{"id":14240,"date":"2022-10-01T17:23:36","date_gmt":"2022-10-01T14:23:36","guid":{"rendered":"https:\/\/kifarunix.com\/?p=14240"},"modified":"2024-03-09T23:05:32","modified_gmt":"2024-03-09T20:05:32","slug":"install-consul-server-on-debian","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/install-consul-server-on-debian\/","title":{"rendered":"Install Consul server on Debian 11\/Debian 10"},"content":{"rendered":"\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"995\" height=\"558\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/10\/install-consul-debian.png\" alt=\"install Consul server on Debian\" class=\"wp-image-14242\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/10\/install-consul-debian.png 995w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/10\/install-consul-debian-768x431.png 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/10\/install-consul-debian-150x84.png 150w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/10\/install-consul-debian-300x168.png 300w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/10\/install-consul-debian-696x390.png 696w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/10\/install-consul-debian-749x420.png 749w\" sizes=\"(max-width: 995px) 100vw, 995px\" \/><\/figure>\n\n\n\n<p>Follow through this tutorial to learn how to install Consul server on Debian 11\/Debian 10. According to the <a href=\"https:\/\/www.consul.io\/docs\/intro#what-is-consul\" target=\"_blank\" rel=\"noreferrer noopener\">documentation<\/a>, <em>&#8220;HashiCorp Consul is a service networking solution that enables teams to manage secure network connectivity between services and across on-prem and multi-cloud environments and runtimes. Consul offers service discovery, service mesh, traffic management, and automated updates to network infrastructure device. You can use these features individually or together in a single Consul deployment<\/em>&#8220;.<\/p>\n\n\n\n<div class=\"wp-block-rank-math-toc-block\" id=\"rank-math-toc\"><h2>Table of Contents<\/h2><nav><ul><li><a href=\"#installing-consul-server-on-debian-11-debian-10\">Installing Consul Server on Debian 11\/Debian 10<\/a><ul><li><a href=\"#how-to-install-consul-server-on-debian-using-precompiled-binary\">How to install Consul server on Debian using Precompiled binary<\/a><ul><li><a href=\"#install-consul-from-apt-repositories\">Install Consul from APT repositories<\/a><\/li><li><a href=\"#download-and-install-consul-binary\">Download and Install Consul Binary<\/a><\/li><\/ul><\/li><li><a href=\"#build-consul-from-source\">Build Consul from Source<\/a><\/li><li><a href=\"#verify-consul-installation\">Verify Consul Installation<\/a><\/li><li><a href=\"#configuring-consul-agent-on-debian\">Configuring Consul Agent on Debian<\/a><\/li><li><a href=\"#running-consul-agent-server\">Running Consul Agent Server<\/a><ul><li><a href=\"#running-consul-agent-server-with-consul-ui-enabled\">Running Consul Agent server with Consul UI Enabled;<\/a><\/li><li><a href=\"#running-consul-agent-server-as-systemd-service\">Running Consul Agent Server as systemd Service<\/a><\/li><\/ul><\/li><li><a href=\"#accessing-consul-agent-server-web-ui\">Accessing Consul Agent Server Web UI<\/a><\/li><li><a href=\"#further-reading\">Further Reading<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"installing-consul-server-on-debian-11-debian-10\">Installing Consul Server on Debian 11\/Debian 10<\/h2>\n\n\n\n<p>You can install Consul server on Debian using different ways;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"#use-precompiled-package\">Install Consul using Precompiled Package<\/a><\/li>\n\n\n\n<li><a href=\"#build-from-source\">Build Consul from the source<\/a><\/li>\n<\/ul>\n\n\n\n<p>In this tutorial, we are running a single node Consul cluster (<code><strong>bootstrap_expect=1<\/strong><\/code>) for demonstration purposes! Note that it is recommended to run production <em>Consul in a cluster of either three or five nodes. This is to ensure that Consul&#8217;s state is preserved if a single server fails<\/em>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"how-to-install-consul-server-on-debian-using-precompiled-binary\">How to install Consul server on Debian using Precompiled binary<\/h3>\n\n\n\n<p>You can either use any of the methods below to install Consul server on Debian using Pre-compiled binary;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Install Consul from APT repositories or <\/li>\n\n\n\n<li>Download the current release version of Consul binary.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"install-consul-from-apt-repositories\">Install Consul from APT repositories<\/h4>\n\n\n\n<p>To install Consul from APT repositories, proceed as follows;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>apt update<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>apt install gnupg2 sudo<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>wget -qO- https:\/\/apt.releases.hashicorp.com\/gpg | gpg --dearmor &gt; \\\n\/etc\/apt\/trusted.gpg.d\/consul.gpg<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>echo \"deb https:\/\/apt.releases.hashicorp.com $(lsb_release -cs) main\" &gt; \\\n\/etc\/apt\/sources.list.d\/consul.list<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>apt update<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>apt install consul<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"download-and-install-consul-binary\">Download and Install Consul Binary<\/h4>\n\n\n\n<p>Navigate to the <a href=\"https:\/\/www.consul.io\/downloads\" target=\"_blank\" rel=\"noreferrer noopener\">downloads page<\/a> and grab Consul binary for your specific system architecture.