Esta es la parte 1 de una guía práctica de 2 partes para HashiCorp Consul. Esta parte se centra principalmente en comprender los problemas que el Cónsul resuelve y cómo los resuelve. La segunda parte está más centrada en la aplicación práctica de Consul en un ejemplo de la vida real y se publicará la próxima semana. Empecemos.
¿Qué tal configurar una red de servicios segura, personalizable y detectable con una sola herramienta?
¿Qué pasa si le decimos que esta herramienta es independiente de la plataforma y está lista para la nube?
Y viene como un solo archivo binario.
Todo esto es cierto. La herramienta de la que estamos hablando es el Cónsul de HashiCorp .
Consul proporciona descubrimiento de servicios , verificación de estado , equilibrio de carga , gráfico de servicio , aplicación de identidad con TLS y administración de configuración de servicios distribuidos .
Consul , .
:
("") — A, B, C D
("") — A, B, C D
HashiCorp Consul – , , , , , , TLS . Consul control plane service mesh.
HashiCorp Consul ,
, Consul HashiCorp .
, . , . , .
- (SOA)
, .
, HashiCorp Consul, . -, (, A), ( B), ( ) ( D).
, — , — .
: , , A, , .
production.
, , D.
. .
, .
, :
, SOA-
:
A SOA-
, . , .
, , .
, Consul
, . — . , .
, . , , .
A , B. , A B, B?
A
A , B. , . , , , .
,
IP-, .
, . IP- , .
, . , . .
. , , . , .
.
Consul
Consul , . . .
Consul A
A B, B, B. , .
Consul (health-checks) . (health-check), . , , .
, , Consul . , .
Consul .
. Consul , , .
.
, Consul
, , , - YAML, XML JSON. , .
,
, . , .
, . .
, . , .
. .
, , , .
Consul — .
Consul’s KV
Consul . , .
. . .
, Consul
, .
. , .
— . .
— , . .
, . , .
.
. , .
, - . , .
, , .
SOA
Consul TLS.
Consul
Consul , , . Consul Consul Connect.
Consul Connect , , . , , A B, B C.
, IP-. . . , , IP- . .
Consul Connect , TLS. TLS, .
. TLS . .
Consul TLS , . Sidecar. - - .
. , .
Consul
Consul . , .
, Consul, Consul. Consul.
Consul , . /.
Consul — , .
Consul , HashiCorp 3-5 , . Consul. , .
. HashiCorp .
Consul . Consul .
Consul ,
, Consul Consul. Consul Consul.
Consul
Consul , .
, Consul , - HashiCorps Consul GitHub.
Consul .
Consul — Consul.
Consul
Consul .
$ wget https://releases.hashicorp.com/consul/1.4.3/consul_1.4.3_linux_amd64.zip -O consul.zip --2019-03-10 00:14:07-- https://releases.hashicorp.com/consul/1.4.3/consul_1.4.3_linux_amd64.zip Resolving releases.hashicorp.com (releases.hashicorp.com)... 151.101.37.183, 2a04:4e42:9::439 Connecting to releases.hashicorp.com (releases.hashicorp.com)|151.101.37.183|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 34777003 (33M) [application/zip] Saving to: ‘consul.zip’ consul.zip 100%[============================>] 33.17M 4.46MB/s in 9.2s 2019-03-10 00:14:17 (3.60 MB/s) - ‘consul.zip’ saved [34777003/34777003]
zip-.
$ unzip consul.zip Archive: consul.zip inflating: consul
PATH.
$ export PATH="$PATH:/path/to/consul"
Consul
, .
