一、關(guān)于Consul
1聪铺、Consul簡介
Consul是 HashiCorp 公司的一個用于實(shí)現(xiàn)分布式系統(tǒng)的分布式尼荆、高可用、高可橫向擴(kuò)展的服務(wù)發(fā)現(xiàn)與配置工具统翩。Consul內(nèi)置了服務(wù)注冊與發(fā)現(xiàn)框 架仙蚜、分布一致性協(xié)議實(shí)現(xiàn)、健康檢查厂汗、Key/Value存儲、多數(shù)據(jù)中心方案呜师。Consul具有功能完善娶桦、部署簡單、使用方便等特點(diǎn)汁汗。
類似的做服務(wù)發(fā)現(xiàn)與注冊的框架還有:
Etcd
Apache ZooKeeper
Eureka
2衷畦、Consul架構(gòu)
3、Consul特性
服務(wù)發(fā)現(xiàn)(Service Discovery):Consul提供了通過DNS或者HTTP接口的方式來注冊服務(wù)和發(fā)現(xiàn)服務(wù)知牌。一些外部的服務(wù)通過Consul很容易的找到它所依賴的服務(wù)祈争。
健康檢查(Health Checking):Consul的Client可以提供任意數(shù)量的健康檢查,既可以與給定的服務(wù)相關(guān)聯(lián)(“webserver是否返回200 OK”)角寸,也可以與本地節(jié)點(diǎn)相關(guān)聯(lián)(“CPU使用率是否大于90%”)菩混。操作員可以使用這些信息來監(jiān)視集群的健康狀況,服務(wù)發(fā)現(xiàn)組件可以使用這些信息將流量從不健康的主機(jī)路由出去扁藕。
Key/Value存儲:應(yīng)用程序可以根據(jù)自己的需要使用Consul提供的Key/Value存儲沮峡。 Consul提供了簡單易用的HTTP接口,結(jié)合其他工具可以實(shí)現(xiàn)動態(tài)配置亿柑、功能標(biāo)記邢疙、leader選舉等等功能。
安全服務(wù)通信:Consul可以為服務(wù)生成和分發(fā)TLS證書,以建立相互的TLS連接疟游。意圖可用于定義允許哪些服務(wù)通信呼畸。服務(wù)分割可以很容易地進(jìn)行管理,其目的是可以實(shí)時更改的颁虐,而不是使用復(fù)雜的網(wǎng)絡(luò)拓?fù)浜挽o態(tài)防火墻規(guī)則役耕。
多數(shù)據(jù)中心:Consul支持開箱即用的多數(shù)據(jù)中心. 這意味著用戶不需要擔(dān)心需要建立額外的抽象層讓業(yè)務(wù)擴(kuò)展到多個區(qū)域。
4聪廉、Consul常見使用場景
Consul的應(yīng)用場景包括服務(wù)發(fā)現(xiàn)瞬痘、服務(wù)隔離、服務(wù)配置:
服務(wù)發(fā)現(xiàn)場景中consul作為注冊中心板熊,服務(wù)地址被注冊到consul中以后框全,可以使用consul提供的dns、http接口查詢干签,consul支持health check津辩。
服務(wù)隔離場景中consul支持以服務(wù)為單位設(shè)置訪問策略,能同時支持經(jīng)典的平臺和新興的平臺容劳,支持tls證書分發(fā)喘沿,service-to-service加密。
服務(wù)配置場景中consul提供key-value數(shù)據(jù)存儲功能竭贩,并且能將變動迅速地通知出去蚜印,借助Consul可以實(shí)現(xiàn)配置共享,需要讀取配置的服務(wù)可以從Consul中讀取到準(zhǔn)確的配置信息留量。
Consul可以幫助系統(tǒng)管理者更清晰的了解復(fù)雜系統(tǒng)內(nèi)部的系統(tǒng)架構(gòu)窄赋,運(yùn)維人員可以將Consul看成一種監(jiān)控軟件,也可以看成一種資產(chǎn)(資源)管理系統(tǒng)楼熄。
二忆绰、啟動dev模式單節(jié)點(diǎn)
此模式適合日常開發(fā)環(huán)境中調(diào)試使用,如果您對數(shù)據(jù)持久化與服務(wù)可靠性有較高要求可岂,請?zhí)^此模式错敢。
1、下載并安裝Consul
使用wget下載安裝包至/data/pkgs目錄:
cd /data/pkgs
wget https://releases.hashicorp.com/consul/1.7.3/consul_1.7.3_linux_amd64.zip
將安裝包解壓至/data/services目錄缕粹,并重命名為consul:
unzip consul_1.7.3_linux_amd64.zip -d /data/services/consul
Archive: consul_1.7.3_linux_amd64.zip
inflating: /data/services/consul/consul
查看目錄信息:
ls -l /data/services/consul
total 105444
-rwxr-xr-x 1 centos centos 107970750 May 6 06:50 consul
2稚茅、配置Consul
通過上一步的操作,已經(jīng)基本完成了consul軟件的安裝致开,但為了使用方便峰锁,我們還需要將consul可執(zhí)行文件所在目錄加入PATH,以方便在任何地方調(diào)用還需要創(chuàng)建配置文件目錄來避免啟動時需要加很多參數(shù)双戳,另外需要將日志寫入特定目錄虹蒋,避免consul日志大量寫入系統(tǒng)日志。
a.創(chuàng)建相應(yīng)目錄,匹配環(huán)境變量
創(chuàng)建bin目錄魄衅、配置文件目錄峭竣、日志目錄:
cd /data/services/consul
mkdir {bin,log,conf,data}
將consul可執(zhí)行文件移動到bin目錄:
mv consul bin/
將consul的bin目錄添加到PATH,以下操作需要sudo或root權(quán)限:
sudo vim /etc/profile.d/consul.sh #為了避免誤操作或環(huán)境變量配置不當(dāng)導(dǎo)致系統(tǒng)命令失效,建議以服務(wù)或軟件名的形式在/etc/profile.d目錄下創(chuàng)建環(huán)境變量配置腳本晃虫,便于維護(hù)皆撩,不用時移除特定的腳本即可,對系統(tǒng)影響較小
腳本內(nèi)容如下:
export CONSUL_HOME=/data/services/consul
export PATH=${PATH}:${CONSUL_HOME}/bin
#使用source執(zhí)行腳本哲银,使配置生效
source /etc/profile.d/consul.sh
至此扛吞,consul已經(jīng)被添加到系統(tǒng)PATH,可以在任意目錄下進(jìn)行調(diào)用consul命令荆责。如下:
cd /data/services
consul help
Usage: consul [--version] [--help] <command> [<args>]?