<\/p>\n\n\n\n<p>As of this writing, Consul v1.13.2 is the current stable release. You can just grab the download link and pull it as follows;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>wget https:\/\/releases.hashicorp.com\/consul\/1.13.2\/consul_1.13.2_linux_amd64.zip<\/code><\/pre>\n\n\n\n<p>Extract the binary to \/usr\/local\/bin directory;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>unzip consul_1.13.2_linux_amd64.zip -d \/usr\/local\/bin\/<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"build-consul-from-source\">Build Consul from Source<\/h3>\n\n\n\n<p>To build Consul from the source;<\/p>\n\n\n\n<p><a href=\"https:\/\/go.dev\/dl\/\" target=\"_blank\" rel=\"noreferrer noopener\">Download<\/a> and install Go.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>wget https:\/\/go.dev\/dl\/go1.19.1.linux-amd64.tar.gz<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>tar xzf go1.19.1.linux-amd64.tar.gz -C \/opt<\/code><\/pre>\n\n\n\n<p>Update the PATH with path to Go binary;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sed -i.bak 's|\"$|:\/opt\/go\/bin\/\"|' \/etc\/environment<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>source \/etc\/environment<\/code><\/pre>\n\n\n\n<p>Next, clone the Consul repository from GitHub:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>apt install git make<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>git clone https:\/\/github.com\/hashicorp\/consul.git<\/code><\/pre>\n\n\n\n<p>Compile Consul;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cd consul<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>make dev<\/code><\/pre>\n\n\n\n<p>Once compilation is done, copy the binary to \/usr\/local\/bin\/;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cp .\/bin\/consul \/usr\/local\/bin\/<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"verify-consul-installation\">Verify Consul Installation<\/h3>\n\n\n\n<p>You can run the consul command without any options to confirm and verify its installation.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>consul<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\nUsage: consul [--version] [--help] <command> [<args>]\nAvailable commands are:\n    acl            Interact with Consul's ACLs\n    agent          Runs a Consul agent\n    catalog        Interact with the catalog\n    config         Interact with Consul's Centralized Configurations\n    connect        Interact with Consul Connect\n    debug          Records a debugging archive for operators\n    event          Fire a new event\n    exec           Executes a command on Consul nodes\n    force-leave    Forces a member of the cluster to enter the \"left\" state\n    info           Provides debugging information for operators.\n    intention      Interact with Connect service intentions\n    join           Tell Consul agent to join cluster\n    keygen         Generates a new encryption key\n    keyring        Manages gossip layer encryption keys\n    kv             Interact with the key-value store\n    leave          Gracefully leaves the Consul cluster and shuts down\n    lock           Execute a command holding a lock\n    login          Login to Consul using an auth method\n    logout         Destroy a Consul token created with login\n    maint          Controls node or service maintenance mode\n    members        Lists the members of a Consul cluster\n    monitor        Stream logs from a Consul agent\n    operator       Provides cluster-level tools for Consul operators\n    peering        Create and manage peering connections between Consul clusters\n    reload         Triggers the agent to reload configuration files\n    rtt            Estimates network round trip time between nodes\n    services       Interact with services\n    snapshot       Saves, restores and inspects snapshots of Consul server state\n    tls            Builtin helpers for creating CAs and certificates\n    validate       Validate config files\/directories\n    version        Prints the Consul version\n    watch          Watch for changes in Consul\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"configuring-consul-agent-on-debian\">Configuring Consul Agent on Debian<\/h3>\n\n\n\n<p>As already mentioned, we are running a single node Consul server in this setup (Option; <strong><code>bootstrap_expect=1<\/code><\/strong>).<\/p>\n\n\n\n<p>Consul agent can run either in server or client mode. We will run Consul agent as a server in this setup.<\/p>\n\n\n\n<p>Thus, before you can start Consul agent server, there are a few things that you need to do.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Create Consul service account (ONLY if you didn&#8217;t install Consul using APT);<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>useradd -r -M -s \/bin\/false consul<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Create Consul data directory. If you installed using APT, <code>\/opt\/consul<\/code> directory is created by default. You can choose to use a different directory though.