Prometheus监控神器-服务发现篇(五)

icegoblin
发布于 2022-7-6 15:26
浏览
0收藏

 

创建Server{1-3}配置文件

# 生成密钥
CONSUL_KEY=`consul keygen`

# node_id 一定不可以重复,server name可以随便定义

# 创建server1配置文件
cat > /data/consul/server/config/config.json << EOF
{
  "datacenter": "prometheus",
  "bind_addr":"192.168.1.153",
  "log_level": "INFO",
  "node_id":"09d82408-bc4f-49e0-1111-61ef1d4842f7",
  "node_name": "server1",
  "data_dir":"/data/consul/server/data",
  "server": true,
  "bootstrap_expect": 3,
  "encrypt": "${CONSUL_KEY}",
  "ui":true,
  "client_addr":"0.0.0.0",
  "retry_join":["192.168.1.153:8301","192.168.1.154:8301","192.168.1.155:8301"],
  "ports": {
     "http": 8500,
     "dns": 8600,
     "serf_lan":8301,
     "serf_wan":8302,
     "server":8300,
     "grpc":8400
  },
  "acl": {
    "enabled": true,
    "default_policy": "deny",
    "down_policy": "extend-cache",
    "tokens":{
        "master":"${CONSUL_HTTP_TOKEN}",
        "agent":"${CONSUL_HTTP_TOKEN}"
    }
  }
}
EOF

# 创建server2配置文件
cat > /data/consul/server/config/config.json << EOF
{
  "datacenter": "prometheus",
  "bind_addr":"192.168.1.154",
  "log_level": "INFO",
  "node_id":"613ccd6e-68d1-3bbd-2222-3cbc450f019d",
  "node_name": "server2",
  "data_dir":"/data/consul/server/data",
  "server": true,
  "bootstrap_expect": 3,
  "encrypt": "${CONSUL_KEY}",
  "ui":true,
  "client_addr":"0.0.0.0",
  "retry_join":["192.168.1.153:8301","192.168.1.154:8301","192.168.1.155:8301"],
  "ports": {
     "http": 8500,
     "dns": 8600,
     "serf_lan":8301,
     "serf_wan":8302,
     "server":8300,
     "grpc":8400
  },
  "acl": {
    "enabled": true,
    "default_policy": "deny",
    "down_policy": "extend-cache",
    "tokens":{
        "master":"${CONSUL_HTTP_TOKEN}",
        "agent":"${CONSUL_HTTP_TOKEN}"
    }
  }
}
EOF

# 创建server3配置文件
cat > /data/consul/server/config/config.json << EOF
{
  "datacenter": "prometheus",
  "bind_addr":"192.168.1.155",
  "log_level": "INFO",
  "node_id":"d8a09ffd-7ccb-84bd-3333-8d8b7a01951e",
  "node_name": "server3",
  "data_dir":"/data/consul/server/data",
  "server": true,
  "bootstrap_expect": 3,
  "encrypt": "${CONSUL_KEY}",
  "ui":true,
  "client_addr":"0.0.0.0",
  "retry_join":["192.168.1.153:8301","192.168.1.154:8301","192.168.1.155:8301"],
  "ports": {
     "http": 8500,
     "dns": 8600,
     "serf_lan":8301,
     "serf_wan":8302,
     "server":8300,
     "grpc":8400
  },
  "acl": {
    "enabled": true,
    "default_policy": "deny",
    "down_policy": "extend-cache",
    "tokens":{
        "master":"${CONSUL_HTTP_TOKEN}",
        "agent":"${CONSUL_HTTP_TOKEN}"
    }
  }
}
EOF
  • 1.
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.
  • 30.
  • 31.
  • 32.
  • 33.
  • 34.
  • 35.
  • 36.
  • 37.
  • 38.
  • 39.
  • 40.
  • 41.
  • 42.
  • 43.
  • 44.
  • 45.
  • 46.
  • 47.
  • 48.
  • 49.
  • 50.
  • 51.
  • 52.
  • 53.
  • 54.
  • 55.
  • 56.
  • 57.
  • 58.
  • 59.
  • 60.
  • 61.
  • 62.
  • 63.
  • 64.
  • 65.
  • 66.
  • 67.
  • 68.
  • 69.
  • 70.
  • 71.
  • 72.
  • 73.
  • 74.
  • 75.
  • 76.
  • 77.
  • 78.
  • 79.
  • 80.
  • 81.
  • 82.
  • 83.
  • 84.
  • 85.
  • 86.
  • 87.
  • 88.
  • 89.
  • 90.
  • 91.
  • 92.
  • 93.
  • 94.
  • 95.
  • 96.
  • 97.
  • 98.
  • 99.
  • 100.
  • 101.
  • 102.
  • 103.
  • 104.
  • 105.
  • 106.
  • 107.
  • 108.
  • 109.

 

启动服务

systemctl enable consul-server1 && systemctl start consul-server1
systemctl enable consul-server2 && systemctl start consul-server2
systemctl enable consul-server3 && systemctl start consul-server3
systemctl status consul-server1
  • 1.
  • 2.
  • 3.
  • 4.

生成http_acl_token,写入config.jso中的tokens数组中的master与agent。注意,consul acl bootstrap只能执行一次.

consul acl bootstrap
AccessorID:       ae4f5026-73e7-ff56-548c-3ae0fc76022f
SecretID:         08ad8862-f702-eb26-0276-d8255b11267e
Description:      Bootstrap Token (Global Management)
Local:            false
Create Time:      2020-09-02 23:25:47.533701389 +0800 CST
Policies:
   00000000-0000-0000-0000-000000000001 - global-management
AccessorID:       ae4f5026-73e7-ff56-548c-3ae0fc76022f
SecretID:         08ad8862-f702-eb26-0276-d8255b11267e
export CONSUL_HTTP_TOKEN='your_token'
  • 1.
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.


查看集群
返回空节点是正常的,因为开启了ACL,所以访问的时候需要加入token,如果CONSUL_HTTP_TOKEN变量已经加入profile,不需要在指定token。

# 环境变量
cat >> /etc/profile << EOF
export CONSUL_HTTP_TOKEN='08ad8862-f702-eb26-0276-d8255b11267e'
EOF

# consul members  --token='08ad8862-f702-eb26-0276-d8255b11267e' 
Node     Address             Status  Type    Build  Protocol  DC          Segment
server1  192.168.1.153:8301  alive   server  1.7.7  2         prometheus  <all>
server2  192.168.1.154:8301  alive   server  1.7.7  2         prometheus  <all>
server3  192.168.1.155:8301  alive   server  1.7.7  2         prometheus  <all>

# 验证集群UI
在页面http://127.0.0.1:8500/ui/prometheus/acls/tokens 输入配置中的 master token,再刷新界面可以在services和nodes中查看到信息

# 验证API,通过在header中增加x-consul-token则可返回节点列表
curl http://127.0.0.1:8500/v1/catalog/nodes -H 'x-consul-token: ${CONSUL_HTTP_TOKEN}'
  • 1.
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.

 

欢迎大家关注我的公众号ID:k8stech


文章转自公众号:Kubernetes技术栈

标签
已于2022-7-6 15:26:13修改
收藏
回复
举报


回复
    相关推荐