Consul 从零到一

原创

已于 2024-05-31 09:20:38 修改 · 276 阅读

0 ·

CC 4.0 BY-SA版权

文章标签：

#consul

于 2023-04-24 15:34:54 首次发布

本文详细介绍了Consul的使用，包括下载安装、启动Agent、集群管理、服务注册与查询、健康检查、K/V存储和Web UI。通过示例展示了如何通过DNS和HTTP API查询服务，以及如何在Nginx中实现动态负载均衡。

Consul

测试环境：

主机名	IP地址
nginx	11.11.1.100
web01	11.11.1.102
web02	11.11.1.103

使用 yum 的方式安装：

[root@ci-cd ~]# sudo yum install -y yum-utils
[root@ci-cd ~]# sudo yum-config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo
[root@ci-cd ~]# sudo yum -y install consul

验证：

[root@ci-cd ~]# consul
Usage: consul [--version] [--help] <command> [<args>]

Available commands are:
    acl            Interact with Consul's ACLs
    agent          Runs a Consul agent
    catalog        Interact with the catalog
    config         Interact with Consul's Centralized Configurations
    connect        Interact with Consul Connect
    debug          Records a debugging archive for operators
    event          Fire a new event
    exec           Executes a command on Consul nodes
    force-leave    Forces a member of the cluster to enter the "left" state
    info           Provides debugging information for operators.
    intention      Interact with Connect service intentions
    join           Tell Consul agent to join cluster
    keygen         Generates a new encryption key
    keyring        Manages gossip layer encryption keys
    kv             Interact with the key-value store
    leave          Gracefully leaves the Consul cluster and shuts down
    lock           Execute a command holding a lock
    login          Login to Consul using an auth method
    logout         Destroy a Consul token created with login
    maint          Controls node or service maintenance mode
    members        Lists the members of a Consul cluster
    monitor        Stream logs from a Consul agent
    operator       Provides cluster-level tools for Consul operators
    reload         Triggers the agent to reload configuration files
    rtt            Estimates network round trip time between nodes
    services       Interact with services
    snapshot       Saves, restores and inspects snapshots of Consul server state
    tls            Builtin helpers for creating CAs and certificates
    validate       Validate config files/directories
    version        Prints the Consul version
    watch          Watch for changes in Consul

下载二进制包

wget https://releases.hashicorp.com/consul/1.1.0/consul_1.1.0_linux_amd64.zip

解压并运行

unzip consul_1.1.0_linux_amd64.zip
sudo mv consul /usr/local/bin/

验证：

[vagrant@nginx ~]$ consul -v
Consul v1.1.0
Protocol 2 spoken by default, understands 2 to 3 (agent will automatically use protocol >2 when speaking to compatible agents)

启动 Consul Agent

Consul 安装完毕，一定要运行一个 agent 端。Agent 可以以 server mode 运行也可以以 client mode 运行。每个数据中心至少有一个server（建议在一个数据中心运行 3 到 5 个数量的 server）。单节点的部署并不推荐，因为存在单点故障，会导致数据丢失。

[vagrant@nginx ~]$ consul agent -dev
==> Starting Consul agent...
==> Consul agent running!
           Version: 'v1.1.0'
           Node ID: '86b918f0-e6b2-92f8-e874-3107c4797359'
         Node name: 'nginx'
        Datacenter: 'dc1' (Segment: '<all>')
            Server: true (Bootstrap: false)
       Client Addr: [127.0.0.1] (HTTP: 8500, HTTPS: -1, DNS: 8600)
      Cluster Addr: 127.0.0.1 (LAN: 8301, WAN: 8302)
           Encrypt: Gossip: false, TLS-Outgoing: false, TLS-Incoming: false


