Consul
Watches
Watches are a way of specifying a view of data (e.g. list of nodes, KV pairs, health checks) which is monitored for updates. When an update is detected, an external handler is invoked. A handler can be any executable or HTTP endpoint. As an example, you could watch the status of health checks and notify an external system when a check is critical.
Watches are implemented using blocking queries in the HTTP API. Agents automatically make the proper API calls to watch for changes and inform a handler when the data view has updated.
Watches can be configured as part of the agent's configuration, causing them to run once the agent is initialized. Reloading the agent configuration allows for adding or removing watches dynamically.
Alternatively, the watch command enables a watch to be started outside of the agent. This can be used by an operator to inspect data in Consul or to easily pipe data into processes without being tied to the agent lifecycle.
In either case, the type
of the watch must be specified. Each type of watch
supports different parameters, some required and some optional. These options are specified
in a JSON body when using agent configuration or as CLI flags for the watch command.
Handlers
The watch configuration specifies the view of data to be monitored. Once that view is updated, the specified handler is invoked. Handlers can be either an executable or an HTTP endpoint. A handler receives JSON formatted data with invocation info, following a format that depends on the type of the watch. Each watch type documents the format type. Because they map directly to an HTTP API, handlers should expect the input to match the format of the API. A Consul index is also given, corresponding to the responses from the HTTP API.
Executable
An executable handler reads the JSON invocation info from stdin. Additionally,
the CONSUL_INDEX
environment variable will be set to the Consul index.
Anything written to stdout is logged.
Here is an example configuration, where handler_type
is optionally set to
script
:
Consul watch with script handler defined in agent configuration
agent-config.hcl
watches = [
{
type = "key"
key = "foo/bar/baz"
handler_type = "script"
args = ["/usr/bin/my-service-handler.sh", "-redis"]
}
]
Prior to Consul 1.0, watches used a single handler
field to define the command to run, and
would always run in a shell. In Consul 1.0, the args
array was added so that handlers can be
run without a shell. The handler
field is deprecated, and you should include the shell in
the args
to run under a shell, eg. "args": ["sh", "-c", "..."]
.
HTTP endpoint
An HTTP handler sends an HTTP request when a watch is invoked. The JSON invocation info is sent
as a payload along the request. The response also contains the Consul index as a header named
X-Consul-Index
.
The HTTP handler can be configured by setting handler_type
to http
. Additional handler options
are set using http_handler_config
. The only required parameter is the path
field which specifies
the URL to the HTTP endpoint. Consul uses POST
as the default HTTP method, but this is also configurable.
Other optional fields are header
, timeout
and tls_skip_verify
. The watch invocation data is
always sent as a JSON payload.
Here is an example configuration:
Consul watch with HTTP handler defined in agent configuration
agent-config.hcl
watches = [
{
type = "key"
key = "foo/bar/baz"
handler_type = "http"
http_handler_config {
path = "https://localhost:8000/watch"
method = "POST"
header = {
x-foo = ["bar", "baz"]
}
timeout = "10s"
tls_skip_verify = false
}
}
]
Global Parameters
In addition to the parameters supported by each option type, there are a few global parameters that all watches support:
datacenter
- Can be provided to override the agent's default datacenter.token
- Can be provided to override the agent's default ACL token.args
- The handler subprocess and arguments to invoke when the data view updates.handler
- The handler shell command to invoke when the data view updates.
Watch Types
The following types are supported. Detailed documentation on each is below:
key
- Watch a specific KV pairkeyprefix
- Watch a prefix in the KV storeservices
- Watch the list of available servicesnodes
- Watch the list of nodesservice
- Watch the instances of a servicechecks
- Watch the value of health checksevent
- Watch for custom user events
Type: key
The "key" watch type is used to watch a specific key in the KV store.
It requires that the key
parameter be specified.
This maps to the /v1/kv/
API internally.
