Marc  Cluet  

https://www.flickr.com/photos/kiasog/8734222880  

Who am I?

Marc  Cluet  (@lynxman)    Grumpy  Engineer  based  in  London  Co-­‐Founder  of  Ukon  Cherry  Head  of  Operations  at  Gluru  17  years  of  experience  as  a  SysAdmin  Founding  member  of  Juju  and  MAAS  while  at  Canonical  Built  a  DevOps  Engineering  Team  at  Rackspace  Been  DevOps’in  for  the  last  5  years  

Who am I?

http://www.meetup.com/London-­‐DevOps/  

What is Consul?

https://www.flickr.com/photos/granada_turnier/5768809690/  

What is Consul?

It’s  a  Service  Discovery  System  

What is Service Discovery?

Service  Node  A  

Service  Publication  

Service  Node  B  

Service  Node  C  

What is Service Discovery?

Service  Node  A  

Health  Check  

Discovery  Agent  

Discovery  Agent  

Service  Node  B  

Health  Check  

Service  Publication  

Node  A   Node  B  

Consul Architecture

Client  

Consul  Server  

Consul  Server  

Consul  Server  

Client  Client  Client  

Consul  Server  

Consul Architecture

Client  

Consul  Server  

Consul  Server  

Consul  Server  

Client  Client  Client  

Consul  Server  

WAN  Gossip  

LAN  Gossip  

Bender Approved

Consul Functionality

https://www.flickr.com/photos/jdhancock/3580515232  

Consul functionality

It’s  a  service  discovery  system  •  Publishes  DNS  •  k/v  Storage  •  Service  Publication  •  Health  Checks  •  HTTP  RESTful  API  •  With  Encryption!  

Consul DNS publisher

Port  8600    Use  dnsmasq:  server=/consul/127.0.0.1#8600  

Consul DNS publisher

service  name:  web  zone:  eu-­‐west-­‐1    <servicename>.service.<zone>.consul    web.service.eu-­‐west-­‐1.consul  

Consul DNS publisher

node  name:  web01  zone:  eu-­‐west-­‐1    <nodename>.<zone>.consul    web01.eu-­‐west-­‐1.consul  

Consul DNS publisher

API  FRIENDLY!    /v1/catalog/  /v1/catalog/datacenters/  /v1/catalog/nodes/  /v1/catalog/services/<servicename>  /v1/catalog/service/<name>  /v1/catalog/node/<nodename>  

k/v Storage

/v1/kv/<key>    GET  PUT  DELETE    Limited  to  256kb   https://www.flickr.com/photos/victoriabernal/6294851265  

Service Publication{      "service":  {          "name":  ”web",          "tags":  [”my  web"],          "port":  80,          "check":  {              "script":  "/usr/lib/nagios/check_http",              "interval":  "10s"          }      }  }  

Service Publication

Service  Node  A  

Service  Node  B  

Service  Node  C  

web.service.eu-­‐west-­‐1.consul  10.10.10.10  10.10.10.11  10.10.10.12  

Service Publication

Service  Node  A  

Service  Node  B  

Service  Node  C  

web.service.eu-­‐west-­‐1.consul  10.10.10.10  10.10.10.11  10.10.10.12  

Service Publication

Service  Node  A  

Service  Node  B  

Service  Node  C  

web.service.eu-­‐west-­‐1.consul  10.10.10.10  10.10.10.11  10.10.10.12  

Service Publication

Caveats  •  Can  remove  ALL  

servers  •  Check  needs  to  be  

solid  

Health Checks

{      "check":  {          "id":  "mem-­‐util",          "name":  "Memory  utilization",          "script":  "/usr/local/bin/check_mem.py",          "interval":  "10s"      }  }  

Health Checks

Caveats  •  Can  remove  the  

server  and  all  services  

•  Check  needs  to  be  solid  

The Monitoring Questionhttps://www.flickr.com/photos/okeos/110365446  

HTTP RESTful API

/v1/kv/  /v1/agent/  /v1/catalog/  /v1/health/  /v1/session/  /v1/acl/  /v1/status/  

Encryption

Separate  encryption  for  different  traffic  

•  Gossip  Encryption  

•  RPC  TLS  Encryption  

https://www.flickr.com/photos/ideonexus/5175383269  

Gossip Encryption

KPI  Encryption    $  consul  keygen  cg8StVXbQJ0gPvMd9o7yrg==  

RPC TLS Encryption

Special Mention

consul  watch  -­‐type  [  key    [params]  script                      event                    services                    nodes                    checks  ]  

Special Mention

API  Blocking  Queries  

Useful Resources

https://www.flickr.com/photos/florianric/7263382550  

Config Mgmt

Puppet  https://forge.puppetlabs.com/KyleAnderson/consul  https://forge.puppetlabs.com/lynxman/hiera_consul  

 Chef  https://supermarket.chef.io/cookbooks/consul  

 

Config Mgmt

Ansible  https://galaxy.ansible.com/list#/roles/2032  https://galaxy.ansible.com/list#/roles/1453  

 SaltStack  ???  

Hashicorp Tools

EnvConsul  https://github.com/hashicorp/envconsul  Consul  Replicate  https://github.com/hashicorp/consul-­‐replicate  Consul  Template  https://github.com/hashicorp/consul-­‐template  

Consul Ecosystem

Confd  Consulate  Crypt  Docker  Consul  Registrator    More  at  http://www.consul.io/downloads_tools.html      

https://www.flickr.com/photos/tjflex/7646164470  

DEMO TIME!

https://www.flickr.com/photos/digitizedchaos/3964206549  

Useful Links

Consul  Documentation  http://www.consul.io/docs/index.html    Consul  Mailing  List  https://groups.google.com/forum/#!forum/consul-­‐tool  

 Consul  Open  Issues  https://github.com/hashicorp/consul/issues  

https://www.flickr.com/photos/mikko_luntiala/12691267935  

https://www.flickr.com/photos/dullhunk/202872717  

@lynxman

http://slideshare.net/lynxmanuk/

https://github.com/lynxman/

https://devroot.org/