æè¿ Consul ãæ€èšŒããæ©äŒãããïŒãŸãå šäœæŠèŠãææ¡ããããã«ãHashiConf 2018ãã§çºè¡šããããHashiCorp Learn Platformãã掻çšããããšã«ããïŒãHashiCorp Learn Platformã㯠HashiCorp ãæäŸããåŠç¿ã³ã³ãã³ãã§ïŒçŸåšã¯ Vault / Consul / Terraform / Nomad ããµããŒãããŠããïŒGetting Started ãš Advanced Tracks ãããïŒç¿ç床ã«åã£ãã³ã³ãã³ããéžã¶ããšãã§ããïŒèå³ã®ãã HashiCorp ãããã¯ãããã£ããããã«è©ŠããŠã¿ããšè¯ãããšïŒ
- HashiCorp Vault
- Getting Started
- Advanced Tracks
- Day 1: Deploying Your First Vault Cluster
- Secrets Management
- Identity and Access Management
- Encryption as a Service
- Security
- Operations
- Developer
- HashiCorp Consul
- Getting Started
- Getting Started with Kubernetes
- Advanced Tracks
- Day 1: Deploying Your First Datacenter
- Day 2: Advanced Operations
- HashiCorp Terraform
- Getting Started
- Advanced Tracks
- Getting Started - Azure
- Terraform Enterprise
- Developer
- Operations
- AWS Provider
- Azure Provider
- HashiCorp Nomad
- Getting Started
HashiCorp Learn ç»é¢
åºæ¬çã«åç»ãèŠãªããåè¬ããïŒåå¹æ©èœã¯ãªããã©ïŒäžéšã«ã¹ã¯ãªãããèŒã£ãŠããã®ã§å°ãããšã¯ãªããïŒã³ãã³ããã³ããŒãããšãã«ã䟿å©ã ã£ãïŒè±èªãéåžžã«èãåãããããªã£ãŠããïŒ
Learn how to deploy a service mesh with HashiCorp Consul : Getting Started
ä»åã¯ãLearn how to deploy a service mesh with HashiCorp Consulãã®ãGetting Startedããå®æœããïŒå š9ã¹ãããããæ§æãããŠããïŒçŽ¯èšæéãã49 minããšïŒã³ã³ãã¯ãã«ãŸãšãŸã£ãŠããïŒ
- Install Consul (4 min)
- Run the Consul Agent (7 min)
- Registering Services (6 min)
- Connect (7 min)
- Consul Cluster (8 min)
- Registering Health Checks (5 min)
- KV Data (5 min)
- Web UI (4 min)
- Next Steps (3 min)
Install Consul
ãŸãïŒConsul ãã€ã³ã¹ããŒã«ããïŒä»å㯠Mac ã§åããããïŒbrew ã䜿ãããšã«ããïŒ
$ brew install consul $ consul version Consul v1.4.2 Protocol 2 spoken by default, understands 2 to 3 (agent will automatically use protocol >2 when speaking to compatible agents)
OS ããšã«ãã€ããªãå ¬éãããŠããïŒ
Run the Consul Agent
次ã«ïŒConsul Agent ããdevelopment server modeãã§èµ·åããïŒMac ã§åããå ŽåïŒkakakakakku.local ã®ããã«ã³ã³ãã¥ãŒã¿åã«ããªãªããå«ãŸããŠããå ŽåãããïŒConsul DNS ã«åœ±é¿ãããïŒä»å㯠-node ãªãã·ã§ã³ã䜿ã£ãŠïŒååãæå®ããããšã«ããïŒ
$ consul agent -dev -node machine $ consul members Node Address Status Type Build Protocol DC Segment machine 127.0.0.1:8301 alive server 1.4.2 2 dc1 <all>
Consul ã§ã¯ïŒããŒãæ å ±ã API ãš DNS ããååŸã§ããïŒä»¥äžã¯ API ããããŒãæ å ±ãååŸããŠããïŒ
$ curl localhost:8500/v1/catalog/nodes [ { "ID": "11111111-2222-3333-4444-555555555555", "Node": "machine", "Address": "127.0.0.1", "Datacenter": "dc1", "TaggedAddresses": { "lan": "127.0.0.1", "wan": "127.0.0.1" }, "Meta": { "consul-network-segment": "" }, "CreateIndex": 9, "ModifyIndex": 10 } ]
ãã㊠Consul DNS ã«ããŒãã® IP ãåãåãããïŒ
