vault will only bind to loopback

[Kevin Wyrick]

Good morning.  I'm trying to spin up a simple vault server to play with.  ( not in dev mode )

It seems that no matter what I put in the config, vault will only bind to local host to listen.  I have a need to access via http or https from other servers.  There must be something simple that I am missing.  I've even tried binding specifically to the eth0 address, but it still binds to loopback.  Could anyone point out what I may be missing?  Thank You.

Simple config:

listener "tcp" {

   addresss = "0.0.0.0:8200"

   cluster_addresss     = "0.0.0.0:8201"

   tls_disable = 1

}

storage file {

   path = "/scratch/vault/data"

}

api_addr = "http://10.64.64.133:8203"

cluster_addr = "http://10.64.64.133:8204"

disable_mlock = true

disable_sealwrap = true

Output from start.  Shows listening to loopback:

==> Vault server configuration:

             Api Address: http://10.64.64.133:8203

                     Cgo: disabled

         Cluster Address: https://10.64.64.133:8204

              Listener 1: tcp (addr: "127.0.0.1:8200", cluster address: "127.0.0.1:8201", max_request_duration: "1m30s", max_request_size: "33554432", tls: "disabled")

               Log Level: info

                   Mlock: supported: true, enabled: false

                 Storage: file

                 Version: Vault v1.0.3

             Version Sha: 85909e3373aa743c34a6a0ab59131f61fd9e8e43

==> Vault server started! Log data will stream in below:

Netstat output:  Only listening to loopback

[kwwyric@nc2dlkwtst01 vault]$ netstat -an | grep -i 820

tcp        0      0 127.0.0.1:8200          0.0.0.0:*               LISTEN

tcp        0      0 127.0.0.1:8201          0.0.0.0:*               LISTEN

[Jeff Mitchell]

Hi there,

What is the command you're running to start Vault?

Best,
Jeff

> --
> This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
>
> GitHub Issues: https://github.com/hashicorp/vault/issues
> IRC: #vault-tool on Freenode
> ---
> You received this message because you are subscribed to the Google Groups "Vault" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/cfa60f09-783d-4449-8a64-76300fa30086%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

[Kevin Wyrick]

Hi Jeff,

I am using the following command to start.  The referenced config file is the one I pasted:

/usr/local/bin/vault server -config=/etc/vault/vault.hcl

[Jeff Mitchell]

Hi Kevin,

You have an extra "s" appended to "addresss" and "cluster_addresss".

Best,
Jeff

> --
> This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
>
> GitHub Issues: https://github.com/hashicorp/vault/issues
> IRC: #vault-tool on Freenode
> ---
> You received this message because you are subscribed to the Google Groups "Vault" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+...@googlegroups.com.

> To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/7d2b2acc-225c-4012-9dd5-ca422148b79c%40googlegroups.com.

[Kevin Wyrick]

Holy Schnikes!   Thank You, Jeff.  I've cut an pasted that same config to a few different servers, and tied it to different versions of vault only to overlook that error.

Thank You for your help.

On Wednesday, March 6, 2019 at 9:00:05 AM UTC-5, Kevin Wyrick wrote: