Use Terraform to register external services
The Terraform Consul provider exposes resources used to interact with a Consul datacenter using Terraform. This enables you to accomplish a number of tasks, including but not limited to:
- Registering external services or services that cannot be registered with local agent
- Referencing Consul keys in your Terraform configuration
- Referencing a list of nodes (IP address, ports, etc) a particular service has been registered on
Tip
The content of this tutorial also applies to Consul clusters hosted on HashiCorp Cloud Platform (HCP). HCP Consul generates a Terraform command to help you import infrastructure. To find the command in the HCP Portal, go to a cluster's Cluster details page, and then click Manage. You can copy the command from the Import to Terraform section. For more information on how to configure the provider, refer to infrastructure import usage in the Terraform documentation.
Note
Only use Terraform to register external services. Services running locally with a Consul agent should register with Consul directly to take advantage of native health checking.
In this tutorial, you will use Terraform to register two new external service and query information about it. To do this, you will:
- Register two new external nodes
- Register the counting and dashboard services with health checks
- Query all services registered with the Consul datacenter
If you get lost at anytime, you can view the final Terraform configuration here:
Prerequisites
This tutorial assumes that you are familiar with Consul external services. To learn more about this concept, visit the External Services Learn tutorial.
In addition, you'll need:
- Docker and Docker Compose installed.
- Terraform version 0.14 or higher installed.
Clone the following GitHub repo.
Next, navigate to the /getting-started-terraform-consul-provider
folder.
Checkout the following git tag.
Change into the directory that contains the demo code.
Start Consul and the services for this tutorial.
This command will take about a minute to spin up the following:
- A Consul datacenter running with ACLs pre-configured (UI on port :8500)
- 3 Consul servers
- 2 Consul clients
- Counting service running on port :9001
- Dashboard for counting service running on port :8080
Run the command docker ps
to confirm these services were successfully deployed.
Bootstrap Consul ACLs
Since this Consul datacenter has ACLs pre-configured, you need a bootstrap ACL
token to view and manipulate any Consul resources. To generate the bootstrap ACL
token, run the following docker exec
command, which runs bootstraps Consul's
ACL system and outputs the bootstrap token as the SecretID
.
If you get the following failure response, the Consul datacenter has not nominated a cluster leader yet. Wait a couple of seconds before re-running the command.
Access the web UI
Finally, to configure your Consul UI to use the ACL token, open the Consul UI http://localhost:8500. Click on the Log in button at the center of the page, or at the top right hand side of the window.
Enter your bootstrap ACL token into the text box and click Save. After refreshing your page, you should be able to view your Consul resources via the UI.
Configure the provider
To start using the Terraform Consul provider, you will need to configure the
provider block to point to your Consul datacenter. Open the main.tf
file in your text editior.
Next, replace the placeholder with the bootstrap ACL token you retrieved in the
previous step, see line 17
.
1 2 3 4 5 6 7 8 9 101112131415161718
While all the provider arguments are optional, we have explicitly listed address, datacenter and token as they are unique to each configuration. For a full list of arguments and their default values, visit the Terraform Consul Provider documentation.
Next, initialize the terraform workspace.
This will install the Consul provider and configure it with the arguments you
provided in main.tf
.
Register external nodes
Add the following resource blocks to your main.tf
Terraform file.
This will register two new external nodes with Consul, one named counting and the named dashboard. Both external nodes will have addresses localhost. In practice, you would assign the address to the external service's address you want to connect to.
In addition, both resources' metadata have external-node
and external-probe
assigned to true. If Consul ESM were running alongside Consul, these arguments
would cause it to regularly health check external nodes and update their status
in the catalog. It's been omitted from this demo because all services are
running on the same host.
You can configure ESM to work with ACLs enabled using the token
block in in
its configuration file. To learn more about Consul ESM, visit the
External Services Learn tutorial.
To apply your configuration and register the nodes, run the following command.
Confirm the proposed changes with a yes
when prompted.
If successfully applied, Consul UI will show the new counting and dashboard nodes in the nodes tab.
Register services
Now that you have created the external nodes, add the following resource blocks
to your main.tf
file to register the services.
Once you've done this, apply the configuration.
Confirm the run with a yes
.
This assigns each service to their respective nodes. In addition, it attaches health checks and tags. On successful terraform apply, the two services should appear in your Consul UI.
You have successfully scheduled two external services on Consul using Terraform!
Discover services
To discover all services on your Consul datacenter, add the following
configuration to main.tf
. This will return a list of all services in the
default datacenter. You can specify additional argument parameters in the data
block.
Apply the configuration. This time, you will use the flag --auto-approve
to skip the prompt.
Notice the new output displayed in the plan. It contains a list of services in the Consul datacenter: the counting service, the dashboard service, and Consul itself.
Reference a specific service
You can also use Terraform to query additional information about a particular service. The following configuration snippet will return all information about the counting service you just registered.
Note
There is a difference between consul_services
and consul_service
. consul_services
lists multiple services. consul_service
references a specific service.
Apply the new configuration.
Notice the new output displayed the terminal.
Reference an existing service
You can also reference existing Consul services. The following configuration snippet will return a list of IP addresses and ports the Consul external nodes are registered on. This information can be useful to modify firewall rules via Terraform.
Apply the configuration.
Notice the new output listing the consul agents, their IP addresses, and ports.
Next steps
Congrats! You successfully configured your Terraform Consul Provider and used it to register new nodes and services. Now, clean up your demo environment.
Related resources
- To discover additional capabilities, visit the Terraform Consul Provider Registry Documentation Page.
- Learn how to deploy Consul with Kubernetes on AWS.
- Learn more about Terraform.