Consul是HashiCorp公司推出的开源工具,用于实验分布式系统的服务发现与配置
支持健康检查,允许存储键值对
基于Golang语言,可移植性强
支支持ACL访问控制
与Docker等轻量级容器可无缝配合
服务器名称 | 服务 |
---|---|
服务器:Consul/192.168.238.12 | Docker-ce、Compose 3、Consul、Consul-temple |
服务器:Registrator/192.168.238.13 | Docker-ce、Registrator |
实现单机网络下容器与容器之间胡同
使用Docker Compose 创建容器
搭建Consul服务实现自动发现和更新
iptables -F
setenforce 0
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
vim /etc/selinux/config
systemctl start docker.service
systemctl enable docker.service
cd /etc/docker/
ls
key.json
ifconfig
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
tee /etc/docker/daemon.json <<-'EOF'
> {
> "registry-mirrors": ["https://xxxxxxxx.mirror.aliyuncs.com"]
> }
> EOF
systemctl daemon-reload
systemctl restart docker
vim /etc/sysctl.conf
sysctl -p
net.ipv4.ip_forward = 1
systemctl restart network
systemctl restart docker
mkdir /root/consul
cd /root/
ls
anaconda-ks.cfg consul
cd consul/
rz -E
rz waiting to receive.
ls
consul_0.9.2_linux_amd64.zip
yum -y install unzip
unzip consul_0.9.2_linux_amd64.zip
ls
consul consul_0.9.2_linux_amd64.zip
mv consul /usr/bin/
consul agent \
> -server \
> -bootstrap \
> -ui \
> -data-dir=/var/lib/consul-data \
> -bind=192.168.238.12 \
> -client=0.0.0.0 \
> -node=consul-server01 &> /var/log/consul.log &
[1] 23225
consul members #查看集群信息
Node Address Status Type Build Protocol DC
consul-server01 192.168.238.12:8301 alive server 0.9.2 2 dc1
consul info | grep leader
leader = true
leader_addr = 192.168.238.12:8300
#通过httpd api获取集群信息
curl 127.0.0.1:8500/v1/status/peers #查看集群server成员
["192.168.238.12:8300"]
curl 127.0.0.1:8500/v1/status/leader #集群Ref leader
"192.168.238.12:8300"
curl 127.0.0.1:8500/v1/catalog/services #注册的所有服务
{"consul":[]}
curl 127.0.0.1:8500/v1/catalog/nginx #查看nginx的服务信息
curl 127.0.0.1:8500/v1/catalog/nodes #集群节点详细信息
[{"ID":"80d89da0-552d-24e3-a04a-df339e906ca3","Node":"consul-server01","Address":"192.168.238.12","Datacenter":"dc1","TaggedAddresses":{"lan":"192.168.238.12","wan":"192.168.238.12"},"Meta":{},"CreateIndex":5,"ModifyIndex":6}]
1、安装Gliderlabs/Registrator Gliderlabs/Registrator
可检查容器运行状态自动注册,还可注销Docker容器的服务到服务配置中心
目前支持Consul、Etcd和SkyDNS2
在192.168.238.13节点上
[root@c2 docker]# docker run -d \
> --name=registrator \
> --net=host \
> -v /var/run/docker.sock:/tmp/docker.sock \
> --restart=always \
> gliderlabs/registrator:latest \
> -ip=192.168.238.13 \
> consul://192.168.238.12:8500
Unable to find image 'gliderlabs/registrator:latest' locally
latest: Pulling from gliderlabs/registrator
Image docker.io/gliderlabs/registrator:latest uses outdated schema1 manifest format. Please upgrade to a schema2 image for better future compatibility. More information at https://docs.docker.com/registry/spec/deprecated-schema-v1/
c87f684ee1c2: Pull complete
a0559c0b3676: Pull complete
a28552c49839: Pull complete
Digest: sha256:6e708681dd52e28f4f39d048ac75376c9a762c44b3d75b2824173f8364e52c10
Status: Downloaded newer image for gliderlabs/registrator:latest
dbc10c4671f7d7cd49b78b00a355735cbb005a6005abef3289a4a44a13e43f15
2、测试服务发现功能是否正常
docker run -itd -p:81:80 --name test-01 -h test01 nginx
Unable to find image 'nginx:latest' locally
latest: Pulling from library/nginx