==> Log data will now stream in as it occurs:
。。。。。。

# 一个完整的输出
[root@ci-cd ~]# consul agent -dev -node machine
==> Starting Consul agent...
           Version: '1.8.2'
           Node ID: 'b6c7abab-3bb0-08f5-3566-b369c082d75b'
         Node name: 'machine'  # 设置节点的名称
        Datacenter: 'dc1' (Segment: '<all>')
            Server: true (Bootstrap: false)
       Client Addr: [127.0.0.1] (HTTP: 8500, HTTPS: -1, gRPC: 8502, DNS: 8600)
      Cluster Addr: 127.0.0.1 (LAN: 8301, WAN: 8302)
           Encrypt: Gossip: false, TLS-Outgoing: false, TLS-Incoming: false, Auto-Encrypt-TLS: false

==> Log data will now stream in as it occurs:

    2020-08-11T09:47:28.254+0800 [DEBUG] agent: Using random ID as node ID: id=b6c7abab-3bb0-08f5-3566-b369c082d75b
    2020-08-11T09:47:28.262+0800 [INFO]  agent.server.raft: initial configuration: index=1 servers="[{Suffrage:Voter ID:b6c7abab-3bb0-08f5-3566-b369c082d75b Address:127.0.0.1:8300}]"
    2020-08-11T09:47:28.262+0800 [INFO]  agent.server.raft: entering follower state: follower="Node at 127.0.0.1:8300 [Follower]" leader=
    2020-08-11T09:47:28.262+0800 [INFO]  agent.server.serf.wan: serf: EventMemberJoin: machine.dc1 127.0.0.1
    2020-08-11T09:47:28.263+0800 [INFO]  agent.server.serf.lan: serf: EventMemberJoin: machine 127.0.0.1
    2020-08-11T09:47:28.263+0800 [INFO]  agent.server: Handled event for server in area: event=member-join server=machine.dc1 area=wan
    2020-08-11T09:47:28.263+0800 [INFO]  agent.server: Adding LAN server: server="machine (Addr: tcp/127.0.0.1:8300) (DC: dc1)"
    2020-08-11T09:47:28.263+0800 [INFO]  agent: Started DNS server: address=127.0.0.1:8600 network=udp
    2020-08-11T09:47:28.263+0800 [INFO]  agent: Started DNS server: address=127.0.0.1:8600 network=tcp
    2020-08-11T09:47:28.264+0800 [INFO]  agent: Started HTTP server: address=127.0.0.1:8500 network=tcp
    2020-08-11T09:47:28.264+0800 [INFO]  agent: Started gRPC server: address=127.0.0.1:8502 network=tcp
    2020-08-11T09:47:28.264+0800 [INFO]  agent: started state syncer
==> Consul agent running!
    2020-08-11T09:47:28.306+0800 [WARN]  agent.server.raft: heartbeat timeout reached, starting election: last-leader=
    2020-08-11T09:47:28.306+0800 [INFO]  agent.server.raft: entering candidate state: node="Node at 127.0.0.1:8300 [Candidate]" term=2
    2020-08-11T09:47:28.306+0800 [DEBUG] agent.server.raft: votes: needed=1
    2020-08-11T09:47:28.306+0800 [DEBUG] agent.server.raft: vote granted: from=b6c7abab-3bb0-08f5-3566-b369c082d75b term=2 tally=1
    2020-08-11T09:47:28.306+0800 [INFO]  agent.server.raft: election won: tally=1
    2020-08-11T09:47:28.306+0800 [INFO]  agent.server.raft: entering leader state: leader="Node at 127.0.0.1:8300 [Leader]"
    2020-08-11T09:47:28.306+0800 [INFO]  agent.server: cluster leadership acquired
    2020-08-11T09:47:28.306+0800 [DEBUG] agent.server: Cannot upgrade to new ACLs: leaderMode=0 mode=0 found=true leader=127.0.0.1:8300
    2020-08-11T09:47:28.306+0800 [INFO]  agent.server: New leader elected: payload=machine
    2020-08-11T09:47:28.307+0800 [DEBUG] connect.ca.consul: consul CA provider configured: id=07:80:c8:de:f6:41:86:29:8f:9c:b8:17:d6:48:c2:d5:c5:5c:7f:0c:03:f7:cf:97:5a:a7:c1:68:aa:23:ae:81 is_primary=true
    2020-08-11T09:47:28.318+0800 [INFO]  agent.server.connect: initialized primary datacenter CA with provider: provider=consul
    2020-08-11T09:47:28.318+0800 [INFO]  agent.leader: started routine: routine="federation state anti-entropy"
    2020-08-11T09:47:28.318+0800 [INFO]  agent.leader: started routine: routine="federation state pruning"
    2020-08-11T09:47:28.318+0800 [INFO]  agent.leader: started routine: routine="CA root pruning"
    2020-08-11T09:47:28.318+0800 [DEBUG] agent.server: Skipping self join check for node since the cluster is too small: node=machine
    2020-08-11T09:47:28.318+0800 [INFO]  agent.server: member joined, marking health alive: member=machine
    2020-08-11T09:47:28.320+0800 [INFO]  agent.server: federation state anti-entropy synced
    2020-08-11T09:47:28.516+0800 [DEBUG] agent: Skipping remote check since it is managed automatically: check=serfHealth
    2020-08-11T09:47:28.517+0800 [INFO]  agent: Synced node info
    2020-08-11T09:47:28.517+0800 [DEBUG] agent: Node info in sync
    2020-08-11T09:47:29.140+0800 [DEBUG] agent: Skipping remote check since it is managed automatically: check=serfHealth
    2020-08-11T09:47:29.140+0800 [DEBUG] agent: Node info in sync

