Consul¶

"Clase de la hoja"

########################################################################################################################################################################################################################################################## Copiar todos los comandos¶

########################################################################################################################################################################################################################################################## Generar PDF seleccionado/button¶

■/div titulada

HashiCorp Comandos de cónsul y flujos de trabajo para el descubrimiento de servicios, gestión de configuración y malla de servicio.

Instalación¶

Command	Description
`consul version`	Show Consul version
`consul agent -dev`	Start development agent
`consul agent -config-dir=/etc/consul.d`	Start with configuration
`consul members`	List cluster members
`consul info`	Show agent information

Agent Management¶

Operaciones básicas de agentes¶

Command	Description
`consul agent -server -bootstrap-expect=3`	Start server agent
`consul agent -client=0.0.0.0`	Start client agent
`consul join 192.168.1.100`	Join cluster
`consul leave`	Gracefully leave cluster
`consul reload`	Reload configuration

Configuración del agente¶

Command	Description
`consul validate /etc/consul.d`	Validate configuration
`consul configtest`	Test configuration

Service Discovery¶

Registro de servicios¶

Command	Description
`consul services register service.json`	Register service from file
`consul services deregister service-id`	Deregister service
`consul catalog services`	List all services
`consul catalog nodes`	List all nodes

Consultas de servicio¶

Command	Description
`consul catalog service web`	List instances of service
`consul catalog service web -tag production`	Filter by tag
`consul health service web`	Health check status
`consul health node node1`	Node health status

DNS Interfaz¶

Command	Description
`dig @127.0.0.1 -p 8600 web.service.consul`	Query service via DNS
`dig @127.0.0.1 -p 8600 web.service.dc1.consul`	Query specific datacenter
`dig @127.0.0.1 -p 8600 node1.node.consul`	Query node via DNS

Key-Value Store¶

KV Operations¶

Command	Description
`consul kv put config/database/url "postgresql://..."`	Store key-value
`consul kv get config/database/url`	Retrieve value
`consul kv get -recurse config/`	Get all keys under prefix
`consul kv delete config/database/url`	Delete key
`consul kv delete -recurse config/`	Delete all keys under prefix

KV Advanced Operations¶

Command	Description
`consul kv put -cas -modify-index=123 config/app/version "2.0"`	Conditional update
`consul kv get -detailed config/app/version`	Get with metadata
`consul kv export config/`	Export keys
`consul kv import @backup.json`	Import keys

Controles de salud¶

Gestión de cheques de salud¶

Command	Description
`consul health checks`	List all health checks
`consul health checks web`	List checks for service
`consul health state critical`	List critical checks
`consul health state passing`	List passing checks

Listas de control de acceso (LAC)¶

ACL Management¶

Command	Description
`consul acl bootstrap`	Bootstrap ACL system
`consul acl token create -description="Web service token"`	Create token
`consul acl token list`	List tokens
`consul acl token delete TOKEN_ID`	Delete token

Políticas de ACL¶

Command	Description
`consul acl policy create -name web-policy -rules @policy.hcl`	Create policy
`consul acl policy list`	List policies
`consul acl policy read web-policy`	Read policy
`consul acl policy update -id POLICY_ID -rules @new-policy.hcl`	Update policy

Conectar (Mesh de servicio)¶

Configuración de conexión¶

Command	Description
`consul connect ca get-config`	Get CA configuration
`consul connect ca set-config -config-file ca.json`	Set CA configuration
`consul connect proxy -service web`	Start Connect proxy

Intentions¶

Command	Description
`consul intention create web db`	Allow web to connect to db
`consul intention create -deny web cache`	Deny web to cache
`consul intention list`	List all intentions
`consul intention delete web db`	Delete intention

Entradas de configuración¶

Configuración de servicio¶

Command	Description
`consul config write service-defaults.hcl`	Write service defaults
`consul config write proxy-defaults.hcl`	Write proxy defaults
`consul config list -kind service-defaults`	List configurations
`consul config read -kind service-defaults -name web`	Read configuration
`consul config delete -kind service-defaults -name web`	Delete configuration

Snapshots and Backups¶

Operaciones instantáneas¶

Command	Description
`consul snapshot save backup.snap`	Create snapshot
`consul snapshot restore backup.snap`	Restore snapshot
`consul snapshot inspect backup.snap`	Inspect snapshot

Vigilancia y depuración¶

Comandos de vigilancia¶

Command	Description
`consul monitor`	Stream logs
`consul monitor -log-level=DEBUG`	Debug level logs
`consul debug`	Collect debug information
`consul operator raft list-peers`	List Raft peers