Available commands are:
acl Interact with Consul's ACLs
agent Runs a Consul agent
catalog Interact with the catalog
config Interact with Consul's Centralized Configurations
connect Interact with Consul Connect
debug Records a debugging archive for operators
event Fire a new event
exec Executes a command on Consul nodes
force-leave Forces a member of the cluster to enter the "left" state
info Provides debugging information for operators.
intention Interact with Connect service intentions
join Tell Consul agent to join cluster
keygen Generates a new encryption key
keyring Manages gossip layer encryption keys
kv Interact with the key-value store
leave Gracefully leaves the Consul cluster and shuts down
lock Execute a command holding a lock
login Login to Consul using an auth method
logout Destroy a Consul token created with login
maint Controls node or service maintenance mode
members Lists the members of a Consul cluster
monitor Stream logs from a Consul agent
operator Provides cluster-level tools for Consul operators
reload Triggers the agent to reload configuration files
rtt Estimates network round trip time between nodes
services Interact with services
snapshot Saves, restores and inspects snapshots of Consul server state
tls Builtin helpers for creating CAs and certificates
validate Validate config files/directories
version Prints the Consul version
watch Watch for changes in Consul
b.創(chuàng)建配置文件
cd /data/services/consul/conf
vim dev.json
{
"bind_addr": "10.100.0.2",
"client_addr": "10.100.0.2",
"datacenter": "dc1",
"data_dir": "/data/services/consul/data",
"log_level": "INFO",
"log_file": "/data/services/consul/log/consul.log", #配置日志文件與目錄
"log_rotate_duration": "24h", #設(shè)置日志輪轉(zhuǎn)
"enable_syslog": false, #禁止consul日志寫入系統(tǒng)日志
"enable_debug": true,
"node_name": "Consul",
"ui": true
}
3滥比、以dev模式啟動Consul服務(wù)
consul agent -dev -config-dir=/data/services/consul/conf
==> Starting Consul agent...
Version: 'v1.7.3'
Node ID: '0e2d44c2-af33-e222-5eb5-58b2c1f903d5'
Node name: 'Consul'
Datacenter: 'dc1' (Segment: '<all>')
Server: true (Bootstrap: false)
Client Addr: [10.100.0.2] (HTTP: 8500, HTTPS: -1, gRPC: 8502, DNS: 8600)
Cluster Addr: 10.100.0.2 (LAN: 8301, WAN: 8302)
Encrypt: Gossip: false, TLS-Outgoing: false, TLS-Incoming: false, Auto-Encrypt-TLS: false
?
==> Log data will now stream in as it occurs:
?
2020-06-18T15:11:48.435+0800 [INFO] agent.server.raft: initial configuration: index=1 servers="[{Suffrage:Voter ID:0e2d44c2-af33-e222-5eb5-58b2c1f903d5 Address:10.100.0.2:8300}]"
2020-06-18T15:11:48.435+0800 [INFO] agent.server.raft: entering follower state: follower="Node at 10.100.0.2:8300 [Follower]" leader=
2020-06-18T15:11:48.435+0800 [INFO] agent.server.serf.wan: serf: EventMemberJoin: Consul.dc1 10.100.0.2
2020-06-18T15:11:48.436+0800 [INFO] agent.server.serf.lan: serf: EventMemberJoin: Consul 10.100.0.2
2020-06-18T15:11:48.436+0800 [INFO] agent.server: Adding LAN server: server="Consul (Addr: tcp/10.100.0.2:8300) (DC: dc1)"
2020-06-18T15:11:48.436+0800 [INFO] agent.server: Handled event for server in area: event=member-join server=Consul.dc1 area=wan
2020-06-18T15:11:48.436+0800 [INFO] agent: Started DNS server: address=10.100.0.2:8600 network=tcp
2020-06-18T15:11:48.436+0800 [INFO] agent: Started DNS server: address=10.100.0.2:8600 network=udp
2020-06-18T15:11:48.436+0800 [INFO] agent: Started HTTP server: address=10.100.0.2:8500 network=tcp
2020-06-18T15:11:48.436+0800 [INFO] agent: Started gRPC server: address=10.100.0.2:8502 network=tcp
2020-06-18T15:11:48.437+0800 [INFO] agent: started state syncer
==> Consul agent running!
2020-06-18T15:11:48.489+0800 [WARN] agent.server.raft: heartbeat timeout reached, starting election: last-leader=
2020-06-18T15:11:48.490+0800 [INFO] agent.server.raft: entering candidate state: node="Node at 10.100.0.2:8300 [Candidate]" term=2
2020-06-18T15:11:48.490+0800 [INFO] agent.server.raft: election won: tally=1
2020-06-18T15:11:48.490+0800 [INFO] agent.server.raft: entering leader state: leader="Node at 10.100.0.2:8300 [Leader]"
2020-06-18T15:11:48.490+0800 [INFO] agent.server: cluster leadership acquired
2020-06-18T15:11:48.490+0800 [INFO] agent.server: New leader elected: payload=Consul
2020-06-18T15:11:48.501+0800 [INFO] agent.server.connect: initialized primary datacenter CA with provider: provider=consul
2020-06-18T15:11:48.501+0800 [INFO] agent.leader: started routine: routine="CA root pruning"
2020-06-18T15:11:48.501+0800 [INFO] agent.server: member joined, marking health alive: member=Consul
2020-06-18T15:11:48.615+0800 [INFO] agent: Synced node info
看到上述信息,則說明已經(jīng)成功以dev模式運(yùn)行了consul服務(wù)做院。
4盲泛、配置Consul優(yōu)雅啟動與重啟
在上一步的啟動操作中,需要使用命令行帶參數(shù)啟動键耕,為了方便管理寺滚,將consul服務(wù)添加到systemd,可以進(jìn)行優(yōu)雅啟動與停止屈雄。為了服務(wù)安全村视,可以先創(chuàng)建一個不可登錄shell類型的用戶來對consul服務(wù)進(jìn)行管理:
sudo useradd -M -s /sbin/nologin consul
更改consul服務(wù)目錄屬主:
sudo chown -R consul.consul /data/services/consul
添加systemd管理單元:
sudo vim /usr/lib/systemd/system/consul.service
[Unit]
Description=Consul-node1
Documentation=https://www.consul.io/docs/
Wants=network-online.target
After=network-online.target
?
