Consul服务发现原理 (图片来自于参考第一个链接)

环境配置

三台服务器配置Consul集群

10.1.234.164
10.1.234.165
10.1.234.166

一台Consul客户端

10.1.241.54

环境准备

所有节点执行

docker pull consul
systemctl stop firewalld
systemctl disable firewalld
setenforce 0
iptables -F

服务端和客户端分别启动Consul

# server-1
docker run --restart=always --net=host --name consul -d docker.io/consul consul agent -server=true -data-dir /consul/data -config-dir /consul/config -bind=10.1.234.164 -bootstrap-expect=3 -ui
# server-2
docker run --restart=always --net=host --name consul -d docker.io/consul consul agent -server=true -data-dir /consul/data -config-dir /consul/config -bind=10.1.234.165 -bootstrap-expect=3 -ui -join 10.1.234.164
# server-3
docker run --restart=always --net=host --name consul -d docker.io/consul consul agent -server=true -data-dir /consul/data -config-dir /consul/config -bind=10.1.234.166 -bootstrap-expect=3 -ui -join 10.1.234.164
# client
docker run -d --restart=always --net=host --name=consul -e CONSUL_BIND_INTERFACE=eth0 consul agent --server=false --client=0.0.0.0 --join 10.1.234.164 --join 10.1.234.165 --join 10.1.234.166

查看集群状态

$ docker exec -ti consul consul members
Node          Address            Status  Type    Build  Protocol  DC   Segment
cent164       10.1.234.164:8301  alive   server  1.6.2  2         dc1  <all>
cent165       10.1.234.165:8301  alive   server  1.6.2  2         dc1  <all>
cent166       10.1.234.166:8301  alive   server  1.6.2  2         dc1  <all>
jenkins       10.1.241.54:8301   alive   client  1.6.2  2         dc1  <default>

注册测试服务

不注册自定义服务不需要这步

curl -X PUT -d '
{
    "address": "10.1.234.164",
    "checks": [
        {
            "http": "https://10.1.234.164:6060",
            "interval": "5s",
            "method": "GET",
            "tls_skip_verify": true
        }
    ],
    "id": "appmgr1",
    "name": "appmanager",
    "port": 6060,
    "tags": [
        "appmgr"
    ]
}
'   http://127.0.0.1:8500/v1/agent/service/register

curl -X PUT -d '
{
    "address": "10.1.234.165",
    "checks": [
        {
            "http": "https://10.1.234.165:6060",
            "interval": "5s",
            "method": "GET",
            "tls_skip_verify": true
        }
    ],
    "id": "appmgr2",
    "name": "appmanager",
    "port": 6060,
    "tags": [
        "appmgr"
    ]
}
'   http://127.0.0.1:8500/v1/agent/service/register

curl -X PUT -d '
{
    "address": "10.1.234.166",
    "checks": [
        {
            "http": "https://10.1.234.166:6060",
            "interval": "5s",
            "method": "GET",
            "tls_skip_verify": true
        }
    ],
    "id": "appmgr3",
    "name": "appmanager",
    "port": 6060,
    "tags": [
        "appmgr"
    ]
}
'   http://127.0.0.1:8500/v1/agent/service/register

不需要的服务反注册

consul services deregister -id appmanager

检查服务

curl http://127.0.0.1:8500/v1/health/service/appmanager?passing=false | python -m json.tool

DNS集成方案1 (dnsmasq方案)

# echo "server=127.0.0.1" >> /etc/dnsmasq.conf 
echo -n '
server=/consul/127.0.0.1#8600
#server=/consul/10.1.234.165#8600
#server=/consul/10.1.234.166#8600
#server=114.144.144.144
#server=8.8.8.8

' | tee /etc/dnsmasq.d/consul 

systemctl restart dnsmasq
systemctl enable dnsmasq

测试DNS解析(支持LoadBalance)

$ ping appmanager.service.dc1.consul
PING appmanager.service.dc1.consul (10.1.234.164) 56(84) bytes of data.
64 bytes from host-10-1-234-164 (10.1.234.164): icmp_seq=1 ttl=63 time=0.443 ms
^C
$ ping appmanager.service.dc1.consul
PING appmanager.service.dc1.consul (10.1.234.165) 56(84) bytes of data.
64 bytes from host-10-1-234-165 (10.1.234.165): icmp_seq=1 ttl=63 time=0.525 ms
^C
$ ping appmanager.service.dc1.consul
PING appmanager.service.dc1.consul (10.1.234.166) 56(84) bytes of data.
64 bytes from host-10-1-234-166 (10.1.234.166): icmp_seq=1 ttl=63 time=0.770 ms

$ dig @127.0.0.1 -p 8600 appmanager.service.dc1.consul. ANY

Consul提供的集群的服务

dig consul.service.consul

DNS集成方案2 (启用Consul的DNS 53端口)

$ docker run -d --restart=always --net=host --name=consul1 -e CONSUL_BIND_INTERFACE=eth0 -e 'CONSUL_ALLOW_PRIVILEGED_PORTS=' consul agent --server=false --client=0.0.0.0 --join 10.1.234.164 --join 10.1.234.165 --join 10.1.234.166 -dns-port=53 -recursor=114.144.144.144

$ dig consul.service.consul

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> consul.service.consul
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22989
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 4

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;consul.service.consul.         IN      A

;; ANSWER SECTION:
consul.service.consul.  0       IN      A       10.1.234.164
consul.service.consul.  0       IN      A       10.1.234.165
consul.service.consul.  0       IN      A       10.1.234.166

;; ADDITIONAL SECTION:
consul.service.consul.  0       IN      TXT     "consul-network-segment="
consul.service.consul.  0       IN      TXT     "consul-network-segment="
consul.service.consul.  0       IN      TXT     "consul-network-segment="

;; Query time: 4 msec
;; SERVER: 10.1.241.54#53(10.1.241.54)
;; WHEN: Tue Dec 31 16:27:23 CST 2019
;; MSG SIZE  rcvd: 206

备注

如果只是做域名解析，可以不用安装consul client，在consul master上配置本机的consul域名解析（在dnsmasq中配置consul域名转到8600端口解析）：

[root@cent165 etc]# cat /etc/dnsmasq.d/consul 
server=/consul/127.0.0.1#8600

其它客户端机器配置域名解析到consul master：

root@jenkins ~]# vim /etc/resolv.conf
nameserver 10.1.234.165

默认情况下，consul client的53端口只开放127.0.0.1，如果需要对外开放，需要在docker启动参数中指定 -client=<interface ip>

域名重定向

假设设备的lan口地址是192.168.100.1那么，在/etc/dnsmasq.conf中加入address=/.com/192.168.100.1之后就可以实现所有访问.com的地址解析为lan1地址.

用dnsmasq代替hosts文件
普通hosts文件配置很方便，但是不支持通配符，像*.app.com 192.168.x.x是不可以的，但dnsmasq是支持的，编辑dnsmasq.conf，添加：address=/.tuli.com/192.168.x.x

参考

1. https://www.cnblogs.com/bossma/p/9756809.html
2. https://www.cnblogs.com/hutao722/p/9668202.html
3. https://hub.docker.com/_/consul