Install Consul Server on Ubuntu 22.04/Ubuntu 20.04

|
Last Updated:
|
|
install Consul server on Ubuntu 22.04/Ubuntu 20.04

Follow through this tutorial to learn how to install Consul server on Ubuntu 22.04/Ubuntu 20.04. According to the documentation, “HashiCorp Consul is a service networking solution that enables teams to manage secure network connectivity between services and across on-prem and multi-cloud environments and runtimes. Consul offers service discovery, service mesh, traffic management, and automated updates to network infrastructure device. You can use these features individually or together in a single Consul deployment“.

Installing Consul Server on Ubuntu

You can:

Note that it is recommended to run production Consul in a cluster of either three or five nodes. This is to ensure that Consul’s state is preserved if a single server fails. In this tutorial, however, we will just run Consul on a single node (bootstrap_expect=1) for demonstration purposes!

How to install Consul server on Ubuntu using Precompiled binary

To install Consul server on Ubuntu using Precompiled binary, you can either;

  • Install Consul from APT repositories or
  • Download the current release version of Consul binary.

Install Consul from APT repositories

To install Consul from APT repositories, proceed as follows;

apt install gnupg2
wget -qO- https://apt.releases.hashicorp.com/gpg | gpg --dearmor > \
/etc/apt/trusted.gpg.d/consul.gpg
echo "deb https://apt.releases.hashicorp.com $(lsb_release -cs) main" > \
/etc/apt/sources.list.d/consul.list
apt update
apt install consul

Download and Install Consul Binary

Navigate to the downloads page and grab Consul binary for your specific system architecture.

As of this writing, Consul v1.13.2 is the current stable release. You can just grab the download link and pull it as follows;

wget https://releases.hashicorp.com/consul/1.13.2/consul_1.13.2_linux_amd64.zip

Extract the binary to /usr/local/bin directory;

unzip consul_1.13.2_linux_amd64.zip -d /usr/local/bin/

Build Consul from Source

If you want, you can build Consul from the source.

Download and install Go.

wget https://go.dev/dl/go1.19.1.linux-amd64.tar.gz
tar xzf go1.19.1.linux-amd64.tar.gz -C /opt

Update the PATH with path to Go binary;

sed -i.bak 's|"$|:/opt/go/bin/"|' /etc/environment
source /etc/environment

Next, clone the Consul repository from GitHub:

apt install git make
git clone https://github.com/hashicorp/consul.git

Compile Consul;

cd consul
make dev

Once compilation is done, copy the binary to /usr/local/bin/;

cp ./bin/consul /usr/local/bin/

Verify Consul Installation

You can run the consul command without any options to confirm and verify its installation.

consul

Usage: consul [--version] [--help]  []
Available commands are:
    acl            Interact with Consul's ACLs
    agent          Runs a Consul agent
    catalog        Interact with the catalog
    config         Interact with Consul's Centralized Configurations
    connect        Interact with Consul Connect
    debug          Records a debugging archive for operators
    event          Fire a new event
    exec           Executes a command on Consul nodes
    force-leave    Forces a member of the cluster to enter the "left" state
    info           Provides debugging information for operators.
    intention      Interact with Connect service intentions
    join           Tell Consul agent to join cluster
    keygen         Generates a new encryption key
    keyring        Manages gossip layer encryption keys
    kv             Interact with the key-value store
    leave          Gracefully leaves the Consul cluster and shuts down
    lock           Execute a command holding a lock
    login          Login to Consul using an auth method
    logout         Destroy a Consul token created with login
    maint          Controls node or service maintenance mode
    members        Lists the members of a Consul cluster
    monitor        Stream logs from a Consul agent
    operator       Provides cluster-level tools for Consul operators
    peering        Create and manage peering connections between Consul clusters
    reload         Triggers the agent to reload configuration files
    rtt            Estimates network round trip time between nodes
    services       Interact with services
    snapshot       Saves, restores and inspects snapshots of Consul server state
    tls            Builtin helpers for creating CAs and certificates
    validate       Validate config files/directories
    version        Prints the Consul version
    watch          Watch for changes in Consul

Configuring Consul Agent on Ubuntu

As already mentioned, we are running a single node Consul server in this setup (Option; bootstrap_expect=1).