[Service]
User=consul
Group=consul
Type=simple
ExecStart=/data/services/consul/bin/consul agent -dev -config-dir=/data/services/consul/conf >/dev/null 2>&1
?
[Install]
WantedBy=multi-user.target
重載systemd配置:
sudo systemctl daemon-reload
5、Consul服務(wù)優(yōu)雅啟動棚亩、停止蓖议、重啟
使用systemd啟動consul服務(wù):
sudo systemctl start consul
使用systemd查看consul服務(wù)的狀態(tài):
sudo systemctl status consul
● consul.service - Consul
Loaded: loaded (/usr/lib/systemd/system/consul-node1.service; disabled; vendor preset: disabled)
Active: active (running) since Thu 2020-06-18 15:41:48 CST; 18s ago
Docs: https://www.consul.io/docs/
Main PID: 2217 (consul)
CGroup: /system.slice/consul.service
└─2217 /data/services/consul/bin/consul agent -config-dir=/data/services/consul/conf
?
Jun 18 15:41:50 localhost consul[2217]: 2020-06-18T15:41:50.732+0800 [INFO] agent.server: Handled event for server in area: event=member-join server=Consul.dc1 area=wan
Jun 18 15:41:50 localhost consul[2217]: 2020-06-18T15:41:50.733+0800 [INFO] agent.server.serf.lan: serf: EventMemberJoin: Consul 10.100.0.2
Jun 18 15:41:52 localhost consul[2217]: 2020-06-18T15:41:52.582+0800 [INFO] agent.server: Adding LAN server: server="Consul (Addr: tcp/10.100.0.2:8300) (DC: dc1)"
Hint: Some lines were ellipsized, use -l to show in full.
使用systemd停止consul服務(wù):
sudo systemctl stop consul
使用systemd重啟consul服務(wù):
sudo systemctl restart consul
二、啟動單節(jié)點(diǎn)server
此模式比較適合測試環(huán)境讥蟆、對consul數(shù)據(jù)持久化有要求的開發(fā)環(huán)境。如果您需要集群模式纺阔,請直接跳過此部分內(nèi)容瘸彤。
1、下載安裝Consul
使用wget下載安裝包至/data/pkgs目錄:
cd /data/pkgs
wget https://releases.hashicorp.com/consul/1.7.3/consul_1.7.3_linux_amd64.zip
將安裝包解壓至/data/services目錄笛钝,并重命名為consul:
unzip consul_1.7.3_linux_amd64.zip -d /data/services/consul
Archive: consul_1.7.3_linux_amd64.zip
inflating: /data/services/consul/consul
查看目錄信息:
ls -l /data/services/consul
total 105444
-rwxr-xr-x 1 centos centos 107970750 May 6 06:50 consul
2质况、配置Consul
通過上一步的操作,已經(jīng)基本完成了consul軟件的安裝玻靡,但為了使用方便结榄,我們還需要將consul可執(zhí)行文件所在目錄加入PATH,以方便在任何地方調(diào)用還需要創(chuàng)建配置文件目錄來避免啟動時需要加很多參數(shù)囤捻,另外需要將日志寫入特定目錄臼朗,避免consul日志大量寫入系統(tǒng)日志。
a.創(chuàng)建相應(yīng)目錄,匹配環(huán)境變量
創(chuàng)建bin目錄视哑、配置文件目錄绣否、日志目錄:
cd /data/services/consul
mkdir {bin,log,conf,data}
將consul可執(zhí)行文件移動到bin目錄:
mv consul bin/
將consul的bin目錄添加到PATH,以下操作需要sudo或root權(quán)限:
sudo vim /etc/profile.d/consul.sh #為了避免誤操作或環(huán)境變量配置不當(dāng)導(dǎo)致系統(tǒng)命令失效,建議以服務(wù)或軟件名的形式在/etc/profile.d目錄下創(chuàng)建環(huán)境變量配置腳本挡毅,便于維護(hù)蒜撮,不用時移除特定的腳本即可,對系統(tǒng)影響較小
腳本內(nèi)容如下:
export CONSUL_HOME=/data/services/consul
export PATH=${PATH}:${CONSUL_HOME}/bin
#使用source執(zhí)行腳本跪呈,使配置生效
source /etc/profile.d/consul.sh
至此段磨,consul已經(jīng)被添加到系統(tǒng)PATH,可以在任意目錄下進(jìn)行調(diào)用consul命令耗绿。
cd /data/services
consul version
Consul v1.7.3
Protocol 2 spoken by default, understands 2 to 3 (agent will automatically use protocol >2 when speaking to compatible agents)
b.創(chuàng)建配置文件
cd /data/services/consul/conf
vim server.json
{
"bind_addr": "10.100.0.2",
"client_addr": "10.100.0.2",
"datacenter": "dc1",
"data_dir": "/data/services/consul/data",
"encrypt": "EXz7LFN8hpQ4id8EDYiFoQ==",
"log_level": "INFO",
"log_file": "/data/services/consul/log/consul.log", #配置日志文件與目錄
"log_rotate_duration": "24h", #設(shè)置日志輪轉(zhuǎn)
"enable_syslog": false, #禁止consul日志寫入系統(tǒng)日志
"enable_debug": true,
"node_name": "Consul",
"server": true,
"ui": true,
"bootstrap_expect": 1, #此處設(shè)置為1苹支,標(biāo)識只需要一個投票即可成為leader,數(shù)字改太大會報錯,提示集群中沒有l(wèi)eader
"leave_on_terminate": false,
"skip_leave_on_interrupt": true,
"rejoin_after_leave": true,
"retry_join": [
"10.100.0.2:8301"
]
}
3缭乘、以server模式啟動Consul
啟動命令與dev模式類似沐序,只需要去掉dev模式中的-dev參數(shù)即可,如下:
consul agent -config-dir=/data/services/consul/conf
==> Starting Consul agent...
Version: 'v1.7.3'
Node ID: '0e2d44c2-af33-e222-5eb5-58b2c1f903d5'
Node name: 'Consul'
Datacenter: 'dc1' (Segment: '<all>')
Server: true (Bootstrap: false)
Client Addr: [10.100.0.2] (HTTP: 8500, HTTPS: -1, gRPC: 8502, DNS: 8600)
Cluster Addr: 10.100.0.2 (LAN: 8301, WAN: 8302)
Encrypt: Gossip: true, TLS-Outgoing: false, TLS-Incoming: false, Auto-Encrypt-TLS: false
?
