如何在DigitalOcean上使用Packer和Terraform构建Hashicorp Vault服务器

最新推荐文章于 2024-10-03 09:02:12 发布

cukw6666

最新推荐文章于 2024-10-03 09:02:12 发布

阅读量202

点赞数

文章标签： python linux java 大数据 docker

原文链接：https://www.digitalocean.com/community/tutorials/how-to-build-a-hashicorp-vault-server-using-packer-and-terraform-on-digitalocean

版权

介绍 (Introduction)

Vault, by Hashicorp, is an open-source tool for securely storing secrets and sensitive data in dynamic cloud environments. It provides strong data encryption, identity-based access using custom policies, and secret leasing and revocation, as well as a detailed audit log that is recorded at all times. Vault also features a HTTP API, making it the ideal choice for storing credentials in scattered service-oriented deployments, such as Kubernetes.

Hashicorp的Vault是一种开源工具，用于在动态云环境中安全存储机密和敏感数据。它提供强大的数据加密，使用自定义策略的基于身份的访问，秘密租赁和吊销以及始终记录的详细审核日志。 Vault还具有HTTP API，使其成为在分散的面向服务的部署(例如Kubernetes)中存储凭据的理想选择。

Packer and Terraform, also developed by Hashicorp, can be used together to create and deploy images of Vault. Within this workflow, developers can use Packer to write immutable images for different platforms from a single configuration file, which specifies what the image should contain. Terraform will then deploy as many customized instances of the created images as needed.

同样由Hashicorp开发的Packer和Terraform可以一起用于创建和部署Vault映像。在此工作流程中，开发人员可以使用Packer从单个配置文件中为不同平台编写不可变的映像，该配置文件指定了映像应包含的内容。然后，Terraform将根据需要部署所创建映像的尽可能多的自定义实例。

In this tutorial, you’ll use Packer to create an immutable snapshot of the system with Vault installed, and orchestrate its deployment using Terraform. In the end, you’ll have an automated system for deploying Vault in place, allowing you to focus on working with Vault itself, and not on the underlying installation and provisioning process.

在本教程中，您将使用Packer创建安装了Vault的系统的不变快照，并使用Terraform协调其部署。最后，您将拥有一个用于就地部署Vault的自动化系统，使您可以专注于使用Vault本身，而不是基础的安装和置备过程。

先决条件 (Prerequisites)

Packer installed on your local machine. For instructions, visit the official documentation.
Packer安装在本地计算机上。有关说明，请访问官方文档。
Terraform installed on your local machine. Visit the official documentation for a guide.
在本地计算机上安装的Terraform。请访问官方文档以获取指南。
A personal access token (API key) with read and write permissions for your DigitalOcean account. To learn how to create one, visit How to Create a Personal Access Token from the docs.
具有对DigitalOcean帐户的读写权限的个人访问令牌(API密钥)。要了解如何创建一个，请访问如何从文档中创建个人访问令牌。
An SSH key you’ll use to authenticate with the deployed Vault Droplets, available on your local machine and added to your DigitalOcean account. You’ll also need its fingerprint, which you can copy from the Security page of your account once you’ve added it. See the DigitalOcean documentation for detailed instructions or the How To Set Up SSH Keys tutorial.
用来对已部署的Vault Droplet进行身份验证的SSH密钥，可在本地计算机上使用，并添加到DigitalOcean帐户中。您还需要其指纹，添加后即可从帐户的“ 安全性”页面复制该指纹。请参阅DigitalOcean文档以获取详细说明，或如何设置SSH密钥教程。

第1步-创建打包程序模板 (Step 1 — Creating a Packer Template)

In this step, you will write a Packer configuration file, called a template, that will instruct Packer on how to build an image that contains Vault pre-installed. You’ll be writing the configuration in JSON format, a commonly used human-readable configuration file format.

在此步骤中，您将编写一个称为模板的Packer配置文件，该文件将指导Packer如何构建包含预装Vault的映像。您将以JSON格式(一种常用的人类可读配置文件格式)编写配置。

For the purposes of this tutorial, you’ll store all files under ~/vault-orchestration. Create the directory by running the following command:

就本教程而言，您将所有文件存储在~/vault-orchestration 。通过运行以下命令来创建目录：

mkdir ~/vault-orchestration
mkdir〜/库编排

Navigate to it:

导航到它：

cd ~/vault-orchestration
光盘〜/ vault-orchestration

You’ll store config files for Packer and Terraform separately, in different subdirectories. Create them using the following command:

您将在不同的子目录中分别存储Packer和Terraform的配置文件。使用以下命令创建它们：

mkdir packer terraform
mkdir封隔器Terraform

Because you’ll first be working with Packer, navigate to its directory:

因为您将首先使用Packer，所以请导航至其目录：

cd packer
光盘打包机

使用模板变量 (Using Template Variables)

Storing private data and application secrets in a separate variables file is the ideal way of keeping them out of your template. When building the image, Packer will substitute the referenced variables with their values. Hard coding secret values into your template is a security risk, especially if it’s going to be shared with team members or put up on public sites, such as GitHub.

将私有数据和应用程序秘密存储在单独的变量文件中是将它们与模板隔离的理想方法。生成映像时，Packer会将引用的变量替换为其值。将秘密值硬编码到模板中会带来安全风险，尤其是要与团队成员共享或将其放置在GitHub等公共站点上时。

You’ll store them in the packer subdirectory, in a file called variables.json. Create it using your favorite text editor:

您将它们存储在packer子目录的一个名为variables.json的文件中。使用您喜欢的文本编辑器创建它：

nano variables.json
纳米变量.json

Add the following lines:

添加以下行：

~/vault-orchestration/packer/variables.json

〜/ vault-orchestration / packer / variables.json

{
    "do_token": "your_do_api_key",
    "base_system_image": "ubuntu-18-04-x64",
    "region": "nyc3",
    "size": "s-1vcpu-1gb"
}

The variables file consists of a JSON dictionary, which maps variable names to their values. You’ll use these variables in the template you are about to create. If you wish, you can edit the base image, region, and Droplet size values according to the developer docs.

变量文件由JSON字典组成，该字典将变量名称映射到其值。您将在要创建的模板中使用这些变量。如果需要，可以根据开发人员文档编辑基本图像，区域和液滴尺寸值。

Remember to replace your_do_api_key with your API key you created as part of the prerequisites, then save and close the file.

切记用先决条件中创建的API密钥替换your_do_api_key ，然后保存并关闭文件。

创建构建器和预配器 (Creating Builders and Provisioners)

With the variables file ready, you’ll now create the Packer template itself.

准备好变量文件后，您现在将创建Packer模板本身。

You’ll store the Packer template for Vault in a file named template.json. Create it using your text editor:

您将Vault的Packer模板存储在名为template.json的文件中。使用您的文本编辑器创建它：

nano template.json
纳米template.json

Add the following lines:

添加以下行：

~/vault-orchestration/packer/template.json

〜/ vault-orchestration / packer / template.json

{
     "builders": [{
         "type": "digitalocean",
         "api_token": "{{user `do_token`}}",
         "image": "{{user `base_system_image`}}",
         "region": "{{user `region`}}",
         "size": "{{user `size`}}",
         "ssh_username": "root"
     }],
     "provisioners": [{
         "type": "shell",
         "inline": [
             "sleep 30",
             "sudo apt-get update",
             "sudo apt-get install unzip -y",
             "curl -L https://releases.hashicorp.com/vault/1.3.2/vault_1.3.2_linux_amd64.zip -o vault.zip",
             "unzip vault.zip",
             "sudo chown root:root vault",
             "mv vault /usr/local/bin/",
             "rm -f vault.zip"
         ]
    }]
}

In the template, you define arrays of builders and provisioners. Builders tell Packer how to build the system image (according to their type) and where to store it, while provisioners contain sets of actions Packer should perform on the system before turning it into an immutable image, such as installing or configuring software. Without any provisioners, you would end up with an untouched base system image. Both builders and provisioners expose parameters for further work flow customization.

在模板中，您定义了builders和Provisioners的数组。建设者告诉Packer如何构建系统映像(根据其类型)以及将映像存储在何处，而置备人员则包含Packer在将系统映像转变为不可变映像之前应在系统上执行的一系列操作，例如安装或配置软件。没有任何供应者，您最终将获得未触及的基本系统映像。建设者和供应者都公开参数以进一步定制工作流程。

You first define a single builder of the type digitalocean, which means that when ordered to build an image, Packer will use the provided parameters to create a temporary Droplet of the defined size using the provided API key, with the specified base system image and in the specified region. The format for fetching a variable is {{user 'variable_name'}}, where the highlighted part is its name.

