Monitor your application health with distributed checks

In modern distributed systems, health checks play a significant role in the maintenance of complex deployments. Health checks provide a way to monitor and verify the status of your service fleet and can be used to automatically react to failures or excessive load. Consul uses distributed health checks to maintain an updated catalog of all services and nodes registered within the datacenter and to periodically verify services' behavior.

The Consul DNS service provides a standard interface to query the Consul catalog. Using Consul FQDN for service configuration, instead of IPs, you can simplify application configuration. One further simplification provided by Consul is the load-balancing feature provided across multiple instances of the same service. This is completely transparent to the downstream service instances and does not require extra configuration. Consul DNS service prevents unhealthy service instances to be resolved and simplifies the configuration process for your applications that do not have to change configuration in case of service failure.

Consul DNS service is based on the service definition files that the different Consul agents provide and uses a distributed health check system to ensure reliability of DNS results.

In this tutorial you will learn how to write a service definition to register your service in Consul and how to create health checks to make sure your service is available only when fully functional.

Specifically, you will:

• Review the ACL permissions required to register a Consul service
• Generate a token for a Consul service using the service-identity policy
• Create a service configuration for the hashicups-api service
• Reload Consul configuration to include the newly configured service
• Verify service registration
• Verify the load-balancing feature provided by Consul DNS

Tutorial scenario

This tutorial uses HashiCups, a demo coffee shop application made up of several microservices running on VMs.

At the beginning of the tutorial, you have a fully deployed Consul datacenter with an instance of the HashiCups application, composed by four services, NGINX, Frontend, API, and Database, deployed and registered in Consul catalog.

In the Consul datacenter, there is an extra node that you want to use to host a second instance of the API service for HashiCups, that you want to include in the datacenter.

By the end of this tutorial, you will have configured the API service to be part of Consul catalog.

This tutorial will focus specifically on service and health checks definitions to register a service in Consul catalog.

Once the service is registered in Consul, it will automatically appear in Consul DNS results and Consul will automatically load balance traffic across the different instances of the service.

All operations in this tutorial, after the scenario deployment, will be performed from an additional node, a bastion host, that will be deployed as part of the scenario. The tutorial provides instructions on how to connect to the bastion host at the end of the deployment.

Prerequisites

This tutorial assumes you are already familiar with Consul service discovery and its core functionalities. If you are new to Consul refer to refer to the Consul Getting Started tutorials collection.

If you want to follow along with this tutorial and you do not already have the required infrastructure in place, the following steps guide you through the process to deploy a demo application and a configured Consul datacenter on AWS automatically using Terraform.

To create a Consul deployment on AWS using terraform, you need the following:

• An AWS account configured for use with Terraform
• aws-cli >= v2.0
• terraform >= v1.0
• consul >= v1.17.0

Clone GitHub repository

Clone the GitHub repository containing the configuration files and resources.

$ git clone https://github.com/hashicorp-education/learn-consul-health-checks-vms

$ git clone git@github.com:hashicorp-education/learn-consul-health-checks-vms.git

Enter the directory that contains the configuration files for this tutorial.

$ cd learn-consul-health-checks-vms/self-managed/infrastructure/aws

Create infrastructure

With these Terraform configuration files, you are ready to deploy your infrastructure.

Issue the terraform init command from your working directory to download the necessary providers and initialize the backend.

$ terraform init
Initializing the backend...
Initializing provider plugins...
...
Terraform has been successfully initialized!
...

Then, deploy the resources. Confirm the run by entering yes.

$ terraform apply -var-file=../../ops/conf/monitor_application_health_with_distributed_checks.tfvars
## ...
Do you want to perform these actions?
 Terraform will perform the actions described above.
 Only 'yes' will be accepted to approve.
 Enter a value: yes
## ...
Apply complete! Resources: 49 added, 0 changed, 0 destroyed.

After the deployment is complete, Terraform returns a list of outputs you can use to interact with the newly created environment.