==> Log data will now stream in as it occurs:
?
2020-06-18T15:11:48.435+0800 [INFO] agent.server.raft: initial configuration: index=1 servers="[{Suffrage:Voter ID:0e2d44c2-af33-e222-5eb5-58b2c1f903d5 Address:10.100.0.2:8300}]"
2020-06-18T15:11:48.435+0800 [INFO] agent.server.raft: entering follower state: follower="Node at 10.100.0.2:8300 [Follower]" leader=
2020-06-18T15:11:48.435+0800 [INFO] agent.server.serf.wan: serf: EventMemberJoin: Consul.dc1 10.100.0.2
2020-06-18T15:11:48.436+0800 [INFO] agent.server.serf.lan: serf: EventMemberJoin: Consul 10.100.0.2
2020-06-18T15:11:48.436+0800 [INFO] agent.server: Adding LAN server: server="Consul (Addr: tcp/10.100.0.2:8300) (DC: dc1)"
2020-06-18T15:11:48.436+0800 [INFO] agent.server: Handled event for server in area: event=member-join server=Consul.dc1 area=wan
2020-06-18T15:11:48.436+0800 [INFO] agent: Started DNS server: address=10.100.0.2:8600 network=tcp
2020-06-18T15:11:48.436+0800 [INFO] agent: Started DNS server: address=10.100.0.2:8600 network=udp
2020-06-18T15:11:48.436+0800 [INFO] agent: Started HTTP server: address=10.100.0.2:8500 network=tcp
2020-06-18T15:11:48.436+0800 [INFO] agent: Started gRPC server: address=10.100.0.2:8502 network=tcp
2020-06-18T15:11:48.437+0800 [INFO] agent: started state syncer
==> Consul agent running!
2020-06-18T15:11:48.489+0800 [WARN] agent.server.raft: heartbeat timeout reached, starting election: last-leader=
2020-06-18T15:11:48.490+0800 [INFO] agent.server.raft: entering candidate state: node="Node at 10.100.0.2:8300 [Candidate]" term=2
2020-06-18T15:11:48.490+0800 [INFO] agent.server.raft: election won: tally=1
2020-06-18T15:11:48.490+0800 [INFO] agent.server.raft: entering leader state: leader="Node at 10.100.0.2:8300 [Leader]"
2020-06-18T15:11:48.490+0800 [INFO] agent.server: cluster leadership acquired
2020-06-18T15:11:48.490+0800 [INFO] agent.server: New leader elected: payload=Consul
2020-06-18T15:11:48.501+0800 [INFO] agent.server.connect: initialized primary datacenter CA with provider: provider=consul
2020-06-18T15:11:48.501+0800 [INFO] agent.leader: started routine: routine="CA root pruning"
2020-06-18T15:11:48.501+0800 [INFO] agent.server: member joined, marking health alive: member=Consul
2020-06-18T15:11:48.615+0800 [INFO] agent: Synced node info
4堕绩、配置Consul優(yōu)雅啟動與重啟
在上一步的啟動操作中策幼,需要使用命令行帶參數(shù)啟動,為了方便管理奴紧,將consul服務(wù)添加到systemd特姐,可以進(jìn)行優(yōu)雅啟動與停止。為了服務(wù)安全黍氮,可以先創(chuàng)建一個不可登錄shell類型的用戶來對consul服務(wù)進(jìn)行管理:
sudo useradd -M -s /sbin/nologin consul
更改consul服務(wù)目錄屬主:
sudo chown -R consul.consul /data/services/consul
添加systemd管理單元唐含,此處與dev模式配置相似,只需要去除dev模式下啟動命令中的-dev參數(shù)即可:
sudo vim /usr/lib/systemd/system/consul.service
[Unit]
Description=Consul-node1
Documentation=https://www.consul.io/docs/
Wants=network-online.target
After=network-online.target
?
[Service]
User=consul
Group=consul
Type=simple
ExecStart=/data/services/consul/bin/consul agent -config-dir=/data/services/consul/conf >/dev/null 2>&1
?
[Install]
WantedBy=multi-user.target
重載systemd配置:
sudo systemctl daemon-reload
5沫浆、Consul服務(wù)優(yōu)雅啟動捷枯、停止、重啟
使用systemd啟動consul服務(wù):
sudo systemctl start consul
使用systemd查看consul服務(wù)的狀態(tài):
sudo systemctl status consul
● consul.service - Consul
Loaded: loaded (/usr/lib/systemd/system/consul-node1.service; disabled; vendor preset: disabled)
Active: active (running) since Thu 2020-06-18 15:41:48 CST; 18s ago
Docs: https://www.consul.io/docs/
Main PID: 2217 (consul)
CGroup: /system.slice/consul.service
└─2217 /data/services/consul/bin/consul agent -config-dir=/data/services/consul/conf
?
Jun 18 15:41:50 localhost consul[2217]: 2020-06-18T15:41:50.732+0800 [INFO] agent.server: Handled event for server in area: event=member-join server=Consul.dc1 area=wan
Jun 18 15:41:50 localhost consul[2217]: 2020-06-18T15:41:50.733+0800 [INFO] agent.server.serf.lan: serf: EventMemberJoin: Consul 10.100.0.2
Jun 18 15:41:52 localhost consul[2217]: 2020-06-18T15:41:52.582+0800 [INFO] agent.server: Adding LAN server: server="Consul (Addr: tcp/10.100.0.2:8300) (DC: dc1)"
Hint: Some lines were ellipsized, use -l to show in full.