$ consul agent -dev ==> Starting Consul agent... ==> Consul agent running! Version: 'v1.4.2' Node ID: 'ef46ebb7-3496-346f-f67a-30117cfec0ad' Node name: 'devcube' Datacenter: 'dc1' (Segment: '<all>') Server: true (Bootstrap: false) Client Addr: [127.0.0.1] (HTTP: 8500, HTTPS: -1, gRPC: 8502, DNS: 8600) Cluster Addr: 127.0.0.1 (LAN: 8301, WAN: 8302) Encrypt: Gossip: false, TLS-Outgoing: false, TLS-Incoming: false ==> Log data will now stream in as it occurs: 2019/03/04 00:38:01 [DEBUG] agent: Using random ID "ef46ebb7-3496-346f-f67a-30117cfec0ad" as node ID 2019/03/04 00:38:01 [INFO] raft: Initial configuration (index=1): [{Suffrage:Voter ID:ef46ebb7-3496-346f-f67a-30117cfec0ad Address:127.0.0.1:8300}] 2019/03/04 00:38:01 [INFO] raft: Node at 127.0.0.1:8300 [Follower] entering Follower state (Leader: "") 2019/03/04 00:38:01 [INFO] serf: EventMemberJoin: devcube.dc1 127.0.0.1 2019/03/04 00:38:01 [INFO] serf: EventMemberJoin: devcube 127.0.0.1 2019/03/04 00:38:01 [INFO] consul: Adding LAN server devcube (Addr: tcp/127.0.0.1:8300) (DC: dc1) 2019/03/04 00:38:01 [INFO] consul: Handled member-join event for server "devcube.dc1" in area "wan" 2019/03/04 00:38:01 [DEBUG] agent/proxy: managed Connect proxy manager started 2019/03/04 00:38:01 [WARN] raft: Heartbeat timeout from "" reached, starting election 2019/03/04 00:38:01 [INFO] raft: Node at 127.0.0.1:8300 [Candidate] entering Candidate state in term 2 2019/03/04 00:38:01 [DEBUG] raft: Votes needed: 1 2019/03/04 00:38:01 [DEBUG] raft: Vote granted from ef46ebb7-3496-346f-f67a-30117cfec0ad in term 2. Tally: 1 2019/03/04 00:38:01 [INFO] raft: Election won. Tally: 1 2019/03/04 00:38:01 [INFO] raft: Node at 127.0.0.1:8300 [Leader] entering Leader state 2019/03/04 00:38:01 [INFO] consul: cluster leadership acquired 2019/03/04 00:38:01 [INFO] consul: New leader elected: devcube 2019/03/04 00:38:01 [INFO] agent: Started DNS server 127.0.0.1:8600 (tcp) 2019/03/04 00:38:01 [INFO] agent: Started DNS server 127.0.0.1:8600 (udp) 2019/03/04 00:38:01 [INFO] agent: Started HTTP server on 127.0.0.1:8500 (tcp) 2019/03/04 00:38:01 [INFO] agent: Started gRPC server on 127.0.0.1:8502 (tcp) 2019/03/04 00:38:01 [INFO] agent: started state syncer 2019/03/04 00:38:01 [INFO] connect: initialized primary datacenter CA with provider "consul" 2019/03/04 00:38:01 [DEBUG] consul: Skipping self join check for "devcube" since the cluster is too small 2019/03/04 00:38:01 [INFO] consul: member 'devcube' joined, marking health alive 2019/03/04 00:38:01 [DEBUG] agent: Skipping remote check "serfHealth" since it is managed automatically 2019/03/04 00:38:01 [INFO] agent: Synced node info 2019/03/04 00:38:01 [DEBUG] agent: Node info in sync 2019/03/04 00:38:01 [DEBUG] agent: Skipping remote check "serfHealth" since it is managed automatically 2019/03/04 00:38:01 [DEBUG] agent: Node info in sync
.
Consul
, Consul.
$ consul members Node Address Status Type Build Protocol DC Segment devcube 127.0.0.1:8301 alive server 1.4.0 2 dc1 <all>
, , . , Consul.
gossip .
Consul HTTP API
Consul HTTP API, .
