Consumer cluster deployment-01

#####Reference article( https://blog.51cto.com/412166174/1975822)

About consumer

Consul includes multiple components, but as a whole, it provides service discovery and service configuration tools for your infrastructure. It provides the following key features:
Service discovery: the client of Consul can provide a service, such as api or mysql. Some other clients can use Consul to discover the provider of a specified service. Through DNS or HTTP applications, it is easy to find the services they depend on
The health check Consul client can provide any number of health checks, specify a service (for example, whether webserver returns 200 OK status code) or use a local node (for example, whether memory usage is greater than 90%). This information can be used by the operator to monitor the health of the cluster. The service discovery component is used to avoid sending traffic to unhealthy hosts
Key/Value storage applications can use Consul level Key/Value storage according to their own needs, such as dynamic configuration, function marking, coordination, leader election, etc. simple HTTP API makes it easier to use
Consul supports multiple data centers out of the box, which means users don't need to worry about creating additional abstraction layers to extend their business to multiple regions
Consul is DevOps and application developer friendly. It is a flexible infrastructure suitable for modern applications

Infrastructure

Consul is a distributed and highly available system. This section will contain some basic information. We will ignore some details so that you can quickly understand how consul works. For more details, please refer to the in-depth architecture description

A Consul agent is running in every stage of providing services to Consul. It is not necessary to run an agent to discover services or to set and obtain the data stored in key/value. This agent is responsible for health check of the node itself and the services on the node

The Agent interacts with one or more consul servers. Consul Server is used to store and copy data. The server selects a leader by itself. Although consul can run on one server, it is recommended to use 3 to 5 servers to avoid data loss in case of failure. Each data center is recommended to configure a server cluster

You need to find components of other services in your infrastructure. You can query any Consul server or agent.Agent The request is automatically forwarded to the server

A consul server cluster runs in each data. When a cross data center service discovery and configuration request is created, the local consul server forwards the request to the remote data center and returns the result

Consumer cluster planning

192.168.31.178 192.168.31.179 192.168.31.178
Server Client Client

192.168.31.178 server2
192.168.31.179 server3
192.168.31.178 server4

Consumer deployment

Download the latest 1.7.3 version of

[root@server2 etc]# cd /data/soft/
[root@server2 soft]# wget https://releases.hashicorp.com/consul/1.6.2/consul_1.6.2_linux_amd64.zip    
[root@server2 soft]# unzip consul_1.6.2_linux_amd64.zip
[root@server2 soft]# mv  consul  /usr/local/bin/consul
[root@server2 soft]# scp /usr/local/bin/consul  server3:/usr/local/bin/
[root@server2 soft]# scp /usr/local/bin/consul  server4:/usr/local/bin/
[root@server2 soft]# ansible all -m shell -a " mkdir -p /data/consul /etc/consul.d"

Configure client server

server2 192.168.31.78(server host)
      [root@server2 soft]# cat /etc/consul.d/consul_config.json
      {
          "advertise_addr": "192.168.31.178",
          "bind_addr": "192.168.31.178",
          "client_addr": "192.168.31.178",
          "ui": true,
          "log_level": "INFO",
          "domain": "consul",
          "node_name": "server2",
          "bootstrap_expect": 1,
          "server": true,
          "datacenter": "consul-cluster",
          "data_dir": "/data/consul/",
          "enable_syslog": true,
          "performance": {
            "raft_multiplier": 1
          },
          "dns_config": {
              "allow_stale": true,
              "max_stale": "15s"
          },
          "retry_join": [
              "192.168.31.178"
          ],
          "retry_interval": "10s",
          "skip_leave_on_interrupt": true,
          "leave_on_terminate": false,
          "ports": {
              "dns": 53,
              "http": 80
          },
          "recursors": [
              "114.114.114.114"
          ],
          "rejoin_after_leave": true,
          "addresses": {
              "http": "0.0.0.0",
              "dns": "0.0.0.0"
          }
     }
server3 192.168.31.79(client host)
   [root@server3 consul.d]# cat /etc/consul.d/consul_config.json 
   {
       "bind_addr": "192.168.31.179",
       "datacenter": "consul-cluster",
       "data_dir": "/data/consul/",
       "enable_script_checks": true,
       "node_name": "server3",
       "retry_join": ["192.168.31.178"],
       "start_join": ["192.168.31.178"],
       "rejoin_after_leave": true,
       "retry_interval": "15s"
   }
server4 192.168.31.180(client host)
  [root@server4 consul.d]# cat /etc/consul.d/consul_config.json 
  {
      "bind_addr": "192.168.31.180",
      "datacenter": "consul-cluster",
      "data_dir": "/data/consul/",
      "enable_script_checks": true,
      "node_name": "server4",
      "retry_join": ["192.168.31.178"],
      "start_join": ["192.168.31.178"],
      "rejoin_after_leave": true,
      "retry_interval": "15s"
  }

