Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
HashiCorp Consul Workshop: 管管你們家 config 啦
Levi Chen 20190727
Levi Chen
Software Engineer in Common Service Team @ 91APP
Contact Me @
● FB: https://www.facebook.com/ChenJiunYi
● Blog: ...
How many services do you have?
How do you manage your configuration?
Outline
CH00 Environment SetUp
CH01 Why Configuration Management?
CH02 Play with Consul
CH03 Go Live
Outline
CH00 Environment SetUp
CH01 Why Configuration Management?
CH02 Play with Consul
CH03 Go Live
The Following Installation guild fom:
https://github.com/pahud/amazon-eks-workshop
Step 1. Choose region: us-west-2
Step 2. Spin up your Cloud9 IDE from AWS console
Step 3. Create and name your environment
Step 4. Choose Ubuntu Server 18.04 LTS
Step 5. Click create environment
(It would typically take 30-60 seconds to create your Cloud9 IDE)
Step6. Create a IAM Role which has AdministratorAccess permission
(If you already have it, please skip it to Step 11)
Step7. Create a IAM Role
Step8. Choose EC2
Step9. Attach AdministratorAccess Policy
Step10. Click Next, Next, Next to create to an Admin IAM Role
Step 11. Turn off the Cloud9 temporarily provided IAM credentials
Step 12. After turn off the temporary credentials, you should get this error message
Step 13. Find Cloud9 EC2 on AWS Console
Step 14. Right click the EC2 then attach Admin IAM Role to EC2
Step 15. Run aws sts get-caller-identity - you should be able to see the returned JSON
output like this.
$ git clone https://github.com/levichen/consul-workshop
$ cd consul-workshop/lab00
$ sudo ./00_install.sh
$ ./01_test.sh
S...
// comment
$ ----> execute in Cloud9
# ----> execute in Container
Command types
Outline
CH00 Environment SetUp
CH01 Why Configuration Management?
CH02 Play with Consul
CH03 Go Live
CH01 Why Configuration Management?
● Morden app are smaller, compostable & portable
● More fixable service management
● Sin...
DevOpsDays Taipei 2018 - https://s.itho.me/devopsdays/2018/0911tracka-3.pdf
https://www.nginx.com/blog/nginmesh-nginx-as-a-proxy-in-an-istio-service-mesh/
https://www.nginx.com/blog/nginmesh-nginx-as-a-proxy-in-an-istio-service-mesh/
E = Number of Environments
N = Number of Services
M = Number of Instances
The Deployment Complexity = E * N * M
CH01 Why Configuration Management?
● Morden app are smaller, compostable & portable
● More fixable service management
● Sin...
The Server-Side Service Disvoery
How many Domain Name you need to configure,
if you want to build a environment?
Environment 1
A
B
C
D
E
a.environment1.com
b.environment1.com
c.environment1.com
d.environment1.com
e.environment1.com
Env...
The Client-Side Service Disvoery
Server Side Service Discovery: Pull
Client Side Service Discovery: Push
cm.environment2.com
Environment 1
A
B
C D
E
cm.environment1.com
CM
Environment 2
A
B
C D
ECM
Multiple talents infrastructure in client side service discovery
VIP
VIP
Normal
ClientA
ClientB
Shared
Users
a.client.service.com
b.client.service.com
shared.client.service.com
Multiple talents infrastr...
CH01 Why Configuration Management?
● Morden app are smaller, compostable & portable
● More fixable service management
● Sin...
In trandiational way
Environment 1
Service A
CD Server
1. Build
2. Deploy
Environment 1
Service A
CD Server
1. Build
2. Deploy
Environment 2
Service A
CD Server
1. Build
2. Deploy
Too many CD Servers, and hard to scale
In a better way
Environment 1
AM
CI Server
1. Build Code
CMService B 3. Get Configuration
2. Get Artifact
Environment 2
CMService B 3. Get...
CH01 Why Configuration Management?
● Morden app are smaller, compostable & portable
● More fixable service management
● Sin...
A
B
C
SMS #1
A
B
C
SMS #1
A
B
C
SMS #1
SMS #2
You need to deploy all of your services
A
B
C
SMS #1
SMS #2
What can CM do?
CM
A
B
C
SMS #1
SMS #2
health check for SMS #1, SMS #1
CM
Health Host : #1, #2
A
B
C
SMS #1
SMS #2
Service A, B, C get healthy hosts list
CMGet Configuration
Health Host : #1, #2
A
B
C
SMS #1
SMS #2
Send to SMS #1
CM
Health Host : #1, #2
A
B
C
SMS #1
SMS #2
When SMS #1 crash
CM
Health Host : #1, #2
A
B
C
SMS #1
SMS #2
CM will know it in short time (depends on your health check interval)
CM
Health Host : #2
A
B
C
SMS #1
SMS #2
Only get SMS #2
CMGet Configuration
Health Host : #2
A
B
C
SMS #1
SMS #2
Send to SMS #2 without any deployment
CM
Health Host : #2
We need
● Configuration store
● Service discovery
● Health check
Consul is a service networking solution to connect and secure services across any
runtime platform and public or private c...
Outline
CH00 Environment SetUp
CH01 Why Configuration Management?
CH02 Play with Consul
CH03 Go Live
CH02 Play with Consul
● KV
● Registering service
● Health check
● Building Consul cluster
EC2
