Start Vault:
vault server -dev
Enable JWT auth mechanism:
----------------------------------------------------------------------------------------------------- | |
Read Test | |
fio --name=randread --ioengine=libaio --iodepth=16 --rw=randread --bs=4k --direct=0 --size=512M --numjobs=4 --runtime=240 --group_reporting | |
----------------------------------------------------------------------------------------------------- | |
writes a total 2GB files [4 jobs x 512 MB = 2GB] running 4 processes at a time: | |
fio --name=randwrite --ioengine=libaio --iodepth=1 --rw=randwrite --bs=4k --direct=0 --size=512M --numjobs=4 --runtime=240 --group_reporting | |
----------------------------------------------------------------------------------------------------- | |
Read Write Performance Test | |
fio --randrepeat=1 --ioengine=libaio --direct=1 --gtod_reduce=1 --name=test --filename=random_read_write.fio --bs=4k --iodepth=64 --size=4G --readwrite=randrw --rwmixread=75 |
#!/bin/bash | |
set -ueo pipefail | |
TEST_DIR=$1 | |
echo "benchmark disk mounted on" $TEST_DIR | |
echo "--> write throughput" | |
sudo fio --name=disk_benchmark --directory=$TEST_DIR --numjobs=8 \ | |
--size=10G --time_based --runtime=60s --ramp_time=2s --ioengine=libaio \ |
$ terraform init | |
$ terraform plan | |
$ terraform apply --auto-approve | |
$ terraform output |
terraform { | |
required_providers { | |
vault = { | |
source = "hashicorp/vault" | |
version = "3.11.0" | |
} | |
} | |
} | |
provider "vault" { |
data "aws_iam_policy_document" "default" { | |
version = "2012-10-17" | |
statement { | |
sid = "FederatedTrustVaultOIDC" | |
effect = "Allow" | |
actions = ["sts:AssumeRoleWithWebIdentity", ] | |
principals { | |
type = "Federated" |
locals { | |
aad_group = var.aad_group | |
application = var.application_name | |
mount_accessor = var.mount_accessor | |
} | |
data "azuread_group" "default" { | |
display_name = local.aad_group | |
} |
variable "github_jwt_issuer_url" { | |
description = "Issuer URL for GitHub; used in JWT/OIDC auth method configuration." | |
type = string | |
default = "https://token.actions.githubusercontent.com" | |
} | |
variable "github_org_name" { | |
type = string | |
default = "some-github-org" | |
} |
# Change the path below to your own audit log path. | |
/var/log/vault/audit.log { | |
rotate 30 | |
daily | |
# Do not execute rotate if the log file is empty. | |
notifempty | |
missingok | |
compress | |
# Set compress on next rotate cycl to prevent entry loss when performing compression. | |
delaycompress |
Cloud-init combined with terraform can be a powerful tool to provision instances on startup. Debugging scripts that are run by cloud-init however are not the easiest to debug.
Usually on an Ubuntu machine a lot of what is happening can be found in the syslog
cat /var/log/syslog