Zum Inhalt

Consul

generieren

Umfassende HashiCorp Konsul-Befehle und Workflows für Service-Entdeckung, Konfigurationsmanagement und Service-Netz.

Installation und Inbetriebnahme

| | Command | Description | | | --- | --- | | | consul version | Show Consul version | | | | consul agent -dev | Start development agent | | | | consul agent -config-dir=/etc/consul.d | Start with configuration | | | | consul members | List cluster members | | | | consul info | Show agent information | |

Personalmanagement

Grundlegende Agentenoperationen

| | Command | Description | | | --- | --- | | | consul agent -server -bootstrap-expect=3 | Start server agent | | | | consul agent -client=0.0.0.0 | Start client agent | | | | consul join 192.168.1.100 | Join cluster | | | | consul leave | Gracefully leave cluster | | | | consul reload | Reload configuration | |

Agent Configuration

| | Command | Description | | | --- | --- | | | consul validate /etc/consul.d | Validate configuration | | | | consul configtest | Test configuration | |

Service Discovery

Service Anmeldung

| | Command | Description | | | --- | --- | | | consul services register service.json | Register service from file | | | | consul services deregister service-id | Deregister service | | | | consul catalog services | List all services | | | | consul catalog nodes | List all nodes | |

Service Quers

| | Command | Description | | | --- | --- | | | consul catalog service web | List instances of service | | | | consul catalog service web -tag production | Filter by tag | | | | consul health service web | Health check status | | | | consul health node node1 | Node health status | |

DNS Schnittstelle

| | Command | Description | | | --- | --- | | | dig @127.0.0.1 -p 8600 web.service.consul | Query service via DNS | | | | dig @127.0.0.1 -p 8600 web.service.dc1.consul | Query specific datacenter | | | | dig @127.0.0.1 -p 8600 node1.node.consul | Query node via DNS | |

Key-Value Store

KV Operationen

| | Command | Description | | | --- | --- | | | consul kv put config/database/url "postgresql://..." | Store key-value | | | | consul kv get config/database/url | Retrieve value | | | | consul kv get -recurse config/ | Get all keys under prefix | | | | consul kv delete config/database/url | Delete key | | | | consul kv delete -recurse config/ | Delete all keys under prefix | |

KV Advanced Operations

| | Command | Description | | | --- | --- | | | consul kv put -cas -modify-index=123 config/app/version "2.0" | Conditional update | | | | consul kv get -detailed config/app/version | Get with metadata | | | | consul kv export config/ | Export keys | | | | consul kv import @backup.json | Import keys | |

Gesundheitschecks

Gesundheitscheck Management

| | Command | Description | | | --- | --- | | | consul health checks | List all health checks | | | | consul health checks web | List checks for service | | | | consul health state critical | List critical checks | | | | consul health state passing | List passing checks | |

Zugangskontrolllisten (ACLs)

ACL Management

| | Command | Description | | | --- | --- | | | consul acl bootstrap | Bootstrap ACL system | | | | consul acl token create -description="Web service token" | Create token | | | | consul acl token list | List tokens | | | | consul acl token delete TOKEN_ID | Delete token | |

ACL Richtlinien

| | Command | Description | | | --- | --- | | | consul acl policy create -name web-policy -rules @policy.hcl | Create policy | | | | consul acl policy list | List policies | | | | consul acl policy read web-policy | Read policy | | | | consul acl policy update -id POLICY_ID -rules @new-policy.hcl | Update policy | |

Verbinden (Service Mesh)

Konfigurieren verbinden

| | Command | Description | | | --- | --- | | | consul connect ca get-config | Get CA configuration | | | | consul connect ca set-config -config-file ca.json | Set CA configuration | | | | consul connect proxy -service web | Start Connect proxy | |

Absichten

| | Command | Description | | | --- | --- | | | consul intention create web db | Allow web to connect to db | | | | consul intention create -deny web cache | Deny web to cache | | | | consul intention list | List all intentions | | | | consul intention delete web db | Delete intention | |

Konfigurationseinträge

Service Konfiguration

| | Command | Description | | | --- | --- | | | consul config write service-defaults.hcl | Write service defaults | | | | consul config write proxy-defaults.hcl | Write proxy defaults | | | | consul config list -kind service-defaults | List configurations | | | | consul config read -kind service-defaults -name web | Read configuration | | | | consul config delete -kind service-defaults -name web | Delete configuration | |

Snapshots und Backups

Schnappschuss Operationen

| | Command | Description | | | --- | --- | | | consul snapshot save backup.snap | Create snapshot | | | | consul snapshot restore backup.snap | Restore snapshot | | | | consul snapshot inspect backup.snap | Inspect snapshot | |

Überwachung und Debugging

Überwachungsbefehle

| | Command | Description | | | --- | --- | | | consul monitor | Stream logs | | | | consul monitor -log-level=DEBUG | Debug level logs | | | | consul debug | Collect debug information | | | | consul operator raft list-peers | List Raft peers | |