Consul
Process
eth0
HTTP 8080
8080
For lab01, lab02
Consul
Binrary
Please launch two terminals on Cloud9
Terminal 1 For starting Consul
Terminal 2 For executing commands
// terminal 1
$ consul agent -dev -ui -http-port 8080
// terminal 2
$ export CONSUL_HTTP_ADDR=http://localhost:8080
$ cons...
Get Consul UI
Pop out into new window
Consul UI
CH02 Play with Consul: KV
● Key value store
● Used to hold dynamic configuration
// In terminal 2
$ export CONSUL_HTTP_ADDR=http://localhost:8080
// Get key value
$ consul kv get redis/config/minconns
// ...
KV on Consul UI
// update
$ consul kv put redis/config/minconns 9
$ consul kv get redis/config/minconns
// delete
$ consul kv delete redis/c...
● Service Definition
○ Using statis service difinition files
● HTTP API
○ Using Consul command or HTTP API
CH02 Play with Con...
// terminal 1
// exit the previous consul process
$ cd ../lab02
$ consul agent -dev -ui -http-port 8080 -config-dir=conf.d
...
Check Service Status on Consul UI
Service Definition File
Querying Service via DNS
// terminal 2
$ dig @127.0.0.1 -p 8600 web.service.consul
Querying Service via HTTP API
// terminal 2
$ export CONSUL_HTTP_ADDR=http://localhost:8080
$ curl $CONSUL_HTTP_ADDR/v1/ca...
Register by HTTP API
Service Definition File
// terminal 2
$ cd consul-workshop/lab02/
$ export CONSUL_HTTP_ADDR=http://localhost:8080
$ curl --request PUT --data @web...
Check Service Status on Consul UI
Querying Service
// terminal 2
$ dig @127.0.0.1 -p 8600 webapi.service.consul SRV
$ curl $CONSUL_HTTP_ADDR/v1/catalog/serv...
Service health check
Critical component of service discovery that prevent using services that are
unhealthy.
Two approach ...
Launch Consul service and try get service via Consul HTTP API
// terminal 1
// exit the previous consul process
$ cd ../la...
Check Google (external) status every 30 seconds via ping
There are to check checks in this nodes
Check local service status every 10 seconds via curl
Web
Pull mode health check
CM
Push mode: Service needs to send heartbeat every 20 seconds
// terminal 2
$ export CONSUL_HTTP_ADDR=http://localhost:8080
$ curl $CONSUL_HTTP_ADDR/v1/health/state/critical
// send a ...
Web
Push mode health check
CM
● Client passive (Pull)
○ Simpler
○ Bottleneck in the server
● Client active (Push)
○ Faster
Service health check: Push v....
● KV
○ Key value store
○ Used to hold dynamic configuration
● Registering service
○ Static
○ Dynamic
● Health check
○ Consu...
Consul Cluster
Server
(Follower)
Server
(Leader)
Server
(Follower)
GOSSIP
Replication
Leader
Forwarding
Replication
Client...
EC2
Docker Network
Consul
Server
Consul
Client
eth0
8080
8080
Server
- bootstrap-expect: the number of expected servers in the datacenter
- ui: Enables the built-in web UI server and t...
// terminal 1
// exit the previous consul process
$ cd ../lab04
$ docker-compose up -d
Using docker-compose to launch 1 Co...
// terminal 2
// go into the Docker instance
$ docker exec -it consul-client sh
// get Consul Cluster information via loca...
// terminal 1
$ docker-compose down
Exit Docker Compose
Querying Service in Cluster
● 1 Consul Server
● 3 Consul Clients
● 1 Service with 2 nodes
EC2
Docker Network
Consul
Server
Consul
Client1
eth0
8080
8080
Web1
Consul
Client2
Web2
Consul
Client3
// terminal 1
$ cd ../lab05
$ docker-compose up -d
Using docker-compose to launch 1 Consul Server + 3 Consul Clients + 2 w...
// terminal 2
// go into the Docker instance
$ docker exec -it consul-client3 sh
// get Consul Cluster via local Consul ag...
// Get VIP instances
# curl -G localhost:8500/v1/catalog/service/web 
--data-urlencode 'filter="VIP" in ServiceTags' | jq
/...
// Get Passing checks
# curl -G localhost:8500/v1/health/checks/web 
--data-urlencode 'filter=Status == "passing"' | jq
// ...
EC2
Docker Network
Consul
Server
Consul
Client1
eth0
8080
8080
Web1
Consul
Client2
Web2
Consul
Client3
// Launch 3rd terminal to stop web2
$ docker stop web2
// terminal 2
// Check web status in consul-client3
# curl -G local...
// terminal 3
$ docker start web2
// terminal 2
// check web status in consul-client3
# curl -G localhost:8500/v1/health/c...
// terminal 3
$ docker stop consul-client2
// terminal 2
// check web status in consul-client3
# curl -G localhost:8500/v1...
What is wrong?
// terminal 3
$ docker logs consul-server
Consul Graceful shutdown
// terminal 3
$ docker start consul-client2
// terminal 1
$ docker-compose down
VM1
Consul
Client1
8080
Web1
Server
(Follower)
Server
(Leader)
Server
(Follower)
VM2
Consul
Client2
Web2
VM3
Consul
Client...
Outline
CH00 Environment SetUp
CH01 Why Configuration Management?
CH02 Play with Consul
CH03 Go Live
● Is Consul Stable?
● Monitoring Consul Cluster
● How to discover the service discovery system?
