How do I quickly deploy a cluster/system? The great experience of deploying all components with a single command is something I’ve only experienced with Docker-compose and Ansible.
Use Docker-compose to quickly set up Consul cluster
- The editor
docker-compose.ymlDefine Consul cluster. - perform
$ docker-compose upWill be able todocker-compose.ymlConsul cluster defined to start.
version: '2'
networks:
byfn:
services:
consul1:
image: consul
container_name: node1
command: agent -server -bootstrap-expect=3 -node=node1 - the bind = 0.0.0.0 - client = 0.0.0.0 -datacenter=dc1
networks:
- byfn
consul2:
image: consul
container_name: node2
command: agent -server -retry-join=node1 -node=node2 - the bind = 0.0.0.0 - client = 0.0.0.0 -datacenter=dc1
depends_on:
- consul1
networks:
- byfn
consul3:
image: consul
container_name: node3
command: agent -server -retry-join=node1 -node=node3 - the bind = 0.0.0.0 - client = 0.0.0.0 -datacenter=dc1
depends_on:
- consul1
networks:
- byfn
consul4:
image: consul
container_name: node4
command: agent -retry-join=node1 -node=ndoe4 - the bind = 0.0.0.0 - client = 0.0.0.0 -datacenter=dc1 -ui
ports:
- 8500: 8500
depends_on:
- consul2
- consul3
networks:
- byfn
Copy the codeYml shows that the Docker-comemage. yml cluster has four nodes on Consul, and node1 to node3 are on Consul Server to form a cluster. Node4 joins the cluster as a client and maps port 8500 of the host to port 8500 of the container. Ports: -85:8500 Provides Consul UI using the command parameter -UI, which can be accessed from 8500 of the host.
Command-line Options
- -bootstrap-expect – Consul Specifies the expected number of Server nodes in a DATA center, which applies only to Server mode.
-bootstrap-expect=3Indicates that Consul starts only when the number of servers added to the cluster reaches 3. - -node – Specifies the name of the node in the cluster. It must be unique in the cluster.
- – bind-bind specifies the address for communication between clusters. The default is “0.0.0.0”, meaning Consul binds all addresses of the local machine and retrives the first available private IPV4 address to broadcast to the rest of the cluster.
- -retry-join – Joins the cluster and supports retry.
- -server – Agent is in Consul server mode.
- -client – Binds the IP address of the client interface, including the HTTP server and DNS server. The default value is 127.0.0.1.
- – UI – Enables the built-in Web UI.
- -datacenter -datacenter name. The default value is dc1.
For details about parameters, see the gateway documentation: Consul Configuration
In addition to configuring Consul with parameters in the start command, you can configure Consul by specifying a configuration directory or configuration file using -config-dir or -config-file. Consul scans the.json or.hcl file in the directory specified by -config-dir.
Enter a Consul cluster consisting of three Sever nodes and a Client and start running naked.
ACLs, and encryption
Consul uses ACLs to provide data and interface protection. Consul can also encrypt RPC data for communication between clusters.
Configure ACLs. According to the official documentation to the Bootstrap the ACL System will ACL. HCL in the configuration directory, Consul can quote file format error.
Finally add the following two configurations:
- acl.json
{
"acl_datacenter": "dc1"."acl_master_token": "2a825e81-b249-444d-a18e-ab9c8ece6059"
}
Copy the codeConsul’s tokens need to be noted.
The acl_master_token has the highest permission. The acl_token is used to request resources. The acl_token has the operation permission on some resources, for example, the read permission on a key. Acl_master_token is the Token provided for enabling an ACL. The ACl_agent_token is obtained through the API, and then sent to subsequent agents in the cluster for ACL authentication.
curl \
--request PUT \
--header "X-Consul-Token: 2a825e81-b249-444d-a18e-ab9c8ece6059" \
--data \
'{ "Name": "Agent Token", "Type": "client", "Rules": "node \"\" { policy = \"write\" } service \"\" { policy = \"read\" }" }'{http://127.0.0.1:8500/v1/acl/create"ID": "your-agent-token"}
Copy the code- encrypt.json
{
"encrypt": "your-encrypt-key"
}
Copy the codeModify ` docker – compose. Yml
version: '2'
networks:
byfn:
services:
consul1:
image: consul
container_name: node1
volumes:
- /home/consul/conf:/consul/config
command: agent -server -bootstrap-expect=3 -node=node1 - the bind = 0.0.0.0 - client = 0.0.0.0 -config-dir=/consul/config
networks:
- byfn
consul2:
image: consul
container_name: node2
volumes:
- /home/consul/conf:/consul/config
command: agent -server -retry-join=node1 -node=node2 - the bind = 0.0.0.0 - client = 0.0.0.0 -config-dir=/consul/config
ports:
- 8500: 8500
depends_on:
- consul1
networks:
- byfn
consul3:
image: consul
volumes:
- /home/consul/conf:/consul/config
container_name: node3
command: agent -server -retry-join=node1 -node=node3 - the bind = 0.0.0.0 - client = 0.0.0.0 -config-dir=/consul/config
depends_on:
- consul1
networks:
- byfn
consul4:
image: consul
container_name: node4
volumes:
- /home/consul/conf:/consul/config
command: agent -retry-join=node1 -node=ndoe4 - the bind = 0.0.0.0 - client = 0.0.0.0 -ui -config-dir=/consul/config
ports:
- 8501: 8500
depends_on:
- consul2
- consul3
networks:
- byfn
consul5:
image: consul
container_name: node5
volumes:
- /home/consul/conf_without_acl:/consul/config
command: agent -retry-join=node1 -node=ndoe5 - the bind = 0.0.0.0 - client = 0.0.0.0 -config-dir=/consul/config
ports:
- 8502: 8500
depends_on:
- consul2
- consul3
networks:
- byfn
Copy the codeModify the content
- through
volumesThe configuration directory was mounted to the container. - The configuration directory was specified by modifying command.
- Added a non-authenticated Consul client to verify the effect of ACL Token.