首先，您将定义一个digitalocean类型的构建器，这意味着在订购构建映像时，Packer将使用提供的参数，使用提供的API密钥，使用指定的基本系统映像和int，使用提供的参数创建已定义大小的临时Droplet。指定的区域。提取变量的格式为{{user ' variable_name '}} ，其中突出显示的部分是其名称。

When the temporary Droplet is provisioned, the provisioner will connect to it using SSH with the specified username, and will sequentially execute all defined provisioners before creating a DigitalOcean Snapshot from the Droplet and deleting it.

当配置了临时Droplet时，配置者将使用具有指定用户名的SSH使用SSH连接到它，并在从Droplet创建DigitalOcean快照并将其删除之前，顺序执行所有定义的配置者。

It’s of type shell, which will execute given commands on the target. Commands can be specified either inline, as an array of strings, or defined in separate script files if inserting them into the template becomes unwieldy due to size. The commands in the template will wait 30 seconds for the system to boot up, and will then download and unpack Vault 1.3.2. Check the official Vault download page and replace the link in the commands with a newer version for Linux, if available.

它是shell类型的，它将在目标上执行给定的命令。可以将命令inline指定为字符串数组，也可以在单独的脚本文件中定义命令(如果将命令插入到模板中会由于大小而变得笨拙)。模板中的命令将等待30秒，以使系统启动，然后下载并解压Vault 1.3.2 。检查Vault的官方下载页面，并将命令中的链接替换为Linux的较新版本(如果有)。

When you’re done, save and close the file.

完成后，保存并关闭文件。

To verify the validity of your template, run the following command:

要验证模板的有效性，请运行以下命令：

packer validate -var-file=variables.json template.json
打包程序验证-var-file = variables.json template.json

Packer accepts a path to the variables file via the -var-file argument.

Packer通过-var-file参数接受变量文件的路径。

You’ll see the following output:

您将看到以下输出：


   
   
    
    Output
   
   Template validated successfully.

If you get an error, Packer will specify exactly where it occurred, so you’ll be able to correct it.

如果出现错误，Packer会准确指定错误发生的位置，因此您可以进行更正。

You now have a working template that produces an image with Vault installed, with your API key and other parameters defined in a separate file. You’re now ready to invoke Packer and build the snapshot.

现在，您有了一个工作模板，该模板可以生成安装了Vault的映像，并且在单独的文件中定义了API密钥和其他参数。现在您可以调用Packer并构建快照了。

第2步-构建快照 (Step 2 — Building the Snapshot)

In this step, you’ll build a DigitalOcean Snapshot from your template using the Packer build command.

在此步骤中，您将使用Packer build命令从模板中构建DigitalOcean快照。

To build your snapshot, run the following command:

要构建快照，请运行以下命令：

packer build -var-file=variables.json template.json
打包程序build -var-file = variables.json template.json

This command will take some time to finish. You’ll see a lot of output, which will look like this:

此命令将需要一些时间才能完成。您将看到很多输出，如下所示：


   
   
    
    Output
   
   digitalocean: output will be in this color.

==> digitalocean: Creating temporary ssh key for droplet...
==> digitalocean: Creating droplet...
==> digitalocean: Waiting for droplet to become active...
==> digitalocean: Using ssh communicator to connect: ...
==> digitalocean: Waiting for SSH to become available...
==> digitalocean: Connected to SSH!
==> digitalocean: Provisioning with shell script: /tmp/packer-shell035430322
...
==> digitalocean:   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
==> digitalocean:                                  Dload  Upload   Total   Spent    Left  Speed
    digitalocean: Archive:  vault.zip
==> digitalocean: 100 45.5M  100 45.5M    0     0   154M      0 --:--:-- --:--:-- --:--:--  153M
    digitalocean:   inflating: vault
==> digitalocean: Gracefully shutting down droplet...
==> digitalocean: Creating snapshot: packer-1581537927
==> digitalocean: Waiting for snapshot to complete...
==> digitalocean: Destroying droplet...
==> digitalocean: Deleting temporary ssh key...
Build 'digitalocean' finished.

==> Builds finished. The artifacts of successful builds are:
--> digitalocean: A snapshot was created: 'packer-1581537927' (ID: 58230938) in regions '...'

