I see many people struggeling to make consul-agent work with systemd.resolvd and eventually give up and go with dnsmasq or a similar approach.
Here's a reasonably simple way to make everything play nicely together.
If you found this useful, say thanks. And as much as i'd love your support via patreon, go and donate to the EFF.
Here's an exerpt from the install_consul_agent.sh
that my base packer builder runs for all my systemd hosts:
# Binary is in place, secured. Deploy the systemd components to make it useful
##
echo "moving systemd components into place..."
# deploy the service file
mv systemd/consul-agent.service /etc/systemd/system/consul-agent.service
mv systemd/dummy0.netdev /etc/systemd/network/dummy0.netdev
mv systemd/dummy0.network /etc/systemd/network/dummy0.network
# Then get the interface created
echo "reconfiguring network for dummy0..."
systemctl restart systemd-networkd
# Ok, now we're ready!
echo "Attempting to bring consul up for POST..."
systemctl enable consul-agent
systemctl start consul-agent
# Confirm that consul actually came up...
if [ `systemctl is-failed consul-agent.service` == 'failed' ];
then
echo "Consul failed to start"
# Bail, packer should fail this build...
exit 1
fi
It really is that simple. Systemd.resolved will happily do split-zone DNS. I think this functionality was intended for VPN users, but we can take advantage of this for our purposes.
Rather than tell systemd.resolved that $host.internal.corp.com
can be reached via ppp01
, we tell resolvd that $host.consul
can be resolved via dummy0
and bind consul-agent to dummy0
.
Oh the fun to be had with virtual interfaces.... :).
Awesome, thanks! 🏅
Do you happen to have that whole packer script out in the open somewhere? Your setup seems fairly similar to mine, but written in a better and more structured way. Would love to see what other tricks you've applied. 😄