● How to push in the compa...
● Is Consul Stable?
● Monitoring Consul Cluster
● How to discover the service discovery service?
● How legacy service use ...
Server
(Follower)
Server
(Leader)
Server
(Follower)
GOSSIP
Replication
Leader
Forwarding
Replication
Client Client Client
...
Server
(Leader)
Server
(Follower)
GOSSIP
Replication
Client Client Client
RPC
Leader
Forwarding
GOSSIP
RPCGOSSIP
Consul Cl...
Consul Cluster Availability: Multiple AZ deployment
Performance tuning depending on your requirements
Ref: https://www.consul.io/docs/install/performance.html
VM1
Consul
Client1
8080
Web1
Server
(Follower)
Server
(Leader)
Server
(Follower)
VM2
Consul
Client2
Web2
VM3
Consul
Client...
● Is Consul Stable?
● Monitoring Consul Cluster
● How to discover the service discovery service?
● How legacy service use ...
Monitoring Consul Cluster
HashiCorp Vault Workshop:幫 Credentials 找個窩
Ref: https://www.slideshare.net/smalltown20110306/hashicorp-vault-workshop-cred...
● CloudWatch Agent + StatsD
● Do not need to maintain log service
Monitoring Consul Cluster
VM1 VM2 VM3
Shipping Consul metrics to CloudWatch
8080
Server
(Follower)
Server
(Leader)
Server
(Follower)
AWS
CloudWatch
...
// terminal 1
$ cd ../lab06
$ sudo dpkg -i -E amazon-cloudwatch-agent.deb
$ sudo cp amazon-cloudwatch-agent.json
/opt/aws/...
After 15 mins ...
● Is Consul Stable?
● Monoriting Consul Cluster
● How to discover the service discovery service?
● How legacy service use ...
Ref: https://www.slideshare.net/AmazonWebServices/leveraging-elastic-webscale-computing-with-aws
Put bootstring configuration on AWS EC2 tags
Environment 1
AM
CI Server
0. Build Code
CMService B
Environment 2
CMService B
Configuration
(Git)
0. Build Configuration
Environment 1
AM
CI Server
CMService B
Environment 2
CMService B
Configuration
(Git)
1. Get Instance Metadata
Version, AM ...
Environment 1
AM
CI Server
CMService B
Environment 2
CMService B
Configuration
(Git)
2. Get Artifact
2. Get Artifact
Environment 1
AM
CI Server
CMService B 3. Get Configuration
Environment 2
CMService B 3. Get Configuration
Configuration
(...
Environment 1
AM
CI Server
0. Build Code
CMService B 3. Get Configuration
Environment 2
CMService B 3. Get Configuration
C...
● Run Consul Client (Join Consul Cluster)
● Get Service Name, Service Version, Artifacts Url, Market and Environment
● Get...
● Is Consul Stable?
● Monitoring Consul Cluster
● How to discover the service discovery service?
● How legacy service use ...
EC2
Docker Network
Consul
Server
Consul
Client1
eth0
8080
8080
Web1
Consul
Client2
Web2 Proxy
8081
8081
Consul
Template
Consul Template
This project provides a convenient way to populate values from Consul into the file
system using the consul...
// check all terminals change dir to lab07
$ cd ../lab07
// in terminal 1
$ docker-compose up -d
// in termianl 2
$ curl l...
// in termianl 2
// launch consul template, it will regenerator nginx proxy, and you can
access web1, web2 now
$ consul-te...
● Is Consul Stable?
● Monoriting Consul Cluster
● How to discover the service discovery service?
● How legacy service use ...
CH03 Go Live: Production checklist
● Networking
○ Port. Like: DNS Server, HTTP API, Serf, Gossip
○ DNS Configuration
■ http...
● Security
○ Encription of Communication
○ Enable ACLs
○ Setup a Certificate Authority
● Failure Recovery
CH03 Go Live: Pro...
CH01 Why Configuration Management?
● Morden app are smaller, compostable & portable
● More fixable service management
● Sing...
CH02 Play With Consul
● KV
○ Key value store
○ Used to hold dynamic configuration
● Registering service
○ Static
○ Dynamic
...
CH03 Go Live
● Is Consul Stable?
● Monitoring Consul Cluster
● How to discover the service discovery service?
● How legacy...
https://www.104.com.tw/company/1a2x6bio5g
Questions?
● Remember to delete your Cloud9 instance & Admin IAM Role
● CloudWatch Log will delete automatically after 2 weeks
Clean ...
● 91APP
○ Andrew Wu
○ Rick Hwang
○ Earou Huang
○ Infra & Common Service Team Members
● DevOps Taiwan & Taipei HashiCorp Us...
Thanks
20190727 HashiCorp Consul Workshop: 管管你們家 config 啦
20190727 HashiCorp Consul Workshop: 管管你們家 config 啦
20190727 HashiCorp Consul Workshop: 管管你們家 config 啦
20190727 HashiCorp Consul Workshop: 管管你們家 config 啦
20190727 HashiCorp Consul Workshop: 管管你們家 config 啦
20190727 HashiCorp Consul Workshop: 管管你們家 config 啦
20190727 HashiCorp Consul Workshop: 管管你們家 config 啦
20190727 HashiCorp Consul Workshop: 管管你們家 config 啦
20190727 HashiCorp Consul Workshop: 管管你們家 config 啦
20190727 HashiCorp Consul Workshop: 管管你們家 config 啦
20190727 HashiCorp Consul Workshop: 管管你們家 config 啦
20190727 HashiCorp Consul Workshop: 管管你們家 config 啦
Upcoming SlideShare
Loading in …5
×

