Consul: Difference between revisions
imported>Zie Added page about Consul and Consul-template |
imported>Zie m minor note about the config snippet. |
||
| Line 17: | Line 17: | ||
This turns on haproxy with essentially a blank config | This turns on haproxy with essentially a blank config | ||
then sets up a systemd unit to run haproxy-config, a consul-template service to generate the haproxy configuration from your template. | then sets up a systemd unit to run haproxy-config, a consul-template service to generate the haproxy configuration from your template. | ||
note, in the configuration below, you will need to change: /path/to/haproxy.consul to the path where your haproxy consul template resides. If you rename the file, be sure to fix the ExecReload line as well. | |||
<syntaxhighlight lang="nix"> | <syntaxhighlight lang="nix"> | ||
Revision as of 17:16, 17 November 2020
Consul by Hashicorp is a distributed key/value store along with other things.
Setting up Consul can be as easy as:
services.consul.enable = true;
But there are some specific options that might be useful.
Setting up Consul in a production setting is beyond the scope of this wiki, see the consul documentation for particulars.
- Consul-template
currently consul-template is packaged, but does not have nixos options to configure it. Here is an haproxy example that might prove useful:
This turns on haproxy with essentially a blank config then sets up a systemd unit to run haproxy-config, a consul-template service to generate the haproxy configuration from your template.
note, in the configuration below, you will need to change: /path/to/haproxy.consul to the path where your haproxy consul template resides. If you rename the file, be sure to fix the ExecReload line as well.
services.haproxy.enable = true;
services.haproxy.config = "#this should be replaced via systemd.services.haproxy-config";
systemd.services.haproxy-config = {
description = "Consul-Template configuration for HAPROXY.";
documentation = [ "https://github.com/hashicorp/consul-template" ];
wantedBy = [ "multi-user.target" ];
requires = [ "network-online.target" ];
after = [ "network-online.target" "consul.service" ];
path = [
pkgs.coreutils
pkgs.consul
pkgs.consul-template
pkgs.vault
pkgs.cacert
pkgs.procps
];
serviceConfig = {
ExecStart = ''
${pkgs.consul-template}/bin/consul-template -template "/path/to/haproxy.consul:/etc/haproxy.cfg:${pkgs.procps}/bin/pkill -SIGUSR2 haproxy"
'';
ExecReload = "${pkgs.procps}/bin/pkill -HUP -f haproxy.consul";
KillMode = "process";
KillSignal = "SIGINT";
LimitNOFILE = "infinity";
LimitNPROC = "infinity";
Restart = "on-failure";
RestartSec = "2";
StartLimitBurst = "3";
StartLimitIntervalSec="10";
TasksMax = "infinity";
# we run as root, because /etc/ is not writable by the haproxy user, the config file should really exist in /etc/haproxy/
#User = "${config.services.haproxy.user}";
User = "root";
};
environment = {
#systemd environment for haproxy-config
};
};
systemd.services.haproxy-config.enable = true;