参考文档
- https://developer.hashicorp.com/consul/downloads
-
https://github.com/hashicorp-education/learn-consul-get-started-vms
https://developer.hashicorp.com/consul/tutorials/get-started-vms/virtual-machine-gs-deploy
具体操作
- 下载安装consul
wget https://releases.hashicorp.com/consul/1.15.2/consul_1.15.2_linux_amd64.zip
unzip consul_1.15.2_linux_amd64.zip
cp consul /usr/bin/
#测试
consul -h
- 加密配置
#复制generate_consul_server_config.sh内容
https://github.com/hashicorp-education/learn-consul-get-started-vms/blob/main/scripts/generate_consul_server_config.sh
./generate_consul_server_config.sh
agent-gossip-encryption.hcl
agent-server-acl.hcl
agent-server-secure.hcl
agent-server-specific.hcl
agent-server-tls.hcl
consul-agent-ca-key.pem
consul-agent-ca.pem
dc1-server-consul-0-key.pem
dc1-server-consul-0.pem
启动consul服务
consul agent -node=consul -bind=x.x.x.x -config-dir=config/ -client=0.0.0.0 -ui
#生成超级管理员
consul acl bootstrap --format json > ./acl-token-bootstrap.json
在http://x.x.x.x:8500/ui/dc1/acls/policies界面即可管理token权限
- 生成客户端证书
https://developer.hashicorp.com/consul/tutorials/security-operations/tls-encryption-openssl-secure#configure-the-consul-cli-for-https
openssl x509 -req -in cli.client.dc1.consul.csr -CA consul-agent-ca.pem -CAkey consul-agent-ca-key.pem -out cli.client.dc1.consul.crt
consul members -http-addr="[https://server.dc1.consul:8443](https://server.dc1.consul:8443)" -ca-file="consul-agent-ca.pem" -client-cert="cli.client.dc1.consul.crt" -client-key="cli.client.dc1.consul.key"
网友评论