一、建立Consul Cluster環境
利用Consul提供的服務實現服務的注冊與發現,需要建立Consul Cluster。在Consul方案中,每個提供服務的節點上都要部署和運行Consul的agent,所有運行Consul agent節點的集合構成Consul Cluster。Consul agent有兩種運行模式:Server和Client。這里的Server和Client只是Consul集群層面的區分,與搭建在Cluster之上 的應用服務無關。以Server模式運行的Consul agent節點用於維護Consul集群的狀態,官方建議每個Consul Cluster至少有3個或以上的運行在Server mode的Agent,Client節點不限。
Consul架構說明
注:准備至少3台機器部署consul。
二.consul集群配置
兩種配置方式:《1》通過進程管理器(supervisor)配置。前提是consul已經被supervisor管理,因此推薦新手使用命令行方式配置consul集群。
《2》通過consul命令行配置(此方式配置的consul集群將不被supervisor管理,在supervisor進程管理器上的狀態會顯示為FATAL)。
注:若是docker啟動的,建議用命令行方式配置consul集群。
《1》通過進程管理器配置
1.修改啟動腳本命令(以3台機器為例)
關閉防火牆
systemctl stop firewalld
vi /etc/supervisord.d/supervisor.ini
選取一台機器配置
[program:consul]
priority = 1
user = yy
command
=
/usr/bin/consul
agent
-server
-data-
dir
=
"/data/yy-monitor-server/data/consul-data"
-bootstrap-expect=3
#集群中最少consul實例數為3
-client=
"0.0.0.0"
-bind=
"本機ip"
# 如 -bind="10.22.0.1002"
-ui
stdout_logfile =
/data/yy-monitor-server/log/consul
.log
stderr_logfile =
/data/yy-monitor-server/log/consul
.log
autorestart =
true
|
其他機器配置
[program:consul]
priority = 1
user = yy
command
=
/usr/bin/consul
agent
-server
-data-
dir
=
"/data/yy-monitor-server/data/consul-data"
-client=
"0.0.0.0"
-bind=
"本機ip"
# 如-bind="10.22.0.1001"
join
=“其他consul ip”
# 如join=“10.22.0.1002”
-ui
stdout_logfile =
/data/yy-monitor-server/log/consul
.log
stderr_logfile =
/data/yy-monitor-server/log/consul
.log
autorestart =
true
|
2.重啟配置
#systemctl restart supervisord
# supervisorctl restart consul
3.查看日志
tail -300f consul.log
其中一台主機上的consul日志
==> Starting Consul agent...
==> Consul agent running!
Version:
'v0.9.2'
Node ID:
'035f828b-8db9-8cb1-a3a8-8eabf5e821c4'
Node name:
'monitor-test-02.yfb.sun.cn'
Datacenter:
'dc1'
Server:
true
(bootstrap:
false
)
Client Addr: 0.0.0.0 (HTTP: 8500, HTTPS: -1, DNS: 8600)
Cluster Addr: 10.22.0.1001 (LAN: 8301, WAN: 8302)
Gossip encrypt:
false
, RPC-TLS:
false
, TLS-Incoming:
false
==> Log data will now stream
in
as it occurs:
2018
/08/27
13:43:20 [INFO] raft: Restored from snapshot 1370-114688-1535337744933
2018
/08/27
13:43:20 [INFO] raft: Initial configuration (index=117709): [{Suffrage:Voter ID:10.22.0.1001:8300 Address:10.22.0.1001:8300} {Suffrage:Voter ID:10.22.0.1002:8300 Address:10.22.0.1002:8300} {Suffrage:Voter ID:10.22.0.1000:8300 Address:10.22.0.1000:8300}]
2018
/08/27
13:43:20 [INFO] serf: EventMemberJoin: monitor-
test
-02.yfb.sun.cn.dc1 10.22.0.1001
2018
/08/27
13:43:20 [INFO] raft: Node at 10.22.0.1001:8300 [Follower] entering Follower state (Leader:
""
)
2018
/08/27
13:43:20 [INFO] serf: Attempting re-
join
to previously known node: n2.dc1: 10.22.0.1001:8302
2018
/08/27
13:43:20 [INFO] serf: EventMemberJoin: monitor-
test
-02.yfb.sun.cn 10.22.0.1001
2018
/08/27
13:43:20 [INFO] agent: Started DNS server 0.0.0.0:8600 (udp)
2018
/08/27
