Consul 入门实战(2)--安装及管理
本文主要介绍 Consul 的安装及使用,文中使用到的软件版本:RHEL 6.6、Consul 1.11.1。
1、单机版安装
1.1、下载 Consul 并解压
https://www.consul.io/downloads
unzip consul_1.11.1_linux_amd64.zip
1.2、启动
./consul agent -server -ui -bootstrap-expect=1 -data-dir=./data -datacenter=dc1 -node=node10 -client=0.0.0.0 -bind=10.49.196.10
参数说明:
-server: 以 server 身份启动;不加该参数默认是 client
-ui:可以访问 UI 界面
-bootstrap-expect:集群期望的节点数,只有节点数量达到这个值才会选举 leader
-data-dir:数据存放的目录
-datacenter:数据中心名称,默认是 dc1
-node:节点的名称
-client:客户端访问 Consul 的绑定地址;默认为 127.0.0.1,只能本地访问
-bind:集群内部通信绑定的地址,默认为 0.0.0.0
1.3、控制台
http://10.49.196.10:8500/
2、集群安装
2.1、规划
机器 | agent 类型 | 数据中心名称 |
10.49.196.10 | server | dc1 |
10.49.196.11 | server | dc1 |
10.49.196.12 | server | dc1 |
2.2、启动
这里通过配置文件来依次启动各节点(先启动 10.49.196.10,再启动其他两个节点):
nohup ./consul agent -config-file=./agent.hcl &
10.49.196.10 上 agent.hcl:
server = true, ui_config = { enabled = true }, bootstrap_expect = 3, data_dir = "./data", datacenter = "dc1", node_name = "node10", client_addr = "0.0.0.0", bind_addr = "10.49.196.10"
10.49.196.11 上 agent.hcl:
server = true, ui_config = { enabled = true }, bootstrap_expect = 3, data_dir = "./data", datacenter = "dc1", node_name = "node11", client_addr = "0.0.0.0", bind_addr = "10.49.196.11" start_join = ["10.49.196.10"],
retry_join = ["10.49.196.10"],
10.49.196.12 上 agent.hcl:
server = true, ui_config = { enabled = true }, bootstrap_expect = 3, data_dir = "./data", datacenter = "dc1", node_name = "node12", client_addr = "0.0.0.0", bind_addr = "10.49.196.12" start_join = ["10.49.196.10"],
retry_join = ["10.49.196.10"],
配置文件中参数说明:
server:同命令行的 server 参数
bootstrap_expect:同命令行的 bootstrap-expect 参数
data_dir:同命令行的 data-dir 参数
datacenter:同命令行的 datacenter 参数
node_name:同命令行的 node 参数
client_addr:同命令行的 client 参数
bind_addr:同命令行的 bind 参数
start_join:启动时加入集群的地址,同命令行的 join 参数
retry_join:加入集群的重试地址,同命令行的 retry-join 参数
2.3、管理
2.3.1、查看节点信息
./consul members
结果如下:
Node Address Status Type Build Protocol DC Partition Segment node10 10.49.196.10:8301 alive server 1.11.1 2 dc1 default <all> node11 10.49.196.11:8301 alive server 1.11.1 2 dc1 default <all> node12 10.49.196.12:8301 alive server 1.11.1 2 dc1 default <all>
2.3.2、查看集群状态
./consul operator raft list-peers
结果如下:
Node ID Address State Voter RaftProtocol node10 e8974195-0bfc-9156-c4ea-abb2b594f75e 10.49.196.10:8300 leader true 3 node11 bf0f6378-fb29-8fad-07f3-2d369a8093c3 10.49.196.11:8300 follower true 3 node12 d460dfcd-607b-2804-725e-28aa79566127 10.49.196.12:8300 follower true 3
2.3.3、退出集群
A、优雅的离开集群并关闭
./consul leave [-http-addr=<address>]
执行该命令后,该节点的状态变为 “left”;参数 http-addr 默认为 http://127.0.0.1:8500,即本机所在节点。在 10.49.196.12 上执行该命令后,再查看节点信息如下:
Node Address Status Type Build Protocol DC Partition Segment node10 10.49.196.10:8301 alive server 1.11.1 2 dc1 default <all> node11 10.49.196.11:8301 alive server 1.11.1 2 dc1 default <all> node12 10.49.196.12:8301 left server 1.11.1 2 dc1 default <all>
B、强制设置节点状态为 “left”
./consul force-leave [-prune] nodeName
如果节点状态为 “alive”,该节点会重新加入集群,所以看起来命令没啥效果。
对于 ”fail" 或 “left” 状态的节点,可以通过该命令把节点从集群中彻底删除(通过 prune 参数),node12 已经是 “left" 状态了,执行如下命令:
./consul force-leave -prune node12
再查看节点信息如下:
Node Address Status Type Build Protocol DC Partition Segment node10 10.49.196.10:8301 alive server 1.11.1 2 dc1 default <all> node11 10.49.196.11:8301 alive server 1.11.1 2 dc1 default <all>
3、多数据中心
3.1、规划
在上一步搭建的集群上,我们再搭建一个不通数据中心的集群,组成跨数据中心集群。
机器 | agent 类型 | 数据中心名称 |
10.49.196.10 | server | dc1 |
10.49.196.11 | server | dc1 |
10.49.196.12 | server | dc1 |
10.49.196.20 | server | dc2 |
10.49.196.21 | client | dc2 |
3.2、启动 dc2 的节点
nohup ./consul agent -config-file=./agent.hcl &
10.49.196.20 上 agent.hcl:
server = true, ui_config = { enabled = true }, bootstrap_expect = 1, data_dir = "./data", datacenter = "dc2", node_name = "node20", client_addr = "0.0.0.0", bind_addr = "10.49.196.20"
10.49.196.21 上 agent.hcl:
server = false, ui_config = { enabled = true }, data_dir = "./data", datacenter = "dc2", node_name = "node21", client_addr = "0.0.0.0", bind_addr = "10.49.196.21", start_join = ["10.49.196.20"],
retry_join = ["10.49.196.20"],
3.3、加入 dc1
在 10.49.196.20(需为 server 节点)上执行:
./consul join -wan 10.49.196.10
3.4、管理
3.4.1、查看所有 server 节点
./consul members -wan
该命令可以查看所以数据中心的 server 类型的节点:
Node Address Status Type Build Protocol DC Partition Segment node10.dc1 10.49.196.10:8302 alive server 1.11.1 2 dc1 default <all> node11.dc1 10.49.196.11:8302 alive server 1.11.1 2 dc1 default <all> node12.dc1 10.49.196.12:8302 alive server 1.11.1 2 dc1 default <all> node20.dc2 10.49.196.20:8302 alive server 1.11.1 2 dc2 default <all>
