117 lines
3.3 KiB
Bash
Executable File
117 lines
3.3 KiB
Bash
Executable File
#!/bin/bash
|
||
# 验证Vault与Consul集成状态
|
||
|
||
echo "===== 验证Vault与Consul集成 ====="
|
||
|
||
# 颜色定义
|
||
GREEN='\033[0;32m'
|
||
YELLOW='\033[1;33m'
|
||
RED='\033[0;31m'
|
||
NC='\033[0m' # No Color
|
||
|
||
# 函数定义
|
||
log_info() {
|
||
echo -e "${GREEN}[INFO]${NC} $1"
|
||
}
|
||
|
||
log_warn() {
|
||
echo -e "${YELLOW}[WARN]${NC} $1"
|
||
}
|
||
|
||
log_error() {
|
||
echo -e "${RED}[ERROR]${NC} $1"
|
||
}
|
||
|
||
# 1. 检查Vault状态
|
||
log_info "1. 检查Vault状态"
|
||
source /root/mgmt/security/secrets/vault/dev/vault_env.sh
|
||
vault_status=$(vault status 2>/dev/null)
|
||
if [ $? -eq 0 ]; then
|
||
echo "$vault_status"
|
||
storage_type=$(echo "$vault_status" | grep "Storage Type" | awk '{print $3}')
|
||
if [ "$storage_type" = "consul" ]; then
|
||
log_info "✓ Vault正在使用Consul作为存储后端"
|
||
else
|
||
log_error "✗ Vault未使用Consul作为存储后端"
|
||
exit 1
|
||
fi
|
||
else
|
||
log_error "✗ 无法连接到Vault"
|
||
exit 1
|
||
fi
|
||
|
||
# 2. 检查Consul集群状态
|
||
log_info ""
|
||
log_info "2. 检查Consul集群状态"
|
||
consul_members=$(consul members 2>/dev/null)
|
||
if [ $? -eq 0 ]; then
|
||
echo "$consul_members"
|
||
alive_count=$(echo "$consul_members" | grep -c "alive")
|
||
if [ "$alive_count" -ge 1 ]; then
|
||
log_info "✓ Consul集群正在运行"
|
||
else
|
||
log_error "✗ Consul集群无活动节点"
|
||
fi
|
||
else
|
||
log_error "✗ 无法连接到Consul"
|
||
fi
|
||
|
||
# 3. 检查Consul中的Vault数据
|
||
log_info ""
|
||
log_info "3. 检查Consul中的Vault数据"
|
||
vault_data=$(curl -s http://100.117.106.136:8500/v1/kv/vault/?recurse 2>/dev/null)
|
||
if [ $? -eq 0 ] && [ -n "$vault_data" ]; then
|
||
keys_count=$(echo "$vault_data" | jq length)
|
||
log_info "✓ Consul中存储了 $keys_count 个Vault相关键值对"
|
||
|
||
# 显示一些关键的Vault数据
|
||
echo "关键Vault数据键:"
|
||
echo "$vault_data" | jq -r '.[].Key' | head -10
|
||
else
|
||
log_error "✗ 无法从Consul获取Vault数据"
|
||
fi
|
||
|
||
# 4. 验证Vault数据读写
|
||
log_info ""
|
||
log_info "4. 验证Vault数据读写"
|
||
# 写入测试数据
|
||
test_write=$(vault kv put secret/integration-test/test-key test_value="integration_test_$(date +%s)" 2>&1)
|
||
if echo "$test_write" | grep -q "Success"; then
|
||
log_info "✓ 成功写入测试数据到Vault"
|
||
|
||
# 读取测试数据
|
||
test_read=$(vault kv get secret/integration-test/test-key 2>&1)
|
||
if echo "$test_read" | grep -q "test_value"; then
|
||
log_info "✓ 成功从Vault读取测试数据"
|
||
echo "$test_read"
|
||
else
|
||
log_error "✗ 无法从Vault读取测试数据"
|
||
echo "$test_read"
|
||
fi
|
||
|
||
# 清理测试数据
|
||
vault kv delete secret/integration-test/test-key >/dev/null 2>&1
|
||
else
|
||
log_error "✗ 无法写入测试数据到Vault"
|
||
echo "$test_write"
|
||
fi
|
||
|
||
# 5. 检查Vault集群状态
|
||
log_info ""
|
||
log_info "5. 检查Vault集群状态"
|
||
cluster_status=$(vault operator raft list-peers 2>&1)
|
||
if echo "$cluster_status" | grep -q "executable file not found"; then
|
||
log_info "✓ 使用Consul存储后端(非Raft存储)"
|
||
else
|
||
echo "$cluster_status"
|
||
fi
|
||
|
||
# 6. 总结
|
||
log_info ""
|
||
log_info "===== 集成验证总结 ====="
|
||
log_info "✓ Vault已成功集成Consul作为存储后端"
|
||
log_info "✓ Consul集群正常运行"
|
||
log_info "✓ Vault数据已存储在Consul中"
|
||
log_info "✓ Vault读写功能正常"
|
||
|
||
log_warn "注意:这是开发环境配置,生产环境请遵循安全策略" |