▶ 部署 Consul
执行命令
docker run -d --name consul -p 8500:8500 consul
端口说明
挂载说明
-
/consul/data:持久化数据存储 -
/consul/config:配置文件
Consul 配置
▶ Deploy Single Consul With ACL In Production
1、生成 UUID,用于 Master Token
# Mac OS
$ uuidgen
29F747C5-F4F3-426B-805D-0ABF3109D7CB
2、创建配置文件 consul/config/basic_config.json,示例:
{
"datacenter": "anoyi",
"data_dir": "/consul/data",
"log_level": "INFO",
"node_name": "config-server",
"server": true,
"ui": true,
"bootstrap_expect": 1,
"addresses": {
"https": "0.0.0.0"
},
"ports": {
"http": 8500
},
"primary_datacenter": "anoyi",
"acl": {
"enabled": true,
"default_policy": "deny",
"enable_token_persistence": true,
"tokens": {
"master": "29F747C5-F4F3-426B-805D-0ABF3109D7CB",
"default": "29F747C5-F4F3-426B-805D-0ABF3109D7CB"
}
}
}
3、运行 Consul
docker run -it --rm --name consul -v `pwd`/config:/consul/config -p 8500:8500 consul agent
4、创建 Policy
docker exec -it consul \
consul acl policy create -name default-policy \
-rules "node \"config-server\" { policy = \"write\" }" \
-token 29F747C5-F4F3-426B-805D-0ABF3109D7CB
output example:
ID: 1e94edab-c8f1-e805-a7ed-7cfd90b72e11
Name: default-policy
Description:
Datacenters:
Rules:
node "config-server" { policy = "write" }
5、创建 Agent Access Token
docker exec -it consul \
consul acl token create -description "config-server agent token" \
-policy-name default-policy \
-token 29F747C5-F4F3-426B-805D-0ABF3109D7CB
output example:
AccessorID: 194a55d1-e992-7416-9548-3a81a36335aa
SecretID: 49fe7889-8611-bd52-01b8-d34c8aff6b25
Description: config-server agent token
Local: false
Create Time: 2019-05-10 06:33:08.6721898 +0000 UTC
Policies:
1e94edab-c8f1-e805-a7ed-7cfd90b72e11 - default-policy
此处 SecretID 即为 Agent Token
6、为 Agent 添加 Token
docker exec -it consul \
consul acl set-agent-token \
-token 29F747C5-F4F3-426B-805D-0ABF3109D7CB \
agent 49fe7889-8611-bd52-01b8-d34c8aff6b25
▶ 部署 Consul 集群
待补充。。。
