DEV Community

Ryan Tiffany
Ryan Tiffany

Posted on

2 1

Deploy a Consul cluster to an IBM Cloud VPC using Terraform and Ansible

Lately I have been on a little bit of an Ansible + Terraform kick so I thought I would throw together a code example for deploying a Consul cluster in to an IBM Cloud VPC using these tools.

Consul is a service mesh control plane with baked in service discovery, configuration, and segmentation functionality. As more and more of our deployed applications and services are spread out between clouds, Consul allows us a secure communication layer regardless of where our infrastructure is hosted.

You can get $500 (USD) in credit towards VPC resources in IBM by adding the code VPC500 to your account.

Prerequisites

Use Terraform to Create Infrastructure

Terraform is an infrastructure as code tool that allows you to provision and manage a wide range of clouds, infrastructure, and services. Using Terraform allows us to create consistent, repeatable deployments.

Steps

  1. Clone repository:
$ git clone https://github.com/cloud-design-dev/ibm-vpc-consul-terraform-ansible.git
$ cd ibm-vpc-consul-terraform-ansible
Enter fullscreen mode Exit fullscreen mode
  1. Copy terraform.tfvars.template to terraform.tfvars:
$ cp terraform.tfvars.template terraform.tfvars
Enter fullscreen mode Exit fullscreen mode
  1. Edit terraform.tfvars to match your environment.

  2. Run tfswitch to point to the right Terraform version for this solution:

$ tfswitch
Enter fullscreen mode Exit fullscreen mode
  1. Deploy all resources:
$ terraform init
$ terraform plan -out default.tfplan 
$ terraform apply default.tfplan
Enter fullscreen mode Exit fullscreen mode

If the plan completes successfully you should see something like the following output:

Apply complete! Resources: 27 added, 0 changed, 0 destroyed.

The state of your infrastructure has been saved to the path
below. This state is required to modify and destroy your
infrastructure, so keep it safe. To inspect the complete state
use the `terraform show` command.

State path: terraform.tfstate

Outputs:

bastion_instance_ip = 10.242.0.36
bastion_public_ip = x.y.x.y
consul_instance_ip = [
  "10.242.0.4",
  "10.242.0.6",
  "10.242.0.5",
]
consul_names = [
  "default-041430-eu-gb-1-consul1",
  "default-041430-eu-gb-1-consul2",
  "default-041430-eu-gb-1-consul3",
]
Enter fullscreen mode Exit fullscreen mode

Our Terraform deployment has also generated:

  • An Ansible inventory file
  • A variables file that will be used by the ansible playbook
  • A temporary ansible.cfg file for use with our playbook

After the plan completes we can move on to deploying Consul using Ansible.

Run Ansible Playbook to Create the Consul Cluster

Whereas Terraform is best suited for the deployment of infrastructure, when it comes to configuration management I prefer Ansible. In this example Ansible will be used to:

  • Update the base operating system
  • Add the consul public key to the server
  • Install the consul binary
  • Bootstrap a 3 node cluster using Ansible templates
$ cd ansible 
$ ansible-playbook -i inventory playbooks/consul-cluster.yml
Enter fullscreen mode Exit fullscreen mode

If you would like a little more insight in to what Ansible is doing behind the scenes, add -vv to your ansible-playbook command:

$ ansible-playbook -vv -i inventory playbooks/consul-cluster.yml
Enter fullscreen mode Exit fullscreen mode

Verify that the cluster is running

Since we bound the Consul agent to the main private IP of the VPC instances we first need to set the environmental variable for CONSUL_HTTP_ADDR. Take one of the consul instance IPs and run the following command:

$ ansible -m shell -b -a "CONSUL_HTTP_ADDR=\"http://CONSUL_INSTANCE_IP:8500\" consul members" CONSUL_INSTANCE_NAME -i inventory
Enter fullscreen mode Exit fullscreen mode

Example output

ansible -m shell -b -a "CONSUL_HTTP_ADDR=\"http://10.241.0.36:8500\" consul members" dev-011534-us-east-1-consul1 -i inventory
dev-011534-us-east-1-consul1 | CHANGED | rc=0 >>

Node                          Address           Status  Type    Build  Protocol  DC       Segment
dev-011534-us-east-1-consul1  10.241.0.36:8301  alive   server  1.9.0  2         us-east  <all>
dev-011534-us-east-1-consul2  10.241.0.38:8301  alive   server  1.9.0  2         us-east  <all>
dev-011534-us-east-1-consul3  10.241.0.37:8301  alive   server  1.9.0  2         us-east  <all>
Enter fullscreen mode Exit fullscreen mode

Asciinema Recording of a Test Run

AWS Security LIVE!

Tune in for AWS Security LIVE!

Join AWS Security LIVE! for expert insights and actionable tips to protect your organization and keep security teams prepared.

Learn More

Top comments (0)

AWS Security LIVE!

Tune in for AWS Security LIVE!

Join AWS Security LIVE! for expert insights and actionable tips to protect your organization and keep security teams prepared.

Learn More

👋 Kindness is contagious

Explore a sea of insights with this enlightening post, highly esteemed within the nurturing DEV Community. Coders of all stripes are invited to participate and contribute to our shared knowledge.

Expressing gratitude with a simple "thank you" can make a big impact. Leave your thanks in the comments!

On DEV, exchanging ideas smooths our way and strengthens our community bonds. Found this useful? A quick note of thanks to the author can mean a lot.

Okay