https://github.com/cludden/consul-server

consul server container that pulls secret configuration from dynamodb
https://github.com/cludden/consul-server

Last synced: 2 months ago
JSON representation

consul server container that pulls secret configuration from dynamodb

• Host: GitHub
• URL: https://github.com/cludden/consul-server
• Owner: cludden
• License: mit
• Created: 2016-07-26T20:44:10.000Z (almost 9 years ago)
• Default Branch: master
• Last Pushed: 2016-11-01T18:31:03.000Z (over 8 years ago)
• Last Synced: 2025-02-14T10:18:20.478Z (4 months ago)
• Language: JSONiq
• Size: 5.86 KB
• Stars: 1
• Watchers: 3
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE.md

Awesome Lists containing this project

README

        
# consul-server

docker container based on the official [consul]() image that allows for dynamic configuration by pulling all configuration from DynamoDB.

## Getting Started

1. clone this repo

2. create a dynamodb table for configuration data with a hash key of "user" and type string, and a range key of "id" and type string. Add an item for each consul datacenter cluster

```json

{

    "user": "consul-server-aws-us-west-2",

    "id": "consul-server-aws-us-west-2",

    "config": {

        "acl_datacenter": "aws-us-west-2",

        "acl_default_policy": "deny",

        "acl_down_policy": "deny",

        "acl_master_token": "",

        "client_addr": "0.0.0.0",

        "data_dir": "/data",

        "datacenter": "aws-us-west-2",

        "disable_remote_exec": true,

        "dns_config": {

            "allow_stale": true

        },

        "encrypt": "",

        "server": true,

        "ui": true

    }

}

```

3. create an s3 bucket to hold ssl certificates & keys. I found [this guide](https://www.digitalocean.com/community/tutorials/how-to-secure-consul-with-tls-encryption-on-ubuntu-14-04) and [this other guide](https://langui.sh/2009/01/18/openssl-self-signed-ca/) helpful for creating all of the necessary components. Once you have them, upload them to the s3 bucket. *note: you will need an additional certificate & key file per datacenter*

2. Build the image.

```bash

docker build -t consul-server .

```

3. Run it, providing environment variables for configuration data

```bash

docker run -d \

-e "REGION=$REGION" \ # add additional env vars here as well

consul-server

```

## Environment Variables

| name | desc |

| --- | --- |

| CA_DEST_PATH | the absolute destination path for the ca certificate (e.g. `/opt/consul/ssl/consul-ca.cer`) |

| CA_S3_PATH | the s3 location of the ca certificate |

| CERT_DEST_PATH | the absolute destination path for the ssl certificate (e.g. `/opt/consul/ssl/aws-us-west-2.cer`) |

| CERT_S3_PATH | the s3 location of the ssl certificate |

| DYNAMO_KEY | the key query for the dynamo object `{"hashKey":{"S":"HASH"},"rangeKey":{"S":"RANGE"}}` |

| DYNAMO_REGION | aws region for the dynamo table |

| DYNAMO_TABLE | dynamodb table name |

| KEY_DEST_PATH | the absolute destination path for the ssl key (e.g. `/opt/consul/ssl/aws-us-west-2.key`) |

| KEY_S3_PATH | the s3 location of the ssl key |

| S3_BUCKET | the name of the s3 bucket that holds the ssl components |

| S3_REGION | aws region |

## License

Copyright (c) 2016 Chris Ludden. Licensed under the [MIT License](LICENSE.md)