Outputs:

connection_string = "ssh -i certs/id_rsa.pem admin@`terraform output -raw ip_bastion`"
ip_bastion = "<redacted-output>"
remote_ops = "export BASTION_HOST=<redacted-output>"
retry_join = "provider=aws tag_key=ConsulJoinTag tag_value=auto-join-hcoc"
ui_consul = "https://<redacted-output>:8443"
ui_grafana = "http://<redacted-output>:3000/d/hashicups/hashicups"
ui_hashicups = "http://<redacted-output>"

The Terraform outputs provide useful information, including the bastion host IP address. The following is a brief description of the Terraform outputs:

• The ip_bastion provides IP address of the bastion host you use to run the rest of the commands in this tutorial.
• The remote_ops lists the bastion host IP, which you can use access the bastion host.
• The retry_join output lists Consul's retry_join configuration parameter. The next tutorial uses this information to generate Consul server and client configuration.
• The ui_consul output lists the Consul UI address. The Consul UI is not currently running. You will use the Consul UI in a later tutorial to verify that Consul started correctly.
• The ui_grafana output lists the Grafana UI address. You will use this address in a future tutorial.
• The ui_hashicups output lists the HashiCups UI address. You can open this address in a web browser to verify the HashiCups demo application is running properly.

List AWS instances

The scenario deploys seven virtual machines.

$ terraform state list
## ...
aws_instance.api[0]
aws_instance.api[1]
aws_instance.bastion
aws_instance.consul_server[0]
aws_instance.database[0]
aws_instance.frontend[0]
aws_instance.nginx[0]
## ...

After deployment, six virtual machines, consul_server[0], database[0], frontend[0], api[0], api[1], and nginx[0] are configured in a Consul datacenter with service discovery. Node api[1] does not have a service registered but is already a member of Consul datacenter.

The remaining node, bastion is used to perform the tutorial steps.

Login into the bastion host VM

Login to the bastion host using ssh.

$ ssh -i certs/id_rsa.pem admin@`terraform output -raw ip_bastion`
#...
admin@bastion:~$

Configure CLI to interact with Consul

Configure your bastion host to communicate with your Consul environment using the two dynamically generated environment variable files.

$ source "/home/admin/assets/scenario/env-scenario.env" && \
  source "/home/admin/assets/scenario/env-consul.env"

That will produce no output.

After loading the needed variables, verify you can connect to your Consul datacenter.

$ consul members

That will produce an output similar to the following.

Node                  Address          Status  Type    Build   Protocol  DC   Partition  Segment
consul-server-0       172.22.0.8:8301  alive   server  1.17.1  2         dc1  default    <all>
hashicups-api-0       172.22.0.2:8301  alive   client  1.17.1  2         dc1  default    <default>
hashicups-api-1       172.22.0.3:8301  alive   client  1.17.1  2         dc1  default    <default>
hashicups-db-0        172.22.0.4:8301  alive   client  1.17.1  2         dc1  default    <default>
hashicups-frontend-0  172.22.0.5:8301  alive   client  1.17.1  2         dc1  default    <default>
hashicups-nginx-0     172.22.0.6:8301  alive   client  1.17.1  2         dc1  default    <default>

Use consul catalog services to query Consul catalog for the services present in the datacenter.

$ consul catalog services -tags
consul                  
hashicups-api           inst_0
hashicups-db            inst_0
hashicups-frontend      inst_0
hashicups-nginx         inst_0

Every service for the HashiCups application is tagged with the inst_0 tag to indicate they are the first instance of the service.

Create ACL token for service registration

When ACLs are enabled, service registration requires a token with write permission over the service name you want to register. In this case service name is hashicups-api.

Service identities let you to quickly construct policies for services, rather than manually creating identical polices for each service instance and for their companion sidecar proxy. Generate a new token for hashicups-api-1 using service-identity.