of

20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 1 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 2 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 3 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 4 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 5 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 6 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 7 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 8 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 9 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 10 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 11 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 12 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 13 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 14 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 15 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 16 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 17 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 18 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 19 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 20 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 21 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 22 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 23 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 24 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 25 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 26 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 27 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 28 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 29 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 30 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 31 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 32 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 33 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 34 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 35 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 36 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 37 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 38 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 39 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 40 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 41 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 42 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 43 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 44 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 45 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 46 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 47 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 48 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 49 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 50 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 51 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 52 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 53 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 54 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 55 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 56 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 57 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 58 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 59 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 60 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 61 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 62 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 63 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 64 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 65 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 66 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 67 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 68 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 69 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 70 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 71 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 72 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 73 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 74 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 75 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 76 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 77 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 78 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 79 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 80 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 81 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 82 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 83 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 84 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 85 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 86 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 87 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 88 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 89 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 90 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 91 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 92 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 93 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 94 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 95 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 96 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 97 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 98 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 99 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 100 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 101 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 102 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 103 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 104 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 105 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 106 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 107 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 108 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 109 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 110 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 111 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 112 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 113 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 114 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 115 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 116 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 117 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 118 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 119 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 120 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 121 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 122 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 123 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 124 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 125 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 126 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 127 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 128 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 129 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 130 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 131 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 132 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 133 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 134 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 135 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 136 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 137 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 138 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 139 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 140 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 141 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 142 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 143 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 144 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 145 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 146 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 147 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 148 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 149 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 150 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 151 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 152 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 153 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 154 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 155 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 156 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 157 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 158 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 159 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 160 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 161 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 162 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 163 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 164 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 165 20190727 HashiCorp Consul Workshop: 管管你們家 config 啦 Slide 166
Upcoming SlideShare
What to Upload to SlideShare
Next
Download to read offline and view in fullscreen.

7 Likes

Share

Download to read offline

20190727 HashiCorp Consul Workshop: 管管你們家 config 啦

Download to read offline

Hashicorp Consul 提供了相當豐富的 Service Mesh 功能,能夠替分散式服務快速地做服務發現、服務動態劃分和服務設定,Consul 也可以支援多種 runtime 平台,也和許多工具或雲服務商做很好的 Cloud-Native 整合。此 Workshop 主要分為幾個主軸:
- Why Configuration Management?
- Consul 基本使用操作: KV Store, Service Registering and Building a Consul Cluster
- 佈署 Consul 到 Production 環境前所需注意事項

