Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vault CA requires a unique IntermediatePKIPath for each Datacenter #11684

Closed
GordonMcKinney opened this issue Nov 29, 2021 · 1 comment · Fixed by #11143
Closed

Vault CA requires a unique IntermediatePKIPath for each Datacenter #11684

GordonMcKinney opened this issue Nov 29, 2021 · 1 comment · Fixed by #11143

Comments

@GordonMcKinney
Copy link

Overview of the Issue

The Consul documentation (here) needs to indicate that the IntermediatePKIPath must be unique per Datacenter.

Reproduction Steps

See issue #6819

Consul info for both Client and Server

Client info 
agent:
	check_monitors = 0
	check_ttls = 0
	checks = 3
	services = 2
build:
	prerelease =
	revision = 3cb6eeed
	version = 1.10.2
consul:
	acl = enabled
	known_servers = 3
	server = false
runtime:
	arch = amd64
	cpu_count = 1
	goroutines = 126
	max_procs = 1
	os = linux
	version = go1.16.7
serf_lan:
	coordinate_resets = 0
	encrypted = true
	event_queue = 0
	event_time = 55
	failed = 0
	health_score = 0
	intent_queue = 0
	left = 3
	member_time = 431389
	members = 100
	query_queue = 0
	query_time = 215
Server info 
consul info
agent:
	check_monitors = 0
	check_ttls = 0
	checks = 0
	services = 0
build:
	prerelease =
	revision = 3cb6eeed
	version = 1.10.2
consul:
	acl = enabled
	bootstrap = false
	known_datacenters = 3
	leader = false
	leader_addr = 96.103.24.8:8300
	server = true
raft:
	applied_index = 11979292
	commit_index = 11979292
	fsm_pending = 0
	last_contact = 50.292087ms
	last_log_index = 11979292
	last_log_term = 421
	last_snapshot_index = 11974797
	last_snapshot_term = 421
	latest_configuration = [{Suffrage:Voter ID:e883f188-8807-496a-8147-b51d4c0462cb Address:96.103.24.233:8300} {Suffrage:Voter ID:9476a523-5a9c-4af1-8068-1370412e2c11 Address:96.103.24.164:8300} {Suffrage:Voter ID:fb271478-4fbd-4b94-bcec-6dd44ac225d1 Address:96.103.24.8:8300}]
	latest_configuration_index = 0
	num_peers = 2
	protocol_version = 3
	protocol_version_max = 3
	protocol_version_min = 0
	snapshot_version_max = 1
	snapshot_version_min = 0
	state = Follower
	term = 421
runtime:
	arch = amd64
	cpu_count = 2
	goroutines = 2939
	max_procs = 2
	os = linux
	version = go1.16.7
serf_lan:
	coordinate_resets = 0
	encrypted = true
	event_queue = 0
	event_time = 55
	failed = 4
	health_score = 0
	intent_queue = 0
	left = 59
	member_time = 431388
	members = 160
	query_queue = 0
	query_time = 215
serf_wan:
	coordinate_resets = 0
	encrypted = true
	event_queue = 0
	event_time = 1
	failed = 0
	health_score = 0
	intent_queue = 0
	left = 0
	member_time = 483
	members = 9
	query_queue = 0
	query_time = 2

Operating system and Environment details

Amazon Linux 2 AMI

Log Fragments

Screen Shot 2021-11-29 at 1 58 19 PM
@dnephin dnephin mentioned this issue Nov 29, 2021
Merged
@GordonMcKinney
Copy link
Author

@dnephin Yes, the PR addresses this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

docs: Notes about WAN Federation when using Vault as Connect CA hashicorp/consul
1 participant
@GordonMcKinney