Possible to run consul agent servers across on-premise & AWS?

0
votes

We're toying with the idea of running 6 Consul servers. 3 would be on-premise and 3 would be in AWS. We can initiate communications from on-premise to AWS fine, but our on-premise hosting does not allow inbound traffic to be initiated. This second fact would seem to be a deal breaker given that Consul seems to need to open TCP connections across a set of ports to facilitate its communication.

Questions

  • Is it possible to accomplish this?
  • Given how Raft, Serf, and Consul work is this not feasible?
  • Are there any methods we can use to do this (SSH, stunnel, etc.)?
2
consul

2 Answers

1
votes

All the nodes within a datacenter need to "see" each other. Even if you model AWS and on-premise as two datacenters the servers need to talk to each others using both UDP and TCP. See the datacenter documentation for the short version and the necessary ports in the architecture description. Communication needs to work both ways.

I've managed one setup with NAT and port forwarding, but even that would require an incoming connection.

SSH and stunnel will not help you here AFAIK as they won't provide a transparent UDP/TCP routing.

This would only leave the setup of a VPN between your AWS and on premise servers as an option.

0
votes

I know this is an old question, but just in case anyone's looking at it, these days you should use Mesh Gateways to connect to the 2 data centres WAN Federation with Mesh Gateways