$ consul acl token create \
  -description="SVC HashiCups API token" \
  --format json \
  -service-identity="hashicups-api" | tee /home/admin/assets/scenario/conf/secrets/acl-token-svc-hashicups-api-1.json

That will produce an output similar to the following.

{
  "CreateIndex": 97,
    "ModifyIndex": 97,
    "AccessorID": "cdf3909b-16cf-a5ea-bcb8-3b3b19fe0bd0",
    "SecretID": "925cee23-8b47-5ef2-2f20-1fb40cdcbf0d",
    "Description": "SVC HashiCups API token",
    "ServiceIdentities": [
      {
        "ServiceName": "hashicups-api"
        }
    ],
    "Local": false,
    "CreateTime": "2024-01-17T13:43:09.166273172Z",
    "Hash": "RtpgRlE69uEOWjeuaBUG2ezUM37J4OxeUhFaaRJaEac="
}

Set your newly generated token as the CONSUL_AGENT_TOKEN environment variable. You will use this variable later in the tutorial to generate the service definition file.

$ export CONSUL_AGENT_TOKEN=`cat /home/admin/assets/scenario/conf/secrets/acl-token-svc-hashicups-api-1.json | jq -r ".SecretID"`

Review service configuration for Consul services

Consul allows multiple ways to register a service in the service catalog:

1. Creating a service definition file in the agent's configuration directory
2. Using the consul services register CLI command
3. Calling the /agent/service/register HTTP API endpoint

Each of these methods will persist the registration in the Consul data folder.

To make sure your service registration survives data folder corruption, in this tutorial you will configure a service by placing a service definition file inside the agent's configuration directory.

Each service configuration is composed by two parts, service definitions and health checks definitions.

Service definition

The service definition requires the following parameters to be defined:

• name - the service name to register. Multiple instances of the same service share the same service name.
• id - the service id. Multiple instances of the same service require a unambiguous id to be registered.
• tags - [optional] - tags to assign to the service instance. Useful for blue-green deployment, canary deployment or to identify services inside Consul datacenter.
• port - the port your service is exposing.
• token - a token to be used during service registration. This is the token you created in the previous section.

Below an example configuration for the service definition.

service {
  name = "hashicups-api"
  id = "hashicups-api-1"
  tags = [ "inst_1" ]
  port = 8081
  token = "925cee23-8b47-5ef2-2f20-1fb40cdcbf0d"
}

Read more on service definitions at Services configuration reference

Checks definition.

Consul provides distributed monitoring for your services when health checks for the service are configured. Health checks configurations are nested in the service block. They can be defined using the following parameters:

• id - unique string value that specifies an ID for the check.
• name - required string value that specifies the name of the check.
• service_id - specifies the ID of a service instance to associate with a service check.
• interval - specifies how frequently to run the check.
• timeout - specifies how long unsuccessful requests take to end with a timeout.

The other parameter required to define the check is the type. Consul supports multiple check types, but for this tutorial you will use the TCP and HTTP check types.

A tcp check establishes connections to the specified IPs or hosts. If the check successfully establishes a connection, the service status is reported as success. If the IP or host does not accept the connection, the service status is reported as critical.

An example of tcp check for the hashicups-api service, listening on port 8081 is the following:

{
  id =  "check-hashicups-api.public",
  name = "hashicups-api.public status check",
  service_id = "hashicups-api-1",
  tcp  = "localhost:8081",
  interval = "5s",
  timeout = "5s"
}

HTTP checks send an HTTP request to the URL specified in the definition and report the service health based on the HTTP response code.

An example of tcp check for the hashicups-api service, which exposes an health endpoint to test service status, is the following:

{
  id =  "check-hashicups-api.public.http",
  name = "hashicups-api.public  HTTP status check",
  service_id = "hashicups-api-1",
  http  = "http://localhost:8081/health",
  interval = "5s",
  timeout = "5s"
}

Create service configuration for HashiCups API service

The HashiCups API service is composed by three different services, public-api, product-api, and payments, listening respectively on port 8081, 9090, and 8080. The only service that requires external access is the public-api on port 8081.

