consul启用ACL构建集群
这里用三台机器演示
| IP地址 | 角色 |
| 192.16.30.152 | server-01 |
| 192.16.30.153 | server-02 |
| 192.16.30.154 | server-03 |
创建consul相关的文件夹,在三台机器都要创建
mkdir -p /usr/local/consul/{conf,data,log}
server-01的配置文件
server-01.json
{
"addresses": {
"http": "0.0.0.0"
},
"datacenter": "dc1",
"primary_datacenter": "dc1",
"bootstrap_expect": 3,
"start_join": [
"192.16.30.153",
"192.16.30.154"
],
"retry_join": [
"192.16.30.153",
"192.16.30.154"
],
"advertise_addr": "192.16.30.152",
"bind_addr": "0.0.0.0",
"server": true,
"ui": true,
"connect": {
"enabled": true
},
"node_name": "server-01",
"data_dir": "/usr/local/consul/data/",
"enable_script_checks": false,
"enable_local_script_checks": true,
"log_file": "/usr/local/consul/log/",
"log_level": "info",
"log_rotate_bytes": 100000000,
"log_rotate_duration": "24h",
"encrypt": "krCysDJnrQ8dtA7AbJav8g==",
"acl": {
"enabled": true,
"default_policy": "deny",
"enable_token_persistence": true,
"tokens": {
"master": "cd76a0f7-5535-40cc-8696-073462acc6c7"
}
}
}
server-02的配置文件
server-02.json
{
"addresses": {
"http": "0.0.0.0"
},
"datacenter": "dc1",
"primary_datacenter": "dc1",
"bootstrap_expect": 3,
"start_join": [
"192.16.30.152",
"192.16.30.154"
],
"retry_join": [
"192.16.30.152",
"192.16.30.154"
],
"advertise_addr": "192.16.30.153",
"bind_addr": "0.0.0.0",
"ui": true,
"server": true,
"connect": {
"enabled": true
},
"node_name": "server-02",
"data_dir": "/usr/local/consul/data/",
"enable_script_checks": false,
"enable_local_script_checks": true,
"log_file": "/usr/local/consul/log/",
"log_level": "info",
"log_rotate_bytes": 100000000,
"log_rotate_duration": "24h",
"encrypt": "krCysDJnrQ8dtA7AbJav8g==",
"acl": {
"enabled": true,
"default_policy": "deny",
"enable_token_persistence": true,
"tokens": {
"master": "cd76a0f7-5535-40cc-8696-073462acc6c7"
}
}
}
server-03 的配置文件
server-03.json
{
"addresses": {
"http": "0.0.0.0"
},
"datacenter": "dc1",
"primary_datacenter": "dc1",
"bootstrap_expect": 3,
"start_join": [
"192.16.30.153",
"192.16.30.152"
],
"retry_join": [
"192.16.30.153",
"192.16.30.152"
],
"advertise_addr": "192.16.30.154",
"bind_addr": "0.0.0.0",
"ui": true,
"server": true,
"connect": {
"enabled": true
},
"node_name": "server-03",
"data_dir": "/usr/local/consul/data/",
"enable_script_checks": false,
"enable_local_script_checks": true,
"log_file": "/usr/local/consul/log/",
"log_level": "info",
"log_rotate_bytes": 100000000,
"log_rotate_duration": "24h",
"encrypt": "krCysDJnrQ8dtA7AbJav8g==",
"acl": {
"enabled": true,
"default_policy": "deny",
"enable_token_persistence": true,
"tokens": {
"master": "cd76a0f7-5535-40cc-8696-073462acc6c7"
}
}
}
分别启动三台consul
启动server-01:consul agent -config-file /usr/local/consul/conf/server-01.json 启动server-02:consul agent -config-file /usr/local/consul/conf/server-02.json 启动server-03:consul agent -config-file /usr/local/consul/conf/server-03.json
通过WebUI登录
要求输入token
这里输入配置文件中acl部分master的token:cd76a0f7-5535-40cc-8696-073462acc6c7
成功登录
浙公网安备 33010602011771号