Im trying to setup a docker container for my vault/consul but get the following error:-
2017/06/22 18:15:58.335293 [WARN ] physical/consul: reconcile unable to talk with Consul backend: error=service registration failed: Put http://127.0.0.1:8500/v1/agent/service/register: dial tcp 127.0.0.1:8500: getsockopt: connection refused
Here is my vault config file.
storage "consul" {
address = "127.0.0.1:8500"
redirect_addr = "http:/127.0.0.1:8500"
path = "vault"
scheme = "http"
}
listener "tcp" {
address = "127.0.0.1:8200"
tls_disable = 1
}
#telemetry {
# statsite_address = "127.0.0.1:8125"
# disable_hostname = true
#}
where is Consul?
This error is saying I'm trying to reach this URL: http://127.0.0.1:8500/v1/agent/service/register and can't.
This implies that either Consul isn't running, or it's running somewhere other than at http://127.0.0.1:8500
Find your consul, and then update your config to point to it.
Related
When I try to connect to an upstream service via a sidecar service in Consul Connect, I get the following error.
2023-02-01T09:31:33-08:00 Setup Failure failed to setup alloc: pre-run hook "group_services" failed: unable to get address for service "sequrercbase": invalid port "base_port": port label not found
The upstream service is named 'sequrercbase' and creates a dynamic port named 'base_port' that I'd like downstream services to connect to.
network {
mode = "bridge"
port "base_port" { }
}
service {
name = "sequrercbase"
port = "base_port"
connect {
sidecar_service {}
}
}
This service is trying to connect to 'securercbase' on the named port 'base_port'.
network {
mode = "bridge"
port "api_port" { }
}
service {
name = "sequrercbase"
port = "base_port"
connect {
sidecar_service {
proxy {
upstreams {
destination_name = "sequrercbase"
local_bind_port = 9989
}
}
}
}
}
Any thoughts on how to work around this issue?
I've written a .tf file that spins up a redis and redis-insight container in their private docker network (openstack instance), but when I ngrok to redis-insight I get this error:
Redis-insight in browser
I can't seem to get the environment variables on the redis-insight resource right.
I've tried many combinations of the env vars in the redis-insight resource.
Since I'm using ngrok for tunneling I set the RITRUSTEDORIGINS var to its port (http://localhost:4040) following the example of this page in the redis documentation that uses nginx as a proxy, but to no luck.
What environment variables should I be using on my redis-insight resource?
This is what I have written so far:
terraform {
required_providers {
docker = {
source = "kreuzwerker/docker"
version = "2.23.1"
}
}
}
provider "docker" {}
resource "docker_network" "redis_network" {
name = "redis_network"
}
resource "docker_image" "redis" {
name = "redis:latest"
keep_locally = false
}
resource "docker_container" "redis" {
image = docker_image.redis.image_id
name = "redis"
ports {
internal = 6379
external = 6379
}
network_mode = docker_network.redis_network.name
}
resource "docker_image" "redis-insight" {
name = "redislabs/redisinsight:latest"
keep_locally = false
}
resource "docker_container" "redis-insight" {
image = docker_image.redis-insight.image_id
name = "redis-insight"
ports {
internal = 8001
external = 8001
}
network_mode = docker_network.redis_network.name
depends_on = [docker_container.redis]
env = [
"REDIS_URL=redis://redis:6379",
"REDIS_PASSWORD=password",
# "REDIS_DATABASE=1",
# "REDIS_TLS=true",
# "INSIGHT_DEBUG=true",
# "RIPORT=8001",
# "RIPROXYENABLE=t",
"RITRUSTEDORIGINS=http://localhost:4040"
]
}
Whats the hostname and port of RedisInsight you are accessing from your browser? If its not localhost:4040, set that in RITRUSTEDORIGINS.
If it is localhost:4040, set RITRUSTEDORIGINS to http://localhost:4040.
Set the right protocol (http or https), hostname and port. This should match the one you use in browser.
I have deployed a consul proxy on a different host than 'localhost' but consul keeps on checking health on 127.0.0.1.