Consul agent can run either in server or client mode. We will run Consul agent as a server in this setup.

Thus, before you can start Consul agent server, there are a few things that you need to do.

  • Create Consul service account (ONLY if you didn’t install Consul using APT);
useradd -r -M -s /bin/false consul
  • Create Consul data directory. If you installed using APT, /opt/consul directory is created by default. You can choose to use a different directory though.
[ -d /opt/consul ] || mkdir /opt/consul
  • Create Consul configurations directory. Similarly, this directory is created if you installed Consul using APT;
[ -d /etc/consul.d ] || mkdir /etc/consul.d

Any custom configuration options need to be placed in consul.hcl file, under the configuration directory created above.

For example, to define the custom options;

vim /etc/consul.d/consul.hcl
bind_addr = "192.168.56.124"
data_dir = "/opt/consul"
bootstrap_expect=1

Always confirm the validity of the Consul configuration file;

sudo consul validate /etc/consul.d/

You should get such an output if all is good.

Configuration is valid!
  • Set Proper ownership for the Consul data and configuration directories
chown -R consul: /opt/consul /etc/consul.d

Running Consul Agent Server

Consul uses documented reasonable defaults so only non-default values must be set in the configuration file”.

You can use the command below to start the Consul agent and runs until an interrupt is received. The agent represents a single node in a cluster.

consul agent [options]

These are the available [options] you can use;


