Hi there! I'm Maneshwar. Right now, I’m building LiveAPI, a first-of-its-kind tool that helps you automatically index API endpoints across all your repositories. LiveAPI makes it easier to discover, understand, and interact with APIs in large infrastructures.
Continuing our Ansible journey, let’s wire up Consul — HashiCorp’s service mesh and internal DNS provider — using clean Ansible roles.
We’ll install it using HashiCorp’s apt repository, configure it in a role-driven fashion, and deploy Consul agents as either servers or clients using tags. Let's get to it.
The Playbook
Your consul.yml playbook defines which hosts should run the role and how we want to tag their responsibilities:
- name: Install and configure Consul hosts: all become: yes roles: - consul tags: - master - client This gives us the flexibility to run only server or client setup by tagging the playbook execution later.
🗂 Folder Layout
Here’s how the consul role is structured:
ansible-galaxy init roles/consul --offline
roles/consul/ ├── defaults/main.yml ├── handlers/main.yml ├── tasks/ │ ├── install.yml │ ├── configure.yml │ └── main.yml ├── templates/ │ ├── client_consul.hcl.j2 │ ├── master_consul.hcl.j2 │ └── master_server.hcl.j2 ├── vars/main.yml Installing Consul the Right Way
Use the official HashiCorp GPG key and apt repo setup (the new secure way):
tasks/install.yml
- name: Add HashiCorp GPG key (new method) ansible.builtin.shell: | curl -fsSL https://apt.releases.hashicorp.com/gpg | gpg --dearmor | sudo tee /etc/apt/keyrings/hashicorp-archive-keyring.gpg > /dev/null args: creates: /etc/apt/keyrings/hashicorp-archive-keyring.gpg - name: Add HashiCorp repository (new method) ansible.builtin.shell: | echo "deb [signed-by=/etc/apt/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list args: creates: /etc/apt/sources.list.d/hashicorp.list - name: Run apt update ansible.builtin.shell: apt update - name: Install Consul ansible.builtin.apt: name: consul state: present update_cache: no ⚠️ You can replace the
shelltasks withansible.builtin.get_urlandapt_repositoryfor a cleaner, idempotent install — but this approach is closer to the manual HashiCorp documentation and works well for quick setups.
Templates: Server & Client Configs
Define separate configuration templates for master/server and clients.
templates/master_consul.hcl.j2
node_name = "consul-{{ inventory_hostname }}-server" server = true bootstrap = true datacenter = "dc1" data_dir = "consul/data" log_level = "INFO" bind_addr = "0.0.0.0" client_addr = "0.0.0.0" advertise_addr = "{{ internal_ip }}" ui_config { enabled = true } connect { enabled = true } dns_config { enable_truncate = true } Use this for Consul servers that need to bootstrap the cluster and expose the UI.
templates/master_server.hcl.j2
log_level = "DEBUG" server = true bootstrap_expect = 1 advertise_addr = "{{ internal_ip }}" connect { enabled = true } ui_config { enabled = true } This can act as an additional config layer — or be merged into the main server template if needed.
templates/client_consul.hcl.j2
node_name = "consul-{{ inventory_hostname }}-client" server = false datacenter = "dc1" data_dir = "/opt/consul" log_level = "INFO" bind_addr = "{{ internal_ip }}" advertise_addr = "{{ internal_ip }}" retry_join = ["{{ groups['nomadclientandservers'] | map('extract', hostvars, 'internal_ip') | list | first }}"] dns_config { enable_truncate = true } service { id = "dns" name = "dns" tags = ["primary"] address = "localhost" port = 8600 check { id = "dns" name = "Consul DNS TCP on port 8600" tcp = "localhost:8600" interval = "10s" timeout = "1s" } } This config sets up DNS forwarding and a basic health check for clients. Ensure
internal_ipis defined in your host vars.
Configuring Consul with Ansible
Now, wire it all together in the configure.yml:
tasks/configure.yml
- name: Create consul data directory ansible.builtin.file: path: /opt/consul state: directory owner: consul group: consul mode: 0755 tags: [master, client] - name: Set proper permissions for consul directories ansible.builtin.file: path: "{{ item }}" state: directory owner: consul group: consul recurse: yes loop: - /opt/consul - /etc/consul.d tags: [master, client] - name: Deploy master Consul config ansible.builtin.template: src: master_consul.hcl.j2 dest: /etc/consul.d/consul.hcl owner: consul group: consul mode: 0644 when: "'master' in ansible_run_tags" tags: master - name: Deploy master server config ansible.builtin.template: src: master_server.hcl.j2 dest: /etc/consul.d/server.hcl owner: consul group: consul mode: 0644 when: "'master' in ansible_run_tags" tags: master - name: Deploy client Consul config ansible.builtin.template: src: client_consul.hcl.j2 dest: /etc/consul.d/consul.hcl owner: consul group: consul mode: 0644 when: "'client' in ansible_run_tags" tags: client - name: Restart consul service ansible.builtin.systemd: name: consul state: restarted tags: [master, client] Running the Playbook
Split your deployment by tags:
ansible-playbook consul.yml --tags master -v ansible-playbook consul.yml --tags client -v This gives you full control over when to deploy servers vs clients.
What You Achieved
- Installed Consul using HashiCorp’s secure apt setup
- Bootstrapped a Consul server with the UI enabled
- Deployed DNS-aware clients with health checks
- Used tags to keep roles clean and reusable
This approach brings modularity, repeatability, and clean separation to your infra automation.
🧠 Bonus: Let LiveAPI Handle Your APIs
LiveAPI helps you get all your backend APIs documented in a few minutes.
With LiveAPI, you can generate interactive API docs that allow users to search and execute endpoints directly from the browser.
If you're tired of updating Swagger manually or syncing Postman collections, give it a shot.
Top comments (0)
Some comments may only be visible to logged-in visitors. Sign in to view all comments.