How to Setup Consul through the OSM Ansible Role

Are you searching for service discovery or a service mesh tool for a distributed environment?

Did you find any with easy installation? Not yet!! Think fast….It’s just a piece of cake.YES! NO! Calm down because I got it !!!!

A few days back we got a requirement where we had to setup multiple services on multiple servers and in a cluster mode….So now the question arises how will the services be auto discovered? how will we get to know the health check of the service? and above all how to restrict users on different services. After a lot of research, I came across a tool named as consul. But now another stumbling block arises HOW TO SETUP IT? 

Your answer might be just go ahead and download the binary on every server, if that’s what you’re thinking…then STOP! Because doing it manually on plenty of servers is time-consuming and also not an efficient way. So, I thought of using a configuration management tool that is none other than ansible. Then there were roles that were already present in the market but some have the hard coded encryption key, some were not generating the bootstrap token and also they were not easy to understand. None of the roles fulfilled the requirement. 

So, I thought of creating an ansible role with features like, enabling ACL and generating a bootstrap token, and an encryption key with easy-to-understand language. 

In this blog, I have explained the OT-OSM consul ansible role

Without any delay let’s get started!!!

Now you might be thinking what is consul?

What is Consul?

So, Consul is a hashicorp tool that is known for service discovery, does regular health checks of the services, load balancing, key/value store for dynamic configuration, and provides an interactive web UI. It also comes with a built-in feature to detect failing nodes (which is a pretty hectic task in a distributed environment) and distribute this information across the whole cluster. And still, the list doesn’t end here, it is a platform-independent tool also.   

Consul with OSM Ansible Role 

Now firstly, let’s make you familiar with OT-OSM i.e., It is an open source project of Opstree where people from our organization contribute to it so that anybody can use it. 

Our OT-OSM ansible role will automate the installation and configuration of Consul Server on Ubuntu 18 and above.

Running this role will perform the following tasks on Ansible hosts:

  • Install consul with 1.8.4 version and above
  • Cluster configuration for consul server on host machines
  • Standalone setup for consul server
  • Generating encryption key 
  • Enabling ACL and generating the bootstrap token 

THINGS TO BE KEPT IN MIND BEFORE RUNNING ROLE 

Role has defined variables at vars or default location to externalize some configuration and make the role more reusable. 

Variables present in vars/main.yml are dynamic and can be modified by the user. 

consul_version: 1.8.4
consul_data_path: /var/lib/consul
consul_datacenter: dc1
acl_enable: false
consul_acl_default_policy: deny
consul_keygenerate_file: /opt/consul_keygenerate
consul_acl_file: /opt/acl_token
local_acl_dest: /tmp/consul_acl
local_key_dest: /tmp/consul_key

For ACL feature i.e., Access Control List (ACL)

Consul uses Access Control Lists (ACLs) to secure access to the UI, API, CLI, service communications, and agent communications.  For securing the data centers ACLs are used. 

So, by default in this ansible role the ACL feature is disabled. It can be enabled based on user requirements, for enabling it you have to change the acl_enable variable value from false to true in vars/main.yml.

After this, a bootstrap token will be generated on one master node and the same token will be saved on the controller machine for the later requirement. 

For using role the inventory must be in the format of :

[consul-server]
server1 ansible_host=ip/dns 
server2 ansible_host=ip/dns
server3 ansible_host=ip/dns 

[consul-server:vars]
ansible_user=ubuntu
ansible_ssh_private_key_file=path

USAGE:

  • For running the role execute the below command :
ansible-playbook -i inventory playbook.yml

CONCLUSION

The scope of the role is a basic implementation of the Consul cluster and standalone setup with best practices for installation, configuration, ACL, and encryption key. For more information, you can go through README.md of the role. 

Further, many more features will be added to the role like client setup and policies. 

And if anyone has any requirement that this role fails to fulfill, feel free to raise an issue on the GitHub repository or you can drop comments here as well. Let us know about your experience with the role and your suggestions.

Au revoir, bonne journee!!

Blog Pundit: Bhupender rawat and Sandeep Rawat

Opstree is an End to End DevOps solution provider.

Connect with Us

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: