参考架构图:

consul server cluster 搭建

  • consul 基本配置格式
{

  "server": true,

  "node_name": "$NODE_NAME",

  "datacenter": "dc1",

  "data_dir": "$CONSUL_DATA_PATH",

  "bind_addr": "0.0.0.0",

  "client_addr": "0.0.0.0",

  "advertise_addr": "$ADVERTISE_ADDR",

  "bootstrap_expect": 3,

  "retry_join": ["$JOIN1", "$JOIN2", "$JOIN3"],

  "ui": true,

  "log_level": "DEBUG",

  "enable_syslog": true,

  "acl_enforce_version_8": false

}

参数说明

  • $NODE_NAME this is a unique label for the node; in our case, this will be consul_s1, consul_s2, and consul_s3 respectively.
  • $CONSUL_DATA_PATH: absolute path to Consul data directory; ensure that this directory is writable by the Consul process user.
  • $ADVERTISE_ADDR: set to address that you prefer the Consul servers advertise to the other servers in the cluster and should not be set to 0.0.0.0; for this guide, it should be set to the Consul server’s IP address in each instance of the configuration file, or 10.1.42.101,10.1.42.102, and 10.1.42.103 respectively.
  • JOIN1,JOIN2, $JOIN3: This example uses the retry_join method of joining the server agents to form a cluster; as such, the values for this guide would be 10.1.42.101, 10.1.42.102, and 10.1.42.103 respectively.
  • 参考配置
consul server 1

{

  "server": true,

  "node_name": "consul_s1",

  "datacenter": "dc1",

  "data_dir": "/var/consul/data",

  "bind_addr": "0.0.0.0",

  "client_addr": "0.0.0.0",

  "advertise_addr": "10.1.42.101",

  "bootstrap_expect": 3,

  "retry_join": ["10.1.42.101", "10.1.42.102", "10.1.42.103"],

  "ui": true,

  "log_level": "DEBUG",

  "enable_syslog": true,

  "acl_enforce_version_8": false

}

consul server 2

{

  "server": true,

  "node_name": "consul_s2",

  "datacenter": "dc1",

  "data_dir": "/var/consul/data",

  "bind_addr": "0.0.0.0",

  "client_addr": "0.0.0.0",

  "advertise_addr": "10.1.42.102",

  "bootstrap_expect": 3,

  "retry_join": ["10.1.42.101", "10.1.42.102", "10.1.42.103"],

  "ui": true,

  "log_level": "DEBUG",

  "enable_syslog": true,

  "acl_enforce_version_8": false

}

consul server 3

{

  "server": true,

  "node_name": "consul_s3",

  "datacenter": "dc1",

  "data_dir": "/var/consul/data",

  "bind_addr": "0.0.0.0",

  "client_addr": "0.0.0.0",

  "advertise_addr": "10.1.42.103",

  "bootstrap_expect": 3,

  "retry_join": ["10.1.42.101", "10.1.42.102", "10.1.42.103"],

  "ui": true,

  "log_level": "DEBUG",

  "enable_syslog": true,

  "acl_enforce_version_8": false

}
  • systemd 配置
### BEGIN INIT INFO

# Provides: consul

# Required-Start: $local_fs $remote_fs

# Required-Stop: $local_fs $remote_fs

# Default-Start: 2 3 4 5

# Default-Stop: 0 1 6

# Short-Description: Consul agent

# Description: Consul service discovery framework

### END INIT INFO

[Unit]

Description=Consul server agent

Requires=network-online.target

After=network-online.target

[Service]

User=consul

Group=consul

PIDFile=/var/run/consul/consul.pid

PermissionsStartOnly=true

ExecStartPre=-/bin/mkdir -p /var/run/consul

ExecStartPre=/bin/chown -R consul:consul /var/run/consul

ExecStart=/usr/local/bin/consul agent \

    -config-file=/usr/local/etc/consul/server_agent.json \

    -pid-file=/var/run/consul/consul.pid

ExecReload=/bin/kill -HUP $MAINPID

KillMode=process

KillSignal=SIGTERM

Restart=on-failure

RestartSec=42s

[Install]

WantedBy=multi-user.target

consul agent 配置

  • 格式说明
{

  "server": false,

  "datacenter": "dc1",

  "node_name": "$NODE_NAME",

  "data_dir": "$CONSUL_DATA_PATH",

  "bind_addr": "$BIND_ADDR",

  "client_addr": "127.0.0.1",

  "retry_join": ["$JOIN1", "$JOIN2", "$JOIN3"],

  "log_level": "DEBUG",

  "enable_syslog": true,

  "acl_enforce_version_8": false

}

参数说明

  • $NODE_NAME this is a unique label for the node; in our case, this will be consul_c1 and consul_c2 respectively.
  • $CONSUL_DATA_PATH: absolute path to Consul data directory; ensure that this directory is writable by the Consul process user.
  • $BIND_ADDR: this should be set to address that you prefer the Consul servers advertise to the other servers in the cluster and should not be set to 0.0.0.0; for this guide, it should be set to the Vault server’s IP address in each instance of the configuration file, or 10.1.42.201 and 10.1.42.202 respectively.
  • JOIN1,JOIN2, $JOIN3: This example uses the retry_join method of joining the server agents to form a cluster; as such, the values for this guide would be 10.1.42.101, 10.1.42.102, and 10.1.42.103 respectively.
  • 参考
agent1

