Register consul as consul service

Hi!

Nomad: 1.2.6 (install by ansible community role)
Consul: 1.11.3 (install by ansible community role)
Consul Connect enable

I would like to register my consul port 8500 as consul service for service mesh :crazy_face:

I have an app needs to access to consul on port 8500. But this app is in consul connect ring.
In my nomad job network is in mode “bridge” . But when I try to curl consul services in container, I cannot…

I try to register consul like this json:

{
    "id": "consuldb",
    "name": "consuldb",
    "port": 8500,
    "enable_tag_override": false,
    "kind": "connect-proxy",
    "proxy": {
      "destination_service_name": "consuldb",
      "local_service_port": 8500,
      "mode": "transparent",
      "config": {},
      "upstreams": [],
      "mesh_gateway": {
        "mode": "local"
      }
    },
    "connect": {
      "native": false,
      "sidecar_service": {}
    }
  }
curl --request PUT --data @consuldb.json localhost:8500/v1/agent/service/register

No service appears in consul UI.

I tried to register with ansible module as simple is possible.

  - name: Add service consul
    community.general.consul:
      service_name: "consuldb"
      service_port: 8500
      state: present

But finally, when I tried inside container:

curl 127.0.0.1:8500
curl: (56) Recv failure: Connection reset by peer

What I can do?

Thanks and help :ring_buoy:

Hi @fred-gb I might not be understanding your question correctly, but consul is already registered as a service inside the mesh when stood up.

So if if you want to wanted to query Consul itself through Consul DNS you could simply do this:

I used

dig @localhost -p 8600 consul.service.consul

; <<>> DiG 9.16.1-Ubuntu <<>> @localhost -p 8600 consul.service.consul
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28881
;; flags: qr aa rd; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;consul.service.consul.		IN	A

;; ANSWER SECTION:
consul.service.consul.	0	IN	A	10.5.0.4
consul.service.consul.	0	IN	A	10.5.0.2
consul.service.consul.	0	IN	A	10.5.0.3

;; Query time: 5 msec
;; SERVER: 127.0.0.1#8600(127.0.0.1)
;; WHEN: Thu Feb 24 20:26:25 GMT 2022
;; MSG SIZE  rcvd: 98

or this

curl http://127.0.0.1:8500/v1/catalog/service/consul

Both examples above assume that the environment is running a Consul client locally.

Hi,
Thanks, but not working for me.

I try this job simplest as possible:

job "tester" {
  datacenters = ["dc1"]
  region = "global"
  type = "service"
    group "app" {
        task "wait-order" {
            driver = "docker"

            config {
            image = "alpine"
            command = "/bin/sleep"
            args    = ["3600"]
            }
        }

        network {
        mode = "bridge"

        }
    }
}

In container:

ifconfig
eth0      Link encap:Ethernet  HWaddr 7E:97:08:9F:00:5A  
          inet addr:172.26.64.113  Bcast:172.26.79.255  Mask:255.255.240.0

and:

dig @localhost -p 8600 consul.service.consul

; <<>> DiG 9.16.25 <<>> @localhost -p 8600 consul.service.consul
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
 curl http://127.0.0.1:8500/v1/catalog/service/consul

curl: (7) Failed to connect to 127.0.0.1 port 8500 after 0 ms: Connection refused

I don’t understand and never encounter this before. Thanks
:worried:

@fred-gb The example I shared above stated that the assumption is that you have a local Consul client running. It doesn’t appear that a Consul client is running in your alpine container examples.

But if we take a step back, what is the overall objective you are trying to achieve? I’m still not quite sure what you are trying to do.

Hi,

I have a Consul client running on this node. I used it for all others jobs who used consul mesh, traefik etc.

My objective:
in container, curl consul catalog to list services.

Thanks
:slightly_smiling_face:

Hi @fred-gb,

I had a similar use case and I solved for it by configuring Consul’s HTTP server to listen on the docker0 interface.

# Ansible group_vars for `consul_instances` group
consul_addresses_http: "127.0.0.1 ::1 {{ ansible_docker0.ipv4.address }}"

I then configured the tasks within my Nomad jobs (in my case, Fabio and Traefik) to connect to that IP address when accessing Consul’s HTTP API.

# Fabio environment variable for setting Consul HTTP Address
FABIO_registry_consul_addr = "172.17.0.1:8500"

# Traefik environment variable for setting Consul HTTP Address
TRAEFIK_PROVIDERS_CONSULCATALOG_ENDPOINT_ADDRESS = "172.17.0.1:8500"

In my opinion this isn’t the best solution since it relies on statically configuring an IP address in various configuration/job files. However, it did enable my Nomad task that was using the bridge networking mode to access Consul’s HTTP API, and allowed me to avoid exposing the Consul HTTP server on an address that was routable from other hosts on the network.

1 Like

Hello,

Thanks @blake

With friend, we found in firewall rules a solution.

When I disable firewall, it’s work without changes in consul config.

I added rules: ufw allow in/out nomad and it’s work with firewall enable.

But I don’t know if it’s the best practice for consul/nomad.

Thanks