Marathon to Consul bridge for metadata discovery.
marathon-consul
takes information provided by the Marathon event bus and
forwards it to Consul's KV tree.
Table of Contents
This project has similar goals (to enable metadata usage in templates.) However,
haproxy-marathon-bridge
uses cron instead of the event bus, so it only updates
once per minute. It is also limited to haproxy, where marathon-consul
in
conjunction with consul-template
can update anything you can write a configuration file for.
docker build -t marathon-consul .
marathon-consul can be run in a Docker container via Marathon. If your Marathon
service is registered in consul, you can use .service.consul
to find them,
otherwise change the vaules for your environment:
curl -X POST -d @marathon-consul.json -H "Content-Type: application/json" http://marathon.service.consul:8080/v2/apps'
Where marathon-consul.json
is similar to (replacing the image with your image):
{
"id": "marathon-consul",
"args": ["--registry=https://consul.service.consul:8500"],
"container": {
"type": "DOCKER",
"docker": {
"image": "{{ marathon_consul_image }}:{{ marathon_consul_image_tag }}",
"network": "BRIDGE",
"portMappings": [{"containerPort": 4000, "hostPort": 4000, "protocol": "tcp"}]
}
},
"constraints": [["hostname", "UNIQUE"]],
"ports": [4000],
"healthChecks": [{
"protocol": "HTTP",
"path": "/health",
"portIndex": 0
}],
"instances": 1,
"cpus": 0.1,
"mem": 128
}
You can also add options to authenticate against Consul.
The Marathon event bus should point to `/events``. You can set up the event subscription with a call similar to this one:
curl -X POST 'http://marathon.service.consul:8080/v2/eventSubscriptions?callbackUrl=http://marathon-consul.service.consul:4000/events'
Argument | Default | Description |
---|---|---|
listen |
:4000 | accept connections at this address |
registry |
http://localhost:8500 | root location of the Consul registry |
registry-auth |
None | basic auth for the Consul registry |
registry-datacenter |
None | datacenter to use in writes |
registry-token |
None | Consul registry ACL token |
registry-noverify |
False | don't verify registry SSL certificates |
registry-prefix |
marathon |
prefix for all values sent to the registry |
verbose |
False | enable verbose logging |
If you're running Consul behind an SSL proxy like Nginx, you're probably going
to want to add the CA for your certificate to the trusted store in the container
so you can avoid using --registry-noverify
. For that purpose, any certificates
added in a volume at /usr/local/share/ca-certificates/
will be added to the
root certificates in the container on boot.
Endpoint | Description |
---|---|
/health |
healthcheck - returns OK |
/events |
event sink - returns OK if all keys are set in an event, error message otherwise |
The entire app configuration is forwarded to Consul as a JSON blob. It might looks something like this (example from the Marathon documentation):
{
"id": "/product/service/my-app",
"cmd": "env && sleep 300",
"args": ["/bin/sh", "-c", "env && sleep 300"],
"container": {
"type": "DOCKER",
"docker": {
"image": "group/image",
"network": "BRIDGE",
"portMappings": [
{
"containerPort": 8080,
"hostPort": 0,
"servicePort": 9000,
"protocol": "tcp"
},
{
"containerPort": 161,
"hostPort": 0,
"protocol": "udp"
}
],
"privileged": false,
"parameters": [
{ "key": "a-docker-option", "value": "xxx" },
{ "key": "b-docker-option", "value": "yyy" }
]
},
"volumes": [
{
"containerPath": "/etc/a",
"hostPath": "/var/data/a",
"mode": "RO"
},
{
"containerPath": "/etc/b",
"hostPath": "/var/data/b",
"mode": "RW"
}
]
},
"cpus": 1.5,
"mem": 256.0,
"env": {
"LD_LIBRARY_PATH": "/usr/local/lib/myLib"
},
"executor": "",
"constraints": [
["attribute", "OPERATOR", "value"]
],
"labels": {
"environment": "staging"
},
"healthChecks": [
{
"protocol": "HTTP",
"path": "/health",
"gracePeriodSeconds": 3,
"intervalSeconds": 10,
"portIndex": 0,
"timeoutSeconds": 10,
"maxConsecutiveFailures": 3
},
{
"protocol": "TCP",
"gracePeriodSeconds": 3,
"intervalSeconds": 5,
"portIndex": 1,
"timeoutSeconds": 5,
"maxConsecutiveFailures": 3
},
{
"protocol": "COMMAND",
"command": { "value": "curl -f -X GET http://$HOST:$PORT0/health" },
"maxConsecutiveFailures": 3
}
],
"instances": 3,
"ports": [
8080,
9000
],
"backoffSeconds": 1,
"backoffFactor": 1.15,
"uris": [
"https://raw.github.com/mesosphere/marathon/master/README.md"
],
"dependencies": ["/product/db/mongo", "/product/db", "../../db"],
"upgradeStrategy": {
"minimumHealthCapacity": 0.5,
"maximumOverCapacity": 0.2
},
"version": "2014-03-01T23:29:30.158Z"
}
marathon-consul is released under the Apache 2.0 license (see LICENSE)