使用systemd停止consul服務(wù):
sudo systemctl stop consul
使用systemd重啟consul服務(wù):
sudo systemctl restart consul
三专执、搭建3節(jié)點(diǎn)集群
此模式比較適合對服務(wù)可靠性要求較高的生產(chǎn)環(huán)境淮捆,如您并不打算直接用于生產(chǎn)環(huán)境或只是學(xué)習(xí)體驗(yàn),請?zhí)^此部分內(nèi)容本股。此部分也是整個文檔中消耗成本比較高的搭建方法攀痊。
1、規(guī)劃與準(zhǔn)備
主機(jī)規(guī)劃:
| 主機(jī)用途 | 主機(jī)IP |
|---|---|
| Consul-server1 | 10.100.0.2 |
| Consul-server2 | 10.100.0.3 |
| Consul-server3 | 10.100.0.4 |
| Consul-agent | 10.100.0.5 |
以上主機(jī)均需要在安全組或防火墻中配置能互相訪問拄显。
2苟径、下載安裝Consul
使用wget下載安裝包至/data/pkgs目錄:
cd /data/pkgs
wget https://releases.hashicorp.com/consul/1.7.3/consul_1.7.3_linux_amd64.zip
將安裝包解壓至/data/services目錄,并重命名為consul:
unzip consul_1.7.3_linux_amd64.zip -d /data/services/consul
Archive: consul_1.7.3_linux_amd64.zip
inflating: /data/services/consul/consul
查看目錄信息:
ls -l /data/services/consul
total 105444
-rwxr-xr-x 1 centos centos 107970750 May 6 06:50 consul
注意:
以上操作需要在每一臺機(jī)器上操作躬审,每臺機(jī)器都需要安裝Consul服務(wù)棘街。
3蟆盐、配置Consul
通過上一步的操作,已經(jīng)基本完成了consul軟件的安裝蹬碧,但為了使用方便舱禽,我們還需要將consul可執(zhí)行文件所在目錄加入PATH,以方便在任何地方調(diào)用還需要創(chuàng)建配置文件目錄來避免啟動時需要加很多參數(shù)恩沽,另外需要將日志寫入特定目錄誊稚,避免consul日志大量寫入系統(tǒng)日志。
a.創(chuàng)建相應(yīng)目錄罗心,匹配環(huán)境變量
創(chuàng)建bin目錄里伯、配置文件目錄、日志目錄:
cd /data/services/consul
mkdir {bin,log,conf,data}
將consul可執(zhí)行文件移動到bin目錄
mv consul bin/
將consul的bin目錄添加到PATH,以下操作需要sudo或root權(quán)限:
sudo vim /etc/profile.d/consul.sh #為了避免誤操作或環(huán)境變量配置不當(dāng)導(dǎo)致系統(tǒng)命令失效渤闷,建議以服務(wù)或軟件名的形式在/etc/profile.d目錄下創(chuàng)建環(huán)境變量配置腳本疾瓮,便于維護(hù),不用時移除特定的腳本即可飒箭,對系統(tǒng)影響較小
腳本內(nèi)容如下:
export CONSUL_HOME=/data/services/consul
export PATH=${PATH}:${CONSUL_HOME}/bin
#使用source執(zhí)行腳本狼电,使配置生效
source /etc/profile.d/consul.sh
至此,consul已經(jīng)被添加到系統(tǒng)PATH弦蹂,可以在任意目錄下進(jìn)行調(diào)用consul命令肩碟。
cd /data/services
consul version
Consul v1.7.3
Protocol 2 spoken by default, understands 2 to 3 (agent will automatically use protocol >2 when speaking to compatible agents)
b.創(chuàng)建Consul-Server服務(wù)配置文件
cd /data/services/consul/conf
vim server.json
{
"bind_addr": "10.100.0.2", #寫server所在服務(wù)器的IP
"client_addr": "10.100.0.2", #寫serve所在服務(wù)器的IP,或者直接寫127.0.0.1凸椿,如果寫127.0.0.1削祈,就不能直接從外部使用該server提供的客戶端訪問集群
"datacenter": "dc1",
"data_dir": "/data/services/consul/data",
"encrypt": "EXz7LFN8hpQ4id8EDYiFoQ==", #此處配置的加密字符串所有節(jié)點(diǎn)必須統(tǒng)一,否則通訊會異常
"log_level": "INFO",
"log_file": "/data/services/consul/log/consul.log", #配置日志文件與目錄
"log_rotate_duration": "24h", #設(shè)置日志輪轉(zhuǎn)
"enable_syslog": false, #禁止consul日志寫入系統(tǒng)日志
"enable_debug": true,
"node_name": "Consul",
"server": true,
"ui": true,
"bootstrap_expect": 3,
"leave_on_terminate": false,
"skip_leave_on_interrupt": true,
"rejoin_after_leave": true,
"retry_join": [
"10.100.0.2",
"10.100.0.3",
"10.100.0.4"
]
}
注意:
以上操作僅在server節(jié)點(diǎn)配置脑漫,agent配置與此處有不同的地方髓抑。
c、創(chuàng)建Consul-Agent配置文件
cd /data/services/consul/conf
vim agent.json
{
"bind_addr": "10.100.0.5", #此處為服務(wù)的監(jiān)聽地址优幸,可以寫127.0.0.1
"client_addr": "10.100.0.5", #此處寫節(jié)點(diǎn)的網(wǎng)卡地址吨拍,便于外部訪問,此IP將會是訪問集群的統(tǒng)一入口
"datacenter": "dc1",
"data_dir": "/data/services/consul/agent/data",
"encrypt": "EXz7LFN8hpQ4id8EDYiFoQ==", #此處加密字符串應(yīng)當(dāng)與server端保持一致网杆,不然會導(dǎo)致通訊異常
"log_level": "INFO",
"log_file": "/data/services/consul/agent/log/consul.log",
"log_rotate_duration": "24h",
"enable_syslog": false,
"enable_debug": true,
"node_name": "ConsulClient",
"ui": true,
"server": false,
"rejoin_after_leave": true,
"retry_join": [
"10.100.0.2",
"10.100.0.3",
"10.100.0.4"
]
}
4密末、啟動server節(jié)點(diǎn)與agent節(jié)點(diǎn)
使用如下命令啟動:
consul agent -config-dir=/data/services/consul/conf
==> Starting Consul agent...
Version: 'v1.7.3'
Node ID: '0e2d44c2-af33-e222-5eb5-58b2c1f903d5'
Node name: 'Consul'
Datacenter: 'dc1' (Segment: '<all>')
Server: true (Bootstrap: false)
Client Addr: [10.100.0.2] (HTTP: 8500, HTTPS: -1, gRPC: 8502, DNS: 8600)
Cluster Addr: 10.100.0.2 (LAN: 8301, WAN: 8302)
Encrypt: Gossip: true, TLS-Outgoing: false, TLS-Incoming: false, Auto-Encrypt-TLS: false
?
==> Log data will now stream in as it occurs:
?
