How to verify that consul started properly

munali · August 18, 2020, 6:29pm

I am deploying consul to AWS EC2 instance that has resolvers in /etc/resolv.conf.

The consul agent will recurse to these resolvers, and I would like to update /etc/resolv.conf to point to consul after it has started, ie. remove the original nameservers and then add in

nameserver 127.0.0.1

However, since the consul command runs forever if it succeeds, I am not sure how to tell when to update the /etc/resolv.conf to point to consul.

Any suggestions?

munali · August 20, 2020, 2:05am

Looks like I was setting up the systemd unit file in a way that was causing it to be in an “Activating” state forever.

Though, the command “consul members” displayed that the node was part of the datacenter. Thus it seems that consul had started properly. The following was causing “systemd start consul.service” to block indefinitely.

[Service]
…
Type=notify
ExecStart=usr/bin/sudo /usr/local/bin/consul agent

When I changed type to simple:
Type=simple

or stopped using Sudo:
ExecStart= /usr/local/bin/consul agent

The command “systemd start consul.service” does not hang forever in “Activating” state.

blake · August 20, 2020, 4:15am

Hi @munali,

When type=notify is used, Consul will wait until it has properly joined one of the agents specified in either join or retry_join before signaling to systemd that the process has successfully started (this is mentioned in Consul Deployment Guide: Configure systemd).

I’m not sure why the signal was sent in your environment. Changing the ExecStart type to simple or exec as you have done is a viable workaround. However, it is probably still worth investigating why the notify did not properly reach systemd.

munali · August 20, 2020, 1:34pm

Hi @blake,

If I remove the sudo bit from ExecStart, and keep “Notify” it still works. So I think it has something to do with the sudo command. But I am not sure why. Any ideas how to debug furthur?

e.g. This works:
[Service]
…
Type=notify
ExecStart=/usr/local/bin/consul agent

blake · August 20, 2020, 7:35pm

@munali,

I suspected sudo might be causing issues here. If your intention is run Consul as the root user, then you do not actually need to use sudo. By default systemd will execute processes as the root user.

If you need to run Consul as a specific user and/or group, you can use systemd’s User= or Group= directives.

munali · September 9, 2020, 7:52pm

@blake,

I was able to resolve this by removing the “sudo” in the ExecStart and instead enabling the capabilities I needed:

AmbientCapabilities=CAP_NET_BIND_SERVICE

Topic		Replies	Views
Single node consult fails to start Consul	2	23	October 11, 2024
Consul Clustering .service Questions Consul	3	390	November 16, 2020
Starting snapshot agent with systemd Consul consul-snapshot	1	778	September 23, 2020
Can't start consul as service Consul consul	0	786	October 18, 2023
Configure consul with systemd and environmental file Consul	1	2847	December 14, 2021

How to verify that consul started properly

Related topics