Zum Inhalt

Consul

generieren

Umfassende HashiCorp Konsul-Befehle und Workflows für Service-Entdeckung, Konfigurationsmanagement und Service-Netz.

Installation und Inbetriebnahme

Command Description
consul version Show Consul version
consul agent -dev Start development agent
consul agent -config-dir=/etc/consul.d Start with configuration
consul members List cluster members
consul info Show agent information

Personalmanagement

Grundlegende Agentenoperationen

Command Description
consul agent -server -bootstrap-expect=3 Start server agent
consul agent -client=0.0.0.0 Start client agent
consul join 192.168.1.100 Join cluster
consul leave Gracefully leave cluster
consul reload Reload configuration

Agent Configuration

Command Description
consul validate /etc/consul.d Validate configuration
consul configtest Test configuration

Service Discovery

Service Anmeldung

Command Description
consul services register service.json Register service from file
consul services deregister service-id Deregister service
consul catalog services List all services
consul catalog nodes List all nodes

Service Quers

Command Description
consul catalog service web List instances of service
consul catalog service web -tag production Filter by tag
consul health service web Health check status
consul health node node1 Node health status

DNS Schnittstelle

Command Description
dig @127.0.0.1 -p 8600 web.service.consul Query service via DNS
dig @127.0.0.1 -p 8600 web.service.dc1.consul Query specific datacenter
dig @127.0.0.1 -p 8600 node1.node.consul Query node via DNS

Key-Value Store

KV Operationen

Command Description
consul kv put config/database/url "postgresql://..." Store key-value
consul kv get config/database/url Retrieve value
consul kv get -recurse config/ Get all keys under prefix
consul kv delete config/database/url Delete key
consul kv delete -recurse config/ Delete all keys under prefix

KV Advanced Operations

Command Description
consul kv put -cas -modify-index=123 config/app/version "2.0" Conditional update
consul kv get -detailed config/app/version Get with metadata
consul kv export config/ Export keys
consul kv import @backup.json Import keys

Gesundheitschecks

Gesundheitscheck Management

Command Description
consul health checks List all health checks
consul health checks web List checks for service
consul health state critical List critical checks
consul health state passing List passing checks

Zugangskontrolllisten (ACLs)

ACL Management

Command Description
consul acl bootstrap Bootstrap ACL system
consul acl token create -description="Web service token" Create token
consul acl token list List tokens
consul acl token delete TOKEN_ID Delete token

ACL Richtlinien

Command Description
consul acl policy create -name web-policy -rules @policy.hcl Create policy
consul acl policy list List policies
consul acl policy read web-policy Read policy
consul acl policy update -id POLICY_ID -rules @new-policy.hcl Update policy

Verbinden (Service Mesh)

Konfigurieren verbinden

Command Description
consul connect ca get-config Get CA configuration
consul connect ca set-config -config-file ca.json Set CA configuration
consul connect proxy -service web Start Connect proxy

Absichten

Command Description
consul intention create web db Allow web to connect to db
consul intention create -deny web cache Deny web to cache
consul intention list List all intentions
consul intention delete web db Delete intention

Konfigurationseinträge

Service Konfiguration

Command Description
consul config write service-defaults.hcl Write service defaults
consul config write proxy-defaults.hcl Write proxy defaults
consul config list -kind service-defaults List configurations
consul config read -kind service-defaults -name web Read configuration
consul config delete -kind service-defaults -name web Delete configuration

Snapshots und Backups

Schnappschuss Operationen

Command Description
consul snapshot save backup.snap Create snapshot
consul snapshot restore backup.snap Restore snapshot
consul snapshot inspect backup.snap Inspect snapshot

Überwachung und Debugging

Überwachungsbefehle

Command Description
consul monitor Stream logs
consul monitor -log-level=DEBUG Debug level logs
consul debug Collect debug information
consul operator raft list-peers List Raft peers

Leistung

Command Description
consul operator autopilot get-config Get autopilot config
consul operator autopilot set-config -cleanup-dead-servers=true Set autopilot config