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all

20190727 HashiCorp Consul Workshop: 管管你們家 config 啦

  1. 1. HashiCorp Consul Workshop: 管管你們家 config 啦 Levi Chen 20190727
  2. 2. Levi Chen Software Engineer in Common Service Team @ 91APP Contact Me @ ● FB: https://www.facebook.com/ChenJiunYi ● Blog: http://blog.levichen.tw/ About Me
  3. 3. How many services do you have? How do you manage your configuration?
  4. 4. Outline CH00 Environment SetUp CH01 Why Configuration Management? CH02 Play with Consul CH03 Go Live
  5. 5. Outline CH00 Environment SetUp CH01 Why Configuration Management? CH02 Play with Consul CH03 Go Live
  6. 6. The Following Installation guild fom: https://github.com/pahud/amazon-eks-workshop
  7. 7. Step 1. Choose region: us-west-2
  8. 8. Step 2. Spin up your Cloud9 IDE from AWS console
  9. 9. Step 3. Create and name your environment
  10. 10. Step 4. Choose Ubuntu Server 18.04 LTS
  11. 11. Step 5. Click create environment (It would typically take 30-60 seconds to create your Cloud9 IDE)
  12. 12. Step6. Create a IAM Role which has AdministratorAccess permission (If you already have it, please skip it to Step 11)
  13. 13. Step7. Create a IAM Role
  14. 14. Step8. Choose EC2
  15. 15. Step9. Attach AdministratorAccess Policy
  16. 16. Step10. Click Next, Next, Next to create to an Admin IAM Role
  17. 17. Step 11. Turn off the Cloud9 temporarily provided IAM credentials
  18. 18. Step 12. After turn off the temporary credentials, you should get this error message
  19. 19. Step 13. Find Cloud9 EC2 on AWS Console
  20. 20. Step 14. Right click the EC2 then attach Admin IAM Role to EC2
  21. 21. Step 15. Run aws sts get-caller-identity - you should be able to see the returned JSON output like this.
  22. 22. $ git clone https://github.com/levichen/consul-workshop $ cd consul-workshop/lab00 $ sudo ./00_install.sh $ ./01_test.sh Step 16. Download materials, install and confirm it ...
  23. 23. // comment $ ----> execute in Cloud9 # ----> execute in Container Command types
  24. 24. Outline CH00 Environment SetUp CH01 Why Configuration Management? CH02 Play with Consul CH03 Go Live
  25. 25. CH01 Why Configuration Management? ● Morden app are smaller, compostable & portable ● More fixable service management ● Single code base multiple deployment ● External services are unstable
  26. 26. DevOpsDays Taipei 2018 - https://s.itho.me/devopsdays/2018/0911tracka-3.pdf
  27. 27. https://www.nginx.com/blog/nginmesh-nginx-as-a-proxy-in-an-istio-service-mesh/
  28. 28. https://www.nginx.com/blog/nginmesh-nginx-as-a-proxy-in-an-istio-service-mesh/
  29. 29. E = Number of Environments N = Number of Services M = Number of Instances The Deployment Complexity = E * N * M
  30. 30. CH01 Why Configuration Management? ● Morden app are smaller, compostable & portable ● More fixable service management ● Single code base multiple deployment ● External services are unstable
  31. 31. The Server-Side Service Disvoery
  32. 32. How many Domain Name you need to configure, if you want to build a environment?
  33. 33. Environment 1 A B C D E a.environment1.com b.environment1.com c.environment1.com d.environment1.com e.environment1.com Environment 2 A B C D E a.environment2.com b.environment2.com c.environment2.com d.environment2.com e.environment2.com
  34. 34. The Client-Side Service Disvoery
  35. 35. Server Side Service Discovery: Pull Client Side Service Discovery: Push
  36. 36. cm.environment2.com Environment 1 A B C D E cm.environment1.com CM Environment 2 A B C D ECM
  37. 37. Multiple talents infrastructure in client side service discovery VIP VIP Normal
  38. 38. ClientA ClientB Shared Users a.client.service.com b.client.service.com shared.client.service.com Multiple talents infrastructure in server side service discovery
  39. 39. CH01 Why Configuration Management? ● Morden app are smaller, compostable & portable ● More fixable service management ● Single code base multiple deployment ● External services are unstable
  40. 40. In trandiational way
  41. 41. Environment 1 Service A CD Server 1. Build 2. Deploy
  42. 42. Environment 1 Service A CD Server 1. Build 2. Deploy Environment 2 Service A CD Server 1. Build 2. Deploy
  43. 43. Too many CD Servers, and hard to scale
  44. 44. In a better way
  45. 45. Environment 1 AM CI Server 1. Build Code CMService B 3. Get Configuration 2. Get Artifact Environment 2 CMService B 3. Get Configuration 2. Get Artifact Configuration (Git) 1. Build Configuration
  46. 46. CH01 Why Configuration Management? ● Morden app are smaller, compostable & portable ● More fixable service management ● Single code base multiple deployment ● External services are unstable
  47. 47. A B C SMS #1
  48. 48. A B C SMS #1
  49. 49. A B C SMS #1 SMS #2 You need to deploy all of your services
  50. 50. A B C SMS #1 SMS #2 What can CM do? CM
  51. 51. A B C SMS #1 SMS #2 health check for SMS #1, SMS #1 CM Health Host : #1, #2
  52. 52. A B C SMS #1 SMS #2 Service A, B, C get healthy hosts list CMGet Configuration Health Host : #1, #2
  53. 53. A B C SMS #1 SMS #2 Send to SMS #1 CM Health Host : #1, #2
  54. 54. A B C SMS #1 SMS #2 When SMS #1 crash CM Health Host : #1, #2
