æè¿ Consul ãæ€èšŒããæ©äŒãããïŒãŸãå
šäœæŠèŠãææ¡ããããã«ãHashiConf 2018ãã§çºè¡šããããHashiCorp Learn Platformãã掻çšããããšã«ããïŒãHashiCorp Learn Platformã㯠HashiCorp ãæäŸããåŠç¿ã³ã³ãã³ãã§ïŒçŸåšã¯ Vault / Consul / Terraform / Nomad ããµããŒãããŠããïŒGetting Started ãš Advanced Tracks ãããïŒç¿ç床ã«åã£ãã³ã³ãã³ããéžã¶ããšãã§ããïŒèå³ã®ãã HashiCorp ãããã¯ãããã£ããããã«è©ŠããŠã¿ããšè¯ãããšïŒ
- HashiCorp Vault
- Getting Started
- Advanced Tracks
- Day 1: Deploying Your First Vault Cluster
- Secrets Management
- Identity and Access Management
- Encryption as a Service
- Security
- Operations
- Developer
- HashiCorp Consul
- Getting Started
- Getting Started with Kubernetes
- Advanced Tracks
- Day 1: Deploying Your First Datacenter
- Day 2: Advanced Operations
- HashiCorp Terraform
- Getting Started
- Advanced Tracks
- Getting Started - Azure
- Terraform Enterprise
- Developer
- Operations
- AWS Provider
- Azure Provider
- HashiCorp Nomad
learn.hashicorp.com
HashiCorp Learn ç»é¢
åºæ¬çã«åç»ãèŠãªããåè¬ããïŒåå¹æ©èœã¯ãªããã©ïŒäžéšã«ã¹ã¯ãªãããèŒã£ãŠããã®ã§å°ãããšã¯ãªããïŒã³ãã³ããã³ããŒãããšãã«ã䟿å©ã ã£ãïŒè±èªãéåžžã«èãåãããããªã£ãŠããïŒ
Learn how to deploy a service mesh with HashiCorp Consul : Getting Started
ä»åã¯ãLearn how to deploy a service mesh with HashiCorp Consulãã®ãGetting Startedããå®æœããïŒå
š9ã¹ãããããæ§æãããŠããïŒçŽ¯èšæéãã49 minããšïŒã³ã³ãã¯ãã«ãŸãšãŸã£ãŠããïŒ
- Install Consul (4 min)
- Run the Consul Agent (7 min)
- Registering Services (6 min)
- Connect (7 min)
- Consul Cluster (8 min)
- Registering Health Checks (5 min)
- KV Data (5 min)
- Web UI (4 min)
- Next Steps (3 min)
learn.hashicorp.com
Install Consul
ãŸãïŒConsul ãã€ã³ã¹ããŒã«ããïŒä»å㯠Mac ã§åããããïŒbrew ã䜿ãããšã«ããïŒ
$ brew install consul
$ consul version
Consul v1.4.2
Protocol 2 spoken by default, understands 2 to 3 (agent will automatically use protocol >2 when speaking to compatible agents)
OS ããšã«ãã€ããªãå
¬éãããŠããïŒ
www.consul.io
Run the Consul Agent
次ã«ïŒConsul Agent ããdevelopment server modeãã§èµ·åããïŒMac ã§åããå ŽåïŒkakakakakku.local ã®ããã«ã³ã³ãã¥ãŒã¿åã«ããªãªããå«ãŸããŠããå ŽåãããïŒConsul DNS ã«åœ±é¿ãããïŒä»å㯠-node ãªãã·ã§ã³ã䜿ã£ãŠïŒååãæå®ããããšã«ããïŒ
$ consul agent -dev -node machine
$ consul members
Node Address Status Type Build Protocol DC Segment
machine 127.0.0.1:8301 alive server 1.4.2 2 dc1 <all>
www.consul.io
Consul ã§ã¯ïŒããŒãæ
å ±ã API ãš DNS ããååŸã§ããïŒä»¥äžã¯ API ããããŒãæ
å ±ãååŸããŠããïŒ
$ curl localhost:8500/v1/catalog/nodes
[
{
"ID": "11111111-2222-3333-4444-555555555555",
"Node": "machine",
"Address": "127.0.0.1",
"Datacenter": "dc1",
"TaggedAddresses": {
"lan": "127.0.0.1",
"wan": "127.0.0.1"
},
"Meta": {
"consul-network-segment": ""
},
"CreateIndex": 9,
"ModifyIndex": 10
}
]
ãã㊠Consul DNS ã«ããŒãã® IP ãåãåãããïŒ
$ dig @127.0.0.1 -p 8600 machine.node.consul
ïŒäžç¥ïŒ
;; QUESTION SECTION:
;web.service.consul. IN A
;; ANSWER SECTION:
machine.node.consul. 0 IN A 127.0.0.1
;; ADDITIONAL SECTION:
machine.node.consul. 0 IN TXT "consul-network-segment="
ïŒäžç¥ïŒ
Registering Services
