参考架构图:

consul server cluster 搭建

  • consul 基本配置格式
{

  "server": true,

  "node_name": "$NODE_NAME",

  "datacenter": "dc1",

  "data_dir": "$CONSUL_DATA_PATH",

  "bind_addr": "0.0.0.0",

  "client_addr": "0.0.0.0",

  "advertise_addr": "$ADVERTISE_ADDR",

  "bootstrap_expect": 3,

  "retry_join": ["$JOIN1", "$JOIN2", "$JOIN3"],

  "ui": true,

  "log_level": "DEBUG",

  "enable_syslog": true,

  "acl_enforce_version_8": false

}

参数说明

  • $NODE_NAME this is a unique label for the node; in our case, this will be consul_s1, consul_s2, and consul_s3 respectively.
  • $CONSUL_DATA_PATH: absolute path to Consul data directory; ensure that this directory is writable by the Consul process user.
  • $ADVERTISE_ADDR: set to address that you prefer the Consul servers advertise to the other servers in the cluster and should not be set to 0.0.0.0; for this guide, it should be set to the Consul server’s IP address in each instance of the configuration file, or 10.1.42.101,10.1.42.102, and 10.1.42.103 respectively.
  • JOIN1,JOIN2, $JOIN3: This example uses the retry_join method of joining the server agents to form a cluster; as such, the values for this guide would be 10.1.42.101, 10.1.42.102, and 10.1.42.103 respectively.
  • 参考配置
consul server 1

{

  "server": true,

  "node_name": "consul_s1",

  "datacenter": "dc1",

  "data_dir": "/var/consul/data",

  "bind_addr": "0.0.0.0",

  "client_addr": "0.0.0.0",

  "advertise_addr": "10.1.42.101",

  "bootstrap_expect": 3,

  "retry_join": ["10.1.42.101", "10.1.42.102", "10.1.42.103"],

  "ui": true,

  "log_level": "DEBUG",

  "enable_syslog": true,

  "acl_enforce_version_8": false

}

consul server 2

{

  "server": true,

  "node_name": "consul_s2",

  "datacenter": "dc1",

  "data_dir": "/var/consul/data",

  "bind_addr": "0.0.0.0",

  "client_addr": "0.0.0.0",

  "advertise_addr": "10.1.42.102",

  "bootstrap_expect": 3,

  "retry_join": ["10.1.42.101", "10.1.42.102", "10.1.42.103"],

  "ui": true,

  "log_level": "DEBUG",

  "enable_syslog": true,

  "acl_enforce_version_8": false

}

consul server 3

{

  "server": true,

  "node_name": "consul_s3",

  "datacenter": "dc1",

  "data_dir": "/var/consul/data",

  "bind_addr": "0.0.0.0",

  "client_addr": "0.0.0.0",

  "advertise_addr": "10.1.42.103",

  "bootstrap_expect": 3,

  "retry_join": ["10.1.42.101", "10.1.42.102", "10.1.42.103"],

  "ui": true,

  "log_level": "DEBUG",

  "enable_syslog": true,

  "acl_enforce_version_8": false

}
  • systemd 配置
### BEGIN INIT INFO

# Provides: consul

# Required-Start: $local_fs $remote_fs

# Required-Stop: $local_fs $remote_fs

# Default-Start: 2 3 4 5

# Default-Stop: 0 1 6

# Short-Description: Consul agent

# Description: Consul service discovery framework

### END INIT INFO

[Unit]

Description=Consul server agent

Requires=network-online.target

After=network-online.target

[Service]

User=consul

Group=consul

PIDFile=/var/run/consul/consul.pid

PermissionsStartOnly=true

ExecStartPre=-/bin/mkdir -p /var/run/consul

ExecStartPre=/bin/chown -R consul:consul /var/run/consul

ExecStart=/usr/local/bin/consul agent \

    -config-file=/usr/local/etc/consul/server_agent.json \

    -pid-file=/var/run/consul/consul.pid

ExecReload=/bin/kill -HUP $MAINPID

KillMode=process

KillSignal=SIGTERM

Restart=on-failure

RestartSec=42s

[Install]

WantedBy=multi-user.target

consul agent 配置

  • 格式说明
{

  "server": false,

  "datacenter": "dc1",

  "node_name": "$NODE_NAME",

  "data_dir": "$CONSUL_DATA_PATH",

  "bind_addr": "$BIND_ADDR",

  "client_addr": "127.0.0.1",

  "retry_join": ["$JOIN1", "$JOIN2", "$JOIN3"],

  "log_level": "DEBUG",

  "enable_syslog": true,

  "acl_enforce_version_8": false

}

参数说明

  • $NODE_NAME this is a unique label for the node; in our case, this will be consul_c1 and consul_c2 respectively.
  • $CONSUL_DATA_PATH: absolute path to Consul data directory; ensure that this directory is writable by the Consul process user.
  • $BIND_ADDR: this should be set to address that you prefer the Consul servers advertise to the other servers in the cluster and should not be set to 0.0.0.0; for this guide, it should be set to the Vault server’s IP address in each instance of the configuration file, or 10.1.42.201 and 10.1.42.202 respectively.
  • JOIN1,JOIN2, $JOIN3: This example uses the retry_join method of joining the server agents to form a cluster; as such, the values for this guide would be 10.1.42.101, 10.1.42.102, and 10.1.42.103 respectively.
  • 参考
agent1

