Consul: Difference between revisions

From NixOS Wiki
imported>Zie
Added page about Consul and Consul-template
 
imported>Zie
m minor note about the config snippet.
Line 17: Line 17:
This turns on haproxy with essentially a blank config
This turns on haproxy with essentially a blank config
then sets up a systemd unit to run haproxy-config, a consul-template service to generate the haproxy configuration from your template.
then sets up a systemd unit to run haproxy-config, a consul-template service to generate the haproxy configuration from your template.
note, in the configuration below, you will need to change: /path/to/haproxy.consul to the path where your haproxy consul template resides.  If you rename the file, be sure to fix the ExecReload line as well.


<syntaxhighlight lang="nix">
<syntaxhighlight lang="nix">

Revision as of 17:16, 17 November 2020

Consul by Hashicorp is a distributed key/value store along with other things.

Setting up Consul can be as easy as:

  services.consul.enable = true;

But there are some specific options that might be useful.

Setting up Consul in a production setting is beyond the scope of this wiki, see the consul documentation for particulars.

    1. Consul-template

currently consul-template is packaged, but does not have nixos options to configure it. Here is an haproxy example that might prove useful:

This turns on haproxy with essentially a blank config then sets up a systemd unit to run haproxy-config, a consul-template service to generate the haproxy configuration from your template.

note, in the configuration below, you will need to change: /path/to/haproxy.consul to the path where your haproxy consul template resides. If you rename the file, be sure to fix the ExecReload line as well.

services.haproxy.enable = true;
services.haproxy.config = "#this should be replaced via systemd.services.haproxy-config";
systemd.services.haproxy-config = {
    description = "Consul-Template configuration for HAPROXY.";
    documentation = [ "https://github.com/hashicorp/consul-template" ];
    wantedBy = [ "multi-user.target" ];
    requires = [ "network-online.target" ];
    after = [ "network-online.target" "consul.service" ];
    path = [
      pkgs.coreutils
      pkgs.consul
      pkgs.consul-template
      pkgs.vault
      pkgs.cacert
      pkgs.procps
    ];
    serviceConfig = {
      ExecStart = ''
        ${pkgs.consul-template}/bin/consul-template -template "/path/to/haproxy.consul:/etc/haproxy.cfg:${pkgs.procps}/bin/pkill -SIGUSR2 haproxy"
        '';
      ExecReload = "${pkgs.procps}/bin/pkill -HUP -f haproxy.consul";
      KillMode = "process";
      KillSignal = "SIGINT";
      LimitNOFILE = "infinity";
      LimitNPROC = "infinity";
      Restart = "on-failure";
      RestartSec = "2";
      StartLimitBurst = "3";
      StartLimitIntervalSec="10";
      TasksMax = "infinity";
      # we run as root, because /etc/ is not writable by the haproxy user, the config file should really exist in /etc/haproxy/
      #User = "${config.services.haproxy.user}";
      User = "root";
    };

    environment = {
      #systemd environment for haproxy-config
    };
  };
systemd.services.haproxy-config.enable = true;