Consul 入門實戰(2)--安裝及管理
本文主要介紹 Consul 的安裝及使用,文中使用到的軟體版本:RHEL 6.6、Consul 1.11.1。
1、單機版安裝
1.1、下載 Consul 並解壓
https://www.consul.io/downloads
unzip consul_1.11.1_linux_amd64.zip
1.2、啟動
./consul agent -server -ui -bootstrap-expect=1 -data-dir=./data -datacenter=dc1 -node=node10 -client=0.0.0.0 -bind=10.40.96.10
引數說明:
-server: 以 server 身份啟動;不加該引數預設是 client
-ui:可以訪問 UI 介面
-bootstrap-expect:叢集期望的節點數,只有節點數量達到這個值才會選舉 leader
-data-dir:資料存放的目錄
-datacenter:資料中心名稱,預設是 dc1
-node:節點的名稱
-client:客戶端訪問 Consul 的繫結地址;預設為 127.0.0.1,只能本地訪問
-bind:叢集內部通訊繫結的地址,預設為 0.0.0.0
1.3、控制檯
http://10.40.96.10:8500/
2、叢集安裝
2.1、規劃
機器 | agent 型別 | 資料中心名稱 |
10.40.96.10 | server | dc1 |
10.40.96.11 | server | dc1 |
10.40.96.12 | server | dc1 |
2.2、啟動
這裡通過配置檔案來依次啟動各節點(先啟動 10.40.96.10,再啟動其他兩個節點):
nohup ./consul agent -config-file=./agent.hcl &
10.40.96.10 上 agent.hcl:
server = true, ui_config = { enabled = true }, bootstrap_expect = 3, data_dir = "./data", datacenter = "dc1", node_name = "node10", client_addr = "0.0.0.0", bind_addr = "10.40.96.10"
10.40.96.11 上agent.hcl:
server = true, ui_config = { enabled = true }, bootstrap_expect = 3, data_dir = "./data", datacenter= "dc1", node_name = "node11", client_addr = "0.0.0.0", bind_addr = "10.40.96.11" start_join = ["10.40.96.10"],
retry_join = ["10.40.96.10"],
10.40.96.12 上agent.hcl:
server = true, ui_config = { enabled = true }, bootstrap_expect = 3, data_dir = "./data", datacenter = "dc1", node_name = "node12", client_addr = "0.0.0.0", bind_addr = "10.40.96.12" start_join = ["10.40.96.10"],
retry_join = ["10.40.96.10"],
配置檔案中引數說明:
server:同命令行的 server 引數
bootstrap_expect:同命令行的 bootstrap-expect 引數
data_dir:同命令行的 data-dir 引數
datacenter:同命令行的 datacenter 引數
node_name:同命令行的 node 引數
client_addr:同命令行的 client 引數
bind_addr:同命令行的 bind 引數
start_join:啟動時加入叢集的地址,同命令行的 join 引數
retry_join:加入叢集的重試地址,同命令行的 retry-join 引數
2.3、管理
2.3.1、檢視節點資訊
./consul members
結果如下:
Node Address Status Type Build Protocol DC Partition Segment node10 10.40.96.10:8301 alive server 1.11.1 2 dc1 default <all> node11 10.40.96.11:8301 alive server 1.11.1 2 dc1 default <all> node12 10.40.96.12:8301 alive server 1.11.1 2 dc1 default <all>
2.3.2、檢視叢集狀態
./consul operator raft list-peers
結果如下:
Node ID Address State Voter RaftProtocol node10 e8974195-0bfc-9156-c4ea-abb2b594f75e 10.40.96.10:8300 leader true 3 node11 bf0f6378-fb29-8fad-07f3-2d369a8093c3 10.40.96.11:8300 follower true 3 node12 d460dfcd-607b-2804-725e-28aa79566127 10.40.96.12:8300 follower true 3
2.3.3、退出叢集
A、優雅的離開叢集並關閉
./consul leave [-http-addr=<address>]
執行該命令後,該節點的狀態變為 “left”;引數 http-addr 預設為http://127.0.0.1:8500,即本機所在節點。在10.40.96.12 上執行該命令後,再檢視節點資訊如下:
Node Address Status Type Build Protocol DC Partition Segment node10 10.40.96.10:8301 alive server 1.11.1 2 dc1 default <all> node11 10.40.96.11:8301 alive server 1.11.1 2 dc1 default <all> node12 10.40.96.12:8301 left server 1.11.1 2 dc1 default <all>
B、強制設定節點狀態為 “left”
./consul force-leave [-prune] nodeName
如果節點狀態為 “alive”,該節點會重新加入叢集,所以看起來命令沒啥效果。
對於 ”fail" 或 “left” 狀態的節點,可以通過該命令把節點從叢集中徹底刪除(通過 prune 引數),node12 已經是 “left" 狀態了,執行如下命令:
./consul force-leave -prune node12
再檢視節點資訊如下:
Node Address Status Type Build Protocol DC Partition Segment node10 10.40.96.10:8301 alive server 1.11.1 2 dc1 default <all> node11 10.40.96.11:8301 alive server 1.11.1 2 dc1 default <all>
3、多資料中心
3.1、規劃
在上一步搭建的叢集上,我們再搭建一個不通資料中心的叢集,組成跨資料中心叢集。
機器 | agent 型別 | 資料中心名稱 |
10.40.96.10 | server | dc1 |
10.40.96.11 | server | dc1 |
10.40.96.12 | server | dc1 |
10.40.96.20 | server | dc2 |
10.40.96.21 | client | dc2 |
3.2、啟動 dc2 的節點
nohup ./consul agent -config-file=./agent.hcl &
10.40.96.20 上 agent.hcl:
server = true, ui_config = { enabled = true }, bootstrap_expect = 1, data_dir = "./data", datacenter = "dc2", node_name = "node20", client_addr = "0.0.0.0", bind_addr = "10.40.96.20"
10.40.96.21 上 agent.hcl:
server = false, ui_config = { enabled = true }, data_dir = "./data", datacenter = "dc2", node_name = "node21", client_addr = "0.0.0.0", bind_addr = "10.40.96.21", start_join = ["10.40.96.20"],
retry_join = ["10.40.96.20"],
3.3、加入 dc1
在10.40.96.20(需為 server 節點)上執行:
./consul join -wan 10.40.96.10
3.4、管理
3.4.1、檢視所有 server 節點
./consul members -wan
該命令可以檢視所以資料中心的 server 型別的節點:
Node Address Status Type Build Protocol DC Partition Segment node10.dc1 10.40.96.10:8302 alive server 1.11.1 2 dc1 default <all> node11.dc1 10.40.96.11:8302 alive server 1.11.1 2 dc1 default <all> node12.dc1 10.40.96.12:8302 alive server 1.11.1 2 dc1 default <all> node20.dc2 10.40.96.20:8302 alive server 1.11.1 2 dc2 default <all>
