Consul Cheat Sheet
Quickstart
Example: create a 3 Node Consul cluster + 1 Client running Splunk service (monitoring Splunk Service from Consul)
Server Cluster Config
yum install consul
generate secure key (place in "encrypt" key)
consul keygen
UAvkAzdjGfQ7J2NlgkrJMA==
Create Consul dirs
mkdir -p /etc/consul.d/server
mkdir /var/consul
add 'consul' user + group
groupadd consul
useradd consul -g consul
Startup Service
Consul Service (place in /usr/lib/systemd/system/consul.service)
[Unit]
Description=Consul Agent
Requires=network-online.target
After=network.target
[Service]
User=consul
Group=consul
ExecStartPre=[ -f "/var/consul/consul.pid" ] && /usr/bin/rm -f /var/consul/consul.pid
ExecStart=/usr/bin/consul agent -config-dir=/etc/consul.d
-config-file=/etc/consul.d/server/consul.json
Restart=on-failure
[Install]WantedBy=multi-user.target
Change permissions
chown -R consul:consul /var/consul
create new Bootstrap config, place into /etc/consul.d/server/consul.json
{
"bind_addr":"<IP OF BOOSTRAP HOST>",
"data_dir":"/var/consul",
"server": true,
"ui": true,
"bootstrap": true,
"retry_join":["<IP BOOTSTRAP>","<IP CONSUL#2", "IP CONSUL#3"],
"datacenter":"nyc",
"encrypt":"UAvkAzdjGfQ7J2NlgkrJMA==",
"enable_syslog": false,
"pid_file":"/var/consul/consul.pid"
}
Place Startup Service (see Startup Service section) into /usr/lib/systemd/system/consul.service
Do the same for 2 remaining servers, in the Config change "bootstrap": true to false
Add UI configuration
vim /etc/consul.d/ui.json
{ "addresses": { "http": "0.0.0.0" }}
Start service, Web console should be up at <IP>:8500
Client Config
Create a Client config to connect to Consul cluster
on Client host:
vim /etc/consul.d/client/consul.json
{
"bind_addr":"<IP OF CLIENT HOST>",
"data_dir":"/var/consul",
"server": false,
"ui": false,
"bootstrap": false,
"retry_join":["<IP BOOTSTRAP>","<IP CONSUL#2", "IP CONSUL#3"],
"datacenter":"nyc",
"encrypt":"UAvkAzdjGfQ7J2NlgkrJMA==",
"enable_syslog": false,
"enable_script_checks" : true,
"pid_file":"/var/consul/consul.pid"
}
Add startup service
Try starting Client consul service, if getting
No installed keys could decrypt the message
make sure /var/consul/serf/local.keyring values match across ALL nodes (servers and clients)
Once Client starts, check Consul for members (on any of the Servers). Should show the new Client
add Service monitoring Config for Splunk
systemctl enable consul.service
systemctl daemon-reload
systemctl start consul.service
Add Service for Monitoring
Example: Check Teamcity service
On service agent on Teamcity host, in /etc/consul.d, create service_name.json, for example, teamcity.json.
This wlll run a curl to the service every 10 seconds and check service
{
"ID": "teamcity",
"name": "teamcity",
"address": "192.168.56.10",
"port": 8111,
"tags": ["teamcity", "demonstration"],
"check": { "script":"curl localhost:8111 > /dev/null 2>&1", "interval":"10s" }
}
add service json to consul for monitoring,
curl -X PUT -d @teamcity.json http://localhost:8500/v1/agent/service/register
Consul CLI
validate config
generate Master token
consul validate /etc/consul.d/*
run CLI on
Show cluster members
consul members
use CLI on specific interface
consul members --http-addr=10.185.20.180:8500
Consul API
register a service (run on a Consul server host)
curl -X PUT -d '{"datacenter": "nyc", "Node": "splunksh01", "Address": "https://splunksh01.vagrant.local", "service": {"service": "splunk", "Port": 8089}}' http://127.0.0.1:8500/v1/catalog/register
deregister a service
curl -X PUT -d '{"datacenter": "nyc", "Node": "splunksh01"}' http://127.0.0.1:8500/v1/catalog/deregister
query all available services
curl http://<IP of Client>:8500/v1/catalog/services?pretty
check Service health of a Node
curl http://10.185.20.180:8500/v1/health/node/mrxsplunksh01.vagrant.local
[{"Node":"mrxsplunksh01.vagrant.local","CheckID":"serfHealth","Name":"Serf Health Status","Status":"passing","Notes":"","Output":"Agent alive and reachable","ServiceID":"","ServiceName":"","ServiceTags":[],"CreateIndex":63,"ModifyIndex":63},{"Node":"mrxsplunksh01.vagrant.local","CheckID":"service:splunk2","Name":"Service 'splunk2' check","Status":"warning","Notes":"","Output":"","ServiceID":"splunk2","ServiceName":"splunk2","ServiceTags":["splunk"],"CreateIndex":64,"ModifyIndex":307}]