I recently started my path down learning terraform and consul, and I recently found a guide on Hashicorp consul deployments but there are some questions I have and struggling to accomplish the tasks in a dynamic environment with terraform where consul installation and server/clients agents are created dynamically. I’ve started to create a few bash scripts and run them via terraform but i’m having trouble figuring out how to share terraform variables with the scripts and vice versa storing values from the script into terraform variables/secret/exports etc.
My first questions are related to this section of this page:
Does anyone have any terraform setup that they put together that encompass the
Prepare the security credentialssection of that document? I mainly want to study how folks go about dynamically storing, referencing the credentials and sharing them with other servers and clients that are also dynamically created with terraform.
Can someone break this down for me, it’s in a subsection of the
Prepare the security credentialswhere you share credentials to other consul agents however I cannot figure out when / how to use the command nor how to populate those variables via terraform:
scp consul-agent-ca.pem <dc-name>-<server/client>-consul-<cert-number>.pem <dc-name>-<server/client>-consul-<cert-number>-key.pem <USER>@<PUBLIC_IP>:/etc/consul.d/
The next questions are related to this section of this page:
In the part where they populate the
/etc/consul.d/consul.hcl, in a dynamic/automated scenario where several consul servers are being created by terraform how are you all populating these fields? If you have a terraform file to do so, can you please link to it so I can study it? I’m not sure how to get this done, but I really want to learn as I’d imagine it would be useful when I start digging into nomad later.
In the data-center auto join subsection there is this added line to the
consul.hclthey add this line to the file
retry_join = ["172.16.0.11"], and what i’m unsure about is how do you know which ip address to place here if your consul servers are being created dynamically on the fly via terraform? What if a different consul server is spun up before the on specified on that ip? how do you know which consul server ip address to chose?
I noticed in the guide there is a section for creating a
consul-server.hcl, but not a
consul-client.hcl, does that mean that it just so happens in that guide it will fallback to use the
consul-server.hclinherit configurationfrom the
The following question I have is related to this section:
- Does anyone have a terraform file that I can study for how they automate bootstrapping the ACL system? I’m having trouble structuring these tasks in terraform and working with the dynamism in terraform
First thank you for reading this post and reading all the questions, I’m sorry if it’s a lot, but i’m hoping that these are some basic question for you all and that they aren’t too difficult to answer. As an aside if you have any terraform projects setting up consul i’d really love to look at them to see how folks structure their terraform + consul projects and stagger them based on the environment (Dev, Testing, Prod), manage generated credentials, etc.