https://github.com/cludden/consul-server
consul server container that pulls secret configuration from dynamodb
https://github.com/cludden/consul-server
Last synced: 2 months ago
JSON representation
consul server container that pulls secret configuration from dynamodb
- Host: GitHub
- URL: https://github.com/cludden/consul-server
- Owner: cludden
- License: mit
- Created: 2016-07-26T20:44:10.000Z (almost 9 years ago)
- Default Branch: master
- Last Pushed: 2016-11-01T18:31:03.000Z (over 8 years ago)
- Last Synced: 2025-02-14T10:18:20.478Z (4 months ago)
- Language: JSONiq
- Size: 5.86 KB
- Stars: 1
- Watchers: 3
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE.md
Awesome Lists containing this project
README
# consul-server
docker container based on the official [consul]() image that allows for dynamic configuration by pulling all configuration from DynamoDB.## Getting Started
1. clone this repo
2. create a dynamodb table for configuration data with a hash key of "user" and type string, and a range key of "id" and type string. Add an item for each consul datacenter cluster
```json
{
"user": "consul-server-aws-us-west-2",
"id": "consul-server-aws-us-west-2",
"config": {
"acl_datacenter": "aws-us-west-2",
"acl_default_policy": "deny",
"acl_down_policy": "deny",
"acl_master_token": "",
"client_addr": "0.0.0.0",
"data_dir": "/data",
"datacenter": "aws-us-west-2",
"disable_remote_exec": true,
"dns_config": {
"allow_stale": true
},
"encrypt": "",
"server": true,
"ui": true
}
}
```
3. create an s3 bucket to hold ssl certificates & keys. I found [this guide](https://www.digitalocean.com/community/tutorials/how-to-secure-consul-with-tls-encryption-on-ubuntu-14-04) and [this other guide](https://langui.sh/2009/01/18/openssl-self-signed-ca/) helpful for creating all of the necessary components. Once you have them, upload them to the s3 bucket. *note: you will need an additional certificate & key file per datacenter*
2. Build the image.
```bash
docker build -t consul-server .
```
3. Run it, providing environment variables for configuration data
```bash
docker run -d \
-e "REGION=$REGION" \ # add additional env vars here as well
consul-server
```## Environment Variables
| name | desc |
| --- | --- |
| CA_DEST_PATH | the absolute destination path for the ca certificate (e.g. `/opt/consul/ssl/consul-ca.cer`) |
| CA_S3_PATH | the s3 location of the ca certificate |
| CERT_DEST_PATH | the absolute destination path for the ssl certificate (e.g. `/opt/consul/ssl/aws-us-west-2.cer`) |
| CERT_S3_PATH | the s3 location of the ssl certificate |
| DYNAMO_KEY | the key query for the dynamo object `{"hashKey":{"S":"HASH"},"rangeKey":{"S":"RANGE"}}` |
| DYNAMO_REGION | aws region for the dynamo table |
| DYNAMO_TABLE | dynamodb table name |
| KEY_DEST_PATH | the absolute destination path for the ssl key (e.g. `/opt/consul/ssl/aws-us-west-2.key`) |
| KEY_S3_PATH | the s3 location of the ssl key |
| S3_BUCKET | the name of the s3 bucket that holds the ssl components |
| S3_REGION | aws region |## License
Copyright (c) 2016 Chris Ludden. Licensed under the [MIT License](LICENSE.md)