<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91; -d \/opt\/consul ] || mkdir \/opt\/consul<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Create Consul configurations directory. Similarly, this directory is created if you installed Consul using APT;<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91; -d \/etc\/consul.d ] || mkdir \/etc\/consul.d<\/code><\/pre>\n\n\n\n<p>Any custom configuration options need to be placed in <code>consul.hcl<\/code> file, under the configuration directory created above.<\/p>\n\n\n\n<p>For example, to define the custom options;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>vim \/etc\/consul.d\/consul.hcl<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>bind_addr = \"192.168.58.26\"\ndata_dir = \"\/opt\/consul\"\nbootstrap_expect=1<\/code><\/pre>\n\n\n\n<p>Sample config with all options commented out;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cat \/etc\/consul.d\/consul.hcl<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code># Full configuration options can be found at https:\/\/www.consul.io\/docs\/agent\/config\n\n# datacenter\n# This flag controls the datacenter in which the agent is running. If not provided,\n# it defaults to \"dc1\". Consul has first-class support for multiple datacenters, but \n# it relies on proper configuration. Nodes in the same datacenter should be on a \n# single LAN.\n#datacenter = \"my-dc-1\"\n\n# data_dir\n# This flag provides a data directory for the agent to store state. This is required\n# for all agents. The directory should be durable across reboots. This is especially\n# critical for agents that are running in server mode as they must be able to persist\n# cluster state. Additionally, the directory must support the use of filesystem\n# locking, meaning some types of mounted folders (e.g. VirtualBox shared folders) may\n# not be suitable.\ndata_dir = \"\/opt\/consul\"\n\n# client_addr\n# The address to which Consul will bind client interfaces, including the HTTP and DNS\n# servers. By default, this is \"127.0.0.1\", allowing only loopback connections. In\n# Consul 1.0 and later this can be set to a space-separated list of addresses to bind\n# to, or a go-sockaddr template that can potentially resolve to multiple addresses.\n#client_addr = \"0.0.0.0\"\n\n# ui\n# Enables the built-in web UI server and the required HTTP routes. This eliminates\n# the need to maintain the Consul web UI files separately from the binary.\n# Version 1.10 deprecated ui=true in favor of ui_config.enabled=true\n#ui_config{\n#  enabled = true\n#}\n\n# server\n# This flag is used to control if an agent is in server or client mode. When provided,\n# an agent will act as a Consul server. Each Consul cluster must have at least one\n# server and ideally no more than 5 per datacenter. All servers participate in the Raft\n# consensus algorithm to ensure that transactions occur in a consistent, linearizable\n# manner. Transactions modify cluster state, which is maintained on all server nodes to\n# ensure availability in the case of node failure. Server nodes also participate in a\n# WAN gossip pool with server nodes in other datacenters. Servers act as gateways to\n# other datacenters and forward traffic as appropriate.\n#server = true\n\n# Bind addr\n# You may use IPv4 or IPv6 but if you have multiple interfaces you must be explicit.\n#bind_addr = \"[::]\" # Listen on all IPv6\n#bind_addr = \"0.0.0.0\" # Listen on all IPv4\n#\n# Advertise addr - if you want to point clients to a different address than bind or LB.\n#advertise_addr = \"127.0.0.1\"\n\n# Enterprise License\n# As of 1.10, Enterprise requires a license_path and does not have a short trial.\n#license_path = \"\/etc\/consul.d\/consul.hclic\"\n\n# bootstrap_expect\n# This flag provides the number of expected servers in the datacenter. Either this value\n# should not be provided or the value must agree with other servers in the cluster. When\n# provided, Consul waits until the specified number of servers are available and then\n# bootstraps the cluster. This allows an initial leader to be elected automatically.\n# This cannot be used in conjunction with the legacy -bootstrap flag. This flag requires\n# -server mode.\n#bootstrap_expect=3\n\n# encrypt\n# Specifies the secret key to use for encryption of Consul network traffic. This key must\n# be 32-bytes that are Base64-encoded. The easiest way to create an encryption key is to\n# use consul keygen. All nodes within a cluster must share the same encryption key to\n# communicate. The provided key is automatically persisted to the data directory and loaded\n# automatically whenever the agent is restarted. This means that to encrypt Consul's gossip\n# protocol, this option only needs to be provided once on each agent's initial startup\n# sequence. If it is provided after Consul has been initialized with an encryption key,\n# then the provided key is ignored and a warning will be displayed.\n#encrypt = \"...\"\n\n# retry_join\n# Similar to -join but allows retrying a join until it is successful. Once it joins \n# successfully to a member in a list of members it will never attempt to join again.