创建Server{1-3}配置文件
# 生成密钥
CONSUL_KEY=`consul keygen`
# node_id 一定不可以重复,server name可以随便定义
# 创建server1配置文件
cat > /data/consul/server/config/config.json << EOF
{
"datacenter": "prometheus",
"bind_addr":"192.168.1.153",
"log_level": "INFO",
"node_id":"09d82408-bc4f-49e0-1111-61ef1d4842f7",
"node_name": "server1",
"data_dir":"/data/consul/server/data",
"server": true,
"bootstrap_expect": 3,
"encrypt": "${CONSUL_KEY}",
"ui":true,
"client_addr":"0.0.0.0",
"retry_join":["192.168.1.153:8301","192.168.1.154:8301","192.168.1.155:8301"],
"ports": {
"http": 8500,
"dns": 8600,
"serf_lan":8301,
"serf_wan":8302,
"server":8300,
"grpc":8400
},
"acl": {
"enabled": true,
"default_policy": "deny",
"down_policy": "extend-cache",
"tokens":{
"master":"${CONSUL_HTTP_TOKEN}",
"agent":"${CONSUL_HTTP_TOKEN}"
}
}
}
EOF
# 创建server2配置文件
cat > /data/consul/server/config/config.json << EOF
{
"datacenter": "prometheus",
"bind_addr":"192.168.1.154",
"log_level": "INFO",
"node_id":"613ccd6e-68d1-3bbd-2222-3cbc450f019d",
"node_name": "server2",
"data_dir":"/data/consul/server/data",
"server": true,
"bootstrap_expect": 3,
"encrypt": "${CONSUL_KEY}",
"ui":true,
"client_addr":"0.0.0.0",
"retry_join":["192.168.1.153:8301","192.168.1.154:8301","192.168.1.155:8301"],
"ports": {
"http": 8500,
"dns": 8600,
"serf_lan":8301,
"serf_wan":8302,
"server":8300,
"grpc":8400
},
"acl": {
"enabled": true,
"default_policy": "deny",
"down_policy": "extend-cache",
"tokens":{
"master":"${CONSUL_HTTP_TOKEN}",
"agent":"${CONSUL_HTTP_TOKEN}"
}
}
}
EOF
# 创建server3配置文件
cat > /data/consul/server/config/config.json << EOF
{
"datacenter": "prometheus",
"bind_addr":"192.168.1.155",
"log_level": "INFO",
"node_id":"d8a09ffd-7ccb-84bd-3333-8d8b7a01951e",
"node_name": "server3",
"data_dir":"/data/consul/server/data",
"server": true,
"bootstrap_expect": 3,
"encrypt": "${CONSUL_KEY}",
"ui":true,
"client_addr":"0.0.0.0",
"retry_join":["192.168.1.153:8301","192.168.1.154:8301","192.168.1.155:8301"],
"ports": {
"http": 8500,
"dns": 8600,
"serf_lan":8301,
"serf_wan":8302,
"server":8300,
"grpc":8400
},
"acl": {
"enabled": true,
"default_policy": "deny",
"down_policy": "extend-cache",
"tokens":{
"master":"${CONSUL_HTTP_TOKEN}",
"agent":"${CONSUL_HTTP_TOKEN}"
}
}
}
EOF
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
- 14.
- 15.
- 16.
- 17.
- 18.
- 19.
- 20.
- 21.
- 22.
- 23.
- 24.
- 25.
- 26.
- 27.
- 28.
- 29.
- 30.
- 31.
- 32.
- 33.
- 34.
- 35.
- 36.
- 37.
- 38.
- 39.
- 40.
- 41.
- 42.
- 43.
- 44.
- 45.
- 46.
- 47.
- 48.
- 49.
- 50.
- 51.
- 52.
- 53.
- 54.
- 55.
- 56.
- 57.
- 58.
- 59.
- 60.
- 61.
- 62.
- 63.
- 64.
- 65.
- 66.
- 67.
- 68.
- 69.
- 70.
- 71.
- 72.
- 73.
- 74.
- 75.
- 76.
- 77.
- 78.
- 79.
- 80.
- 81.
- 82.
- 83.
- 84.
- 85.
- 86.
- 87.
- 88.
- 89.
- 90.
- 91.
- 92.
- 93.
- 94.
- 95.
- 96.
- 97.
- 98.
- 99.
- 100.
- 101.
- 102.
- 103.
- 104.
- 105.
- 106.
- 107.
- 108.
- 109.
启动服务
生成http_acl_token,写入config.jso中的tokens数组中的master与agent。注意,consul acl bootstrap只能执行一次.
查看集群
返回空节点是正常的,因为开启了ACL,所以访问的时候需要加入token,如果CONSUL_HTTP_TOKEN变量已经加入profile,不需要在指定token。
欢迎大家关注我的公众号ID:k8stech
文章转自公众号:Kubernetes技术栈