hashicorp · brikis98 · Jul 22, 2019 · Jun 23, 2019 · brikis98 · Jun 26, 2019
@@ -44,7 +44,7 @@ To deploy Consul clients for production using this repo:
 1. Use the [install-consul module](https://github.com/hashicorp/terraform-aws-consul/tree/master/modules/install-consul) to install Consul alongside your application code.
 1. Before booting your app, execute the [run-consul script](https://github.com/hashicorp/terraform-aws-consul/tree/master/modules/run-consul) with `--client` flag.
 1. Your app can now use the local Consul agent for service discovery and key/value storage.
-1. Optionally, you can use the [install-dnsmasq module](https://github.com/hashicorp/terraform-aws-consul/tree/master/modules/install-dnsmasq) to configure Consul as the DNS for a
+1. Optionally, you can use the [install-dnsmasq module](https://github.com/hashicorp/terraform-aws-consul/tree/master/modules/install-dnsmasq) for Ubuntu 16.04 and Amazon Linux 2 or [setup-systemd-resolved](https://github.com/hashicorp/terraform-aws-consul/tree/master/modules/setup-systemd-resolved) for Ubuntu 18.04 to configure Consul as the DNS for a
    specific domain (e.g. `.consul`) so that URLs such as `foo.service.consul` resolve automatically to the IP 
    address(es) for a service `foo` registered in Consul (all other domain names will be continue to resolve using the
    default resolver on the OS).
@@ -94,7 +94,11 @@ Gruntwork can help with:
   to create the cluster.
 
 * [install-dnsmasq module](https://github.com/hashicorp/terraform-aws-consul/tree/master/modules/install-dnsmasq): Install [Dnsmasq](http://www.thekelleys.org.uk/dnsmasq/doc.html)
-  and configure it to forward requests for a specific domain to Consul. This allows you to use Consul as a DNS server
+  for Ubuntu 16.04 and Amazon Linux 2 and configure it to forward requests for a specific domain to Consul. This allows you to use Consul as a DNS server
+  for URLs such as `foo.service.consul`.
+
+* [setup-systemd-resolved module](https://github.com/hashicorp/terraform-aws-consul/tree/master/modules/setup-systemd-resolved): Setup [systemd-resolved](https://www.freedesktop.org/software/systemd/man/resolved.conf.html)
+  for ubuntu 18.04 and configure it to forward requests for a specific domain to Consul. This allows you to use Consul as a DNS server
   for URLs such as `foo.service.consul`.
 
 * [consul-iam-policies](https://github.com/hashicorp/terraform-aws-consul/tree/master/modules/consul-iam-policies): Defines the IAM policies necessary for a Consul cluster. 

@@ -1,11 +1,12 @@
 # Consul AMI
 
 This folder shows an example of how to use the [install-consul](https://github.com/hashicorp/terraform-aws-consul/tree/master/modules/install-consul) and 
-[install-dnsmasq](https://github.com/hashicorp/terraform-aws-consul/tree/master/modules/install-dnsmasq) modules with [Packer](https://www.packer.io/) to create [Amazon Machine 
+either [install-dnsmasq](https://github.com/hashicorp/terraform-aws-consul/tree/master/modules/install-dnsmasq) for Ubuntu 16.04 and Amazon Linux 2 or [setup-systemd-resolved](https://github.com/hashicorp/terraform-aws-consul/tree/master/modules/setup-systemd-resolved) for Ubuntu 18.04 modules with [Packer](https://www.packer.io/) to create [Amazon Machine 
 Images (AMIs)](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIs.html) that have Consul and Dnsmasq installed on 
 top of:
 
 1. Ubuntu 16.04
+1. Ubuntu 18.04
 1. Amazon Linux 2
 
 These AMIs will have [Consul](https://www.consul.io/) installed and configured to automatically join a cluster during 
@@ -15,7 +16,7 @@ services](https://www.consul.io/intro/getting-started/services.html) for instruc
 in Consul). To see how to deploy this AMI, check out the [consul-cluster example](https://github.com/hashicorp/terraform-aws-consul/tree/master/examples/root-example). 
 
