nats #9

Supports: bionic focal
Add to new model

Description

NATS.io is a simple, secure and high performance open source messaging system for cloud native applications, IoT messaging, and microservices architectures.


Overview

This charm provides a way to deploy a NATS core cluster. See https://nats.io/ for more information about NATS itself.

Current features:

  • installation of nats-server via a snap (either from the store or a resource);
  • clustering with route URLs automatically added to the config of each unit;
  • debug options.
  • TLS support

Clustering Notes

  • NATS core does not have message persistence so leadership is not used for ordering of addition of units to the cluster - they come up as they are added and for a full mesh;
  • Route URLs are added to all other peers on each unit so that there is no dependency on a particular unit for discovering others;
  • Official NATS clients are multi-endpoint aware and will attempt to connect to a random NATS server and find the one that is alive so there is no need for a cluster virtual IP. Therefore, different NATS units can be in different subnets and are not tied to a shared L2 domain.

Deploy

juju deploy <nats-charm-dir>

Deploy with TLS Termination via a Relation

juju deploy <nats-charm-dir> -n 3
# The Vault charm implements the same interface.
juju deploy cs:~containers/easyrsa
juju relate nats easyrsa

A CA certificate obtained via a relation to a CA charm will also be exposed for NATS charm clients.

Debug

juju config nats debug=true trace=true
juju ssh --unit nats/0
journalctl -f -u snap.nats.server.service

Configuration

client-port
(int) A port NATS listens on for incoming client connections.
4222
cluster-port
(int) A port NATS listens on for incoming cluster connections.
4248
debug
(boolean) Enable nats-server debug logging.
listen-on-all-addresses
(boolean) Whether to use 0.0.0.0 for the client listening socket or not (all IPv4 and IPv6 addresses). NATS does not support multiple "listen" directives and the charm will error out if there are cross-model relations that result in multiple *different* bind-addresses available for relations of the client relation endpoint.
map-tls-clients
(boolean) Enable or disable usage of values in client certificates for authentication purposes (used in conjunction with verify-tls-clients only.
nagios_context
(string) Used by the nrpe subordinate charms. A string that will be prepended to instance name to set the host name in nagios. So for instance the hostname would be something like: juju-myservice-0 If you're running multiple environments with the same services in them this allows you to differentiate between them.
juju
nagios_servicegroups
(string) A comma-separated list of nagios servicegroups. If left empty, the nagios_context will be used as the servicegroup
snap-channel
(string) Snap Store channel to install the NATs snap from
stable
tls-ca-cert
(string) A CA certificate to be used for verification of TLS certificates of NATS cluster peers. Optional if TLS certificates are signed by a certificate authority that the core snap trusts.
tls-cert
(string) A TLS server certificate to be used by NATS.
tls-key
(string) A TLS server key to be used by NATS.
trace
(boolean) Enable tracing of raw protocol messages for nats-server.
verify-tls-clients
(boolean) Enable or disable mandatory client TLS certificate verification.