{

  "server": false,

  "datacenter": "dc1",

  "node_name": "consul_c1",

  "data_dir": "/var/consul/data",

  "bind_addr": "10.1.42.201",

  "client_addr": "127.0.0.1",

  "retry_join": ["10.1.42.101", "10.1.42.102", "10.1.42.103"],

  "log_level": "DEBUG",

  "enable_syslog": true,

  "acl_enforce_version_8": false

}

agent2

{

  "server": false,

  "datacenter": "dc1",

  "node_name": "consul_c2",

  "data_dir": "/var/consul/data",

  "bind_addr": "10.1.42.202",

  "client_addr": "127.0.0.1",

  "retry_join": ["10.1.42.101", "10.1.42.102", "10.1.42.103"],

  "log_level": "DEBUG",

  "enable_syslog": true,

  "acl_enforce_version_8": false

}
  • systemd
### BEGIN INIT INFO

# Provides: consul

# Required-Start: $local_fs $remote_fs

# Required-Stop: $local_fs $remote_fs

# Default-Start: 2 3 4 5

# Default-Stop: 0 1 6

# Short-Description: Consul agent

# Description: Consul service discovery framework

### END INIT INFO

[Unit]

Description=Consul client agent

Requires=network-online.target

After=network-online.target

[Service]

User=consul

Group=consul

PIDFile=/var/run/consul/consul.pid

PermissionsStartOnly=true

ExecStartPre=-/bin/mkdir -p /var/run/consul

ExecStartPre=/bin/chown -R consul:consul /var/run/consul

ExecStart=/usr/local/bin/consul agent \

    -config-file=/usr/local/etc/consul/client_agent.json \

    -pid-file=/var/run/consul/consul.pid

ExecReload=/bin/kill -HUP $MAINPID

KillMode=process

KillSignal=SIGTERM

Restart=on-failure

RestartSec=42s

[Install]

WantedBy=multi-user.target

vault 配置

主要配置参数
api_addr , cluster_addr

  • vault active
listener "tcp" {

  address = "0.0.0.0:8200"

  cluster_address = "10.1.42.201:8201"

  tls_disable = "true"

}

storage "consul" {

  address = "127.0.0.1:8500"

  path = "vault/"

}

api_addr = "http://10.1.42.201:8200"

cluster_addr = "https://10.1.42.201:8201"
  • vault standby
listener "tcp" {

  address = "0.0.0.0:8200"

  cluster_address = "10.1.42.202:8201"

  tls_disable = "true"

}

storage "consul" {

  address = "127.0.0.1:8500"

  path = "vault/"

}

api_addr = "http://10.1.42.202:8200"

cluster_addr = "https://10.1.42.202:8201"
  • systemd 配置
### BEGIN INIT INFO

# Provides: vault

# Required-Start: $local_fs $remote_fs

# Required-Stop: $local_fs $remote_fs

# Default-Start: 2 3 4 5

# Default-Stop: 0 1 6

# Short-Description: Vault server

# Description: Vault secret management tool

### END INIT INFO

[Unit]

Description=Vault secret management tool

Requires=network-online.target

After=network-online.target

[Service]

User=vault

Group=vault

PIDFile=/var/run/vault/vault.pid

ExecStart=/usr/local/bin/vault server -config=/etc/vault/vault_server.hcl -log-level=debug

ExecReload=/bin/kill -HUP $MAINPID

KillMode=process

KillSignal=SIGTERM

Restart=on-failure

RestartSec=42s

LimitMEMLOCK=infinity

[Install]

WantedBy=multi-user.target

loadbalance 说明

  • 参考图
  • haproxy 配置
listen vault

    bind 0.0.0.0:80

    balance roundrobin

    option httpchk GET /v1/sys/health

    server vault1 192.168.33.10:8200 check

    server vault2 192.168.33.11:8200 check

    server vault3 192.168.33.12:8200 check

参考配置资料

https://www.vaultproject.io/docs/concepts/ha.html
https://www.vaultproject.io/guides/operations/vault-ha-consul.html
https://www.vaultproject.io/guides/operations/reference-architecture.html
https://github.com/rongfengliang/vault-consul-ha

 
 
 
 

vault 集群搭建(active standby 模式)的更多相关文章

  1. Redis 主从集群搭建及哨兵模式配置

    最近搭建了redis集群及哨兵模式,为方便以后查看特此记录下来: 1.Redis安装 2.主从架构 2.1 Redis主从架构图 2.2Redis主从结构搭建 Redis集群不用安装多个Redis,只 ...