 For more info on Consul installation and configuration, check out the 
-[install-consul](https://github.com/hashicorp/terraform-aws-consul/tree/master/modules/install-consul) and [install-dnsmasq](https://github.com/hashicorp/terraform-aws-consul/tree/master/modules/install-dnsmasq) documentation.
+[install-consul](https://github.com/hashicorp/terraform-aws-consul/tree/master/modules/install-consul) and [install-dnsmasq](https://github.com/hashicorp/terraform-aws-consul/tree/master/modules/install-dnsmasq) for Ubuntu 16.04 and Amazon Linux 2 or [setup-systemd-resolved](https://github.com/hashicorp/terraform-aws-consul/tree/master/modules/setup-systemd-resolved) for Ubuntu 18.04 documentation.
 
 ## Dependencies
 1.  AWSCLI must be installed on the base AMI in order for run-consul to run
@@ -57,10 +58,23 @@ provisioner. Instead of:
   },{
     "type": "shell",
     "inline": [
-      "/tmp/terraform-aws-consul/modules/install-consul/install-consul --version {{user `consul_version`}}",
+      "/tmp/terraform-aws-consul/modules/install-consul/install-consul --version {{user `consul_version`}}"
+    ],
+    "pause_before": "30s"
+  },{
+    "type": "shell",
+    "only": ["ubuntu16-ami", "amazon-linux-2-ami"],
+    "inline": [
       "/tmp/terraform-aws-consul/modules/install-dnsmasq/install-dnsmasq"
     ],
     "pause_before": "30s"
+  },{
+    "type": "shell",
+    "only": ["ubuntu18-ami"],
+    "inline": [
+      "/tmp/terraform-aws-consul/modules/setup-systemd-resolved/setup-systemd-resolved"
+    ],
+    "pause_before": "30s"
   }]
 }
 ```
@@ -73,10 +87,23 @@ Your code should look more like this:
     "type": "shell",
     "inline": [
       "git clone --branch <MODULE_VERSION> https://github.com/hashicorp/terraform-aws-consul.git /tmp/terraform-aws-consul",
-      "/tmp/terraform-aws-consul/modules/install-consul/install-consul --version {{user `consul_version`}}",
+      "/tmp/terraform-aws-consul/modules/install-consul/install-consul --version {{user `consul_version`}}"
+    ],
+    "pause_before": "30s"
+  },{
+    "type": "shell",
+    "only": ["ubuntu16-ami", "amazon-linux-2-ami"],
+    "inline": [
       "/tmp/terraform-aws-consul/modules/install-dnsmasq/install-dnsmasq"
     ],
     "pause_before": "30s"
+  },{
+    "type": "shell",
+    "only": ["ubuntu18-ami"],
+    "inline": [
+      "/tmp/terraform-aws-consul/modules/setup-systemd-resolved/setup-systemd-resolved"
+    ],
+    "pause_before": "30s"
   }]
 }
 ```

