HashiCorp Certified: Consul Associate Certification
Back up and Restore
Consul Snapshot Agent Enterprise
Consul’s Snapshot Agent is an enterprise-only, long-running daemon that automates cluster backups. While open-source users must script snapshots via cron or CI/CD, the Snapshot Agent provides built-in scheduling, retention, and storage management.
Warning
The Snapshot Agent requires Consul Enterprise. If you’re on OSS Consul, implement external scripting for snapshots.
Key Features
- Custom intervals: e.g., hourly, six-hourly, daily
- Retention policies: automatically purge old snapshots
- Storage backends: local filesystem, S3-compatible (AWS S3, MinIO), Azure Blob, Google Cloud Storage
Note
Configure snapshot.interval
(e.g., 24h
) and snapshot.retain
(e.g., 48
) to control scheduling and purge behavior.
Supported Storage Backends
By default, manual snapshots are written locally. The Snapshot Agent lets you offload backups to resilient, off-node stores:
Backend | Use Case | Example Setting |
---|---|---|
S3-Compatible | AWS S3, MinIO, DigitalOcean Spaces | aws_storage.s3_bucket = "consul-snapshots" |
Azure Blob Storage | Enterprise-grade Blob management | azure_storage.account = "myaccount" |
Google Cloud Storage | GCS buckets for global redundancy | gcs_storage.bucket = "consul-gcs-snapshots" |
Local Filesystem | On-node backups (default for CLI/API) | filesystem.path = "/var/consul/snapshots" |
Benefits
- Automated snapshots on a defined schedule
- High availability via agent-level leader election
- Automatic failover: a new leader takes over if the current one fails
- Consistent backups: only one snapshot per interval cluster-wide
- Service registration & health checks for monitoring leader status
When the agent starts, it registers a Consul service with health checks. You can alert on missing leaders or failed snapshot jobs using your monitoring tools.
Configuration
Setup involves two files: a JSON config for the agent and a systemd unit to manage the service.
1. Snapshot Agent JSON
Save as /etc/snapshot.d/snapshot.json
:
{
"snapshot_agent": {
"http_addr": "127.0.0.1:8500",
"token": "your-acl-token",
"datacenter": "dc1",
"snapshot": {
"interval": "30m",
"retain": 336,
"deregister_after": "8h"
},
"aws_storage": {
"s3_region": "us-east-1",
"s3_bucket": "consul-snapshots"
}
}
}
Fields:
http_addr
: Consul HTTP API addresstoken
: ACL token withsnapshot
scopedatacenter
: Optional target datacentersnapshot.interval
: Interval between snapshotssnapshot.retain
: Number of snapshots to keepsnapshot.deregister_after
: Deregister unhealthy agent after this duration- Storage blocks: one of
aws_storage
,azure_storage
,gcs_storage
, orfilesystem
Refer to the Consul Snapshot Agent docs for full details.
2. systemd Unit
Create /etc/systemd/system/consul-snapshot.service
:
[Unit]
Description=Consul Snapshot Agent
Documentation=https://www.consul.io/
Requires=network-online.target
After=consul.service
ConditionFileNotEmpty=/etc/snapshot.d/snapshot.json
[Service]
User=consul
Group=consul
ExecStart=/usr/local/bin/consul snapshot agent -config-dir=/etc/snapshot.d/
KillMode=process
Restart=on-failure
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
Then reload and enable:
sudo systemctl daemon-reload
sudo systemctl start consul-snapshot
sudo systemctl enable consul-snapshot
Process Overview
- All nodes run the Snapshot Agent.
- Agents hold a leader election each interval.
- The leader captures the snapshot and uploads it to storage (e.g., S3).
- The retention policy deletes older snapshots beyond the configured limit.
Summary
The Consul Snapshot Agent simplifies enterprise-grade backup automation with scheduled snapshots, multi-backend support, and built-in high availability. It ensures consistent, recoverable cluster state without external scripting.
This functionality will be demonstrated in the accompanying lab.
Links and References
- Consul Enterprise Snapshot Agent Documentation
- AWS S3 Documentation
- Azure Blob Storage Overview
- Google Cloud Storage
Watch Video
Watch video content