檢視某個資料中心的所有節點資訊可用:
./consul members [-http-addr=<address>]
3.4.2、斷開資料中心的關聯
1、在 10.40.96.20 上執行:
./consul leave
2、在 10.40.96.10、10.40.96.11、10.40.96.12 人一臺叢集上執行:
./consul force-leave -prune -wan node20.dc2
3、在 10.40.96.20 再啟動 consul:
nohup ./consul agent -config-file=./agent.hcl &
4、命令列使用
可以通過執行 consul 命令後的提示來學習如何使用命令列,如執行:
./consul
提示如下:
Usage: consul [--version] [--help] <command> [<args>] Available commands are: acl Interact with Consul's ACLs agent Runs a Consul agent catalog Interact with the catalog config Interact with Consul's Centralized Configurations connect Interact with Consul Connect debug Records a debugging archive for operators event Fire a new event exec Executes a command on Consul nodes force-leave Forces a member of the cluster to enter the "left" state info Provides debugging information for operators. intention Interact with Connect service intentions join Tell Consul agent to join cluster keygen Generates a new encryption key keyring Manages gossip layer encryption keys kv Interact with the key-value store leave Gracefully leaves the Consul cluster and shuts down lock Execute a command holding a lock login Login to Consul using an auth method logout Destroy a Consul token created with login maint Controls node or service maintenance mode members Lists the members of a Consul cluster monitor Stream logs from a Consul agent operator Provides cluster-level tools for Consul operators reload Triggers the agent to reload configuration files rtt Estimates network round trip time between nodes services Interact with services snapshot Saves, restores and inspects snapshots of Consul server state tls Builtin helpers for creating CAs and certificates validate Validate config files/directories version Prints the Consul version watch Watch for changes in Consul
如需檢視 members 指令的用法,再執行:
./consul members -h
就會顯示用法及各種引數,引數是可選的:
Usage: consul members [options] Outputs the members of a running Consul agent. HTTP API Options -ca-file=<value> Path to a CA file to use for TLS when communicating with Consul. This can also be specified via the CONSUL_CACERT environment variable. -ca-path=<value> Path to a directory of CA certificates to use for TLS when communicating with Consul. This can also be specified via the CONSUL_CAPATH environment variable. -client-cert=<value> Path to a client cert file to use for TLS when 'verify_incoming' is enabled. This can also be specified via the CONSUL_CLIENT_CERT environment variable. -client-key=<value> Path to a client key file to use for TLS when 'verify_incoming' is enabled. This can also be specified via the CONSUL_CLIENT_KEY environment variable. -http-addr=<address> The `address` and port of the Consul HTTP agent. The value can be an IP address or DNS address, but it must also include the port. This can also be specified via the CONSUL_HTTP_ADDR environment variable. The default value is http://127.0.0.1:8500. The scheme can also be set to HTTPS by setting the environment variable CONSUL_HTTP_SSL=true. -tls-server-name=<value> The server name to use as the SNI host when connecting via TLS. This can also be specified via the CONSUL_TLS_SERVER_NAME environment variable. -token=<value> ACL token to use in the request. This can also be specified via the CONSUL_HTTP_TOKEN environment variable. If unspecified, the query will default to the token of the Consul agent at the HTTP address. -token-file=<value> File containing the ACL token to use in the request instead of one specified via the -token argument or CONSUL_HTTP_TOKEN environment variable. This can also be specified via the CONSUL_HTTP_TOKEN_FILE environment variable. Command Options -detailed Provides detailed information about nodes. -partition=<default> Specifies the admin partition to query. If not provided, the admin partition will be inferred from the request's ACL token, or will default to the `default` admin partition. Admin Partitions are a Consul Enterprise feature. -segment=<string> (Enterprise-only) If provided, output is filtered to only nodes inthe given segment. -status=<string> If provided, output is filtered to only nodes matching the regular expression for status. -wan If the agent is in server mode, this can be used to return the other peers in the WAN pool.
最後知道執行如下命令就可以檢視節點資訊:
./consul members