Here is an example configuration:
Example key watch type
{
type = "key"
key = "foo/bar/baz"
args = ["/usr/bin/my-service-handler.sh", "-redis"]
}
Or, using the watch command:
$ consul watch -type=key -key=foo/bar/baz /usr/bin/my-key-handler.sh
An example of the output of this command:
{
"Key": "foo/bar/baz",
"CreateIndex": 1793,
"ModifyIndex": 1793,
"LockIndex": 0,
"Flags": 0,
"Value": "aGV5",
"Session": ""
}
Type: keyprefix
The keyprefix
watch type is used to watch a prefix of keys in the KV store.
It requires that the prefix
parameter be specified. This watch
returns all keys matching the prefix whenever any key matching the prefix
changes.
This maps to the /v1/kv/
API internally.
Here is an example configuration:
Example keyprefix watch type
{
type = "keyprefix"
prefix = "foo/"
args = ["/usr/bin/my-prefix-handler.sh", "-redis"]
}
Or, using the watch command:
$ consul watch -type=keyprefix -prefix=foo/ /usr/bin/my-prefix-handler.sh
An example of the output of this command:
[
{
"Key": "foo/bar",
"CreateIndex": 1796,
"ModifyIndex": 1796,
"LockIndex": 0,
"Flags": 0,
"Value": "TU9BUg==",
"Session": ""
},
{
"Key": "foo/baz",
"CreateIndex": 1795,
"ModifyIndex": 1795,
"LockIndex": 0,
"Flags": 0,
"Value": "YXNkZg==",
"Session": ""
},
{
"Key": "foo/test",
"CreateIndex": 1793,
"ModifyIndex": 1793,
"LockIndex": 0,
"Flags": 0,
"Value": "aGV5",
"Session": ""
}
]
Type: services
The "services" watch type is used to watch the list of available services. It has no parameters.
This maps to the /v1/catalog/services
API internally.
Below is an example configuration:
Example services watch type
{
type = "services"
args = ["/usr/bin/my-services-handler.sh"]
}
Or, using the watch command:
$ consul watch -type=services /usr/bin/my-services-handler.sh
An example of the output of this command:
{
"consul": [],
"redis": [],
"web": []
}
Type: nodes
The "nodes" watch type is used to watch the list of available nodes. It has no parameters.
This maps to the /v1/catalog/nodes
API internally.
Below is an example configuration:
Example nodes watch type
{
type = "nodes"
args = ["/usr/bin/my-nodes-handler.sh"]
}
Or, using the watch command:
$ consul watch -type=nodes /usr/bin/my-nodes-handler.sh
An example of the output of this command:
[
{
"ID": "8d3088b5-ce7d-0b94-f185-ae70c3445642",
"Node": "nyc1-consul-1",
"Address": "192.0.2.10",
"Datacenter": "dc1",
"TaggedAddresses": null,
"Meta": null,
"CreateIndex": 23792324,
"ModifyIndex": 23792324
},
{
"ID": "1edb564e-65ee-9e60-5e8a-83eae4637357",
"Node": "nyc1-worker-1",
"Address": "192.0.2.20",
"Datacenter": "dc1",
"TaggedAddresses": {
"lan": "192.0.2.20",
"lan_ipv4": "192.0.2.20",
"wan": "192.0.2.20",
"wan_ipv4": "192.0.2.20"
},
"Meta": {
"consul-network-segment": "",
"host-ip": "192.0.2.20",
"pod-name": "hashicorp-consul-q7nth"
},
"CreateIndex": 23792336,
"ModifyIndex": 23792338
}
]
Type: service
The "service" watch type is used to monitor the providers
of a single service. It requires the service
parameter
and optionally takes the parameters tag
and
passingonly
. The tag
parameter will filter by one or more tags.
It may be either a single string value or a slice of strings.
The passingonly
parameter is a boolean that will filter to only the
instances passing all health checks.
This maps to the /v1/health/service
API internally.
