Hashicorp Consul 提供了相當豐富的 Service Mesh 功能,能夠替分散式服務快速地做服務發現、服務動態劃分和服務設定,Consul 也可以支援多種 runtime 平台,也和許多工具或雲服務商做很好的 Cloud-Native 整合。此 Workshop 主要分為幾個主軸:
- Why Configuration Management?
- Consul 基本使用操作: KV Store, Service Registering and Building a Consul Cluster
- 佈署 Consul 到 Production 環境前所需注意事項
2. Levi Chen
Software Engineer in Common Service Team @ 91APP
Contact Me @
● FB: https://www.facebook.com/ChenJiunYi
● Blog: http://blog.levichen.tw/
About Me
25. CH01 Why Configuration Management?
● Morden app are smaller, compostable & portable
● More fixable service management
● Single code base multiple deployment
● External services are unstable
29. E = Number of Environments
N = Number of Services
M = Number of Instances
The Deployment Complexity = E * N * M
30. CH01 Why Configuration Management?
● Morden app are smaller, compostable & portable
● More fixable service management
● Single code base multiple deployment
● External services are unstable
40. CH01 Why Configuration Management?
● Morden app are smaller, compostable & portable
● More fixable service management
● Single code base multiple deployment
● External services are unstable
46. Environment 1
AM
CI Server
1. Build Code
CMService B 3. Get Configuration
2. Get Artifact
Environment 2
CMService B 3. Get Configuration
2. Get Artifact
Configuration
(Git)
1. Build Configuration
47. CH01 Why Configuration Management?
● Morden app are smaller, compostable & portable
● More fixable service management
● Single code base multiple deployment
● External services are unstable
64. Please launch two terminals on Cloud9
Terminal 1 For starting Consul
Terminal 2 For executing commands
65. // terminal 1
$ consul agent -dev -ui -http-port 8080
// terminal 2
$ export CONSUL_HTTP_ADDR=http://localhost:8080
$ consul members
Launch Consul in Develop mode and check cluster members
69. CH02 Play with Consul: KV
● Key value store
● Used to hold dynamic configuration
70. // In terminal 2
$ export CONSUL_HTTP_ADDR=http://localhost:8080
// Get key value
$ consul kv get redis/config/minconns
// Insert a key value paris
$ consul kv put redis/config/minconns 1
$ consul kv put redis/config/maxconns 25
// Get single key value
$ consul kv get redis/config/minconns
// Get key value recursively
$ consul kv get -recurse
72. // update
$ consul kv put redis/config/minconns 9
$ consul kv get redis/config/minconns
// delete
$ consul kv delete redis/config/minconns
$ consul kv delete -recurse redis
Delete commands is dangerous check your ACL configruation before go live
73. ● Service Definition
○ Using statis service difinition files
● HTTP API
○ Using Consul command or HTTP API
CH02 Play with Consul: Registering Service
74. // terminal 1
// exit the previous consul process
$ cd ../lab02
$ consul agent -dev -ui -http-port 8080 -config-dir=conf.d
Launch Consul Again
84. // terminal 2
$ cd consul-workshop/lab02/
$ export CONSUL_HTTP_ADDR=http://localhost:8080
$ curl --request PUT --data @webapi.json
${CONSUL_HTTP_ADDR}/v1/agent/service/register
Launch Consul Again
87. Service health check
Critical component of service discovery that prevent using services that are
unhealthy.
Two approach to register check:
● Check difination files
● HTTP API
Unhealth
● exit code > 0
88. Launch Consul service and try get service via Consul HTTP API
// terminal 1
// exit the previous consul process
$ cd ../lab03
$ consul agent -dev -ui -http-port 8080 -enable-script-checks -config-dir=./
// terminal 2
$ cd ../lab03
$ export CONSUL_HTTP_ADDR=http://localhost:8080
$ curl $CONSUL_HTTP_ADDR/v1/health/state/critical
$ dig @127.0.0.1 -p 8600 web.service.consul SRV
98. ● Client passive (Pull)
○ Simpler
○ Bottleneck in the server
● Client active (Push)
○ Faster
Service health check: Push v.s Pull
99. ● KV
○ Key value store
○ Used to hold dynamic configuration
● Registering service
○ Static
○ Dynamic
● Health check
○ Consul helps you to check internal/external services
○ Push / Pull mode
Summary
102. Server
- bootstrap-expect: the number of expected servers in the datacenter
- ui: Enables the built-in web UI server and the required HTTP routes.
- client: The address to which Consul will bind client interfaces, including the HTTP and DNS
servers.
- node: The name of this node in the cluster.
Client
- join: Address of another agent to join upon starting up.
103. // terminal 1
// exit the previous consul process
$ cd ../lab04
$ docker-compose up -d
Using docker-compose to launch 1 Consul Server + 1 Consul Client
104. // terminal 2
// go into the Docker instance
$ docker exec -it consul-client sh
// get Consul Cluster information via local Consul agent
# consul members
109. // terminal 1
$ cd ../lab05
$ docker-compose up -d
Using docker-compose to launch 1 Consul Server + 3 Consul Clients + 2 webs
110.
