Configuring A Production Ready HA Consul Cluster

HashiCorp’s Consul is a tool for discovering and configuring services in your infrastructure.  It can provide Service Discovery, Health Checking, Key/Value Store and Multi-Datacenter support.

Consul is a distributed, highly available system.  Consul runs agents of systems providing services to consul.

Getting Started

It is recommended to utilize a cluster size of 3 or 5 nodes in each datacenter to help avoid data loss in the event of a server failure.   Consul servers are the component that does the heavy lifting.  The store information about services and key/value pair information.  An odd number of servers in necessary to avoid stalemate issues during leader election.

Apart from the consul servers, other machines can run consul agents.  Consul agents are very light-weight and simply forward requests to the servers.  They provide a method of insulating your servers and offload the responsibility of knowing the servers’ addresses to the agents themselves.

For us to implement some of the security mechanisms in a later guide, we need to name all of the machines within a single domain.  This is so that we can issue a wildcard SSL cerificate at a later time.

The details of the machines are:

Hostname IP Address Role
server1.example.com 192.0.2.1 Bootstrap consul server
server1.example.com 192.0.2.2 consul server
server3.example.com 192.0.2.3 consul server
agent1.example.com 192.0.2.50 consul client

Download and Install Consul

We will be using Ubuntu 14.04 64-bit server edition for this demonstration, but any modern linux server should work equally well.  When the configuration is complete, you should have a system in place that will allow you to easily add services, checks and nodes.

Before we look at the Consul application, we need to install unzip so that we can unzip the archive.  Be sure to login as root.

apt-get update
apt-get install unzip

Now, we can go about getting the Consul program.  The Consul project page provides download links to binary packages for Windows, OS X and Linux.  Go to the Consul site, find the binary you need and copy the link address from the download page.

In your terminal, move to the /usr/local/bin directory, and we will use wget to download the binary, which in our case is the 64bit version of the linux binary:

cd /usr/local/bin
wget https://releases.hashicorp.com/consul/0.7.2/consul_0.7.2_linux_amd64.zip

Now, we extract the binary and cleanup the archive

unzip consul_0.7.2_linux_amd64.zip
rm -f consul_0.7.2_linux_amd64.zip

You should now have access to the consul command.  Which can be tested by typing in consul on the command line.