Consul ã«ãµãŒãã¹ãç»é²ããïŒãŸãèšå®ãã¡ã€ã«ã管çãã ./consul.d ãã£ã¬ã¯ããªãäœæãïŒä»¥äžã®ããã« web ãµãŒãã¹çšã® ./consul.d/web.json ãäœæããïŒ
{
"service": {
"name": "web",
"tags": [
"rails"
],
"port": 80
}
}
Consul Agent ãèµ·åãããšãã« -config-dir ãªãã·ã§ã³ãæå®ãããšãã£ã¬ã¯ããªãæå®ã§ããïŒä»åã¯ä»¥äžã®ããã«èµ·åãããšïŒã³ã³ãœãŒã«ã«ãµãŒãã¹ãèªèãããã°ãåºãŠããïŒ
$ consul agent -dev -config-dir=./consul.d -node machine
ïŒäžç¥ïŒ
2019/03/20 00:00:00 [DEBUG] agent: Service "web" in sync
ïŒäžç¥ïŒ
Consul DNS ã«ãµãŒãã¹ãåãåãããããšãã§ããïŒ
$ dig @127.0.0.1 -p 8600 web.service.consul
;; QUESTION SECTION:
;web.service.consul. IN A
;; ANSWER SECTION:
web.service.consul. 0 IN A 127.0.0.1
;; ADDITIONAL SECTION:
web.service.consul. 0 IN TXT "consul-network-segment="
Consul DNS 㯠SRV ã¬ã³ãŒããåãåãããããšãã§ãïŒä»å㯠machine.node.dc1.consul ã® 80 ããŒã㧠web ãµãŒãã¹ãåããŠããããšããããïŒ
$ dig @127.0.0.1 -p 8600 web.service.consul SRV
;; QUESTION SECTION:
;web.service.consul. IN SRV
;; ANSWER SECTION:
web.service.consul. 0 IN SRV 1 1 80 machine.node.dc1.consul.
;; ADDITIONAL SECTION:
machine.node.dc1.consul. 0 IN A 127.0.0.1
machine.node.dc1.consul. 0 IN TXT "consul-network-segment="
åœç¶ãªãã API ã§ãµãŒãã¹ã確èªããããšãã§ããïŒãŸã /health ãšã³ããã€ã³ããš ?passing ãã©ã¡ãŒã¿ãçµã¿åããããšæ£åžžãªã€ã³ã¹ã¿ã³ã¹ã確èªããããšãã§ããïŒ
$ curl http://localhost:8500/v1/catalog/service/web
$ curl 'http://localhost:8500/v1/health/service/web?passing'
Connect
次㫠Consul Connect ãåŠã¶ïŒConsul Connect ãšã¯ãµãŒãã¹éã®éä¿¡ãæ
åœããããã® Sidecar Pattern Proxy ãšè¡šçŸããããšãã§ããŠïŒè©³çŽ°ã¯ä»¥äžã®å
¬åŒããã¥ã¡ã³ãã«èŒã£ãŠããïŒ
www.consul.io
ãŸãïŒConsul Connect ã䜿ããã«ïŒsocat ã³ãã³ãã䜿ã£ã echo ãµãŒãã¹ãå®è£
ããïŒMac ã« socat ãã€ã³ã¹ããŒã«ããŠããå¿
èŠãããïŒnc ã§æ¥ç¶ãããšïŒæ£åžžã« echo ã§ããïŒãªãŠã è¿ãïŒïŒ
$ brew install socat
$ socat -v tcp-l:8181,fork exec:"/bin/cat"
$ nc 127.0.0.1 8181
hello
hello
echo
echo
以äžã® JSON ã ./consul.d/socat.json ãšããŠä¿åããïŒ
{
"service": {
"name": "socat",
"port": 8181,
"connect": {
"sidecar_service": {}
}
}
}
Consul ã«èšå®ãã¡ã€ã«ãåæ ããïŒæ£ç¢ºã«èšããš consul reload ãå®è¡ãããš Consul ããã»ã¹ã« SIGHUP ã·ã°ãã«ãéãããšã«ãªãïŒ
$ consul reload
Configuration reload triggered
次㫠Consul Connect ã®èšå®ããïŒãµãŒãã¹ã«æ¥ç¶ãããšïŒProxy ãçµç±ã㊠echo ã§ããããã«ãªãïŒ
$ consul connect proxy -sidecar-for socat
$ consul connect proxy -service web -upstream socat:9191
$ nc 127.0.0.1 9191
Hello Consul via Connect
Hello Consul via Connect
å®éã«äœ¿ãå Žå㯠./consul.d/web.json ã«äŸåé¢ä¿ãæžãããšã«ãªãïŒ
{
"service": {
"name": "web",
"port": 8080,
"connect": {
"sidecar_service": {
"proxy": {
"upstreams": [{
"destination_name": "socat",
"local_bind_port": 9191
}]
}
}
}
}
}
æ¹ã㊠Proxy ãèµ·åãããš echo ã§ããããã«ãªãïŒ
$ consul reload
Configuration reload triggered
$ consul connect proxy -sidecar-for web
ããã«ïŒConsul Connect ã«ã¯ Intentions ãšèšãããµãŒãã¹èªå¯ãã®ä»çµã¿ãããïŒä»¥äžã®ããã« web â socat ã deny ãããš echo ã§ããªããªãïŒèšå®ãåé€ãããš echo ã§ããªããªãïŒ
$ consul intention create -deny web socat
Created: web => socat (deny)
$ nc 127.0.0.1 9191
$ consul intention delete web socat
Intention deleted.
