因为牵扯到自动注册服务,需要在脚本中使用linux命令,所以不使用docker方式启动consul,直接使用下载安装包,命令启动,具体如下:
consul最好使用集群方式启动,但考虑到服务器数量少的缘故,所以使用一台机器即做服务端又做客户端。 下载安装包:
wget https://releases.hashicorp.com/consul/1.5.0/consul_1.5.0_linux_amd64.zip
解压
unzip consul_1.5.0_linux_amd64.zip
cd consul_1.5.0
mv consul /usr/local/bin
创建目录,配置ACL
mkdir -p /data/consul.d/
cd /data/consul.d/
vim acl.json
{
"acl_datacenter": "dc1", //需要acl配置的数据中心
"acl_master_token": "youtaidu", //这个可以自定义
"acl_default_policy": "deny", //默认策略所有的都禁止
"acl_down_policy": "extend-cache"
}
启动consul并开启acl验证
consul agent -server -ui -bootstrap-expect=1 -data-dir=/data/consul/ -node=agent-one -advertise=47.106.167.101 -bind=0.0.0.0 -client=0.0.0.0 -config-dir=/data/consul.d
配置访问token
curl \
--request PUT \
--header "X-Consul-Token: youtaidu" \
--data \
'{
"Name": "Agent Token",
"Type": "client",
"Rules": "node \"\" { policy = \"write\" } service \"\" { policy = \"read\" }"
}' http://47.106.167.101:8500/v1/acl/create
这个时候系统会生成一个token值类似下面
{
"ID": "9ec18863-cc1e-1204-fc2f-d027cc73ce8c"
}
尝试手动注册服务
curl -X PUT -d '{"id": "test1","name": "kibana","address": "47.106.167.101","port": 6379,"tags": ["dev1"]}' http://47.106.167.101:8500/v1/agent/service/register -H 'x-consul-token: youtaidu'
发现没问题,尝试删除注册服务
curl -X PUT -d '{"id": "test1","name": "kibana","address": "47.106.167.101","port": 6379,"tags": ["dev1"]}' http://47.106.167.101:8500/v1/agent/service/deregister/test1 -H 'x-consul-token: youtaidu'
删除成功