\n# Agents will then solely maintain their membership via gossip. This is useful for\n# cases where you know the address will eventually be available. This option can be\n# specified multiple times to specify multiple agents to join. The value can contain\n# IPv4, IPv6, or DNS addresses. In Consul 1.1.0 and later this can be set to a go-sockaddr\n# template. If Consul is running on the non-default Serf LAN port, this must be specified\n# as well. IPv6 must use the \"bracketed\" syntax. If multiple values are given, they are\n# tried and retried in the order listed until the first succeeds. Here are some examples:\n#retry_join = [\"consul.domain.internal\"]\n#retry_join = [\"10.0.4.67\"]\n#retry_join = [\"[::1]:8301\"]\n#retry_join = [\"consul.domain.internal\", \"10.0.4.67\"]\n# Cloud Auto-join examples:\n# More details - https:\/\/www.consul.io\/docs\/agent\/cloud-auto-join\n#retry_join = [\"provider=aws tag_key=... tag_value=...\"]\n#retry_join = [\"provider=azure tag_name=... tag_value=... tenant_id=... client_id=... subscription_id=... secret_access_key=...\"]\n#retry_join = [\"provider=gce project_name=... tag_value=...\"]\n<\/code><\/pre>\n\n\n\n<p>Always confirm the validity of the Consul configuration file;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo consul validate \/etc\/consul.d\/<\/code><\/pre>\n\n\n\n<p>You should get such an output if all is good.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>Configuration is valid!<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Set Proper ownership for the Consul data and configuration directories<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>chown -R consul: \/opt\/consul \/etc\/consul.d<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"running-consul-agent-server\">Running Consul Agent Server<\/h3>\n\n\n\n<p>&#8220;<em>Consul uses&nbsp;<a href=\"https:\/\/www.consul.io\/docs\/agent\/config\/config-files\" target=\"_blank\" rel=\"noopener\">documented reasonable defaults<\/a>&nbsp;so only non-default values must be set in the configuration file&#8221;.<\/em><\/p>\n\n\n\n<p>You can use the command below to start the Consul agent and runs until an interrupt is received. The agent represents a single node in a cluster.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>consul agent &#91;options]<\/code><\/pre>\n\n\n\n<p>These are the available [options] you can use;<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>\nHTTP API Options\n  -datacenter=<value>\n     Datacenter of the agent.\nCommand Options\n  -advertise=<value>\n     Sets the advertise address to use.\n  -advertise-wan=<value>\n     Sets address to advertise on WAN instead of -advertise address.\n  -allow-write-http-from=<value>\n     Only allow write endpoint calls from given network. CIDR format,\n     can be specified multiple times.\n  -alt-domain=<value>\n     Alternate domain to use for DNS interface.\n  -auto-reload-config\n     Watches config files for changes and auto reloads the files when\n     modified.\n  -bind=<value>\n     Sets the bind address for cluster communication.\n  -bootstrap\n     Sets server to bootstrap mode.\n  -bootstrap-expect=<value>\n     Sets server to expect bootstrap mode.\n  -check_output_max_size=<value>\n     Sets the maximum output size for checks on this agent\n  -client=<value>\n     Sets the address to bind for client access. This includes RPC, DNS,\n     HTTP, HTTPS and gRPC (if configured).\n  -config-dir=<value>\n     Path to a directory to read configuration files from. This\n     will read every file ending in '.json' as configuration in this\n     directory in alphabetical order. Can be specified multiple times.\n  -config-file=<value>\n     Path to a file in JSON or HCL format with a matching file\n     extension. Can be specified multiple times.\n  -config-format=<string>\n     Config files are in this format irrespective of their extension.\n     Must be 'hcl' or 'json'\n  -data-dir=<value>\n     Path to a data directory to store agent state.\n  -default-query-time=<value>\n     the amount of time a blocking query will wait before Consul will\n     force a response. This value can be overridden by the 'wait' query\n     parameter.\n  -dev\n     Starts the agent in development mode.\n  -disable-host-node-id\n     Setting this to true will prevent Consul from using information\n     from the host to generate a node ID, and will cause Consul to\n     generate a random node ID instead.\n  -disable-keyring-file\n     Disables the backing up of the keyring to a file.\n  -dns-port=<value>\n     DNS port to use.\n  -domain=<value>\n     Domain to use for DNS interface.\n  -enable-local-script-checks\n     Enables health check scripts from configuration file.\n  -enable-script-checks\n     Enables health check scripts.\n  -encrypt=<value>\n     Provides the gossip encryption key.\n  -grpc-port=<value>\n     Sets the gRPC API port to listen on.\n  -grpc-tls-port=<value>\n     Sets the gRPC-TLS API port to listen on.\n  -hcl=<value>\n     hcl config fragment. Can be specified multiple times.\n  -http-port=<value>\n     Sets the HTTP API port to listen on.\n  -https-port=<value>\n     Sets the HTTPS API port to listen on.\n  -join=<value>\n     Address of an agent to join at start time. Can be specified\n     multiple times.\n  -join-wan=<value>\n     Address of an agent to join -wan at start time. Can be specified\n     multiple times.