  55. 55. A B C SMS #1 SMS #2 CM will know it in short time (depends on your health check interval) CM Health Host : #2
  56. 56. A B C SMS #1 SMS #2 Only get SMS #2 CMGet Configuration Health Host : #2
  57. 57. A B C SMS #1 SMS #2 Send to SMS #2 without any deployment CM Health Host : #2
  58. 58. We need ● Configuration store ● Service discovery ● Health check
  59. 59. Consul is a service networking solution to connect and secure services across any runtime platform and public or private cloud
  60. 60. Outline CH00 Environment SetUp CH01 Why Configuration Management? CH02 Play with Consul CH03 Go Live
  61. 61. CH02 Play with Consul ● KV ● Registering service ● Health check ● Building Consul cluster
  62. 62. EC2 Consul Process eth0 HTTP 8080 8080 For lab01, lab02 Consul Binrary
  63. 63. Please launch two terminals on Cloud9 Terminal 1 For starting Consul Terminal 2 For executing commands
  64. 64. // terminal 1 $ consul agent -dev -ui -http-port 8080 // terminal 2 $ export CONSUL_HTTP_ADDR=http://localhost:8080 $ consul members Launch Consul in Develop mode and check cluster members
  65. 65. Get Consul UI
  66. 66. Pop out into new window
  67. 67. Consul UI
  68. 68. CH02 Play with Consul: KV ● Key value store ● Used to hold dynamic configuration
  69. 69. // In terminal 2 $ export CONSUL_HTTP_ADDR=http://localhost:8080 // Get key value $ consul kv get redis/config/minconns // Insert a key value paris $ consul kv put redis/config/minconns 1 $ consul kv put redis/config/maxconns 25 // Get single key value $ consul kv get redis/config/minconns // Get key value recursively $ consul kv get -recurse
  70. 70. KV on Consul UI
  71. 71. // update $ consul kv put redis/config/minconns 9 $ consul kv get redis/config/minconns // delete $ consul kv delete redis/config/minconns $ consul kv delete -recurse redis Delete commands is dangerous check your ACL configruation before go live
  72. 72. ● Service Definition ○ Using statis service difinition files ● HTTP API ○ Using Consul command or HTTP API CH02 Play with Consul: Registering Service
  73. 73. // terminal 1 // exit the previous consul process $ cd ../lab02 $ consul agent -dev -ui -http-port 8080 -config-dir=conf.d Launch Consul Again
  74. 74. Check Service Status on Consul UI
  75. 75. Service Definition File
  76. 76. Querying Service via DNS // terminal 2 $ dig @127.0.0.1 -p 8600 web.service.consul
  77. 77. Querying Service via HTTP API // terminal 2 $ export CONSUL_HTTP_ADDR=http://localhost:8080 $ curl $CONSUL_HTTP_ADDR/v1/catalog/service/web
  78. 78. Register by HTTP API
  79. 79. Service Definition File
  80. 80. // terminal 2 $ cd consul-workshop/lab02/ $ export CONSUL_HTTP_ADDR=http://localhost:8080 $ curl --request PUT --data @webapi.json ${CONSUL_HTTP_ADDR}/v1/agent/service/register Launch Consul Again
  81. 81. Check Service Status on Consul UI
  82. 82. Querying Service // terminal 2 $ dig @127.0.0.1 -p 8600 webapi.service.consul SRV $ curl $CONSUL_HTTP_ADDR/v1/catalog/service/webapi
  83. 83. Service health check Critical component of service discovery that prevent using services that are unhealthy. Two approach to register check: ● Check difination files ● HTTP API Unhealth ● exit code > 0
  84. 84. Launch Consul service and try get service via Consul HTTP API // terminal 1 // exit the previous consul process $ cd ../lab03 $ consul agent -dev -ui -http-port 8080 -enable-script-checks -config-dir=./ // terminal 2 $ cd ../lab03 $ export CONSUL_HTTP_ADDR=http://localhost:8080 $ curl $CONSUL_HTTP_ADDR/v1/health/state/critical $ dig @127.0.0.1 -p 8600 web.service.consul SRV
  85. 85. Check Google (external) status every 30 seconds via ping
  86. 86. There are to check checks in this nodes
  87. 87. Check local service status every 10 seconds via curl
  88. 88. Web Pull mode health check CM
  89. 89. Push mode: Service needs to send heartbeat every 20 seconds
  90. 90. // terminal 2 $ export CONSUL_HTTP_ADDR=http://localhost:8080 $ curl $CONSUL_HTTP_ADDR/v1/health/state/critical // send a heartbeat $ curl -X PUT $CONSUL_HTTP_ADDR/v1/agent/check/pass/service:Batch $ curl $CONSUL_HTTP_ADDR/v1/health/state/critical
  91. 91. Web Push mode health check CM
  92. 92. ● Client passive (Pull) ○ Simpler ○ Bottleneck in the server ● Client active (Push) ○ Faster Service health check: Push v.s Pull
  93. 93. ● KV ○ Key value store ○ Used to hold dynamic configuration ● Registering service ○ Static ○ Dynamic ● Health check ○ Consul helps you to check internal/external services ○ Push / Pull mode Summary
  94. 94. Consul Cluster Server (Follower) Server (Leader) Server (Follower) GOSSIP Replication Leader Forwarding Replication Client Client Client RPC Leader Forwarding GOSSIP RPCGOSSIP
  95. 95. EC2 Docker Network Consul Server Consul Client eth0 8080 8080
  96. 96. Server - bootstrap-expect: the number of expected servers in the datacenter - ui: Enables the built-in web UI server and the required HTTP routes. - client: The address to which Consul will bind client interfaces, including the HTTP and DNS servers. - node: The name of this node in the cluster. Client - join: Address of another agent to join upon starting up.
