• HashiCorp Developer

  • HashiCorp Cloud Platform
  • Terraform
  • Packer
  • Consul
  • Vault
  • Boundary
  • Nomad
  • Waypoint
  • Vagrant
HashiCorp Cloud Platform
  • Tutorials
  • Documentation
  • Try Cloud(opens in new tab)
  • Sign up
HashiCorp Cloud Platform

Skip to main content
8 tutorials
  • Peering an AWS VPC with HashiCorp Cloud Platform (HCP)
  • Deploy HCP Consul
  • Configure EC2 as a Consul Client for HCP Consul
  • Connect an Elastic Kubernetes Service Cluster to HCP Consul
  • Serverless Consul service mesh with ECS and HCP
  • Admin Partitions with HCP Consul and Amazon Elastic Container Service
  • Configure Azure VM as a Consul Client for HCP Consul
  • Connect an Azure Kubernetes Service Cluster to HCP Consul

  • Resources

  • Tutorial Library
  • Community Forum
    (opens in new tab)
  • Support
    (opens in new tab)
  • GitHub
    (opens in new tab)
  1. Developer
  2. HashiCorp Cloud Platform
  3. Tutorials
  4. HashiCorp Cloud Platform
  5. Configure Azure VM as a Consul Client for HCP Consul

Configure Azure VM as a Consul Client for HCP Consul

  • 8min

  • HCPHCP
  • ConsulConsul
  • TerraformTerraform

HashiCorp Cloud Platform (HCP) Consul is a fully managed Service Mesh as a Service (SMaaS) version of Consul. After you deploy an HCP Consul server cluster, you must deploy Consul clients into your network so you can leverage Consul’s full feature set including service mesh and service discovery. HCP Consul supports Consul clients running on Azure Virtual Machine (VM) and Azure Kubernetes Service (AKS) resources.

In this tutorial, you will deploy and provision a Consul client running on an Azure VM instance that connects to your HCP Consul cluster. In the process, you will review the provisioning script to better understand the steps required to properly configure an Azure VM instance to connect and interact with an HCP Consul cluster.

HCP Consul cluster connecting to a Consul Client on a peered Azure Virtual Network

Prerequisites

For this tutorial, you will need:

  • The Terraform 0.14+ CLI installed locally.
  • The Azure CLI installed locally.
  • An HCP account configured for use with Terraform
  • An Azure account configured for use with Terraform

Clone example repository

In your terminal, clone the project repository from GitHub. This repository contains Terraform configuration, including configuration for this tutorial.

$ git clone https://github.com/hashicorp/learn-consul-terraform.git
$ git clone git@github.com:hashicorp/learn-consul-terraform.git

Change into the directory with the newly cloned repository.

$ cd learn-consul-terraform/datacenter-deploy-hcp-azure-vm-client

Fetch the latest tags and check out the v0.0.## tag of the repository.

$ git fetch && git checkout v0.0.##

Review configuration

The project directory contains two sub-directories:

  1. The 1-virtual-network-hcp subdirectory contains Terraform configuration to deploy an Azure virtual network and underlying networking resources, an HCP HashiCorp Virtual Network (HVN), and an HCP Consul cluster. In addition, these configuration files use the hashicorp/hcp-consul/azurerm Terraform module to set up all networking rules to allow a Consul client to communicate with the HCP Consul servers. This includes setting up the peering connection between the HVN and your Azure virtual network, setting up the HCP routes, and creating Azure network security group ingress rules.

  2. The 2-vm-consul-client subdirectory contains Terraform configuration that creates an SSH key pair and deploys an Azure virtual machine. The virtual machine uses a cloud-init script to automate the Consul client configuration. In the Review Consul client configuration for Azure VM section, you will review the automation scripts in more detail.

This tutorial intentionally separates the Terraform configuration into two discrete steps. This process reflects Terraform best practices. By dividing the HCP Consul cluster management from the Consul client management, you can separate the duties and reduce the blast radius.

Deploy Azure and HCP Consul resources

In this section, you will use your Terraform configuration files deploy an HCP Consul cluster, an Azure virtual network, and the underlying networking resources.

Issue the terraform init command from your working directory to download the necessary providers and initialize the backend.