查看某个数据中心的所有节点信息可用:
./consul members [-http-addr=<address>]
3.4.2、断开数据中心的关联
1、在 10.49.196.20 上执行:
./consul leave
2、在 10.49.196.10、10.49.196.11、10.49.196.12 人一台集群上执行:
./consul force-leave -prune -wan node20.dc2
3、在 10.49.196.20 再启动 consul:
nohup ./consul agent -config-file=./agent.hcl &
4、命令行使用
可以通过执行 consul 命令后的提示来学习如何使用命令行,如执行:
./consul
提示如下:
Usage: consul [--version] [--help] <command> [<args>] Available commands are: acl Interact with Consul's ACLs agent Runs a Consul agent catalog Interact with the catalog config Interact with Consul's Centralized Configurations connect Interact with Consul Connect debug Records a debugging archive for operators event Fire a new event exec Executes a command on Consul nodes force-leave Forces a member of the cluster to enter the "left" state info Provides debugging information for operators. intention Interact with Connect service intentions join Tell Consul agent to join cluster keygen Generates a new encryption key keyring Manages gossip layer encryption keys kv Interact with the key-value store leave Gracefully leaves the Consul cluster and shuts down lock Execute a command holding a lock login Login to Consul using an auth method logout Destroy a Consul token created with login maint Controls node or service maintenance mode members Lists the members of a Consul cluster monitor Stream logs from a Consul agent operator Provides cluster-level tools for Consul operators reload Triggers the agent to reload configuration files rtt Estimates network round trip time between nodes services Interact with services snapshot Saves, restores and inspects snapshots of Consul server state tls Builtin helpers for creating CAs and certificates validate Validate config files/directories version Prints the Consul version watch Watch for changes in Consul
如需查看 members 指令的用法,再执行:
./consul members -h
就会显示用法及各种参数,参数是可选的:
Usage: consul members [options] Outputs the members of a running Consul agent. HTTP API Options -ca-file=<value> Path to a CA file to use for TLS when communicating with Consul. This can also be specified via the CONSUL_CACERT environment variable. -ca-path=<value> Path to a directory of CA certificates to use for TLS when communicating with Consul. This can also be specified via the CONSUL_CAPATH environment variable. -client-cert=<value> Path to a client cert file to use for TLS when 'verify_incoming' is enabled. This can also be specified via the CONSUL_CLIENT_CERT environment variable. -client-key=<value> Path to a client key file to use for TLS when 'verify_incoming' is enabled. This can also be specified via the CONSUL_CLIENT_KEY environment variable. -http-addr=<address> The `address` and port of the Consul HTTP agent. The value can be an IP address or DNS address, but it must also include the port. This can also be specified via the CONSUL_HTTP_ADDR environment variable. The default value is http://127.0.0.1:8500. The scheme can also be set to HTTPS by setting the environment variable CONSUL_HTTP_SSL=true. -tls-server-name=<value> The server name to use as the SNI host when connecting via TLS. This can also be specified via the CONSUL_TLS_SERVER_NAME environment variable. -token=<value> ACL token to use in the request. This can also be specified via the CONSUL_HTTP_TOKEN environment variable. If unspecified, the query will default to the token of the Consul agent at the HTTP address. -token-file=<value> File containing the ACL token to use in the request instead of one specified via the -token argument or CONSUL_HTTP_TOKEN environment variable. This can also be specified via the CONSUL_HTTP_TOKEN_FILE environment variable. Command Options -detailed Provides detailed information about nodes. -partition=<default> Specifies the admin partition to query. If not provided, the admin partition will be inferred from the request's ACL token, or will default to the `default` admin partition. Admin Partitions are a Consul Enterprise feature. -segment=<string> (Enterprise-only) If provided, output is filtered to only nodes inthe given segment. -status=<string> If provided, output is filtered to only nodes matching the regular expression for status. -wan If the agent is in server mode, this can be used to return the other peers in the WAN pool.
最后知道执行如下命令就可以查看节点信息:
./consul members