open-nomad/website/source/docs/jobspec/servicediscovery.html.md
Bryant Luk 22e9711852 Verify Consul SSL by default
- Matches documentation default value and clarifies config
2015-11-28 19:58:09 -06:00

5.1 KiB

layout page_title sidebar_current description
docs Service Discovery in Nomad docs-jobspec-service-discovery Learn how to add service discovery to jobs

Service Discovery

Nomad schedules workloads of various types across a cluster of generic hosts. Because of this, placement is not known in advance and you will need to use service discovery to connect tasks to other services deployed across your cluster. Nomad integrates with Consul to provide service discovery and monitoring.

Note that in order to use Consul with Nomad, you will need to configure and install Consul on your nodes alongside Nomad, or schedule it as a system job. Nomad does not currently run Consul for you.

Configuration

  • consul.address: This is a Nomad client configuration which can be used to override the default Consul Agent HTTP port that Nomad uses to connect to Consul. The default for this is 127.0.0.1:8500.

  • consul.token: Token is used to provide a per-request ACL token.This options overrides the agent's default token

  • consul.auth: The auth information to use for http access to the Consul Agent.

  • consul.ssl: This boolean option sets the transport scheme to talk to the Consul Agent as https. This option is unset by default and so the default transport scheme for the consul api client is http.

  • consul.verifyssl: This option enables SSL verification when the transport scheme for the Consul API client is https. This is set to true by default.

Service Definition Syntax

The service blocks in a Task definition defines a service which Nomad will register with Consul. Multiple Service blocks are allowed in a Task definition, which allow registering multiple services for a task that exposes multiple ports.

Example

A brief example of a service definition in a Task

group "database" {
    task "mysql" {
        driver = "docker"
        service {
            tags = ["master", "mysql"]
            port = "db"
            check {
                type = "tcp"
                delay = "10s"
                timeout = "2s"
            }
        }
        resources {
            cpu = 500
            memory = 1024
            network {
                mbits = 10
                port "db" {
                }
            }
        }
    }
}
  • name: Nomad automatically determines the name of a Task. By default the name of a service is $(job-name)-$(task-group)-$(task-name). Users can explicitly name the service by specifying this option. If multiple services are defined for a Task then only one task can have the default name, all the services have to be explicitly named. Users can add the following to the service names: ${JOB}, ${TASKGROUP}, ${TASK}, ${BASE}. Nomad will replace them with the appropriate value of the Job, Task Group and Task names while registering the Job. ${BASE} expands to ${JOB}-${TASKGROUP}-${TASK}

  • tags: A list of tags associated with this Service.

  • port: The port indicates the port associated with the Service. Users are required to specify a valid port label here which they have defined in the resources block. This could be a label to either a dynamic or a static port. If an incorrect port label is specified, Nomad doesn't register the service with Consul.

  • check: A check block defines a health check associated with the service. Multiple check blocks are allowed for a service. Nomad currently supports only the http and tcp Consul Checks.

Check Syntax

  • type: This indicates the check types supported by Nomad. Valid options are currently http and tcp. In the future Nomad will add support for more Consul checks.

  • delay: This indicates the frequency of the health checks that Consul with perform.

  • timeout: This indicates how long Consul will wait for a health check query to succeed.

  • path: The path of the http endpoint which Consul will query to query the health of a service if the type of the check is http. Nomad will add the ip of the service and the port, users are only required to add the relative url of the health check endpoint.

  • protocol: This indicates the protocol for the http checks. Valid options are http and https. We default it to http

Assumptions

  • Consul 0.6 is needed for using the TCP checks.

  • The Service Discovery feature in Nomad depends on Operators making sure that the Nomad client can reach the consul agent.

  • Nomad assumes that it controls the life cycle of all the externally discoverable services running on a host.

  • Tasks running inside Nomad also needs to reach out to the Consul agent if they want to use any of the Consul APIs. Ex: A task running inside a docker container in the bridge mode won't be able to talk to a Consul Agent running on the loopback interface of the host since the container in the bridge mode has it's own network interface and doesn't see interfaces on the global network namespace of the host. There are a couple of ways to solve this, one way is to run the container in the host networking mode, or make the Consul agent listen on an interface on the network namespace of the container.