$ dig @127.0.0.1 -p 8600 machine.node.consul ïŒäžç¥ïŒ ;; QUESTION SECTION: ;web.service.consul. IN A ;; ANSWER SECTION: machine.node.consul. 0 IN A 127.0.0.1 ;; ADDITIONAL SECTION: machine.node.consul. 0 IN TXT "consul-network-segment=" ïŒäžç¥ïŒ
Registering Services
Consul ã«ãµãŒãã¹ãç»é²ããïŒãŸãèšå®ãã¡ã€ã«ã管çãã ./consul.d ãã£ã¬ã¯ããªãäœæãïŒä»¥äžã®ããã« web ãµãŒãã¹çšã® ./consul.d/web.json ãäœæããïŒ
{ "service": { "name": "web", "tags": [ "rails" ], "port": 80 } }
Consul Agent ãèµ·åãããšãã« -config-dir ãªãã·ã§ã³ãæå®ãããšãã£ã¬ã¯ããªãæå®ã§ããïŒä»åã¯ä»¥äžã®ããã«èµ·åãããšïŒã³ã³ãœãŒã«ã«ãµãŒãã¹ãèªèãããã°ãåºãŠããïŒ
$ consul agent -dev -config-dir=./consul.d -node machine ïŒäžç¥ïŒ 2019/03/20 00:00:00 [DEBUG] agent: Service "web" in sync ïŒäžç¥ïŒ
Consul DNS ã«ãµãŒãã¹ãåãåãããããšãã§ããïŒ
$ dig @127.0.0.1 -p 8600 web.service.consul ;; QUESTION SECTION: ;web.service.consul. IN A ;; ANSWER SECTION: web.service.consul. 0 IN A 127.0.0.1 ;; ADDITIONAL SECTION: web.service.consul. 0 IN TXT "consul-network-segment="
Consul DNS 㯠SRV ã¬ã³ãŒããåãåãããããšãã§ãïŒä»å㯠machine.node.dc1.consul ã® 80 ããŒã㧠web ãµãŒãã¹ãåããŠããããšããããïŒ
$ dig @127.0.0.1 -p 8600 web.service.consul SRV ;; QUESTION SECTION: ;web.service.consul. IN SRV ;; ANSWER SECTION: web.service.consul. 0 IN SRV 1 1 80 machine.node.dc1.consul. ;; ADDITIONAL SECTION: machine.node.dc1.consul. 0 IN A 127.0.0.1 machine.node.dc1.consul. 0 IN TXT "consul-network-segment="
åœç¶ãªãã API ã§ãµãŒãã¹ã確èªããããšãã§ããïŒãŸã /health ãšã³ããã€ã³ããš ?passing ãã©ã¡ãŒã¿ãçµã¿åããããšæ£åžžãªã€ã³ã¹ã¿ã³ã¹ã確èªããããšãã§ããïŒ
$ curl http://localhost:8500/v1/catalog/service/web $ curl 'http://localhost:8500/v1/health/service/web?passing'
Connect
次㫠Consul Connect ãåŠã¶ïŒConsul Connect ãšã¯ãµãŒãã¹éã®éä¿¡ãæ åœããããã® Sidecar Pattern Proxy ãšè¡šçŸããããšãã§ããŠïŒè©³çŽ°ã¯ä»¥äžã®å ¬åŒããã¥ã¡ã³ãã«èŒã£ãŠããïŒ
ãŸãïŒConsul Connect ã䜿ããã«ïŒsocat ã³ãã³ãã䜿ã£ã echo ãµãŒãã¹ãå®è£
ããïŒMac ã« socat ãã€ã³ã¹ããŒã«ããŠããå¿
èŠãããïŒnc ã§æ¥ç¶ãããšïŒæ£åžžã« echo ã§ããïŒãªãŠã è¿ãïŒïŒ
$ brew install socat $ socat -v tcp-l:8181,fork exec:"/bin/cat" $ nc 127.0.0.1 8181 hello hello echo echo
以äžã® JSON ã ./consul.d/socat.json ãšããŠä¿åããïŒ
{ "service": { "name": "socat", "port": 8181, "connect": { "sidecar_service": {} } } }
Consul ã«èšå®ãã¡ã€ã«ãåæ ããïŒæ£ç¢ºã«èšããš consul reload ãå®è¡ãããš Consul ããã»ã¹ã« SIGHUP ã·ã°ãã«ãéãããšã«ãªãïŒ
$ consul reload Configuration reload triggered
次㫠Consul Connect ã®èšå®ããïŒãµãŒãã¹ã«æ¥ç¶ãããšïŒProxy ãçµç±ã㊠echo ã§ããããã«ãªãïŒ
$ consul connect proxy -sidecar-for socat $ consul connect proxy -service web -upstream socat:9191 $ nc 127.0.0.1 9191 Hello Consul via Connect Hello Consul via Connect
å®éã«äœ¿ãå Žå㯠./consul.d/web.json ã«äŸåé¢ä¿ãæžãããšã«ãªãïŒ
{ "service": { "name": "web", "port": 8080, "connect": { "sidecar_service": { "proxy": { "upstreams": [{ "destination_name": "socat", "local_bind_port": 9191 }] } } } } }
