Hashiqube is the Ultimate Hands-on DevOps Lab in a Docker Container. It can run in a Github Codespace, locally using Vagrant or Docker Compose, or as a Virtual Machine VM on AWS, GCP and Azure.
Hashiqube has a Docker daemon inside, meaning we can run containers inside Hashiqube using Kubernetes (Minikube), Nomad, or Docker run. It runs all HashiCorp products: Vault, Terraform, Nomad, Consul, Waypoint, Boundary, Vagrant, Packer and Sentinel.
It also runs other popular Open Source DevOps/DevSecOps applications (Minikube, Ansible AWX Tower, Traefik, etc.) showcasing how simple integration with HashiCorp products can result in tangible learnings and benefits for all users.
Once Hashiqube is up, an internet connection is no longer needed, meaning sales pitches and demos for potential and existing customers are greatly aided.
Hashiqube has been created to help Engineers, Developers and anyone who wants to practice, learn or demo HashiCorp products to get started quickly with a local lab.
Please connect with me on LinkedIn (Riaan Nolan) or check out my Credly profile
bash docker/docker.sh
bash consul/consul.sh
bash nomad/nomad.sh
bash vault/vault.sh
bash boundary/boundary.shvagrant up --provision-with basetools,docker,docsify,consul,nomad,vault,boundarydocker compose exec hashiqube /bin/bash
bash hashiqube/basetools.sh
bash docker/docker.sh
bash consul/consul.sh
bash nomad/nomad.sh
bash vault/vault.sh
bash boundary/boundary.sh- HashiQube - A DevOps Development Lab Using All the HashiCorp Products
- Overview
- Table of Contents
- Running Hashiqube
- Documentation and Status
- HashiQube Overview
- HashiQube Diagrams
- Links
- Hashiqube Integrations
- HashiQube's Purpose
- Supported Architectures
- HashiCorp product Versions
- Components
- Docker Desktop
- Consul DNS
- The HashiStack
- Other
- Vagrant Basic Usage
- Docker Basic Usage
- Errors you might encounter
- Support & Feedback
- Contributors
- Videos
There are several ways to run Hashiqube depending on your needs. The easiest is using Github Codespaces:
| Method | Description | Requirements |
|---|---|---|
| Github Codespaces | Quick start in the cloud (1-minute setup) | Github account only |
| Local Vagrant/Docker | Run locally on your machine | Docker, Vagrant (optional), VirtualBox (optional) |
| Hyperscaler VMs | Run on AWS, GCP or Azure | Cloud account |
- Head over to https://github.com/star3am/hashiqube
- Fork the Hashiqube repository
- In the forked Hashiqube repository in your Github account, launch a new Codespace
- Watch the video below for follow-along instructions
Follow the instructions below to run Hashiqube locally on your laptop or PC.
- Hardware Requirements:
- 10GB of disk space
- 4G RAM (Minimum) - 8G RAM Recommended
- Software Requirements:
- Docker
- Vagrant
💡 If you want to run Minikube and a workload like AWX Ansible Tower or Airflow, you need at least 8G RAM. For Gitlab, allocate at least 12G RAM to Docker.
🕒 Duration: 15-30 minutes
💡 Docker is the default and preferred way to run Hashiqube
-
Install Docker: Download from the Docker desktop installer
-
Install Vagrant: Download from the Vagrant installer
-
Clone the repo:
git clone https://github.com/star3am/hashiqube.git- What is Git? -
Start Hashiqube: Inside the local repo folder, run:
vagrant up --provision
This will set up Vault, Nomad, Consul, Terraform, Localstack and Docker
-
Access documentation: Visit http://localhost:3333
Docker compose is also supported! To bring up Hashiqube with Docker Compose:
-
Install Docker: Download from the Docker desktop installer
-
Clone the repo:
git clone https://github.com/star3am/hashiqube.git -
Start Hashiqube: Inside the local repo folder, run:
docker-compose up -d
-
Initialize services:
# Access the container shell docker compose exec hashiqube /bin/bash # Install dependencies bash hashiqube/basetools.sh # Install Docker daemon bash docker/docker.sh # Start HashiCorp Vault bash vault/vault.sh
To check status:
docker compose lsExample output:
NAME STATUS CONFIG FILES
hashiqube running(1) /Users/riaan/workspace/personal/hashiqube/docker-compose.ymlAfter completing the installation steps:
- 📖 Documentation: http://localhost:3333
- 🚦 Status of Integrations: http://localhost:3001
In essence, Hashiqube is a Docker Container (by default) or a Virtual Machine with a Docker Daemon inside, meaning we can run containers inside Hashiqube using Kubernetes, Nomad, or Docker run.
