nacos学习笔记
一、nacos单机部署实战
1.nacos概述
Nacos /nɑ:kəʊs/ 是 Dynamic Naming and Configuration Service的首字母简称,一个更易于构建云原生应用的动态服务发现、配置管理和服务管理平台。
Nacos 致力于帮助您发现、配置和管理微服务。Nacos 提供了一组简单易用的特性集,帮助您快速实现动态服务发现、服务配置、服务元数据及流量管理。
Nacos 帮助您更敏捷和容易地构建、交付和管理微服务平台。 Nacos 是构建以**“服务”**为中心的现代应用架构 (例如微服务范式、云原生范式) 的服务基础设施。
Nacos 支持几乎所有主流类型的**“服务”**的发现、配置和管理:
- Kubernetes Service
- gRPC
- Dubbo RPC Service
- Spring Cloud RESTful Service
Nacos官网地址:
https://nacos.io/
Nacos的Github地址:
https://github.com/alibaba/nacos
2.下载解压nacos
[root@elk91 ~]# wget https://github.com/alibaba/nacos/releases/download/2.5.1/nacos-server-2.5.1.tar.gz
[root@elk91 ~]# tar xf nacos-server-2.5.1.tar.gz -C /usr/local
3.启动nacos单机版
[root@elk91 ~]# /usr/local/nacos/bin/startup.sh -m standalone
#查看日志
[root@elk91 ~]# tail -100f /usr/local/nacos/logs/start.out
#如下字样即为成功
,--.
,--.'|
,--,: : | Nacos 2.5.1
,`--.'`| ' : ,---. Running in stand alone mode, All function modules
| : : | | ' ,'\ .--.--. Port: 8848
: | \ | : ,--.--. ,---. / / | / / ' Pid: 58224
| : ' '; | / \ / \. ; ,. :| : /`./ Console: http://10.0.0.91:8848/nacos/index.html
' ' ;. ;.--. .-. | / / '' | |: :| : ;_
| | | \ | \__\/: . .. ' / ' | .; : \ \ `. https://nacos.io
' : | ; .' ," .--.; |' ; :__| : | `----. \
| | '`--' / / ,. |' | '.'|\ \ / / /`--' /
' : | ; : .' \ : : `----' '--'. /
; |.' | , .-./\ \ / `--'---'
'---' `--`---' `----'
2025-03-18 09:40:05,502 INFO Tomcat initialized with port(s): 8848 (http)
4.访问nacos的WebUI
http://10.0.0.91:8848/nacos/
二、nacos实现服务注册和服务发现
1.注册节点
- 将一个名为
elasticstack的服务实例,其 IP 地址为10.0.0.91,端口为9200注册到 Nacos
[root@elk93 ~]# curl -s -X POST 'http://10.0.0.91:8848/nacos/v1/ns/instance?serviceName=elasticstack&ip=10.0.0.91&port=9200' ;echo
ok
[root@elk93 ~]#
[root@elk93 ~]# curl -s -X POST 'http://10.0.0.91:8848/nacos/v1/ns/instance?serviceName=elasticstack&ip=10.0.0.92&port=9200' ;echo
ok
[root@elk93 ~]#
[root@elk93 ~]# curl -s -X POST 'http://10.0.0.91:8848/nacos/v1/ns/instance?serviceName=elasticstack&ip=10.0.0.93&port=9200' ;echo
ok
2.服务发现
[root@elk93 ~]# curl -X GET -s 'http://10.0.0.91:8848/nacos/v1/ns/instance/list?serviceName=elasticstack' | jq
{
"name": "DEFAULT_GROUP@@elasticstack",
"groupName": "DEFAULT_GROUP",
"clusters": "",
"cacheMillis": 10000,
"hosts": [
{
"instanceId": "10.0.0.92#9200#DEFAULT#DEFAULT_GROUP@@elasticstack",
"ip": "10.0.0.92",
"port": 9200,
"weight": 1,
"healthy": true,
"enabled": true,
"ephemeral": true,
"clusterName": "DEFAULT",
"serviceName": "DEFAULT_GROUP@@elasticstack",
"metadata": {},
"instanceHeartBeatInterval": 5000,
"instanceHeartBeatTimeOut": 15000,
"ipDeleteTimeout": 30000,
