Using "Consul Snapshot" Remotely

john.pagano · September 15, 2022, 8:50pm

Hi,

I’m flummoxed by what seems like it should be a problem with an obvious solution.

I have a consul cluster with 5 nodes. I want to use consul snapshot save to back up my state (and the Vault k/v store for which consul is acting as a storage subsystem). I know I can run that command on any one of my nodes locally. But I prefer to run the backup workflow on a purpose-built remote system (say, a container that appears and disappears as needed).

If I set CONSUL_HTTP_ADDR to any one of the remote node’s addresses, it works (e.g. CONSUL_HTTP_ADDR=http://FQDN:8500). But I don’t want to hard-code it to a single address. I’d prefer to send it to a load-balanced pool of target addresses for the purpose of high availability.

Is it OK just to cobble together a vanilla load-balancer config for this? The documentation doesn’t seem to mention doing something like that, so I feel like I’m missing a simpler, better approach. This is one of those times when I feel like my question is born of a fundamental misunderstanding of the application’s design.

Thanks.

maxb · September 15, 2022, 9:25pm

The simpler approach is the one you’re rejecting… Just send the request to any node.

You may find the documentation for the stale option to the snapshot API useful to understanding the behaviour of the application:

john.pagano · September 16, 2022, 5:48pm

Thank you for your reply.

My hesitation is about high availability. Clearly the consul cluster is highly available, but unless I’m missing something, using the API endpoint in the manner you suggest is not. If I send my snapshot request to a specific node, then it will fail if that node happens to be down. I don’t want to miss a backup in that case.

It sounds like it’s perfectly OK for me to put a load balancer in front of port 8500 on all my consul nodes and address that proxy for the purpose of making snapshots.