"
cluster_address = "0.0.0.0:8211"
tls_disable = false
tls_cert_file = "/opt/vault/tls/tls.crt"
tls_key_file = "/opt/vault/tls/tls.key"
tls_client_ca_file = "/opt/vault/cacert.pem"
}
storage "raft" {
path = "/opt/vault/data/"
# override via env var VAULT_RAFT_NODE_ID
node_id = "teepot-vault-0.teepot-vault"
# Parameter needed because of slow plugin loading
# may be relaxed for faster machines
# see also https://github.com/hashicorp/vault/issues/28009
performance_multiplier = 10
# autopilot_reconcile_interval = "120s"
# autopilot_update_interval = "60s"
retry_join {
leader_api_addr = "https://teepot-vault-0.teepot-vault:8210"
leader_ca_cert_file = "/opt/vault/cacert.pem"
leader_client_cert_file = "/opt/vault/tls/tls.crt"
leader_client_key_file = "/opt/vault/tls/tls.key"
}
retry_join {
leader_api_addr = "https://teepot-vault-1.teepot-vault:8210"
leader_ca_cert_file = "/opt/vault/cacert.pem"
leader_client_cert_file = "/opt/vault/tls/tls.crt"
leader_client_key_file = "/opt/vault/tls/tls.key"
}
retry_join {
leader_api_addr = "https://teepot-vault-2.teepot-vault:8210"
leader_ca_cert_file = "/opt/vault/cacert.pem"
leader_client_cert_file = "/opt/vault/tls/tls.crt"
leader_client_key_file = "/opt/vault/tls/tls.key"
}
}
# path of plugin binaries
plugin_directory = "/opt/vault/plugins"
# override via env var VAULT_API_ADDR
api_addr = "https://teepot-vault.teepot-vault:8210"
# override via env var VAULT_CLUSTER_ADDR
cluster_addr = "https://teepot-vault.teepot-vault:8211"
Reference in a new issue View git blame Copy permalink