  97. 97. // terminal 1 // exit the previous consul process $ cd ../lab04 $ docker-compose up -d Using docker-compose to launch 1 Consul Server + 1 Consul Client
  98. 98. // terminal 2 // go into the Docker instance $ docker exec -it consul-client sh // get Consul Cluster information via local Consul agent # consul members
  99. 99. // terminal 1 $ docker-compose down Exit Docker Compose
  100. 100. Querying Service in Cluster ● 1 Consul Server ● 3 Consul Clients ● 1 Service with 2 nodes
  101. 101. EC2 Docker Network Consul Server Consul Client1 eth0 8080 8080 Web1 Consul Client2 Web2 Consul Client3
  102. 102. // terminal 1 $ cd ../lab05 $ docker-compose up -d Using docker-compose to launch 1 Consul Server + 3 Consul Clients + 2 webs
  103. 103. // terminal 2 // go into the Docker instance $ docker exec -it consul-client3 sh // get Consul Cluster via local Consul agent # consul members // get service information via HTTP API # curl -G localhost:8500/v1/catalog/service/web | jq
  104. 104. // Get VIP instances # curl -G localhost:8500/v1/catalog/service/web --data-urlencode 'filter="VIP" in ServiceTags' | jq // Get Normal instances # curl -G localhost:8500/v1/catalog/service/web --data-urlencode 'filter="Normal" in ServiceTags' | jq
  105. 105. // Get Passing checks # curl -G localhost:8500/v1/health/checks/web --data-urlencode 'filter=Status == "passing"' | jq // Get Critical checks # curl -G localhost:8500/v1/health/checks/web --data-urlencode 'filter=Status == "critical"' | jq
  106. 106. EC2 Docker Network Consul Server Consul Client1 eth0 8080 8080 Web1 Consul Client2 Web2 Consul Client3
  107. 107. // Launch 3rd terminal to stop web2 $ docker stop web2 // terminal 2 // Check web status in consul-client3 # curl -G localhost:8500/v1/health/checks/web --data-urlencode 'filter=Status == "passing"' | jq # curl -G localhost:8500/v1/health/checks/web --data-urlencode 'filter=Status == "critical"' | jq
  108. 108. // terminal 3 $ docker start web2 // terminal 2 // check web status in consul-client3 # curl -G localhost:8500/v1/health/checks/web --data-urlencode 'filter=Status == "passing"' | jq # curl -G localhost:8500/v1/health/checks/web --data-urlencode 'filter=Status == "critical"' | jq
  109. 109. // terminal 3 $ docker stop consul-client2 // terminal 2 // check web status in consul-client3 # curl -G localhost:8500/v1/health/checks/web --data-urlencode 'filter=Status == "passing"' | jq # curl -G localhost:8500/v1/health/checks/web --data-urlencode 'filter=Status == "critical"' | jq
  110. 110. What is wrong?
  111. 111. // terminal 3 $ docker logs consul-server Consul Graceful shutdown
  112. 112. // terminal 3 $ docker start consul-client2
  113. 113. // terminal 1 $ docker-compose down
  114. 114. VM1 Consul Client1 8080 Web1 Server (Follower) Server (Leader) Server (Follower) VM2 Consul Client2 Web2 VM3 Consul Client3 Service K Sidecar Pattern in Consul
  115. 115. Outline CH00 Environment SetUp CH01 Why Configuration Management? CH02 Play with Consul CH03 Go Live
  116. 116. ● Is Consul Stable? ● Monitoring Consul Cluster ● How to discover the service discovery system? ● How to push in the company? ● Production checklist CH03 Go Live
  117. 117. ● Is Consul Stable? ● Monitoring Consul Cluster ● How to discover the service discovery service? ● How legacy service use it? ● Production checklist CH03 Go Live
  118. 118. Server (Follower) Server (Leader) Server (Follower) GOSSIP Replication Leader Forwarding Replication Client Client Client RPC Leader Forwarding GOSSIP RPCGOSSIP Consul Cluster Availability
  119. 119. Server (Leader) Server (Follower) GOSSIP Replication Client Client Client RPC Leader Forwarding GOSSIP RPCGOSSIP Consul Cluster Availability, leader election
  120. 120. Consul Cluster Availability: Multiple AZ deployment
  121. 121. Performance tuning depending on your requirements Ref: https://www.consul.io/docs/install/performance.html
  122. 122. VM1 Consul Client1 8080 Web1 Server (Follower) Server (Leader) Server (Follower) VM2 Consul Client2 Web2 VM3 Consul Client3 Service K Developing a SDK for caching configuartion, prevent from calling Consul every time SDK SDK SDK Keep long pulling connection Keep long pulling connection Keep long pulling connection
  123. 123. ● Is Consul Stable? ● Monitoring Consul Cluster ● How to discover the service discovery service? ● How legacy service use it? ● Production checklist CH03 Go Live
  124. 124. Monitoring Consul Cluster
  125. 125. HashiCorp Vault Workshop:幫 Credentials 找個窩 Ref: https://www.slideshare.net/smalltown20110306/hashicorp-vault-workshop-credentials
  126. 126. ● CloudWatch Agent + StatsD ● Do not need to maintain log service Monitoring Consul Cluster
  127. 127. VM1 VM2 VM3 Shipping Consul metrics to CloudWatch 8080 Server (Follower) Server (Leader) Server (Follower) AWS CloudWatch Agent Statd port: 9125 AWS CloudWatch Agent Statd port: 9125 AWS CloudWatch Agent Statd port: 9125
  128. 128. // terminal 1 $ cd ../lab06 $ sudo dpkg -i -E amazon-cloudwatch-agent.deb $ sudo cp amazon-cloudwatch-agent.json /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.json $ sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-config -m ec2 -c file:/opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.json -s $ consul agent --config-dir ./conf.d