$ curl localhost:8500/v1/catalog/nodes [ { "ID": "ef46ebb7-3496-346f-f67a-30117cfec0ad", "Node": "devcube", "Address": "127.0.0.1", "Datacenter": "dc1", "TaggedAddresses": { "lan": "127.0.0.1", "wan": "127.0.0.1" }, "Meta": { "consul-network-segment": "" }, "CreateIndex": 9, "ModifyIndex": 10 } ]
DNS Consul
Consul DNS- . DNS 8600. .
$ dig @127.0.0.1 -p 8600 devcube.node.consul ; <<>> DiG 9.11.3-1ubuntu1.5-Ubuntu <<>> @127.0.0.1 -p 8600 devcube.node.consul ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42215 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;devcube.node.consul. IN A ;; ANSWER SECTION: devcube.node.consul. 0 IN A 127.0.0.1 ;; ADDITIONAL SECTION: devcube.node.consul. 0 IN TXT "consul-network-segment=" ;; Query time: 19 msec ;; SERVER: 127.0.0.1#8600(127.0.0.1) ;; WHEN: Mon Mar 04 00:45:44 IST 2019 ;; MSG SIZE rcvd: 100
Consul , HTTP API.
() Consul
() — . .
, consul.d — ‘.d’ , , consul.
$ mkdir ./consul.d
- Django, 80 .
$ echo '{"service": {"name": "web", "tags": ["django"], "port": 80}}' \ > ./consul.d/web.json
- , .
$ consul agent -dev -config-dir=./consul.d ==> Starting Consul agent... ==> Consul agent running! Version: 'v1.4.2' Node ID: '810f4804-dbce-03b1-056a-a81269ca90c1' Node name: 'devcube' Datacenter: 'dc1' (Segment: '<all>') Server: true (Bootstrap: false) Client Addr: [127.0.0.1] (HTTP: 8500, HTTPS: -1, gRPC: 8502, DNS: 8600) Cluster Addr: 127.0.0.1 (LAN: 8301, WAN: 8302) Encrypt: Gossip: false, TLS-Outgoing: false, TLS-Incoming: false ==> Log data will now stream in as it occurs: 2019/03/04 00:55:28 [DEBUG] agent: Using random ID "810f4804-dbce-03b1-056a-a81269ca90c1" as node ID 2019/03/04 00:55:28 [INFO] raft: Initial configuration (index=1): [{Suffrage:Voter ID:810f4804-dbce-03b1-056a-a81269ca90c1 Address:127.0.0.1:8300}] 2019/03/04 00:55:28 [INFO] raft: Node at 127.0.0.1:8300 [Follower] entering Follower state (Leader: "") 2019/03/04 00:55:28 [INFO] serf: EventMemberJoin: devcube.dc1 127.0.0.1 2019/03/04 00:55:28 [INFO] serf: EventMemberJoin: devcube 127.0.0.1 2019/03/04 00:55:28 [INFO] consul: Adding LAN server devcube (Addr: tcp/127.0.0.1:8300) (DC: dc1) 2019/03/04 00:55:28 [DEBUG] agent/proxy: managed Connect proxy manager started 2019/03/04 00:55:28 [INFO] consul: Handled member-join event for server "devcube.dc1" in area "wan" 2019/03/04 00:55:28 [INFO] agent: Started DNS server 127.0.0.1:8600 (udp) 2019/03/04 00:55:28 [INFO] agent: Started DNS server 127.0.0.1:8600 (tcp) 2019/03/04 00:55:28 [INFO] agent: Started HTTP server on 127.0.0.1:8500 (tcp) 2019/03/04 00:55:28 [INFO] agent: started state syncer 2019/03/04 00:55:28 [INFO] agent: Started gRPC server on 127.0.0.1:8502 (tcp) 2019/03/04 00:55:28 [WARN] raft: Heartbeat timeout from "" reached, starting election 2019/03/04 00:55:28 [INFO] raft: Node at 127.0.0.1:8300 [Candidate] entering Candidate state in term 2 2019/03/04 00:55:28 [DEBUG] raft: Votes needed: 1 2019/03/04 00:55:28 [DEBUG] raft: Vote granted from 810f4804-dbce-03b1-056a-a81269ca90c1 