HashiQube is a VM OR a Docker Container with a Docker daemon inside. It runs all HashiCorp products. Vault, Terraform, Nomad, Consul, Waypoint, Boundary, Vagrant, Packer and Sentinel. It also runs a host of other popular Open Source DevOps / DevSecOps applications showcasing how simple integration with HashiCorp products can result in tangible learnings and benefits for all its users Once the Qube is up an internet connection is no longer needed meaning sales pitches and demos for potential and existing customers is greatly aided.
HashiCorp blog post about HashiQube: https://www.hashicorp.com/resources/hashiqube-a-development-lab-using-all-the-hashicorp-products
HashiQube website: https://servian.github.io/hashiqube
HashiQube github: https://github.com/servian/hashiqube
HashiQube youtube: https://www.youtube.com/watch?v=6jGDAGWaFiw
HashiQube has been created to enable anyone who is interested in secure automation pipelines the ability to run a suite of ‘best in class’ tools their local machines at the cost of a small amount of system resources. The Qube gives all interested parties the empowerment to deploy these tools in a way covers multiple use cases effectively providing a ‘concept to completion’ test bed using open source HashiCorp products. The original use case was born the desire to demystify DevSecOps utilising Terraform, Vault, Consul, Sentinel and Nomad as well as some other well know open source CI/CD tools by providing a ‘hands-on’ environment that demonstrates the value of secret and credential management in standard software development pipeline.
Thanks to the flexibility of the HashiCorp products there is no need wonder how to achieve the goals of bringing software to market in a more secure and timely fashion, just Vagrant up!
| Name | Docker | Virtualbox | Hyper-V |
|---|---|---|---|
| amd64 | ✓ | ✓ | ✘ |
| arm64 | ✓ | ✘ | ✘ |
| linux | ✓ | ✓ | ✘ |
| windows | ✓ | ✘ | ✘ |
| mac intel | ✓ | ✓ | ✘ |
| mac apple | ✓ | ✘ | ✘ |
- Vagrant - Please download Vagrant from https://www.vagrantup.com/downloads.html and install
- Docker - Please download Docker from https://www.docker.com/products/docker-desktop and install
- Virtualbox (Optional) - Please download Virtualbox from https://www.virtualbox.org/wiki/Downloads and install
- Using
git- clone this repogit clone $repo .What is Git? - Inside the local repo folder, do
vagrant up --provision --provider docker- This will setup, Vault, Nomad, Consul, Terraform, Localstack and Docker - Documentation locally available at http:https://localhost:3333
HashiQube is made up out of a number of components and some rely on each other.
For example you can run componenets seperately as demonstrated below.
vagrant up --provision-with basetools
vagrant up --provision-with docker
vagrant up --provision-with docsify
vagrant up --provision-with vault
vagrant up --provision-with nomad
vagrant up --provision-with minikube
💡 If you see this error message
The IP address configured for the host-only network is not within the
allowed ranges. Please update the address used to be within the allowed
ranges and run the command again.
Address: 10.9.99.10
Ranges: 192.168.56.0/21
Valid ranges can be modified in the /etc/vbox/networks.conf file. For
more information including valid format see:
https://www.virtualbox.org/manual/ch06.html#network_hostonly
Please create the following file: /etc/vbox/networks.conf with the following contents
* 10.0.0.0/8 192.168.0.0/16
* 2001::/64
and re-run vagrant up --provision --provider docker
To get started we are now going to install some core dependencies to get the Lab started, you need to install below dependencies before you can do anything
Mac Users only, Windows Users can skip this step Let's first check if we have an M1 Mac, if that is the case the virtualbox provider will not work.
Click on the Apple Icon top left
and click on About this Mac
If you see an Intel chip, you can proceed with the virtualbox provider.
If you see an Apple M1 chip, please ensure you specify the environment variable and the provider to be docker.
vagrant plugin uninstall vagrant-hostsupdater # the hostsupdator plugin does not work with the docker provider
Docker Desktop is an easy-to-install application for your Mac or Windows environment that enables you to build and share containerized applications and microservices. It's a graphical user interface for the docker service.
- Please download Docker Desktop from https://www.docker.com/products/docker-desktop and install it on your laptop, to verify please bring up the Docker Desktop application.
I already have HashiQube running, you won't see any containers but you will be able to open the application
Now that docker has been installed we need to ensure that your docker environment and settings are configured
- Ensure you have the latest version installed
- Ensure that your Operating System is updated see: https://www.docker.com/blog/speed-boost-achievement-unlocked-on-docker-desktop-4-6-for-mac/
- Please ensure that you give your docker daemon at least 12G of RAM and sufficient disk space
Local DNS via Consul
Add on our local Macbook a file /etc/resolver/consul with below contents
nameserver 10.9.99.10
port 8600
Now you can use DNS like nomad.service.consul:9999 vault.service.consul:9999 via Fabio Load Balancer
- 10GB of disk space
- 4GB RAM
- Admin rights / sudo (you will be asked to update ETC Host file)
- Virtualbox
- Vagrant
vagrant up --provision --provider docker
- Multi Cloud - Hashiqube on AWS, GCP and Azure (Clustered) https://registry.terraform.io/modules/star3am/hashiqube/hashicorp/latest
- Vagrant - Development Environments Made Easy
- Vault - Manage Secrets and Protect Sensitive Data
- Consul - Secure Service Networking
- Nomad - Deploy and Manage Any Containerized, Legacy, or Batch Application
- Traefik - Traefik is a modern HTTP reverse proxy and load balancer that seamlessly integrates with Nomad
- Fabio - Fabio is an HTTP and TCP reverse proxy that configures itself with data from Consul
- Terraform - Use Infrastructure as Code to provision and manage any cloud, infrastructure, or service
- Packer - Build Automated Machine Images
- Sentinel - Sentinel is an embedded policy-as-code framework
- Waypoint - Waypoint is an open source solution that provides a modern workflow for build, deploy, and release across platforms
- Boundary - Simple and secure remote access to any system from anywhere based on user identity.