"instanceIdGenerator": "simple"
},
{
"instanceId": "10.0.0.93#9200#DEFAULT#DEFAULT_GROUP@@elasticstack",
"ip": "10.0.0.93",
"port": 9200,
"weight": 1,
"healthy": true,
"enabled": true,
"ephemeral": true,
"clusterName": "DEFAULT",
"serviceName": "DEFAULT_GROUP@@elasticstack",
"metadata": {},
"instanceHeartBeatInterval": 5000,
"instanceHeartBeatTimeOut": 15000,
"ipDeleteTimeout": 30000,
"instanceIdGenerator": "simple"
},
{
"instanceId": "10.0.0.91#9200#DEFAULT#DEFAULT_GROUP@@elasticstack",
"ip": "10.0.0.91",
"port": 9200,
"weight": 1,
"healthy": true,
"enabled": true,
"ephemeral": true,
"clusterName": "DEFAULT",
"serviceName": "DEFAULT_GROUP@@elasticstack",
"metadata": {},
"instanceHeartBeatInterval": 5000,
"instanceHeartBeatTimeOut": 15000,
"ipDeleteTimeout": 30000,
"instanceIdGenerator": "simple"
}
],
"lastRefTime": 1742264229641,
"checksum": "",
"allIPs": false,
"reachProtectionThreshold": false,
"valid": true
}
三、nacos实现服务中心案例
1.发布配置
- 通过
curl向 Nacos 的配置管理接口发送一个 POST 请求,将一个配置项添加到 Nacos 中。具体来说,你希望将一个名为blog的配置项(dataId=blog,group=k8s)的内容设置为一个 URL(https://www.cnblogs.com/dingzhiyan)
[root@elk93 ~]# curl -s -X POST "http://10.0.0.91:8848/nacos/v1/cs/configs?dataId=blog&group=k8s&content=https://www.cnblogs.com/dingzhiyan" ;echo
true
[root@elk93 ~]#
2.获取配置
[root@elk93 ~]# curl -s "http://10.0.0.91:8848/nacos/v1/cs/configs?dataId=blog&group=k8s";echo
https://www.cnblogs.com/dingzhiyan
[root@elk93 ~]#
[root@elk93 ~]# curl -s "http://10.0.0.91:8848/nacos/v1/cs/configs?dataId=laonanhai&group=DEFAULT_GROUP";echo
{"office": "https://www.dezyan.com","school":"dezyan"}
[root@elk93 ~]#
四、名称空间
五、Nacos启动脚本编写
1.编写启动脚本
cat > /lib/systemd/system/nacos.service <<EOF
[Unit]
Description=nacos.service
After=network.target
[Service]
Type=forking
Environment=JAVA_HOME=/usr/share/elasticsearch/jdk
ExecStart=/usr/local/nacos/bin/startup.sh -m standalone
ExecStop=/usr/local/nacos/bin/shutdown.sh
[Install]
WantedBy=multi-user.target
EOF
2.配置开机自启动
[root@elk91 ~]# systemctl daemon-reload
[root@elk91 ~]# systemctl enable --now nacos.service
[root@elk91 ~]# ss -ntl | grep 8848
LISTEN 0 100 *:8848 *:*
六、nacos配置MySQL作为数据源
1.拷贝nacos的SQL初始化语句
[root@elk91 ~]# scp /usr/local/nacos/conf/mysql-schema.sql 10.0.0.93:~
2.创建用户并授权,导入SQL语句
[root@elk91 ~]# mysql
mysql> CREATE DATABASE nacos;
mysql> CREATE USER nacos IDENTIFIED WITH mysql_native_password by 'dingzhiyan';
mysql> GRANT ALL ON nacos.* TO nacos;
[root@elk93 ~]# mysql nacos < mysql-schema.sql
3.修改nacos的配置文件
[root@elk91 ~]# vim /usr/local/nacos/conf/application.properties
# 修改nacos的访问站点
server.servlet.contextPath=/
...
