Consul Service Discovery for HAProxy (Integration Guide)

HAProxy with the HAProxy Data Plane API can integrate with Consul to enable service discovery for your load balancer configuration.

Many Ops team professionals rank HAProxy as their favorite load balancer because it adds high availability, security and observability not only to their public-facing websites, but to their internal services as well. At the same time, HashiCorp’s Consul is their go-to for service discovery because it allows them to maintain a reliable, centralized registry of where each service is within their network, making it easy for one service or web app to find another even as new service nodes are created or removed. When you combine HAProxy and Consul, you can automate parts of your load balancer configuration by querying Consul for the IP addresses of your internal services and filling them into HAProxy’s configuration in real time.

Yet, even though there have been ways to combine the two, there had not been a tailor-made integration specifically meant for it. Let’s consider the options that existed previously for integrating these tools.

There’s consul-template, which you can use to populate your HAProxy configuration from a template file, filling server addresses from Consul’s registry into the template’s variables. However, this method replaces the HAProxy configuration file on disk after each change and then reloads the load balancer process; not at all a bad way to go, but it seems more fitting for configuration files that change less often.

Another option is to run Consul as a DNS server and then have HAProxy make DNS queries to it to resolve server IP addresses at runtime. This method is more dynamic, but it also has its limitations: DNS records have a Time-to-Live, which can introduce a delay before an address change is picked up, and before HAProxy 2.4 you were limited on the size of a DNS response that HAProxy could accept due to the UDP protocol beneath. (Latest update: HAProxy 2.4 allows DNS resolution over TCP, greatly expanding the acceptable size of a DNS response.)

Now there’s a third way to integrate HAProxy with Consul that avoids these shortcomings. You can configure HAProxy to interact directly with the Consul API, giving it direct access to Consul’s service discovery information. In this blog post, you will learn how to set this up.

If you’d like to follow along with the example, clone the demo project from GitHub.

Install the Consul Servers

The first thing to do is install a Consul server. Consul agents that run in server mode become the centralized registry for service discovery information in your network. They answer queries from other Consul agents about where a particular service can be found. For example, if you ask them where the log service is running, they may return to you that it is running on three machines, with these IP addresses, on these ports. Meanwhile, services such as the log service register themselves with the Consul clients so that they can become discoverable.

Read the official Consul documentation to see how to install a Consul server. In the demo project, we install one onto a virtual machine and run it as a Systemd service. Consul reads its configuration file, /etc/consul.d/consul.hcl, at startup. In the demo, we use the following consul.hcl file to initialize the server:

datacenter = "dc1"
server = true
data_dir = "/var/lib/consul/"
bind_addr = "192.168.50.21"
client_addr = "192.168.50.21"
bootstrap = true
bootstrap_expect = 1
ui_config {
enabled = true
}
enable_syslog = true
log_level = "INFO"

In this case, the virtual machine has been given a static IP address of 192.168.50.21, so we set that for the bind_addr and client_addr fields. Other Consul agents will connect to that address when they join the cluster. Notice that we’ve also set the server field to true to indicate that this agent should run in server mode. We then start Consul with the following command (baked into the Systemd service in the demo project):

$ /usr/bin/consul agent -config-dir=/etc/consul.d/

Once it’s running, you can access Consul’s web UI at port 8500.

Install HAProxy & the HAProxy Data Plane API

On another virtual machine, install HAProxy and its RESTful API, the HAProxy Data Plane API. The Data Plane API has grown; so much so that simply calling it an API doesn’t quite capture the whole truth. Case in point, one of its newest features is the ability to act as a Consul API client and update the local HAProxy configuration using the service discovery information that it reads.

First, install HAProxy as a Systemd service. On Ubuntu, the installation looks like this:

$ sudo add-apt-repository -y ppa:vbernat/haproxy-2.4
$ sudo apt update
$ sudo DEBIAN_FRONTEND=noninteractive apt install -y haproxy

Next, install the HAProxy Data Plane API:

$ wget https://github.com/haproxytech/dataplaneapi/releases/download/v2.3.0/dataplaneapi_2.3.0_Linux_x86_64.tar.gz
$ tar -zxvf dataplaneapi_2.3.0_Linux_x86_64.tar.gz
$ sudo cp build/dataplaneapi /usr/local/bin/
$ sudo chmod +x /usr/local/bin/dataplaneapi