13:43:20 [INFO] serf: Attempting re-
join
to previously known node: monitor-
test
-01.yfb.sun.cn: 10.22.0.1000:8301
2018
/08/27
13:43:20 [INFO] consul: Adding LAN server monitor-
test
-02.yfb.sun.cn (Addr: tcp
/10
.22.0.1001:8300) (DC: dc1)
2018
/08/27
13:43:20 [INFO] consul: Handled member-
join
event
for
server
"monitor-test-02.yfb.sun.cn.dc1"
in
area
"wan"
2018
/08/27
13:43:20 [INFO] agent: Started DNS server 0.0.0.0:8600 (tcp)
2018
/08/27
13:43:20 [INFO] agent: Started HTTP server on [::]:8500
2018
/08/27
13:43:20 [INFO] serf: Re-joined to previously known node: n2.dc1: 10.22.0.1001:8302
2018
/08/27
13:43:20 [WARN] memberlist: Refuting a suspect message (from: monitor-
test
-02.yfb.sun.cn)
2018
/08/27
13:43:20 [INFO] serf: EventMemberJoin: monitor-
test
-03.yfb.sun.cn 10.22.0.1002
2018
/08/27
13:43:20 [INFO] serf: EventMemberJoin: monitor-
test
-01.yfb.sun.cn 10.22.0.1000
2018
/08/27
13:43:20 [INFO] serf: Re-joined to previously known node: monitor-
test
-01.yfb.sun.cn: 10.22.0.1000:8301
2018
/08/27
13:43:20 [INFO] consul: Adding LAN server monitor-
test
-03.yfb.sun.cn (Addr: tcp
/10
.22.0.1002:8300) (DC: dc1)
2018
/08/27
13:43:20 [INFO] consul: Adding LAN server monitor-
test
-01.yfb.sun.cn (Addr: tcp
/10
.22.0.1000:8300) (DC: dc1)
2018
/08/27
13:43:20 [INFO] serf: EventMemberJoin: monitor-
test
-01.yfb.sun.cn.dc1 10.22.0.1000
2018
/08/27
13:43:20 [WARN] memberlist: Refuting an alive message
2018
/08/27
13:43:20 [INFO] serf: EventMemberJoin: monitor-
test
-03.yfb.sun.cn.dc1 10.22.0.1002
2018
/08/27
13:43:20 [INFO] consul: Handled member-
join
event
for
server
"monitor-test-01.yfb.sun.cn.dc1"
in
area
"wan"
2018
/08/27
13:43:20 [INFO] consul: Handled member-
join
event
for
server
"monitor-test-03.yfb.sun.cn.dc1"
in
area
"wan"
2018
/08/27
13:43:20 [INFO] agent: Synced node info
2018
/08/27
13:43:54 [INFO] memberlist: Suspect monitor-
test
-01.yfb.sun.cn has failed, no acks received
2018
/08/27
13:43:54 [INFO] serf: EventMemberUpdate: monitor-
test
-01.yfb.sun.cn
2018
/08/27
13:43:55 [INFO] serf: EventMemberUpdate: monitor-
test
-01.yfb.sun.cn.dc1
2018
/08/27
13:43:56 [INFO] serf: EventMemberUpdate: monitor-
test
-01.yfb.sun.cn.dc1
2018
/08/27
13:43:57 [INFO] serf: EventMemberUpdate: monitor-
test
-01.yfb.sun.cn
==> Failed to check
for
updates: Get https:
//checkpoint-api
.hashicorp.com
/v1/check/consul
?arch=amd64&os=linux&signature=143c3fc1-0a07-2f4e-79e3-528773c5260f&version=0.9.2: dial tcp 54.221.203.30:443: i
/o
timeout
2018
/08/27
13:44:01 [WARN] raft: Rejecting vote request from 10.22.0.1002:8300 since we have a leader: 10.22.0.1000:8300
2018
/08/27
13:44:01 [INFO] consul: New leader elected: monitor-
test
-03.yfb.sun.cn
|
注:更新異常可忽略,內網雲桌面不能連接github。
4 查看當前節點信息
使用命令 consul info
每次啟動之后,都會有一台部署有consul的機器被選舉為leader節點:
其他consul節點
state = Follower
|
5.ui頁面
