How to use Templates with Consul

29/12/2020
Chưa phân loại
Consul Template is a simple and powerful tool that populates values from consul into the file system. Consul templates can also execute some commands. Generally, consul template run as a daemon, and this daemon can queries a consul cluster and updates any number of specified templates on the filesystem. The consul template is widely used for updating service configuration files.

Prerequisite

  1. A Virtual instance server
  2. A root user
  3. Consul installed on the server

Update System

We recommend you to upgrade all the packages and repositories before installing any new package on the system. Execute the following command and it will do the job for you.

apt-get update

Install Consul Template

In this guide, we assume that you have already installed consul on the server and also created a consul cluster. Now we will be installing and using the consul template but consul agent must be running for using the consul template. The consul template is not by default added in the consul server package, we will need to download it and install it separately. To do so, you will need to download the latest consul template binary from it’s Official download webpage. Execute the following command and it will do the job for you.

curl -o https://releases.hashicorp.com/consul-template/0.20.0/consul
-template_0.20.0_linux_amd64.tgz

Next, you will need to extract the above-downloaded archive using the following command.

tar -zxf consul-template_0.20.0_linux_amd64.tgz

You can also install it locally using docker if you want. Once you have the docker installed on your system, you can clone the official consul template repository using the following command.

git clone https://github.com/hashicorp/consul-template.git

Next, execute the following command to compile the consul template binary. make dev Now you have successfully installed the consul template on your server.

Configuring Consul Template

We have consul template installed on your system now we are ready to use it. Here is a sample configuration file for consul-template ctemplate config.hcl.

consul {
address = "locahost:8500"
retry {
enabled = true
attempts = 12
backoff = "250ms"
}
token = "w94RIMKUtQH1a4VJGN+t+vn1Y0nErc/ch93E1F1ZcHU="
}
reload_signal = "SIGHUP"kill_signal = "SIGINT"max_stale = "10m"log_level = "warn"#
pid_file = "/consul-template/consul-template.pid"wait {
min = "5s"
max = "10s"
}
vault {
address = "
[http://localhost:8200](http://localhost:8200/)"

token = "R/Uf0tYa5YkhPLpNLL807KWJ4ZiJi3clyQEfaMoRSJg"
renew_token = false
}
deduplicate {
enabled = true
# prefix = "consul-template/dedup/"
}
template {
source      = "./vault/templates/pki/cert.ctmpl"
destination = "./vault/output/pki/mpatel.yourdomain.com.crt"
perms = 0400
left_delimiter  = "{{"
right_delimiter = "}}"
wait {
min = "2s"
max = "10s"
}
}
template {
source      = "./vault/templates/pki/ca.ctmpl"
destination = "./vault/output/pki/mpatel.yourdomain.com.ca.crt"
}
template {
source      = "./vault/templates/pki/key.ctmpl"
destination = "./vault/output/pki/mpatel.yourdomain.com.key"
}

In the above configuration file, please change the consul address, vault address, consul token, vault token, source template paths and output file paths with your actual values. Now you can run the consul template using the following command.

./consul-template -config config.hcl

Creating Certificates dynamically with Vault

Vault is a widely known open source tool for managing secret data. Here, we will see another use of the consul template for creating certificates dynamically with vault. Consul template can run more than one template. In order to create certificates programatically, you will need these three templates given below.

  1. ca.ctmpl
{{/* ./vault/templates/ca.ctmpl */}}
{{ with secret "pki-int/issue/cert-generator" "common_name=YourDomain.com" }}
{{ .Data.issuing_ca }}{{ end }}
  1. ctmpl
{{/* ./vault/templates/cert.ctmpl */}}
{{ with secret "pki-int/issue/cert-generator" "common_name=YourDomain.com" }}
{{ .Data.certificate }}{{ end }}
  1. ctmpl
{{/* ./vault/templates/key.ctmpl */}}
{{ with secret "pki-int/issue/cert-generator" "common_name=YourDomain.com" }}
{{ .Data.private_key }}{{ end }}

Please don’t forget to replace com with your actual domain. The above three templates are three different input templates but they will be compressed into a single API call when they run under the same consul template process. Now when you have all the above consul template and configuration ready then you can use it to create certificates dynamically using the following command.

./consul-template -config config.hcl

You can also use the consul template to discover all the services running in your consul cluster. To do so, you will need to create a template saved as all-services.tpl.

all-services.tpl
{{range services}}# {{.Name}}{{range service .Name}}
{{.Address}}{{end}}
{{end}}

Once you have created the template now you will need to run the template. This time we will just specify the template file to run the template. Execute the following command to run the template.

consul-template -template="all-services.tpl:all-services.txt" -once

We have used a flag – once in the above command to run the process once and then it will automatically quit. You will see the following output for the running services:

# consul
35.75.121.88

# redis
35.75.86.171
35.75.109.224
35.75.59.65

# web
192.168.86.205
192.168.109.224
192.168.59.110

Conclusion

In this guide, you have learned how to install and set up a consul template on your server. Now you can use the consul template to perform various operations on your applications. We hope now you have enough knowledge to work with consul template.

ONET IDC thành lập vào năm 2012, là công ty chuyên nghiệp tại Việt Nam trong lĩnh vực cung cấp dịch vụ Hosting, VPS, máy chủ vật lý, dịch vụ Firewall Anti DDoS, SSL… Với 10 năm xây dựng và phát triển, ứng dụng nhiều công nghệ hiện đại, ONET IDC đã giúp hàng ngàn khách hàng tin tưởng lựa chọn, mang lại sự ổn định tuyệt đối cho website của khách hàng để thúc đẩy việc kinh doanh đạt được hiệu quả và thành công.
Bài viết liên quan

Best Application Docks and Panels for Linux

When it comes to customization of desktop functionality, look and feel, Linux users have got plenty of choice. The freedom...
29/12/2020

Gradio 5.0 – Find and Listen to Internet Radio Stations

Gradio 5.0 is a simple GTK3 radio app that lets you find and listen to internet radio stations on your Ubuntu and Linux...
28/12/2020

NGINX: Block Based on Geographical Location

Nginx is a high performance, lightweight, open source web server available to public for free of charge. It has tremendous...
29/12/2020
Bài Viết

Bài Viết Mới Cập Nhật

Mua Proxy V6 Nuôi Facebook Spam Hiệu Quả Tại Onetcomvn
03/06/2024

Hướng dẫn cách sử dụng ProxyDroid để duyệt web ẩn danh
03/06/2024

Mua proxy Onet uy tín tại Onet.com.vn
03/06/2024

Thuê mua IPv4 giá rẻ, tốc độ nhanh, uy tín #1
28/05/2024

Thuê địa chỉ IPv4 IPv6 trọn gói ở đâu chất lượng, giá RẺ nhất?
27/05/2024