1. The AMI is an ubuntu image

  2. creates a systemd named consul. bin at /usr/bin, config at /etc/consul/config, data at /etc/consul/data

  3. Sample config. This goes to /etc/consul/server.json

{
  "server": true,
  "ui": true,
  "data_dir": "/opt/consul/data",
  "client_addr": "0.0.0.0",
  "bootstrap_expect": __BOOTSTRAP_EXPECT__,

  "retry_join_ec2": {
    "tag_key": "__CONSUL_TAG_KEY__",
    "tag_value": "__CONSUL_TAG_VALUE__"
  }
  1. Sample service
[Unit]
Description=Consul
Requires=network-online.target
After=network-online.target

[Service]
Restart=on-failure
ExecStart=/usr/bin/consul agent -config-dir /etc/consul
ExecReload=/bin/kill -HUP $MAINPID
KillSignal=SIGTERM

[Install]
WantedBy=multi-user.target

  1. The launch configuration uses EC2 health check instead of health endpoint,i.e., potentially there might be case where instance is up, but process is down

  2. For consul client machines, client shares the same consul.service file, but gives a different configuration. This goes to /etc/consul/client.json in the config dir.

{
  "server": false,
  "ui": true,
  "data_dir": "/opt/consul/data",
  "client_addr": "0.0.0.0",

  "retry_join_ec2": {
    "tag_key": "__CONSUL_TAG_KEY__",
    "tag_value": "__CONSUL_TAG_VALUE__"
  }
}

  1. IAM role for consul client and server

    1. s3:GetObject - to get scripts and binaries

    2. ec2:DescribeInstances - need to get tag information