1.安装consul

====================================

1.单节点

====================================

#/bin/bash

 

#1.docker pull consul

docker pull consul

 

#2.create data and config dir

mkdir -p /home/consul/{config,data}

 

#3.docker run consul

docker run -idt \

--restart=always \

--name consul \

-p 8500:8500 \

-v /home/consul/config:/consul/config \

-v /home/consul/data:/consul/data \

consul:latest \

agent \

-server \

-ui \

-bootstrap-expect=1 \

-client=0.0.0.0 \

-node=node1

 

===================================

2.集群

==================================

节点1

docker stop consul-node1

docker rm consul-node1

docker run -idt \

--restart=always \

--name consul-node1 \

--net=host \

-e CONSUL_BIND_INTERFACE='eth0' \

-v /home/consul/config:/consul/config \

-v /home/consul/data:/consul/data \

consul:latest \

agent \

-data-dir=/consul/data \

-config-dir=consul/config \

-server \

-bind=192.168.0.231 \

-client=0.0.0.0 \

-ui \

-bootstrap-expect=1 \

-node=consul-node1

 

 

sleep 3s

docker logs consul-node1

 

节点2

docker stop consul-node2

docker rm consul-node2

docker run -idt \

--restart=always \

--name consul-node2 \

--net=host \

-e CONSUL_BIND_INTERFACE='eth0' \

-v /home/consul/config:/consul/config \

-v /home/consul/data:/consul/data \

consul:latest \

agent \

-data-dir=/consul/data \

-config-dir=consul/config \

-server \

-ui \

-bind=192.168.0.61 \

-client=0.0.0.0 \

-node=consul-node2 \

-retry-join=192.168.0.231

 

sleep 3s

docker logs consul-node2

 

sleep 3s

docker logs consul-node2

 

节点3

docker stop consul-node3

docker rm consul-node3

docker run -idt \

--restart=always \

--name consul-node3 \

--net=host \

-e CONSUL_BIND_INTERFACE='eth0' \

-v /home/consul/config:/consul/config \

-v /home/consul/data:/consul/data \

consul:latest \

agent \

-data-dir=/consul/data \

-config-dir=consul/config \

-server \

-bind=192.168.0.170 \

-client=0.0.0.0 \

-ui \

-node=consul-node3 \

-retry-join=192.168.0.231

 

sleep 3s

docker logs consul-node3

 

 

ACL访问控制：

 

1.使用linux的uuidgen命令生成一个64位UUID作为msater token

 

 

2.编写acl.json文件

vim /home/consul/config/acl.json

{

"datacenter":"dc1",

"acl": {

"enabled": true,

"default_policy": "deny",

"down_policy": "extend-cache",

"tokens": {

"master": "dcb93655-0661-4ea1-bfc4-e5744317f99e"

}

}

}