Day 1: Deploying Your First Datacenter

Introduction

This track along with the next track, Day 1: Security and Networking Operations, are designed to help you deploy and secure your first datacenter. If you are deploying your first production ready datacenter, we recommend running through both tracks sequentially as one "path". They will help you successfully set up and maintain a healthy datacenter, and will cover the following topics:

  • Infrastructure recommendations
  • Setting up a datacenter
  • Backing up the state of the datacenter
  • Securing the datacenter
  • Configuring Networking
  • Multiple datacenter configuration

Below you will find all of the guides that make up this learning path separated into their two tracks Datacenter Deploy and Security & Networking. If you have already deployed a production datacenter, you can skip ahead to any guide for reference as needed. Each guide has a description along with its objective to help you decide.

Datacenter Deploy

Reference Architecture

By the end of this guide, you will be ready to create a architecture diagram for your environment. You will be able to identify which ports should be open, select hardware sizes that meet your needs, and understand how to implement datacenter design best practices.

Reference Architecture

Deployment Guide

By the end of the guide, you will install and configure a single Consul datacenter. You will use the examples to create your own custom configuration files for both servers and clients. The custom configuration files will help you join agents, optimize Raft performance, enable the collection of metrics, and configure the web UI. Finally, the guide will detail how to configure Systemd.

Deployment Guide

Consul as a Windows Service

By the end of this guide, you will be able to deploy Consul as a service on Windows.

Windows

Datacenter Backups

By the end of this guide, you will have a backup process outlined. You will also be able to list the server data that is saved. Finally, you will understand the process for restoring from a backup.

Datacenter Backups

Security and Networking

Gossip Encryption

By the end of this guide, you will be able to configure gossip encryption on a your cluster. Gossip communication between all agents in the cluster can be secured with a symmetric key.

Gossip Encryption

Securing Agent Communication with TLS Encryption

By the end of the this guide, you will know how to generate certificates for your cluster. This guide will cover how to create a Certificate Authority(CA), and how to generate server certificates and client certificates. Encrypting both incoming and outgoing communication is crucial for securing the cluster.

Securing Agent Communication with TLS Encryption

Securing Consul with ACLs

By the end of this guide, you will have ACLs configured on the Consul agents, servers and clients. For each step, you will be able to recognize if the process is not properly executed. Optionally, you can also configure the anonyomous token and token for the UI.

Securing Consul with ACLs

Managing ACL Policies

By the end of this guide, you will be able to discover the minimum privileges required for any datacenter operation.

Managing ACL Policies

DNS Caching

By the end of this guide, you will be able to update the parameters for tuning stale reads, negative response caching, and TTL in the agent's configuration file.

DNS Caching

Forwarding DNS

By the end of this guide, you will be able to setup DNS forwarding from BIND, dnsmasq, Unbound, systemd-resolved, iptables, or macOS. You will also be able to test and troubleshoot the DNS service after the initial setup.

Forwarding DNS

Multiple Datacenters: Basic Federation with WAN Gossip

By the end of this guide, you will connect two datacenters using WAN gossip. This guide includes two methods for connecting the Consul servers, on the command line or in the agent's configuration file.

Multiple Datacenters

Get Started

We are including a production readiness checklist in the appendix that can be used for deploying Consul. Note, this checklist is not an exhaustive list and you may need to add additional items depending on your environment.

Now that we have reviewed the guides in the Day 1 learning path and have a production readiness checklist, get started by either hitting the next button at the bottom of the page or select the guide that you are interested in.

If you encounter any technical difficulties while working through the guides or have any feedback please send an email to the Consul mailing list.