Docker 部署 Consul

作者: Anoyi

2019.05.05 15:37*

▶ 部署 Consul

执行命令

docker run -d --name consul -p 8500:8500 consul

端口说明

挂载说明

  • /consul/data:持久化数据存储
  • /consul/config:配置文件

Consul 配置

▶ Deploy Single Consul With ACL In Production

1、生成 UUID,用于 Master Token

# Mac OS
$ uuidgen
29F747C5-F4F3-426B-805D-0ABF3109D7CB

2、创建配置文件 consul/config/basic_basic_config.json,示例:

{
  "datacenter": "anoyi",
  "data_dir": "/consul/data",
  "log_level": "INFO",
  "node_name": "config-server",
  "server": true,
  "ui": true,
  "bootstrap_expect": 1,
  "addresses": {
    "https": "0.0.0.0"
  },
  "ports": {
    "http": 8500
  },
  "primary_datacenter": "anoyi",
  "acl": {
    "enabled": true,
    "default_policy": "deny",
    "enable_token_persistence": true,
    "tokens": {
      "master": "29F747C5-F4F3-426B-805D-0ABF3109D7CB",
      "default": "29F747C5-F4F3-426B-805D-0ABF3109D7CB"
    }
  }
}

3、运行 Consul

docker run -it --rm --name consul -v `pwd`/config:/consul/config -p 8500:8500 consul agent

4、创建 Policy

docker exec -it consul \
consul acl policy create -name default-policy \
-rules "node \"config-server\" { policy = \"write\" }" \
-token 29F747C5-F4F3-426B-805D-0ABF3109D7CB

output example:

ID:           1e94edab-c8f1-e805-a7ed-7cfd90b72e11
Name:         default-policy
Description:
Datacenters:
Rules:
node "config-server" { policy = "write" }

5、创建 Agent Access Token

docker exec -it consul \
consul acl token create -description "config-server agent token" \
-policy-name default-policy \
-token 29F747C5-F4F3-426B-805D-0ABF3109D7CB

output example:

AccessorID:       194a55d1-e992-7416-9548-3a81a36335aa
SecretID:         49fe7889-8611-bd52-01b8-d34c8aff6b25
Description:      config-server agent token
Local:            false
Create Time:      2019-05-10 06:33:08.6721898 +0000 UTC
Policies:
   1e94edab-c8f1-e805-a7ed-7cfd90b72e11 - default-policy

此处 SecretID 即为 Agent Token

6、为 Agent 添加 Token

docker exec -it consul \
consul acl set-agent-token \
-token 29F747C5-F4F3-426B-805D-0ABF3109D7CB \
agent 49fe7889-8611-bd52-01b8-d34c8aff6b25

▶ 部署 Consul 集群

待补充。。。

▶ 相关地址

评论

评论

昵称
邮箱