HTTP API Options
  -datacenter=
     Datacenter of the agent.
Command Options
  -advertise=
     Sets the advertise address to use.
  -advertise-wan=
     Sets address to advertise on WAN instead of -advertise address.
  -allow-write-http-from=
     Only allow write endpoint calls from given network. CIDR format,
     can be specified multiple times.
  -alt-domain=
     Alternate domain to use for DNS interface.
  -auto-reload-config
     Watches config files for changes and auto reloads the files when
     modified.
  -bind=
     Sets the bind address for cluster communication.
  -bootstrap
     Sets server to bootstrap mode.
  -bootstrap-expect=
     Sets server to expect bootstrap mode.
  -check_output_max_size=
     Sets the maximum output size for checks on this agent
  -client=
     Sets the address to bind for client access. This includes RPC, DNS,
     HTTP, HTTPS and gRPC (if configured).
  -config-dir=
     Path to a directory to read configuration files from. This
     will read every file ending in '.json' as configuration in this
     directory in alphabetical order. Can be specified multiple times.
  -config-file=
     Path to a file in JSON or HCL format with a matching file
     extension. Can be specified multiple times.
  -config-format=
     Config files are in this format irrespective of their extension.
     Must be 'hcl' or 'json'
  -data-dir=
     Path to a data directory to store agent state.
  -default-query-time=
     the amount of time a blocking query will wait before Consul will
     force a response. This value can be overridden by the 'wait' query
     parameter.
  -dev
     Starts the agent in development mode.
  -disable-host-node-id
     Setting this to true will prevent Consul from using information
     from the host to generate a node ID, and will cause Consul to
     generate a random node ID instead.
  -disable-keyring-file
     Disables the backing up of the keyring to a file.
  -dns-port=
     DNS port to use.
  -domain=
     Domain to use for DNS interface.
  -enable-local-script-checks
     Enables health check scripts from configuration file.
  -enable-script-checks
     Enables health check scripts.
  -encrypt=
     Provides the gossip encryption key.
  -grpc-port=
     Sets the gRPC API port to listen on.
  -grpc-tls-port=
     Sets the gRPC-TLS API port to listen on.
  -hcl=
     hcl config fragment. Can be specified multiple times.
  -http-port=
     Sets the HTTP API port to listen on.
  -https-port=
     Sets the HTTPS API port to listen on.
  -join=
     Address of an agent to join at start time. Can be specified
     multiple times.
  -join-wan=
     Address of an agent to join -wan at start time. Can be specified
     multiple times.
  -log-file=
     Path to the file the logs get written to
  -log-json
     Output logs in JSON format.
  -log-level=
     Log level of the agent.
  -log-rotate-bytes=
     Maximum number of bytes that should be written to a log file
  -log-rotate-duration=
     Time after which log rotation needs to be performed
  -log-rotate-max-files=
     Maximum number of log file archives to keep
  -max-query-time=
     the maximum amount of time a blocking query can wait before Consul
     will force a response. Consul applies jitter to the wait time. The
     jittered time will be capped to MaxQueryTime.
  -node=
     Name of this node. Must be unique in the cluster.
  -node-id=
     A unique ID for this node across space and time. Defaults to a
     randomly-generated ID that persists in the data-dir.
  -node-meta=
     An arbitrary metadata key/value pair for this node, of the format
     `key:value`. Can be specified multiple times.
  -non-voting-server
     (Enterprise-only) DEPRECATED: -read-replica should be used instead
  -pid-file=
     Path to file to store agent PID.
  -primary-gateway=
     Address of a mesh gateway in the primary datacenter to use to
     bootstrap WAN federation at start time with retries enabled. Can be
     specified multiple times.
  -protocol=
     Sets the protocol version. Defaults to latest.
  -raft-protocol=
     Sets the Raft protocol version. Defaults to latest.
  -read-replica
     (Enterprise-only) This flag is used to make the server not
     participate in the Raft quorum, and have it only receive the data
     replication stream. This can be used to add read scalability to
     a cluster in cases where a high volume of reads to servers are
     needed.
  -recursor=
     Address of an upstream DNS server. Can be specified multiple times.
  -rejoin
     Ignores a previous leave and attempts to rejoin the cluster.
  -retry-interval=
     Time to wait between join attempts.
  -retry-interval-wan=
     Time to wait between join -wan attempts.
  -retry-join=
     Address of an agent to join at start time with retries enabled. Can
     be specified multiple times.
  -retry-join-wan=
     Address of an agent to join -wan at start time with retries
     enabled. Can be specified multiple times.
  -retry-max=
     Maximum number of join attempts. Defaults to 0, which will retry
     indefinitely.
  -retry-max-wan=
     Maximum number of join -wan attempts. Defaults to 0, which will
     retry indefinitely.
  -segment=
     (Enterprise-only) Sets the network segment to join.
  -serf-lan-allowed-cidrs=
     Networks (eg: 192.168.1.0/24) allowed for Serf LAN. Can be
     specified multiple times.
  -serf-lan-bind=
     Address to bind Serf LAN listeners to.
  -serf-lan-port=
     Sets the Serf LAN port to listen on.
  -serf-wan-allowed-cidrs=
     Networks (eg: 192.168.1.0/24) allowed for Serf WAN (other
     datacenters). Can be specified multiple times.
  -serf-wan-bind=
     Address to bind Serf WAN listeners to.
  -serf-wan-port=
     Sets the Serf WAN port to listen on.
  -server
     Switches agent to server mode.
  -server-port=
     Sets the server port to listen on.
  -syslog
     Enables logging to syslog.
  -ui
     Enables the built-in static web UI server.
  -ui-content-path=
     Sets the external UI path to a string. Defaults to: /ui/
  -ui-dir=
     Path to directory containing the web UI resources.

To Start Consul agent server in development mode, with default configs;

consul agent -dev

Press Ctrl+c to stop.