Konfigurationsbeispiele

Serverkonfiguration

```hcl datacenter = "dc1" data_dir = "/opt/consul" log_level = "INFO" node_name = "consul-server-1" server = true bootstrap_expect = 3 retry_join = ["10.0.1.10", "10.0.1.11"]

bind_addr = "10.0.1.10" client_addr = "0.0.0.0"

ui_config \\{ enabled = true \\}

connect \\{ enabled = true \\}

acl = \\{ enabled = true default_policy = "deny" enable_token_persistence = true \\} ```_

Client Konfiguration

```hcl datacenter = "dc1" data_dir = "/opt/consul" log_level = "INFO" node_name = "consul-client-1" retry_join = ["10.0.1.10", "10.0.1.11", "10.0.1.12"]

bind_addr = "10.0.1.20" client_addr = "127.0.0.1"

services \\{ name = "web" port = 80 tags = ["production", "v1.0"]

check \\{ http = "http://localhost:80/health" interval = "10s" \\} \\} ```_

Begriffsbestimmung

json \\\\{ "service": \\\\{ "name": "web", "port": 80, "tags": ["production"], "check": \\\\{ "http": "http://localhost:80/health", "interval": "10s" \\\\}, "connect": \\\\{ "sidecar_service": \\\\{\\\\} \\\\} \\\\} \\\\}_

ACL-Politik

```hcl node_prefix "" \\{ policy = "read" \\}

service_prefix "" \\{ policy = "read" \\}

service "web" \\{ policy = "write" \\}

key_prefix "config/web/" \\{ policy = "write" \\}

session_prefix "" \\{ policy = "read" \\} ```_

Service Mesh Konfiguration

Proxy Defaults

```hcl Kind = "proxy-defaults" Name = "global"

Config \\{ protocol = "http" \\}

MeshGateway \\{ Mode = "local" \\} ```_

Service Defaults

```hcl Kind = "service-defaults" Name = "web"

Protocol = "http"

MeshGateway \\{ Mode = "local" \\}

Expose \\{ Checks = true Paths = [ \\{ Path = "/health" LocalPathPort = 8080 ListenerPort = 21500 \\} ] \\} ```_

Multi-Datacenter Setup

WAN Federation

Command Description
consul join -wan 192.168.2.10 Join WAN
consul members -wan List WAN members
consul catalog datacenters List datacenters

Cross-DC Queries

Command Description
consul catalog service web -datacenter dc2 Query service in DC2
dig @127.0.0.1 -p 8600 web.service.dc2.consul DNS query to DC2

Fehlerbehebung

Gemeinsame Themen

Command Description
consul operator raft list-peers Check Raft cluster state
consul debug -duration=30s Collect debug info
consul validate /etc/consul.d Validate configuration
consul members -detailed Detailed member information

Analyse der Ergebnisse

Command Description
consul monitor -log-level=TRACE Trace level logging
journalctl -u consul -f Follow systemd logs

Best Practices

Sicherheit

  1. **Enable ACLs*: Verwenden Sie immer ACLs in der Produktion
  2. **TLS Verschlüsselung*: Aktivieren Sie TLS für alle Kommunikation
  3. **Gossip Verschlüsselung*: Verwendung gossip Verschlüsselung
  4. Network Segmentation: Richtige Netzwerksicherheit
  5. Token Management: Token regelmäßig rotieren

Leistung

  1. Resource Allocation: Angemessene CPU und Speicher
  2. Network Latency: Netzwerklatenz minimieren
  3. Disk I/O: Verwenden Sie schnelle Speicherung für Datenverzeichnis
  4. Cluster Größe: Optimale Cluster-Größe
  5. Monitoring: Umfassendes Monitoring

Operationen

  1. **Backup-Strategie*: Regelmäßige Snapshots
  2. Hochgradsplanung: Vorsichtige Upgradeverfahren
  3. **Gesundheitsüberwachung* Überwachung der Gesundheitsüberwachung
  4. **Kapazitätsplanung*: Wachstumsplan
  5. Dokumentation*: Dokumentendienst Topologie

Entwicklung

  1. Service Registrierung: Richtige Service-Definitionen
  2. **Gesundheitskontrollen*: Umfassende Gesundheitskontrollen
  3. ** Konfigurationsmanagement*: KV Store effektiv nutzen
  4. Service Discovery: Implementieren Sie richtige Entdeckungsmuster
  5. Test: Test-Service-Netzkonfigurationen