Config of the service and it's sidecar:
service {
name = "counting"
id = "counting-1"
port = 9005
address = "169.254.1.1"
connect {
sidecar_service {
proxy {
config {
bind_address = "169.254.1.1"
bind_port = 21002
tcp_check_address = "169.254.1.1"
local_service_address = "localhost:9005"
}
}
}
}
check {
id = "counting-check"
http = "http://169.254.1.1:9005/health"
method = "GET"
interval = "10s"
timeout = "1s"
}
}
The proxy was deployed using the following command:
consul connect proxy -sidecar-for counting-1 > counting-proxy.log
Consul UI's health check message:
How do I change the health check to 169.254.1.1?
First, I recommend using the Envoy proxy (consul connect envoy) instead of the built-in proxy (consul connect proxy) since the latter is not recommended for production use.
As far as changing the health check address, you can do that by setting proxy.local_service_address. This address is used when configuring the health check for the local application.
See https://github.com/hashicorp/consul/issues/11008#issuecomment-929832280 for a related discussion on this issue.
I have deployed my express-gateway on Heroku, using env variables in this way in the gateway.config.yml file:
http:
port: ${PORT:-8080}
host: ${HOST:-localhost}
https:
port: ${PORT:-8080}
host: ${HOST:-localhost}
apiEndpoints:
....
Anyway Heroku keeps giving this error:
[EG:gateway] gateway http server listening on :::8080
State changed from starting to crashed
Error R10 (Boot timeout) -> Web process failed to bind to $PORT within 60 seconds of launch
I have used the notation ${ENV_VAR_NAME:-DEFAULT} according to official documentation. Why Heroku tries to bind the 8080?
====== UPDATE
Just an out-of-topic tip, for who is going to use Heroku, here's how I get the redis url from the env vars.
var redis_Url = process.env.REDIS_URL;
var groups = /^redis:\/\/(.*?)\:(.+?)\#(.+?)\:(.+)$/gi.exec(redis_Url);
var nm = groups[1];
var pasw = groups[2];
var host = groups[3];
var port = groups[4];
process.env.REDIS_NM = nm;
process.env.REDIS_PASW = pasw;
process.env.REDIS_HOST = host;
process.env.REDIS_PORT = port;
console.log('redis url --> '+process.env.REDIS_URL);
console.log('nm --> '+process.env.REDIS_NM);
console.log('pasw --> '+process.env.REDIS_PASW);
console.log('host --> '+process.env.REDIS_HOST);
console.log('port --> '+process.env.REDIS_PORT);
You should not make listen both the http and the https server on the same port, otherwise it's going to fail.
Heroku provides its own router handling the SSL termination for you, so you can just remove the whole https section.
When deploying a Redis job in Nomad (0.6), I do not manage to have it healthy in Consul.
I start Consul in a container and make the port 8500 available on localhost.
$ docker container run --name consul -d -p 8500:8500 consul
When I run nomad, it connects correctly to Consul as we can see in the logs.
$ nomad agent -dev
No configuration files loaded
==> Starting Nomad agent...
==> Nomad agent configuration:
Client: true
Log Level: DEBUG
Region: global (DC: dc1)
Server: true
Version: 0.6.0
==> Nomad agent started! Log data will stream in below:
...
2017/08/18 15:45:28.373766 [DEBUG] client.consul: bootstrap contacting following Consul DCs: ["dc1"]
2017/08/18 15:45:28.377703 [INFO] client.consul: discovered following Servers: 127.0.0.1:4647
2017/08/18 15:45:28.378851 [INFO] client: node registration complete
2017/08/18 15:45:28.378895 [DEBUG] client: periodically checking for node changes at duration 5s
2017/08/18 15:45:28.379232 [DEBUG] consul.sync: registered 1 services, 1 checks; deregistered 0 services, 0 checks
...
I then run a redis job with the following configuration file
job "nomad-redis" {
datacenters = ["dc1"]
type = "service"
group "cache" {
task "redis" {
driver = "docker"
config {
image = "redis:3.2"
port_map {
db = 6379
}
}
resources {
cpu = 500 # 500 MHz
memory = 256 # 256MB
network {
mbits = 10
port "db" {}
}
}
service {
name = "redis"
port = "db"
check {
name = "alive"
type = "tcp"
interval = "10s"
timeout = "2s"
}
}
}
}
}
Redis service is added into consul but it appears as critical. Seems the healthcheck cannot be done. From what I understand, checks are done within the task. Is there something I'm missing ?
Running Consul on localhost or in a container attached to the host network (--net=host) fixed the thing.