\n  -log-file=<value>\n     Path to the file the logs get written to\n  -log-json\n     Output logs in JSON format.\n  -log-level=<value>\n     Log level of the agent.\n  -log-rotate-bytes=<value>\n     Maximum number of bytes that should be written to a log file\n  -log-rotate-duration=<value>\n     Time after which log rotation needs to be performed\n  -log-rotate-max-files=<value>\n     Maximum number of log file archives to keep\n  -max-query-time=<value>\n     the maximum amount of time a blocking query can wait before Consul\n     will force a response. Consul applies jitter to the wait time. The\n     jittered time will be capped to MaxQueryTime.\n  -node=<value>\n     Name of this node. Must be unique in the cluster.\n  -node-id=<value>\n     A unique ID for this node across space and time. Defaults to a\n     randomly-generated ID that persists in the data-dir.\n  -node-meta=<key:value>\n     An arbitrary metadata key\/value pair for this node, of the format\n     `key:value`. Can be specified multiple times.\n  -non-voting-server\n     (Enterprise-only) DEPRECATED: -read-replica should be used instead\n  -pid-file=<value>\n     Path to file to store agent PID.\n  -primary-gateway=<value>\n     Address of a mesh gateway in the primary datacenter to use to\n     bootstrap WAN federation at start time with retries enabled. Can be\n     specified multiple times.\n  -protocol=<value>\n     Sets the protocol version. Defaults to latest.\n  -raft-protocol=<value>\n     Sets the Raft protocol version. Defaults to latest.\n  -read-replica\n     (Enterprise-only) This flag is used to make the server not\n     participate in the Raft quorum, and have it only receive the data\n     replication stream. This can be used to add read scalability to\n     a cluster in cases where a high volume of reads to servers are\n     needed.\n  -recursor=<value>\n     Address of an upstream DNS server. Can be specified multiple times.\n  -rejoin\n     Ignores a previous leave and attempts to rejoin the cluster.\n  -retry-interval=<value>\n     Time to wait between join attempts.\n  -retry-interval-wan=<value>\n     Time to wait between join -wan attempts.\n  -retry-join=<value>\n     Address of an agent to join at start time with retries enabled. Can\n     be specified multiple times.\n  -retry-join-wan=<value>\n     Address of an agent to join -wan at start time with retries\n     enabled. Can be specified multiple times.\n  -retry-max=<value>\n     Maximum number of join attempts. Defaults to 0, which will retry\n     indefinitely.\n  -retry-max-wan=<value>\n     Maximum number of join -wan attempts. Defaults to 0, which will\n     retry indefinitely.\n  -segment=<value>\n     (Enterprise-only) Sets the network segment to join.\n  -serf-lan-allowed-cidrs=<value>\n     Networks (eg: 192.168.1.0\/24) allowed for Serf LAN. Can be\n     specified multiple times.\n  -serf-lan-bind=<value>\n     Address to bind Serf LAN listeners to.\n  -serf-lan-port=<value>\n     Sets the Serf LAN port to listen on.\n  -serf-wan-allowed-cidrs=<value>\n     Networks (eg: 192.168.1.0\/24) allowed for Serf WAN (other\n     datacenters). Can be specified multiple times.\n  -serf-wan-bind=<value>\n     Address to bind Serf WAN listeners to.\n  -serf-wan-port=<value>\n     Sets the Serf WAN port to listen on.\n  -server\n     Switches agent to server mode.\n  -server-port=<value>\n     Sets the server port to listen on.\n  -syslog\n     Enables logging to syslog.\n  -ui\n     Enables the built-in static web UI server.\n  -ui-content-path=<value>\n     Sets the external UI path to a string. Defaults to: \/ui\/\n  -ui-dir=<value>\n     Path to directory containing the web UI resources.\n<\/code><\/pre>\n\n\n\n<p>To Start Consul agent server in development mode, with default configs;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>consul agent -dev<\/code><\/pre>\n\n\n\n<p>Press <strong>Ctrl+c<\/strong> to stop.<\/p>\n\n\n\n<p>To run Consul agent as a server;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -u consul consul agent -bind=192.168.58.26 -bootstrap-expect=1 -data-dir=\/opt\/consul -server<\/code><\/pre>\n\n\n\n<p>Sample output;<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>\n==> Starting Consul agent...\n              Version: '1.13.2'\n           Build Date: '2022-09-20 20:30:07 +0000 UTC'\n              Node ID: 'd2d547d2-54c8-d09d-662c-bb79c20192bc'\n            Node name: 'debian11'\n           Datacenter: 'dc1' (Segment: '<all>')\n               Server: true (Bootstrap: true)\n          Client Addr: [127.0.0.1] (HTTP: 8500, HTTPS: -1, gRPC: -1, DNS: 8600)\n         Cluster Addr: 192.168.58.26 (LAN: 8301, WAN: 8302)\n    Gossip Encryption: false\n     Auto-Encrypt-TLS: false\n            HTTPS TLS: Verify Incoming: false, Verify Outgoing: false, Min Version: TLSv1_2\n             gRPC TLS: Verify Incoming: false, Min Version: TLSv1_2\n     Internal RPC TLS: Verify Incoming: false, Verify Outgoing: false (Verify Hostname: false), Min Version: TLSv1_2\n\n==> Log data will now stream in as it occurs:\n\n2022-10-01T17:12:13.361+0300 [WARN]  agent: BootstrapExpect is set to 1; this is the same as Bootstrap mode.\n2022-10-01T17:12:13.361+0300 [WARN]  agent: bootstrap = true: do not enable unless necessary\n2022-10-01T17:12:13.367+0300 [WARN]  agent.auto_config: BootstrapExpect is set to 1; this is the same as Bootstrap mode.