æ¹ã㊠Proxy ãèµ·åãããš echo ã§ããããã«ãªãïŒ
$ consul reload Configuration reload triggered $ consul connect proxy -sidecar-for web
ããã«ïŒConsul Connect ã«ã¯ Intentions ãšèšãããµãŒãã¹èªå¯ãã®ä»çµã¿ãããïŒä»¥äžã®ããã« web â socat ã deny ãããš echo ã§ããªããªãïŒèšå®ãåé€ãããš echo ã§ããªããªãïŒ
$ consul intention create -deny web socat Created: web => socat (deny) $ nc 127.0.0.1 9191 $ consul intention delete web socat Intention deleted. $ nc 127.0.0.1 9191 Hello Consul via Connect Hello Consul via Connect
Intentions ã®è©³çŽ°ã¯å ¬åŒããã¥ã¡ã³ãã«èŒã£ãŠããïŒãµãŒãã¹ã¡ãã·ã¥ãå®è£ ãããšãã«ãã詳ããç解ããŠããå¿ èŠãããïŒ
Consul Cluster
次㫠Vagrant ã䜿ã£ãŠä»®æ³ç°å¢ã2å°æ§ç¯ãïŒConsul Cluster ãè©ŠãïŒä»¥äžã«ãã Consul ãã¢çšã® Vagrantfile ãèµ·åãããš n1 ãš n2 ãèµ·åã§ããïŒ
ä»å㯠n1 ã Consul Agent Server ãšããŠïŒn2 ã Consul Agent Client ãšããŠäœ¿ãïŒ
[n1] $ consul agent -server -bootstrap-expect=1 \ -data-dir=/tmp/consul -node=agent-one -bind=172.20.20.10 \ -enable-script-checks=true -config-dir=/etc/consul.d [n2] $ consul agent -data-dir=/tmp/consul -node=agent-two \ -bind=172.20.20.11 -enable-script-checks=true -config-dir=/etc/consul.d
n1 㧠n2 ã Consul Cluster ã« join ããããšïŒããŒãæ
å ±ãå
±æã§ããããã«ãªãïŒ
[n1] $ consul members Node Address Status Type Build Protocol DC Segment agent-one 172.20.20.10:8301 alive server 1.4.3 2 dc1 <all> [n1] $ consul join 172.20.20.11 Successfully joined cluster by contacting 1 nodes. [n1] $ consul members Node Address Status Type Build Protocol DC Segment agent-one 172.20.20.10:8301 alive server 1.4.3 2 dc1 <all> agent-two 172.20.20.11:8301 alive client 1.4.3 2 dc1 <default> [n2] $ consul members Node Address Status Type Build Protocol DC Segment agent-one 172.20.20.10:8301 alive server 1.4.3 2 dc1 <all> agent-two 172.20.20.11:8301 alive client 1.4.3 2 dc1 <default>
ãã㊠Consul DNS ã䜿ã£ãŠããŒãæ å ±ãåãåãããããšãã§ããïŒ
[n1] $ dig @127.0.0.1 -p 8600 agent-two.node.consul ;; QUESTION SECTION: ;agent-two.node.consul. IN A ;; ANSWER SECTION: agent-two.node.consul. 0 IN A 172.20.20.11 ;; ADDITIONAL SECTION: agent-two.node.consul. 0 IN TXT "consul-network-segment="
ãªãïŒã¯ã©ãŠãç°å¢ã§ Auto Scaling ãããå ŽåïŒèªåçã« Consul Cluster ã« join ãããå¿ èŠãããïŒAmazon EC2 ãªã tag ãæå®ãïŒèªååã§ããïŒè©³çŽ°ã¯å ¬åŒããã¥ã¡ã³ãã«èŒã£ãŠããïŒ
Registering Health Checks
åŒãç¶ã Consul Cluster ç°å¢ã䜿ã£ãŠïŒãã«ã¹ãã§ãã¯ãèšå®ããïŒãŸãïŒn2 ã«2åã®èšå®ãããïŒ1åç®ã¯ google.com ã« ping ããã /etc/consul.d/ping.json ãšãªãïŒ
{ "check": { "name": "ping", "args": [ "ping", "-c1", "google.com" ], "interval": "30s" } }
2åç®ã¯ localhost ã« curl ããã /etc/consul.d/web.json ãšãªãïŒæå³çã«ãã«ã¹ãã§ãã¯ã¯å€±æããããã«ãªã£ãŠããïŒãããŠèšå®åŸã¯ consul reload ãå®è¡ããïŒ