Packer logs all the steps it took while building your template. The last line contains the name of the snapshot (such as packer-1581537927) and its ID in parentheses, marked in red. Note your ID of the snapshot, because you’ll need it in the next step.

Packer记录了构建模板时采取的所有步骤。最后一行包含快照的名称(例如packer-1581537927 )及其括号中的ID(用红色标记)。注意快照的ID，因为下一步将需要它。

If the build process fails due to API errors, wait a few minutes and then retry.

如果构建过程由于API错误而失败，请等待几分钟，然后重试。

You’ve built a DigitalOcean Snapshot according to your template. The snapshot has Vault pre-installed, and you can now deploy Droplets with it as their system image. In the next step, you’ll write Terraform configuration for automating such deployments.

您已经根据模板构建了DigitalOcean快照。快照已预安装Vault，现在您可以将Droplet与其一起作为系统映像进行部署。在下一步中，您将编写Terraform配置以自动执行此类部署。

第3步-编写Terraform配置 (Step 3 — Writing Terraform Configuration)

In this step, you’ll write Terraform configuration for automating Droplet deployments of the snapshot containing the Vault you just built using Packer.

在此步骤中，您将编写Terraform配置以自动执行快照的Droplet部署，该快照包含刚使用Packer构建的Vault。

Before writing actual Terraform configuration for deploying Vault from the previously built snapshot, you’ll first need to configure the DigitalOcean provider for it. Navigate to the terraform subdirectory by running:

在编写用于从先前构建的快照部署Vault的实际Terraform配置之前，您首先需要为其配置DigitalOcean提供程序。通过运行以下命令导航到terraform子目录：

cd ~/vault-orchestration/terraform
光盘〜/ vault-orchestration / terraform

Then, create a file named do-provider.tf, where you’ll store the provider:

然后，创建一个名为do-provider.tf的文件，在其中存储提供程序：

nano do-provider.tf
nano do-provider.tf

Add the following lines:

添加以下行：

~/vault-orchestration/terraform/do-provider.tf

〜/ vault-orchestration / terraform / do-provider.tf

variable "do_token" {
}

variable "ssh_fingerprint" {
}

variable "instance_count" {
  default = "1"
}

variable "do_snapshot_id" {
}

variable "do_name" {
  default = "vault"
}

variable "do_region" {
}

variable "do_size" {
}

variable "do_private_networking" {
  default = true
}

provider "digitalocean" {
  token = var.do_token
}

This file declares parameter variables and provides the digitalocean provider with an API key. You’ll later use these variables in your Terraform template, but you’ll first need to specify their values. For that purpose, Terraform supports specifying variable values in a variable definitions file similarly to Packer. The filename must end in either .tfvars or .tfvars.json. You’ll later pass that file to Terraform using the -var-file argument.

该文件声明参数变量，并向digitalocean提供者提供API密钥。稍后，您将在Terraform模板中使用这些变量，但首先需要指定它们的值。为此，Terraform支持类似于Packer在变量定义文件中指定变量值。文件名必须以.tfvars或.tfvars.json 。稍后，您将使用-var-file参数将该文件传递给Terraform。

Save and close the file.

保存并关闭文件。

Create a variable definitions file called definitions.tfvars using your text editor:

使用文本编辑器创建一个名为definitions.tfvars的变量定义文件：

nano definitions.tfvars
纳米定义

Add the following lines:

添加以下行：

~/vault-orchestration/terraform/definitions.tf

〜/ vault-orchestration / terraform / definitions.tf

do_token         = "your_do_api_key"
ssh_fingerprint  = "your_ssh_key_fingerprint"
do_snapshot_id   = your_do_snapshot_id
do_name          = "vault"
do_region        = "nyc3"
do_size          = "s-1vcpu-1gb"
instance_count   = 1

Remember to replace your_do_api_key, your_ssh_key_fingerprint, and your_do_snapshot_id with your account API key, the fingerprint of your SSH key, and the snapshot ID you noted from the previous step, respectively. The do_region and do_size parameters must have the same values as in the Packer variables file. If you want to deploy multiple instances at once, adjust instance_count to your desired value.

请记住your_do_snapshot_id用您的帐户API密钥，SSH密钥的指纹和上一步中记下的快照ID替换your_do_api_key , your_ssh_key_fingerprint和your_do_snapshot_id 。 do_region和do_size参数的值必须与Packer变量文件中的值相同。如果要一次部署多个实例，请将instance_count调整为所需的值。

When finished, save and close the file.

