Consul Cheat Sheet

Quickstart

Example: create a 3 Node Consul cluster + 1 Client running Splunk service (monitoring Splunk Service from Consul)

Server Cluster Config

    1. yum install consul

    2. generate secure key (place in "encrypt" key)

    3. consul keygen

    4. UAvkAzdjGfQ7J2NlgkrJMA==

    5. Create Consul dirs

  1. mkdir -p /etc/consul.d/server

    1. mkdir /var/consul

    2. add 'consul' user + group

    3. groupadd consul

    4. useradd consul -g consul

Startup Service

Consul Service (place in /usr/lib/systemd/system/consul.service)

[Unit]

Description=Consul Agent

Requires=network-online.target

After=network.target

[Service]

User=consul

Group=consul

ExecStartPre=[ -f "/var/consul/consul.pid" ] && /usr/bin/rm -f /var/consul/consul.pid

ExecStart=/usr/bin/consul agent -config-dir=/etc/consul.d

-config-file=/etc/consul.d/server/consul.json

Restart=on-failure

[Install]WantedBy=multi-user.target

    1. Change permissions

    2. chown -R consul:consul /var/consul

    3. create new Bootstrap config, place into /etc/consul.d/server/consul.json

      1. {

      2. "bind_addr":"<IP OF BOOSTRAP HOST>",

      3. "data_dir":"/var/consul",

      4. "server": true,

      5. "ui": true,

      6. "bootstrap": true,

      7. "retry_join":["<IP BOOTSTRAP>","<IP CONSUL#2", "IP CONSUL#3"],

      8. "datacenter":"nyc",

      9. "encrypt":"UAvkAzdjGfQ7J2NlgkrJMA==",

      10. "enable_syslog": false,

      11. "pid_file":"/var/consul/consul.pid"

      12. }

    4. Place Startup Service (see Startup Service section) into /usr/lib/systemd/system/consul.service

    5. Do the same for 2 remaining servers, in the Config change "bootstrap": true to false

    6. Add UI configuration

    7. vim /etc/consul.d/ui.json

    8. { "addresses": { "http": "0.0.0.0" }}

    9. Start service, Web console should be up at <IP>:8500

    10. Client Config

    11. Create a Client config to connect to Consul cluster

    12. on Client host:

    13. vim /etc/consul.d/client/consul.json

    14. {

    15. "bind_addr":"<IP OF CLIENT HOST>",

    16. "data_dir":"/var/consul",

    17. "server": false,

    18. "ui": false,

    19. "bootstrap": false,

    20. "retry_join":["<IP BOOTSTRAP>","<IP CONSUL#2", "IP CONSUL#3"],

    21. "datacenter":"nyc",

    22. "encrypt":"UAvkAzdjGfQ7J2NlgkrJMA==",

    23. "enable_syslog": false,

    24. "enable_script_checks" : true,

    25. "pid_file":"/var/consul/consul.pid"

    26. }

    27. Add startup service

    28. Try starting Client consul service, if getting

    29. No installed keys could decrypt the message

    30. make sure /var/consul/serf/local.keyring values match across ALL nodes (servers and clients)

    31. Once Client starts, check Consul for members (on any of the Servers). Should show the new Client

    32. add Service monitoring Config for Splunk

systemctl enable consul.service

systemctl daemon-reload

systemctl start consul.service

Add Service for Monitoring

Example: Check Teamcity service

On service agent on Teamcity host, in /etc/consul.d, create service_name.json, for example, teamcity.json.

This wlll run a curl to the service every 10 seconds and check service

{

"ID": "teamcity",

"name": "teamcity",

"address": "192.168.56.10",

"port": 8111,

"tags": ["teamcity", "demonstration"],

"check": { "script":"curl localhost:8111 > /dev/null 2>&1", "interval":"10s" }

}

add service json to consul for monitoring,

curl -X PUT -d @teamcity.json http://localhost:8500/v1/agent/service/register

Consul CLI

validate config

generate Master token

consul validate /etc/consul.d/*

run CLI on

Show cluster members

consul members

use CLI on specific interface

consul members --http-addr=10.185.20.180:8500

Consul API

register a service (run on a Consul server host)

curl -X PUT -d '{"datacenter": "nyc", "Node": "splunksh01", "Address": "https://splunksh01.vagrant.local", "service": {"service": "splunk", "Port": 8089}}' http://127.0.0.1:8500/v1/catalog/register

deregister a service

curl -X PUT -d '{"datacenter": "nyc", "Node": "splunksh01"}' http://127.0.0.1:8500/v1/catalog/deregister

query all available services

curl http://<IP of Client>:8500/v1/catalog/services?pretty

check Service health of a Node

curl http://10.185.20.180:8500/v1/health/node/mrxsplunksh01.vagrant.local

[{"Node":"mrxsplunksh01.vagrant.local","CheckID":"serfHealth","Name":"Serf Health Status","Status":"passing","Notes":"","Output":"Agent alive and reachable","ServiceID":"","ServiceName":"","ServiceTags":[],"CreateIndex":63,"ModifyIndex":63},{"Node":"mrxsplunksh01.vagrant.local","CheckID":"service:splunk2","Name":"Service 'splunk2' check","Status":"warning","Notes":"","Output":"","ServiceID":"splunk2","ServiceName":"splunk2","ServiceTags":["splunk"],"CreateIndex":64,"ModifyIndex":307}]