partial update to the nav, revisisions to the usage requirements page
This commit is contained in:
parent
5a6032f53e
commit
c30b6cbe53
|
@ -1,129 +0,0 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Requirements
|
||||
description: >-
|
||||
Consul-Terraform-Sync requires a Terraform Provider, a Terraform Module, and a running Consul cluster outside of the `consul-terraform-sync` daemon.
|
||||
---
|
||||
|
||||
# Prerequisites Needed to Run Consul-Terraform-Sync
|
||||
|
||||
The following components are required to run Consul-Terraform-Sync (CTS):
|
||||
|
||||
* A Terraform Provider
|
||||
* A Terraform Module
|
||||
* A Consul cluster running outside of the `consul-terraform-sync` daemon
|
||||
|
||||
Practitioners can add support for their network infrastructure through Terraform providers. Once network infrastructure support exists, practitioners can add network integrations in the form of Terraform modules.
|
||||
|
||||
The following guidance is for running CTS using the Terraform driver. The Terraform Cloud driver<EnterpriseAlert inline />has [additional prerequisites](/docs/nia/network-drivers/terraform-cloud#setting-up-terraform-cloud-driver).
|
||||
|
||||
## Run a Consul Cluster
|
||||
|
||||
Below are several steps towards a minimum Consul setup required for running CTS.
|
||||
|
||||
### Install Consul
|
||||
|
||||
CTS is a daemon that runs alongside Consul, similar to other Consul ecosystem tools like Consul Template. CTS is not included with the Consul binary and needs to be installed separately.
|
||||
|
||||
To install a local Consul agent, refer to the [Getting Started: Install Consul Tutorial](https://learn.hashicorp.com/tutorials/consul/get-started-install).
|
||||
|
||||
For information on compatible Consul versions, refer to the [Consul compatibility matrix](/docs/nia/compatibility#consul).
|
||||
|
||||
### Run an Agent
|
||||
|
||||
The Consul agent must be running in order to dynamically update network devices. To run the local Consul agent, you can run Consul in development mode which can be started with `consul agent -dev` for simplicity. For more details on running Consul agent, refer to the [Getting Started: Run the Consul Agent Tutorial](https://learn.hashicorp.com/tutorials/consul/get-started-agent?in=consul/getting-started).
|
||||
|
||||
When running a Consul agent with CTS in production, we suggest to keep a few considerations in mind. CTS uses [blocking queries](/api-docs/features/blocking) to monitor task dependencies, like changes to registered services. This results in multiple long running TCP connections between CTS and the agent to poll changes for each dependency. Monitoring a high number of services may quickly hit the default Consul agent connection limits.
|
||||
|
||||
There are 2 ways to fix this issue. The first and recommended fix is to use HTTP/2 (requires HTTPS) to communicate between Consul-Terraform-Sync and the Consul agent. When using HTTP/2 only a single connection is made and reused for all communications. See the [Consul Configuration section](/docs/nia/configuration#consul) for more. The other option is to configure [`limits.http_max_conns_per_client`](/docs/agent/config/config-files#http_max_conns_per_client) for the agent to a reasonable value proportional to the number of services monitored by Consul-Terraform-Sync.
|
||||
|
||||
### Register Services
|
||||
|
||||
CTS monitors Consul catalog for service changes which lead to downstream changes to your network devices. Without services, your CTS daemon will be operational but idle. You can register services with your Consul agent either by loading a service definition or by HTTP API request.
|
||||
|
||||
If you are running Consul in development mode, below is an example of registering a service by HTTP API request:
|
||||
|
||||
```shell-session
|
||||
$ echo '{
|
||||
"ID": "web",
|
||||
"Name": "web",
|
||||
"Address": "10.10.10.10",
|
||||
"Port": 8000
|
||||
}' > payload.json
|
||||
|
||||
$ curl --request PUT --data @payload.json http://localhost:8500/v1/agent/service/register
|
||||
```
|
||||
|
||||
The above example registers a service named "web" with your Consul agent. This represents a non-existent web service running at 10.10.10.10:8000. Your web service is now available for CTS to consume. You can have CTS monitor the web service to execute a task and update network device(s) by configuring "web" in [`condition "services"`](/docs/nia/configuration#services-condition) of a task block. If the web service has any non-default values, it can also be configured in `condition "services"`.
|
||||
|
||||
For more details on registering a service by HTTP API request, refer to the [register service API docs](/api-docs/agent/service#register-service).
