github.com/letsencrypt/boulder@v0.20251208.0/test/consul/README.md

github.com/letsencrypt/boulder@v0.20251208.0/test/consul/README.md (about)

     1  # Consul in Boulder
     2  We use Consul in development mode (flag: `-dev`), which configures Consul as an
     3  in-memory server and client with persistence disabled for ease of use.
     4  
     5  ## Configuring the Service Registry
     6  
     7  - Open `./test/consul/config.hcl`
     8  - Add a `services` stanza for each IP address and (optional) port combination
     9    you wish to have returned as an DNS record. The following stanza will return
    10    two records when resolving `foo-purger`.
    11    ([docs](https://www.consul.io/docs/discovery/services)).
    12    
    13    ```hcl
    14    services {
    15      id      = "foo-purger-a"
    16      name    = "foo-purger"
    17      address = "10.77.77.77"
    18      port    = 1338
    19    }
    20  
    21    services {
    22      id      = "foo-purger-b"
    23      name    = "foo-purger"
    24      address = "10.77.77.77"
    25      port    = 1438
    26    }
    27    ```
    28  - To target individual `foo-purger`'s, add these additional `service` sections
    29    which allow resolving `foo-purger-1` and `foo-purger-2` respectively.
    30  
    31    ```hcl
    32    services {
    33      id      = "foo-purger-1"
    34      name    = "foo-purger-1"
    35      address = "10.77.77.77"
    36      port    = 1338
    37    }
    38  
    39    services {
    40      id      = "foo-purger-2"
    41      name    = "foo-purger-2"
    42      address = "10.77.77.77"
    43      port    = 1438
    44    }
    45    ```
    46  - For RFC 2782 (SRV RR) lookups to work ensure you that you add a tag for the
    47    supported protocol (usually `"tcp"` and or `"udp"`) to the `tags` field.
    48    Consul implemented the `Proto` field as a tag filter for SRV RR lookups.
    49    For more information see the
    50    [docs](https://www.consul.io/docs/discovery/dns#rfc-2782-lookup).
    51    
    52    ```hcl
    53    services {
    54      id      = "foo-purger-a"
    55      name    = "foo-purger"
    56      address = "10.77.77.77"
    57      port    = 1338
    58      tags    = ["udp", "tcp"]
    59    }
    60    ...
    61    ```
    62  - Services are **not** live-reloaded. You will need to cycle the container for
    63    every Service Registry change. 
    64  
    65  ## Accessing the web UI
    66  
    67  ### Linux
    68  
    69  Consul should be accessible at http://10.77.77.10:8500.
    70  
    71  ### Mac
    72  
    73  Docker desktop on macOS doesn't expose the bridge network adapter so you'll need
    74  to add the following port lines (temporarily) to `docker-compose.yml`:
    75  
    76  ```yaml
    77    bconsul:
    78      ports:
    79        - 8500:8500 # forwards 127.0.0.1:8500 -> 10.77.77.10:8500
    80  ```
    81  
    82  For testing DNS resolution locally using `dig` you'll need to add the following:
    83  ```yaml
    84    bconsul:
    85      ports:
    86        - 53:53/udp # forwards 127.0.0.1:53 -> 10.77.77.10:53
    87  ```
    88  
    89  The next time you bring the container up you should be able to access the web UI
    90  at http://127.0.0.1:8500.