2020-06-18T15:11:48.435+0800 [INFO] agent.server.raft: initial configuration: index=1 servers="[{Suffrage:Voter ID:0e2d44c2-af33-e222-5eb5-58b2c1f903d5 Address:10.100.0.2:8300}]"
?
#部分內(nèi)容因篇幅被刪除,僅保留開頭部分
注意:
以上操作需要在每一臺節(jié)點(diǎn)執(zhí)行跛璧。
5、配置Consul優(yōu)雅啟動與重啟
在上一步的啟動操作中新啼,需要使用命令行帶參數(shù)啟動追城,為了方便管理,將consul服務(wù)添加到systemd燥撞,可以進(jìn)行優(yōu)雅啟動與停止座柱。為了服務(wù)安全迷帜,可以先創(chuàng)建一個不可登錄shell類型的用戶來對consul服務(wù)進(jìn)行管理:
sudo useradd -M -s /sbin/nologin consul
更改consul服務(wù)目錄屬主:
sudo chown -R consul.consul /data/services/consul
添加systemd管理單元,此處與dev模式配置相似色洞,只需要去除dev模式下啟動命令中的-dev參數(shù)即可:
sudo vim /usr/lib/systemd/system/consul.service
[Unit]
Description=Consul-node1
Documentation=https://www.consul.io/docs/
Wants=network-online.target
After=network-online.target
?
[Service]
User=consul
Group=consul
Type=simple
ExecStart=/data/services/consul/bin/consul agent -config-dir=/data/services/consul/conf >/dev/null 2>&1
?
[Install]
WantedBy=multi-user.target
重載systemd配置
sudo systemctl daemon-reload
6戏锹、Consul服務(wù)優(yōu)雅啟動、停止火诸、重啟
使用systemd啟動consul服務(wù):
sudo systemctl start consul
使用systemd查看consul服務(wù)的狀態(tài):
sudo systemctl status consul
● consul.service - Consul
Loaded: loaded (/usr/lib/systemd/system/consul-node1.service; disabled; vendor preset: disabled)
Active: active (running) since Thu 2020-06-18 15:41:48 CST; 18s ago
Docs: https://www.consul.io/docs/
Main PID: 2217 (consul)
CGroup: /system.slice/consul.service
└─2217 /data/services/consul/bin/consul agent -config-dir=/data/services/consul/conf
?
Jun 18 15:41:50 localhost consul[2217]: 2020-06-18T15:41:50.732+0800 [INFO] agent.server: Handled event for server in area: event=member-join server=Consul.dc1 area=wan
Jun 18 15:41:50 localhost consul[2217]: 2020-06-18T15:41:50.733+0800 [INFO] agent.server.serf.lan: serf: EventMemberJoin: Consul 10.100.0.2
Jun 18 15:41:52 localhost consul[2217]: 2020-06-18T15:41:52.582+0800 [INFO] agent.server: Adding LAN server: server="Consul (Addr: tcp/10.100.0.2:8300) (DC: dc1)"
Hint: Some lines were ellipsized, use -l to show in full.
使用systemd停止consul服務(wù):
sudo systemctl stop consul
使用systemd重啟consul服務(wù):
sudo systemctl restart consul
四锦针、搭建單機(jī)3節(jié)點(diǎn)集群
在上一步的過程中,搭建了一個3節(jié)點(diǎn)集群置蜀,但是這種方式需要較多數(shù)量的服務(wù)器奈搜,成本方面來說不太友好。在使用過程中出于成本考慮盯荤,需要使用一個3節(jié)點(diǎn)集群馋吗,但因?yàn)樵诰W(wǎng)上沒有找到類似的教程來搭建單機(jī)3節(jié)點(diǎn)的教程,只能查看官方文檔中一些配置詳解來實(shí)現(xiàn)單機(jī)3節(jié)點(diǎn)秋秤,以下是搭建方式宏粤。
1、簡單規(guī)劃
| 節(jié)點(diǎn)用途 | 節(jié)點(diǎn)主機(jī)IP | 節(jié)點(diǎn)客戶端HTTP端口 | 節(jié)點(diǎn)DNS端口 | 節(jié)點(diǎn)serf_lan端口 | 節(jié)點(diǎn)serf_wan端口 | 節(jié)點(diǎn)server端口 |
|---|---|---|---|---|---|---|
| Consul-Server1 | 10.100.0.2 | 8501 | 8601 | 8001 | 8002 | 8000 |
| Consul-Server2 | 10.100.0.2 | 8502 | 8602 | 8101 | 8102 | 8100 |
| Consul-Server3 | 10.100.0.2 | 8503 | 8603 | 8201 | 8202 | 8200 |
| Consul-Agent | 10.100.0.2 | 8500(默認(rèn)) | 8600(默認(rèn)) | - | - | - |
2灼卢、下載安裝Consul
使用wget下載安裝包至/data/pkgs目錄:
cd /data/pkgs
wget https://releases.hashicorp.com/consul/1.7.3/consul_1.7.3_linux_amd64.zip
將安裝包解壓至/data/services目錄绍哎,并重命名為consul:
unzip consul_1.7.3_linux_amd64.zip -d /data/services/consul
Archive: consul_1.7.3_linux_amd64.zip
inflating: /data/services/consul/consul
查看目錄信息:
ls -l /data/services/consul
total 105444
-rwxr-xr-x 1 centos centos 107970750 May 6 06:50 consul
3、配置Consul
a芥玉、創(chuàng)建相應(yīng)目錄蛇摸,配置多節(jié)點(diǎn)
創(chuàng)建各節(jié)點(diǎn)目錄:
cd /data/services/consul
mkdir -p node{1..3}/{bin,conf,data,log}
mkdir -p agent/{bin,conf,data,log}
創(chuàng)建完成后,目錄結(jié)構(gòu)大致如下:
tree
.
