/rpi-hashi-ui

A modern user interface for @hashicorp Consul & Nomad

Primary LanguageJavaScriptMIT LicenseMIT

Hashi UI Build Status

Code Quality: Javascript Total Alerts

Join the chat at https://gitter.im/hashi-ui/Lobby Docker Stars Docker Pulls

An awesome user interface (even for mobile devices!) for HashiCorp Consul & Nomad, plain and simple :-)

Hashi UI

View more screenshots of Nomad & Consul interface

TOC

Why

For Nomad, it was quite simple, no mobile-optimized, (somewhat) feature-complete and live-updating interface existed.

For Consul, the built-in UI is decent, but lacks a variety of essential features:

  • Live update of Services, Nodes and Key/Value lists (nobody likes to refresh)
  • More API complete (e.g. unregister services and services checks directly from UI)
  • CAS (Check-And-Set) support in both Write and Delete actions for KV, preventing accidental modification or deleting of keys that have changed since you loaded them.
  • KV breadcrumbs could not be used for navigation
  • Sorting KV folders and keys separately (always folders first)
  • More inter-linking between services/nodes

Today the Consul and Nomad UI exist in the same binary, but do not "cross-talk" to each other, but long term goal is to integrate them even closer, so from Nomad Job UI you can see Consul health check status for the job tasks, and vice versa be able to cross-link between two otherwise distinct systems.

Long term, Vault support would be an amazing addition to the UI, contributions are more than welcome on this!

Usage

Until Hash-UI reaches 1.x, development efforts will focus on the latest versions of HashiCorp products

Download the latest release from the Github repository and start it with:

# if you got Nomad running on localhost
./hashi-ui-<os>-<arch> --nomad-enable

# if you got Nomad running on a specific Protocol/IP/Port
./hashi-ui-<os>-<arch> --nomad-enable --nomad-address http://IP:Port

# if you got Consul running on localhost
./hashi-ui-<os>-<arch> --consul-enable

# if you got Consul running on a specific IP/Port
./hashi-ui-<os>-<arch> --consul-enable  --consul-address IP:Port

# if you got nomad and Consul running on localhost
./hashi-ui-<os>-<arch> --nomad-enable --consul-enable

This will start the hashi-ui server that will try to connect to local nomad server. The frontend can be accessed on port 3000 by default. You can override this with the -listen-address.

Another way to run hashi-ui is through Docker. Run the following command to start a webserver that will serve the application.

# nomad only
docker run -e NOMAD_ENABLE=1 -e NOMAD_ADDR=... -p 8000:3000 jippi/hashi-ui
# consul only
docker run -e CONSUL_ENABLE=1 -e CONSUL_ADDR=... -p 8000:3000 jippi/hashi-ui
# consul only with https
docker run -e CONSUL_HTTP_TOKEN=one_ring -e CONSUL_HTTP_SSL_VERIFY=false -e CONSUL_HTTP_SSL=true CONSUL_ENABLE=1 -e CONSUL_ADDR=... -p 8000:3000 jippi/hashi-ui
# nomad + consul
docker run -e NOMAD_ENABLE=1 -e NOMAD_ADDR=... -e CONSUL_ENABLE=1 -e CONSUL_ADDR=... -p 8000:3000 jippi/hashi-ui

Check the releases page on GitHub to see which version is current.

The user interface will be accessible on localhost, port 8000. Adjust the Docker run parameters as needed. If you need to change the port that Nomad is listening on, you should do it with -e NOMAD_ADDR environment variable that contains both hostname and port.

Configuration

hashi-ui can be controlled by both ENV or CLI flags as described below

General Configuration

Environment CLI (--flag) Default Description
LOG_LEVEL log-level info Log level to use while running the hashi-ui server - (critical, error, warning, notice, info, debug)
PROXY_ADDRESS proxy-address <empty> (optional) The base URL of the UI when running behind a reverse proxy (ie: example.com/nomad/)
LISTEN_ADDRESS listen-address 0.0.0.0:3000 The IP + PORT to listen on
HTTPS_ENABLE https-enable false Use HTTPS instead of HTTP for Hashi-UI
SERVER_CERT server-cert <empty> Server certificate to use when HTTPS is enabled
SERVER_KEY server-key <empty> Server key to use when HTTPS is enabled
SITE_TITLE site-title <empty> Free-form text to be prepended to title-bar; eg. "Staging"
UPDATE_THROTTLE_DURATION throttle-update-duration <empty> Duration to sleep before polling Nomad/Consul for updates. Useful in busy clusters (example: 5s, 250ms)

