mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-09-19 12:51:08 +02:00
Code Issues Projects Releases Wiki Activity

Merge pull request #1960 from hashicorp/atlas-listener-docs

Browse Source 
document the atlas listener
This commit is contained in:
Vishal Nayak 2016-10-03 16:13:32 -04:00 committed by GitHub
commit a3b58b7454
1 changed files with 42 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
website/source/docs/config/index.html.md
View File

@ -46,8 +46,12 @@ sending a SIGHUP to the server process. These are denoted below.
configuration options as documented below. If not set, HA will be attempted configuration options as documented below. If not set, HA will be attempted
on the backend given in the `backend` parameter. on the backend given in the `backend` parameter.
* `cluster_name` (optional) - An identifier for your Vault cluster. If omitted,
Vault will generate a value for `cluster_name`. If connecting to Vault
Enterprise, this value will be used in the interface.
* `listener` (required) - Configures how Vault is listening for API requests. * `listener` (required) - Configures how Vault is listening for API requests.
"tcp" is currently the only option available. A full reference for the "tcp" and "atlas" are valid values. A full reference for the
inner syntax is below. inner syntax is below.
* `cache_size` (optional) - If set, the size of the read cache used * `cache_size` (optional) - If set, the size of the read cache used
@ -91,9 +95,11 @@ sudo setcap cap_ipc_lock=+ep $(readlink -f $(which vault))
## Listener Reference ## Listener Reference
For the `listener` section, the only supported listener currently For the `listener` section, the only required listener is "tcp".
is "tcp". Regardless of future plans, this is the recommended listener, Regardless of future plans, this is the recommended listener,
since it allows for HA mode. as it allows for HA mode. If you wish to use the Vault
Enterprise interface in HashiCorp Atlas, you may add an ["atlas" listener block](#connecting-to-vault-enterprise-in-hashicorp-atlas)
in addition to the "tcp" one.
The supported options are: The supported options are:
@ -125,6 +131,38 @@ The supported options are:
are generally considered less secure; avoid using these if are generally considered less secure; avoid using these if
possible. possible.
### Connecting to Vault Enterprise in HashiCorp Atlas
Adding an "atlas" block will initiate a long-running connection to the
[SCADA](https://scada.hashicorp.com) service. The SCADA connection allows the
Vault Enterprise interface to securely communicate with and operate on your
Vault cluster.
The "atlas" `listener` supports these options:
* `endpoint` (optional) - The endpoint address used for Vault Enterprise interface
integration. Defaults to the public Vault Enterprise endpoints on Atlas.
* `infrastructure` (required) - Used to provide the Atlas infrastructure name and
the SCADA connection. The format of this is `username/environment`.
* `node_id` (required) - The identifier for an individual node—used in
the Vault Enterprise dashboard.
* `token` (required) - A token from Atlas used to authenticate SCADA session. Generate
one in the [Atlas](https://atlas.hashicorp.com/settings/tokens).
Additionally, the [`cluster_name`](#cluster_name) config option will be used to
identify your cluster members inside the infrastructure in the Vault Enterprise
interface. It is important for operators to use the same value for
`cluster_name` across cluster members because Vault overwrites this value
internally on instance instantiation.
This allows the connection of multiple clusters to a single `infrastructure`.
For more on Vault Enterprise, see the [help documentation](https://atlas.hashicorptest.com/help/vault/features).
## Telemetry Reference ## Telemetry Reference
For the `telemetry` section, there is no resource name. All configuration For the `telemetry` section, there is no resource name. All configuration