├── agent
│ ├── bin
│ ├── conf
│ ├── data
│ │ └── serf
│ └── log
├── node1
│ ├── bin
│ ├── conf
│ ├── data
│ │ ├── raft
│ │ │ └── snapshots
│ │ └── serf
│ └── log
├── node2
│ ├── bin
│ ├── conf
│ ├── data
│ │ ├── raft
│ │ │ └── snapshots
│ │ └── serf
│ └── log
└── node3
├── bin
├── conf
├── data
│ ├── raft
│ │ └── snapshots
| └── serf
└── log
將可執(zhí)行文件復(fù)制到各節(jié)點(diǎn)的bin目錄:
cd /data/services/consul
cp consul node1/bin/
cp consul node1/bin/
cp consul node1/bin/
cp consul agent/bin/
b灿巧、創(chuàng)建Consul-Server服務(wù)配置文件
以Server1節(jié)點(diǎn)為例:
cd /data/services/consul/node1/conf
vim server.json
{
"bind_addr": "10.100.0.2",
"client_addr": "127.0.0.1",
"ports": {
"http": 8501, #其余server節(jié)點(diǎn)需要按照規(guī)劃的端口進(jìn)行配置
"dns": 8601, #其余server節(jié)點(diǎn)需要按照規(guī)劃的端口進(jìn)行配置
"serf_lan": 8001, #其余server節(jié)點(diǎn)需要按照規(guī)劃的端口進(jìn)行配置
"serf_wan": 8002, #其余server節(jié)點(diǎn)需要按照規(guī)劃的端口進(jìn)行配置
"server": 8000 #其余server節(jié)點(diǎn)需要按照規(guī)劃的端口進(jìn)行配置
},
"datacenter": "dc1",
"data_dir": "/data/services/consul/node1/data", #此處注意目錄名稱赶袄,寫對應(yīng)server節(jié)點(diǎn)的目錄名稱张咳,如:/data/services/consul/node2/data
"encrypt": "EXz7LFN8hpQ4id8EDYiFoQ==", #此處需要與其他節(jié)點(diǎn)一致
"log_level": "INFO",
"log_file": "/data/services/consul/node1/log/consul.log", #此處注意目錄名稱能真,每個節(jié)點(diǎn)目錄名稱不一樣
"log_rotate_duration": "24h",
"enable_syslog": false,
"enable_debug": true,
"node_name": "ConsulServer1", #此處需要注意月而,按照規(guī)劃的名稱填寫即可
"disable_host_node_id": true, #禁用主機(jī)信息生成節(jié)點(diǎn)ID
"server": true,
"ui": true,
"bootstrap_expect": 3,
"leave_on_terminate": false,
"skip_leave_on_interrupt": true,
"rejoin_after_leave": true,
"retry_join": [
"10.100.0.2:8001",
"10.100.0.2:8101",
"10.100.0.2:8201"
]
}
c狠裹、創(chuàng)建Consul-Agent配置文件
cd /data/services/consul/agent/conf
vim agent.json
{
"bind_addr": "0.0.0.0",
"client_addr": "0.0.0.0",
"datacenter": "dc1",
"data_dir": "/data/services/consul/agent/data",
"encrypt": "EXz7LFN8hpQ4id8EDYiFoQ==",
"log_level": "INFO",
"log_file": "/data/services/consul/agent/log/consul.log",
"log_rotate_duration": "24h",
"enable_syslog": false,
"enable_debug": true,
"node_name": "ConsulClient",
"ui": true,
"disable_host_node_id": true, #禁用主機(jī)信息生成的節(jié)點(diǎn)ID
"server": false,
"rejoin_after_leave": true,
"retry_join": [
"10.100.0.2:8001",
"10.100.0.2:8101",
"10.100.0.2:8201"
]
}
4扛芽、啟動Consul節(jié)點(diǎn)
以Server1節(jié)點(diǎn)為例挽唉,使用如下命令啟動:
cd /data/services/consul/node1/bin #此處注意目錄牛哺,啟動相應(yīng)的節(jié)點(diǎn)需要切換到相應(yīng)的目錄
./consul agent -config-dir=/data/services/consul/node1/conf
==> Starting Consul agent...
Version: 'v1.7.3'
Node ID: '0e2d44c2-af33-e222-5eb5-58b2c1f903d5'
Node name: 'Consul'
Datacenter: 'dc1' (Segment: '<all>')
Server: true (Bootstrap: false)
Client Addr: [10.100.0.2] (HTTP: 8500, HTTPS: -1, gRPC: 8502, DNS: 8600)
Cluster Addr: 10.100.0.2 (LAN: 8301, WAN: 8302)
Encrypt: Gossip: true, TLS-Outgoing: false, TLS-Incoming: false, Auto-Encrypt-TLS: false
?
==> Log data will now stream in as it occurs:
?
2020-06-18T15:11:48.435+0800 [INFO] agent.server.raft: initial configuration: index=1 servers="[{Suffrage:Voter ID:0e2d44c2-af33-e222-5eb5-58b2c1f903d5 Address:10.100.0.2:8300}]"
?
#部分內(nèi)容因篇幅被刪除蟆豫,僅保留開頭部分
注意:
以上操作需要在每一臺節(jié)點(diǎn)執(zhí)行零院,執(zhí)行的時候注意切換到相應(yīng)節(jié)點(diǎn)的目錄溉跃。
5、配置Consul優(yōu)雅啟動與重啟
在上一步的啟動操作中告抄,需要使用命令行帶參數(shù)啟動撰茎,為了方便管理,將consul服務(wù)添加到systemd打洼,可以進(jìn)行優(yōu)雅啟動與停止龄糊。為了服務(wù)安全逆粹,可以先創(chuàng)建一個不可登錄shell類型的用戶來對consul服務(wù)進(jìn)行管理:
sudo useradd -M -s /sbin/nologin consul
更改consul服務(wù)目錄屬主:
sudo chown -R consul.consul /data/services/consul
以Server1節(jié)點(diǎn)為例,添加systemd管理單元炫惩,此處與dev模式配置相似僻弹,只需要去除dev模式下啟動命令中的-dev參數(shù)即可:
sudo vim /usr/lib/systemd/system/consul-node1.service #此處注意文件名,如果是agent他嚷,則文件名改為consul-agent.service(Server1對應(yīng)consul-node1.service蹋绽,Server2對應(yīng)consul-node2.service,依次類推)
[Unit]
Description=Consul-node1 #服務(wù)描述
Documentation=https://www.consul.io/docs/
Wants=network-online.target
After=network-online.target
?
[Service]
User=consul
Group=consul
Type=simple
ExecStart=/data/services/consul/node1/bin/consul agent -config-dir=/data/services/consul/node1/conf >/dev/null 2>&1 #注意此處目錄
?
