Consul Service Registration Discovery and Fabio Reverse proxy

Consul

Consul is a registered and discovered service and supports health checks

Binary installation

Https://releases.hashicorp.com/consul/1.2.2/consul_1.2.2_linux_amd64.zip
Download and unzip, then copy the binary file to/usr/local/bin

Start consul

Development Mode Start consul
consul agent -dev -config-dir=/etc/consul -bind=0.0.0.0 -client=0.0.0.0

Parameter description

agent -- 使用agent模式跑起来-dev -- 使用开发模式启动agent-config-dir -- 配置文件目录, 这里存放json文件以文件的形式注册服务-bind=0.0.0.0 -- 绑定集群通讯的ip地址, 默认是127.0.0.1-client=0.0.0.0 -- 绑定客户端API,DNS等服务监听的地址, 默认是127.0.0.1

Consul Master configuration file

/etc/consul/config.json

{    "acl_agent_token": "c3591489-a756-019a-e97f-87f867ece12c",     "acl_datacenter": "aliyun", # 数据中心名称    "acl_default_policy": "deny", # acl默认策略    "acl_master_token": "5d79de96-106f-11e7-9381-005056abff5a",    "bootstrap_expect": 2,    "client_addr": "0.0.0.0",    "data_dir": "/opt/consul",    "datacenter": "aliyun",    "dns_config": { # DNS发现功能的配置        "allow_stale": true,        "enable_truncate": true,        "node_ttl": "60s",        "service_ttl": {            "*": "5s"        }    },    "enable_script_checks": true, # 允许服务使用脚本进行健康检查    "encrypt": "NnKESxGToysca68P7FM2sA==", # consul的server和client通信秘钥 使用consul keygen创建, 不管server还是client都要这个参数和相同的值    "log_level": "INFO", # 日志记录模式    "node_name": "monitor", # 本节点名称    "server": true # consul以server模式启动}

Most of the configuration parameters of Consul can be used in both startup and Config.json ways
See document Https://www.consul.io/docs/agent/options.html

Service Registration JSON Configuration Web.json

{    "service": {        "checks": [ # 健康检查配置            {                "tcp": ":80", # 检查模式, tcp, http, https, script几种模式, :80表示访问本机任何ip的80端口                "interval": "5s",                "timeout": "1s"            }        ],        "id": "web-1", # 服务id        "name": "web-1", # 服务名称        "port": 80 , # 服务端口        "tags": [ # 标签            "urlprefix-/web" # 给fabio使用的标签, 后面会详细说        ]    }}

Consul Listening port

协议 端口tcp 8300 -- 服务器节点与集群通讯tcp 8301 Cluster LAN -- 集群sever间通信udp 8301 Cluster LAN -- 集群sever间通信tcp 8302 Cluster WAN -- 集群sever间通信udp 8302 Cluster WAN -- 集群sever间通信tcp 8500 Client HTTP Server -- 节点对外HTTP服务tcp 8600 Client DNS Server(TCP) -- 节点对外DSN服务udp 8600 Client DNS Server(UDP) -- 节点对外DNS服务

These ports can be modified in either the Config.json or the boot parameters

UI Interface for consul

Http://x.x.x.x:/8500/ui can enter the UI interface

Image.png

Service Health Check

Common HTTP, script, TCP, and so on, the same service can have a variety of inspection methods, such as:

{  "checks": [    {      "id": "chk1",      "name": "mem",      "args": ["/bin/check_mem", "-limit", "256MB"], # 带参数的script类型检查      "interval": "5s",      "timeout": "1s"    },    {      "id": "chk2",      "name": "/health",      "http": "http://localhost:5000/health", # http类型检查      "tls_skip_verify": false,      "method": "POST",      "header": {"x-foo":["bar", "baz"]},      "interval": "15s",      "timeout": "1s"    },    {      "id": "chk3",      "name": "cpu",      "script": "/bin/check_cpu", # 不带参数的script检查      "interval": "10s"    },    ...  ]}

More health check methods and parameters see official documentation
Https://www.consul.io/docs/agent/checks.html

Consulapi

See Official Document Https://www.consul.io/api/agent.html

Consul cluster configuration

Fabio Reverse Proxy

Fabio is a reverse proxy server for Consul, which supports load balancing, HTTP, HTTPS, TCP, and so on. You can think of it as Nginx, unlike Nginx, Fabio can automatically forward requests based on the tag of the consul service.