Start each node

 The primary node starts first: then the client node
   nohup consul agent -config-dir=/etc/consul.d > /data/consul/consul.log &

View node status

consul  members --http-addr 192.168.31.178

Then add the domain name resolution service in each node. Pay attention to put the primary node nameserver first, or you will not be able to dig detection

dig detection


ping detection

After deployment, you can also deploy the three server nodes, which need to be modified to

  {
      "advertise_addr": "192.168.31.178",  #Modify the corresponding host ip  
      "bind_addr": "192.168.31.178",    #Modify the corresponding host ip
      "client_addr": "192.168.31.178",   #Modify the corresponding host ip
      "ui": true,
      "log_level": "INFO",
      "domain": "consul",
      "node_name": "server2",
      "bootstrap_expect": 3,   #Number of nodes 3, 5 singular
      "server": true,
      "datacenter": "consul-cluster",
      "data_dir": "/data/consul/",
      "enable_syslog": true,
      "performance": {
        "raft_multiplier": 1
      },
      "dns_config": {
          "allow_stale": true,
          "max_stale": "15s"
      },
      "retry_join": [
          "192.168.31.178",
          "192.168.31.179",
          "192.168.31.180"
      ],
      "retry_interval": "10s",
      "skip_leave_on_interrupt": true,
      "leave_on_terminate": false,
      "ports": {
          "dns": 53,
          "http": 80
      },
      "recursors": [
          "114.114.114.114"
      ],
      "rejoin_after_leave": true,
      "addresses": {
          "http": "0.0.0.0",
          "dns": "0.0.0.0"
      }
  }

Common commands

 Agent runs a consumer agent consumer agent dev
 Join joins the agent to the consumer cluster consumer join IP
 Members list the members of the consumer cluster cluster
 Leave remove the node from the cluster consumer leave

Configuration introduction

 acl_datacenter: Only for server,designated datacenter Authority of ACL Information, all servers and datacenter Must agree ACL datacenter
 acl_default_policy: The default is allow
 acl_down_policy: 
 acl_master_token: 
 acl_token: agent Will use this token and consul server Make a request
 acl_ttl: control TTL Of cache,The default is 30 s
 addresses: A nested object, you can set the following key: dns,http,rpc
 advertise_addr: Equivalent to-advertise
 bootstrap: Equivalent to-bootstrap
 bootstrap_expect: Equivalent to-bootstrap-expect
 bind_addr: Equivalent to-bind
 ca_file: provide CA File path, used to check the link of client or server
 cert_file: Must and key_file Together
 check_update_interval: 
 client_addr: Equivalent to-client
 datacenter: Equivalent to-dc
 data_dir: Equivalent to-data-dir
 disable_anonymous_signature: Disable anonymous signature when checking for updates
 disable_remote_exec: Disable support for remote execution, set to true,agent Ignore all incoming remote execution requests
 disable_update_check: Disable automatic checking of security bulletins and new version information
 dns_config: Is a nested object that you can set the following parameters: allow_stale,max_stale,node_ttl ,service_ttl,enable_truncate
 domain: By default consul In progress DNS When querying, it is consul Domain, which can be modified through this parameter
 enable_debug: open debug pattern
 enable_syslog: Equivalent to-syslog
 encrypt: Equivalent to-encrypt
 key_file: Provide path for private key
 leave_on_terminate: The default is false,If is true,When agent Received one TERM When it does, it sends leave Information to other nodes in the cluster.
 log_level: Equivalent to-log-level
 node_name:Equivalent to-node
 ports: This is a nested object. You can set the following key: dns(dns Address: 8600),http(http api Address: 8500),rpc(rpc:8400),serf_lan(lan port:8301),serf_wan(wan port:8302),server(server rpc:8300)
 protocol: Equivalent to-protocol
 recursor: 
 rejoin_after_leave: Equivalent to-rejoin
 retry_join: Equivalent to-retry-join
 retry_interval: Equivalent to-retry-interval
 server: Equivalent to-server
 server_name: Will override TLS CA Of node_name,Can be used to confirm CA name and hostname Match
 skip_leave_on_interrupt: and leave_on_terminate Similar, but only affects the current handle
 start_join: The node address provided by a character array will be added at startup
 statsd_addr: 
 statsite_addr: 
 syslog_facility: When enable_syslog After being provided, this parameter controls which level of information is sent. By default Local0
 ui_dir: Equivalent to-ui-dir
 verify_incoming: default false,If is true,All access links need to use TLS,Client required ca_file provide ca Files, for consul server Because client Links never entered
 verify_outgoing: default false,If is true,All outgoing links need to use TLS,Need to be used by the server ca_file provide ca Documents, consul server and client Both need to be used because both have links to go out
 watches: watch A detailed list

Note that access to multiple data centers needs to be based on the corresponding datacenter



Tags: Linux DNS JSON MySQL ansible

Posted on Wed, 03 Jun 2020 11:02:10 -0400 by dancahill