Prometheus监控神器-服务发现篇（五）

icegoblin

发布于 2022-7-6 15:26

浏览

0收藏

创建Server{1-3}配置文件

# 生成密钥
CONSUL_KEY=`consul keygen`

# node_id 一定不可以重复,server name可以随便定义

# 创建server1配置文件
cat > /data/consul/server/config/config.json << EOF
{
  "datacenter": "prometheus",
  "bind_addr":"192.168.1.153",
  "log_level": "INFO",
  "node_id":"09d82408-bc4f-49e0-1111-61ef1d4842f7",
  "node_name": "server1",
  "data_dir":"/data/consul/server/data",
  "server": true,
  "bootstrap_expect": 3,
  "encrypt": "${CONSUL_KEY}",
  "ui":true,
  "client_addr":"0.0.0.0",
  "retry_join":["192.168.1.153:8301","192.168.1.154:8301","192.168.1.155:8301"],
  "ports": {
     "http": 8500,
     "dns": 8600,
     "serf_lan":8301,
     "serf_wan":8302,
     "server":8300,
     "grpc":8400
  },
  "acl": {
    "enabled": true,
    "default_policy": "deny",
    "down_policy": "extend-cache",
    "tokens":{
        "master":"${CONSUL_HTTP_TOKEN}",
        "agent":"${CONSUL_HTTP_TOKEN}"
    }
  }
}
EOF

# 创建server2配置文件
cat > /data/consul/server/config/config.json << EOF
{
  "datacenter": "prometheus",
  "bind_addr":"192.168.1.154",
  "log_level": "INFO",
  "node_id":"613ccd6e-68d1-3bbd-2222-3cbc450f019d",
  "node_name": "server2",
  "data_dir":"/data/consul/server/data",
  "server": true,
  "bootstrap_expect": 3,
  "encrypt": "${CONSUL_KEY}",
  "ui":true,
  "client_addr":"0.0.0.0",
  "retry_join":["192.168.1.153:8301","192.168.1.154:8301","192.168.1.155:8301"],
  "ports": {
     "http": 8500,
     "dns": 8600,
     "serf_lan":8301,
     "serf_wan":8302,
     "server":8300,
     "grpc":8400
  },
  "acl": {
    "enabled": true,
    "default_policy": "deny",
    "down_policy": "extend-cache",
    "tokens":{
        "master":"${CONSUL_HTTP_TOKEN}",
        "agent":"${CONSUL_HTTP_TOKEN}"
    }
  }
}
EOF

# 创建server3配置文件
cat > /data/consul/server/config/config.json << EOF
{
  "datacenter": "prometheus",
  "bind_addr":"192.168.1.155",
  "log_level": "INFO",
  "node_id":"d8a09ffd-7ccb-84bd-3333-8d8b7a01951e",
  "node_name": "server3",
  "data_dir":"/data/consul/server/data",
  "server": true,
  "bootstrap_expect": 3,
  "encrypt": "${CONSUL_KEY}",
  "ui":true,
  "client_addr":"0.0.0.0",
  "retry_join":["192.168.1.153:8301","192.168.1.154:8301","192.168.1.155:8301"],
  "ports": {
     "http": 8500,
     "dns": 8600,
     "serf_lan":8301,
     "serf_wan":8302,
     "server":8300,
     "grpc":8400
  },
  "acl": {
    "enabled": true,
    "default_policy": "deny",
    "down_policy": "extend-cache",
    "tokens":{
        "master":"${CONSUL_HTTP_TOKEN}",
        "agent":"${CONSUL_HTTP_TOKEN}"
    }
  }
}
EOF1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.

启动服务

systemctl enable consul-server1 && systemctl start consul-server1
systemctl enable consul-server2 && systemctl start consul-server2
systemctl enable consul-server3 && systemctl start consul-server3
systemctl status consul-server11.
2.
3.
4.

生成http_acl_token，写入config.jso中的tokens数组中的master与agent。注意，consul acl bootstrap只能执行一次.

consul acl bootstrap
AccessorID:       ae4f5026-73e7-ff56-548c-3ae0fc76022f
SecretID:         08ad8862-f702-eb26-0276-d8255b11267e
Description:      Bootstrap Token (Global Management)
Local:            false
Create Time:      2020-09-02 23:25:47.533701389 +0800 CST
Policies:
   00000000-0000-0000-0000-000000000001 - global-management
AccessorID:       ae4f5026-73e7-ff56-548c-3ae0fc76022f
SecretID:         08ad8862-f702-eb26-0276-d8255b11267e
export CONSUL_HTTP_TOKEN='your_token'
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.

查看集群
返回空节点是正常的，因为开启了ACL，所以访问的时候需要加入token，如果CONSUL_HTTP_TOKEN变量已经加入profile，不需要在指定token。

# 环境变量
cat >> /etc/profile << EOF
export CONSUL_HTTP_TOKEN='08ad8862-f702-eb26-0276-d8255b11267e'
EOF

# consul members  --token='08ad8862-f702-eb26-0276-d8255b11267e' 
Node     Address             Status  Type    Build  Protocol  DC          Segment
server1  192.168.1.153:8301  alive   server  1.7.7  2         prometheus  <all>
server2  192.168.1.154:8301  alive   server  1.7.7  2         prometheus  <all>
server3  192.168.1.155:8301  alive   server  1.7.7  2         prometheus  <all>

# 验证集群UI
在页面http://127.0.0.1:8500/ui/prometheus/acls/tokens 输入配置中的 master token，再刷新界面可以在services和nodes中查看到信息

# 验证API，通过在header中增加x-consul-token则可返回节点列表
curl http://127.0.0.1:8500/v1/catalog/nodes -H 'x-consul-token: ${CONSUL_HTTP_TOKEN}'1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.