訪問任意節點localhost:8500 ,如下圖
《2》通過consul命令行配置
1.部署前
關閉防火牆
#因consul集群間需通信,關閉部署monitor的虛擬機的防火牆
systemctl stop firewalld
|
分別進入到monitor的容器中
#monitor-server為容器名,按實際情況修改
docker
exec
-
it monitor
-
server
/
bin
/
bash
#停止consul
supervisorctl stop consul
[root@monitor
-
test
-
01
~]
# supervisorctl
alertmanager RUNNING pid
22016
, uptime
21
:
28
:
23
consul RUNNING pid
11109
, uptime
0
:
00
:
07
dashboard
-
upgrade EXITED Aug
14
05
:
51
PM
yy
-
echo
-
webhook RUNNING pid
22025
, uptime
21
:
28
:
23
grafana RUNNING pid
22015
, uptime
21
:
28
:
23
nginx RUNNING pid
22017
, uptime
21
:
28
:
23
node_exporter RUNNING pid
22020
, uptime
21
:
28
:
23
prometheus RUNNING pid
22018
, uptime
21
:
28
:
23
supervisor> stop consul
consul: stopped
|
server:
1.1 部署主節點
運行命令:consul agent -server -bootstrap-expect 以sever方式運行的主機個數 -client 0.0.0.0 -bind 主機地址 -data-dir=/home/consul/ -ui &
[root@monitor-
test
-01 ~]
# consul agent -server -bootstrap-expect 3 -client 0.0.0.0 -bind 10.22.0.1000 -data-dir=/home/consul/ -ui &
==> WARNING: Expect Mode enabled, expecting 3 servers
==> Starting Consul agent...
==> Consul agent running!
Version:
'v0.9.2'
Node ID:
'8fea634e-c3d6-32ef-f8d4-4ed1a2c0ee42'
Node name:
'monitor-test-01.yfb.sun.cn'
Datacenter:
'dc1'
Server:
true
(bootstrap:
false
)
Client Addr: 0.0.0.0 (HTTP: 8500, HTTPS: -1, DNS: 8600)
Cluster Addr: 10.22.0.1000 (LAN: 8301, WAN: 8302)
Gossip encrypt:
false
, RPC-TLS:
false
, TLS-Incoming:
false
==> Log data will now stream
in
as it occurs:
2018
/08/15
16:40:26 [INFO] raft: Initial configuration (index=1): [{Suffrage:Voter ID:10.22.0.1000:8300 Address:10.22.0.1000:8300} {Suffrage:Voter ID:10.22.0.1001:8300 Address:10.22.0.1001:8300} {Suffrage:Voter ID:10.22.0.1002:8300 Address:10.22.0.1002:8300}]
2018
/08/15
16:40:26 [INFO] serf: EventMemberJoin: monitor-
test
-01.yfb.sun.cn.dc1 10.22.0.1000
2018
/08/15
16:40:26 [INFO] serf: EventMemberJoin: monitor-
test
-01.yfb.sun.cn 10.22.0.1000
2018
/08/15
16:40:26 [INFO] agent: Started DNS server 0.0.0.0:8600 (udp)
2018
/08/15
16:40:26 [INFO] raft: Node at 10.22.0.1000:8300 [Follower] entering Follower state (Leader:
""
)
2018
/08/15
16:40:26 [INFO] serf: Attempting re-
join
to previously known node: monitor-
test
-02.yfb.sun.cn.dc1: 10.22.0.1001:8302
2018
/08/15
16:40:26 [INFO] serf: Attempting re-
join
to previously known node: monitor-
test
-02.yfb.sun.cn: 10.22.0.1001:8301
2018
/08/15
16:40:26 [INFO] consul: Adding LAN server monitor-
test
-01.yfb.sun.cn (Addr: tcp
/10
.22.0.1000:8300) (DC: dc1)
|
1.2 其他機器運行命令:
consul agent -server -retry-join 主節點ip地址 -bind 本機ip地址 -client 0.0.0.0 -data-dir=/home/consul/ -ui &
[root@monitor-
test
-02 ~]
# consul agent -server -retry-join 10.22.0.1000 -bind 10.22.0.1001 -client 0.0.0.0 -data-dir=/home/consul/ -ui &
==> Starting Consul agent...
==> Consul agent running!