{

  "server": false,

  "datacenter": "dc1",

  "node_name": "consul_c1",

  "data_dir": "/var/consul/data",

  "bind_addr": "10.1.42.201",

  "client_addr": "127.0.0.1",

  "retry_join": ["10.1.42.101", "10.1.42.102", "10.1.42.103"],

  "log_level": "DEBUG",

  "enable_syslog": true,

  "acl_enforce_version_8": false

}

agent2

{

  "server": false,

  "datacenter": "dc1",

  "node_name": "consul_c2",

  "data_dir": "/var/consul/data",

  "bind_addr": "10.1.42.202",

  "client_addr": "127.0.0.1",

  "retry_join": ["10.1.42.101", "10.1.42.102", "10.1.42.103"],

  "log_level": "DEBUG",

  "enable_syslog": true,

  "acl_enforce_version_8": false

}
  • systemd
### BEGIN INIT INFO

# Provides: consul

# Required-Start: $local_fs $remote_fs

# Required-Stop: $local_fs $remote_fs

# Default-Start: 2 3 4 5

# Default-Stop: 0 1 6

# Short-Description: Consul agent

# Description: Consul service discovery framework

### END INIT INFO

[Unit]

Description=Consul client agent

Requires=network-online.target

After=network-online.target

[Service]

User=consul

Group=consul

PIDFile=/var/run/consul/consul.pid

PermissionsStartOnly=true

ExecStartPre=-/bin/mkdir -p /var/run/consul

ExecStartPre=/bin/chown -R consul:consul /var/run/consul

ExecStart=/usr/local/bin/consul agent \

    -config-file=/usr/local/etc/consul/client_agent.json \

    -pid-file=/var/run/consul/consul.pid

ExecReload=/bin/kill -HUP $MAINPID

KillMode=process

KillSignal=SIGTERM

Restart=on-failure

RestartSec=42s

[Install]

WantedBy=multi-user.target

vault 配置

主要配置参数
api_addr , cluster_addr

  • vault active
listener "tcp" {

  address = "0.0.0.0:8200"

  cluster_address = "10.1.42.201:8201"

  tls_disable = "true"

}

storage "consul" {

  address = "127.0.0.1:8500"

  path = "vault/"

}

api_addr = "http://10.1.42.201:8200"

cluster_addr = "https://10.1.42.201:8201"
  • vault standby
listener "tcp" {

  address = "0.0.0.0:8200"

  cluster_address = "10.1.42.202:8201"

  tls_disable = "true"

}

storage "consul" {

  address = "127.0.0.1:8500"

  path = "vault/"

}

api_addr = "http://10.1.42.202:8200"

cluster_addr = "https://10.1.42.202:8201"
  • systemd 配置
### BEGIN INIT INFO

# Provides: vault

# Required-Start: $local_fs $remote_fs

# Required-Stop: $local_fs $remote_fs

# Default-Start: 2 3 4 5

# Default-Stop: 0 1 6

# Short-Description: Vault server

# Description: Vault secret management tool

### END INIT INFO

[Unit]

Description=Vault secret management tool

Requires=network-online.target

After=network-online.target

[Service]

User=vault

Group=vault

PIDFile=/var/run/vault/vault.pid

ExecStart=/usr/local/bin/vault server -config=/etc/vault/vault_server.hcl -log-level=debug

ExecReload=/bin/kill -HUP $MAINPID

KillMode=process

KillSignal=SIGTERM

Restart=on-failure

RestartSec=42s

LimitMEMLOCK=infinity

[Install]

WantedBy=multi-user.target

loadbalance 说明

  • 参考图
  • haproxy 配置
listen vault

    bind 0.0.0.0:80

    balance roundrobin

    option httpchk GET /v1/sys/health

    server vault1 192.168.33.10:8200 check

    server vault2 192.168.33.11:8200 check

    server vault3 192.168.33.12:8200 check

参考配置资料

https://www.vaultproject.io/docs/concepts/ha.html
https://www.vaultproject.io/guides/operations/vault-ha-consul.html
https://www.vaultproject.io/guides/operations/reference-architecture.html
https://github.com/rongfengliang/vault-consul-ha

 
 
 
 

vault 集群搭建(active standby 模式)的更多相关文章

  1. Redis 主从集群搭建及哨兵模式配置

    最近搭建了redis集群及哨兵模式,为方便以后查看特此记录下来: 1.Redis安装 2.主从架构 2.1 Redis主从架构图 2.2Redis主从结构搭建 Redis集群不用安装多个Redis,只 ...