Installing Fabio

First you need to install GIT and go environment using Yum installation
# yum -y install git golang

Get Fabio
# go get github.com/eBay/fabio

Copy Fabio binary file to bin directory
# cp go/bin/fabio /usr/local/bin/

Copy configuration files to etc directory
# cp go/src/github.com/eBay/fabio/fabio.properties /etc/

/etc/fabio.properties Common Configurations

proxy.addr = :9999 # fabio代理监听端口proxy.localip = # 代理监听的本地ip地址, 默认是空也就是0.0.0.0proxy.strategy = rnd # 代理策略 rr(轮训)和rnd(基于微秒时间随机分配)proxy.matcher = prefix # fabio反代请求给consul的匹配方式, prefix是使用uri前缀匹配, glob是使用通配符匹配(通配符不是正则表达式哦, 虽然有些相通)proxy.maxconn = 10000 # 缓存的连接数registry.consul.addr = localhost:8500 # fabio 去个consul服务注册自己? 一般指定任意一个client的8500端口即可registry.consul.token = # fabio去consul注册自己时, 需要使用的token(当consul启用了acl才需要)registry.consul.kvpath = /fabio/config # fabio在consul的k/v数据库中写入数据的路径# fabio转发请求到consul时, 如果使用prefix策略, 则需要指定前缀是啥# 比如 当请求fabio地址http://fabio_ip:9999/urlprefix-/webService # fabio将会把请求转发到consul中tag为"urlprefix-/webService"的服务# 也就是说"urlprefix-"是fabio和consule服务注册者在consul注册服务打标签时约定的标签前缀registry.consul.tagprefix = urlprefix-

Fabio also has a lot of parameters about the anti-generation, such as the proxy HTTPS use of the certificate, HTTP header modification and so on configuration, see the official documentation for details https://fabiolb.net/ref/

Custom Proxy Routing

Fabio will automatically forward requests to Consul by default in accordance with the Proxy.matcher configuration, and of course can be customized to forward the route

How do I configure a custom forwarding routing rule?
Login to Consul UI interface, create in Key/value
Key:
fabio/config
Value:
route add serviceName1 /abc http://192.168.1.1/
As shown

New Custom Forwarding route

Routed rule syntax for forwarding see official documentation
https://fabiolb.net/cfg/

View Fabio Routing Table
Http://fabio_ip:9998/routes

Fabio routing table: where 1th is Fabio Auto-forwarded route, and 2nd is our custom routing rule

Routing has a variety of options, which should be noted in the Add route custom route or consul registration service

For example, Consul register the following services:

{    "service": {        "checks": [            {                "tcp": ":443",                "interval": "5s",                "timeout": "1s"            }        ],        "id": "web-2",        "name": "web-2",        "port": 443 ,        "tags": [            "urlprefix-/web2, proto=https, tlsskipverify=true"        ]    }}

Consul Registration service is defined if Fabio should tell Fabio what to do when forwarding the request to itself:

• urlprefix-/web2: Forward to Consul (i) when the user requests that the URI prefix of Fabio (you) is "/URLPREFIX-/WEB2" (note that the URLPREFIX-/WEB2 is not in front of the tag)
• proto=https: Consul (Me) this service is HTTPS
• tlsskipverify=true: Fabio (You) skip the certificate check when you visit the Consul (Me) service

For example, when a new route is added to Fabio:
route add web2 /web2 https://x.x.x.x:8080/ opts "proto=https, tlsskipverify=true"
This custom route is what Fabio tells itself when a request is matched to a URI of/web2, what should be the target of forwarding the request, and what parameters are required to forward to the target:

• Proto=https target is HTTPS protocol
• tlsskipverify=true when forwarding to target, ignore SSL certificate check for Target