完成后，保存并关闭文件。

For more information on the DigitalOcean Terraform provider, visit the official docs.

有关DigitalOcean Terraform提供程序的更多信息，请访问官方文档。

You’ll store the Vault snapshot deployment configuration in a file named deployment.tf, under the terraform directory. Create it using your text editor:

您将Vault快照部署配置存储在terraform目录下的一个名为deployment.tf的文件中。使用您的文本编辑器创建它：

nano deployment.tf
纳米部署

Add the following lines:

添加以下行：

~/vault-orchestration/terraform/deployment.tf

〜/ vault-orchestration / terraform / deployment.tf

resource "digitalocean_droplet" "vault" {
  count              = var.instance_count
  image              = var.do_snapshot_id
  name               = var.do_name
  region             = var.do_region
  size               = var.do_size
  private_networking = var.do_private_networking
  ssh_keys = [
    var.ssh_fingerprint
  ]
}

output "instance_ip_addr" {
  value = {
    for instance in digitalocean_droplet.vault:
    instance.id => instance.ipv4_address
  }
  description = "The IP addresses of the deployed instances, paired with their IDs."
}

Here you define a single resource of the type digitalocean_droplet named vault. Then, you set its parameters according to the variable values and add a SSH key (using its fingerprint) from your DigitalOcean account to the Droplet resource. Finally, you output the IP addresses of all newly deployed instances to the console.

在这里，您可以定义一个名为digitalocean_droplet名为vault 资源。然后，根据变量值设置其参数，并将SSH密钥(使用其指纹)从DigitalOcean帐户添加到Droplet资源。最后，将所有新部署的实例的IP地址output到控制台。

Save and close the file.

保存并关闭文件。

Before doing anything else with your deployment configuration, you’ll need to initialize the directory as a Terraform project:

在对部署配置执行其他任何操作之前，您需要将目录初始化为Terraform项目：

terraform init
地形初始化

You’ll see the following output:

您将看到以下输出：


   
   
    
    Output
   
   
Initializing the backend...

Initializing provider plugins...

The following providers do not have any version constraints in configuration,
so the latest version was installed.

To prevent automatic upgrades to new major versions that may contain breaking
changes, it is recommended to add version = "..." constraints to the
corresponding provider blocks in configuration, with the constraint strings
suggested below.

* provider.digitalocean: version = "~> 1.14"

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.

When initializing a directory as a project, Terraform reads the available configuration files and downloads plugins deemed necessary, as logged in the output.

在将目录初始化为项目时，Terraform会读取可用的配置文件并下载必要的插件，如在输出中记录的那样。

You now have Terraform configuration for deploying your Vault snapshot ready. You can now move on to validating it and deploying it on a Droplet.

现在，您已经具有Terraform配置，可以立即部署Vault快照。现在，您可以继续进行验证并将其部署在Droplet上。

步骤4 —使用Terraform部署保管库 (Step 4 — Deploying Vault Using Terraform)

In this section, you’ll verify your Terraform configuration using the validate command. Once it verifies successfully, you’ll apply it and deploy a Droplet as a result.

在本节中，您将使用validate命令验证Terraform配置。成功验证后，您将apply它并部署一个Droplet。

Run the following command to test the validity of your configuration:

运行以下命令以测试配置的有效性：

terraform validate
地形验证

You’ll see the following output:

您将看到以下输出：


   
   
    
    Output
   
   Success! The configuration is valid.

Next, run the plan command to see what Terraform will attempt when it comes to provision the infrastructure according to your configuration:

接下来，运行plan命令以查看Terraform在根据您的配置供应基础结构时将尝试什么：

terraform plan -var-file="definitions.tfvars"
terraform plan -var-file =“ definitions.tfvars”

Terraform accepts a variable definitions file via the -var-file parameter.

Terraform通过-var-file参数接受变量定义文件。

The output will look similar to:

输出将类似于：


   
   
    
    Output
   
   Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.


------------------------------------------------------------------------

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # digitalocean_droplet.vault[0] will be created
  + resource "digitalocean_droplet" "vault" {
        ...
    }

Plan: 1 to add, 0 to change, 0 to destroy.

------------------------------------------------------------------------

Note: You didn't specify an "-out" parameter to save this plan, so Terraform
can't guarantee that exactly these actions will be performed if
"terraform apply" is subsequently run.