@@ -2,7 +2,7 @@
   "min_packer_version": "0.12.0",
   "variables": {
     "aws_region": "us-east-1",
-    "consul_version": "1.2.2",
+    "consul_version": "1.5.1",
     "download_url": "{{env `CONSUL_DOWNLOAD_URL`}}"
   },
   "builders": [{
@@ -24,6 +24,26 @@
       "most_recent": true
     },
     "ssh_username": "ubuntu"
+  },{
+    "name": "ubuntu18-ami",
+    "ami_name": "consul-ubuntu-{{isotime | clean_ami_name}}-{{uuid}}",
+    "ami_description": "An Ubuntu 18.04 AMI that has Consul installed.",
+    "instance_type": "t2.micro",
+    "region": "{{user `aws_region`}}",
+    "associate_public_ip_address": true,
+    "type": "amazon-ebs",
+    "source_ami_filter": {
+      "filters": {
+        "virtualization-type": "hvm",
+        "architecture": "x86_64",
+        "name": "ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-*",
+        "block-device-mapping.volume-type": "gp2",
+        "root-device-type": "ebs"
+      },
+      "owners": ["099720109477"],
+      "most_recent": true
+    },
+    "ssh_username": "ubuntu"
   },{
     "name": "amazon-linux-2-ami",
     "ami_name": "consul-amazon-linux-2-{{isotime | clean_ami_name}}-{{uuid}}",
@@ -63,5 +83,19 @@
       "/tmp/terraform-aws-consul/modules/install-dnsmasq/install-dnsmasq"
     ],
     "pause_before": "30s"
+  },{
+    "type": "shell",
+    "only": ["ubuntu16-ami", "amazon-linux-2-ami"],
+    "inline": [
+      "/tmp/terraform-aws-consul/modules/install-dnsmasq/install-dnsmasq"
+    ],
+    "pause_before": "30s"
+  },{
+    "type": "shell",
+    "only": ["ubuntu18-ami"],
+    "inline": [
+      "/tmp/terraform-aws-consul/modules/setup-systemd-resolved/setup-systemd-resolved"
+    ],
+    "pause_before": "30s"
   }]
 }
@@ -26,6 +26,25 @@
       "most_recent": true
     },
     "ssh_username": "ubuntu"
+  },{
+    "name": "ubuntu18-ami",
+    "ami_name": "consul-with-encryption-ubuntu-18.04-{{isotime | clean_ami_name}}-{{uuid}}",
+    "ami_description": "An Ubuntu 16.04 AMI that has Consul installed and TLS certificates.",
+    "instance_type": "t2.micro",
+    "region": "{{user `aws_region`}}",
+    "type": "amazon-ebs",
+    "source_ami_filter": {
+      "filters": {
+        "virtualization-type": "hvm",
+        "architecture": "x86_64",
+        "name": "ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-*",
+        "block-device-mapping.volume-type": "gp2",
+        "root-device-type": "ebs"
+      },
+      "owners": ["099720109477"],
+      "most_recent": true
+    },
+    "ssh_username": "ubuntu"
   },{
     "ami_name": "consul-with-encryption-amazon-linux-2-{{isotime | clean_ami_name}}-{{uuid}}",
     "ami_description": "An Amazon Linux 2 AMI that has Consul installed and TLS certificates.",
@@ -65,9 +84,22 @@
   },{
     "type": "shell",
     "inline": [
-      "/tmp/terraform-aws-consul/modules/install-consul/install-consul --version {{user `consul_version`}} --ca-file-path /tmp/ca.crt.pem --cert-file-path /tmp/consul.crt.pem --key-file-path /tmp/consul.key.pem",
+      "/tmp/terraform-aws-consul/modules/install-consul/install-consul --version {{user `consul_version`}} --ca-file-path /tmp/ca.crt.pem --cert-file-path /tmp/consul.crt.pem --key-file-path /tmp/consul.key.pem"
+    ],
+    "pause_before": "30s"
+  },{
+    "type": "shell",
+    "only": ["ubuntu16-ami", "amazon-linux-2-ami"],
+    "inline": [
       "/tmp/terraform-aws-consul/modules/install-dnsmasq/install-dnsmasq"
     ],
     "pause_before": "30s"
+  },{
+    "type": "shell",
+    "only": ["ubuntu18-ami"],
+    "inline": [
+      "/tmp/terraform-aws-consul/modules/setup-systemd-resolved/setup-systemd-resolved"
+    ],
+    "pause_before": "30s"
   }]
 }
@@ -8,6 +8,7 @@ This folder contains a script for installing Consul and its dependencies. Use th
 This script has been tested on the following operating systems:
 
 * Ubuntu 16.04
+* Ubuntu 18.04
 * Amazon Linux 2
 
 There is a good chance it will work on other flavors of Debian, CentOS, and RHEL as well.