# 指定数据库的类型是MySQL
spring.sql.init.platform=mysql
# 数据库的数量,官方写的是1,此处我也写1.
db.num=1
# 指定数据库的主机,端口,数据库及相关参数。
db.url.0=jdbc:mysql://10.0.0.93:3306/nacos?characterEncoding=utf8&connectTimeout=1000&socketTimeout=3000&autoReconnect=true&useUnic ode=true&useSSL=false&serverTimezone=Asia/Shanghai
# 指定数据库的用户名
db.user.0=nacos
# 指定数据库的密码
db.password.0=dingzhiyan
4.重启nacos
[root@elk91 ~]# systemctl restart nacos.service
5.访问nacos的WebUI
http://10.0.0.91:8848/
6.写入配置信息观察MySQL数据库是否有数据存储
#在此查询,应有刚刚写入的信息
mysql> SELECT * FROM config_info;
七、nacos配置认证功能及RBAC实战
1.nacos认证概述
Nacos是一个内部微服务组件,需要在可信的内部网络中运行,不可暴露在公网环境,防止带来安全风险。
Nacos提供简单的鉴权实现,为防止业务错用的弱鉴权体系,不是防止恶意攻击的强鉴权体系。
如果运行在不可信的网络环境或者有强鉴权诉求,请参考官方简单实现做替换增强。
参考链接:
https://nacos.io/zh-cn/docs/auth.html
2.生成toke的值
自定义密钥时,推荐将配置项设置为Base64编码的字符串,且原始密钥长度不得低于32字符。
[root@elk91 ~]# openssl rand -base64 33
428Gjk5EGkADiPC+577iPOH49V1lGzDSN+gW8ggvUOyo
3.修改Nacos的配置文件
[root@elk91 ~]# tail -5 /usr/local/nacos/conf/application.properties
nacos.core.auth.system.type=nacos
#启用认证功能
nacos.core.auth.enabled=true
#设置 Nacos 服务器的身份验证密钥
nacos.core.auth.server.identity.key=dingzhiyan
#设置 Nacos 服务器的身份验证值
nacos.core.auth.server.identity.value=dingzhiyan
nacos.core.auth.plugin.nacos.token.secret.key=428Gjk5EGkADiPC+577iPOH49V1lGzDSN+gW8ggvUOyo
4.重启nacos
[root@elk91 ~]# systemctl restart nacos.service
5.登录测试
6.设置初始密码登录
- 若使用默认设置,默认用户名密码均为nacos
7.创建用户并绑定权限测试
- 创建用户
- 创建角色,添加刚刚创建的用户
- 创建权限,指定角色、资源、动作
八、nacos集群基于haproxy实现高可用实战
1.在单点的配置上修改配置文件
[root@elk91 ~]# cat /usr/local/nacos/conf/cluster.conf
10.0.0.91:8848
10.0.0.92:8848
10.0.0.93:8848
2.拷贝nacos程序
[root@elk91 ~]# scp -r /usr/local/nacos/ 10.0.0.92:/usr/local/
[root@elk91 ~]# scp -r /usr/local/nacos/ 10.0.0.93:/usr/local/
3.停止单点的nacos
[root@elk91 ~]# systemctl disable --now nacos.service
4.所有节点以集群的方式启动
①所有节点启动
/usr/local/nacos/bin/startup.sh -p embedded
注:默认就是以集群的方式启动,此处的-p直接指定了以集群方式启动
②访问验证
http://10.0.0.91:8848/#/clusterManagement
http://10.0.0.92:8848/#/clusterManagement
http://10.0.0.93:8848/#/clusterManagement
5.所有节点配置haproxy实现负载均衡
①修改内核参数
echo net.ipv4.ip_nonlocal_bind = 1 >> /etc/sysctl.d/nacos.conf
sysctl -f /etc/sysctl.d/nacos.conf
sysctl -q net.ipv4.ip_nonlocal_bind
②安装配置haproxy
apt -y install haproxy
③修改haproxy的配置文件
[root@elk91 ~]# tail -13 /etc/haproxy/haproxy.cfg
listen status
mode http
bind 0.0.0.0:9999
stats enable
log global
stats uri /ruok
stats auth admin:dingzhiyan
listen nacos
bind 10.0.0.66:18848
server elk91 10.0.0.91:8848 check
server elk92 10.0.0.92:8848 check
server elk93 10.0.0.93:8848 check
[root@elk91 ~]# scp /etc/haproxy/haproxy.cfg 10.0.0.92:/etc/haproxy
