回复
Prometheus监控神器-服务发现篇(五)
icegoblin
发布于 2022-7-6 15:26
浏览
0收藏
创建Server{1-3}配置文件
# 生成密钥
CONSUL_KEY=`consul keygen`
# node_id 一定不可以重复,server name可以随便定义
# 创建server1配置文件
cat > /data/consul/server/config/config.json << EOF
{
"datacenter": "prometheus",
"bind_addr":"192.168.1.153",
"log_level": "INFO",
"node_id":"09d82408-bc4f-49e0-1111-61ef1d4842f7",
"node_name": "server1",
"data_dir":"/data/consul/server/data",
"server": true,
"bootstrap_expect": 3,
"encrypt": "${CONSUL_KEY}",
"ui":true,
"client_addr":"0.0.0.0",
"retry_join":["192.168.1.153:8301","192.168.1.154:8301","192.168.1.155:8301"],
"ports": {
"http": 8500,
"dns": 8600,
"serf_lan":8301,
"serf_wan":8302,
"server":8300,
"grpc":8400
},
"acl": {
"enabled": true,
"default_policy": "deny",
"down_policy": "extend-cache",
"tokens":{
"master":"${CONSUL_HTTP_TOKEN}",
"agent":"${CONSUL_HTTP_TOKEN}"
}
}
}
EOF
# 创建server2配置文件
cat > /data/consul/server/config/config.json << EOF
{
"datacenter": "prometheus",
"bind_addr":"192.168.1.154",
"log_level": "INFO",
"node_id":"613ccd6e-68d1-3bbd-2222-3cbc450f019d",
"node_name": "server2",
"data_dir":"/data/consul/server/data",
"server": true,
"bootstrap_expect": 3,
"encrypt": "${CONSUL_KEY}",
"ui":true,
"client_addr":"0.0.0.0",
"retry_join":["192.168.1.153:8301","192.168.1.154:8301","192.168.1.155:8301"],
"ports": {
"http": 8500,
"dns": 8600,
"serf_lan":8301,
"serf_wan":8302,
"server":8300,
"grpc":8400
},
"acl": {
"enabled": true,
"default_policy": "deny",
"down_policy": "extend-cache",
"tokens":{
"master":"${CONSUL_HTTP_TOKEN}",
"agent":"${CONSUL_HTTP_TOKEN}"
}
}
}
EOF
# 创建server3配置文件
cat > /data/consul/server/config/config.json << EOF
{
"datacenter": "prometheus",
"bind_addr":"192.168.1.155",
"log_level": "INFO",
"node_id":"d8a09ffd-7ccb-84bd-3333-8d8b7a01951e",
"node_name": "server3",
"data_dir":"/data/consul/server/data",
"server": true,
"bootstrap_expect": 3,
"encrypt": "${CONSUL_KEY}",
"ui":true,
"client_addr":"0.0.0.0",
"retry_join":["192.168.1.153:8301","192.168.1.154:8301","192.168.1.155:8301"],
"ports": {
"http": 8500,
"dns": 8600,
"serf_lan":8301,
"serf_wan":8302,
"server":8300,
"grpc":8400
},
"acl": {
"enabled": true,
"default_policy": "deny",
"down_policy": "extend-cache",
"tokens":{
"master":"${CONSUL_HTTP_TOKEN}",
"agent":"${CONSUL_HTTP_TOKEN}"
}
}
}
EOF
启动服务
systemctl enable consul-server1 && systemctl start consul-server1
systemctl enable consul-server2 && systemctl start consul-server2
systemctl enable consul-server3 && systemctl start consul-server3
systemctl status consul-server1生成http_acl_token,写入config.jso中的tokens数组中的master与agent。注意,consul acl bootstrap只能执行一次.
consul acl bootstrap
AccessorID: ae4f5026-73e7-ff56-548c-3ae0fc76022f
SecretID: 08ad8862-f702-eb26-0276-d8255b11267e
Description: Bootstrap Token (Global Management)
Local: false
Create Time: 2020-09-02 23:25:47.533701389 +0800 CST
Policies:
00000000-0000-0000-0000-000000000001 - global-management
AccessorID: ae4f5026-73e7-ff56-548c-3ae0fc76022f
SecretID: 08ad8862-f702-eb26-0276-d8255b11267e
export CONSUL_HTTP_TOKEN='your_token'
查看集群
返回空节点是正常的,因为开启了ACL,所以访问的时候需要加入token,如果CONSUL_HTTP_TOKEN变量已经加入profile,不需要在指定token。
# 环境变量
cat >> /etc/profile << EOF
export CONSUL_HTTP_TOKEN='08ad8862-f702-eb26-0276-d8255b11267e'
EOF
# consul members --token='08ad8862-f702-eb26-0276-d8255b11267e'
Node Address Status Type Build Protocol DC Segment
server1 192.168.1.153:8301 alive server 1.7.7 2 prometheus <all>
server2 192.168.1.154:8301 alive server 1.7.7 2 prometheus <all>
server3 192.168.1.155:8301 alive server 1.7.7 2 prometheus <all>
# 验证集群UI
在页面http://127.0.0.1:8500/ui/prometheus/acls/tokens 输入配置中的 master token,再刷新界面可以在services和nodes中查看到信息
# 验证API,通过在header中增加x-consul-token则可返回节点列表
curl http://127.0.0.1:8500/v1/catalog/nodes -H 'x-consul-token: ${CONSUL_HTTP_TOKEN}'
欢迎大家关注我的公众号ID:k8stech
文章转自公众号:Kubernetes技术栈
标签
已于2022-7-6 15:26:13修改
赞
收藏
回复
相关推荐
