- 0.1: Terraform 0.11, Consul >= 1.0
- 0.2: Terraform 0.12, Consul >= 1.0
- 0.3: Terraform 0.12, Consul >= 1.5
- Support Consul 1.5.x version
- Support TF 0.12.x version
- Deploy standalone or 3 node cluster
- Make initial setup of ACL on apply
- Deployed in ASG and may be rotated accordingly
- Can be used as primary DNS and settled in DHCP options
- Upgrade via server rotation
- stable IPs for DNS resolving and attachment
- attach via consul_env tag on instance (AWS auto join feature)
- auto-restart in case of service failure (but never happens)
- attach to NewRelic Infra if key provided
- no manage IAM policies inside module now, provide externally
- based on Amazon Linux 2, no custom AMIs
- run from non-root user with 53 port DNS support
| Variable | Type | Default | Description |
|---|---|---|---|
| short_name | bool | "con" | Host middle name. Better not touch it |
| use_acl | bool | true | Setup ACLs or not. Default true |
| consul_version | string | 1.5.3 | Version of Consul service to run. |
| consul_datacenter | string | Consul datacenter name | |
| consul_domain | string | "consul" | Consul domain name |
| consul_env_tag | string | consul_env tag value on instance. Can be same as env_name | |
| consul_recursors | list | ["8.8.8.8"] | List of recursors (extentions) for DNS resolving |
| base_search_ami | string | "amzn2-ami-hvm-*-x86_64-gp2" | AMI to search. Allow to pin fixed version. By default: upstream to latest Amazon Linux 2 image |
| standalone | bool | true | true - up 1 node consul, false - up 3 node consul |
| instance_size | string | Size of cluster, can be t_micro, t_small, t_medium, c_large | |
| subnet_ids | list | IDs of subnet in different availability zones | |
| iam_policies | list | ARNs of IAM policies to attach. At least Describe Instances and Manage Network Interface must be provided | |
| key_name | string | SSH key name in your AWS account for AWS instances | |
| private_key | string | "" | Private key to specified by key_name. Required only to set acl procedure |
| env_name | string | "" | Envrironment tag on instance and prefix letter in name |
| use_dhcp_options | bool | false | Set Consul as primary DHCP & DNS resolver. Can be switched only after initial deployment |
| dhcp_domain_name | string | "" | Domain name to set in DHCP options |
| dhcp_dns_servers | list | [""] | DNS servers to set in DHCP options |
| newrelic_key | string | "" | License key for NewRelic infrastructure. Attach in provided |
| Variable | Type | Description |
|---|---|---|
| master_token | string | Super admin token |
| agent_token | string | Agent token |
| admin_token | string | Admin token |
| encrypt_key | string | Encrypting key |
| asg_name | string | Name of ASG |
| asg_id | string | ASG id |
| launch_config_id | string | Launch configuration id |
| dns_resolver_ips | list | IPs of DNS resolvers |
| consul_join | list | Consul join list(string) |
Watch example for parametrization. No creation IAM policies inside - provide at least to Describe Tags and Manage Network Interfaces.
Why? To enable all features that Consul provide via DNS, including shortened / home (without datacenter) names
This feature manage DHCP options of the VPC which lead in case of failure to network error. Follow the instruction carefully and that will be OK.
- Initially deploy cluster with
use_dhcp_options = false - Insure that consul gets up and running, all nodes in cluster is green
- Change
use_dhcp_options = trueand apply one more time - You are ready to go
If you plan to destroy Consul, want to switch back, Consul cluster is fail:
- Go to AWS console
- Open VPC - DHCP settings and switch DHCP options set to previous one, deployed with your VPC
- Private SSH needed only for this feature. Provide it.
- Needed network connection to private network. Insure VPN is up
- Setup make by provisioner only on first apply. If you need re-setup -
taint null_resource.set_aclsfirst
Allways check the update on test cluster first. General Consul config may become incompatible
- Change
consul_versionto new one and make apply. Nothing breaks here - Terminate one instance via AWS console or CLI
- Wait new instance to up and running via ASG policy (usually it takes 1 minute to get up, up to 5 minute to trigger policy)
- Insure in AWS console that your instance has 2 IP assigned - rear, but happen. If it was re-scheduled too fast ENI may not re-attach
- If not: terminate on more time
- Rotate next
- Just terminate it