领事+领事代理人

Question

通过启动consul节点和consul代理来帮助理解。 我有一个consul + vault + 2领事nodes的虚拟机。在VM 3 ip LAN中。 所有这些都在docker容器中。当我尝试从另一个虚拟机连接到这个领事。然后代理连接到第一个控制台，无法连接到领事的其他节点。

据我所知，我需要在单独的ip主机虚拟机上运行所有3个控制台节点，这些节点能够联系到他们的consul代理。只有这样做？

我使用此docker-compose启动consul + vault：

version: "2"
services:
  consul1:
    image: "consul.1.0.1"
    container_name: "consul12"
    hostname: "consul12"
    volumes:
     - ./consul/config:/config/
    ports:
      - "8400:8400"
      - "8500:8500"
      - "8600:53"
      - "8300:8300"
      - "8301:8301"
    command: "agent -config-dir=/config -ui -server -bootstrap-expect 3"
  consul2:
    image: "consul.1.0.1"
    container_name: "consul2"do
    hostname: "consul2"
    volumes:
     - ./consul/config:/config/
    expose:
      - "8400"
      - "8500"
      - "8600"
      - "8300"
      - "8301"
    command: "agent -config-dir=/config -server -join consul1"
    depends_on:
      - consul1
  consul3:
    image: "consul.1.0.1"
    container_name: "consul3"
    hostname: "consul3"
    volumes:
     - ./consul/config:/config/
    expose:
      - "8400"
      - "8500"
      - "8600"
      - "8300"
    command: "agent -config-dir=/config -server -join consul1"
    depends_on:
      - consul1
  vault:
    depends_on:
      - consul1
    image: "vault"
    hostname: "vault"
    links:
      - "consul1:consul1"
    environment:
      VAULT_ADDR: http://127.0.0.1:8200
    ports:
      - "8200:8200"
    volumes:
      - ./vault/tools/wait-for-it.sh:/wait-for-it.sh
      - ./vault/config/vault:/config
      - ./vault/config/vault/policies:/policies
    entrypoint: /wait-for-it.sh -t 20 -h consul1 -p 8500 -s -- vault server -config=/config/with-consul.hcl

和领事设置：

{
"data_dir": "/data",
"client_addr": "0.0.0.0",
"ports": {
    "dns": 53
},
"disable_update_check": true,
"addresses": {
    "https": "0.0.0.0"
  }
}

Answer 1

首先尝试使用单个consul实例运行并首先使其工作。默认情况下，docker consul将以dev模式运行 - 没有“bootstrap = 3” - 其中一对一端口映射完成（即单个docker vm到主机端口，而不是consul2，consul3）：

“8400：8400” “8500：8500” “8600：53” “8300：8300” “8301：8301”

Answer 2

我不认为默认情况下，领事会以@damobrisbane提到的开发模式运行。

不确定是否显示服务器或客户端代理的领事设置，但请尝试以下操作： 指明 server: true

使用 retry_join -代替join。

也请查看this链接以获取领事引导程序指南。

Answer 3

我做了这个docker-compose.yml，它可以工作。

version: '3'

services:
  consul_master: 
    image: consul
    environment:
      - CONSUL_LOCAL_CONFIG={"datacenter":"dc_local_001", "server":true,"ui":true,"enable_debug":true,"disable_update_check":true,"primary_datacenter":"dc_local_001","acl":{"enabled":false,"default_policy":"deny","down_policy":"extend-cache", "tokens":{"agent":""}}}
      - CONSUL_BIND_INTERFACE=eth0
    hostname: "consul1"
    ports:
      - "8301:8301"
      - "8400:8400"
      - "8500:8500"
      - "8600:53/udp"
    command: "agent -server -bootstrap -ui -client=0.0.0.0 -bind='{{ GetInterfaceIP \"eth0\" }}'"

  consul_client:
    image: consul
    links:
      - consul_master
    environment:
      - CONSUL_LOCAL_CONFIG={"leave_on_terminate":true, "datacenter":"dc_local_001"}
    depends_on:
      - consul_master
    command: "agent -server -retry-join=consul_master"

如有任何疑问，请写信给我！