Nomad Configuration

Environment CLI (--flag) Default Description
NOMAD_ENABLE nomad-enable false Use --nomad.enable or env NOMAD_ENABLE=1 to enable Nomad backend
NOMAD_ADDR nomad-address http://127.0.0.1:4646 Protocol + Host + Port for your Nomad instance
NOMAD_ACL_TOKEN nomad-acl-token <empty> The Nomad access token to use (optional)
NOMAD_READ_ONLY nomad-read-only false Should hash-ui allowed to modify Nomad state (stop/start jobs and so forth)
NOMAD_CACERT nomad-ca-cert <empty> (optional) path to a CA Cert file (remember to use https:// in NOMAD_ADDR if you enable TLS)
NOMAD_CLIENT_CERT nomad-client-cert <empty> (optional) path to a client cert file (remember to use https:// in NOMAD_ADDR if you enable TLS)
NOMAD_CLIENT_KEY nomad-client-key <empty> (optional) path to a client key file (remember to use https:// in NOMAD_ADDR if you enable TLS)
NOMAD_PORT_http <none> 0.0.0.0:3000 The IP + PORT to listen on (will overwrite LISTEN_ADDRESS)
NOMAD_HIDE_ENV_DATA nomad-hide-env-data false Whether Nomad env{} values should be hidden (will prevent updating jobs in the UI)
NOMAD_ALLOW_STALE nomad-allow-stale true Whether Hashi-UI should use stale mode when connecting to the nomad-api servers
NOMAD_COLOR nomad-color #4b9a7d Set the main color for nomad related screens.

Consul Configuration

Environment CLI (--flag) Default Description
CONSUL_ENABLE consul-enable false Use --consul-enable or env CONSUL_ENABLE=1 to enable Consul backend
CONSUL_ADDR consul-address 127.0.0.1:8500 Host + Port for your Consul server, e.g. localhost:8500` (Do not include protocol)
CONSUL_READ_ONLY consul-read-only false Should hash-ui be allowed to modify Consul state (modify KV, Services and so forth)
CONSUL_ACL_TOKEN consul-acl-token <empty> The Consul access token to use (optional)
CONSUL_HTTP_TOKEN <empty> <empty> Synonym for CONSUL_ACL_TOKEN
CONSUL_HTTP_SSL_VERIFY <empty> true Choose if you want your certificate to be verified (Likely to choose false if you have a custom SSL certificate)
CONSUL_HTTP_SSL <empty> false Enable HTTPS client to consul
CONSUL_CACERT <empty> <empty> (optional) path to a CA Cert file (remember to set CONSUL_HTTP_SSL to true)
CONSUL_CLIENT_CERT <empty> <empty> (optional) path to a client cert file (remember to set CONSUL_HTTP_SSL to true)
CONSUL_CLIENT_KEY <empty> <empty> (optional) path to a client key file (remember to set CONSUL_HTTP_SSL to true)
CONSUL_COLOR consul-color #694a9c Set the main color for consul related screens.

Running behind a Load Balancer

When Running Hashi UI behind AWS, an ALB is preferable as it supports HTTP websockets. Alternatively a NLB or ELB in 'TCP' mode will suffice.

Hashi-UI exposes a /_status endpoint that can be used to check the health of Nomad and Consul endpoints.

Running in Docker Compose

When running Hashi UI in Docker Compose, configure Consul with the following environment variable for Hashi UI's deregister button to work.

services:
  consul:
    image: consul
    environment:
      CONSUL_BIND_INTERFACE: eth0

Try

Nomad

You need a running nomad server to try Hashi UI:

nomad agent -server -client -bootstrap-expect 1 -data-dir /tmp/nomad

Now you can run Hashi UI in other terminal (we assume you have it in PATH):

hashi-ui-<os>-<arch> --nomad-enable

Open browser and visit http://127.0.0.1:3000.

Consul

You can run the Consul UI against the official HashiCorp Consul demo like this:

hashi-ui-<os>-<arch> --consul-enable --consul-address demo.consul.io

Open browser and visit http://127.0.0.1:3000.

Troubleshooting

  • Log lines like 19:25:54.105 nomad_hub.go:69 ▶ ERROR transport: websocket upgrade failed: websocket: could not find connection header with token 'upgrade' and the web interface is not working.
    • Ensure your load balancer is treating the services as TCP on port 80 (and SSL on 443). Websockets can't use HTTP/HTTPS mode.

Contributing & Development

If you would like to contribute (Thanks ! <3) please open a pull-request with your code change or a RFC issue.

See DEVELOPMENT.md for information on how to get started with hacking on hashi-ui.