Hashiqube runs on your local machine or cloud instance and provides:
- All HashiCorp products
- Popular open-source DevOps tools (Minikube, Ansible AWX Tower, etc.)
- Multi-cloud capabilities on AWS, GCP and Azure (Multi-Cloud)
Hashiqube is a Training/Development Lab for practice, learning, and demos. It is not designed for production use.
- Vault - Secure, store and control access to tokens, passwords, and sensitive data
- Terraform - Infrastructure as Code to provision and manage any cloud or service
- Consul - Service Mesh connecting applications across environments
- Nomad - Scheduler and orchestrator for containers and applications
- Boundary - Secure remote access to any system from anywhere
- Waypoint - Modern workflow for build, deploy, and release across platforms
- Vagrant - Build and maintain portable development environments
- Packer - Create identical machine images for multiple platforms
- Sentinel - Embedded policy-as-code framework
- Docker - Container platform
- Minikube - Local Kubernetes cluster
- Traefik - Modern HTTP reverse proxy and load balancer
- Fabio - HTTP/TCP reverse proxy with Consul integration
- Localstack - Local AWS cloud stack
- Oracle MySQL - Open-source RDBMS
- Microsoft MSSQL - Microsoft's RDBMS
- PostgreSQL - Advanced open-source RDBMS
- Prometheus - Monitoring system with time series database
- Grafana - Analytics & monitoring solution
- Elasticsearch - Search engine
- Kibana - Data visualization for Elasticsearch
- Cerebro - Elasticsearch admin interface
- Ansible - Infrastructure as code and automation
- Ansible-Tower - Web UI for Ansible
- Jenkins - Automation server for CI/CD
- LDAP - Lightweight Directory Access Protocol
- Dbt - Data transformation tool
- Apache Airflow - Workflow management for data pipelines
- Visual-Studio-Code - Code editor
- Portainer - Container management UI
- Gitlab - DevOps platform
- Argocd - GitOps continuous delivery for Kubernetes
- Docsify - Documentation site generator
- Mermaid - Diagram generation from text
- Newrelic Kubernetes Monitoring - Monitor Kubernetes
Once the stack is up, you will have many services running and available on localhost.
For documentation, open http://localhost:3333 in your browser.
Hashiqube enables anyone interested in secure automation pipelines to run a suite of 'best in class' tools locally with minimal system resources.
It empowers users to deploy these tools in a way that covers multiple use cases, providing a 'concept to completion' test bed using open-source HashiCorp products.
The original use case was to demystify DevSecOps using Terraform, Vault, Consul, Sentinel, and Nomad along with other open-source CI/CD tools, demonstrating the value of secret and credential management in software development pipelines.
Thanks to HashiCorp's flexibility, there's no need to wonder how to achieve secure and timely software delivery - just Vagrant up!
| Name | Docker | Virtualbox | Hyper-V |
|---|---|---|---|
| amd64 | ✓ | ✓ | ✘ |
| arm64 | ✓ | ✘ | ✘ |
| linux | ✓ | ✓ | ✘ |
| windows | ✓ | ✘ | ✘ |
| mac intel | ✓ | ✓ | ✘ |
| mac apple | ✓ | ✘ | ✘ |
By default, Hashiqube installs community editions of HashiCorp products, but you can also test and demo Enterprise versions. You can request a trial license from HashiCorp's website.
To use Enterprise editions, copy the license.hclic into the corresponding product folder and run:
vagrant up --provision-with basetools,vault,consul,nomad,boundary| Name | Community | Enterprise |
|---|---|---|
| Vault | ✓ | ✓ |
| Consul | ✓ | ✓ |
| Nomad | ✓ | ✓ |
| Boundary | ✓ | ✓ |
| Terraform | ✓ | ✘ |
Directory structure example:
tree -L 1 boundary consul nomad vault
boundary
├── README.md
├── boundary.sh
├── images
└── license.hclic
consul
├── README.md
├── consul.sh
├── images
└── license.hclic
nomad
├── README.md
├── images
├── license.hclic
├── nomad
└── nomad.sh
vault
├── README.md
├── images
├── license.hclic
└── vault.shHashiqube is modular - components can be run separately or together.
vagrant up --provision-with basetools
vagrant up --provision-with docker
vagrant up --provision-with docsify
vagrant up --provision-with vault
vagrant up --provision-with consul
vagrant up --provision-with nomad
vagrant up --provision-with minikubevagrant up --provision-with basetools,docker,minikube,postgresql,dbt,apache-airflowDocker Desktop is an application for Mac/Windows that enables building and sharing containerized applications. It provides a graphical interface for the Docker service.