Create service configuration file.

$ tee /home/admin/assets/scenario/conf/hashicups-api-1/svc-hashicups-api.hcl > /dev/null << EOF
## -----------------------------
## svc-hashicups-api.hcl
## -----------------------------
service {
  # Name of the service as it will appear in Consul catalog
  name = "hashicups-api"

  # Unambiguous ID, to distinguish the service instance from other instances of the same service
  id = "hashicups-api-1"
  
  # Tags for the service instance. A service instance can be reched using the 
  # <tag>.<service>.service.<datacenter>.<domain> FQDN
  tags = [ "inst_1" ]
  
  # Port number for the service
  port = 8081
  
  # ACL token to present when registering the service 
  token = "${CONSUL_AGENT_TOKEN}"

  checks =[
  {
  id =  "check-hashicups-api.public.http",
  name = "hashicups-api.public  HTTP status check",
  service_id = "hashicups-api-1",
  http  = "http://localhost:8081/health",
  interval = "5s",
  timeout = "5s"
  },
  {
    id =  "check-hashicups-api.public",
    name = "hashicups-api.public status check",
    service_id = "hashicups-api-1",
    tcp  = "localhost:8081",
    interval = "5s",
    timeout = "5s"
  },
  {
    id =  "check-hashicups-api.product",
    name = "hashicups-api.product status check",
    service_id = "hashicups-api-1",
    tcp  = "localhost:9090",
    interval = "5s",
    timeout = "5s"
  },
  {
    id =  "check-hashicups-api.payments",
    name = "hashicups-api.payments status check",
    service_id = "hashicups-api-1",
    tcp  = "localhost:8080",
    interval = "5s",
    timeout = "5s"
  }]
}
EOF

Copy the configuration file on the hashicups-api-1 node.

$ scp -r -i /home/admin/certs/id_rsa /home/admin/assets/scenario/conf/hashicups-api-1/svc-hashicups-api.hcl admin@hashicups-api-1:/etc/consul.d/svc-hashicups-api.hcl
svc-hashicups-api.hcl

Login to hashicups-api-1 from the bastion host.

$ ssh -i certs/id_rsa hashicups-api-1
#..
admin@hashicups-api-1:~

Verify the VM contains the files required for Consul configuration.

$ cat /etc/consul.d/svc-hashicups-api.hcl

That will produce an output similar to the following.

## -----------------------------
## svc-hashicups-api.hcl
## -----------------------------
service {
  # Name of the service as it will appear in Consul catalog
  name = "hashicups-api"

  # Unambiguous ID, to distinguish the service instance from other instances of the same service
  id = "hashicups-api-1"
  
  # Tags for the service instance. A service instance can be reched using the 
  # <tag>.<service>.service.<datacenter>.<domain> FQDN
  tags = [ "inst_1" ]
  
  # Port number for the service
  port = 8081
  
  # ACL token to present when registering the service 
  token = "925cee23-8b47-5ef2-2f20-1fb40cdcbf0d"

  checks =[
  {
  id =  "check-hashicups-api.public.http",
  name = "hashicups-api.public  HTTP status check",
  service_id = "hashicups-api-1",
  http  = "http://localhost:8081/health",
  interval = "5s",
  timeout = "5s"
  },
  {
    id =  "check-hashicups-api.public",
    name = "hashicups-api.public status check",
    service_id = "hashicups-api-1",
    tcp  = "localhost:8081",
    interval = "5s",
    timeout = "5s"
  },
  {
    id =  "check-hashicups-api.product",
    name = "hashicups-api.product status check",
    service_id = "hashicups-api-1",
    tcp  = "localhost:9090",
    interval = "5s",
    timeout = "5s"
  },
  {
    id =  "check-hashicups-api.payments",
    name = "hashicups-api.payments status check",
    service_id = "hashicups-api-1",
    tcp  = "localhost:8080",
    interval = "5s",
    timeout = "5s"
  }]
}

Reload Consul to apply the service configuration.

