Consul von HashiCorp bietet Service Discovery, Health Checking und Key-Value Storage. Es ist ideal für Microservices-Architekturen und dynamische Infrastrukturen.
Installation
# Binary herunterladen
wget https://releases.hashicorp.com/consul/1.17.1/consul_1.17.1_linux_amd64.zip
unzip consul_1.17.1_linux_amd64.zip
mv consul /usr/local/bin/
# Version prüfen
consul versionDevelopment-Modus
# Schnellstart für Tests
consul agent -dev
# Web-UI: http://localhost:8500Server-Konfiguration
Server-Konfig
# /etc/consul.d/server.hcl
datacenter = "dc1"
data_dir = "/var/lib/consul"
node_name = "consul-server-1"
server = true
bootstrap_expect = 3
bind_addr = "192.168.1.10"
client_addr = "0.0.0.0"
ui_config {
enabled = true
}
# Cluster-Join
retry_join = ["192.168.1.10", "192.168.1.11", "192.168.1.12"]
# Verschlüsselung
encrypt = "ENCRYPTION_KEY"Encryption-Key generieren
consul keygen
# Ausgabe in encrypt eintragenSystemd-Service
# /etc/systemd/system/consul.service
[Unit]
Description=Consul Agent
After=network-online.target
[Service]
ExecStart=/usr/local/bin/consul agent -config-dir=/etc/consul.d/
ExecReload=/bin/kill -HUP $MAINPID
Restart=on-failure
[Install]
WantedBy=multi-user.targetClient-Konfiguration
# /etc/consul.d/client.hcl
datacenter = "dc1"
data_dir = "/var/lib/consul"
node_name = "web-server-1"
server = false
bind_addr = "192.168.1.20"
retry_join = ["192.168.1.10", "192.168.1.11", "192.168.1.12"]
encrypt = "ENCRYPTION_KEY"Service Discovery
Service registrieren
# /etc/consul.d/web-service.hcl
service {
name = "web"
port = 80
tags = ["production", "v1"]
check {
http = "http://localhost:80/health"
interval = "10s"
timeout = "2s"
}
}Über API registrieren
curl -X PUT http://localhost:8500/v1/agent/service/register -d '{
"Name": "api",
"Port": 8080,
"Tags": ["production"],
"Check": {
"HTTP": "http://localhost:8080/health",
"Interval": "10s"
}
}'Services abfragen
# Alle Services
consul catalog services
# Service-Details
consul catalog nodes -service=web
# Via API
curl http://localhost:8500/v1/catalog/service/webDNS-Interface
# Service-Lookup
dig @127.0.0.1 -p 8600 web.service.consul
# Mit DC
dig @127.0.0.1 -p 8600 web.service.dc1.consul
# SRV-Records (mit Port)
dig @127.0.0.1 -p 8600 web.service.consul SRVHealth Checks
Check-Typen
# HTTP-Check
check {
http = "http://localhost:8080/health"
interval = "10s"
timeout = "2s"
}
# TCP-Check
check {
tcp = "localhost:3306"
interval = "10s"
}
# Script-Check
check {
args = ["/usr/local/bin/check-service.sh"]
interval = "30s"
}
# TTL-Check (Service meldet sich)
check {
ttl = "30s"
}TTL-Check aktualisieren
# Status melden
curl -X PUT http://localhost:8500/v1/agent/check/pass/service:web
curl -X PUT http://localhost:8500/v1/agent/check/fail/service:webKey-Value Store
CLI
# Schreiben
consul kv put config/database/host "db.example.de"
consul kv put config/database/port "5432"
# Lesen
consul kv get config/database/host
# Mit Prefix
consul kv get -recurse config/database/
# Löschen
consul kv delete config/database/host
consul kv delete -recurse config/database/API
# Schreiben
curl -X PUT -d 'db.example.de' http://localhost:8500/v1/kv/config/database/host
# Lesen
curl http://localhost:8500/v1/kv/config/database/host
# Wert ist Base64-kodiert
# Dekodiert
curl http://localhost:8500/v1/kv/config/database/host?rawWatch
# Auf Änderungen warten
consul watch -type=key -key=config/database/host catACL (Access Control)
ACL aktivieren
# server.hcl
acl {
enabled = true
default_policy = "deny"
enable_token_persistence = true
}Bootstrap
consul acl bootstrap
# Gibt Bootstrap-Token aus - sicher aufbewahren!Policies und Tokens
# Policy erstellen
consul acl policy create -name "read-config" -rules @policy.hcl
# Token erstellen
consul acl token create -policy-name="read-config"# policy.hcl
key_prefix "config/" {
policy = "read"
}
service_prefix "" {
policy = "read"
}Prepared Queries
# Query erstellen
curl -X POST http://localhost:8500/v1/query -d '{
"Name": "healthy-web",
"Service": {
"Service": "web",
"OnlyPassing": true
}
}'
# Query ausführen
curl http://localhost:8500/v1/query/healthy-web/execute
# Via DNS
dig @127.0.0.1 -p 8600 healthy-web.query.consulConsul Template
# Installation
wget https://releases.hashicorp.com/consul-template/0.35.0/consul-template_0.35.0_linux_amd64.zip
unzip consul-template_0.35.0_linux_amd64.zip
mv consul-template /usr/local/bin/Template
# nginx.ctmpl
upstream backend {
{{range service "web"}}
server {{.Address}}:{{.Port}};
{{end}}
}
server {
listen 80;
location / {
proxy_pass http://backend;
}
}Ausführen
consul-template \
-template "nginx.ctmpl:nginx.conf:nginx -s reload"Backup und Restore
# Snapshot erstellen
consul snapshot save backup.snap
# Restore
consul snapshot restore backup.snapMonitoring
# Cluster-Status
consul members
# Leader
consul operator raft list-peers
# Metriken
curl http://localhost:8500/v1/agent/metricsPraktisches Beispiel
Load Balancer mit Consul Template
# /etc/consul-template/haproxy.ctmpl
backend web_backend
balance roundrobin
{{range service "web"}}
server {{.ID}} {{.Address}}:{{.Port}} check
{{end}}consul-template \
-template "/etc/consul-template/haproxy.ctmpl:/etc/haproxy/haproxy.cfg:systemctl reload haproxy"Zusammenfassung
| Befehl | Funktion | |--------|----------| | consul agent | Agent starten | | consul members | Cluster-Status | | consul catalog services | Services auflisten | | consul kv put/get | Key-Value Operationen | | consul snapshot | Backup/Restore |
| Port | Verwendung | |------|------------| | 8500 | HTTP API | | 8600 | DNS | | 8301 | LAN Serf | | 8302 | WAN Serf | | 8300 | RPC |
| Konzept | Beschreibung | |---------|--------------| | Service | Registrierter Dienst | | Check | Health Check | | KV | Key-Value Store | | ACL | Zugriffskontrolle |
Fazit
Consul vereint Service Discovery und Konfiguration. Das DNS-Interface ermöglicht einfache Integration. Health Checks sorgen für Zuverlässigkeit. Consul Template automatisiert Konfigurationen. Für Kubernetes ist Consul via Helm Chart verfügbar.
