因爲牽扯到自動註冊服務,需要在腳本中使用linux命令,所以不使用docker方式啓動consul,直接使用下載安裝包,命令啓動,具體如下:
consul最好使用集羣方式啓動,但考慮到服務器數量少的緣故,所以使用一臺機器即做服務端又做客戶端。
下載安裝包:
wget https://releases.hashicorp.com/consul/1.5.0/consul_1.5.0_linux_amd64.zip
解壓
unzip consul_1.5.0_linux_amd64.zip
cd consul_1.5.0
mv consul /usr/local/bin
創建目錄,配置ACL
mkdir -p /data/consul.d/
cd /data/consul.d/
vim acl.json
{
"acl_datacenter": "dc1", //需要acl配置的數據中心
"acl_master_token": "youtaidu", //這個可以自定義
"acl_default_policy": "deny", //默認策略所有的都禁止
"acl_down_policy": "extend-cache"
}
啓動consul並開啓acl驗證
consul agent -server -ui -bootstrap-expect=1 -data-dir=/data/consul/ -node=agent-one -advertise=47.106.167.101 -bind=0.0.0.0 -client=0.0.0.0 -config-dir=/data/consul.d
配置訪問token
curl \
--request PUT \
--header "X-Consul-Token: youtaidu" \
--data \
'{
"Name": "Agent Token",
"Type": "client",
"Rules": "node \"\" { policy = \"write\" } service \"\" { policy = \"read\" }"
}' http://47.106.167.101:8500/v1/acl/create
這個時候系統會生成一個token值類似下面
{
"ID": "9ec18863-cc1e-1204-fc2f-d027cc73ce8c"
}
嘗試手動註冊服務
curl -X PUT -d '{"id": "test1","name": "kibana","address": "47.106.167.101","port": 6379,"tags": ["dev1"]}' http://47.106.167.101:8500/v1/agent/service/register -H 'x-consul-token: youtaidu'
發現沒問題,嘗試刪除註冊服務
curl -X PUT -d '{"id": "test1","name": "kibana","address": "47.106.167.101","port": 6379,"tags": ["dev1"]}' http://47.106.167.101:8500/v1/agent/service/deregister/test1 -H 'x-consul-token: youtaidu'
刪除成功