Version:
'v0.9.2'
Node ID:
'9e35e3c2-9226-de85-2202-2d70e516f7b7'
Node name:
'monitor-test-02.yfb.sun.cn'
Datacenter:
'dc1'
Server:
true
(bootstrap:
false
)
Client Addr: 127.0.0.1 (HTTP: 8500, HTTPS: -1, DNS: 8600)
Cluster Addr: 10.22.0.1001 (LAN: 8301, WAN: 8302)
Gossip encrypt:
false
, RPC-TLS:
false
, TLS-Incoming:
false
==> Log data will now stream
in
as it occurs:
2018
/08/15
16:32:51 [INFO] raft: Initial configuration (index=0): []
2018
/08/15
16:32:51 [INFO] serf: EventMemberJoin: monitor-
test
-02.yfb.sun.cn.dc1 10.22.0.1001
2018
/08/15
16:32:51 [INFO] serf: EventMemberJoin: monitor-
test
-02.yfb.sun.cn 10.22.0.1001
2018
/08/15
16:32:51 [INFO] agent: Started DNS server 127.0.0.1:8600 (udp)
2018
/08/15
16:32:51 [INFO] raft: Node at 10.22.0.1001:8300 [Follower] entering Follower state (Leader:
""
)
2018
/08/15
16:32:51 [WARN] serf: Failed to re-
join
any previously known node
2018
/08/15
16:32:51 [WARN] serf: Failed to re-
join
any previously known node
2018
/08/15
16:32:51 [INFO] consul: Adding LAN server monitor-
test
-02.yfb.sun.cn (Addr: tcp
/10
.22.0.1001:8300) (DC: dc1)
2018
/08/15
16:32:51 [INFO] consul: Handled member-
join
event
for
server
"monitor-test-02.yfb.sun.cn.dc1"
in
area
"wan"
2018
/08/15
16:32:51 [INFO] agent: Started DNS server 127.0.0.1:8600 (tcp)
2018
/08/15
16:32:51 [INFO] agent: Started HTTP server on 127.0.0.1:8500
2018
/08/15
16:32:51 [INFO] agent: Retry
join
is supported
for
: aws azure gce softlayer
2018
/08/15
16:32:51 [INFO] agent: Joining cluster...
2018
/08/15
16:32:51 [INFO] agent: (LAN) joining: [10.22.0.1000]
2018
/08/15
16:32:51 [INFO] serf: EventMemberJoin: monitor-
test
-01.yfb.
su
|
1.6 驗證集群可用性
1、 consul leave 命令可優雅退出consul集群。
2、consul members 可查看集群狀況。
3、可分別訪問consul ui界面進行驗證。頁面訪問主機地址即可。
4、如果集群加入不成功,可以用 consul join 命令在非主節點機器上觸發Cluster bootstrap過程:consul join 主節點ip地址。
三、代理配置
1.各主機做consul代理配置
# cat nginx.conf
upstream consul.cn{
server 其他機器ip:8500 backup;
server 主機ip:8500;
server 其他機器ip:8500 backup;
}
server {
# Consul UI
location
/consul/
{
proxy_pass http:
//consul
.cn
/ui/
;
}
# Consul API
location
/v1/
{
proxy_pass http:
//consul
.cn
/v1/
;
add_header X-Remote-IP $remote_addr;
add_header X-Server-Time $date_gmt;
}
}
|
2.nginx重啟
supervisorctl restart nginx
|
3.驗證配置
3.1 可以通過關閉其中一台機器的consul服務,查看日志或ui頁面。
supervisorctl stop consul
|
集群中任一consul宕機不會影響consul的使用,數據不丟失。
注:如果其中兩台的consul宕機,在集群中需要保證至少兩台機器在線,否則無法自選出leader,因此consul不可用。
附錄FAQ:
-
命令行參數
-advertise:通知展現地址用來改變我們給集群中的其他節點展現的地址,一般情況下-bind地址就是展現地址
-bootstrap:用來控制一個server是否在bootstrap模式,在一個datacenter中只能有一個server處於bootstrap模式,當一個server處於bootstrap模式時,可以自己選舉為raft leader。
-bootstrap-expect:在一個datacenter中期望提供的server節點數目,當該值提供的時候,consul一直等到達到指定sever數目的時候才會引導整個集群,該標記不能和bootstrap公用。
