Automated Service Discovery using HashiCorp Consul
tmitsuhata
Member, Administrator, A10ers admin
This article describes how to use the Thunder ADC integration with HashiCorp Consul for automated application delivery. Thunder ADC directly polls associated services catalog from Consul periodically while serving user traffic for load balancing and application security. When service status changes are detected on the Consul for any reason, Thunder ADC automatically updates server pool configuration accordingly.
Prerequisites
- You will need previous experience with Consul and Thunder ADC
- Consul
- A single Consul datacenter with the web UI enabled, and the config directory set to
/etc/consul.d/. - At least two client nodes, each with a local Consul agent that can register the web services and health checks.
- Refer Consul tutorials for how to get started with Consul.
- A single Consul datacenter with the web UI enabled, and the config directory set to
- Thunder ADC
- Thunder ADC (hardware, virtual, bare metal, or container) running ACOS version 5.2.1 or above
- Get vThunder free trial
- Topology
- Two (or more) standard web servers running web (HTTP) service on port 80
Consul Setup
1. Run Consul server agent on a server “devops” using IP 192.168.0.201
tme@devops:~$ nohup consul agent -config-dir /etc/consul.d/ -advertise 192.168.0.201 &
2. Run Consul client agent on each web server
Note: Service definition will be added later
tme@s1:~$ nohup consul agent -enable-script-checks -data-dir /tmp/consul -config-dir /etc/consul.d -bind 192.168.0.10 -join 192.168.0.201 & tme@s2:~$ nohup consul agent -enable-script-checks -data-dir /tmp/consul -config-dir /etc/consul.d -bind 192.168.0.11 -join 192.168.0.201 &
tme@devops:~$ consul members Node Address Status Type Build Protocol DC Segment devops1.a10tme-demo 192.168.0.201:8301 alive server 1.8.4 2 dc1 <all> s1.adc-demo 192.168.0.10:8301 alive client 1.8.4 2 dc1 <default> s2.adc-demo 192.168.0.11:8301 alive client 1.8.4 2 dc1 <default>
3. Configure web service for port 80 on both servers by adding web.json file, and then reload the service.
tme@s1:~$ cat /etc/consul.d/web.json
{
"service": {
"name": "Web:80",
"id": "web80-s1",
"tags": [
"web-s1"
],
"port": 80,
"address": "192.168.0.10",
"check": {
"http": "http://localhost:80/",
"interval": "15s"
}
}
}
tme@s1:~$ consul reload
Configuration reload triggered
Service status for Web:80
Health check status of web80-s1 service on s1
Thunder ADC Setup
With the Consul integration, you only need to define service group name and basic virtual server (as known as VIP) configuration for ADC/SLB service. Backend server configuration will be dynamically added based on service catalog provided by Consul.
- Service-group: Assign a name that should match to the
service tagdefined on the Consul - Virtual-server: Assign VIP name and IP address
slb service-group web-s1 tcp ! slb virtual-server vip1 10.10.10.1 port 80 http source-nat auto service-group web-s1 !
Next, you will configure the Consul integration. In this example, Consul server node has 2 NICs and 10.64.4.201 is on management network and used for communication with Thunder ADC. You can update port number and query interval (health-check-interval) based on your environment.
The service-label should match to the service tag defined on Consul, that is also tied to the slb service-group name configured above. You can also have multiple service labels and get near real-time information of all your web services.
acos-cloud-integration ecosystem consul service-label web-s1 bootstrap-server-ip 10.64.4.201 port 8500 health-check-interval 15 enable
Verification
Once consul integration is enabled, you will see the SLB configuration is automatically updated based on the service catalog provided by Consul. In this example, two servers are created and added into the service group associated with the service label.
vThunder#show run slb !Section configuration: 303 bytes ! slb server s1.a10tme-demo 192.168.0.10 port 80 tcp ! slb server s2.a10tme-demo 192.168.0.11 port 80 tcp ! slb service-group web-s1 tcp member s1.a10tme-demo 80 member s2.a10tme-demo 80 ! slb virtual-server vip1 10.10.10.1 port 80 http source-nat auto service-group web-s1 !
vThunder#sh slb virtual-server bind Total Number of Virtual Services configured: 2 --------------------------------------------------------------------------------- *Virtual Server :vip1 10.10.10.1 All Up +port 80 http ====>web-s1 State :All Up +s1.a10tme-demo:80 192.168.0.10 State :Up +s2.a10tme-demo:80 192.168.0.11 State :Up
vThunder#sh log Log Buffer: 30000 Nov 21 2020 05:12:45 Info [ACOS]:Virtual server vip1 is up Nov 21 2020 05:12:45 Info [ACOS]:Service http on virtual server vip1 port 80 is up. Nov 21 2020 05:12:45 Info [HMON]:Service-group web-s1 is up. Nov 21 2020 05:12:44 Info [HMON]:SLB server s2.a10tme-demo (192.168.0.11) TCP port 80 of group web-s1 is up (health-check). Nov 21 2020 05:12:44 Info [HMON]:SLB server s2.a10tme-demo (192.168.0.11) port 80 is up (TCP Verify Connection OK) Nov 21 2020 05:12:44 Info [HMON]:SLB server s1.a10tme-demo (192.168.0.10) TCP port 80 of group web-s1 is up (health-check). Nov 21 2020 05:12:44 Info [HMON]:SLB server s1.a10tme-demo (192.168.0.10) port 80 is up (TCP Verify Connection OK) Nov 21 2020 05:12:43 Info [HMON]:SLB server s2.a10tme-demo (192.168.0.11) is up (ICMP Receive OK) Nov 21 2020 05:12:43 Info [HMON]:SLB server s1.a10tme-demo (192.168.0.10) is up (ICMP Receive OK) Nov 21 2020 05:12:42 Info [HMON]:SLB server s2.a10tme-demo (192.168.0.11) TCP port 80 of group web-s1 is down (disabled-with-health-check). Nov 21 2020 05:12:42 Info [ACOS]:updating internal tcp application(s2.a10tme-demo) with port(80) being updated on all interface Nov 21 2020 05:12:42 Info [ACOS]:Port 80 type TCP on server s2.a10tme-demo is created Nov 21 2020 05:12:42 Info [ACOS]:Server s2.a10tme-demo is created Nov 21 2020 05:12:42 Info [HMON]:SLB server s1.a10tme-demo (192.168.0.10) TCP port 80 of group web-s1 is down (disabled-with-health-check). Nov 21 2020 05:12:42 Info [ACOS]:updating internal tcp application(s1.a10tme-demo) with port(80) being updated on all interface Nov 21 2020 05:12:42 Info [ACOS]:Port 80 type TCP on server s1.a10tme-demo is created Nov 21 2020 05:12:42 Info [ACOS]:Server s1.a10tme-demo is created
Want to watch a demo of the Thunder ADC integration with HashiCorp Consul? Go to a10transcend.com