\n2022-10-01T17:12:13.367+0300 [WARN]  agent.auto_config: bootstrap = true: do not enable unless necessary\n2022-10-01T17:12:13.376+0300 [INFO]  agent.server.raft: initial configuration: index=1 servers=\"[{Suffrage:Voter ID:d2d547d2-54c8-d09d-662c-bb79c20192bc Address:192.168.58.26:8300}]\"\n2022-10-01T17:12:13.376+0300 [INFO]  agent.server.serf.wan: serf: EventMemberJoin: debian11.dc1 192.168.58.26\n2022-10-01T17:12:13.377+0300 [INFO]  agent.server.serf.lan: serf: EventMemberJoin: debian11 192.168.58.26\n2022-10-01T17:12:13.377+0300 [INFO]  agent.router: Initializing LAN area manager\n2022-10-01T17:12:13.377+0300 [INFO]  agent.server.autopilot: reconciliation now disabled\n2022-10-01T17:12:13.377+0300 [INFO]  agent.server.raft: entering follower state: follower=\"Node at 192.168.58.26:8300 [Follower]\" leader-address= leader-id=\n2022-10-01T17:12:13.377+0300 [WARN]  agent.server.serf.wan: serf: Failed to re-join any previously known node\n2022-10-01T17:12:13.378+0300 [WARN]  agent.server.serf.lan: serf: Failed to re-join any previously known node\n2022-10-01T17:12:13.378+0300 [INFO]  agent.server: Adding LAN server: server=\"debian11 (Addr: tcp\/192.168.58.26:8300) (DC: dc1)\"\n2022-10-01T17:12:13.378+0300 [INFO]  agent.server: Handled event for server in area: event=member-join server=debian11.dc1 area=wan\n2022-10-01T17:12:13.379+0300 [WARN]  agent: [core]grpc: addrConn.createTransport failed to connect to {dc1-192.168.58.26:8300 debian11 <nil> 0 <nil>}. Err: connection error: desc = \"transport: Error while dialing dial tcp 192.168.58.26:0->192.168.58.26:8300: operation was canceled\". Reconnecting...\n2022-10-01T17:12:13.379+0300 [INFO]  agent: Started DNS server: address=127.0.0.1:8600 network=udp\n2022-10-01T17:12:13.380+0300 [INFO]  agent: Started DNS server: address=127.0.0.1:8600 network=tcp\n2022-10-01T17:12:13.380+0300 [INFO]  agent: Starting server: address=127.0.0.1:8500 network=tcp protocol=http\n2022-10-01T17:12:13.380+0300 [INFO]  agent: started state syncer\n2022-10-01T17:12:13.380+0300 [INFO]  agent: Consul agent running!\n<\/code><\/pre>\n\n\n\n<p>You can use these options in a configuration file;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -u consul vim \/etc\/consul.d\/consul.hcl<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>bind_addr = \"192.168.58.26\"\nbootstrap_expect=1\ndata_dir = \"\/opt\/consul\"\nserver = true<\/code><\/pre>\n\n\n\n<p>And just use the command;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -u consul consul agent -config-dir=\/etc\/consul.d<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"running-consul-agent-server-with-consul-ui-enabled\">Running Consul Agent server with Consul UI Enabled;<\/h4>\n\n\n\n<p><em>Consul features a web-based user interface, allowing you to get an overview of all services, nodes, intentions and more using a graphical user interface, rather than the CLI or API.<\/em><\/p>\n\n\n\n<p>If you are running Consul in a cluster, you can enable UI on a single node.<\/p>\n\n\n\n<p>To enable Consul UI, you can pass the options on the command line or use the configuration file;<\/p>\n\n\n\n<p>To pass the options, <strong><code>-ui<\/code><\/strong> on the command line;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -u consul consul agent -bind=192.168.58.26 -bootstrap-expect=1 -data-dir=\/opt\/consul -server -ui<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\n==> Starting Consul agent...\n              Version: '1.13.2'\n           Build Date: '2022-09-20 20:30:07 +0000 UTC'\n              Node ID: 'd2d547d2-54c8-d09d-662c-bb79c20192bc'\n            Node name: 'debian11'\n           Datacenter: 'dc1' (Segment: '<all>')\n               Server: true (Bootstrap: true)\n          Client Addr: [127.0.0.1] (HTTP: 8500, HTTPS: -1, gRPC: -1, DNS: 8600)\n         Cluster Addr: 192.168.58.26 (LAN: 8301, WAN: 8302)\n    Gossip Encryption: false\n     Auto-Encrypt-TLS: false\n            HTTPS TLS: Verify Incoming: false, Verify Outgoing: false, Min Version: TLSv1_2\n             gRPC TLS: Verify Incoming: false, Min Version: TLSv1_2\n     Internal RPC TLS: Verify Incoming: false, Verify Outgoing: false (Verify Hostname: false), Min Version: TLSv1_2\n\n==> Log data will now stream in as it occurs:\n\n2022-10-01T17:12:58.765+0300 [WARN]  agent: BootstrapExpect is set to 1; this is the same as Bootstrap mode.\n2022-10-01T17:12:58.765+0300 [WARN]  agent: bootstrap = true: do not enable unless necessary\n2022-10-01T17:12:58.772+0300 [WARN]  agent.auto_config: BootstrapExpect is set to 1; this is the same as Bootstrap mode.