$ terraform -chdir=1-virtual-network-hcp/ init

Initializing modules...
Initializing the backend...
Initializing provider plugins...
...

Terraform has been successfully initialized!
...

Then, deploy the resources. Confirm the run by entering yes.

$ terraform -chdir=1-virtual-network-hcp/ apply

## ...
Do you want to perform these actions?
 Terraform will perform the actions described above.
 Only 'yes' will be accepted to approve.

 Enter a value: yes

## ...

Apply complete! Resources: 25 added, 0 changed, 0 destroyed.

Outputs:

azurerm_nsg = "learn-hcp-consul-vm-client-nsg"
azurerm_resource_group = "learn-hcp-consul-vm-client-gid"
consul_root_token = <sensitive>
consul_url = "https://servers-public-consul-ffff5f82.9e6a40c0.z1.hashicorp.cloud"
hcp_consul_cluster_id = "learn-hcp-consul-vm-client"
prefix = "learn-hcp-consul-vm-client"
subnet_id = "/subscriptions/c9ed8610-47a3-4107-a2b2-a322114dfb29/resourceGroups/learn-hcp-consul-vm-client-gid/providers/Microsoft.Network/virtualNetworks/learn-hcp-consul-vm-client-vnet/subnets/subnet1"

Note: The deployment could take up to 10 minutes to complete. Feel free to explore the next sections of this tutorial while waiting for the cluster to complete initialization. Learn more about the Raft protocol at The Secret Lives of Data's raft protocol presentation in a fun, interactive way.

Notice that Terraform displays the outputs created from the apply.

Create terraform.tfvars file for Consul client directory

Since you created the underlying infrastructure with Terraform, you can use the outputs to help you deploy the Azure VM resources in the next section.

Create a terraform.tfvars file in the 2-vm-consul-client directory with the Terraform outputs from this project.

$ echo "hcp_consul_cluster_id=\"$(terraform output -raw hcp_consul_cluster_id)\"
azurerm_resource_group=\"$(terraform output -raw azurerm_resource_group)\"
prefix=\"$(terraform output -raw prefix)\"
azurerm_nsg=\"$(terraform output -raw azurerm_nsg)\"
subnet_id=$(terraform output -json subnet_id)" > ../2-vm-consul-client/terraform.tfvars

Review Consul client configuration for Azure VM

In this tutorial, you will apply HCP Consul's secure-by-default design with Terraform by configuring your Azure VM instances with the gossip encryption key, the Consul CA cert, and a permissive ACL token.

Inspect the datacenter-deploy-hcp-azure-vm-client/2-vm-consul-client/main.tf file contents in your project directory:

datacenter-deploy-hcp-azure-vm-client/2-vm-consul-client/main.tf
resource "azurerm_linux_virtual_machine" "consul_client" {
  count                 = 1
  name                  = "consul-client-${count.index}-${random_string.random.id}"
  location              = data.azurerm_resource_group.selected.location
  resource_group_name   = data.azurerm_resource_group.selected.name
  network_interface_ids = [azurerm_network_interface.client_nic.id]
  size                  = "Standard_DS1_v2"

  os_disk {
    name                 = "myOsDisk"
    caching              = "ReadWrite"
    storage_account_type = "Premium_LRS"
  }

  source_image_reference {
    publisher = "Canonical"
    offer     = "0001-com-ubuntu-server-focal"
    sku       = "20_04-lts-gen2"
    version   = "latest"
  }

  admin_username                  = "ubuntu"
  disable_password_authentication = true

  admin_ssh_key {
    username   = "ubuntu"
    public_key = file("./consul-client.pub")
  }

  user_data = base64encode(templatefile("${path.module}/scripts/user_data.sh", {
    setup = base64gzip(templatefile("${path.module}/scripts/setup.sh", {
      consul_ca        = data.hcp_consul_cluster.selected.consul_ca_file
      consul_config    = data.hcp_consul_cluster.selected.consul_config_file
      consul_acl_token = hcp_consul_cluster_root_token.token.secret_id,
      consul_version   = data.hcp_consul_cluster.selected.consul_version,
      consul_service = base64encode(templatefile("${path.module}/scripts/service", {
        service_name = "consul",
        service_cmd  = "/usr/bin/consul agent -data-dir /var/consul -config-dir=/etc/consul.d/",
      })),
      vpc_cidr = data.hcp_hvn.selected.cidr_block
    })),
  }))

  tags = {
    Name = "hcp-consul-client-${count.index}"
  }
}

In this example, the secure Consul configuration properties received from your HCP Consul cluster will be injected into your Azure VM Consul configuration file. Consul will then be set to run as a service on your Azure VM with this secure configuration.