[root@elk91 ~]# scp /etc/haproxy/haproxy.cfg 10.0.0.93:/etc/haproxy
6.配置抢占式keepalived实现高可用
①在两台服务器上安装配置keepalived实现高可用
apt -y install keepalived
②修改keepalived的配置文件
[root@elk91 ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id 10.0.0.91
}
vrrp_script chk_haproxy {
script "killall -0 haproxy"
interval 2
weight -20
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 251
priority 100
advert_int 1
mcast_src_ip 10.0.0.91
nopreempt
authentication {
auth_type PASS
auth_pass dingzhiyan
}
track_script {
chk_haproxy
}
virtual_ipaddress {
10.0.0.66
}
}
[root@elk91 ~]#
[root@elk92 ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id 10.0.0.92
}
vrrp_script chk_haproxy {
script "killall -0 haproxy"
interval 2
weight -20
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 251
priority 80
advert_int 1
mcast_src_ip 10.0.0.92
nopreempt
authentication {
auth_type PASS
auth_pass dingzhiyan
}
track_script {
chk_haproxy
}
virtual_ipaddress {
10.0.0.66
}
}
[root@elk92 ~]#
[root@elk93 ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id 10.0.0.93
}
vrrp_script chk_haproxy {
script "killall -0 haproxy"
interval 2
weight -20
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 251
priority 60
advert_int 1
mcast_src_ip 10.0.0.93
nopreempt
authentication {
auth_type PASS
auth_pass dingzhiyan
}
track_script {
chk_haproxy
}
virtual_ipaddress {
10.0.0.66
}
}
③重启keepalived服务使得配置生效
[root@elk91 ~]# systemctl enable --now keepalived
[root@elk92 ~]# systemctl enable --now keepalived
[root@elk93 ~]# systemctl enable --now keepalived
④重启keepalived服务使得配置生效
[root@elk91 ~]# systemctl enable --now keepalived
[root@elk92 ~]# systemctl enable --now keepalived
[root@elk93 ~]# systemctl enable --now keepalived
⑤启动haproxy负载均衡器
systemctl restart haproxy.service
ss -ntl | grep 18848
LISTEN 0 4096 10.0.0.66:18848 0.0.0.0:*
7.访问测试验证
http://10.0.0.66:18848/#/login
8.验证高可用
[root@elk91 ~]# systemctl stop keepalived
九、Dubbo provider环境部署
1.下载provider(生产者)
dubbo-demo-provider-2.1.5-assembly.tar.gz
2.解压软件包
[root@elk91 ~]# tar xf dubbo-demo-provider-2.1.5-assembly.tar.gz -C /usr/local/
3.修改provider配置文件
[root@elk91 ~]# vim /usr/local/dubbo-demo-provider-2.1.5/conf/dubbo.properties
...
19 # dubbo.registry.address=multicast://224.5.6.7:1234
20 #dubbo.registry.address=zookeeper://127.0.0.1:2181
21 dubbo.registry.address=zookeeper://10.0.0.91:2181 | zookeeper://10.0.0.92:2181 | zookeeper://10.0.0.93:2181
4.修改启动脚本指定JDK
[root@elk91 ~]# ll /usr/local/jdk1.8.0_291/
[root@elk91 ~]# vim /usr/local/dubbo-demo-provider-2.1.5/bin/start.sh
...