  2. MongoDB集群搭建之主从模式

    单机搭建 #创建docker持久化数据目录 [root@docker ~]# mkdir -p /root/application/program/mongodb/data/master-slaveM ...

  3. redis集群搭建和哨兵模式以及AOF和RDB持久化

    Redis主从+哨兵模式 1.环境准备 (1)三台独立的linux主机 (2)IP分别为:10.150.200.182 (从) 10.150.200.184(从)  10.150.200.195(主) ...

  4. Spark集群搭建(local、standalone、yarn)

    Spark集群搭建 local本地模式 下载安装包解压即可使用,测试(2.2版本)./bin/spark-submit --class org.apache.spark.examples.SparkP ...

  5. 搭建高可用的redis集群,避免standalone模式带给你的苦难

    现在项目上用redis的话,很少说不用集群的情况,毕竟如果生产上只有一台redis会有极大的风险,比如机器挂掉,或者内存爆掉,就比如我们生产环境 曾今也遭遇到这种情况,导致redis内存不够挂掉的情况 ...

  6. 28.zookeeper单机(Standalones模式)和集群搭建笔记

    zookeeper单机(Standalones模式)和集群搭建: 前奏: (1).zookeeper也可以在windows下使用,和linux一样可以单机也可以集群,具体就是解压zookeeper-3 ...

  7. Redit集群搭建-Sentinel模式搭建

    Redit集群搭建 学习了: Windows:http://blog.csdn.net/mrxiagc/article/details/52799081 Linux:https://www.cnblo ...

  8. linux系统——Redis集群搭建(主从+哨兵模式)

    趁着这几天刚好有点空,就来写一下redis的集群搭建,我跟大家先说明,本文的redis集群因为linux服务器只是阿里云一台服务器,所以集群是redis启动不同端口,但是也能达到集群的要求.其实不同服 ...

  9. dataguard集群搭建

    dataguard集群搭建 1. 创建虚拟机 创建一台虚拟机配置如下: 系统Red Hat Enterprise 6(64位).16vCPU.8G内存.两块VM Network类型网卡.三块硬盘分别为 ...

随机推荐

  1. 20170729xlVba SSC_RECENT100

    Public Sub Recent100() Dim WebText As String Dim Reg As Object, Mh As Object, OneMh As Object Dim i ...

  2. 20170501xlVBA销售订单整理一行转多行

    Sub NextSeven_CodeFrame() Application.ScreenUpdating = False Application.DisplayAlerts = False Appli ...

  3. Neo4j视频教程 Neo4j 图数据库视频教程

    课程名称 课程发布地址 地址: 腾讯课堂<Neo4j 图数据库视频教程> https://ke.qq.com/course/327374?tuin=442d3e14 作者 庞国明,< ...

  4. Java IO流中的flush()

    通过BufferedOutputStream或BufferedWriter 链接到底层流上来实现.因此,在写 完数据时,flush就显得尤为重要. 例如: 上图中WEB服务器通过输出流向客户端响应了一 ...

  5. fabric 学习笔记

    fabric安装 目前,从PyPI可以搜索到主要的fabric库为“ Fabric 2.1.3 ”.“ fabric2 2.1.3 ”和“ Fabric3 1.14.post1 ”. Fabric:官 ...

  6. Mybatis学习总结--------Mybatis <where>标签 (九)

      <select id="findActiveBlogLike" resultType="Blog"> SELECT * FROM BLOG WH ...

  7. TADOTABLE 永久字段的顺序 和 AppendRecord

    AppendRecord 方法,添加记录的字段到数据库里时,是按照IDE里永久字段的顺序,不是数据库表里的字段顺序. 自动编号 字段,以nil为值. 日期时间 字段,直接now 写法

  8. C# 使用cmd输入参数来执行控制台应用程序

    在外部可以使用cmd命令向C#控制台应用程序发送参数,并使之处理.main函数的形参一定要包含string[] args,否则该控制台应用程序不能接收外部参数.在使用cmd调用程序的时候,外部每个参数 ...

  9. LInux内核分析--使用库函数API和C代码中嵌入汇编代码两种方式使用同一个系统调用

    实验者:江军 ID:fuchen1994 实验描述: 选择一个系统调用(13号系统调用time除外),系统调用列表参见http://codelab.shiyanlou.com/xref/linux-3 ...

  10. 使用MyEclipse开发Java EE应用:EJB项目开发初探(下)

    你开学,我放价!MyEclipse线上狂欢继续!火热开启中>> [MyEclipse最新版下载] 三.EJB 3.x项目中的持久性支持 当创建EJB 3.x项目时,作为选项您可以添加JPA ...