Deploy Nomad and Consul Using Ansible on GCP

Introduction

In my previous article, we talked about the advantages of using container technologies. And the most famous container orchestration tools should be Kubernetes (k8s). But k8s is not easy to maintain and it is quite complicated. The next question you may ask, is there any simplified container orchestration? Yes, Nomad. If you did not hear about Nomad, you may probably heard about Terraform, in fact they are under the same company called HashiCorp.

Nomad

According to the official guide, Nomad is “A simple and flexible workload orchestrator to deploy and manage containers and non-containerized applications across on-prem and clouds at scale.” As a matter of fact, when we talk about k8s, we normally depend on the k8s clusters provided by cloud provider, no one wants to maintain the cluster by themselves. But for Nomad, we can even just need 1 instance only.

Consul

Another tool I would like to introduce is Consul. According to the official guide, “Consul automates networking for simple and secure application delivery.” Consul is good for secure connection between services, and the UI is quite awesome (I think).

What we will do

I am not a theory guy, let’s talk about what we do in this tutorial. I will make use of the official tutorial to build dashboard counter. However, the tutorial is just teaching how you apply the “job” but not teaching you how to setup the whole Nomad and Consul. So I will demonstrate how to use ansible to setup our Nomad testing environment. In this tutorial, we use Google Cloud instance but in fact it doesn’t matter, you can even deploy to on-premises server. The final result should look like below.

Nomad UI
Consul UI
Consul UI — service connection
Application

Prerequisite

  1. A Linux server, prefer ubuntu 20 or above
  2. Open firewall port for TCP port 22, 4646, 8500 and 9002
  3. Ansible installed, knowledge in ansible
  4. Know your server IP

In addition, you could also store your public key in server directly when you create an instance.

After the creation, your server ip is shown here:

Implementation

First of all, please git clone or fork my prepared files:

git clone https://github.com/manbobo2002/nomad-consul.git

Our main playbook is very classic, we just need to update our server, install docker, consul and nomad.

If you don’t want to have a great change, the only thing you must change is just the server IP you want to locate, and the ansible_user name as well.

If you want to make it more “real”, I also prepare a template for you to input your secrets. And in fact you could turn on the ACL token for Nomad, that means only people who own the token can access Nomad UI. But for this tutorial I turn it off.

For consul_encrypt, you can generate a base64-encoded 32-byte random key using openssl instead of my provided key.

openssl rand -base64 32

In case you want to protect your secrets or variables with a key, in Ansible you could use below command:

$ ansible-vault encrypt_string abcde12345
New Vault password:
Confirm New Vault password:
!vault |
$ANSIBLE_VAULT;1.1;AES256
61353436323833663439343065653938303832646463333535383631366363643863393337353734
6236303764336365363964616337343365363431323437320a303463356634346565313837313337
35653336376338613435326535353461353764353464363630626363633661376166376564633164
3662386130623735360a353666623162663766376639323063313361313330396235363139616432
3666
Encryption successful

The Vault password should be the key you provide.

Now it is time to apply it, just run below command, may be run it 2 times because the first time may not be successful as Nomad and Consul need to restart.

ansible-playbook -i production nomad-test.yml --diff

If you encrypt your variables, then you need to use below command and provide your own key instead:

ansible-playbook -i production nomad-test.yml --ask-vault-pass --diff
Vault password:

The last task of Nomad is to run our job :

- name: apply nomad jobs
command: /usr/local/bin/nomad job run --detach countdash.nomad
become: yesargs:chdir: /opt/nomad
ignore_errors: True

The example job is nothing but just a front end and back end docker container. The front end expose port 9002 and connect to backend port 9001.

Then browse your Nomad and Consul by:

Nomad:
http://<server-ip>:4646
Consul:
http://<server-ip>:8500

And we can now access our wonderful Nomad and Consul dashboard.

And test our application on http://<server-ip>:9002

Conclusion

In this article, we demonstrate how to manage our container using Nomad and Consul. Nomad is an alternative tools to Kubernetes and make container management much more simplified while Consul is a tool for service mesh.

Leave a Reply