$ nc 127.0.0.1 9191
Hello Consul via Connect
Hello Consul via Connect
Intentions ã®è©³çŽ°ã¯å
¬åŒããã¥ã¡ã³ãã«èŒã£ãŠããïŒãµãŒãã¹ã¡ãã·ã¥ãå®è£
ãããšãã«ãã詳ããç解ããŠããå¿
èŠãããïŒ
www.consul.io
Consul Cluster
次㫠Vagrant ã䜿ã£ãŠä»®æ³ç°å¢ã2å°æ§ç¯ãïŒConsul Cluster ãè©ŠãïŒä»¥äžã«ãã Consul ãã¢çšã® Vagrantfile ãèµ·åãããš n1 ãš n2 ãèµ·åã§ããïŒ
ä»å㯠n1 ã Consul Agent Server ãšããŠïŒn2 ã Consul Agent Client ãšããŠäœ¿ãïŒ
[n1] $ consul agent -server -bootstrap-expect=1 \
-data-dir=/tmp/consul -node=agent-one -bind=172.20.20.10 \
-enable-script-checks=true -config-dir=/etc/consul.d
[n2] $ consul agent -data-dir=/tmp/consul -node=agent-two \
-bind=172.20.20.11 -enable-script-checks=true -config-dir=/etc/consul.d
n1 㧠n2 ã Consul Cluster ã« join ããããšïŒããŒãæ
å ±ãå
±æã§ããããã«ãªãïŒ
[n1] $ consul members
Node Address Status Type Build Protocol DC Segment
agent-one 172.20.20.10:8301 alive server 1.4.3 2 dc1 <all>
[n1] $ consul join 172.20.20.11
Successfully joined cluster by contacting 1 nodes.
[n1] $ consul members
Node Address Status Type Build Protocol DC Segment
agent-one 172.20.20.10:8301 alive server 1.4.3 2 dc1 <all>
agent-two 172.20.20.11:8301 alive client 1.4.3 2 dc1 <default>
[n2] $ consul members
Node Address Status Type Build Protocol DC Segment
agent-one 172.20.20.10:8301 alive server 1.4.3 2 dc1 <all>
agent-two 172.20.20.11:8301 alive client 1.4.3 2 dc1 <default>
ãã㊠Consul DNS ã䜿ã£ãŠããŒãæ
å ±ãåãåãããããšãã§ããïŒ
[n1] $ dig @127.0.0.1 -p 8600 agent-two.node.consul
;; QUESTION SECTION:
;agent-two.node.consul. IN A
;; ANSWER SECTION:
agent-two.node.consul. 0 IN A 172.20.20.11
;; ADDITIONAL SECTION:
agent-two.node.consul. 0 IN TXT "consul-network-segment="
ãªãïŒã¯ã©ãŠãç°å¢ã§ Auto Scaling ãããå ŽåïŒèªåçã« Consul Cluster ã« join ãããå¿
èŠãããïŒAmazon EC2 ãªã tag ãæå®ãïŒèªååã§ããïŒè©³çŽ°ã¯å
¬åŒããã¥ã¡ã³ãã«èŒã£ãŠããïŒ
www.consul.io
Registering Health Checks
åŒãç¶ã Consul Cluster ç°å¢ã䜿ã£ãŠïŒãã«ã¹ãã§ãã¯ãèšå®ããïŒãŸãïŒn2 ã«2åã®èšå®ãããïŒ1åç®ã¯ google.com ã« ping ããã /etc/consul.d/ping.json ãšãªãïŒ
{
"check": {
"name": "ping",
"args": [
"ping",
"-c1",
"google.com"
],
"interval": "30s"
}
}
2åç®ã¯ localhost ã« curl ããã /etc/consul.d/web.json ãšãªãïŒæå³çã«ãã«ã¹ãã§ãã¯ã¯å€±æããããã«ãªã£ãŠããïŒãããŠèšå®åŸã¯ consul reload ãå®è¡ããïŒ
{
"service": {
"name": "web",
"tags": [
"rails"
],
"port": 80,
"check": {
"args": [
"curl",
"localhost"
],
"interval": "10s"
}
}
}
以äžã®ãšã³ããã€ã³ããå©ããšïŒç°åžžã確èªã§ããïŒ
[n1] $ curl http://localhost:8500/v1/health/state/critical
ç°åžžãšå€å®ãããŠããããïŒConsul DNS ã«åãåãããããŠãïŒäœãè¿ã£ãŠããªããªãïŒ