|
||||
|
||||
For more details on registering a service by loading a service definition, refer to the [Getting Started: Register a Service with Consul Service Discovery Tutorial](https://learn.hashicorp.com/tutorials/consul/get-started-service-discovery?in=consul/getting-started).
|
||||
|
||||
### Run a Cluster
|
||||
|
||||
The previous steps of installing and running a single Consul agent then registering a single service is sufficient to meaningfully start running CTS.
|
||||
|
||||
If you would like to run a Consul cluster rather than a single agent, refer to [Getting Started: Create a Local Consul Datacenter](https://learn.hashicorp.com/tutorials/consul/get-started-create-datacenter?in=consul/getting-started). This will walk you through the steps of running multiple Consul agents and then joining them together into a cluster.
|
||||
|
||||
## Network Infrastructure (using a Terraform Provider)
|
||||
|
||||
CTS integrations for the Terraform driver utilizes Terraform providers as plugins to interface with specific network infrastructure platforms. The Terraform driver of CTS inherits the expansive collection of Terraform providers to integrate with, and with release of [Terraform 0.13](https://www.hashicorp.com/blog/announcing-hashicorp-terraform-0-13/), this extends to include providers written by the community too by using [provider source](https://www.hashicorp.com/blog/adding-provider-source-to-hashicorp-terraform/).
|
||||
|
||||
### Finding Terraform Providers
|
||||
|
||||
To find providers for the infrastructure platforms you use, browse the providers section of the [Terraform Registry](https://registry.terraform.io/browse/providers).
|
||||
|
||||
### How to Create a Provider
|
||||
|
||||
If there is no existing Terraform provider, a new Terraform provider can be [created](https://learn.hashicorp.com/tutorials/terraform/provider-setup) and [published](https://www.terraform.io/docs/registry/providers/publishing.html). The provider can then be used within a network integration task by authoring a compatible Terraform module.
|
||||
|
||||
## Network Integration (using a Terraform Module)
|
||||
|
||||
The Terraform module for a task in CTS is the core component of the integration. It declares which resources and how your infrastructure is dynamically updated. The module along with how it is configured within a task determines the condition under which your infrastructure is updated.
|
||||
|
||||
Working with a Terraform provider, you can write an integration task for CTS by [creating a Terraform module](/docs/nia/terraform-modules) that is compatible with the Terraform driver or use a module built by partners below.
|
||||
|
||||
Continue to the next page to [get started with configuring CTS and how to use Terraform providers and modules for tasks.](/docs/nia/installation/configure)
|
||||
|
||||
### Partner Terraform Modules
|
||||
|
||||
The modules listed below are available to use and are compatible with CTS.
|
||||
|
||||
#### A10 Networks
|
||||
|
||||
- Dynamic Load Balancing with Group Member Updates: [Terraform Registry](https://registry.terraform.io/modules/a10networks/service-group-sync-nia/thunder/latest) / [GitHub](https://github.com/a10networks/terraform-thunder-service-group-sync-nia)
|
||||
|
||||
#### Avi Networks
|
||||
|
||||
- Scale Up and Scale Down Pool and Pool Members (Servers): [GitHub](https://github.com/vmware/terraform-provider-avi/tree/20.1.5/modules/nia/pool)
|
||||
|
||||
#### AWS Application Load Balancer (ALB)
|
||||
|
||||
- Create Listener Rule and Target Group for an AWS ALB, Forward Traffic to Consul Ingress Gateway: [Terraform Registry](https://registry.terraform.io/modules/aws-quickstart/cts-alb_listener-nia/hashicorp/latest) / [GitHub](https://github.com/aws-quickstart/terraform-hashicorp-cts-alb_listener-nia)
|
||||
|
||||
#### Checkpoint
|
||||
|
||||
- Dynamic Firewalling with Address Object Updates: [Terraform Registry](https://registry.terraform.io/modules/CheckPointSW/dynobj-nia/checkpoint/latest) / [GitHub](https://github.com/CheckPointSW/terraform-checkpoint-dynobj-nia)
|
||||
|
||||
#### Cisco ACI
|
||||
|
||||
- Policy Based Redirection: [Terraform Registry](https://registry.terraform.io/modules/CiscoDevNet/autoscaling-nia/aci/latest) / [GitHub](https://github.com/CiscoDevNet/terraform-aci-autoscaling-nia)