To run Consul agent as a server;

sudo -u consul consul agent -bind=192.168.56.124 -bootstrap-expect=1 -data-dir=/opt/consul -server

Sample output;


==> Starting Consul agent...
              Version: '1.14.0-dev'
             Revision: 'a74d826b0'
           Build Date: '2022-09-30 19:17:16 +0000 UTC'
              Node ID: 'a191f825-3766-1ea1-d5a6-e5d2612756e4'
            Node name: 'jellyfish'
           Datacenter: 'dc1' (Segment: '')
               Server: true (Bootstrap: true)
          Client Addr: [127.0.0.1] (HTTP: 8500, HTTPS: -1, gRPC: -1, gRPC-TLS: -1, DNS: 8600)
         Cluster Addr: 192.168.56.124 (LAN: 8301, WAN: 8302)
    Gossip Encryption: false
     Auto-Encrypt-TLS: false
            HTTPS TLS: Verify Incoming: false, Verify Outgoing: false, Min Version: TLSv1_2
             gRPC TLS: Verify Incoming: false, Min Version: TLSv1_2
     Internal RPC TLS: Verify Incoming: false, Verify Outgoing: false (Verify Hostname: false), Min Version: TLSv1_2
==> Log data will now stream in as it occurs:
2022-10-01T07:02:52.526Z [WARN]  agent: BootstrapExpect is set to 1; this is the same as Bootstrap mode.
2022-10-01T07:02:52.526Z [WARN]  agent: bootstrap = true: do not enable unless necessary
2022-10-01T07:02:52.534Z [WARN]  agent.auto_config: BootstrapExpect is set to 1; this is the same as Bootstrap mode.
2022-10-01T07:02:52.534Z [WARN]  agent.auto_config: bootstrap = true: do not enable unless necessary
2022-10-01T07:02:52.541Z [INFO]  agent.server.raft: initial configuration: index=1 servers="[{Suffrage:Voter ID:a191f825-3766-1ea1-d5a6-e5d2612756e4 Address:192.168.56.124:8300}]"
2022-10-01T07:02:52.541Z [INFO]  agent.server.raft: entering follower state: follower="Node at 192.168.56.124:8300 [Follower]" leader-address= leader-id=
2022-10-01T07:02:52.541Z [INFO]  agent.server.serf.wan: serf: EventMemberJoin: jellyfish.dc1 192.168.56.124
2022-10-01T07:02:52.541Z [WARN]  agent.server.serf.wan: serf: Failed to re-join any previously known node
2022-10-01T07:02:52.541Z [INFO]  agent.server.serf.lan: serf: EventMemberJoin: jellyfish 192.168.56.124
2022-10-01T07:02:52.542Z [INFO]  agent.router: Initializing LAN area manager
2022-10-01T07:02:52.542Z [WARN]  agent.server.serf.lan: serf: Failed to re-join any previously known node
2022-10-01T07:02:52.542Z [INFO]  agent.server.autopilot: reconciliation now disabled
2022-10-01T07:02:52.542Z [INFO]  agent.server: Handled event for server in area: event=member-join server=jellyfish.dc1 area=wan
2022-10-01T07:02:52.542Z [INFO]  agent.server: Adding LAN server: server="jellyfish (Addr: tcp/192.168.56.124:8300) (DC: dc1)"
2022-10-01T07:02:52.542Z [WARN]  agent: [core]grpc: addrConn.createTransport failed to connect to {dc1-192.168.56.124:8300 jellyfish  0 }. Err: connection error: desc = "transport: Error while dialing dial tcp 192.168.56.124:0->192.168.56.124:8300: operation was canceled". Reconnecting...
2022-10-01T07:02:52.543Z [INFO]  agent: Started DNS server: address=127.0.0.1:8600 network=udp
2022-10-01T07:02:52.543Z [INFO]  agent: Started DNS server: address=127.0.0.1:8600 network=tcp
2022-10-01T07:02:52.544Z [INFO]  agent: Starting server: address=127.0.0.1:8500 network=tcp protocol=http
2022-10-01T07:02:52.544Z [INFO]  agent: started state syncer
2022-10-01T07:02:52.544Z [INFO]  agent: Consul agent running!
2022-10-01T07:02:57.806Z [WARN]  agent.server.raft: heartbeat timeout reached, starting election: last-leader-addr= last-leader-id=
2022-10-01T07:02:57.806Z [INFO]  agent.server.raft: entering candidate state: node="Node at 192.168.56.124:8300 [Candidate]" term=3
2022-10-01T07:02:57.826Z [INFO]  agent.server.raft: election won: tally=1
2022-10-01T07:02:57.826Z [INFO]  agent.server.raft: entering leader state: leader="Node at 192.168.56.124:8300 [Leader]"
2022-10-01T07:02:57.827Z [INFO]  agent.server: cluster leadership acquired
2022-10-01T07:02:57.828Z [INFO]  agent.server: New leader elected: payload=jellyfish
2022-10-01T07:02:57.846Z [INFO]  agent.server.autopilot: reconciliation now enabled
2022-10-01T07:02:57.846Z [INFO]  agent.leader: started routine: routine="federation state anti-entropy"
2022-10-01T07:02:57.846Z [INFO]  agent.leader: started routine: routine="federation state pruning"
2022-10-01T07:02:58.059Z [INFO]  agent: Synced node info