in term 2. Tally: 1 2019/03/04 00:55:28 [INFO] raft: Election won. Tally: 1 2019/03/04 00:55:28 [INFO] raft: Node at 127.0.0.1:8300 [Leader] entering Leader state 2019/03/04 00:55:28 [INFO] consul: cluster leadership acquired 2019/03/04 00:55:28 [INFO] consul: New leader elected: devcube 2019/03/04 00:55:28 [INFO] connect: initialized primary datacenter CA with provider "consul" 2019/03/04 00:55:28 [DEBUG] consul: Skipping self join check for "devcube" since the cluster is too small 2019/03/04 00:55:28 [INFO] consul: member 'devcube' joined, marking health alive 2019/03/04 00:55:28 [DEBUG] agent: Skipping remote check "serfHealth" since it is managed automatically 2019/03/04 00:55:28 [INFO] agent: Synced service "web" 2019/03/04 00:55:28 [DEBUG] agent: Node info in sync 2019/03/04 00:55:29 [DEBUG] agent: Skipping remote check "serfHealth" since it is managed automatically 2019/03/04 00:55:29 [DEBUG] agent: Service "web" in sync 2019/03/04 00:55:29 [DEBUG] agent: Node info in sync
— , web
. Consul . .
DNS Consul
DNS, . :
$ dig @127.0.0.1 -p 8600 web.service.consul ; <<>> DiG 9.11.3-1ubuntu1.5-Ubuntu <<>> @127.0.0.1 -p 8600 web.service.consul ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51488 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;web.service.consul. IN A ;; ANSWER SECTION: web.service.consul. 0 IN A 127.0.0.1 ;; ADDITIONAL SECTION: web.service.consul. 0 IN TXT "consul-network-segment=" ;; Query time: 0 msec ;; SERVER: 127.0.0.1#8600(127.0.0.1) ;; WHEN: Mon Mar 04 00:59:32 IST 2019 ;; MSG SIZE rcvd: 99
DNS , , .
$ dig @127.0.0.1 -p 8600 web.service.consul SRV ; <<>> DiG 9.11.3-1ubuntu1.5-Ubuntu <<>> @127.0.0.1 -p 8600 web.service.consul SRV ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 712 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 3 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;web.service.consul. IN SRV ;; ANSWER SECTION: web.service.consul. 0 IN SRV 1 1 80 devcube.node.dc1.consul. ;; ADDITIONAL SECTION: devcube.node.dc1.consul. 0 IN A 127.0.0.1 devcube.node.dc1.consul. 0 IN TXT "consul-network-segment=" ;; Query time: 0 msec ;; SERVER: 127.0.0.1#8600(127.0.0.1) ;; WHEN: Mon Mar 04 00:59:43 IST 2019 ;; MSG SIZE rcvd: 142
TAG, , :
$ dig @127.0.0.1 -p 8600 django.web.service.consul ; <<>> DiG 9.11.3-1ubuntu1.5-Ubuntu <<>> @127.0.0.1 -p 8600 django.web.service.consul ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12278 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;django.web.service.consul. IN A ;; ANSWER SECTION: django.web.service.consul. 0 IN A 127.0.0.1 ;; ADDITIONAL SECTION: django.web.service.consul. 0 IN TXT "consul-network-segment=" ;; Query time: 0 msec ;; SERVER: 127.0.0.1#8600(127.0.0.1) ;; WHEN: Mon Mar 04 01:01:17 IST 2019 ;; MSG SIZE rcvd: 106
Consul HTTP API
HTTP API:
