I recently needed to stand up a test consul cluster, and I thought it might be useful to share my notes. Here's what you can do to quickly get a consul cluster going...
First, create an IAM role named
consul and attach the AmazonEC2ReadOnlyAccess policy to the role.
Next, boot three Ubuntu instances, assigning the just-created role to them as the IAM role, and the following user data:
#!/bin/bash curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add - sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main" sudo apt-get update && sudo apt-get install consul echo "datacenter = \"$(ec2metadata --public-hostname | cut -d. -f2)\"" >> /etc/consul.d/consul.hcl echo 'server = true' >> /etc/consul.d/consul.hcl echo 'bootstrap_expect = 3' >> /etc/consul.d/consul.hcl echo 'retry_join = ["provider=aws tag_key=Role tag_value=consul"]' >> /etc/consul.d/consul.hcl systemctl start consul
This will install the latest consul on each of the instances, configure consul to operate in server mode, and bootstrap the cluster.
You also want to add the
Role tag with the value of
consul to the instances. This is how the instances will find each other to form a cluster.
After you boot the instances, edit the security group to allow inbound traffic from the security group (so the instances can connect to each other).
Once those steps are done, you can confirm the cluster is working by connecting to any of the instances and running
consul members. You should see the three instances listed as servers.
Now you can use your consul cluster by pointing consul clients at the private IP of any of the instances.