- Download Docker Desktop and install it
- Verify installation by opening the Docker Desktop application
- Ensure you have the latest version installed
- Keep your operating system updated (Docker Desktop performance improvements)
💡 While Hashiqube runs with 4GB (minimum) or 8GB (recommended) RAM, running multiple services simultaneously (Vault, Nomad, Consul, Waypoint, Boundary, Minikube, AWX) requires more resources to avoid contention errors.
- Allocate at least 8GB RAM to your Docker daemon
- Ensure sufficient disk space is available
To enable local DNS resolution via Consul, create a file at /etc/resolver/consul with:
nameserver 10.9.99.10
port 8600This enables DNS names like nomad.service.consul:9999 and vault.service.consul:9999 via Fabio Load Balancer.
| Dimension | Products | ||
|---|---|---|---|
| Applications |  Nomad Scheduler and workload orchestrator |
 Waypoint Build, deploy, release workflow |
|
| Networking |  Consul Service Mesh across any cloud |
||
| Security |  Boundary Secure remote access |
 Vault Secrets management |
|
| Infrastructure |  Packer Machine image automation |
 Vagrant Development environments |
 Terraform Infrastructure automation |
| Service | URL/Port |
|---|---|
| LDAP | ldap://localhost:389 |
| Localstack web | http://localhost:8080 |
| DBT web | http://localhost:28080 |
| Apache Airflow | http://localhost:18889 |
| Ansible provisioning Apache2 | http://localhost:8888 |
| Ansible AWX Tower | http://localhost:8043 |
| Jenkins | http://localhost:8088 |
| Oracle MySQL | localhost:3306 |
| Microsoft SQL | localhost:1433 |
| Minikube | http://localhost:10888 |
| Traefik | http://localhost:8181 |
| Fabio | http://localhost:9999 |
# Initial setup with provisioning
vagrant up --provision
# Selective provisioning
vagrant up --provision-with bootstrap|nomad|consul|vault|docker|ldap
# Check VM status
vagrant global-status
vagrant global-status --prune # Remove stale VMs from cache
vagrant status
# Other common commands
vagrant reload
vagrant up
vagrant destroy
vagrant provision
vagrant plugin listdocker image ls
docker ps
docker stopError: Shell provisioner path does not exist
If you see this error when running vagrant destroy:
hashiqube0: Are you sure you want to destroy the 'hashiqube0' VM? [y/N] y
There are errors in the configuration of this machine. Please fix
the following errors and try again:
shell provisioner:
* `path` for shell provisioner does not exist on the host system: /users/username/workspace/personal/hashiqube/vault/vault.shCommand to check: docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1d835d757279 15f77507dce7 "/usr/sbin/init" 38 hours ago Up 38 hours 0.0.0.0:1433->1433/tcp, 0.0.0.0:3000->3000/tcp, 0.0.0.0:3306->3306/tcp, 0.0.0.0:3333->3333/tcp, 0.0.0.0:4566->4566/tcp, 0.0.0.0:4646-4648->4646-4648/tcp, 0.0.0.0:5001-5002->5001-5002/tcp, 0.0.0.0:5432->5432/tcp, 0.0.0.0:5580->5580/tcp, 0.0.0.0:5601-5602->5601-5602/tcp, 0.0.0.0:7777->7777/tcp, 0.0.0.0:8000->8000/tcp, 0.0.0.0:8043->8043/tcp, 0.0.0.0:8080->8080/tcp, 0.0.0.0:8088->8088/tcp, 0.0.0.0:8181->8181/tcp, 0.0.0.0:8200-8201->8200-8201/tcp, 0.0.0.0:8300-8302->8300-8302/tcp, 0.0.0.0:8500-8502->8500-8502/tcp, 0.0.0.0:8888-8889->8888-8889/tcp, 0.0.0.0:9001-9002->9001-9002/tcp, 0.0.0.0:9011->9011/tcp, 0.0.0.0:9022->9022/tcp, 0.0.0.0:9090->9090/tcp, 0.0.0.0:9093->9093/tcp, 0.0.0.0:9200->9200/tcp, 0.0.0.0:9333->9333/tcp, 0.0.0.0:9701-9702->9701-9702/tcp, 0.0.0.0:9998-9999->9998-9999/tcp, 0.0.0.0:10888->10888/tcp, 0.0.0.0:11888->11888/tcp, 0.0.0.0:18080->18080/tcp, 0.0.0.0:18181->18181/tcp, 0.0.0.0:18888-18889->18888-18889/tcp, 0.0.0.0:19200->19200/tcp, 0.0.0.0:19701-19702->19701-19702/tcp, 0.0.0.0:28080->28080/tcp, 0.0.0.0:31506->31506/tcp, 0.0.0.0:32022->32022/tcp, 0.0.0.0:8600->8600/udp, 0.0.0.0:2255->22/tcp, 0.0.0.0:33389->389/tcp hashiqube_hashiqube0_1689246032Solution: Run docker stop 1d835d757279 (using your container ID)
Error: IP address not within allowed ranges
The IP address configured for the host-only network is not within the
allowed ranges. Please update the address used to be within the allowed
ranges and run the command again.
