Consul Deployment Guide Questions

Hi :wave:,

I recently started my path down learning terraform and consul, and I recently found a guide on Hashicorp consul deployments but there are some questions I have and struggling to accomplish the tasks in a dynamic environment with terraform where consul installation and server/clients agents are created dynamically. I’ve started to create a few bash scripts and run them via terraform but i’m having trouble figuring out how to share terraform variables with the scripts and vice versa storing values from the script into terraform variables/secret/exports etc.

My first questions are related to this section of this page:

  1. Does anyone have any terraform setup that they put together that encompass the Prepare the security credentials section of that document? I mainly want to study how folks go about dynamically storing, referencing the credentials and sharing them with other servers and clients that are also dynamically created with terraform.

  2. Can someone break this down for me, it’s in a subsection of the Prepare the security credentials where you share credentials to other consul agents however I cannot figure out when / how to use the command nor how to populate those variables via terraform:

scp consul-agent-ca.pem <dc-name>-<server/client>-consul-<cert-number>.pem <dc-name>-<server/client>-consul-<cert-number>-key.pem <USER>@<PUBLIC_IP>:/etc/consul.d/

The next questions are related to this section of this page:

  1. In the part where they populate the /etc/consul.d/consul.hcl, in a dynamic/automated scenario where several consul servers are being created by terraform how are you all populating these fields? If you have a terraform file to do so, can you please link to it so I can study it? I’m not sure how to get this done, but I really want to learn as I’d imagine it would be useful when I start digging into nomad later.

  2. In the data-center auto join subsection there is this added line to the consul.hcl they add this line to the fileretry_join = [""], and what i’m unsure about is how do you know which ip address to place here if your consul servers are being created dynamically on the fly via terraform? What if a different consul server is spun up before the on specified on that ip? how do you know which consul server ip address to chose?

  3. I noticed in the guide there is a section for creating a consul.hcl and consul-server.hcl, but not a consul-client.hcl, does that mean that it just so happens in that guide it will fallback to use the consul.hcl by default?

  4. Does the consul-server.hcl inherit configurationfrom the consul.hcl file?

The following question I have is related to this section:

  1. Does anyone have a terraform file that I can study for how they automate bootstrapping the ACL system? I’m having trouble structuring these tasks in terraform and working with the dynamism in terraform :frowning:

First thank you for reading this post and reading all the questions, I’m sorry if it’s a lot, but i’m hoping that these are some basic question for you all and that they aren’t too difficult to answer. As an aside if you have any terraform projects setting up consul i’d really love to look at them to see how folks structure their terraform + consul projects and stagger them based on the environment (Dev, Testing, Prod), manage generated credentials, etc.

Something to study.

Even if you are not using aws, the core concept of the Terraform configuration could help you understand the basics.

If I have some time I’ll try to answer some of your questions. But maybe someone is faster. :slight_smile:


Hi, @Wolfsrudel this is good resource but I think very confusing at the stage that i’m in. For a full project like that looking for more a tutorial that will go through building out the building blocks, otherwise it’s hard to understand the machinery in that repo

The two best books in town.

1 Like

@Wolfsrudel do you also have book recommendations on:

  • Devops (in general)
  • Linux (for devops use)

Just for Ansible

Ansible with Kubernetes

And Containers in common

“DevOps” as topic is to common. This could be all or nothing. You’ll have to be more specific.

For Kubernetes you could also read Nigel Poulton’s “The Kubernetes Book” and Kelsey Hightower’s “Kubernetes Up & Running”.

Oh, I didn’t realise all of Terraform in Action is now available! Cool! (Guess I should’ve looked beyond the estimated date for publication!)

Brikman’s book is excellent.

It is still in the making, but Scott did a great work so far. It’s a MEAP, so you pay the full price and get chapter per chapter while he is writing it.

1 Like