HashiCorp Learn
Infrastructure
  • TerraformTerraformLearn terraformDocs
  • PackerPackerLearn packerDocs
  • VagrantVagrantLearn vagrantDocs
Security
  • VaultVaultLearn vaultDocs
  • BoundaryBoundaryLearn boundaryDocs
Networking
  • ConsulConsulLearn consulDocs
Applications
  • NomadNomadLearn nomadDocs
  • WaypointWaypointLearn waypointDocs
  • HashiCorp Cloud Platform (HCP) LogoHashiCorp Cloud Platform (HCP)HashiCorp Cloud Platform (HCP)Docs
Type '/' to Search
Loading account...
  • Bookmarks
  • Manage Account
  • Overview
  • Datacenter deploy
  • Security and networking
  • Get Started
DocsForum
Back to consul
Datacenter DeploymentView Collection
    IntroductionConsul Reference ArchitectureDeployment GuideBackup Consul Data and StateProduction Readiness ChecklistNext Steps

Introduction

  • 8 min
  • Products Usedconsul
  • This tutorial also appears in: Datacenter Deploy.

This collection along with the next one, Day 1: Security and Network Operations, are designed to help you deploy and secure your first datacenter. If you are deploying your first production ready datacenter, we recommend running through both collections sequentially as one "path". They will help you successfully set up and maintain a healthy datacenter, and will cover the following topics:

  • Infrastructure recommendations
  • Setting up a datacenter
  • Backing up the state of the datacenter
  • Securing the datacenter
  • Configuring Networking
  • Multiple datacenter configuration

Below you will find all of the tutorials that make up this learning path separated into their two collections Day 1: Deploy Your First Datacenter and Day 1: Security and Network Operations. If you have already deployed a production datacenter, you can skip ahead to any tutorial for reference as needed.

»Datacenter deploy

»Reference architecture

Create an architecture diagram for your environment. You will be able to identify which ports should be open, select hardware sizes that meet your needs, and understand how to implement datacenter design best practices.

Reference Architecture

»Deployment guide

Install and configure a single Consul datacenter. You will use the examples to create your own custom configuration files for both servers and clients. The custom configuration files will help you join agents, optimize Raft performance, enable the collection of metrics, and configure the web UI. Finally, the tutorial will detail how to configure Systemd.

Deployment Guide

»Backup Consul data and state

Setup a backup process. You will also be able to list the server data that is saved. Finally, you will understand the process for restoring from a backup.

Datacenter Backups

»Security and networking

»Secure gossip communication with encryption

Configure gossip encryption on your Consul datacenter. Gossip communication between all agents in the datacenter can be secured with a symmetric key.

Gossip Encryption

»Secure agent communication with TLS encryption

Generate certificates for your datacenter to secure RPC and consensus communication. This tutorial will cover how to create a Certificate Authority(CA), and how to generate server certificates and client certificates. Encrypting both incoming and outgoing communication is crucial for securing the datacenter.

Securing Agent Communication with TLS Encryption

»Secure Consul with Access Control Lists (ACLs)

Configure ACLs on all the Consul agents, servers and clients. For each step, you will be able to recognize if the process is not properly executed. Optionally, you can also configure the anonymous token and token for the UI.

Securing Consul with ACLs

»Understand Access Control privileges

Discover the minimum privileges required for any datacenter operation.

Understand Access Control privileges

»DNS caching

Update the parameters for tuning stale reads, negative response caching, and TTL in the agent's configuration file.

DNS Caching

»Forward DNS

Setup DNS forwarding from BIND, dnsmasq, Unbound, systemd-resolved, iptables, or macOS. You will also be able to test and troubleshoot the DNS service after the initial setup.

Forwarding DNS

»Federate multiple datacenters using WAN gossip

By the end of this tutorial, you will connect two datacenters using WAN gossip. This tutorial includes two methods for connecting the Consul servers, on the command line or in the agent's configuration file.

Multiple Datacenters

»Get Started

Now that we have reviewed the tutorials in the Day 1 learning path, get started by either hitting the next button at the bottom of the page or select the tutorial that you are interested in.


NextConsul Reference Architecture
HashiCorp
  • System Status
  • Terms of Use
  • Security
  • Privacy
stdin: is not a tty