Here is an example configuration with a single tag:
Example service watch type
{
type = "service"
service = "redis"
args = ["/usr/bin/my-service-handler.sh", "-redis"]
tag = "bar"
}
Here is an example configuration with multiple tags:
Example service watch type with multiple tags
{
type = "service"
service = "redis"
args = ["/usr/bin/my-service-handler.sh", "-redis"]
tag = ["bar", "foo"]
}
Or, using the watch command:
Single tag:
$ consul watch -type=service -service=redis -tag=bar /usr/bin/my-service-handler.sh
Multiple tags:
$ consul watch -type=service -service=redis -tag=bar -tag=foo /usr/bin/my-service-handler.sh
An example of the output of this command:
[
{
"Node": {
"ID": "f013522f-aaa2-8fc6-c8ac-c84cb8a56405",
"Node": "hashicorp-consul-server-1",
"Address": "192.0.2.50",
"Datacenter": "dc1",
"TaggedAddresses": null,
"Meta": null,
"CreateIndex": 23785783,
"ModifyIndex": 23785783
},
"Service": {
"ID": "redis",
"Service": "redis",
"Tags": [],
"Meta": null,
"Port": 6379,
"Address": "",
"Weights": {
"Passing": 1,
"Warning": 1
},
"EnableTagOverride": false,
"CreateIndex": 23785794,
"ModifyIndex": 23785794,
"Proxy": {
"MeshGateway": {},
"Expose": {}
},
"Connect": {}
},
"Checks": [
{
"Node": "hashicorp-consul-server-1",
"CheckID": "serfHealth",
"Name": "Serf Health Status",
"Status": "passing",
"Notes": "",
"Output": "Agent alive and reachable",
"ServiceID": "",
"ServiceName": "",
"ServiceTags": [],
"Type": "",
"Definition": {
"Interval": "0s",
"Timeout": "0s",
"DeregisterCriticalServiceAfter": "0s",
"HTTP": "",
"Header": null,
"Method": "",
"Body": "",
"TLSServerName": "",
"TLSSkipVerify": false,
"TCP": "",
"GRPC": "",
"GRPCUseTLS": false
},
"CreateIndex": 23785783,
"ModifyIndex": 23791503
}
]
}
]
Type: checks
The "checks" watch type is used to monitor the checks of a given
service or those in a specific state. It optionally takes the service
parameter to filter to a specific service or the state
parameter to
filter to a specific state. By default, it will watch all checks.
This maps to the /v1/health/state/
API if monitoring by state
or /v1/health/checks/
if monitoring by service.
Here is an example configuration for monitoring by state:
Example checks watch type for all services in the passing state
{
type = "checks"
state = "passing"
args = ["/usr/bin/my-check-handler.sh", "-passing"]
}
Here is an example configuration for monitoring by service:
Example checks watch type for a specific service
{
type = "checks"
service = "redis"
args = ["/usr/bin/my-check-handler.sh", "-redis"]
}
Or, using the watch command:
State:
$ consul watch -type=checks -state=passing /usr/bin/my-check-handler.sh -passing
Service:
$ consul watch -type=checks -service=redis /usr/bin/my-check-handler.sh -redis
An example of the output of this command:
[
{
"Node": "foobar",
"CheckID": "service:redis",
"Name": "Service 'redis' check",
"Status": "passing",
"Notes": "",
"Output": "",
"ServiceID": "redis",
"ServiceName": "redis"
}
]
Type: event
The "event" watch type is used to monitor for custom user
events. These are fired using the consul event command.
It takes only a single optional name
parameter which restricts
the watch to only events with the given name.
This maps to the /v1/event/list
API internally.
Here is an example configuration:
Example event watch type
{
type = "event"
name = "web-deploy"
args = ["/usr/bin/my-event-handler.sh", "-web-deploy"]
}
Or, using the watch command:
$ consul watch -type=event -name=web-deploy /usr/bin/my-event-handler.sh -web-deploy
An example of the output of this command:
[
{
"ID": "f07f3fcc-4b7d-3a7c-6d1e-cf414039fcee",
"Name": "web-deploy",
"Payload": "MTYwOTAzMA==",
"NodeFilter": "",
"ServiceFilter": "",
"TagFilter": "",
"Version": 1,
"LTime": 18
},
...
]
To fire a new web-deploy
event the following could be used:
$ consul event -name=web-deploy 1609030