Deploy Azure VM resources

In this section, you will use Terraform to create an SSH key pair and deploy an Azure virtual machine. The virtual machine uses a cloud-init script to automate the secure Consul client configuration, which will connect to your HCP Consul cluster.

Issue the terraform init command from your working directory to download the necessary providers and initialize the backend.

$ terraform -chdir=2-vm-consul-client/ init

Initializing modules...
Initializing the backend...
Initializing provider plugins...
...

Terraform has been successfully initialized!
...

Then, deploy the resources. Confirm the run by entering yes.

$ terraform -chdir=2-vm-consul-client/ apply

## ...
Do you want to perform these actions?
 Terraform will perform the actions described above.
 Only 'yes' will be accepted to approve.

 Enter a value: yes

## ...

Apply complete! Resources: 11 added, 0 changed, 0 destroyed.

Outputs:

consul_root_token = <sensitive>
consul_url = "https://servers-public-consul-ffff5f82.9e6a40c0.z1.hashicorp.cloud"
tls_private_key = <sensitive>
vm_client = "20.230.191.76"

Notice that Terraform displays the outputs created from the apply.

Tip: HashiCorp Cloud Platform offers Enterprise features. To interact with these features, you need to install the Enterprise Consul binary for your client agents. Learn more information about Consul Enterprise in the Consul Enterprise documentation.

Explore the Consul UI

In this section you will view your Consul UI to explore your resources.

Retrieve your HCP Consul public URL and ACL token from Terraform.

$ terraform -chdir=1-virtual-network-hcp/ output consul_url && \
  terraform -chdir=1-virtual-network-hcp/ output consul_root_token

Example output:

"https://servers-public-consul-ffff5f82.9e6a40c0.z1.hashicorp.cloud"
"5c4e7242-8300-b6de-2e4c-78cdbad15c39"

Copy and paste the Consul public URL into your browser to visit the Consul UI. Since HCP Consul is secure by default, copy and paste the ACL token into the Consul authentication prompt to use the Consul UI.

Once authenticated, click the Nodes tab on the left navigation pane to review your nodes that contain active Consul clients.

Consul nodes page in the Consul dashboard with two running Consul clients represented as nodes.

Notice that your environment contains two Consul nodes: A Consul server agent running in your HCP cluster, and a Consul client agent running on your Azure VM instance.

Next steps

In this tutorial, you connected Consul clients on Azure VM to HCP Consul. To keep learning about Consul's features, and for step-by-step examples of how to perform common Consul tasks, feel free to explore one of the following tutorials.

  • Explore the Consul UI tutorial
  • Register a Service with Consul Service Discovery tutorial
  • Secure Applications with Service Sidecar Proxies tutorial
  • Create a Consul service mesh on HCP using Envoy as a sidecar proxy tutorial If you encounter any issues, please contact the HCP support team at support.hashicorp.com.
 Previous
 Next

This tutorial also appears in:

  •  
    11 tutorials
    HCP Consul Deployment
    Deploy managed Consul in AWS or Azure. Connect Consul clients running on Azure Virtual Machines (VMs), Elastic Compute Cloud (EC2), Elastic Kubernetes Service (EKS), Azure Kubernetes Service (AKS), and/or Elastic Container Service (ECS).
    • Consul

On this page

  1. Configure Azure VM as a Consul Client for HCP Consul
  2. Prerequisites
  3. Clone example repository
  4. Review configuration
  5. Deploy Azure and HCP Consul resources
  6. Review Consul client configuration for Azure VM
  7. Deploy Azure VM resources
  8. Explore the Consul UI
  9. Next steps
Give Feedback(opens in new tab)
  • Certifications
  • System Status
  • Terms of Use
  • Security
  • Privacy
  • Trademark Policy
  • Trade Controls
  • Give Feedback(opens in new tab)