Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
    Cory Parent
    @goedelsoup
    wait, dig worked before?
    Mick Davies
    @seivad_gitlab
    dig 127.0.0.1 -p 8600 products.service.consul ANY on app server 3 for instance sends back in it's answer section:
    ;; ANSWER SECTION:
products.service.consul. 0    IN    A    10.138.7.145
products.service.consul. 0    IN    TXT    "consul-network-segment="
products.service.consul. 0    IN    A    10.138.23.11
products.service.consul. 0    IN    TXT    "consul-network-segment="
products.service.consul. 0    IN    A    10.138.247.79
products.service.consul. 0    IN    TXT    "consul-network-segment="
    Michael Aldridge
    @the-maldridge
    right, but that's hitting consul directly
    Cory Parent
    @goedelsoup
    ahh, dig worked hitting consul before
    Mick Davies
    @seivad_gitlab
    yeah
    Michael Aldridge
    @the-maldridge
    try without the address and port
    Mick Davies
    @seivad_gitlab
    how do I test if my DNS resolver is working?
    Michael Aldridge
    @the-maldridge
    i.e. using the configured resolver
    Mick Davies
    @seivad_gitlab
    okay will do
    so dig 127.0.0.1 products.service.consul ANY ? that doesn't return any answers now
    Michael Aldridge
    @the-maldridge
    dig A products.service.consul
    or dig SRV products.service.consul if you want a SRV record
    Mick Davies
    @seivad_gitlab
    dig a products.service.consul

; <<>> DiG 9.11.3-1ubuntu1.9-Ubuntu <<>> a products.service.consul
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 56630
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;products.service.consul.    IN    A

;; Query time: 2 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Mon Sep 16 22:47:18 UTC 2019
;; MSG SIZE  rcvd: 52
    Michael Aldridge
    @the-maldridge
    well, there's your answer that its not working
    Mick Davies
    @seivad_gitlab
    yeah not working, but I just followed the docs guide to https://learn.hashicorp.com/consul/security-networking/forwarding#iptables-setup and https://learn.hashicorp.com/consul/security-networking/forwarding#systemd-resolved-setup and rebooted all 3 machines
    do I still need to install say Bind after doing that?
    Michael Aldridge
    @the-maldridge
    so presumably you have a DNS server on at least one machine?
    Mick Davies
    @seivad_gitlab
    is systemd/resolved.conf not acting as a DNS server in this instance?
    Michael Aldridge
    @the-maldridge
    see previous statement of systemd-resolvd being broken in a number of ways
    Mick Davies
    @seivad_gitlab
    Right. This is hard given it's in the docs, why do they leave it there then? I'll install Bind9 then.
    Michael Aldridge
    @the-maldridge
    because its easy
    it comes on most machines now, and as long as the stars are aligned (which they usually are) it works
    Mick Davies
    @seivad_gitlab
    okay, well not so easy for me on fresh DO VM's on latest Ubuntu then.
    Michael Aldridge
    @the-maldridge
    fair enough
    I personally recommend unbound over bind9, but that's mostly personal preference
    Sean
    @Spaceman1861

    Hello all!,

    I was wondering if anyone could help me use the connectInject.namespaceSelector option.

    I Can't figure out how to configure it.

    Im doing this.

    helm install --name=consul-$namespace ./consul-helm --namespace="$namespace"
    --set global.datacenter="hashidc1" --set ui.service.type="LoadBalancer"
    --set connectInject.enabled=true --set connectInject.namespaceSelector="$namespace"
    --set client.enabled=true --set client.grpc=true
    --set server.replicas=1 --set server.bootstrapExpect=1
    --set server.disruptionBudget.enabled=true --set server.disruptionBudget.maxUnavailable=0;

    And Getting this.

    handled as a MutatingWebhookConfiguration: v1beta1.MutatingWebhookConfiguration.Webhooks:
    []v1beta1.Webhook: v1beta1.Webhook.NamespaceSelector: readObjectStart: expect { or n, but found ", error
    found in #10 byte of ...|elector":"dev","rule|..., bigger context
    ...|jector.consul.hashicorp.com","namespaceSelector":"dev","rules":[{"apiGroups":[""],"apiVersions":["v1|.

    Im probably doing something wrong but the doco is a bit vauge.

    Shantanu Gadgil
    @shantanugadgil
    @the-maldridge about dnsmasq, i have used it extensively to setup multi VLAN PXE boot setups spanning many machines (on premise lab) and have been generally happy with it.
    I have not used it for Consul setups
    as the setups have always been using fqdns (north south)
    Michael Aldridge
    @the-maldridge
    sure, for labs its fine but I'd never put it into production
    Chaitanya Munukutla
    @c16a
    May be a stupid question. Anyone has done consul health checks for a Golang service, using the SDK?
    Aaron Hurt
    @leprechau
    absolutely
    all of our early golang services imported consul and our consultant package (https://github.com/myENA/consultant) and sometimes (https://github.com/myENA/consul-decoder) as well for reading consul values into a struct
    however, as we’ve evolved we find ourselves relying less and less on the consul SDK and building applications that leverage more traditional configuration means such as toml files and/or environment variables
    we then have nomad inject those variables and/or build config from consul and slim down the dependency tree of the actual application
    Aaron Hurt
    @leprechau
    @c16a that was for you :)
    sorry for the late response
    bravecobra
    @bravecobra
    Can a connect-aware service connect to a non connect-aware service? I tried but I only got it working once I made the other one connect-aware as well.
    It seems that once you add connect to one service, you need to add to it all. That can not be the idea, right? So I must be doing something wrong.
    Americo Savinon
    @americos
    Hi, What would be the right way to get some secrets into a react app (created with create-react-app) using envconsul?
    Aaron Hurt
    @leprechau
    envconsul or consul-template
    or running the application under nomad
    Kolin Korr
    @kolinkorr839
    I am trying this in consul-template... 
    {{ $test := "prod" }}
'place': '{{ keyOrDefault "dns/$test" "$test-whatever" }}',
    essentially, I like consul-template to see it like this... 
    'place': '{{ keyOrDefault "dns/prod" "prod-whatever" }}',
    but somehow it is interpreting the $test as a literal $test... any hints on how I can achieve the above result?
    Brian Pham
    @brianpham
    This message was deleted
    Michael Aldridge
    @the-maldridge
    well ignoring that the locals block is malformed, you might be better off asking in the terraform room as I don't see anything obviously wrong with that
    Brian Pham
    @brianpham
    Oh oops sorry wrong one. Thanks!