在生产环境不推荐上面的使用方法。开启完毕，可以再打开一个终端与之交互。

集群成员

[vagrant@nginx ~]$ consul members
Node Address Status Type Build Protocol DC Segment
nginx 127.0.0.1:8301 alive server 1.1.0 2 dc1 <all>

[root@ci-cd ~]# consul members
Node     Address         Status  Type    Build  Protocol  DC   Segment
machine  127.0.0.1:8301  alive   server  1.8.2  2         dc1  <all>

也可以使用HTTP API的方式查看：

[vagrant@nginx ~]$ curl localhost:8500/v1/catalog/nodes
[
    {
   
   
        "ID": "86b918f0-e6b2-92f8-e874-3107c4797359",
        "Node": "nginx",
        "Address": "127.0.0.1",
        "Datacenter": "dc1",
        "TaggedAddresses": {
   
   
            "lan": "127.0.0.1",
            "wan": "127.0.0.1"
        },
        "Meta": {
   
   
            "consul-network-segment": ""
        },
        "CreateIndex": 5,
        "ModifyIndex": 6
    }
]

[root@ci-cd ~]# curl localhost:8500/v1/catalog/nodes
[
    {
   
   
        "ID": "b6c7abab-3bb0-08f5-3566-b369c082d75b",
        "Node": "machine",
        "Address": "127.0.0.1",
        "Datacenter": "dc1",
        "TaggedAddresses": {
   
   
            "lan": "127.0.0.1",
            "lan_ipv4": "127.0.0.1",
            "wan": "127.0.0.1",
            "wan_ipv4": "127.0.0.1"
        },
        "Meta": {
   
   
            "consul-network-segment": ""
        },
        "CreateIndex": 10,
        "ModifyIndex": 12
    }
]

除了使用HTTP API之外，我们还可以通过DNS API来查询节点。Consul默认在本地的8600端口启动DNS查询服务，要想使用Consul提供的DNS服务，我们的客户端要指向到Consul的8600端口即可。

在上面的示例中，我们的这台Consul agent节点的主机名为nginx，那么这台主机在Consul中默认的DNS条目即为：nginx.node.consul，我们在命令行使用dig命令进行验证：

vagrant@nginx ~]$ dig @127.0.0.1 -p 8600 nginx.node.consul


; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<

最低0.47元/天解锁文章