69 nohup /usr/local/jdk1.8.0_291/bin/java $JAVA_OPTS $JAVA_MEM_OPTS ...
...
[root@elk91 ~]#
[root@elk91 ~]# scp -r /usr/local/jdk1.8.0_291/ 10.0.0.93:/usr/local/
5.启动provider
[root@elk91 ~]# /usr/local/dubbo-demo-provider-2.1.5/bin/start.sh
Starting the demo-provider .....OK!
PID: 67227
STDOUT: logs/stdout.log
6.检查zookeeper是否生成dubbo数据
十、Dubbo consumer环境部署
1.下载consumer
dubbo-demo-consumer-2.1.5-assembly.tar.gz
2.解压consumer
[root@elk93 ~]# tar xf dubbo-demo-consumer-2.1.5-assembly.tar.gz -C /usr/local/
3.编辑"dubbo.properties"文件
[root@elk93 ~]# vim /usr/local/dubbo-demo-consumer-2.1.5/conf/dubbo.properties
...
# 禁用默认的组播注册中心。
# dubbo.registry.address=multicast://224.5.6.7:1234
# 将默认的单个节点的配置注释掉
#dubbo.registry.address=zookeeper://127.0.0.1:2181
# 配置zookeeper集群地址
dubbo.registry.address=zookeeper://10.0.0.91:2181 | zookeeper://10.0.0.92:2181 | zookeeper://10.0.0.93:2181
4.修改启动脚本
[root@elk93 ~]# ll /usr/local/jdk1.8.0_291/
[root@elk93 ~]# vim /usr/local/dubbo-demo-consumer-2.1.5/bin/start.sh
...
68 nohup /usr/local/jdk1.8.0_291/bin/java $JAVA_OPTS $JAVA_MEM_OPTS ...
5.启动consumer服务
[root@elk93 ~]# /usr/local/dubbo-demo-consumer-2.1.5/bin/start.sh
Starting the demo-consumer ....OK!
PID: 51783
STDOUT: logs/stdout.log
6.查看消费者的日志信息
[root@elk93 ~]# tail -100f /usr/local/dubbo-demo-consumer-2.1.5/logs/stdout.log
Java HotSpot(TM) 64-Bit Server VM warning: ignoring option PermSize=128m; support was removed in 8.0
Java HotSpot(TM) 64-Bit Server VM warning: UseCMSCompactAtFullCollection is deprecated and will likely be removed in a future release.
log4j:WARN No appenders could be found for logger (com.alibaba.dubbo.common.logger.LoggerFactory).
log4j:WARN Please initialize the log4j system properly.
log4j:WARN See http://logging.apache.org/log4j/1.2/faq.html#noconfig for more info.
[16:26:24] Hello world0, response form provider: 10.0.0.91:20880
[16:26:26] Hello world1, response form provider: 10.0.0.91:20880
十一、部署dubbo web管理页面
1.安装maven
[root@elk91 ~]# wget http://192.168.16.253/Resources/ElasticStack/softwares/Dubbo/apache-maven-3.3.9-bin.tar.gz
[root@elk91 ~]# tar xf apache-maven-3.3.9-bin.tar.gz -C /usr/local/
[root@elk91 ~]#
[root@elk91 ~]# cat /etc/profile.d/maven.sh
#!/bin/bash
export MAVEN_HOME=/usr/local/apache-maven-3.3.9
export PATH=$PATH:$MAVEN_HOME/bin
[root@elk91 ~]#
[root@elk91 ~]# source /etc/profile.d/maven.sh
2.部署nodejs环境
[root@elk91 ~]# apt update && apt -y install npm
#获取当前 npm 配置的镜像地址
[root@elk91 ~]# npm config get registry
https://registry.npmjs.org/
#设置 npm 使用淘宝镜像
[root@elk91 ~]# npm config set registry http://registry.npm.taobao.org
#获取当前 npm 配置的镜像地址
[root@elk91 ~]# npm config get registry
http://registry.npm.taobao.org/
3.克隆代码
[root@elk91 ~]# git clone https://github.com/apache/dubbo-admin.git
[root@elk91 ~]# cd dubbo-admin/
4.修改配置文件
[root@elk91 dubbo-admin]# vim dubbo-admin-server/src/main/resources/application.properties
...
