Server Configuration
The configuration files are stored as JSON files. Consul has built-in encryption support using a shared-secret system for the gossip protocol.
In the terminal, we can use the Consul command to generate a key of the necessary length and encoding as follows:
root@server1:~#consul keygen
EXz7LFN8hpQ4id8EDYiFoQ==
It should be the same for all the servers and clients in a datacenter. If it's different the consul members will refuse to join.
Create the first file in the /etc/consul.d/server directory in server1.example.com (IP Address: 192.168.1.11). Use the encryption key generated above as the value for the "encrypt" key in the JSON.
server1.example.com
root@server1:~#vim /etc/consul.d/server/config.json
{
"bind_addr": "192.168.1.11",
"datacenter": "dc1",
"data_dir": "/var/consul",
"encrypt": "EXz7LFN8hpQ4id8EDYiFoQ==",
"log_level": "INFO",
"enable_syslog": true,
"enable_debug": true,
"node_name": "ConsulServer1",
"server": true,
"bootstrap_expect": 3,
"leave_on_terminate": false,
"skip_leave_on_interrupt": true,
"rejoin_after_leave": true,
"retry_join": [
"192.168.1.11:8301",
"192.168.1.12:8301",
"192.168.1.13:8301"
]
}
More information on what each key means can be found in the documentation.
You should copy the contents of this configuration file to the other machines that will be acting as your Consul servers. Place them in the same location just like you did in the first server.
The only value you need to modify on the other servers is the IP addresses that it should attempt to listen on - the value of the 'bind_addr' key.
server2.example.com
root@server2:~#vim /etc/consul.d/server/config.json
{
"bind_addr": "192.168.1.12",
"datacenter": "dc1",
"data_dir": "/var/consul",
"encrypt": "EXz7LFN8hpQ4id8EDYiFoQ==",
"log_level": "INFO",
"enable_syslog": true,
"enable_debug": true,
"node_name": "ConsulServer2",
"server": true,
"bootstrap_expect": 3,
"leave_on_terminate": false,
"skip_leave_on_interrupt": true,
"rejoin_after_leave": true,
"retry_interval": "30s",
"retry_join": [
"192.168.1.11:8301",
"192.168.1.12:8301",
"192.168.1.13:8301"
]
}
server3.example.com
root@server3:~#vim /etc/consul.d/server/config.json
{
"bind_addr": "192.168.1.13",
"datacenter": "dc1",
"data_dir": "/var/consul",
"encrypt": "EXz7LFN8hpQ4id8EDYiFoQ==",
"log_level": "INFO",
"enable_syslog": true,
"enable_debug": true,
"node_name": "ConsulServer3",
"server": true,
"bootstrap_expect": 3,
"leave_on_terminate": false,
"skip_leave_on_interrupt": true,
"rejoin_after_leave": true,
"retry_interval": "30s",
"retry_join": [
"192.168.1.11:8301",
"192.168.1.12:8301",
"192.168.1.13:8301"
]
}
Starting the cluster
Now we have everything in place to get a consul cluster up and running.
Start server1.example.com first.
root@server1:~#su consul
consul@server1:~$consul agent -config-dir /etc/consul.d/server/
==> WARNING: Expect Mode enabled, expecting 3 servers
==> Starting Consul agent...
==> Starting Consul agent RPC...
==> Joining cluster...
Join completed. Synced with 1 initial agents
==> Consul agent running!
Node name: 'ConsulServer1'
Datacenter: 'dc1'
Server: true (bootstrap: false)
Client Addr: 127.0.0.1 (HTTP: 8500, HTTPS: -1, DNS: 8600, RPC: 8400)
Cluster Addr: 192.168.1.11 (LAN: 8301, WAN: 8302)
Gossip encrypt: true, RPC-TLS: false, TLS-Incoming: false
Atlas: <disabled>
The service should start up and occupy the terminal window. It will attempt to connect to the two other servers and keep retrying until they are up.
Now start Consul in the other two servers (server2.example.com, server3.example.com) in the same manner.
server2.example.com
root@server2:~#su consul
consul@server2:~$consul agent -config-dir /etc/consul.d/server/
==> WARNING: Expect Mode enabled, expecting 3 servers
==> Starting Consul agent...
==> Starting Consul agent RPC...
==> Joining cluster...
Join completed. Synced with 1 initial agents
==> Consul agent running!
Node name: 'ConsulServer2'
Datacenter: 'dc1'
Server: true (bootstrap: false)
Client Addr: 127.0.0.1 (HTTP: 8500, HTTPS: -1, DNS: 8600, RPC: 8400)
Cluster Addr: 192.168.1.12 (LAN: 8301, WAN: 8302)
Gossip encrypt: true, RPC-TLS: false, TLS-Incoming: false
Atlas: <disabled>
server3.example.com
root@server3:~#su consul
consul@server3:~$consul agent -config-dir /etc/consul.d/server/
==> WARNING: Expect Mode enabled, expecting 3 servers
==> Starting Consul agent...
==> Starting Consul agent RPC...
==> Joining cluster...
Join completed. Synced with 1 initial agents
==> Consul agent running!
Node name: 'ConsulServer3'
Datacenter: 'dc1'
Server: true (bootstrap: false)
Client Addr: 127.0.0.1 (HTTP: 8500, HTTPS: -1, DNS: 8600, RPC: 8400)
Cluster Addr: 192.168.1.13 (LAN: 8301, WAN: 8302)
Gossip encrypt: true, RPC-TLS: false, TLS-Incoming: false
Atlas: <disabled>
These servers (server2.example.com, server3.example.com) will connect to the server1.example.com, completing the cluster with one of the servers as the leader and the other two as followers.
You can see the members of the cluster (servers and clients) by asking consul for its members on any of the machines:
root@server3:~#consul members
| Node | Address | Status | Type | Build | Protocol | DC |
|---|---|---|---|---|---|---|
| ConsulServer1 | 192.168.1.11:8301 | alive | server | 0.6.4 | 2 | dc1 |
| ConsulServer2 | 192.168.1.12:8301 | alive | server | 0.6.4 | 2 | dc1 |
| ConsulServer3 | 192.168.1.13:8301 | alive | server | 0.6.4 | 2 | dc1 |
The cluster is fully operational now and applications can connect. We'll configure and start the client next.