@@ -3,6 +3,7 @@
 # operating systems:
 #
 # 1. Ubuntu 16.04
+# 1. Ubuntu 18.04
 # 1. Amazon Linux 2
 
 set -e

@@ -5,7 +5,8 @@ it to forward requests for a specific domain to Consul. This way, you can easily
 domain names such as `foo.service.consul`, where `foo` is a service registered with Consul (see the [Registering 
 Services docs](https://www.consul.io/intro/getting-started/services.html) for instructions on registering your services
 with Consul). All other domain names will continue to be resolved via the default resolver on your OS. See the [Consul 
-DNS Forwarding Guide](https://www.consul.io/docs/guides/forwarding.html) for more info. 
+DNS Forwarding Guide](https://www.consul.io/docs/guides/forwarding.html) for more info, including trade-offs between using this module and [systemd-resolved](https://github.com/hashicorp/terraform-aws-consul/tree/master/modules/setup-systemd-resolved) for DNS forwarding.
+
 
 This script has been tested on the following operating systems:
 

@@ -4,6 +4,7 @@ This folder contains a script for configuring and running Consul on an [AWS](htt
 script has been tested on the following operating systems:
 
 * Ubuntu 16.04
+* Ubuntu 18.04
 * Amazon Linux 2
 
 There is a good chance it will work on other flavors of Debian, CentOS, and RHEL as well.

@@ -0,0 +1,64 @@
+# systemd-resolved Setup Script
+
+This folder contains a script for configuring [systemd-resolved](http://man7.org/linux/man-pages/man8/systemd-resolved.service.8.html) 
+to forward requests for a specific domain to Consul. This way, you can easily use Consul as your DNS server for
+domain names such as `foo.service.consul`, where `foo` is a service registered with Consul (see the [Registering 
+Services docs](https://www.consul.io/intro/getting-started/services.html) for instructions on registering your services
+with Consul). All other domain names will continue to be resolved via the default resolver on your OS. See the [Consul 
+DNS Forwarding Guide](https://www.consul.io/docs/guides/forwarding.html) and [Github Issue](https://github.com/hashicorp/consul/issues/4155) for more info.
+
+
+This script has been tested on the following operating systems:
+
+* Ubuntu 18.04
+
+## Quick start
+
+To setup systemd-resolved, use `git` to clone this repository at a specific tag (see the [releases page](../../../../releases) 
+for all available tags) and run the `setup-systemd-resolved` script:
+
+```
+git clone --branch <VERSION> https://github.com/hashicorp/terraform-aws-consul.git
+terraform-aws-consul/modules/setup-systemd-resolved/setup-systemd-resolved
+```
+
+Note: by default, the `setup-systemd-resolved` script assumes that a Consul agent is already running locally and connected to 
+a Consul cluster. After the install completes, restart `systemd-resolved` (e.g. `sudo systemctl restart systemd-resolved.service`) and queries 
+to the `.consul` domain will be resolved via Consul:
+
+```
+dig foo.service.consul
+```
+
+We recommend running the `setup-systemd-resolved` script as part of a [Packer](https://www.packer.io/) template to create an
+[Amazon Machine Image (AMI)](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIs.html) (see the 
+[consul-ami example](https://github.com/hashicorp/terraform-aws-consul/tree/master/examples/consul-ami) for sample code). 
+
+
+
+
+## Command line Arguments
+
+The `setup-systemd-resolved` script accepts the following arguments:
+
+* `consul-domain DOMAIN`: The domain name to point to Consul. Optional. Default: `consul`.
+* `consul-ip IP`: The IP address to use for Consul. Optional. Default: `127.0.0.1`. This assumes a Consul agent is 
+  running locally and connected to a Consul cluster.
+* `consul-dns-port PORT`: The port Consul uses for DNS requests. Optional. Default: `8600`.
+
+Example:
+
+```
+setup-systemd-resolved
+```
+
+
+
+
+## Troubleshooting
+
+Add the `+trace` argument to `dig` commands to more clearly see what's going on:
+
+```
+dig vault.service.consul +trace
+```