111.
112. // terminal 2
// go into the Docker instance
$ docker exec -it consul-client3 sh
// get Consul Cluster via local Consul agent
# consul members
// get service information via HTTP API
# curl -G localhost:8500/v1/catalog/service/web | jq
113. // Get VIP instances
# curl -G localhost:8500/v1/catalog/service/web
--data-urlencode 'filter="VIP" in ServiceTags' | jq
// Get Normal instances
# curl -G localhost:8500/v1/catalog/service/web
--data-urlencode 'filter="Normal" in ServiceTags' | jq
126. ● Is Consul Stable?
● Monitoring Consul Cluster
● How to discover the service discovery system?
● How to push in the company?
● Production checklist
CH03 Go Live
127. ● Is Consul Stable?
● Monitoring Consul Cluster
● How to discover the service discovery service?
● How legacy service use it?
● Production checklist
CH03 Go Live
133. ● Is Consul Stable?
● Monitoring Consul Cluster
● How to discover the service discovery service?
● How legacy service use it?
● Production checklist
CH03 Go Live
140. ● Is Consul Stable?
● Monoriting Consul Cluster
● How to discover the service discovery service?
● How legacy service use it?
● Production checklist
CH03 Go Live
143. Environment 1
AM
CI Server
0. Build Code
CMService B
Environment 2
CMService B
Configuration
(Git)
0. Build Configuration
144. Environment 1
AM
CI Server
CMService B
Environment 2
CMService B
Configuration
(Git)
1. Get Instance Metadata
Version, AM URL, CM URL
Version, AM URL, CM URL
1. Get Instance Metadata
147. Environment 1
AM
CI Server
0. Build Code
CMService B 3. Get Configuration
Environment 2
CMService B 3. Get Configuration
Configuration
(Git)
0. Build Configuration
1. Get Instance Metadata
Version, AM URL, CM URL
Version, AM URL, CM URL
2. Get Artifact
1. Get Instance Metadata
2. Get Artifact
148. ● Run Consul Client (Join Consul Cluster)
● Get Service Name, Service Version, Artifacts Url, Market and Environment
● Get Artifacts
● Get Confugration
● Run Service
Service Provisioning
149. ● Is Consul Stable?
● Monitoring Consul Cluster
● How to discover the service discovery service?
● How legacy service use Consul?
● Production checklist
CH03 Go Live
151. Consul Template
This project provides a convenient way to populate values from Consul into the file
system using the consul-template daemon.
https://github.com/hashicorp/consul-template
152.
153. // check all terminals change dir to lab07
$ cd ../lab07
// in terminal 1
$ docker-compose up -d
// in termianl 2
$ curl localhost:8081
154. // in termianl 2
// launch consul template, it will regenerator nginx proxy, and you can
access web1, web2 now
$ consul-template -template
"./nginx-config-template/upstream.tpl:./nginx-config/upstream.conf:docker restart proxy"
// in termianl 3
$ curl localhost:8081
$ docker stop web2
$ curl localhost:8081
155.
156. ● Is Consul Stable?
● Monoriting Consul Cluster
● How to discover the service discovery service?
● How legacy service use Consul?
● Production checklist
CH03 Go Live
157. CH03 Go Live: Production checklist
● Networking
○ Port. Like: DNS Server, HTTP API, Serf, Gossip
○ DNS Configuration
■ https://learn.hashicorp.com/consul/security-networking/forwarding
■ https://learn.hashicorp.com/consul/security-networking/dns-caching
● Consul Servers Deployment
○ Consul Binary
○ Configuration
○ Telemerty configured
● Consul Clients Deployment
○ Sidecar or not?
○ External Service Monitor has been deployed to nodes that can not run a Consul client
158. ● Security
○ Encription of Communication
○ Enable ACLs
○ Setup a Certificate Authority
● Failure Recovery
CH03 Go Live: Production checklist
159. CH01 Why Configuration Management?
● Morden app are smaller, compostable & portable
● More fixable service management
● Single code base multiple deployment
● External services are unstable
Summary
160. CH02 Play With Consul
● KV
○ Key value store
○ Used to hold dynamic configuration
● Registering service
○ Static
○ Dynamic
● Health check
○ Consul helps you to check internal/external services
○ Push / Pull mode
● Building Consul cluster
Summary
161. CH03 Go Live
● Is Consul Stable?
● Monitoring Consul Cluster
● How to discover the service discovery service?
● How legacy service use Consul?
● Production checklist
Summary
164. ● Remember to delete your Cloud9 instance & Admin IAM Role
● CloudWatch Log will delete automatically after 2 weeks
Clean Up
165. ● 91APP
○ Andrew Wu
○ Rick Hwang
○ Earou Huang
○ Infra & Common Service Team Members
● DevOps Taiwan & Taipei HashiCorp User Group
○ Cheng Wei Chen
○ Smalltown
○ Rico Chen
● AWS
○ Carol Chen
● eCloudvalley Technology
Thank you sooooooooooooooo much