[n1] dig @127.0.0.1 -p 8600 web.service.consul
ïŒäžç¥ïŒ
;; QUESTION SECTION:
;ping.service.consul. IN A
ïŒäžç¥ïŒ
KV Data
次㫠Consul KVS ãè©ŠãïŒãµã³ãã«ãšã㊠Redis Configuration ãªã©ãèšå®ããïŒ-recurse ãªãã·ã§ã³ã¯èŠããŠãããšè¯ãããïŒ
$ consul kv get redis/config/minconns
Error! No key exists at: redis/config/minconns
$ consul kv put redis/config/minconns 1
Success! Data written to: redis/config/minconns
$ consul kv put redis/config/maxconns 25
Success! Data written to: redis/config/maxconns
$ consul kv put -flags=42 redis/config/users/admin abcd1234
Success! Data written to: redis/config/users/admin
$ consul kv get redis/config/minconns
1
$ consul kv get -detailed redis/config/minconns
CreateIndex 19
Flags 0
Key redis/config/minconns
LockIndex 0
ModifyIndex 19
Session -
Value 1
$ consul kv get -recurse
redis/config/maxconns:25
redis/config/minconns:1
redis/config/users/admin:abcd1234
$ consul kv delete redis/config/minconns
Success! Deleted key: redis/config/minconns
$ consul kv delete -recurse redis
Success! Deleted keys with prefix: redis
ãŸã Consul KVS ã¯ãCheck-And-Set operationãããµããŒãããŠããïŒææ°æŽæ°ãè¡šçŸãã ModifyIndex ãæå®ããããšã«ããïŒã¢ãããã¯ã«æŽæ°ã§ããããã«ãªãïŒ
$ consul kv put foo bar
Success! Data written to: foo
$ consul kv get foo
bar
$ consul kv put foo zip
Success! Data written to: foo
$ consul kv get foo
zip
$ consul kv get -detailed foo
CreateIndex 39
Flags 0
Key foo
LockIndex 0
ModifyIndex 41
Session -
Value zip
$ consul kv put -cas -modify-index=123 foo bar
Error! Did not write to foo: CAS failed
$ consul kv put -cas -modify-index=41 foo bar
Success! Data written to: foo
$ consul kv put -cas -modify-index=41 foo bar
Error! Did not write to foo: CAS failed
$ consul kv get -detailed foo
CreateIndex 39
Flags 0
Key foo
LockIndex 0
ModifyIndex 46
Session -
Value bar
KV Store Endpoints ã®è©³çŽ°ã¯å
¬åŒããã¥ã¡ã³ãã«èŒã£ãŠããïŒ
www.consul.io
ãŸã Consul KVS ã®å€ã¯ Consul Web UI ãã確èªããããšãã§ããïŒ
Web UI
ç¹ã«å
容ã¯ãªãïŒConsul Web UI ã確èªããïŒ-ui ãªãã·ã§ã³ãè¿œå ãããšïŒhttp://localhost:8500/ui ã«ã¢ã¯ã»ã¹ã§ããããã«ãªãïŒ
$ consul agent -dev -ui -node machine
Next Steps
次ã¯ãAdvanced Tracksãã«é²ãã ãïŒããã¥ã¡ã³ããèªããïŒãšããå
容ã«ãªã£ãŠããïŒä»ã³ãŒã¹ãã©ãã©ãåŠãã§ããïŒ
ãŸãšã
- HashiCorp ãããã¯ããåŠã¶ãªããHashiCorp Learn Platformãã掻çšãã
- çŸåš Vault / Consul / Terraform / Nomad ããµããŒãããŠãã
- ä»åã¯ãLearn how to deploy a service mesh with HashiCorp Consulãã®ãGetting Startedããå®æœãã
- Consul ã®åºæ¬æ©èœã網çŸ
çã«åŠã¶ããšãã§ãã
- èå³ã®ãã HashiCorp ãããã¯ãããã£ããããã«è©ŠããŠã¿ããšè¯ãããšïŒ