[Install]
WantedBy=multi-user.target
重載systemd配置:
sudo systemctl daemon-reload
注意:
在添加
systemd管理單元時需要將創(chuàng)建的文件名與要管理的節(jié)點(diǎn)匹配,在此文檔中爸舒,Server1節(jié)點(diǎn)對應(yīng)的文件名是consul-node1.service蟋字,Server2對應(yīng)的文件名是consul-node2.service,Server3對應(yīng)的文件名是consul-node3.service扭勉,Agent對應(yīng)的文件名是consul-agent.service鹊奖。
6、Consul服務(wù)的優(yōu)雅啟動涂炎、停止與重啟
以Server1為例忠聚,使用systemd啟動consul服務(wù):
sudo systemctl start consul-node1 #如果要啟動Serve2,則使用sudo systemctl start consul-node2
使用systemd查看consul服務(wù)的狀態(tài):
sudo systemctl status consul-node1 #如果要查看Serve2,則使用sudo systemctl status consul-node2
● consul.service - Consul
Loaded: loaded (/usr/lib/systemd/system/consul-node1.service; disabled; vendor preset: disabled)
Active: active (running) since Thu 2020-06-18 15:41:48 CST; 18s ago
Docs: https://www.consul.io/docs/
Main PID: 2217 (consul)
CGroup: /system.slice/consul.service
└─2217 /data/services/consul/bin/consul agent -config-dir=/data/services/consul/conf
?
Jun 18 15:41:50 localhost consul[2217]: 2020-06-18T15:41:50.732+0800 [INFO] agent.server: Handled event for server in area: event=member-join server=Consul.dc1 area=wan
Jun 18 15:41:50 localhost consul[2217]: 2020-06-18T15:41:50.733+0800 [INFO] agent.server.serf.lan: serf: EventMemberJoin: Consul 10.100.0.2
Jun 18 15:41:52 localhost consul[2217]: 2020-06-18T15:41:52.582+0800 [INFO] agent.server: Adding LAN server: server="Consul (Addr: tcp/10.100.0.2:8300) (DC: dc1)"
Hint: Some lines were ellipsized, use -l to show in full.
使用systemd停止consul服務(wù):
sudo systemctl stop consul-node1 #如果要停止Serve2,則使用sudo systemctl stop consul-node2
使用systemd重啟consul服務(wù):
sudo systemctl restart consul-node1 #如果要重啟Serve2,則使用sudo systemctl restart consul-node2
五、踩坑總結(jié)
1唱捣、單節(jié)點(diǎn)啟動server時不能選舉出leader
針對此問題两蟀,需要在配置文件中添加如下參數(shù)(案例中已經(jīng)添加):
bootstrap-expect
并且將該參數(shù)的值設(shè)置為1,如下:
"bootstrap_expect": 1
2震缭、搭建單機(jī)3節(jié)點(diǎn)能成功啟動赂毯,但日志中提示未選舉出leader,客戶端訪問報500
此問題的原因是集群中的node節(jié)點(diǎn)都使用了同一個node_id(通過分析日志發(fā)現(xiàn)的拣宰,在節(jié)點(diǎn)的通信中都標(biāo)識了同一個node_id)党涕,但在配置文件中又設(shè)定了bootstrap-expect的值為3,此時集群中沒有足夠的投票選舉出leader巡社。針對此問題有兩種解決方法膛堤。
a、方法一:
修改節(jié)點(diǎn)data目錄下的node-id文件晌该,以Server1節(jié)點(diǎn)為例:
cd /data/services/consul/node1/data
使用tree命令查看肥荔,目錄結(jié)構(gòu)如下:
tree
.
├── checkpoint-signature
├── node-id
├── raft
│ ├── peers.info
│ ├── raft.db
│ └── snapshots
│ ├── 7-131089-1592693864841
│ │ ├── meta.json
│ │ └── state.bin
│ └── 7-147478-1592808873974
│ ├── meta.json
│ └── state.bin
└── serf
編輯node-id文件:
vim node-id
6905298b-fd50-6423-2c42-1ddaf123e120
注意:
需要將每個Server節(jié)點(diǎn)的id改成唯一的,不可與其他Server節(jié)點(diǎn)重復(fù)朝群。
b燕耿、方法二:
從產(chǎn)生問題的根本原因入手,之所以所有節(jié)點(diǎn)會有相同的node_id是因?yàn)镃onsul默認(rèn)使用服務(wù)器的主機(jī)硬件信息等經(jīng)過特定的算法生成一個node_id姜胖,因?yàn)?個Server節(jié)點(diǎn)都部署在同一臺主機(jī)上缸棵,所以其node_id都使用了同一個。
解決此問題需要在服務(wù)啟動時加入如下參數(shù):
disable-host-node-id
在配置文件中添加該參數(shù),并將其值設(shè)置為true堵第,如下:
"disable_host_node_id": true
在本文檔中搭建Consul單機(jī)3節(jié)點(diǎn)集群的配置中,已經(jīng)加入了該配置隧出。
3踏志、使用agent客戶端訪問webUI查看節(jié)點(diǎn)信息,發(fā)現(xiàn)每一個節(jié)點(diǎn)在webUI中都被標(biāo)記為leader
原因:webUI中默認(rèn)使用IP標(biāo)記leader胀瞪,由于我們?nèi)齻€節(jié)點(diǎn)都在同一主機(jī)上针余,且只有一張網(wǎng)卡,服務(wù)監(jiān)聽的IP都是同一個IP凄诞,所以在webUI上顯示每個節(jié)點(diǎn)都被標(biāo)記成了leader圆雁。不影響使用。
排錯與確定問題方法:
在主機(jī)的agent節(jié)點(diǎn)上執(zhí)行命令行帆谍,通過命令行查看集群信息伪朽,命令如下:
cd /data/services/consul/agent/bin
./consul operator raft list-peers
Node ID Address State Voter RaftProtocol
ConsulServer1 6905298b-fd50-6423-2c42-1ddaf123e120 10.100.0.2:8000 follower true 3
ConsulServer3 e927bbfa-e067-a84f-93ea-6712cf1db7f8 10.100.0.2:8200 follower true 3
ConsulServer2 38e5b263-b848-dfb6-d197-115ca2da40e7 10.100.0.2:8100 leader true 3
通過命令行可以看到,集群中3個節(jié)點(diǎn)汛蝙,只有一個節(jié)點(diǎn)是leader烈涮。
其他說明:
因本人認(rèn)知范圍和技能水平有限,文檔中難免存在描述不當(dāng)或表達(dá)有誤的地方窖剑,如有此類問題坚洽,盡請諒解。