You can use these options in a configuration file;

sudo -u consul vim /etc/consul.d/consul.hcl
bind_addr = "192.168.56.124"
bootstrap_expect=1
data_dir = "/opt/consul"
server = true

And just use the command;

sudo -u consul consul agent -config-dir=/etc/consul.d

Running Consul Agent server with Consul UI Enabled;

Consul features a web-based user interface, allowing you to get an overview of all services, nodes, intentions and more using a graphical user interface, rather than the CLI or API.

If you are running Consul in a cluster, you can enable UI on a single node.

To enable Consul UI, you can pass the options on the command line or use the configuration file;

To pass the options, -ui on the command line;

sudo -u consul consul agent -bind=192.168.56.124 -bootstrap-expect=1 -data-dir=/opt/consul -server -ui

==> Starting Consul agent...
              Version: '1.14.0-dev'
             Revision: 'a74d826b0'
           Build Date: '2022-09-30 19:17:16 +0000 UTC'
              Node ID: 'a191f825-3766-1ea1-d5a6-e5d2612756e4'
            Node name: 'jellyfish'
           Datacenter: 'dc1' (Segment: '')
               Server: true (Bootstrap: true)
          Client Addr: [127.0.0.1] (HTTP: 8500, HTTPS: -1, gRPC: -1, gRPC-TLS: -1, DNS: 8600)
         Cluster Addr: 192.168.56.124 (LAN: 8301, WAN: 8302)
    Gossip Encryption: false
     Auto-Encrypt-TLS: false
            HTTPS TLS: Verify Incoming: false, Verify Outgoing: false, Min Version: TLSv1_2
             gRPC TLS: Verify Incoming: false, Min Version: TLSv1_2
     Internal RPC TLS: Verify Incoming: false, Verify Outgoing: false (Verify Hostname: false), Min Version: TLSv1_2
==> Log data will now stream in as it occurs:
2022-10-01T07:08:34.316Z [WARN]  agent: BootstrapExpect is set to 1; this is the same as Bootstrap mode.
2022-10-01T07:08:34.316Z [WARN]  agent: bootstrap = true: do not enable unless necessary
2022-10-01T07:08:34.322Z [WARN]  agent.auto_config: BootstrapExpect is set to 1; this is the same as Bootstrap mode.
2022-10-01T07:08:34.322Z [WARN]  agent.auto_config: bootstrap = true: do not enable unless necessary
2022-10-01T07:08:34.330Z [INFO]  agent.server.raft: initial configuration: index=1 servers="[{Suffrage:Voter ID:a191f825-3766-1ea1-d5a6-e5d2612756e4 Address:192.168.56.124:8300}]"
2022-10-01T07:08:34.330Z [INFO]  agent.server.raft: entering follower state: follower="Node at 192.168.56.124:8300 [Follower]" leader-address= leader-id=
2022-10-01T07:08:34.331Z [INFO]  agent.server.serf.wan: serf: EventMemberJoin: jellyfish.dc1 192.168.56.124
2022-10-01T07:08:34.331Z [WARN]  agent.server.serf.wan: serf: Failed to re-join any previously known node
2022-10-01T07:08:34.332Z [INFO]  agent.server.serf.lan: serf: EventMemberJoin: jellyfish 192.168.56.124
2022-10-01T07:08:34.332Z [INFO]  agent.router: Initializing LAN area manager
2022-10-01T07:08:34.332Z [INFO]  agent.server.autopilot: reconciliation now disabled
2022-10-01T07:08:34.332Z [WARN]  agent.server.serf.lan: serf: Failed to re-join any previously known node
2022-10-01T07:08:34.332Z [INFO]  agent.server: Adding LAN server: server="jellyfish (Addr: tcp/192.168.56.124:8300) (DC: dc1)"
2022-10-01T07:08:34.333Z [INFO]  agent.server: Handled event for server in area: event=member-join server=jellyfish.dc1 area=wan
2022-10-01T07:08:34.333Z [WARN]  agent: [core]grpc: addrConn.createTransport failed to connect to {dc1-192.168.56.124:8300 jellyfish  0 }. Err: connection error: desc = "transport: Error while dialing dial tcp 192.168.56.124:0->192.168.56.124:8300: operation was canceled". Reconnecting...
2022-10-01T07:08:34.334Z [INFO]  agent: Started DNS server: address=127.0.0.1:8600 network=udp
2022-10-01T07:08:34.334Z [INFO]  agent: Started DNS server: address=127.0.0.1:8600 network=tcp
2022-10-01T07:08:34.334Z [INFO]  agent: Starting server: address=127.0.0.1:8500 network=tcp protocol=http
2022-10-01T07:08:34.335Z [INFO]  agent: started state syncer
2022-10-01T07:08:34.335Z [INFO]  agent: Consul agent running!