Address: 10.9.99.10
Ranges: 192.168.56.0/21
Valid ranges can be modified in the /etc/vbox/networks.conf file. For
more information including valid format see:
https://www.virtualbox.org/manual/ch06.html#network_hostonlySolution: Create file /etc/vbox/networks.conf with:
* 10.0.0.0/8 192.168.0.0/16
* 2001::/64Then re-run vagrant up --provision
Error: Cannot stop container
When running vagrant destroy:
hashiqube0.service.consul: Are you sure you want to destroy the 'hashiqube0.service.consul' VM? [y/N] y
==> hashiqube0.service.consul: Stopping container...
A Docker command executed by Vagrant didn't complete successfully!
The command run along with the output from the command is shown
below.
Command: ["docker", "stop", "-t", "1", "6c0c8135620ff47efe12df417a0df0e57d7a81a7f7ca06d011323fbb52e573db", {:notify=>[:stdout, :stderr]}]
Stderr: Error response from daemon: cannot stop container: 6c0c8135620ff47efe12df417a0df0e57d7a81a7f7ca06d011323fbb52e573db: tried to kill container, but did not receive an exit eventSolution: Run vagrant destroy again
Error: Port collision
Vagrant cannot forward the specified ports on this VM, since they would collide with some other application that is already listening on these ports. The forwarded port to `9200` is already in use on the host machine.
To fix this, modify your current project's Vagrantfile to use another port. For example, where '1234' would be replaced by a unique host port:
config.vm.network :forwarded_port, guest: 9200, host: 1234
Sometimes, Vagrant will attempt to auto-correct this for you. In this case, Vagrant was unable to. This is usually because the guest machine is in a state which doesn't allow modifying port forwarding. You could try 'vagrant reload' (the equivalent of running a halt followed by an up) so vagrant can attempt to auto-correct this upon booting. Be warned that any unsaved work might be lost.Solution: Either stop the conflicting service (e.g., Elasticsearch) or modify the Vagrantfile to use a different port:
# config.vm.network "forwarded_port", guest: 9200, host: 9200 # elasticsearchFor suggestions, feedback, and queries, please submit a Pull Request or contact Riaan Nolan, creator of HashiQube via GitHub.
Hashiqube runs all HashiCorp products and many popular open-source tools used in the industry today.
After running vagrant up --provision, you'll have access to:
| Service | URL | Setup Command |
|---|---|---|
| Vault | http://localhost:8200 | vagrant up --provision-with basetools,vault |
| Nomad | http://localhost:4646 | vagrant up --provision-with basetools,docker,nomad |
| Consul | http://localhost:8500 | vagrant up --provision-with basetools,consul |
| Waypoint on Nomad | https://localhost:9702 | vagrant up --provision-with basetools,docker,waypoint |
| Waypoint on Minikube | https://localhost:19702 | vagrant up --provision-with basetools,docker,waypoint-kubernetes-minikube |
| Boundary | http://localhost:19200 | vagrant up --provision-with basetools,boundary |
| Docsify | http://localhost:3333 | vagrant up --provision-with basetools,docsify |
My name is Riaan Nolan and I was born in South Africa. I started as a Web Developer in 2000 and progressed into Systems Administration with a strong focus on Automation, Infrastructure and Configuration as Code.
I have worked for multinational companies in Portugal, Germany, China, South Africa, United States, and Australia.
Please connect with me on LinkedIn or check out my Credly profile
A very special mention to HashiQube's contributors. Thank you all for your help, suggestions, and contributions, no matter how small! ❤️
- Thomas Cockin
- Konstantin Vanyushov
- Tristan Morgan
- Ringo Chan
- Ehsan Mirzaei
- Greg Luxford
- Byron Tuckett
- Lane Birmingham
- Devang Dhameliya
- Rajesh Cholleti
- Nel-Marie Nolan
- Adriana Villela
- Charle Van Der Walt
- JJ Badenhorst
- Jan Laubscher
- Nesar Uddin Rahid
- Ruaan Deysel
Videos were made with asciinema
asciinema rec -i 1
asciicast2gif -S 1 -s 2 tmp
![@dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=64&v=4){kind=small}
