How to Install Consul Server on AlmaLinux 9

Consul is a modern platform for service discovery that allows you to register services via DNS and HTTP interface. It also offers a Service mesh feature that enables secure connections via TLS and provides authorization between services. On top of that, the Consul also provides an API Gateway for managing access to services and a KV (Key/Value) store for storing service configuration.

In this guide, we'll walk you through the installation of Consul Cluster with multiple servers on AlmaLinux 9 step-by-step.

Prerequisites

To complete this guide, ensure you have the following:

  • Two or more AlmaLinux servers within the same network.
  • A non-root user with administrator privileges.

Setting Up System

In this first step, you will prepare your AlmaLinux servers for Consul installation, which includes:

  • Configuring Firewalld to open ports.
  • Configure SELinux to Permissive mode.

Configuring Firewalld

Before installing packages, you must open ports on your Consul servers. As for the RHEL-based operating system, you will be using Firewalld to open ports.

Execute the command below to open ports 8300, 8301, 8302, 8400, 8500, and 8600 on your AlmaLinux servers. If successful, you should get the output such as success.

sudo firewall-cmd --permanent --zone=public --add-port={8300,8301,8302,8400,8500,8600}/tcp

Now, reload the firewalld using the below command to take effects.

sudo firewall-cmd --reload

Lastly, verify your firewalld rules using the following command. Ensure ports 8300, 8301, 8302, 8400, 8500, 8600 are available on your firewalld.

sudo firewall-cmd --zone=public --list-all

setup firewalld

Changing SELinux to Permissive

After configuring firewalld, you will change the default SELinux mode to permissive. This will generate error logs on SELinux without blocking the action.

Execute the following command to change SELinux mode to permissive.

sudo setenforce 0
sudo sed -i 's/^SELINUX=.*/SELINUX=permissive/g' /etc/selinux/config

Then, restart your servers to take effect.

sudo reboot

Now that you've configured all your AlmaLinux servers, you can start the Consul installation.

Setup SELinux to permissive

Installing Consul via DNF

Consul is a service networking platform that supports multiple operating systems. Also, Consul provides a package repository for Linux distributions, including RHEL-based distributions. In this step, you will install Consul from the Consul repository via DNF.

To start, install some basic packages by executing the following command. Input y to proceed with the installation.

sudo dnf install dnf-plugins-core nano

install basic packages

Now run the DNF command below to add the Consul repository to your Alma Linux servers. Then, verify the list of available repositories on each server.

sudo dnf config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo
sudo dnf repolist

The following output proves that you've added the HashiCorp repository to your systems.

add hoshicorp repo

Next, install Consul by executing the following command. Type y to proceed with the Consul installation.

sudo dnf install consul

install consul

After you've finished the installation, run the following command to locate the consul binary file and check its version.

which consul
consul version

The output below, confirms that the Consul binary file is available at /bin/consul, and the current Consul version is 1.17.

verify consul

Configuring Consul

At this point, you've installed Consul on all your AlmaLinux servers. Let's start configuring the Consul cluster with multiple servers without further ado. To illustrate, we'll be using three AlmaLinux servers.

|  Hostname  |    IP Address   |
| ---------  |  -------------- |
|  consul1   |  192.168.10.41  |
|  consul2   |  192.168.10.42  |
|  consul3   |  192.168.10.43  |

First, stop the consul service on every server by executing the command below.

sudo systemctl stop consul

Move to the consul1 server and run the command below to generate a new key for the Consul cluster. Be sure to keep the generated key.

consul keygen

generate key

In all your Consul servers, open the default Consul configuration /etc/consul.d/consul.hcl using the following nano editor command.

sudo nano /etc/consul.d/consul.hcl

Change the default configuration with the following and be aware of some parameters below:

  • server: True means the node will act as a Consul server.
  • advertise_addr: Change this with the respective IP address of the Consul server.
  • bootstrap_expect: How many servers is your cluster would be?
  • encrypt: Every server must have the same key.
  • retry_join: Input Consul cluster IP addresses to this parameter.
# Full configuration options can be found at https://www.consul.io/docs/agent/config