This will start HTTP server on Port 8500, bind to loopback interface;

2022-10-01T06:41:00.847Z [INFO]  agent: Starting server: address=127.0.0.1:8500 network=tcp protocol=http

To bind the HTTP server to a non-loopback interface, define the address using -client option.

sudo -u consul consul agent -bind=192.168.56.124 -bootstrap-expect=1 -client=192.168.56.124 -data-dir=/opt/consul -server -ui

To enable these options in a configuration file;

vim /etc/consul.d/consul.hcl
...
data_dir = "/opt/consul"
client_addr = "192.168.56.124"
ui_config{
  enabled = true
}
server = true
bind_addr = "192.168.56.124"
bootstrap_expect=1
...

Then, you can just start Consult agent server;

sudo -u consul consul agent -config-dir=/etc/consul.d

Note that you can control all these command line options in the configuration file.

Here is a sample config with all options commented out;

cat /etc/consul.d/consul.hcl

# Full configuration options can be found at https://www.consul.io/docs/agent/config

# datacenter
# This flag controls the datacenter in which the agent is running. If not provided,
# it defaults to "dc1". Consul has first-class support for multiple datacenters, but 
# it relies on proper configuration. Nodes in the same datacenter should be on a 
# single LAN.
#datacenter = "my-dc-1"

# data_dir
# This flag provides a data directory for the agent to store state. This is required
# for all agents. The directory should be durable across reboots. This is especially
# critical for agents that are running in server mode as they must be able to persist
# cluster state. Additionally, the directory must support the use of filesystem
# locking, meaning some types of mounted folders (e.g. VirtualBox shared folders) may
# not be suitable.
data_dir = "/opt/consul"

# client_addr
# The address to which Consul will bind client interfaces, including the HTTP and DNS
# servers. By default, this is "127.0.0.1", allowing only loopback connections. In
# Consul 1.0 and later this can be set to a space-separated list of addresses to bind
# to, or a go-sockaddr template that can potentially resolve to multiple addresses.
#client_addr = "0.0.0.0"

# ui
# Enables the built-in web UI server and the required HTTP routes. This eliminates
# the need to maintain the Consul web UI files separately from the binary.
# Version 1.10 deprecated ui=true in favor of ui_config.enabled=true
#ui_config{
#  enabled = true
#}