Leistung

| | Command | Description | | | --- | --- | | | consul operator autopilot get-config | Get autopilot config | | | | consul operator autopilot set-config -cleanup-dead-servers=true | Set autopilot config | |

Konfigurationsbeispiele

Serverkonfiguration

```hcl datacenter = "dc1" data_dir = "/opt/consul" log_level = "INFO" node_name = "consul-server-1" server = true bootstrap_expect = 3 retry_join = ["10.0.1.10", "10.0.1.11"]

bind_addr = "10.0.1.10" client_addr = "0.0.0.0"

ui_config \\{ enabled = true \\}

connect \\{ enabled = true \\}

acl = \\{ enabled = true default_policy = "deny" enable_token_persistence = true \\} ```_

Client Konfiguration

```hcl datacenter = "dc1" data_dir = "/opt/consul" log_level = "INFO" node_name = "consul-client-1" retry_join = ["10.0.1.10", "10.0.1.11", "10.0.1.12"]

bind_addr = "10.0.1.20" client_addr = "127.0.0.1"

services \\{ name = "web" port = 80 tags = ["production", "v1.0"]

check \\{ http = "http://localhost:80/health" interval = "10s" \\} \\} ```_

Begriffsbestimmung

json \\\\{ "service": \\\\{ "name": "web", "port": 80, "tags": ["production"], "check": \\\\{ "http": "http://localhost:80/health", "interval": "10s" \\\\}, "connect": \\\\{ "sidecar_service": \\\\{\\\\} \\\\} \\\\} \\\\}_

ACL-Politik

```hcl node_prefix "" \\{ policy = "read" \\}

service_prefix "" \\{ policy = "read" \\}

service "web" \\{ policy = "write" \\}

key_prefix "config/web/" \\{ policy = "write" \\}

session_prefix "" \\{ policy = "read" \\} ```_

Service Mesh Konfiguration

Proxy Defaults

```hcl Kind = "proxy-defaults" Name = "global"

Config \\{ protocol = "http" \\}

MeshGateway \\{ Mode = "local" \\} ```_

Service Defaults

```hcl Kind = "service-defaults" Name = "web"

Protocol = "http"

MeshGateway \\{ Mode = "local" \\}

Expose \\{ Checks = true Paths = [ \\{ Path = "/health" LocalPathPort = 8080 ListenerPort = 21500 \\} ] \\} ```_

Multi-Datacenter Setup

WAN Federation

| | Command | Description | | | --- | --- | | | consul join -wan 192.168.2.10 | Join WAN | | | | consul members -wan | List WAN members | | | | consul catalog datacenters | List datacenters | |

Cross-DC Queries

| | Command | Description | | | --- | --- | | | consul catalog service web -datacenter dc2 | Query service in DC2 | | | | dig @127.0.0.1 -p 8600 web.service.dc2.consul | DNS query to DC2 | |

Fehlerbehebung

Gemeinsame Themen

| | Command | Description | | | --- | --- | | | consul operator raft list-peers | Check Raft cluster state | | | | consul debug -duration=30s | Collect debug info | | | | consul validate /etc/consul.d | Validate configuration | | | | consul members -detailed | Detailed member information | |

Analyse der Ergebnisse

| | Command | Description | | | --- | --- | | | consul monitor -log-level=TRACE | Trace level logging | | | | journalctl -u consul -f | Follow systemd logs | |

Best Practices

Sicherheit

  1. *Enable ACLs: Verwenden Sie immer ACLs in der Produktion
  2. *TLS Verschlüsselung: Aktivieren Sie TLS für alle Kommunikation
  3. *Gossip Verschlüsselung: Verwendung gossip Verschlüsselung
  4. Network Segmentation: Richtige Netzwerksicherheit
  5. Token Management: Token regelmäßig rotieren

Leistung

  1. Resource Allocation: Angemessene CPU und Speicher
  2. Network Latency: Netzwerklatenz minimieren
  3. Disk I/O: Verwenden Sie schnelle Speicherung für Datenverzeichnis
  4. Cluster Größe: Optimale Cluster-Größe
  5. Monitoring: Umfassendes Monitoring

Operationen

  1. *Backup-Strategie: Regelmäßige Snapshots
  2. Hochgradsplanung: Vorsichtige Upgradeverfahren
  3. *Gesundheitsüberwachung Überwachung der Gesundheitsüberwachung
  4. *Kapazitätsplanung: Wachstumsplan
  5. Dokumentation*: Dokumentendienst Topologie

Entwicklung

  1. Service Registrierung: Richtige Service-Definitionen
  2. *Gesundheitskontrollen: Umfassende Gesundheitskontrollen
  3. ** Konfigurationsmanagement*: KV Store effektiv nutzen
  4. Service Discovery: Implementieren Sie richtige Entdeckungsmuster
  5. Test: Test-Service-Netzkonfigurationen