Prometheus监控神器-服务发现篇(五)

发布于 2022-7-6 15:26
浏览
0收藏

 

创建Server{1-3}配置文件

# 生成密钥
CONSUL_KEY=`consul keygen`

# node_id 一定不可以重复,server name可以随便定义

# 创建server1配置文件
cat > /data/consul/server/config/config.json << EOF
{
  "datacenter": "prometheus",
  "bind_addr":"192.168.1.153",
  "log_level": "INFO",
  "node_id":"09d82408-bc4f-49e0-1111-61ef1d4842f7",
  "node_name": "server1",
  "data_dir":"/data/consul/server/data",
  "server": true,
  "bootstrap_expect": 3,
  "encrypt": "${CONSUL_KEY}",
  "ui":true,
  "client_addr":"0.0.0.0",
  "retry_join":["192.168.1.153:8301","192.168.1.154:8301","192.168.1.155:8301"],
  "ports": {
     "http": 8500,
     "dns": 8600,
     "serf_lan":8301,
     "serf_wan":8302,
     "server":8300,
     "grpc":8400
  },
  "acl": {
    "enabled": true,
    "default_policy": "deny",
    "down_policy": "extend-cache",
    "tokens":{
        "master":"${CONSUL_HTTP_TOKEN}",
        "agent":"${CONSUL_HTTP_TOKEN}"
    }
  }
}
EOF

# 创建server2配置文件
cat > /data/consul/server/config/config.json << EOF
{
  "datacenter": "prometheus",
  "bind_addr":"192.168.1.154",
  "log_level": "INFO",
  "node_id":"613ccd6e-68d1-3bbd-2222-3cbc450f019d",
  "node_name": "server2",
  "data_dir":"/data/consul/server/data",
  "server": true,
  "bootstrap_expect": 3,
  "encrypt": "${CONSUL_KEY}",
  "ui":true,
  "client_addr":"0.0.0.0",
  "retry_join":["192.168.1.153:8301","192.168.1.154:8301","192.168.1.155:8301"],
  "ports": {
     "http": 8500,
     "dns": 8600,
     "serf_lan":8301,
     "serf_wan":8302,
     "server":8300,
     "grpc":8400
  },
  "acl": {
    "enabled": true,
    "default_policy": "deny",
    "down_policy": "extend-cache",
    "tokens":{
        "master":"${CONSUL_HTTP_TOKEN}",
        "agent":"${CONSUL_HTTP_TOKEN}"
    }
  }
}
EOF

# 创建server3配置文件
cat > /data/consul/server/config/config.json << EOF
{
  "datacenter": "prometheus",
  "bind_addr":"192.168.1.155",
  "log_level": "INFO",
  "node_id":"d8a09ffd-7ccb-84bd-3333-8d8b7a01951e",
  "node_name": "server3",
  "data_dir":"/data/consul/server/data",
  "server": true,
  "bootstrap_expect": 3,
  "encrypt": "${CONSUL_KEY}",
  "ui":true,
  "client_addr":"0.0.0.0",
  "retry_join":["192.168.1.153:8301","192.168.1.154:8301","192.168.1.155:8301"],
  "ports": {
     "http": 8500,
     "dns": 8600,
     "serf_lan":8301,
     "serf_wan":8302,
     "server":8300,
     "grpc":8400
  },
  "acl": {
    "enabled": true,
    "default_policy": "deny",
    "down_policy": "extend-cache",
    "tokens":{
        "master":"${CONSUL_HTTP_TOKEN}",
        "agent":"${CONSUL_HTTP_TOKEN}"
    }
  }
}
EOF

 

启动服务

systemctl enable consul-server1 && systemctl start consul-server1
systemctl enable consul-server2 && systemctl start consul-server2
systemctl enable consul-server3 && systemctl start consul-server3
systemctl status consul-server1

生成http_acl_token,写入config.jso中的tokens数组中的master与agent。注意,consul acl bootstrap只能执行一次.

consul acl bootstrap
AccessorID:       ae4f5026-73e7-ff56-548c-3ae0fc76022f
SecretID:         08ad8862-f702-eb26-0276-d8255b11267e
Description:      Bootstrap Token (Global Management)
Local:            false
Create Time:      2020-09-02 23:25:47.533701389 +0800 CST
Policies:
   00000000-0000-0000-0000-000000000001 - global-management
AccessorID:       ae4f5026-73e7-ff56-548c-3ae0fc76022f
SecretID:         08ad8862-f702-eb26-0276-d8255b11267e
export CONSUL_HTTP_TOKEN='your_token'


查看集群
返回空节点是正常的,因为开启了ACL,所以访问的时候需要加入token,如果CONSUL_HTTP_TOKEN变量已经加入profile,不需要在指定token。

# 环境变量
cat >> /etc/profile << EOF
export CONSUL_HTTP_TOKEN='08ad8862-f702-eb26-0276-d8255b11267e'
EOF

# consul members  --token='08ad8862-f702-eb26-0276-d8255b11267e' 
Node     Address             Status  Type    Build  Protocol  DC          Segment
server1  192.168.1.153:8301  alive   server  1.7.7  2         prometheus  <all>
server2  192.168.1.154:8301  alive   server  1.7.7  2         prometheus  <all>
server3  192.168.1.155:8301  alive   server  1.7.7  2         prometheus  <all>

# 验证集群UI
在页面http://127.0.0.1:8500/ui/prometheus/acls/tokens 输入配置中的 master token,再刷新界面可以在services和nodes中查看到信息

# 验证API,通过在header中增加x-consul-token则可返回节点列表
curl http://127.0.0.1:8500/v1/catalog/nodes -H 'x-consul-token: ${CONSUL_HTTP_TOKEN}'

 

欢迎大家关注我的公众号ID:k8stech


文章转自公众号:Kubernetes技术栈

标签
已于2022-7-6 15:26:13修改
收藏
回复
举报
回复
添加资源
添加资源将有机会获得更多曝光,你也可以直接关联已上传资源 去关联
    相关推荐