- Docker - Securely build, share and run any application, anywhere
- Localstack - A fully functional local AWS cloud stack
- Ansible - Automation for everyone
- LDAP - Lightweight Directory Access Protocol
- Jenkins - The leading open source automation server
- Oracle MySQL - MySQL is an open-source relational database management system (RDBMS)
- Microsoft MSSQL - Microsoft SQL Server is a relational database management system developed by Microsoft
- PostgreSQL - PostgreSQL, also known as Postgres, is a free and open-source relational database management system emphasizing extensibility and SQL compliance.
- Minikube - Run Kubernetes locally
- Newrelic Kubernetes Monitoring - Monitor Kubernetes Clusters and Workloads with Newrelic
- Docsify - A magical documentation site generator
Once the stack is up you will have a large number of services running and available on localhost
For Documentation please open http:https://localhost:3333 in your browser
- Vault http:https://localhost:8200
- Nomad http:https://localhost:4646
- Consul http:https://localhost:8500
- Localstack http:https://localhost:8080
- LDAP can be accessed on ldap:https://localhost:389
- Localstack web http:https://localhost:8080
- Ansible provisioning Apache2 http:https://localhost:8888
- Jenkins http:https://localhost:8088
- Oracle MySQL localhost:3306
- Microsoft SQL localhost:1433
- Minikube http:https://localhost:10888
- Traefik http:https://localhost:8181
- Fabio http:https://localhost:9999
- vagrant up --provision OR vagrant up --provision-with bootstrap|nomad|consul|vault|docker|ldap --provider docker
- vagrant global-status # to see which VMs are active
- vagrant global-status --prune # to remove stale VMs from Vagrant cache
- vagrant status # vagrant status
- vagrant reload
- vagrant up
- vagrant destroy
- vagrant provision
- vagrant plugin list
- docker image ls
- docker ps
- docker stop
==> user.local.dev: [vagrant-hostsupdater] Checking for host entries
==> user.local.dev: [vagrant-hostsupdater] found entry for: 10.9.99.10 user.local.dev
==> user.local.dev: [vagrant-hostsupdater] found entry for: 10.9.99.10 user.local.dev
==> user.local.dev: [vagrant-hostsupdater] found entry for: 10.9.99.10 consul-user.local.dev
==> user.local.dev: [vagrant-hostsupdater] found entry for: 10.9.99.10 vault-user.local.dev
==> user.local.dev: [vagrant-hostsupdater] found entry for: 10.9.99.10 nomad-user.local.dev
==> user.local.dev: Setting hostname...
Error response from daemon: cannot stop container: 6c0c8135620ff47efe12df417a0df0e57d7a81a7f7ca06d011323fbb52e573db: tried to kill container, but did not receive an exit event
Command vagrant destroy
Solution run vagrant destroy again
hashiqube0.service.consul: Are you sure you want to destroy the 'hashiqube0.service.consul' VM? [y/N] y
==> hashiqube0.service.consul: Stopping container...
A Docker command executed by Vagrant didn't complete successfully!
The command run along with the output from the command is shown
below.
Command: ["docker", "stop", "-t", "1", "6c0c8135620ff47efe12df417a0df0e57d7a81a7f7ca06d011323fbb52e573db", {:notify=>[:stdout, :stderr]}]
Stderr: Error response from daemon: cannot stop container: 6c0c8135620ff47efe12df417a0df0e57d7a81a7f7ca06d011323fbb52e573db: tried to kill container, but did not receive an exit event
Error The IP address configured for the host-only network is not within the allowed ranges. Please
update the address used to be within the allowed ranges and run the command again.
Command vagrant up --provision
Solution Ensure the following contents are present in /etc/vbox/networks.conf
* 10.0.0.0/8 192.168.0.0/16
* 2001::/64
Gatling: (load testing) https://gatling.io/open-source
Spinnaker for multi-cloud / multi swim lane CD tool: https://www.spinnaker.io/concepts/
Build agent showing code clean and dirty.
Java
Python
JavaScript
Hygiea dashboard: https://github.com/Hygieia/Hygieia
Alerting will be handled by a local docker messaging server such as Gotify: https://github.com/gotify/server
Gloo: https://docs.solo.io/gloo/latest/introduction/
For suggestions, feedback and queries please branch or and submit a Pull Request or directly contact the architects of the HashiQube via email:
Lead Automation Architect [email protected]
A Very special mention to HashiQube's contributors, Thank You All for your help, suggestions and contributions no matter how small <3
- Thomas Cockin
- Konstantin Vanyushov
- Tristan Morgan
- Ringo Chan
- Ehsan Mirzaei
- Greg Luxford
Videos were made with asciinema https://asciinema.org/
- asciinema rec -i 1
- asciicast2gif -S 1 -s 2 tmpd1zpq13n-ascii.cast tmpd1zpq13n-ascii.gif
HashiQube is available as open-source under the terms of the MIT License.