$ consul reload
Configuration reload triggered

Start hashicups-api service.

$ ~/start_service.sh

The output of the command will show some Docker output while the Docker images that compose the services are being pulled on the node.

To continue with the tutorial, exit the ssh session to return to the bastion host.

$ exit
logout
Connection to hashicups-api-1 closed.
admin@bastion:~$

Verify service registration

The service will now start appearing among Consul DNS results when a query is performed. Use the inst_1 tag in the results to recognize the new instance or in the query to filter the DNS results. Consul DNS service can be queried using all interfaces provided by Consul.

API interface and UI can also be used to retrieve information about the health checks configured for the service.

$ consul catalog services -tags
consul                  
hashicups-api           inst_0,inst_1
hashicups-db            inst_0
hashicups-frontend      inst_0
hashicups-nginx         inst_0

$ curl --silent \
   --header "X-Consul-Token: $CONSUL_HTTP_TOKEN" \
   --connect-to server.${CONSUL_DATACENTER}.${CONSUL_DOMAIN}:8443:consul-server-0:8443 \
   --cacert ${CONSUL_CACERT} \
   https://server.${CONSUL_DATACENTER}.${CONSUL_DOMAIN}:8443/v1/catalog/service/hashicups-api | jq -r .

[
  {
    "ID": "d7c965d1-46d7-f8e4-edee-46436a2830da",
    "Node": "hashicups-api-0",
    "Address": "172.22.0.2",
    "Datacenter": "dc1",
    "TaggedAddresses": {
      "lan": "172.22.0.2",
      "lan_ipv4": "172.22.0.2",
      "wan": "172.22.0.2",
      "wan_ipv4": "172.22.0.2"
    },
    "NodeMeta": {
      "consul-network-segment": "",
      "consul-version": "1.17.1"
    },
    "ServiceKind": "",
    "ServiceID": "hashicups-api-0",
    "ServiceName": "hashicups-api",
    "ServiceTags": [
      "inst_0"
    ],
    "ServiceAddress": "",
    "ServiceWeights": {
      "Passing": 1,
      "Warning": 1
    },
    "ServiceMeta": {},
    "ServicePort": 8081,
    "ServiceSocketPath": "",
    "ServiceEnableTagOverride": false,
    "ServiceProxy": {
      "Mode": "",
      "MeshGateway": {},
      "Expose": {}
    },
    "ServiceConnect": {},
    "ServiceLocality": null,
    "CreateIndex": 56,
    "ModifyIndex": 56
  },
  {
    "ID": "03441c94-0a5c-e599-300f-3d06f89a2387",
    "Node": "hashicups-api-1",
    "Address": "172.22.0.3",
    "Datacenter": "dc1",
    "TaggedAddresses": {
      "lan": "172.22.0.3",
      "lan_ipv4": "172.22.0.3",
      "wan": "172.22.0.3",
      "wan_ipv4": "172.22.0.3"
    },
    "NodeMeta": {
      "consul-network-segment": "",
      "consul-version": "1.17.1"
    },
    "ServiceKind": "",
    "ServiceID": "hashicups-api-1",
    "ServiceName": "hashicups-api",
    "ServiceTags": [
      "inst_1"
    ],
    "ServiceAddress": "",
    "ServiceWeights": {
      "Passing": 1,
      "Warning": 1
    },
    "ServiceMeta": {},
    "ServicePort": 8081,
    "ServiceSocketPath": "",
    "ServiceEnableTagOverride": false,
    "ServiceProxy": {
      "Mode": "",
      "MeshGateway": {},
      "Expose": {}
    },
    "ServiceConnect": {},
    "ServiceLocality": null,
    "CreateIndex": 99,
    "ModifyIndex": 99
  }
]

$ curl --silent --GET \
   --header "X-Consul-Token: $CONSUL_HTTP_TOKEN" \
   --connect-to server.${CONSUL_DATACENTER}.${CONSUL_DOMAIN}:8443:consul-server-0:8443 \
   --cacert ${CONSUL_CACERT} \
   --data-urlencode 'filter="inst_1" in Service.Tags' \
   https://server.${CONSUL_DATACENTER}.${CONSUL_DOMAIN}:8443/v1/health/service/hashicups-api | jq -r .