{ "service": { "name": "web", "tags": [ "rails" ], "port": 80, "check": { "args": [ "curl", "localhost" ], "interval": "10s" } } }
以äžã®ãšã³ããã€ã³ããå©ããšïŒç°åžžã確èªã§ããïŒ
[n1] $ curl http://localhost:8500/v1/health/state/critical
ç°åžžãšå€å®ãããŠããããïŒConsul DNS ã«åãåãããããŠãïŒäœãè¿ã£ãŠããªããªãïŒ
[n1] dig @127.0.0.1 -p 8600 web.service.consul ïŒäžç¥ïŒ ;; QUESTION SECTION: ;ping.service.consul. IN A ïŒäžç¥ïŒ
KV Data
次㫠Consul KVS ãè©ŠãïŒãµã³ãã«ãšã㊠Redis Configuration ãªã©ãèšå®ããïŒ-recurse ãªãã·ã§ã³ã¯èŠããŠãããšè¯ãããïŒ
$ consul kv get redis/config/minconns Error! No key exists at: redis/config/minconns $ consul kv put redis/config/minconns 1 Success! Data written to: redis/config/minconns $ consul kv put redis/config/maxconns 25 Success! Data written to: redis/config/maxconns $ consul kv put -flags=42 redis/config/users/admin abcd1234 Success! Data written to: redis/config/users/admin $ consul kv get redis/config/minconns 1 $ consul kv get -detailed redis/config/minconns CreateIndex 19 Flags 0 Key redis/config/minconns LockIndex 0 ModifyIndex 19 Session - Value 1 $ consul kv get -recurse redis/config/maxconns:25 redis/config/minconns:1 redis/config/users/admin:abcd1234 $ consul kv delete redis/config/minconns Success! Deleted key: redis/config/minconns $ consul kv delete -recurse redis Success! Deleted keys with prefix: redis
ãŸã Consul KVS ã¯ãCheck-And-Set operationãããµããŒãããŠããïŒææ°æŽæ°ãè¡šçŸãã ModifyIndex ãæå®ããããšã«ããïŒã¢ãããã¯ã«æŽæ°ã§ããããã«ãªãïŒ
$ consul kv put foo bar Success! Data written to: foo $ consul kv get foo bar $ consul kv put foo zip Success! Data written to: foo $ consul kv get foo zip $ consul kv get -detailed foo CreateIndex 39 Flags 0 Key foo LockIndex 0 ModifyIndex 41 Session - Value zip $ consul kv put -cas -modify-index=123 foo bar Error! Did not write to foo: CAS failed $ consul kv put -cas -modify-index=41 foo bar Success! Data written to: foo $ consul kv put -cas -modify-index=41 foo bar Error! Did not write to foo: CAS failed $ consul kv get -detailed foo CreateIndex 39 Flags 0 Key foo LockIndex 0 ModifyIndex 46 Session - Value bar
KV Store Endpoints ã®è©³çŽ°ã¯å ¬åŒããã¥ã¡ã³ãã«èŒã£ãŠããïŒ
ãŸã Consul KVS ã®å€ã¯ Consul Web UI ãã確èªããããšãã§ããïŒ
Web UI
ç¹ã«å
容ã¯ãªãïŒConsul Web UI ã確èªããïŒ-ui ãªãã·ã§ã³ãè¿œå ãããšïŒhttp://localhost:8500/ui ã«ã¢ã¯ã»ã¹ã§ããããã«ãªãïŒ
$ consul agent -dev -ui -node machine
Next Steps
次ã¯ãAdvanced Tracksãã«é²ãã ãïŒããã¥ã¡ã³ããèªããïŒãšããå 容ã«ãªã£ãŠããïŒä»ã³ãŒã¹ãã©ãã©ãåŠãã§ããïŒ
ãŸãšã
- HashiCorp ãããã¯ããåŠã¶ãªããHashiCorp Learn Platformãã掻çšãã
- çŸåš Vault / Consul / Terraform / Nomad ããµããŒãããŠãã
- ä»åã¯ãLearn how to deploy a service mesh with HashiCorp Consulãã®ãGetting Startedããå®æœãã
- Consul ã®åºæ¬æ©èœãç¶²çŸ çã«åŠã¶ããšãã§ãã
- èå³ã®ãã HashiCorp ãããã¯ãããã£ããããã«è©ŠããŠã¿ããšè¯ãããšïŒ
