HashiCorp’s Consul

HashiCorp is a Software firm who are now very familiar to the IT world.
Thanks to Terraform!

What is Consul?
Consul is a Service discovery and KV store developed by this company. It’s high availability architecture, security and the simple GUI makes it a point to look at this product.

How does this work?
Consul consists of two types of agents, client and server. Client consul agents are installed on the servers where we want to monitor the services on that server using consul service discovery feature. Server consul agents are the actual consul boxes.
Let’s see a sample architecture and get into the details –

The above architecture is from HashiCorp’s website.

Service Discovery –
As you see in the above architecture that the vault servers we have consists of consul clients installed on them. These consul clients sends the status of the services on the vault servers to the consul servers. From the consul server UI you can view the service status of those vault servers.
Key Value Storage –
Whenever you store any KV pair in the vault server, you are using consul backend to store the data. The consul clients sends the KV pair to the consul server and later, the consul server stores the data in encrypted format. When you try to read the KV pair on the consul server, you can see that the data is in encrypted format. To view the data in decrypted format you should be using vault server.

Consul Server working model –
These servers follow ‘leader and follower’ working model. The above architecture has a fault tolerance of ‘1’. What does this even mean? So, if one of the consul server fails among the 3 servers the other 2 servers are able to function normally without any glitches. As soon as the third one comes online it is able to automatically join the consul cluster.
When you spin up 3 consul servers in the consul cluster, consul automatically elects one of them as the leader or the active server and the other 2 are followers or read replicas. There is no need to configure a load balancer as this is taken care by consul itself. Sounds simple right?!.

Why Consul?

  • Consul’s architecture is highly available.
  • Fault tolerant.
  • Data is encrypted.
  • Simple open source product with an open source UI.
  • HashiCorp provides support for enterprise versions.
  • Easy to use.
  • Most importantly, we can act quickly when data is compromised with consul and secure the data.