# server
# This flag is used to control if an agent is in server or client mode. When provided,
# an agent will act as a Consul server. Each Consul cluster must have at least one
# server and ideally no more than 5 per datacenter. All servers participate in the Raft
# consensus algorithm to ensure that transactions occur in a consistent, linearizable
# manner. Transactions modify cluster state, which is maintained on all server nodes to
# ensure availability in the case of node failure. Server nodes also participate in a
# WAN gossip pool with server nodes in other datacenters. Servers act as gateways to
# other datacenters and forward traffic as appropriate.
#server = true

# Bind addr
# You may use IPv4 or IPv6 but if you have multiple interfaces you must be explicit.
#bind_addr = "[::]" # Listen on all IPv6
#bind_addr = "0.0.0.0" # Listen on all IPv4
#
# Advertise addr - if you want to point clients to a different address than bind or LB.
#advertise_addr = "127.0.0.1"

# Enterprise License
# As of 1.10, Enterprise requires a license_path and does not have a short trial.
#license_path = "/etc/consul.d/consul.hclic"

# bootstrap_expect
# This flag provides the number of expected servers in the datacenter. Either this value
# should not be provided or the value must agree with other servers in the cluster. When
# provided, Consul waits until the specified number of servers are available and then
# bootstraps the cluster. This allows an initial leader to be elected automatically.
# This cannot be used in conjunction with the legacy -bootstrap flag. This flag requires
# -server mode.
#bootstrap_expect=3

# encrypt
# Specifies the secret key to use for encryption of Consul network traffic. This key must
# be 32-bytes that are Base64-encoded. The easiest way to create an encryption key is to
# use consul keygen. All nodes within a cluster must share the same encryption key to
# communicate. The provided key is automatically persisted to the data directory and loaded
# automatically whenever the agent is restarted. This means that to encrypt Consul's gossip
# protocol, this option only needs to be provided once on each agent's initial startup
# sequence. If it is provided after Consul has been initialized with an encryption key,
# then the provided key is ignored and a warning will be displayed.
#encrypt = "..."

# retry_join
# Similar to -join but allows retrying a join until it is successful. Once it joins 
# successfully to a member in a list of members it will never attempt to join again.
# Agents will then solely maintain their membership via gossip. This is useful for
# cases where you know the address will eventually be available. This option can be
# specified multiple times to specify multiple agents to join. The value can contain
# IPv4, IPv6, or DNS addresses. In Consul 1.1.0 and later this can be set to a go-sockaddr
# template. If Consul is running on the non-default Serf LAN port, this must be specified
# as well. IPv6 must use the "bracketed" syntax. If multiple values are given, they are
# tried and retried in the order listed until the first succeeds. Here are some examples:
#retry_join = ["consul.domain.internal"]
#retry_join = ["10.0.4.67"]
#retry_join = ["[::1]:8301"]
#retry_join = ["consul.domain.internal", "10.0.4.67"]
# Cloud Auto-join examples:
# More details - https://www.consul.io/docs/agent/cloud-auto-join
#retry_join = ["provider=aws tag_key=... tag_value=..."]
#retry_join = ["provider=azure tag_name=... tag_value=... tenant_id=... client_id=... subscription_id=... secret_access_key=..."]
#retry_join = ["provider=gce project_name=... tag_value=..."]

You can now access Consul Web UI via http://server-IP:8500.

Running Consul Agent Server as systemd Service

For easy manageability, you can create a systemd service unit file for Consul by running the command below;

Ensure the path to the consul binary is correct, /usr/local/bin/consul in our setup.

cat > /etc/systemd/system/consul.service << 'EOL'
[Unit]
Description="HashiCorp Consul"
Requires=network-online.target
After=network-online.target
ConditionFileNotEmpty=/etc/consul.d/consul.hcl

[Service]
EnvironmentFile=-/etc/consul.d/consul.env
User=consul
Group=consul
ExecStart=/usr/local/bin/consul agent -config-dir=/etc/consul.d/
ExecReload=/bin/kill --signal HUP $MAINPID
KillMode=process
KillSignal=SIGTERM
Restart=on-failure
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target
EOL

Note that the service above uses the Consul options in a configuration file, /etc/consul.d/consul.hcl.