  129. 129. After 15 mins ...
  130. 130. ● Is Consul Stable? ● Monoriting Consul Cluster ● How to discover the service discovery service? ● How legacy service use it? ● Production checklist CH03 Go Live
  131. 131. Ref: https://www.slideshare.net/AmazonWebServices/leveraging-elastic-webscale-computing-with-aws
  132. 132. Put bootstring configuration on AWS EC2 tags
  133. 133. Environment 1 AM CI Server 0. Build Code CMService B Environment 2 CMService B Configuration (Git) 0. Build Configuration
  134. 134. Environment 1 AM CI Server CMService B Environment 2 CMService B Configuration (Git) 1. Get Instance Metadata Version, AM URL, CM URL Version, AM URL, CM URL 1. Get Instance Metadata
  135. 135. Environment 1 AM CI Server CMService B Environment 2 CMService B Configuration (Git) 2. Get Artifact 2. Get Artifact
  136. 136. Environment 1 AM CI Server CMService B 3. Get Configuration Environment 2 CMService B 3. Get Configuration Configuration (Git)
  137. 137. Environment 1 AM CI Server 0. Build Code CMService B 3. Get Configuration Environment 2 CMService B 3. Get Configuration Configuration (Git) 0. Build Configuration 1. Get Instance Metadata Version, AM URL, CM URL Version, AM URL, CM URL 2. Get Artifact 1. Get Instance Metadata 2. Get Artifact
  138. 138. ● Run Consul Client (Join Consul Cluster) ● Get Service Name, Service Version, Artifacts Url, Market and Environment ● Get Artifacts ● Get Confugration ● Run Service Service Provisioning
  139. 139. ● Is Consul Stable? ● Monitoring Consul Cluster ● How to discover the service discovery service? ● How legacy service use Consul? ● Production checklist CH03 Go Live
  140. 140. EC2 Docker Network Consul Server Consul Client1 eth0 8080 8080 Web1 Consul Client2 Web2 Proxy 8081 8081 Consul Template
  141. 141. Consul Template This project provides a convenient way to populate values from Consul into the file system using the consul-template daemon. https://github.com/hashicorp/consul-template
  142. 142. // check all terminals change dir to lab07 $ cd ../lab07 // in terminal 1 $ docker-compose up -d // in termianl 2 $ curl localhost:8081
  143. 143. // in termianl 2 // launch consul template, it will regenerator nginx proxy, and you can access web1, web2 now $ consul-template -template "./nginx-config-template/upstream.tpl:./nginx-config/upstream.conf:docker restart proxy" // in termianl 3 $ curl localhost:8081 $ docker stop web2 $ curl localhost:8081
  144. 144. ● Is Consul Stable? ● Monoriting Consul Cluster ● How to discover the service discovery service? ● How legacy service use Consul? ● Production checklist CH03 Go Live
  145. 145. CH03 Go Live: Production checklist ● Networking ○ Port. Like: DNS Server, HTTP API, Serf, Gossip ○ DNS Configuration ■ https://learn.hashicorp.com/consul/security-networking/forwarding ■ https://learn.hashicorp.com/consul/security-networking/dns-caching ● Consul Servers Deployment ○ Consul Binary ○ Configuration ○ Telemerty configured ● Consul Clients Deployment ○ Sidecar or not? ○ External Service Monitor has been deployed to nodes that can not run a Consul client
  146. 146. ● Security ○ Encription of Communication ○ Enable ACLs ○ Setup a Certificate Authority ● Failure Recovery CH03 Go Live: Production checklist
  147. 147. CH01 Why Configuration Management? ● Morden app are smaller, compostable & portable ● More fixable service management ● Single code base multiple deployment ● External services are unstable Summary
  148. 148. CH02 Play With Consul ● KV ○ Key value store ○ Used to hold dynamic configuration ● Registering service ○ Static ○ Dynamic ● Health check ○ Consul helps you to check internal/external services ○ Push / Pull mode ● Building Consul cluster Summary
  149. 149. CH03 Go Live ● Is Consul Stable? ● Monitoring Consul Cluster ● How to discover the service discovery service? ● How legacy service use Consul? ● Production checklist Summary
  150. 150. https://www.104.com.tw/company/1a2x6bio5g
  151. 151. Questions?
  152. 152. ● Remember to delete your Cloud9 instance & Admin IAM Role ● CloudWatch Log will delete automatically after 2 weeks Clean Up
  153. 153. ● 91APP ○ Andrew Wu ○ Rick Hwang ○ Earou Huang ○ Infra & Common Service Team Members ● DevOps Taiwan & Taipei HashiCorp User Group ○ Cheng Wei Chen ○ Smalltown ○ Rico Chen ● AWS ○ Carol Chen ● eCloudvalley Technology Thank you sooooooooooooooo much
  154. 154. Thanks
  • KaiYangHsieh

    Jun. 7, 2020
  • evareiasuaka

    Jul. 30, 2019
  • hisoso

    Jul. 29, 2019
  • SilberLee

    Jul. 29, 2019
  • JakeNg9

    Jul. 28, 2019
  • ssuserc5f3aa

    Jul. 27, 2019
  • s80275

    Jul. 27, 2019

Hashicorp Consul 提供了相當豐富的 Service Mesh 功能,能夠替分散式服務快速地做服務發現、服務動態劃分和服務設定,Consul 也可以支援多種 runtime 平台,也和許多工具或雲服務商做很好的 Cloud-Native 整合。此 Workshop 主要分為幾個主軸: - Why Configuration Management? - Consul 基本使用操作: KV Store, Service Registering and Building a Consul Cluster - 佈署 Consul 到 Production 環境前所需注意事項

Views

Total views

1,025

On Slideshare

0

From embeds

0

Number of embeds

0

Actions

Downloads

21

Shares

0

Comments

0

Likes

7

×