  2. MongoDB集群搭建之主从模式

    单机搭建 #创建docker持久化数据目录 [root@docker ~]# mkdir -p /root/application/program/mongodb/data/master-slaveM ...

  3. redis集群搭建和哨兵模式以及AOF和RDB持久化

    Redis主从+哨兵模式 1.环境准备 (1)三台独立的linux主机 (2)IP分别为:10.150.200.182 (从) 10.150.200.184(从)  10.150.200.195(主) ...

  4. Spark集群搭建(local、standalone、yarn)

    Spark集群搭建 local本地模式 下载安装包解压即可使用,测试(2.2版本)./bin/spark-submit --class org.apache.spark.examples.SparkP ...

  5. 搭建高可用的redis集群,避免standalone模式带给你的苦难

    现在项目上用redis的话,很少说不用集群的情况,毕竟如果生产上只有一台redis会有极大的风险,比如机器挂掉,或者内存爆掉,就比如我们生产环境 曾今也遭遇到这种情况,导致redis内存不够挂掉的情况 ...

  6. 28.zookeeper单机(Standalones模式)和集群搭建笔记

    zookeeper单机(Standalones模式)和集群搭建: 前奏: (1).zookeeper也可以在windows下使用,和linux一样可以单机也可以集群,具体就是解压zookeeper-3 ...

  7. Redit集群搭建-Sentinel模式搭建

    Redit集群搭建 学习了: Windows:http://blog.csdn.net/mrxiagc/article/details/52799081 Linux:https://www.cnblo ...

  8. linux系统——Redis集群搭建(主从+哨兵模式)

    趁着这几天刚好有点空,就来写一下redis的集群搭建,我跟大家先说明,本文的redis集群因为linux服务器只是阿里云一台服务器,所以集群是redis启动不同端口,但是也能达到集群的要求.其实不同服 ...

  9. dataguard集群搭建

    dataguard集群搭建 1. 创建虚拟机 创建一台虚拟机配置如下: 系统Red Hat Enterprise 6(64位).16vCPU.8G内存.两块VM Network类型网卡.三块硬盘分别为 ...

随机推荐

  1. 20170706pptVBA演示文稿批量删除图片

    Public Sub StartRecursionFolder() Dim Pre As Presentation Dim FolderPath As String Dim pp As String ...

  2. 20170517xlVBA添加数据透视表

    Sub AddPovitTable() 'Constance Const DATA_SHEET As String = "Advanced Filter" Const DATA_A ...

  3. UVA-208 Firetruck (回溯)

    题目大意:给一张无向图,节点编号从1到n(n<=20),按字典序输出所有从1到n的路径. 题目分析:先判断从1是否能到n,然后再回溯. 注意:这道题有坑,按样例输出会PE. 代码如下: # in ...

  4. oracle进行字符串拆分并组成数组

    CREATE OR REPLACE TYPE CUX_STR_SPLIT_TYPE IS TABLE OF VARCHAR2 (4000); CREATE OR REPLACE PACKAGE cux ...

  5. Oracle12c中多宿主环境(CDB&amp;PDB)的数据库触发器(Database Trigger)

    Oracle12c中可插拔数据库(PDBs)上的多宿主数据库触发器 随着多宿主选项的引入,数据库事件触发器可以在CDB和PDB范围内创建. 1.   触发器范围 为了在CDB中创建数据库事件触发器,需 ...

  6. echatrs可视化图在隐藏后显示不出来或是宽度出现问题

    最近在做一个可视化的项目,用了百度的ECharts.js作为可视化的视图框架,echarts的实例很多,基本能满足项目的需求,而且文档也相对完整.清晰,是个很不错的前端可视化框架. 我们的项目是使用b ...

  7. Python的数据类型1数值和字符串

    Python的交互器 在讲这个之前,我要先讲一下python的交互器,之后讲解代码(除了做简单项目)都在交互器上进行,这样可能比较直接一些,有利于刚接触python的人理解代码 python在命令行自 ...

  8. jenkins邮件配置----jenkins笔记(三)

    转载地址:https://www.cnblogs.com/sylvia-liu/p/4527390.html 前言 最近搭建Maven+Testng+jenkins的持续集成环境,希望最后实现自动邮件 ...

  9. HashMap相关(二)

    基于哈希表的 Map 接口的实现.此实现提供所有可选的映射操作,并允许使用 null 值和 null 键.(除了不同步和允许使用 null 之外, HashMap 类与 Hashtable 大致相同. ...

  10. RabbitMQ整合spring

    <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.sp ...