# datacenter
datacenter = "kitty-dc1"

# data_dir
# This flag provides a data directory for the agent to store state.
data_dir = "/opt/consul"

# client_addr
# The address to which the Consul will bind client interfaces, including the HTTP and DNS
# servers.
client_addr = "0.0.0.0"

# ui
# Enables the built-in web UI server and the required HTTP routes.
ui_config{
  enabled = true
}

# default domain
domain = "consul"

# enable dns_config
dns_config{
  enable_truncate = true
  only_passing = true
}

# server
# This flag is used to control if an agent is in server or client mode. When provided,
# an agent will act as a Consul server. Each Consul cluster must have at least one
# server and ideally no more than 5 per datacenter. All servers participate in the Raft
# consensus algorithm to ensure that transactions occur in a consistent, linearizable
# manner. Transactions modify cluster state, which is maintained on all server nodes to
# ensure availability in the case of node failure. Server nodes also participate in a
# WAN gossip pool with server nodes in other datacenters. Servers act as gateways to
# other datacenters and forward traffic as appropriate.
server = true

# Advertise addr - if you want to point clients to a different address than bind or LB.
advertise_addr = "192.168.10.41"

# bootstrap_expect
# This flag provides the number of expected servers in the datacenter.
bootstrap_expect=3

# encrypt
# Specifies the secret key to use for encryption of Consul network traffic.
encrypt = "jFtV8jj4h1hnXGqTllWH+sOqLo/tw9xnnfDHcVxVnYg="

# retry_join
retry_join = ["192.168.10.41", "192.168.10.42", "192.168.10.43"]

Save and exit the file when finished.

Next, run the following command to verify Consul configurations. If you have proper syntax, you should get the output such as 'Configuration is valid'.

sudo consul validate /etc/consul.d/

validate consul

Now run the command below to start and enable the consul service.

sudo systemctl start consul
sudo systemctl enable consul

Then verify the consul using the following command to ensure the service runs.

sudo systemctl status consul

In the following output, you should see Consul is running on consul1 server.

consul1 running

In the following output, you should see Consul is running on consul2 server.

consul2 runningh

In the following output, you should see Consul is running on consul3 server.

consul3 running

Interacting with Consul Cluster

Now that you have the Consul cluster configured on AlmaLinux servers, you can verify and interact with the Consul cluster via the consul command line.

Checking Consul Cluster

Run the command below to check the available Consul server within the cluster.

consul members

In this example, the Consul cluster is composed of three servers, consul1, consul2, and consul3.

list consul members

You can also verify the list of peers on the Cluster using the below command.

consul operator raft list-peers

Below you can see detailed information on each Consul server, including the ID, state, voter, and RaftProtocol version.

list consul peers

Adding KV (Key-Value) Store to Consul

Next, run the following consul command to create a new key-value database. In this example, you will create a new key db_name with the value testdb.

consul kv put consul/configuration/db_name testdb

Now run the command below to retrieve the value for db_name.

consul kv get consul/configuration/db_name

You should get the value testdb like the following:

add kv consul

Interacting with DNS on Consul

Within this guide, you've enabled the Consul DNS. To check the Consul DNS configuration, utilize the dig command below.

dig @127.0.0.1 -p 8600 consul.service.consul

In this example, you've configured Consul servers within the cluster with the same domain name as consul. The following confirms that the domain consul.service.consul with A records 192.168.10.41, 192.168.10.42, 192.168.10.43.

consul dns

Accessing Consul Web UI (User Interface)

Lastly, open your web browser and visit the Consul server IP address with port 8500 e.g: http://192.168.10.41:8500/ui/ to get the Consul web administration dashboard.

Below you should see the available servers in the Consul cluster.

consul web ui

Now, click on the Nodes menu to get detailed information about each server.

list nodes

Then click on the Key/Value menu to get the list of available KV on your Consul servers.

check kv

Conclusion

To wrap up, you've completed the step-by-step installation of the Consul cluster with three AlmaLinux servers. You've enabled the Consul Web UI and Consul DNS within the cluster. Last, you've also learned some basic commands for interacting with Consul clusters, key-value stores, and DNS.

From here, you can now activate the ACLs (Access Control Lists) and implement TLS for connections between Consul servers and clients.

Share this page:

0 Comment(s)