nats #3

Supports: bionic
Add to new model

Description

NATS.io is a simple, secure and high performance open source messaging system for cloud
native applications, IoT messaging, and microservices architectures.


Overview

This charm provides a way to deploy a NATS core cluster. See https://nats.io/ for
more information about NATS itself.

Current features:

  • installation of nats-server via a snap (either from the store or a resource);
  • clustering with route URLs automatically added to the config of each unit;
  • debug options.
  • TLS support

Clustering Notes

  • NATS core does not have message persistence so leadership is not used for
    ordering of addition of units to the cluster - they come up as they are added
    and for a full mesh;
  • Route URLs are added to all other peers on each unit so that there is no
    dependency on a particular unit for discovering others;
  • Official NATS clients are multi-endpoint aware and will attempt to connect to
    a random NATS server and find the one that is alive so there is no need for a
    cluster virtual IP. Therefore, different NATS units can be in different
    subnets and are not tied to a shared L2 domain.

Deploy

juju deploy <nats-charm-dir>

Deploy with TLS Termination via a Relation

juju deploy <nats-charm-dir> -n 3
# The Vault charm implements the same interface.
juju deploy cs:~containers/easyrsa
juju relate nats easyrsa

A CA certificate obtained via a relation to a CA charm will also be exposed for NATS charm clients.

Debug

juju config nats debug=true trace=true
juju ssh --unit nats/0
journalctl -f -u snap.nats.server.service

Configuration

client-port
(int) A port NATS listens on for incoming client connections.
4222
cluster-port
(int) A port NATS listens on for incoming cluster connections.
4248
debug
(boolean) Enable nats-server debug logging.
listen-on-all-addresses
(boolean) Whether to use 0.0.0.0 for the client listening socket or not (all IPv4 and IPv6 addresses). NATS does not support multiple "listen" directives and the charm will error out if there are cross-model relations that result in multiple *different* bind-addresses available for relations of the client relation endpoint.
map-tls-clients
(boolean) Enable or disable usage of values in client certificates for authentication purposes (used in conjunction with verify-tls-clients only.
snap-channel
(string) Snap Store channel to install the NATs snap from
stable
tls-ca-cert
(string) A CA certificate to be used for verification of TLS certificates of NATS cluster peers. Optional if TLS certificates are signed by a certificate authority that the core snap trusts.
tls-cert
(string) A TLS server certificate to be used by NATS.
tls-key
(string) A TLS server key to be used by NATS.
trace
(boolean) Enable tracing of raw protocol messages for nats-server.
verify-tls-clients
(boolean) Enable or disable mandatory client TLS certificate verification.