#使用Zookeeper集群
24 # admin.registry.address=zookeeper://10.0.0.91:2181
25 # admin.config-center=zookeeper://10.0.0.92:2181
26 # admin.metadata-report.address=zookeeper://10.0.0.93:2181
..
#使用nacos集群
34 admin.registry.address=nacos://10.0.0.91:8848?group=DEFAULT_GROUP&namespace=public&username=nacos&password=1
35 admin.config-center=nacos://10.0.0.92:8848?group=dubbo&username=nacos&password=1
36 admin.metadata-report.address=nacos://10.0.0.93:8848?group=dubbo&username=nacos&password=1
...
47 admin.root.user.name=root
48 admin.root.user.password=root
...
后期可以尝试的配置:【nacos关于密码认证的话,我此处是禁用了认证,如果有时间的小伙伴自行测试如下配置:】
33 admin.registry.address=nacos://10.0.0.66:18848?username=nacos&password=1
34 admin.config-center=nacos://10.0.0.66:18848?username=nacos&password=1
35 admin.metadata-report.address=nacos://10.0.0.66:18848?username=nacos&password=1
5.开始编译
①使用zookeeper集群
[root@jenkins211 dubbo-admin-develop]# mvn clean install package -Dmaven.test.skip=true
②使用nacos集群
#重新编译dubbo-admin
[root@jenkins211 dubbo-admin-develop]# rm -rf dubbo-admin-distribution/target/
[root@jenkins211 dubbo-admin-develop]# mvn clean install package -Dmaven.test.skip=true
6.启动服务
root@elk91:/usr/local/dubbo-admin-develop# ll dubbo-admin-distribution/target/dubbo-admin-0.5.0-SNAPSHOT.jar
-rw-r--r-- 1 root root 75098389 Mar 18 21:25 dubbo-admin-distribution/target/dubbo-admin-0.5.0-SNAPSHOT.jar
[root@jenkins211 dubbo-admin-develop]# java -jar dubbo-admin-distribution/target/dubbo-admin-0.5.0-SNAPSHOT.jar --server.port=8888
7.访问dubbo-admin的WebUI
http://10.0.0.91:8888/
用户名:root
密码:root
8.对比观察zookeeper和nacos的差异。
十二、zookeeper和nacos区别
- 相同点
- 本质上都是基于JAVA语言设计;
- 都可以做配置中心,注册中心,服务发现;
- 都是由Apache基金会维护
- 不同点:
- zookeeper主要应用场景在于配置大数据领域的组件,比如HDFS,YARN,kafka,HBASE等组件。
- nocas主要针对JAVA领域,或微服务生态使用较多,由于nacos支持丰富的图形界面,相比zookeeper,在微服务领域更受欢迎
十三、总结
1.nacos集群部署的注意点
1.要在cluster.conf配置文件中定义要组成集群的nacos服务器地址及端口
2.要指定同一个数据源,通常使用MySQL数据库存储
2.nacos认证
主要通过在配置文件中设置
身份验证密钥、身份验证值、自己生成的token值实现
3.nacos的MySQL数据存储类型
nacos数据存储有两种类型:内置轻量化数据库和MySQL数据库
使用MySQL存储时,要创建特定库、用户并授权,导入指定sql文件
4.nacos高可用
nacos的高可用主要通过Haproxy和Keepalived来实现
Haproxy通过设置负载均衡,Keepalived通过设置VIP漂移规则组合实现
本文来自博客园,作者:丁志岩,转载请注明原文链接:https://www.cnblogs.com/dezyan/p/18811487
浙公网安备 33010602011771号