consul部署
安装:
下载1:https://developer.hashicorp.com/consul/downloads?product_intent=consul
下载2:https://releases.hashicorp.com/consul/
1)consul所有节点下载,创建相关目录
wget https://releases.hashicorp.com/consul/1.16.0/consul_1.16.0_linux_amd64.zip
unzip consul_1.16.0_linux_amd64.zip
mv consul /bin
mkdir -p /opt/consul/{data,conf.d,logs,ssl}
2)主节点生成证书,分发文件
#生成集群通告信息的加密key
consul keygen > /opt/consul/key.txt
#使用consul自带的工具生成证书
cd /opt/consul/ssl
consul tls ca create
#本地consul证书
consul tls cert create \
-server \
-additional-ipaddress `hostname -i` \
-days 1825 \
-dc test
#远程consul证书
consul tls cert create \
-server \
-additional-ipaddress 2.2.2.45 \
-days 1825 \
-dc test
consul tls cert create \
-c \
-additional-ipaddress 2.2.2.45 \
-days 1825 \
-dc test
scp ../key.txt 2.2.2.45:/opt/consul/
scp consul-agent-ca* *-server-consul-1* 2.2.2.45:/opt/consul/ssl
scp ../key.txt 2.2.2.25:/opt/consul/
3)生成server-1配置文件
cat > /opt/consul/conf.d/consul.json <<eof
{
"addresses": {
"http": "0.0.0.0",
"https": "0.0.0.0"
},
"ports": {
"https": 8501,
"grpc_tls": 8502
},
"acl": {
"enabled": false
},
"tls": {
"defaults": {
"ca_file": "/opt/consul/ssl/consul-agent-ca.pem",
"cert_file": "/opt/consul/ssl/test-server-consul-0.pem",
"key_file": "/opt/consul/ssl/test-server-consul-0-key.pem",
"verify_incoming": false,
"verify_outgoing": false
},
"internal_rpc": {
"verify_server_hostname": false,
"verify_incoming": false
}
},
"auto_encrypt": {
"allow_tls": true
},
"connect": {
"enabled": true
},
"telemetry": {
"disable_hostname": true,
"enable_host_metrics": true,
"prometheus_retention_time": "10s"
}
}
eof
cat > /opt/consul/conf.d/limits.json <<eof
{
"limits": {
"http_max_conns_per_client": 400,
"request_limits": {
"mode": "permissive",
"read_rate": 1000.0,
"write_rate": 500.0
},
"rpc_max_conns_per_client": 200,
"rpc_rate": 5000.0,
"rpc_max_burst": 10000
}
}
eof
4)启动server-1节点
consul agent \
-server -ui \
-bootstrap-expect 2 \
-auto-reload-config \
-datacenter test \
-node node3 \
-data-dir /opt/consul/data \
-config-dir /opt/consul/conf.d \
-bind '{{ GetInterfaceIP "eth0" }}' \
-advertise '{{ GetInterfaceIP "eth0" }}' \
-client 0.0.0.0 \
-retry-join 2.2.2.35 \
-retry-join 2.2.2.45 \
-rejoin \
-encrypt `cat /opt/consul/key.txt` \
-log-file /opt/consul/logs/consul-`date +%F`.log \
-log-level info
5)生成server-2的配置
cat > /opt/consul/conf.d/consul.json <<eof
{
"addresses": {
"http": "0.0.0.0",
"https": "0.0.0.0"
},
"ports": {
"https": 8501,
"grpc_tls": 8502
},
"acl": {
"enabled": false
},
"tls": {
"defaults": {
"ca_file": "/opt/consul/ssl/consul-agent-ca.pem",
"cert_file": "/opt/consul/ssl/test-server-consul-1.pem",
"key_file": "/opt/consul/ssl/test-server-consul-1-key.pem",
"verify_incoming": false,
"verify_outgoing": false
},
"internal_rpc": {
"verify_server_hostname": false,
"verify_incoming": false
}
},
"auto_encrypt": {
"allow_tls": true
},
"connect": {
"enabled": true
},
"telemetry": {
"disable_hostname": true,
"enable_host_metrics": true,
"prometheus_retention_time": "10s"
}
}
eof
cat > /opt/consul/conf.d/limits.json <<eof
{
"limits": {
"http_max_conns_per_client": 400,
"request_limits": {
"mode": "permissive",
"read_rate": 1000.0,
"write_rate": 500.0
},
"rpc_max_conns_per_client": 200,
"rpc_rate": 5000.0,
"rpc_max_burst": 10000
}
}
eof
6)server-2启动
consul agent \
-server -ui \
-bootstrap-expect 2 \
-auto-reload-config \
-datacenter test \
-node node4 \
-data-dir /opt/consul/data \
-config-dir /opt/consul/conf.d \
-bind '{{ GetInterfaceIP "eth0" }}' \
-advertise '{{ GetInterfaceIP "eth0" }}' \
-client 0.0.0.0 \
-retry-join 2.2.2.35 \
-retry-join 2.2.2.45 \
-rejoin \
-encrypt `cat /opt/consul/key.txt` \
-log-file /opt/consul/logs/consul-`date +%F`.log \
-log-level info
7)生成客户端配置
cat > /opt/consul/conf.d/consul.json <<eof
{
"addresses": {
"http": "0.0.0.0",
"https": "0.0.0.0"
},
"ports": {
"https": 8501,
"grpc_tls": 8502
},
"acl": {
"enabled": false
},
"auto_encrypt": {
"tls": true
},
"connect": {
"enabled": true
},
"telemetry": {
"disable_hostname": true,
"enable_host_metrics": true,
"prometheus_retention_time": "10s"
}
}
eof
cat > /opt/consul/conf.d/limits.json <<eof
{
"limits": {
"http_max_conns_per_client": 400,
"request_limits": {
"mode": "permissive",
"read_rate": 1000.0,
"write_rate": 500.0
},
"rpc_max_conns_per_client": 200,
"rpc_rate": 5000.0,
"rpc_max_burst": 10000
}
}
eof
8)启动客户端
consul agent \
-auto-reload-config \
-datacenter test \
-node node2 \
-data-dir /opt/consul/data \
-config-dir /opt/consul/conf.d \
-bind '{{ GetInterfaceIP "eth0" }}' \
-advertise '{{ GetInterfaceIP "eth0" }}' \
-client 0.0.0.0 \
-retry-join 2.2.2.35 \
-retry-join 2.2.2.45 \
-rejoin \
-encrypt `cat /opt/consul/key.txt` \
-log-file /opt/consul/logs/consul-`date +%F`.log \
-log-level info
浙公网安备 33010602011771号