Service configuration management: Best practice(s)

Context: We are deploying consul across three data centers. These data centers are setup using Terraform, using images/snapshots built by Packer. Eventually we aim to have Consul service mesh gateways bewteen the data centers, with an ingress and egress gateway

For configuration of Consul itself, best practice (from what we can tell), is to bake configuration into the images (using Packer). We are happy to be corrected on this.

Our main uncertainty right now is how to best manage (internal) services, specifically their configuration files. Our current understanding is the Terraform Consul resources uses the Consul catalog, so are suitable only for external services.

We note that Terraform is deprecating provisioners other than the remote and local exec resources. So it seems that providing them via Chef/Ansible/scripts during Terraform provisioning is likely not the right approach. Is that correct?

Is best practice to bake Consul service configuration files with Packer?
Some other mechanism we haven’t encountered or thought of?

Answering our own question… (of course this is our own imperfect take):

It appears the way to have Terraform manage Consul services is via the Nomad provider resources.

While that HashiCorp blog post mentions use of the Nomad template stanzas, it is not clear if additional flexibility might come from using Consul-Template - care would need to be taken to ensure this doesn’t cause too much drift from the Terraform state information - so we think best to avoid Consul-Template until the Nomad template stanza can’t do what is needed.

Appreciate any other thoughts.

We hope this assists someone else too.

Users interested in this issue/question might also be interested in this related Nomad topic:

1 Like