a076a628af6f: Pull complete
0732ab25fa22: Pull complete
d7f36f6fe38f: Pull complete
f72584a26f32: Pull complete
7125e4df9063: Pull complete
Digest: sha256:10b8cc432d56da8b61b070f4c7d2543a9ed17c2b23010b43af434fd40e2ca4aa
Status: Downloaded newer image for nginx:latest
68a395bcc3dfee6ce598609aa00b3064e16a2f1e6afdf1b6eef48815b469d9a9
docker run -itd -p:82:80 --name test-02 -h test02 nginx
8a2b99cee64129508879be56217ab0e6fe1742728c8508e5259fd570bf776926
docker run -itd -p:83:80 --name test-03 -h test03 httpd
Unable to find image 'httpd:latest' locally
latest: Pulling from library/httpd
a076a628af6f: Already exists
e444656f7792: Pull complete
0ec35e191b09: Pull complete
4aad5d8db1a6: Pull complete
eb1da3ea630f: Pull complete
Digest: sha256:2fab99fb3b1c7ddfa99d7dc55de8dad0a62dbe3e7c605d78ecbdf2c6c49fd636
Status: Downloaded newer image for httpd:latest
94498581e4e12828fc526d5b20956d0e149faadb345c51511e39c2f0b108241e
docker run -itd -p:84:80 --name test-04 -h test04 httpd
cdc55c2f157d5745311bb56f9696728adf2102037fdb9e0825f310d30eff6715
3、验证http和nginx服务是否注册到consul
docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
cdc55c2f157d httpd "httpd-foreground" 27 seconds ago Up 26 seconds 0.0.0.0:84->80/tcp test-04
94498581e4e1 httpd "httpd-foreground" 36 seconds ago Up 35 seconds 0.0.0.0:83->80/tcp test-03
8a2b99cee641 nginx "/docker-entrypoint.…" 3 minutes ago Up 3 minutes 0.0.0.0:82->80/tcp test-02
68a395bcc3df nginx "/docker-entrypoint.…" 19 minutes ago Up 19 minutes 0.0.0.0:81->80/tcp test-01
dbc10c4671f7 gliderlabs/registrator:latest "/bin/registrator -i…" 56 minutes ago Up 56 minutes registrator
浏览器输入http://192.168.238.12:8500,单机“NODES”,然后单击“consul-server01”,会发现5个服务
curl 127.0.0.1:8500/v1/catalog/services
{"consul":[],"httpd":[],"nginx":[]}
4、安装consul-template
Consul-Template是一个守护进程,用于实时查询Consul集群信息,
并更新文件系统上任意数量的指定模板,生成配置文件。更新完成以后,可以选择运行shell命令执行更新操作,重新加载nginx。Consul-Template特别适合动态创建配置文件。
例如创建Apache、Nginx Proxy Balancers、Haproxy Backends
5、准备template nginx模板文件
consul服务器
vim /root/consul/nginx.ctmpl
upstream http_backend {
{{range service "nginx"}}
server {{.Address}}:{{.Port}};
{{end}}
}
server {
listten 90;
server_name localhost 192.168.238.12;
access_log /var/log/nginx/xyw/cn_access.log;
index index.html index.php;
location / {
proxy_set_header HOST $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Client-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://http_backend;
}
}
6、编译安装nginx
yum -y install gcc pcre-devel zlib-devel
cd /opt/
rz -E
rz waiting to receive.
ls
containerd nginx-1.12.0.tar.gz
tar zxvf nginx-1.12.0.tar.gz -C /opt/
cd /opt/nginx-1.12.0
./configure --prefix=/usr/local/nginx
make && make install
7、配置nginx
vim /usr/local/nginx/conf/nginx.conf
http {
include mime.types;
include vhost/*.conf; #添加虚拟主机目录
default_type application/octet-stream;
mkdir /usr/local/nginx/conf/vhost #创建虚拟主机目录
mkdir /var/log/nginx #创建日志文件目录
/usr/local/nginx/sbin/nginx #启动nginx
netstat -natp | grep nginx
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 29451/nginx: master
8、配置并启动template
#上传consul-template_0.19.3_linux_amd64.zip到/root目录下
[root@c1 opt]# rz -E
rz waiting to receive.