|
||||
- Create and Update Cisco ACI Endpoint Security Groups: [Terraform Registry](https://registry.terraform.io/modules/CiscoDevNet/esg-nia/aci/latest) / [GitHub](https://github.com/CiscoDevNet/terraform-aci-esg-nia)
|
||||
|
||||
#### Citrix ADC
|
||||
|
||||
- Create, Update and Delete Service Groups in Citrix ADC: [Terraform Registry](https://registry.terraform.io/modules/citrix/servicegroup-consul-sync-nia/citrixadc/latest) / [GitHub](https://github.com/citrix/terraform-citrixadc-servicegroup-consul-sync-nia)
|
||||
|
||||
#### F5
|
||||
|
||||
- Dynamic Load Balancing with Pool Member Updates: [Terraform Registry](https://registry.terraform.io/modules/f5devcentral/app-consul-sync-nia/bigip/latest) / [GitHub](https://github.com/f5devcentral/terraform-bigip-app-consul-sync-nia)
|
||||
|
||||
#### NS1
|
||||
|
||||
- Create, Delete and Update DNS Records and Zones: [Terraform Registry](https://registry.terraform.io/modules/ns1-terraform/record-sync-nia/ns1/latest) / [GitHub](https://github.com/ns1-terraform/terraform-ns1-record-sync-nia)
|
||||
|
||||
#### Palo Alto Networks
|
||||
|
||||
- Dynamic Address Group (DAG) Tags: [Terraform Registry](https://registry.terraform.io/modules/PaloAltoNetworks/dag-nia/panos/latest) / [GitHub](https://github.com/PaloAltoNetworks/terraform-panos-dag-nia)
|
||||
- Address Group and Dynamic Address Group (DAG) Tags: [Terraform Registry](https://registry.terraform.io/modules/PaloAltoNetworks/ag-dag-nia/panos/latest) / [GitHub](https://github.com/PaloAltoNetworks/terraform-panos-ag-dag-nia)
|
134
website/content/docs/nia/usage/requirements.mdx
Normal file
134
website/content/docs/nia/usage/requirements.mdx
Normal file
|
@ -0,0 +1,134 @@
|
|||
---
|
||||
layout: docs
|
||||
page_title: Requirements
|
||||
description: >-
|
||||
Consul-Terraform-Sync requires a Terraform Provider, a Terraform Module, and a running Consul cluster outside of the `consul-terraform-sync` daemon.
|
||||
---
|
||||
|
||||
# Requirements
|
||||
|
||||
The following components are required to run Consul-Terraform-Sync (CTS):
|
||||
|
||||
* A Terraform Provider
|
||||
* A Terraform Module
|
||||
* A Consul cluster running outside of the `consul-terraform-sync` daemon
|
||||
|
||||
You can add support for your network infrastructure through Terraform providers so that you can apply Terraform modules to implement network integrations.
|
||||
|
||||
The following guidance is for running CTS using the Terraform driver. The Terraform Cloud driver<EnterpriseAlert inline />has [additional prerequisites](/docs/nia/network-drivers/terraform-cloud#setting-up-terraform-cloud-driver).
|
||||
|
||||
## Run a Consul cluster
|
||||
|
||||
Below are several steps towards a minimum Consul setup required for running CTS.
|
||||
|
||||
### Install Consul
|
||||
|
||||
CTS is a daemon that runs alongside Consul, similar to other Consul ecosystem tools like Consul Template. CTS is not included with the Consul binary and needs to be installed separately.
|
||||
|
||||
To install a local Consul agent, refer to the [Getting Started: Install Consul Tutorial](https://learn.hashicorp.com/tutorials/consul/get-started-install).
|
||||
|
||||
For information on compatible Consul versions, refer to the [Consul compatibility matrix](/docs/nia/compatibility#consul).
|
||||
|
||||
### Run an agent
|
||||
|
||||
The Consul agent must be running in order to dynamically update network devices. Refer to the [Consul agent documentation](/docs/agent/index) for information about configuring and starting a Consul agent. For hands-on instructions about running Consul agents, refer to the [Getting Started: Run the Consul Agent Tutorial](https://learn.hashicorp.com/tutorials/consul/get-started-agent?in=consul/getting-started).
|
||||
|
||||
When running a Consul agent with CTS in production, consider that CTS uses [blocking queries](/api-docs/features/blocking) to monitor task dependencies, such as changes to registered services. This results in multiple long-running TCP connections between CTS and the agent to poll changes for each dependency. Consul may quickly reach the agent connection limits if CTS is monitors a high number of services.