$ curl http://localhost:8500/v1/catalog/service/web [ { "ID": "810f4804-dbce-03b1-056a-a81269ca90c1", "Node": "devcube", "Address": "127.0.0.1", "Datacenter": "dc1", "TaggedAddresses": { "lan": "127.0.0.1", "wan": "127.0.0.1" }, "NodeMeta": { "consul-network-segment": "" }, "ServiceKind": "", "ServiceID": "web", "ServiceName": "web", "ServiceTags": [ "django" ], "ServiceAddress": "", "ServiceWeights": { "Passing": 1, "Warning": 1 }, "ServiceMeta": {}, "ServicePort": 80, "ServiceEnableTagOverride": false, "ServiceProxyDestination": "", "ServiceProxy": {}, "ServiceConnect": {}, "CreateIndex": 10, "ModifyIndex": 10 } ]
HTTP API:
$ curl http://localhost:8500/v1/catalog/service/web?passing [ { "ID": "810f4804-dbce-03b1-056a-a81269ca90c1", "Node": "devcube", "Address": "127.0.0.1", "Datacenter": "dc1", "TaggedAddresses": { "lan": "127.0.0.1", "wan": "127.0.0.1" }, "NodeMeta": { "consul-network-segment": "" }, "ServiceKind": "", "ServiceID": "web", "ServiceName": "web", "ServiceTags": [ "django" ], "ServiceAddress": "", "ServiceWeights": { "Passing": 1, "Warning": 1 }, "ServiceMeta": {}, "ServicePort": 80, "ServiceEnableTagOverride": false, "ServiceProxyDestination": "", "ServiceProxy": {}, "ServiceConnect": {}, "CreateIndex": 10, "ModifyIndex": 10 } ]
Consul
Consul, .
. SIGHUP , Consul, SIGHUP , HTTP API, , .
$ ps aux | grep [c]onsul pranav 21289 2.4 0.3 177012 54924 pts/2 Sl+ 00:55 0:22 consul agent -dev -config-dir=./consul.d
SIGHUP 21289
$ kill -SIGHUP 21289
Consul
$ consul reload
.
Consul.
... 2019/03/04 01:10:46 [INFO] agent: Caught signal: hangup 2019/03/04 01:10:46 [INFO] agent: Reloading configuration... 2019/03/04 01:10:46 [DEBUG] agent: removed service "web" 2019/03/04 01:10:46 [INFO] agent: Synced service "web" 2019/03/04 01:10:46 [DEBUG] agent: Node info in sync ...
- Consul.
Consul - . 8500.
Consul , Consul -.
(Exploring) - Consul
, .
(Exploring) - Consul
, .
, - Consul.
, Consul Web UI , Consul.
Consul Zookeeper, doozerd etcd?
Consul , (health-check), -, -.
Zookeeper, doozerd etcd . - , , .
, Consul, , .
, /.
. Consul , .
. , . heartbeats TTL. health checks -. TTL.
Zookeeper, Consul -, , gossip. ( localhost), , .
- Consul Consul .
HashiCorp Consul
HashiCorp Consul.
Consul HashiCorp:
Consul Template — Consul. , HashiCorp Consul Vault. Consul consul-template.
Envconsul — Consul. Envconsul , HashiCorp Consul Vault.
Consul Replicate — Consul cross-DC KV . Consul consul-replicate.
Consul Migrate — Consul Consul 0.5.1+.
Consul , .
Confd — etcd consul.
Fabio — Fabio — , HTTP(S) TCP , Consul. consul, , Fabio . .
Registrator — Docker . Docker, .
Hashi-UI — HashiCorp Consul & Nomad.
Git2consul — git Consul KVs. git2consul git Consul KVs. , git , , Consul- .
Spring-cloud-consul — Consul Spring Boot Spring Spring. Consul.
Crypt — etcd consul.
Mesos-Consul — Mesos to Consul bridge . Mesos-Consul / , Mesos.
Consul-cli — Consul HTTP API.
. — . HashiCorp Consul , .
, Consul, , .
, , HashiCorp Consul .
, Consul. , . , , .
, - , .
HashiCorp Consul Guides and Code
PD: agregaré que también puede instalar el cónsul desde el repositorio de paquetes: https://www.hashicorp.com/blog/announcing-the-hashicorp-linux-repository