ls
consul-template_0.19.3_linux_amd64.zip containerd nginx-1.12.0 nginx-1.12.0.tar.gz
unzip consul-template_0.19.3_linux_amd64.zip
ls
consul-template containerd nginx-1.12.0.tar.gz
consul-template_0.19.3_linux_amd64.zip nginx-1.12.0
mv consul-template /usr/bin/
consul-template -consul-addr 192.168.238.12:8500 \
> -template "/root/consul/nginx.ctmpl:/usr/local/nginx/conf/vhost/xyw.conf:/usr/local/nginx/sbin/nginx -s reload" \
> --log-level=info
consul-template -consul-addr 192.168.238.12:8500 -template "/root/consul/nginx.ctmpl:/usr/local/nginx/conf/vhost/xyw.conf:/usr/local/nginx/sbin/nginx -s reload" --log-level=info
#另外打开一个终端查看生成配置文件
cd /usr/local/nginx/conf/vhost/
ls
xyw.conf
cat xyw.conf
upstream http_backend {
server 192.168.238.13:81;
server 192.168.238.13:82;
}
server {
listen 83;
server_name localhost 192.168.238.12;
access_log /var/log/nginx/xyw.cn_access.log;
index index.html index.php;
location / {
proxy_set_header HOST $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Client-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://http_backend;
}
}
在registrator服务器192.168.238.13节点上
docker run -itd -p:85:80 --name test-05 -h test05 nginx
8940bf8f8bfed3b182f2c164eb883a5154a22203f7bb63038a420445242eb451
#consul服务器上监控装填会与提示自动更新
2021/03/26 05:58:49.259598 [INFO] (runner) initiating run
2021/03/26 05:58:49.261431 [INFO] (runner) rendered "/root/consul/nginx.ctmpl" => "/usr/local/nginx/conf/vhost/xyw.conf"
2021/03/26 05:58:49.261467 [INFO] (runner) executing command "/usr/local/nginx/sbin/nginx -s reload" from "/root/consul/nginx.ctmpl" => "/usr/local/nginx/conf/vhost/xyw.conf"
2021/03/26 05:58:49.261496 [INFO] (child) spawning: /usr/local/nginx/sbin/nginx -s reload
浏览器中搜索http://192.168.238.12:83
#查看nginx容器日志,请求正常轮询到各个容器节点上
docker logs -f test-01
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
192.168.238.12 - - [26/Mar/2021:06:28:43 +0000] "GET / HTTP/1.0" 200 612 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36" "192.168.238.1"
192.168.238.12 - - [26/Mar/2021:06:28:47 +0000] "GET / HTTP/1.0" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36" "192.168.238.1"
192.168.238.12 - - [26/Mar/2021:06:28:48 +0000] "GET / HTTP/1.0" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36" "192.168.238.1"
192.168.238.12 - - [26/Mar/2021:06:28:48 +0000] "GET / HTTP/1.0" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36" "192.168.238.1"
192.168.238.12 - - [26/Mar/2021:06:28:49 +0000] "GET / HTTP/1.0" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36" "192.168.238.1"
docker logs -f test-02
docker logs -f test-05
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
192.168.238.12 - - [26/Mar/2021:06:28:47 +0000] "GET / HTTP/1.0" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36" "192.168.238.1"
192.168.238.12 - - [26/Mar/2021:06:28:48 +0000] "GET / HTTP/1.0" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36" "192.168.238.1"
192.168.238.12 - - [26/Mar/2021:06:28:48 +0000] "GET / HTTP/1.0" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36" "192.168.238.1"
192.168.238.12 - - [26/Mar/2021:06:28:49 +0000] "GET / HTTP/1.0" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36" "192.168.238.1"
192.168.238.12 - - [26/Mar/2021:06:28:49 +0000] "GET / HTTP/1.0" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36" "192.168.238.1"
#添加一台已有docker环境的服务器192.168.195.128/24加入已有的群集中
consul agent \
-server \
-bootstrap \
-ui \
-data-dir=/var/lib/consul-data \
-bind=192.168.238.12 \
-client=0.0.0.0 \
-node=consul-server02 \
-enable-script-checks =true \
-datacenter=dc1 \
-join 192.168.238.12 &> /var/log/consul.log &
-enable-script-checks=true:设置检查服务为可用
-datacenter:数据中心名称
-join: 加入到已有的集群中