The green + on the beginning of the resource "digitalocean_droplet" "vault" line means that Terraform will create a new Droplet called vault, using the parameters that follow. This is correct, so you can now execute the plan by running terraform apply:

resource "digitalocean_droplet" "vault"行开头的绿色+表示Terraform将使用以下参数创建一个名为vault的新Droplet。这是正确的，因此您现在可以通过运行terraform apply执行计划：

terraform apply -var-file="definitions.tfvars"
terraform apply -var-file =“ definitions.tfvars”

Enter yes when prompted. After a few minutes, the Droplet will finish provisioning and you’ll see output similar to this:

出现提示时输入yes 。几分钟后，Droplet将完成配置，您将看到类似以下的输出：


   
   
    
    Output
   
   An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  + digitalocean_droplet.vault-droplet

...

Plan: 1 to add, 0 to change, 0 to destroy.

...

digitalocean_droplet.vault-droplet: Creating...

...

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

Outputs:

instance_ip_addr = {
  "181254240" = "your_new_server_ip"
}

In the output, Terraform logs what actions it has performed (in this case, to create a Droplet) and displays its public IP address at the end. You’ll use it to connect to your new Droplet in the next step.

在输出中，Terraform记录其已执行的操作(在本例中为创建Droplet)，并在最后显示其公共IP地址。下一步，您将使用它来连接到新的Droplet。

You have created a new Droplet from the snapshot containing Vault and are now ready to verify it.

您已经从包含Vault的快照中创建了一个新的Droplet，现在可以进行验证了。

步骤5 —验证已部署的Droplet (Step 5 — Verifying Your Deployed Droplet)

In this step, you’ll access your new Droplet using SSH and verify that Vault was installed correctly.

在此步骤中，您将使用SSH访问新的Droplet并验证Vault是否已正确安装。

If you are on Windows, you can use software such as Kitty or Putty to connect to the Droplet with an SSH key.

如果您使用的是Windows，则可以使用Kitty或Putty等软件通过SSH密钥连接到Droplet。

On Linux and macOS machines, you can use the already available ssh command to connect:

在Linux和macOS计算机上，可以使用已经可用的ssh命令进行连接：

ssh root@your_server_ip
ssh root @ your_server_ip

Answer yes when prompted. Once you are logged in, run Vault by executing:

出现提示时回答yes 。登录后，通过执行以下命令运行保险柜：

vault
跳马

You’ll see its “help” output, which looks like this:

您将看到其“帮助”输出，如下所示：


   
   
    
    Output
   
   Usage: vault <command> [args]

Common commands:
    read        Read data and retrieves secrets
    write       Write data, configuration, and secrets
    delete      Delete secrets and configuration
    list        List data or secrets
    login       Authenticate locally
    agent       Start a Vault agent
    server      Start a Vault server
    status      Print seal and HA status
    unwrap      Unwrap a wrapped secret

Other commands:
    audit          Interact with audit devices
    auth           Interact with auth methods
    debug          Runs the debug command
    kv             Interact with Vault's Key-Value storage
    lease          Interact with leases
    namespace      Interact with namespaces
    operator       Perform operator-specific tasks
    path-help      Retrieve API help for paths
    plugin         Interact with Vault plugins and catalog
    policy         Interact with policies
    print          Prints runtime configurations
    secrets        Interact with secrets engines
    ssh            Initiate an SSH session
    token          Interact with tokens

You can quit the connection by typing exit.

您可以通过键入exit退出连接。

You have now verified that your newly deployed Droplet was created from the snapshot you made, and that Vault is installed correctly.

现在，您已验证是否从创建的快照创建了新部署的Droplet，并且已正确安装了Vault。

结论 (Conclusion)

You now have an automated system for deploying Hashicorp Vault on DigitalOcean Droplets using Terraform and Packer. You can now deploy as many Vault servers as you need. To start using Vault, you’ll need to initialize it and further configure it. For instructions on how to do that, visit the official docs.

您现在有了一个自动化系统，该系统可以使用Terraform和Packer在DigitalOcean Droplet上部署Hashicorp Vault。现在，您可以根据需要部署任意数量的Vault服务器。要开始使用保险柜，您需要对其进行初始化并进一步配置。有关如何执行此操作的说明，请访问官方文档。

For more tutorials using Terraform, check out our Terraform content page.

有关使用Terraform的更多教程，请查看我们的Terraform内容页面。