Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Simplifying Service Management with Consul

You're reading from   Simplifying Service Management with Consul Overcome connectivity and security challenges within dynamic service architectures

Arrow left icon
Product type Paperback
Published in Nov 2021
Publisher Packt
ISBN-13 9781800202627
Length 234 pages
Edition 1st Edition
Concepts
Arrow right icon
Author (1):
Arrow left icon
Robert E. Jackson Robert E. Jackson
Author Profile Icon Robert E. Jackson
Robert E. Jackson
Arrow right icon
View More author details
Toc

Table of Contents (12) Chapters Close

Preface 1. Section 1: Consul Use Cases and Architecture
2. Chapter 1: Consul Overview – Operation and Use Cases FREE CHAPTER 3. Chapter 2: Architecture – How Does It Work? 4. Chapter 3: Keep It Safe, Stupid, and Secure Your Cluster! 5. Chapter 4: Data Center (Not Trade) Federation 6. Section 2: Use Cases Deep Dive
7. Chapter 5: Little Bo Peep Lost Her Service 8. Chapter 6: Connect Four or More 9. Chapter 7: Animate Me 10. Chapter 8: Where Do We Go Now? 11. Other Books You May Enjoy

Automate me!

So, we've established how great it is to be able to discover the services available on our network without cumbersome static addressing, and how to utilize that to ensure the secure delivery of messages among our services. Wouldn't it be great to share this dynamic information with other components in the network? Well, why would we want to do that? To understand how this functionality can improve the lives of so many people, let's jump into the way-back machine and once again recall what we used to do, and often still do, when making adjustments to the network:

  1. Yeah! We have our application deployed into the network and I can communicate with it. However, I can't reach the service my application needs to hit. Better call the network team.
  2. The network team told me that the problem must be on my end because the destination service is alive and responding to their monitoring tools.
  3. After a few days of troubleshooting, we learn that there is a firewall in the path that is protecting that service from nefarious creatures.
  4. So, next, we submit a ticket to the firewall team and request a rule be configured to allow traffic from, you guessed it, my IP address.
  5. Of course, the firewall team is not only getting hammered with requests, but they know that one wrong move on the list of firewall rules and the number of tickets will be the least of their problems, so extreme care must be taken.
  6. Eventually, the team is able to safely add and test the new rule, and we're off and running.

Now after all of that, let's hope that we didn't forget to include any important information in that ticket (such as an additional port). Not to mention that when the address changes (not if), we'll need to enter the process again. This process continues today, even with cloud automation, for a number of different reasons. In my personal experience, these changes are the ones that tend to create the most confusion and delay in any project, and in a dynamic world, the changes aren't slowing down.

Hopefully, you can see how the knowledge that Consul is aware of plays such a critical role in this scenario. As services are added, updated, and removed, the Consul server cluster is aware of the changes, thanks to the distributed agents. Now the main challenge is how to get that information from Consul out to my network equipment, and there are a few ways to solve that.

One of the most straightforward methods for network devices to learn about service changes is for the equipment to learn about those changes directly from Consul via its API. This functionality is already in use with the Consul integration with the F5 Big-IP load balancer using the F5 Application Services interface. Whenever Consul discovers network updates, the load balancer learns of these updates and can adjust the load balancing pools automatically. Although this integration does require the network components to develop functionality specifically for the Consul API, there is no Consul agent required on the load balancer itself.

Figure 1.6 – Load balancer querying Consul for service updates

Figure 1.6 – Load balancer querying Consul for service updates

An alternative to this level of integration is to have Consul post updates to the service availability to a messaging service, such as ActiveMQ or RabbitMQ. Any messaging service, or other application, that can receive an HTTP message can receive service updates from Consul, without having to query it directly.

Figure 1.7 – Consul dynamically updating a message bus

Figure 1.7 – Consul dynamically updating a message bus

A more common method of integration is utilizing Consul's template feature. Just as it sounds, you can create a configuration file template to match whatever device that you need to manage. Within that template, you specify areas where you need input from Consul, such as the IP address of a particular endpoint! If you remember, Consul makes intelligent decisions based on the data it receives. All of that data the Consul servers receive from the clients are pieces in the puzzle of an intelligent and dynamic network. A very simplified analogy would be setting up a payee for paying our bills. I presume this is something many of us do, certainly more common than writing checks. On our bank website, we establish a payee – some company or person that we pay money to every month. If we look at our monthly electricity bills, for example, the amount we pay varies based on the level of electricity my kids use that month. Why can't they ever learn to turn off the lights? So, we have our payee set up, and we know we are paying the electric company. That is our template. All we need is the data point of the amount due. Once the electric company (the client) informs us (the server) of the amount due, we can fill in the amount and let the electronic payment go. Hopefully, this will happen before the electricity is shut off!

Figure 1.8 – Terrific templating

Figure 1.8 – Terrific templating

That template functionality, however, doesn't only apply to configuration files. HashiCorp does have several other products besides Consul, one of which is Terraform. If you aren't familiar with Terraform, it provides a standardized method to define system infrastructure as code for multiple cloud providers, but it also has providers for multiple applications. This includes firewalls, load balancers, monitoring systems, and so on. Now imagine coupling the dynamic aspect of Consul service discovery, with Terraform's infrastructure-as-code platform!

Important Note

The Consul synchronization functionality with Terraform, called Consul-Terraform-Sync, is in public beta at the time of writing and supports a limited set of partner modules for automation. With HashiCorp's development velocity, by the time you're reading this, the functionality is likely fully supported.

You have been reading a chapter from
Simplifying Service Management with Consul
Published in: Nov 2021
Publisher: Packt
ISBN-13: 9781800202627
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image