How do we run consul within nomad using docker instead of using raw_exec driver and how can we make it auto discover say a web server say apache?
Are you asking about consul connect?
Hi @KK123 
Are you looking to run a Consul agent as a Nomad job using the Docker driver? You can use the official Consul Docker image and create a Nomad job based off that.
But if you use it as your local Consul agent for Nomad I would caution you that this could create a circular dependency between Nomad and Consul, so I wouldn’t recommend this.
If instead you are trying to connect to your local Consul agent from withing a Docker task you have two options:
- Use the
hostnetwork mode in your task, this way it will be able to reach your localhost Consul since the task is now in the host network namespace. The downside is that the task will be able to access any service in your host, so make sure it’s a trusted task
- Configure your Consul agent to listen on a specific network interface using the
client_addrconfig. By default, the Consul API is only available in the loopback interface, which is not accessible from within a task. By binding to a specific IP you will be able to access Consul by connecting to that IP. But make sure you use a private interface (otherwise your Consul API will be exposed) and that you update other configuration that expect Consul to be listening inlocalhostaccordingly.
Could you expand a little bit on this?
In general, Consul doesn’t auto-discover services, you need to manually specify them. Nomad helps you with this by providing the service block. If you put this in your job, Nomad will automatically register a service for you in Consul.
1 Like
Yes if i run this i am wondering how consul will auto discover another service running in nomad say apache web server running as a podman container?
I think i have got the service block part you mentioned
The one thing i was not sure was how it will work with podman since i think under podman we get a 10.88.0.0/16 network space and what would we need to enable in the consul job so that the consul podman container can see the apache podman container?
Got this working with nomad and consul using docker apache container.
I think podman is something i need to understand probably i might have to use network mode bridge but i understand that is not yet supported by podman driver is that right?
The Nomad agent running in the client that has the allocation will register the apache service against the local Consul agent, which will then replicate it to the other Consul agents.
Do you need your podman container to talk directly with Consul? Usually for service discovery you can use a template to render out information from Consul services into your task. So, for example, an Apache task could have a template that would render a configuration file with <IP>:<port> information pulled from Consul.
In this scenario, only the Nomad agent would need to be able to talk to Consul.
Yeah, it doesn’t seem like it (Support network bridge mode · Issue #36 · hashicorp/nomad-driver-podman · GitHub). But bridge network mode would isolate your task netwkoring. Is this what you want?