-bind:該地址用來在集群內部的通訊,集群內的所有節點到地址都必須是可達的,默認是0.0.0.0。
-client:consul綁定在哪個client地址上,這個地址提供HTTP、DNS、RPC等服務,默認是127.0.0.1。
-config-file:明確的指定要加載哪個配置文件
-config-dir:配置文件目錄,里面所有以.json結尾的文件都會被加載
-data-dir:提供一個目錄用來存放agent的狀態,所有的agent都需要該目錄,該目錄必須是穩定的,系統重啟后都繼續存在。
-dc:該標記控制agent的datacenter的名稱,默認是dc1。
-encrypt:指定secret key,使consul在通訊時進行加密,key可以通過consul keygen生成,同一個集群中的節點必須使用相同的key。
-join:加入一個已經啟動的agent的ip地址,可以多次指定多個agent的地址。如果consul不能加入任何指定的地址中,則agent會啟動失敗。默認agent啟動時不會加入任何節點。
-retry-join:和join類似,但是允許你在第一次失敗后進行嘗試。
-retry-interval:兩次join之間的時間間隔,默認是30s。
-retry-max:嘗試重復join的次數,默認是0,也就是無限次嘗試。
-log-level:consul agent啟動后顯示的日志信息級別。默認是info,可選:trace、debug、info、warn、err。
-node:節點在集群中的名稱,在一個集群中必須是唯一的,默認是該節點的主機名。
-protocol:consul使用的協議版本。
-rejoin:使consul忽略先前的離開,在再次啟動后仍舊嘗試加入集群中。
-server:定義agent運行在server模式,每個集群至少有一個server,建議每個集群的server不要超過5個。
-syslog:開啟系統日志功能,只在linux/osx上生效。
-ui-dir:提供存放web ui資源的路徑,該目錄必須是可讀的。新版支持直接使用-ui。
-pid-file:提供一個路徑來存放pid文件,可以使用該文件進行SIGINT/SIGHUP(關閉/更新)agent。
-enable-script-checks標志設置為true,以便啟用可執行外部腳本的運行狀況檢查。 對於生產用途,需要將ACL配置為此以控制注冊任意腳本的能力。
更多參數說明可參考:https://www.consul.io/docs/agent/options.html
[root@monitor-
test
-01 ~]
# consul agent -server -bootstrap-expect 3 -client 0.0.0.0 -bind 10.22.0.1000 -data-dir=/home/consul/ -ui
==> WARNING: Expect Mode enabled, expecting 3 servers
==> Starting Consul agent...
==> Consul agent running!
Version:
'v0.9.2'
Node ID:
'8fea634e-c3d6-32ef-f8d4-4ed1a2c0ee42'
Node name:
'monitor-test-01.yfb.sun.cn'
Datacenter:
'dc1'
Server:
true
(bootstrap:
false
)
Client Addr: 0.0.0.0 (HTTP: 8500, HTTPS: -1, DNS: 8600)
Cluster Addr: 10.22.0.1000 (LAN: 8301, WAN: 8302)
Gossip encrypt:
false
, RPC-TLS:
false
, TLS-Incoming:
false
==> Log data will now stream
in
as it occurs:
2018
/08/15
16:40:26 [INFO] raft: Initial configuration (index=1): [{Suffrage:Voter ID:10.22.0.1000:8300 Address:10.22.0.1000:8300} {Suffrage:Voter ID:10.22.0.1001:8300 Address:10.22.0.1001:8300} {Suffrage:Voter ID:10.22.0.1002:8300 Address:10.22.0.1002:8300}]
2018
/08/15
16:40:26 [INFO] serf: EventMemberJoin: monitor-
test
-01.yfb.sun.cn.dc1 10.22.0.1000
2018
/08/15
16:40:26 [INFO] serf: EventMemberJoin: monitor-
test
-01.yfb.sun.cn 10.22.0.1000
2018
/08/15
16:40:26 [INFO] agent: Started DNS server 0.0.0.0:8600 (udp)
2018
/08/15
16:40:26 [INFO] raft: Node at 10.22.0.1000:8300 [Follower] entering Follower state (Leader:
""
)
2018
/08/15
16:40:26 [INFO] serf: Attempting re-
join
to previously known node: monitor-
test
-02.yfb.sun.cn.dc1: 10.22.0.1001:8302
2018
/08/15
16:40:26 [INFO] serf: Attempting re-
join
to previously known node: monitor-
test
-02.yfb.sun.cn: 10.22.0.1001:8301
2018
/08/15
16:40:26 [INFO] consul: Adding LAN server monitor-
test
-01.yfb.sun.cn (Addr: tcp
/10
.22.0.1000:8300) (DC: dc1)
|