Ejecución¶

Command	Description
`consul operator autopilot get-config`	Get autopilot config
`consul operator autopilot set-config -cleanup-dead-servers=true`	Set autopilot config

Ejemplos de configuración¶

Configuración del servidor¶

datacenter = "dc1"
data_dir = "/opt/consul"
log_level = "INFO"
node_name = "consul-server-1"
server = true
bootstrap_expect = 3
retry_join = ["10.0.1.10", "10.0.1.11"]

bind_addr = "10.0.1.10"
client_addr = "0.0.0.0"

ui_config \\\\{
  enabled = true
\\\\}

connect \\\\{
  enabled = true
\\\\}

acl = \\\\{
  enabled = true
  default_policy = "deny"
  enable_token_persistence = true
\\\\}

Configuración del cliente¶

datacenter = "dc1"
data_dir = "/opt/consul"
log_level = "INFO"
node_name = "consul-client-1"
retry_join = ["10.0.1.10", "10.0.1.11", "10.0.1.12"]

bind_addr = "10.0.1.20"
client_addr = "127.0.0.1"

services \\\\{
  name = "web"
  port = 80
  tags = ["production", "v1.0"]

  check \\\\{
    http = "http://localhost:80/health"
    interval = "10s"
  \\\\}
\\\\}

Definición de servicio¶

\\\\{
  "service": \\\\{
    "name": "web",
    "port": 80,
    "tags": ["production"],
    "check": \\\\{
      "http": "http://localhost:80/health",
      "interval": "10s"
    \\\\},
    "connect": \\\\{
      "sidecar_service": \\\\{\\\\}
    \\\\}
  \\\\}
\\\\}

ACL Policy¶

node_prefix "" \\\\{
  policy = "read"
\\\\}

service_prefix "" \\\\{
  policy = "read"
\\\\}

service "web" \\\\{
  policy = "write"
\\\\}

key_prefix "config/web/" \\\\{
  policy = "write"
\\\\}

session_prefix "" \\\\{
  policy = "read"
\\\\}

Configuración de malla de servicio¶

Proxy Defaults¶

Kind = "proxy-defaults"
Name = "global"

Config \\\\{
  protocol = "http"
\\\\}

MeshGateway \\\\{
  Mode = "local"
\\\\}

Defectos de servicio¶

Kind = "service-defaults"
Name = "web"

Protocol = "http"

MeshGateway \\\\{
  Mode = "local"
\\\\}

Expose \\\\{
  Checks = true
  Paths = [
    \\\\{
      Path = "/health"
      LocalPathPort = 8080
      ListenerPort = 21500
    \\\\}
  ]
\\\\}

Multi-Datacenter Configuración¶

WAN Federation¶

Command	Description
`consul join -wan 192.168.2.10`	Join WAN
`consul members -wan`	List WAN members
`consul catalog datacenters`	List datacenters

Cross-DC Queries¶

Command	Description
`consul catalog service web -datacenter dc2`	Query service in DC2
`dig @127.0.0.1 -p 8600 web.service.dc2.consul`	DNS query to DC2

Solución de problemas¶

Cuestiones comunes¶

Command	Description
`consul operator raft list-peers`	Check Raft cluster state
`consul debug -duration=30s`	Collect debug info
`consul validate /etc/consul.d`	Validate configuration
`consul members -detailed`	Detailed member information

Análisis de registros¶

Command	Description
`consul monitor -log-level=TRACE`	Trace level logging
`journalctl -u consul -f`	Follow systemd logs

Buenas prácticas¶

Seguridad¶

Lanzables: Usar LCA siempre en producción
Encryption: Activar TLS para toda la comunicación
Encriptación de chismes: Usa encriptación de chismes
Segmentación de red: seguridad de red adecuada
Token Management: Rotate tokens regularly

Ejecución¶

Asignación de recursos: CPU adecuada y memoria
Latency de red: Minimizar latencia de la red
Disk I/O: Utilice almacenamiento rápido para el directorio de datos
** Tamaño del grupo**: Aprovechamiento óptimo del grupo
Monitoring: Configuración completa de vigilancia

Operaciones¶

** Estrategia de respuesta**: instantáneas regulares
** Planificación de actualización**: Procedimientos de actualización cuidadosos
** Vigilancia de la salud**: Supervisar la salud del servicio
** Planificación de la capacidad**: Plan de crecimiento
Documentación: topología del servicio de documentos

Desarrollo¶

** Registro de servicios**: Definiciones de servicio adecuadas
** Comprobaciones de salud**: Comprobaciones de salud completas
** Gestión de la configuración**: Usar la tienda KV eficazmente
Descubrimiento de servicios: Implementar patrones de descubrimiento adecuados
Testing: Prueba de configuración de malla de servicio