-
Notifications
You must be signed in to change notification settings - Fork 32
/
Copy pathserver.sh
115 lines (86 loc) · 2.22 KB
/
server.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
#!/bin/bash
echo "Hello Consul Server!"
# Install Consul. This creates...
# 1 - a default /etc/consul.d/consul.hcl
# 2 - a default systemd consul.service file
curl -fsSL https://apt.releases.hashicorp.com/gpg | apt-key add -
apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main"
# change to 1.12.0
apt update && apt install -y consul=1.12.0-1
# Grab instance IP
local_ip=`ip -o route get to 169.254.169.254 | sed -n 's/.*src \([0-9.]\+\).*/\1/p'`
mkdir /etc/consul.d/certs
cat > /etc/consul.d/certs/consul-agent-ca.pem <<- EOF
${CA_PUBLIC_KEY}
EOF
cat > /etc/consul.d/certs/server-cert.pem <<- EOF
${SERVER_PUBLIC_KEY}
EOF
cat > /etc/consul.d/certs/server-key.pem <<- EOF
${SERVER_PRIVATE_KEY}
EOF
# Modify the default consul.hcl file
cat > /etc/consul.d/consul.hcl <<- EOF
datacenter = "dc1"
primary_datacenter = "dc1"
data_dir = "/opt/consul"
client_addr = "0.0.0.0"
ui_config {
enabled = true
}
acl = {
enabled = true
default_policy = "deny"
down_policy = "extend-cache"
enable_token_persistence = true
tokens = {
master = "${BOOTSTRAP_TOKEN}"
agent = "${BOOTSTRAP_TOKEN}"
}
}
server = true
bind_addr = "$local_ip"
advertise_addr = "$local_ip"
bootstrap_expect=${BOOTSTRAP_NUMBER}
retry_join = ["provider=aws tag_key=\"${PROJECT_TAG}\" tag_value=\"${PROJECT_VALUE}\""]
encrypt = "${GOSSIP_KEY}"
verify_incoming = true
verify_outgoing = true
verify_server_hostname = true
ca_file = "/etc/consul.d/certs/consul-agent-ca.pem"
cert_file = "/etc/consul.d/certs/server-cert.pem"
key_file = "/etc/consul.d/certs/server-key.pem"
# Below is what's required for service mesh
ports {
grpc = 8502
}
connect {
enabled = true
}
# these are the default settings used for the proxies
# the equivalent for services is "service-defaults" in the "kind" argument
config_entries {
bootstrap = [
{
kind = "proxy-defaults"
name = "global"
config {
protocol = "http"
envoy_prometheus_bind_addr = "0.0.0.0:9102"
}
},
{
Kind = "service-intentions"
Name = "api"
Sources = [
{
Name = "web"
Action = "allow"
}
]
}
]
}
EOF
# Start Consul
sudo systemctl start consul