\n2022-10-01T17:12:58.772+0300 [WARN]  agent.auto_config: bootstrap = true: do not enable unless necessary\n2022-10-01T17:12:58.780+0300 [INFO]  agent.server.raft: initial configuration: index=1 servers=\"[{Suffrage:Voter ID:d2d547d2-54c8-d09d-662c-bb79c20192bc Address:192.168.58.26:8300}]\"\n2022-10-01T17:12:58.780+0300 [INFO]  agent.server.serf.wan: serf: EventMemberJoin: debian11.dc1 192.168.58.26\n2022-10-01T17:12:58.781+0300 [INFO]  agent.server.serf.lan: serf: EventMemberJoin: debian11 192.168.58.26\n2022-10-01T17:12:58.781+0300 [INFO]  agent.router: Initializing LAN area manager\n2022-10-01T17:12:58.781+0300 [INFO]  agent.server.autopilot: reconciliation now disabled\n2022-10-01T17:12:58.782+0300 [INFO]  agent.server.raft: entering follower state: follower=\"Node at 192.168.58.26:8300 [Follower]\" leader-address= leader-id=\n2022-10-01T17:12:58.782+0300 [WARN]  agent.server.serf.wan: serf: Failed to re-join any previously known node\n2022-10-01T17:12:58.782+0300 [WARN]  agent.server.serf.lan: serf: Failed to re-join any previously known node\n2022-10-01T17:12:58.783+0300 [INFO]  agent.server: Adding LAN server: server=\"debian11 (Addr: tcp\/192.168.58.26:8300) (DC: dc1)\"\n2022-10-01T17:12:58.783+0300 [INFO]  agent.server: Handled event for server in area: event=member-join server=debian11.dc1 area=wan\n2022-10-01T17:12:58.783+0300 [WARN]  agent: [core]grpc: addrConn.createTransport failed to connect to {dc1-192.168.58.26:8300 debian11 <nil> 0 <nil>}. Err: connection error: desc = \"transport: Error while dialing dial tcp 192.168.58.26:0->192.168.58.26:8300: operation was canceled\". Reconnecting...\n2022-10-01T17:12:58.784+0300 [INFO]  agent: Started DNS server: address=127.0.0.1:8600 network=udp\n2022-10-01T17:12:58.784+0300 [INFO]  agent: Started DNS server: address=127.0.0.1:8600 network=tcp\n2022-10-01T17:12:58.785+0300 [INFO]  agent: Starting server: address=127.0.0.1:8500 network=tcp protocol=http\n2022-10-01T17:12:58.785+0300 [INFO]  agent: started state syncer\n2022-10-01T17:12:58.785+0300 [INFO]  agent: Consul agent running!\n<\/code><\/pre>\n\n\n\n<p>This will start HTTP server on Port 8500, bind to loopback interface;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>2022-10-01T06:41:00.847Z &#91;INFO]  agent: Starting server: address=127.0.0.1:8500 network=tcp protocol=http<\/code><\/pre>\n\n\n\n<p>To bind the HTTP server to a non-loopback interface, define the address using <code><strong>-client<\/strong><\/code> option.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -u consul consul agent -bind=192.168.58.26 -bootstrap-expect=1 -client=192.168.58.26 -data-dir=\/opt\/consul -server -ui<\/code><\/pre>\n\n\n\n<p>To enable these options in a configuration file;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>vim \/etc\/consul.d\/consul.hcl<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>...\n<strong>data_dir = \"\/opt\/consul\"\nclient_addr = \"192.168.58.26\"\nui_config{\n  enabled = true\n}\nserver = true\nbind_addr = \"192.168.58.26\"\nbootstrap_expect=1<\/strong>\n...<\/code><\/pre>\n\n\n\n<p>Then, you can just start Consult agent server;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -u consul consul agent -config-dir=\/etc\/consul.d<\/code><\/pre>\n\n\n\n<p>Note that you can control all these command line options in the configuration file.<\/p>\n\n\n\n<p>You can now access Consul Web UI via <strong>http:\/\/server-IP:8500<\/strong>.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"running-consul-agent-server-as-systemd-service\">Running Consul Agent Server as systemd Service<\/h4>\n\n\n\n<p>For easy manageability, you can create a systemd service unit file for Consul by running the command below;<\/p>\n\n\n\n<p>Ensure the path to the consul binary is correct by using the command, <strong><code>which consul<\/code><\/strong>;<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>cat &gt; \/etc\/systemd\/system\/consul.service &lt;&lt; 'EOL'\n[Unit]\nDescription=\"HashiCorp Consul\"\nRequires=network-online.target\nAfter=network-online.target\nConditionFileNotEmpty=\/etc\/consul.d\/consul.hcl\n\n[Service]\nEnvironmentFile=-\/etc\/consul.d\/consul.env\nUser=consul\nGroup=consul\nExecStart=\/usr\/bin\/consul agent -config-dir=\/etc\/consul.d\/\nExecReload=\/bin\/kill --signal HUP $MAINPID\nKillMode=process\nKillSignal=SIGTERM\nRestart=on-failure\nLimitNOFILE=65536\n\n[Install]\nWantedBy=multi-user.target\nEOL\n<\/code><\/pre>\n\n\n\n<p>Note that the service above uses the Consul options in a configuration file, <strong><code>\/etc\/consul.d\/consul.hcl<\/code><\/strong>.<\/p>\n\n\n\n<p>Start and enable Consul service to run on system boot;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl restart consul<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl enable --now consul<\/code><\/pre>\n\n\n\n<p>Check the status;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl status consul<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\n\u25cf consul.service - \"HashiCorp Consul\"\n     Loaded: loaded (\/etc\/systemd\/system\/consul.service; enabled; vendor preset: enabled)\n     Active: active (running) since Sat 2022-10-01 17:09:30 EAT; 2s ago\n   Main PID: 2575 (consul)\n      Tasks: 7 (limit: 1133)\n     Memory: 24.9M\n        CPU: 126ms\n     CGroup: \/system.slice\/consul.service\n             \u2514\u25002575 \/usr\/bin\/consul agent -config-dir=\/etc\/consul.d\/\n\nOct 01 17:09:30 debian11 consul[2575]: 2022-10-01T17:09:30.090+0300 [WARN]  agent.server.serf.wan: serf: Failed to re-join any previously known node\nOct 01 17:09:30 debian11 consul[2575]: 2022-10-01T17:09:30.090+0300 [WARN]  agent.server.serf.lan: serf: Failed to re-join any previously known node\nOct 01 17:09:30 debian11 consul[2575]: 2022-10-01T17:09:30.090+0300 [INFO]  agent.server: Adding LAN server: server=\"debian11 (Addr: tcp\/192.168.58.26:8300) (DC: dc1)\"\nOct 01 17:09:30 debian11 consul[2575]: 2022-10-01T17:09:30.090+0300 [INFO]  agent.server: Handled event for server in