Consul¶

Copier toutes les commandes Générer PDF

HashiCorp complet Commandes et workflows Consul pour la découverte de service, la gestion de configuration et le maillage de service.

Installation et configuration¶

Command	Description
`consul version`	Show Consul version
`consul agent -dev`	Start development agent
`consul agent -config-dir=/etc/consul.d`	Start with configuration
`consul members`	List cluster members
`consul info`	Show agent information

Gestion des agents¶

Opérations des agents de base¶

Command	Description
`consul agent -server -bootstrap-expect=3`	Start server agent
`consul agent -client=0.0.0.0`	Start client agent
`consul join 192.168.1.100`	Join cluster
`consul leave`	Gracefully leave cluster
`consul reload`	Reload configuration

Configuration de l'agent¶

Command	Description
`consul validate /etc/consul.d`	Validate configuration
`consul configtest`	Test configuration

Découverte des services¶

Enregistrement des services¶

Command	Description
`consul services register service.json`	Register service from file
`consul services deregister service-id`	Deregister service
`consul catalog services`	List all services
`consul catalog nodes`	List all nodes

Demandes de service¶

Command	Description
`consul catalog service web`	List instances of service
`consul catalog service web -tag production`	Filter by tag
`consul health service web`	Health check status
`consul health node node1`	Node health status

DNS Interface¶

Command	Description
`dig @127.0.0.1 -p 8600 web.service.consul`	Query service via DNS
`dig @127.0.0.1 -p 8600 web.service.dc1.consul`	Query specific datacenter
`dig @127.0.0.1 -p 8600 node1.node.consul`	Query node via DNS

Magasin de valeurs clés¶

Opérations KV¶

Command	Description
`consul kv put config/database/url "postgresql://..."`	Store key-value
`consul kv get config/database/url`	Retrieve value
`consul kv get -recurse config/`	Get all keys under prefix
`consul kv delete config/database/url`	Delete key
`consul kv delete -recurse config/`	Delete all keys under prefix

Opérations avancées de KV¶

Command	Description
`consul kv put -cas -modify-index=123 config/app/version "2.0"`	Conditional update
`consul kv get -detailed config/app/version`	Get with metadata
`consul kv export config/`	Export keys
`consul kv import @backup.json`	Import keys

Contrôles de santé¶

Gestion des contrôles de santé¶

Command	Description
`consul health checks`	List all health checks
`consul health checks web`	List checks for service
`consul health state critical`	List critical checks
`consul health state passing`	List passing checks

Listes de contrôle d'accès (LAC)¶

ACL Gestion¶

Command	Description
`consul acl bootstrap`	Bootstrap ACL system
`consul acl token create -description="Web service token"`	Create token
`consul acl token list`	List tokens
`consul acl token delete TOKEN_ID`	Delete token

Politiques ACL¶

Command	Description
`consul acl policy create -name web-policy -rules @policy.hcl`	Create policy
`consul acl policy list`	List policies
`consul acl policy read web-policy`	Read policy
`consul acl policy update -id POLICY_ID -rules @new-policy.hcl`	Update policy

Connexion (Mesh service)¶

Connecter la configuration¶

Command	Description
`consul connect ca get-config`	Get CA configuration
`consul connect ca set-config -config-file ca.json`	Set CA configuration
`consul connect proxy -service web`	Start Connect proxy

Intentions¶

Command	Description
`consul intention create web db`	Allow web to connect to db
`consul intention create -deny web cache`	Deny web to cache
`consul intention list`	List all intentions
`consul intention delete web db`	Delete intention

Entrées de configuration¶

Configuration du service¶

Command	Description
`consul config write service-defaults.hcl`	Write service defaults
`consul config write proxy-defaults.hcl`	Write proxy defaults
`consul config list -kind service-defaults`	List configurations
`consul config read -kind service-defaults -name web`	Read configuration
`consul config delete -kind service-defaults -name web`	Delete configuration

Snapshots et sauvegardes¶

Opérations instantanées¶

Command	Description
`consul snapshot save backup.snap`	Create snapshot
`consul snapshot restore backup.snap`	Restore snapshot
`consul snapshot inspect backup.snap`	Inspect snapshot

Surveillance et débogage¶

Contrôle des commandes¶

Command	Description
`consul monitor`	Stream logs
`consul monitor -log-level=DEBUG`	Debug level logs
`consul debug`	Collect debug information
`consul operator raft list-peers`	List Raft peers

Rendement¶

Command	Description
`consul operator autopilot get-config`	Get autopilot config
`consul operator autopilot set-config -cleanup-dead-servers=true`	Set autopilot config

