Q: How can I enable consul connect through CONSUL_LOCAL_CONFIG

[Stephen Nesbitt]

All:

I'm running Consul in a docker container and now want to enable Consul Connect. Rather than writing an config file I would prefer to pass in the connect enable stanza through the CONSUL_LOCAL_CONFIG environment variable. Problem is that I can't figure out the correct json syntax for this.

Can someone help me out?

Thx,

-steve

[Blake Covarrubias]

HI Steve,

This configuration should be sufficient for starting a local Consul agent with Connect & gRPC (for Envoy) enabled.

docker run --rm --env CONSUL_LOCAL_CONFIG='{ "connect":{ "enabled":true }, "ports":{ "grpc":8502 } }' consul agent

Best,

—

Blake Covarrubias

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/hashicorp/consul/issues
Community chat: https://gitter.im/hashicorp-consul/Lobby
---
You received this message because you are subscribed to the Google Groups "Consul" group.
To unsubscribe from this group and stop receiving emails from it, send an email to consul-tool...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/consul-tool/5cb3ac7c-d7ac-41dd-afc9-84fdd6bc5456%40googlegroups.com.

[Stephen Nesbitt]

Hi Blake!

Thanks for the info! It solved one piece of the puzzle.

I thought I'd document what I was trying to do, and some of the issues I ran into. There might be somebody else trying to do the same thing.

Fundamentally what I wanted was to configure a docker instance of Consul without using a static config file. In other words, configure my Consul docker image strictly from the command line. Further, since I can't use Nomad to control the placement of containers, I was using Ansible to create the container. Here are the issues I ran into and how I resolved them:

• There are no command line options for enabling consul connect or the grpc port. Doing so requires setting CONSUL_LOCAL_CONFIG environment variable.. The catch is that the contents need to be well formed json. But all the documentation examples are in HCL leaving me to intuit what the json equivalent was. This might be an opportunity for the Consul team to either 1) allow CONSUL_LOCAL_CONFIG to contain HCL or 2) redo documentation along the lines of Traefik which provides TOML, YAML and CLI examples for all configuration options.
• Trying to construct a well formed json string in Ansible isn't straightforward given the Ansible templating engine. The trick was to create a YAML equivalent of the json and then use the Ansible to_json filter.
• Although documented, I didn't expect that in addition to setting a environment variable I also needed to modify the Consul configuration. The Consul docker container processes the CONSUL_LOCAL_CONFIG by writing the contents to a file in /consul/config. The gotcha is that the /consul/config directory is not parsed by default. It requires that one set the -config-dir command line to /consul/config. I assumed - I think reasonably - that setting CONSUL_LOCAL_CONFIG was sufficient. There might be another opportunity here for the Consul team to modify behavior, update docs or provide an example.

Hope this either helps or give someone a good laugh!

-steve

 

[Blake Covarrubias]

Steve,

Thank you. This is valuable feedback.

It sounds like there are definitely a couple opportunities for us to improve docs/functionality to make it easier to use Consul in Docker. I’ll share our feedback internally & file internal/GH issues to track resolving these.

Best,

—

Blake Covarrubias

Product Manager, Consul

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/hashicorp/consul/issues
Community chat: https://gitter.im/hashicorp-consul/Lobby
---
You received this message because you are subscribed to the Google Groups "Consul" group.
To unsubscribe from this group and stop receiving emails from it, send an email to consul-tool...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/consul-tool/7dd7774c-5af2-4ca6-8ae7-a72bacce323b%40googlegroups.com.

[Blake Covarrubias]

Hi Steve,

I realized I was a little too quick in responding to that last email.

The Docker container does actually load the config specified in CONSUL_LOCAL_CONFIG by default using the -config-dir argument (docker-consulf/0.X/docker-entrypoint.sh#L64). Consul also supports setting the gRPC port at the CLI using the -grpc-port argument. For example:

$ docker run --rm --env CONSUL_LOCAL_CONFIG='{ "connect":{ "enabled":true } }' consul agent -grpc-port=8502

==> Starting Consul agent...

           Version: 'v1.7.3'

           Node ID: 'e141ac86-2f04-0e41-71f4-5134a9d8ea5c'

         Node name: '548a6fa35da6'

        Datacenter: 'dc1' (Segment: '')

            Server: false (Bootstrap: false)

       Client Addr: [127.0.0.1] (HTTP: 8500, HTTPS: -1, gRPC: 8502, DNS: 8600)

I’m curious as to why the CONSUL_LOCAL_CONFIG environment variable is not working for you. Which version of the docker container are you using? Do you mind sharing the arguments you're using to start the container in Docker?

—

Blake Covarrubias

[Stephen Nesbitt]

Blake:

No problem - my bad on the grpc port - there is indeed a config line option. Enabling connect does not have a cli equivalent.

Here is a dump of the container without the -config-dir set as part of the docker command. Contents of CONSUL_LOCAL_CONFIG are ignored => grpc port set to -1 and no certificate created. As a further check I set CONSUL_LOCAL_CONFIG=garbage and the container ran without Consul raising an error. 

Here is a dump with -config-dir set. grpc is set and certificate generated.

I hate "it works for me"  :-)

The only immediate difference I can identify is Ansible which uses the docker-py library to create containers. But that is likely to be a red herring

Bizarre.

-steve