area: event=member-join server=debian11.dc1 area=wan\nOct 01 17:09:30 debian11 consul[2575]: 2022-10-01T17:09:30.090+0300 [WARN]  agent: [core]grpc: addrConn.createTransport failed to connect to {dc1-192.168.58.26:8300 debian>\nOct 01 17:09:30 debian11 consul[2575]: 2022-10-01T17:09:30.091+0300 [INFO]  agent: Started DNS server: address=192.168.58.26:8600 network=udp\nOct 01 17:09:30 debian11 consul[2575]: 2022-10-01T17:09:30.091+0300 [INFO]  agent: Started DNS server: address=192.168.58.26:8600 network=tcp\nOct 01 17:09:30 debian11 consul[2575]: 2022-10-01T17:09:30.091+0300 [INFO]  agent: Starting server: address=192.168.58.26:8500 network=tcp protocol=http\nOct 01 17:09:30 debian11 consul[2575]: 2022-10-01T17:09:30.092+0300 [INFO]  agent: started state syncer\nOct 01 17:09:30 debian11 consul[2575]: 2022-10-01T17:09:30.092+0300 [INFO]  agent: Consul agent running!\n<\/code><\/pre>\n\n\n\n<p>Check Cluster members;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>consul members<\/code><\/pre>\n\n\n\n<p>If Consul HTTP is not listening on a loopback address, then specify the address as follows;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>consul members -http-addr http:\/\/192.168.58.26:8500<\/code><\/pre>\n\n\n\n<p>Sample output;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>Node      Address             Status  Type    Build   Protocol  DC   Partition  Segment\ndebian11  192.168.58.26:8301  alive   server  1.13.2  2         dc1  default    &lt;all&gt;<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"accessing-consul-agent-server-web-ui\">Accessing Consul Agent Server Web UI<\/h3>\n\n\n\n<p>If you enabled Consul UI, you can access via the addresses that you defined on the configuration. Eg <strong><code>http:\/\/server-IP-or-resolvable-domain:8500<\/code><\/strong>.<\/p>\n\n\n\n<p>Cluster Overview;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1891\" height=\"753\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/10\/consul-overview-debian.png\" alt=\"\" class=\"wp-image-14247\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/10\/consul-overview-debian.png?v=1664633985 1891w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/10\/consul-overview-debian-768x306.png?v=1664633985 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/10\/consul-overview-debian-1536x612.png?v=1664633985 1536w\" sizes=\"(max-width: 1891px) 100vw, 1891px\" \/><\/figure><\/div>\n\n\n<p>Nodes Overview<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1885\" height=\"611\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/10\/consul-nodes-debian.png\" alt=\"\" class=\"wp-image-14248\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/10\/consul-nodes-debian.png?v=1664633997 1885w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/10\/consul-nodes-debian-768x249.png?v=1664633997 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/10\/consul-nodes-debian-1536x498.png?v=1664633997 1536w\" sizes=\"(max-width: 1885px) 100vw, 1885px\" \/><\/figure><\/div>\n\n\n<p>You can continue to <a href=\"https:\/\/learn.hashicorp.com\/tutorials\/consul\/get-started-explore-the-ui\" target=\"_blank\" rel=\"noreferrer noopener\">explore Consul UI<\/a>.<\/p>\n\n\n\n<p>That marks the end of our tutorial on installing Consul server on Debian 11\/Debian 10.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"further-reading\">Further Reading<\/h3>\n\n\n\n<p><a href=\"https:\/\/learn.hashicorp.com\/collections\/consul\/getting-started\" target=\"_blank\" rel=\"noreferrer noopener\">Getting Started with Consul<\/a><\/p>\n\n\n\n<p>Other Tutorials<\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-consul-server-on-ubuntu\/\" target=\"_blank\" rel=\"noreferrer noopener\">Install Consul Server on Ubuntu 22.04\/Ubuntu 20.04<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-and-deploy-kubernetes-cluster-on-ubuntu-20-04\/\" target=\"_blank\" rel=\"noreferrer noopener\">Install and Deploy Kubernetes Cluster on Ubuntu 20.04<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Follow through this tutorial to learn how to install Consul server on Debian 11\/Debian 10. According to the documentation, &#8220;HashiCorp Consul is a service networking<\/p>\n","protected":false},"author":1,"featured_media":14242,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[121],"tags":[5887,997,5885,3958,5884,5886],"class_list":["post-14240","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-howtos","tag-consul-installation","tag-debian-10","tag-debian-10-consul-install","tag-debian-11","tag-install-consul-on-debian-11","tag-install-hashicorp-consul","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50","resize-featured-image"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/14240"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=14240"}],"version-history":[{"count":6,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/14240\/revisions"}],"predecessor-version":[{"id":20643,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/14240\/revisions\/20643"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media\/14242"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=14240"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=14240"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=14240"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}