The latest version of the API requires a configuration file, dataplaneapi.yaml, at startup. Create that file at /etc/haproxy/dataplaneapi.yaml and add the following to it:

config_version: 2
name: haproxy1
dataplaneapi:
host: 192.168.50.20
port: 5555
user:
- name: dataplaneapi
password: mypassword
insecure: true

In the demo project, the HAProxy virtual machine has the static IP address 192.168.50.20, so we set that for the host field. We also set a username and password, which you will pass when accessing the API. Next, update HAProxy’s configuration file, /etc/haproxy/haproxy.cfg, and add a program section, which tells HAProxy to start the API when its own process starts up. To use this keyword, you must add master-worker to the global section or include the -W argument when starting HAProxy (the Systemd service already has this argument).

program api
command /usr/local/bin/dataplaneapi -f /etc/haproxy/dataplaneapi.yaml
no option start-on-reload

Then restart the HAProxy service.

$ sudo systemctl restart haproxy

You can then access the API at port 5555. For example, in the demo project, http://192.168.50.20:5555/v2/docs will show you the API’s documentation.

image1-(1)

Enable Consul Service Discovery

To enable HAProxy to use the Consul API, send a POST request to the HAProxy Data Plane API’s /v2/services_discovery/consul endpoint.

$ curl -u dataplaneapi:mypassword \
-H 'Content-Type: application/json' \
-d '{
"address": "192.168.50.21",
"port": 8500,
"enabled": true,
"retry_timeout": 10
}' http://192.168.50.20:5555/v2/service_discovery/consul

The body of the request is JSON with the following fields:

Field

Description

address

The Consul server’s IP address.

port

The Consul server’s HTTP API port (i.e. 8500).

enabled

Whether to enable this integration.

retry_timeout

Duration in seconds in-between requesting data from the Consul server.

After calling this endpoint, the HAProxy Data Plane API begins monitoring Consul’s service catalog. It will add server lines to your HAProxy configuration when new services register themselves with Consul. Let’s try it out in the next section.

Register a Service With Consul

In the demo project, we have a third virtual machine that runs a web server. We install Consul onto that machine too, although this one does not run in server mode. As before, install Consul and create the file /etc/consul.d/consul.hcl, but give it the following contents:

datacenter = "dc1"
server = false
data_dir = "/var/lib/consul/"
bind_addr = "192.168.50.22"
retry_join = ["192.168.50.21"]
enable_syslog = true
log_level = "INFO"

This VM has a static IP address of 192.168.50.22, which we use to set the bind_addr field. The retry_join field indicates the address of the Consul server, which the agent uses to join the Consul cluster. Once the local Consul agent is running, you can register the web server as a service on the network so that HAProxy can discover it. Add a new file named web.json and add the following contents, which indicate the port of our listening web server and a name to give it in the Consul registry:

{
"service": {
"name": "web",
"port": 80
}
}

Then call consul services register to add it to the registry:

$ consul services register ./web.json

Check the Consul web UI and you should see a new service named web.

image2-(2)

Go back to your HAProxy server and check the /etc/haproxy/haproxy.cfg file. You should see that the server has been added to a new backend section automatically. It looks like this:

backend consul-backend-192.168.50.21-8500-web
server SRV_V2u4y 192.168.50.22:80 check weight 128
server SRV_1NQXA 127.0.0.1:80 disabled weight 128
server SRV_DWcAP 127.0.0.1:80 disabled weight 128
server SRV_IIcqg 127.0.0.1:80 disabled weight 128

Most of the server lines are disabled, but the first one points to the server that you just added with Consul! When you register more instances of the same service, HAProxy will fill in these disabled server slots, which lets you scale up or down in many cases without a reload. To add more servers to the same backend, register more services with Consul, but keep the same name, web, in their JSON files. The only thing left to do is configure a frontend section that routes traffic to this backend pool of servers.

Conclusion

In this blog post, you learned how to integrate HAProxy and Consul by using the HAProxy Data Plane API, which enables dynamic load balancer configuration changes that are pulled directly from Consul’s service discovery registry. Although there have been other ways to combine Consul with HAProxy, this new way is more dynamic and responsive. Try it out yourself and see what you think!

HAProxy Enterprise powers modern application delivery at any scale and in any environment, providing the utmost performance, observability, and security for your critical services. Organizations harness its cutting edge features and enterprise suite of add-ons, which are backed by authoritative, expert support and professional services. Ready to learn more? Sign up for a free trial.

Subscribe to our blog. Get the latest release updates, tutorials, and deep-dives from HAProxy experts.