|
||||
|
||||
To avoid reaching the limit prematurely, we recommend using HTTP/2 (requires HTTPS) to communicate between CTS and the Consul agent. When using HTTP/2, CTS establishes a single connection and reuses it for all communication. Refer to the [Consul Configuration section](/docs/nia/configuration#consul) for details.
|
||||
|
||||
Alternatively, you can configure the [`limits.http_max_conns_per_client`](/docs/agent/config/config-files#http_max_conns_per_client) option to set a maximimum number of connections to meet your needs.
|
||||
|
||||
### Register services
|
||||
|
||||
CTS monitors the Consul catalog for service changes that lead to downstream changes to your network devices. Without services, your CTS daemon will be operational but idle. You can register services with your Consul agent by either loading a service definition or by sending an HTTP API request.
|
||||
|
||||
The following HTTP API request example registers a service named `web` with your Consul agent:
|
||||
|
||||
```shell-session
|
||||
$ echo '{
|
||||
"ID": "web",
|
||||
"Name": "web",
|
||||
"Address": "10.10.10.10",
|
||||
"Port": 8000
|
||||
}' > payload.json
|
||||
|
||||
$ curl --request PUT --data @payload.json http://localhost:8500/v1/agent/service/register
|
||||
```
|
||||
|
||||
The example represents a non-existent web service running at `10.10.10.10:8000` that is now available for CTS to consume.
|
||||
|
||||
You can configure CTS to monitor the web service, execute a task, and update network device(s) by configuring `web` in the [`condition "services"`](/docs/nia/configuration#services-condition) task block. If the web service has any non-default values, it can also be configured in `condition "services"`.
|
||||
|
||||
For more details on registering a service using the HTTP API endpoint, refer to the [register service API docs](/api-docs/agent/service#register-service).
|
||||
|
||||
For hands-on instructions on registering a service by loading a service definition, refer to the [Getting Started: Register a Service with Consul Service Discovery Tutorial](https://learn.hashicorp.com/tutorials/consul/get-started-service-discovery?in=consul/getting-started).
|
||||
|
||||
### Run a cluster
|
||||
|
||||
For production environments, we recommend operating a Consul cluster rather than a single agent. Refer to [Getting Started: Create a Local Consul Datacenter](https://learn.hashicorp.com/tutorials/consul/get-started-create-datacenter?in=consul/getting-started) for instructions on starting multiple Consul agents and joining them into a cluster.
|
||||
|
||||
## Network infrastructure (using a Terraform provider)
|
||||
|
||||
CTS integrations for the Terraform driver use Terraform providers as plugins to interface with specific network infrastructure platforms. The Terraform driver for CTS inherits the expansive collection of Terraform providers to integrate with. You can also specify a provider `source` in the [`required_providers` configuration](https://www.terraform.io/language/providers/requirements#requiring-providers) to use providers written by the community (requires Terraform 0.13 or later).
|
||||
|
||||
### Finding Terraform providers
|
||||
|
||||
To find providers for the infrastructure platforms you use, browse the providers section of the [Terraform Registry](https://registry.terraform.io/browse/providers).
|
||||
|
||||
### How to create a provider
|
||||
|
||||
If a Terraform provider does not exist for your environment, you can create a new Terraform provider and publish it to the registery so that you can use it within a network integration task or createa compatible Terraform module. Refer to the following Terraform tutorial and documentation for additional information on creating and publishing providers:
|
||||
|
||||
* [Setup and Implement Read](https://learn.hashicorp.com/tutorials/terraform/provider-setup)
|
||||
* [Publishing Providers](https://www.terraform.io/docs/registry/providers/publishing.html).
|
||||
|
||||
## Network integration (using a Terraform module)
|
||||
|
||||
The Terraform module for a task in CTS is the core component of the integration. It declares which resources and how your infrastructure is dynamically updated. The module, along with how it is configured within a task, determines the condition under which your infrastructure is updated.
|
||||
|
||||
Working with a Terraform provider, you can write an integration task for CTS by [creating a Terraform module](/docs/nia/terraform-modules) that is compatible with the Terraform driver or use a module built by partners below.
|
||||
|
||||
Refer to [Configuration](/docs/nia/installation/configure) for information about configuring CTS and how to use Terraform providers and modules for tasks.
|
||||
|
||||
### Partner Terraform Modules
|
||||
|
||||
The modules listed below are available to use and are compatible with CTS.