Start and enable Consul service to run on system boot;

systemctl enable --now consul

Check the status;

systemctl status consul
● consul.service - "HashiCorp Consul"
     Loaded: loaded (/etc/systemd/system/consul.service; enabled; vendor preset: enabled)
     Active: active (running) since Sat 2022-10-01 07:20:45 UTC; 2s ago
   Main PID: 66160 (consul)
      Tasks: 9 (limit: 2241)
     Memory: 23.4M
        CPU: 111ms
     CGroup: /system.slice/consul.service
             └─66160 /usr/local/bin/consul agent -config-dir=/etc/consul.d/

Oct 01 07:20:46 jellyfish consul[66160]: 2022-10-01T07:20:46.054Z [WARN]  agent.server.serf.lan: serf: Failed to re-join any previously known node
Oct 01 07:20:46 jellyfish consul[66160]: 2022-10-01T07:20:46.054Z [WARN]  agent.server.serf.wan: serf: Failed to re-join any previously known node
Oct 01 07:20:46 jellyfish consul[66160]: 2022-10-01T07:20:46.054Z [INFO]  agent.server: Handled event for server in area: event=member-join server=jellyfish.dc1 area=wan
Oct 01 07:20:46 jellyfish consul[66160]: 2022-10-01T07:20:46.054Z [WARN]  agent: [core]grpc: addrConn.createTransport failed to connect to {dc1-192.168.56.124:8300 jellyfi>
Oct 01 07:20:46 jellyfish consul[66160]: 2022-10-01T07:20:46.054Z [INFO]  agent.server: Adding LAN server: server="jellyfish (Addr: tcp/192.168.56.124:8300) (DC: dc1)"
Oct 01 07:20:46 jellyfish consul[66160]: 2022-10-01T07:20:46.056Z [INFO]  agent: Started DNS server: address=192.168.56.124:8600 network=udp
Oct 01 07:20:46 jellyfish consul[66160]: 2022-10-01T07:20:46.056Z [INFO]  agent: Started DNS server: address=192.168.56.124:8600 network=tcp
Oct 01 07:20:46 jellyfish consul[66160]: 2022-10-01T07:20:46.056Z [INFO]  agent: Starting server: address=192.168.56.124:8500 network=tcp protocol=http
Oct 01 07:20:46 jellyfish consul[66160]: 2022-10-01T07:20:46.056Z [INFO]  agent: started state syncer
Oct 01 07:20:46 jellyfish consul[66160]: 2022-10-01T07:20:46.056Z [INFO]  agent: Consul agent running!

Accessing Consul Agent Server Web UI

If you enabled Consul UI, you can access via the addresses that you defined on the configuration. Eg http://server-IP-or-resolvable-domain:8500.

Cluster Overview;

install Consul server on Ubuntu 22.04/Ubuntu 20.04

Nodes Overview

install Consul server on Ubuntu 22.04/Ubuntu 20.04

You can continue to explore Consul UI.

Further Reading

Getting Started with Consul

Other Tutorials

Install and Deploy Kubernetes Cluster on Ubuntu 20.04

Analyze PCAP Files using Malcolm Network Traffic Analysis tool

SUPPORT US VIA A VIRTUAL CUP OF COFFEE

We're passionate about sharing our knowledge and experiences with you through our blog. If you appreciate our efforts, consider buying us a virtual coffee. Your support keeps us motivated and enables us to continually improve, ensuring that we can provide you with the best content possible. Thank you for being a coffee-fueled champion of our work!

Photo of author
koromicha
I am the Co-founder of Kifarunix.com, Linux and the whole FOSS enthusiast, Linux System Admin and a Blue Teamer who loves to share technological tips and hacks with others as a way of sharing knowledge as: "In vain have you acquired knowledge if you have not imparted it to others".

Leave a Comment