[
  {
    "Node": {
      "ID": "967701f2-61ca-5200-5f31-6602dcd01c77",
      "Node": "hashicups-api-1",
      "Address": "172.18.0.7",
      "Datacenter": "dc1",
      "TaggedAddresses": {
        "lan": "172.18.0.7",
        "lan_ipv4": "172.18.0.7",
        "wan": "172.18.0.7",
        "wan_ipv4": "172.18.0.7"
      },
      "Meta": {
        "consul-network-segment": "",
        "consul-version": "1.17.0"
      },
      "CreateIndex": 40,
      "ModifyIndex": 55
    },
    "Service": {
      "ID": "hashicups-api-1",
      "Service": "hashicups-api",
      "Tags": [
        "inst_1"
      ],
      "Address": "",
      "Meta": null,
      "Port": 8081,
      "Weights": {
        "Passing": 1,
        "Warning": 1
      },
      "EnableTagOverride": false,
      "Proxy": {
        "Mode": "",
        "MeshGateway": {},
        "Expose": {}
      },
      "Connect": {},
      "PeerName": "",
      "CreateIndex": 144,
      "ModifyIndex": 144
    },
    "Checks": [
      {
        "Node": "hashicups-api-1",
        "CheckID": "serfHealth",
        "Name": "Serf Health Status",
        "Status": "passing",
        "Notes": "",
        "Output": "Agent alive and reachable",
        "ServiceID": "",
        "ServiceName": "",
        "ServiceTags": [],
        "Type": "",
        "Interval": "",
        "Timeout": "",
        "ExposedPort": 0,
        "Definition": {},
        "CreateIndex": 40,
        "ModifyIndex": 40
      },
      {
        "Node": "hashicups-api-1",
        "CheckID": "check-hashicups-api.payments",
        "Name": "hashicups-api.payments status check",
        "Status": "passing",
        "Notes": "",
        "Output": "TCP connect localhost:8080: Success",
        "ServiceID": "hashicups-api-1",
        "ServiceName": "hashicups-api",
        "ServiceTags": [
          "inst_1"
        ],
        "Type": "tcp",
        "Interval": "5s",
        "Timeout": "5s",
        "ExposedPort": 0,
        "Definition": {},
        "CreateIndex": 144,
        "ModifyIndex": 151
      },
      {
        "Node": "hashicups-api-1",
        "CheckID": "check-hashicups-api.product",
        "Name": "hashicups-api.product status check",
        "Status": "passing",
        "Notes": "",
        "Output": "TCP connect localhost:9090: Success",
        "ServiceID": "hashicups-api-1",
        "ServiceName": "hashicups-api",
        "ServiceTags": [
          "inst_1"
        ],
        "Type": "tcp",
        "Interval": "5s",
        "Timeout": "5s",
        "ExposedPort": 0,
        "Definition": {},
        "CreateIndex": 144,
        "ModifyIndex": 146
      },
      {
        "Node": "hashicups-api-1",
        "CheckID": "check-hashicups-api.public",
        "Name": "hashicups-api.public status check",
        "Status": "passing",
        "Notes": "",
        "Output": "TCP connect localhost:8081: Success",
        "ServiceID": "hashicups-api-1",
        "ServiceName": "hashicups-api",
        "ServiceTags": [
          "inst_1"
        ],
        "Type": "tcp",
        "Interval": "5s",
        "Timeout": "5s",
        "ExposedPort": 0,
        "Definition": {},
        "CreateIndex": 144,
        "ModifyIndex": 148
      },
      {
        "Node": "hashicups-api-1",
        "CheckID": "check-hashicups-api.public.http",
        "Name": "hashicups-api.public  HTTP status check",
        "Status": "passing",
        "Notes": "",
        "Output": "HTTP GET http://localhost:8081/health: 200 OK Output: ok",
        "ServiceID": "hashicups-api-1",
        "ServiceName": "hashicups-api",
        "ServiceTags": [
          "inst_1"
        ],
        "Type": "http",
        "Interval": "5s",
        "Timeout": "5s",
        "ExposedPort": 0,
        "Definition": {},
        "CreateIndex": 144,
        "ModifyIndex": 152
      }
    ]
  }
]