Exemples de configuration¶

Configuration du serveur¶

datacenter = "dc1"
data_dir = "/opt/consul"
log_level = "INFO"
node_name = "consul-server-1"
server = true
bootstrap_expect = 3
retry_join = ["10.0.1.10", "10.0.1.11"]

bind_addr = "10.0.1.10"
client_addr = "0.0.0.0"

ui_config \\\\{
  enabled = true
\\\\}

connect \\\\{
  enabled = true
\\\\}

acl = \\\\{
  enabled = true
  default_policy = "deny"
  enable_token_persistence = true
\\\\}

Configuration du client¶

datacenter = "dc1"
data_dir = "/opt/consul"
log_level = "INFO"
node_name = "consul-client-1"
retry_join = ["10.0.1.10", "10.0.1.11", "10.0.1.12"]

bind_addr = "10.0.1.20"
client_addr = "127.0.0.1"

services \\\\{
  name = "web"
  port = 80
  tags = ["production", "v1.0"]

  check \\\\{
    http = "http://localhost:80/health"
    interval = "10s"
  \\\\}
\\\\}
```_

### Définition du service
```json
\\\\{
  "service": \\\\{
    "name": "web",
    "port": 80,
    "tags": ["production"],
    "check": \\\\{
      "http": "http://localhost:80/health",
      "interval": "10s"
    \\\\},
    "connect": \\\\{
      "sidecar_service": \\\\{\\\\}
    \\\\}
  \\\\}
\\\\}
```_

### Politique ACL
```hcl
node_prefix "" \\\\{
  policy = "read"
\\\\}

service_prefix "" \\\\{
  policy = "read"
\\\\}

service "web" \\\\{
  policy = "write"
\\\\}

key_prefix "config/web/" \\\\{
  policy = "write"
\\\\}

session_prefix "" \\\\{
  policy = "read"
\\\\}

Configuration du mesh de service¶

Par défaut de mandataire¶

Kind = "proxy-defaults"
Name = "global"

Config \\\\{
  protocol = "http"
\\\\}

MeshGateway \\\\{
  Mode = "local"
\\\\}

Par défaut de service¶

Kind = "service-defaults"
Name = "web"

Protocol = "http"

MeshGateway \\\\{
  Mode = "local"
\\\\}

Expose \\\\{
  Checks = true
  Paths = [
    \\\\{
      Path = "/health"
      LocalPathPort = 8080
      ListenerPort = 21500
    \\\\}
  ]
\\\\}

Multi-Datacenter Configuration¶

Fédération WAN¶

Command	Description
`consul join -wan 192.168.2.10`	Join WAN
`consul members -wan`	List WAN members
`consul catalog datacenters`	List datacenters

Enquêtes transversales¶

Command	Description
`consul catalog service web -datacenter dc2`	Query service in DC2
`dig @127.0.0.1 -p 8600 web.service.dc2.consul`	DNS query to DC2

Dépannage¶

Questions communes¶

Command	Description
`consul operator raft list-peers`	Check Raft cluster state
`consul debug -duration=30s`	Collect debug info
`consul validate /etc/consul.d`	Validate configuration
`consul members -detailed`	Detailed member information

Analyse du journal¶

Command	Description
`consul monitor -log-level=TRACE`	Trace level logging
`journalctl -u consul -f`	Follow systemd logs

Meilleures pratiques¶

Sécurité¶

Activer les ACL: toujours utiliser les ACL en production
Encryptage TLS: Activer TLS pour toute communication
Encryptage des avis: Utiliser le chiffrement des commérages
** Segmentation du réseau**: sécurité du réseau
Gestion des jetons: Rotation régulière des jetons

Rendement¶

** Affectation des ressources**: CPU et mémoire adéquats
Latence réseau: Minimiser la latence réseau
Disk I/O: Utiliser un stockage rapide pour le répertoire de données
** Taille du groupe**: Taille optimale du groupe
Surveillance : configuration complète de la surveillance

Opérations¶

Stratégie de sauvegarde: Photographies régulières
Planification de la mise à niveau : procédures de mise à niveau prudentes
Surveillance de la santé Surveiller la santé des services
Planification des capacités : Plan de croissance
Documentation: Topologie du service des documents

Développement¶

** Inscription au service**: définitions appropriées du service
** Contrôles de santé** : contrôles de santé complets
Gestion de la configuration : Utiliser efficacement KV store
Découverte des services: Mettre en œuvre des modèles de découverte appropriés
Essais: Configurations des mailles de service d'essai