|
||||
|
||||
#### A10 Networks
|
||||
|
||||
- Dynamic Load Balancing with Group Member Updates: [Terraform Registry](https://registry.terraform.io/modules/a10networks/service-group-sync-nia/thunder/latest) / [GitHub](https://github.com/a10networks/terraform-thunder-service-group-sync-nia)
|
||||
|
||||
#### Avi Networks
|
||||
|
||||
- Scale Up and Scale Down Pool and Pool Members (Servers): [GitHub](https://github.com/vmware/terraform-provider-avi/tree/20.1.5/modules/nia/pool)
|
||||
|
||||
#### AWS Application Load Balancer (ALB)
|
||||
|
||||
- Create Listener Rule and Target Group for an AWS ALB, Forward Traffic to Consul Ingress Gateway: [Terraform Registry](https://registry.terraform.io/modules/aws-quickstart/cts-alb_listener-nia/hashicorp/latest) / [GitHub](https://github.com/aws-quickstart/terraform-hashicorp-cts-alb_listener-nia)
|
||||
|
||||
#### Checkpoint
|
||||
|
||||
- Dynamic Firewalling with Address Object Updates: [Terraform Registry](https://registry.terraform.io/modules/CheckPointSW/dynobj-nia/checkpoint/latest) / [GitHub](https://github.com/CheckPointSW/terraform-checkpoint-dynobj-nia)
|
||||
|
||||
#### Cisco ACI
|
||||
|
||||
- Policy Based Redirection: [Terraform Registry](https://registry.terraform.io/modules/CiscoDevNet/autoscaling-nia/aci/latest) / [GitHub](https://github.com/CiscoDevNet/terraform-aci-autoscaling-nia)
|
||||
- Create and Update Cisco ACI Endpoint Security Groups: [Terraform Registry](https://registry.terraform.io/modules/CiscoDevNet/esg-nia/aci/latest) / [GitHub](https://github.com/CiscoDevNet/terraform-aci-esg-nia)
|
||||
|
||||
#### Citrix ADC
|
||||
|
||||
- Create, Update and Delete Service Groups in Citrix ADC: [Terraform Registry](https://registry.terraform.io/modules/citrix/servicegroup-consul-sync-nia/citrixadc/latest) / [GitHub](https://github.com/citrix/terraform-citrixadc-servicegroup-consul-sync-nia)
|
||||
|
||||
#### F5
|
||||
|
||||
- Dynamic Load Balancing with Pool Member Updates: [Terraform Registry](https://registry.terraform.io/modules/f5devcentral/app-consul-sync-nia/bigip/latest) / [GitHub](https://github.com/f5devcentral/terraform-bigip-app-consul-sync-nia)
|
||||
|
||||
#### NS1
|
||||
|
||||
- Create, Delete and Update DNS Records and Zones: [Terraform Registry](https://registry.terraform.io/modules/ns1-terraform/record-sync-nia/ns1/latest) / [GitHub](https://github.com/ns1-terraform/terraform-ns1-record-sync-nia)
|
||||
|
||||
#### Palo Alto Networks
|
||||
|
||||
- Dynamic Address Group (DAG) Tags: [Terraform Registry](https://registry.terraform.io/modules/PaloAltoNetworks/dag-nia/panos/latest) / [GitHub](https://github.com/PaloAltoNetworks/terraform-panos-dag-nia)
|
||||
- Address Group and Dynamic Address Group (DAG) Tags: [Terraform Registry](https://registry.terraform.io/modules/PaloAltoNetworks/ag-dag-nia/panos/latest) / [GitHub](https://github.com/PaloAltoNetworks/terraform-panos-ag-dag-nia)
|
|
@ -755,16 +755,21 @@
|
|||
"path": "nia/installation/install"
|
||||
},
|
||||
{
|
||||
"title": "Requirements",
|
||||
"path": "nia/installation/requirements"
|
||||
"title": "Configuration",
|
||||
"path": "nia/installation/configure"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"title": "Configure",
|
||||
"path": "nia/installation/configure"
|
||||
"title": "Usage",
|
||||
"routes": [
|
||||
{
|
||||
"title": "Requirements",
|
||||
"path": "nia/usage/requirements"
|
||||
},
|
||||
{
|
||||
"title": "Run Consul-Terraform-Sync",
|
||||
"path": "nia/installation/run"
|
||||
"path": "nia/usage/run"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
|
Loading…
Reference in a new issue