$ dig @consul-server-0 -p 8600 hashicups-api.service.dc1.consul

; <<>> DiG 9.16.44-Debian <<>> @consul-server-0 -p 8600 hashicups-api.service.dc1.consul
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37402
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;hashicups-api.service.dc1.consul. IN   A

;; ANSWER SECTION:
hashicups-api.service.dc1.consul. 0 IN  A   10.0.4.199
hashicups-api.service.dc1.consul. 0 IN  A   10.0.4.214

;; Query time: 4 msec
;; SERVER: 10.0.4.65#8600(10.0.4.65)
;; WHEN: Wed Jan 17 13:43:15 UTC 2024
;; MSG SIZE  rcvd: 93

$ dig @consul-server-0  -p 8600 inst_1.hashicups-api.service.dc1.consul
 
; <<>> DiG 9.16.44-Debian <<>> @consul-server-0 -p 8600 hashicups-api.service.dc1.consul
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22022
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
 
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;inst_1.hashicups-api.service.dc1.consul. IN A
 
;; ANSWER SECTION:
inst_1.hashicups-api.service.dc1.consul. 0 IN A 10.0.4.199
 
;; Query time: 1 msec
;; SERVER: 172.22.0.8#53(consul-server-0) (UDP)
;; WHEN: Wed Jan 17 13:43:25 UTC 2024
;; MSG SIZE  rcvd: 84

$ terraform output -raw ui_consul

Verify Consul load balancing functionalities

When multiple instances of a service are defined, Consul DNS will automatically provide basic round-robin load balancing capabilities.

To test it, you will make 100 requests to the Consul DNS service asking to resolve the hashicups-api.service.dc1.consul name and count the different results.

$ for i in `seq 1 100` ; do dig @consul-server-0 -p 8600 hashicups-api.service.dc1.consul +short | head -1; done | sort | uniq -c

That will produce an output similar to the following.

     54 172.22.0.2
     46 172.22.0.3

Notice that the request was balanced across the two different instances of the hashicups-api service.

Destroy the infrastructure

Now that the tutorial is complete, clean up the infrastructure you created.

From the ./self-managed/infrastruture/aws folder of the repository, use terraform to destroy the infrastructure.

$ terraform destroy --auto-approve

Next steps

In this tutorial you learned how to register a service in a Consul datacenter by writing a service definition with associated health checks. You created a token with the necessary permissions to register the service, generated a definition for the hashicups-api service including health checks for all the different components of the service, and registered the service in Consul catalog by reloading the Consul agent on the hashicups-api-1 node. You then used all Consul interfaces, CLI, API, DNS, and UI, to verify the service got registered correctly and learned how to identify the different instances of the service using the inst_1 tag. Finally, you tested Consul DNS load-balancing capabilities by performing multiple queries for the same service and verifying the number of request was roughly even across the two instances.

For more information about the topics covered in this tutorial, refer to the following resources:

• Services overview
• Define services
• Define health checks
• Register services and health checks

To learn more about other features provided by Consul DNS service to:

• Load balancing services in Consul service mesh with Envoy
• Perform static DNS queries
• DNS caching